Commit graph

32 commits

Author SHA1 Message Date
Moritz 'e1mo' Fromm
1f168fe646
Add missing matrix secrets to hamilton 2023-08-31 22:03:18 +02:00
Moritz 'e1mo' Fromm
11b87685c3
Apply suggestions from code review 2023-08-30 13:26:21 +02:00
Moritz 'e1mo' Fromm
b68e39dc87
synapse: Add registration secret and reduce logging 2023-08-30 13:26:17 +02:00
Moritz 'e1mo' Fromm
34a142fc2d
services/matrix: Setup 2023-08-30 13:21:52 +02:00
Moritz 'e1mo' Fromm
d7358ccdca
hedgedoc: Disable SSO and login for now 2023-08-13 21:00:27 +02:00
Moritz 'e1mo' Fromm
08e525b19d
hedgedoc: Init 2023-08-13 21:00:26 +02:00
Moritz 'e1mo' Fromm
2e5d1690d4
services/monitoring: Only monitor non-dev hosts 2023-08-12 11:48:39 +02:00
Moritz 'e1mo' Fromm
788fb22732
services/monitoring: enable nginx by default
Otherwise, building hosts that don't have any (nginx using) services
configured will faill.
2023-08-12 11:48:37 +02:00
Moritz 'e1mo' Fromm
8696e2cbef
services/monitoring: Drop unneeded helpers
Attempting to reduce the complexity of the service as a whole.
2023-08-04 16:39:11 +02:00
Moritz 'e1mo' Fromm
ef147a0e22
services/monitoring: Tie up loose ends
Some variables that were intendet to be used were in fact not used (e.g.
allTargets) but that will be needed as soon as we have a second non-dev
host in our nixfiles.
2023-08-04 16:39:11 +02:00
Moritz 'e1mo' Fromm
047d73dc78
Add cj.deployment module
That way we can configure the depployment tags and everything in a
single location.
2023-08-04 16:39:10 +02:00
Moritz 'e1mo' Fromm
458f832b83
Add tickets.chaos.jetzt redirect
With all https://tickets.chaos.jetzt/shortcode links will redirect to
the appropriate ticket-shop without a need for us to place manual
redirect links.
2023-08-03 16:12:42 +02:00
Moritz 'e1mo' Fromm
c1eebe17dc website: Clear old generations on dev
With https://github.com/chaos-jetzt/website_pelican/pull/33, a lot of
orphans are to be expected which will take up space on our servers. This
introduces a timer which runs once a week and will delete any
website generations older than 28 days.
2023-07-22 21:18:55 +02:00
Moritz 'e1mo' Fromm
f2ebb3fe5c Set longer cache duration for fonts
Since they are versioned, we can be a bit more liberal with the stated
cache duration.
2023-04-25 14:39:37 +02:00
Moritz 'e1mo' Fromm
681da3fd18 Support custom 404 page
The actual 404 will be generated from pelican. log_not_found was set for
privacy reasons (since we don't have a favicon, every request still gets
logged with it's full IP due to the 404)
2023-04-25 14:39:37 +02:00
Moritz 'e1mo' Fromm
cb4c29f1d7 Deliver images in alternative formats
If the browser supports webp/avif images, nginx checks if any file with
the same name but the other formats extension is available.
2023-04-25 14:39:37 +02:00
Moritz 'e1mo' Fromm
bf891ae2d9 Update freescout flake for php8.2 compatibility 2023-04-13 18:38:10 +02:00
Moritz 'e1mo' Fromm
3d2493f3a0 freescout: 1.8.48 -> 1.8.71 2023-04-13 18:38:10 +02:00
Moritz 'e1mo' Fromm
37a3ca4a70 services/freescout: Initial setup 2023-04-13 18:38:10 +02:00
Moritz 'e1mo' Fromm
b8f08de175 services/dokuwiki: Add missing timezone option 2023-02-20 17:21:20 +01:00
adb-sh
6c1e6d5811 Update email and ssh key from adb 2023-02-11 22:10:44 +01:00
Moritz 'e1mo' Fromm
dd3325ab95
Remove redundand dokuwii override+openssh settings 2023-02-10 15:30:09 +01:00
Moritz 'e1mo' Fromm
b7c8b28cf9
Update dokuwiki service config 2023-01-10 10:57:34 +01:00
Moritz 'e1mo' Fromm
81d3231d5c
services/website: Allow rsync upload of website 2023-01-08 16:12:15 +01:00
Moritz 'e1mo' Fromm
935f51e7d9
services/monitoring: Fix missing firewall rule
I didn't notice this was missing in #5 until after deploying it. Since
the ports on the monitoring-network-interface (ens10) were not open,
scraping would fail and thus generate alerts.
2023-01-06 16:07:46 +01:00
Moritz 'e1mo' Fromm
d199834a61
Add adb and admin htpasswd user
Also updated instructions for editing the .htpasswd
2023-01-06 15:51:22 +01:00
Moritz 'e1mo' Fromm
3acc1865c0
services/monitoring: Setup
The goal is to create a monitoring setup where each server monitors
itself when it comes failing systemd services, disk or RAM filling up,
…. In addition each prometheus will monitor remote prometheus and
alertmanager instances for signs of failure (e.g. being unreachable,
errors in notification delivery, dropping alerts).

A lot of metrics (especially histograms from prometheus or alertmanager)
are being dropped before ingestion to disk save on space and memory.

Depending on how many servers we may or may not have in the future this
could probably use some kind of overhaul since we rightnow have n^2
monitoring peer relationships (not even speaking of possible duplicated
alerts).
2023-01-06 15:51:22 +01:00
Moritz 'e1mo' Fromm
383ecccbcc
dokuwiki: Fix acronym + remove TODO from README
Co-Authored-By: adb-sh <git@adb.sh>
2022-12-30 16:18:29 +01:00
Moritz 'e1mo' Fromm
451930531e
dokuwiki: Initial service setup 2022-12-30 14:57:33 +01:00
Moritz 'e1mo' Fromm
f49ae3721d Vaultwarden setup
I decoded on the somewhat unordered looking isDev thing in order to
clearly indicate the seperation between the dev and production setup in
E-Mails for security reasons.
2022-12-24 17:44:21 +01:00
Moritz 'e1mo' Fromm
690ea06e1c
Deploy to production + matrix well-known 2022-12-11 13:31:38 +01:00
Moritz 'e1mo' Fromm
d782f28bec
Extract extract services to services directory
That way we can deploy them both on dev and prod hosts and just need to
change the `baseDomain` to differentiate.
2022-12-11 12:29:02 +01:00