StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
193 commits 3 branches 0 tags 586 KiB
Commit graph

193 commits

This branch
This branch
All branches
Author SHA1 Message Date
goeranh
03795a46a7
allow all local connections 2026-05-03 14:19:43 +02:00
goeranh
66d6857710
use nftables on all haproxy host for better blacklisting 2026-05-02 00:29:06 +02:00
goeranh
d0a8fb0c09
enable nginx access logs for now 2026-05-01 23:54:32 +02:00
goeranh
855cd7bd9b
fix build failure because of new upstream release 2026-05-01 23:16:24 +02:00
goeranh
1e5cd75652
set http mode for port 80 2026-04-30 17:59:32 +02:00
goeranh
b2ac4a6ac1
haproxy acme rule ordering 2026-04-30 17:50:22 +02:00
goeranh
590f42d5d9
enable proxy protocol for plone backends 2026-04-29 18:42:20 +02:00
goeranh
ed10898adb
flake.lock: Update 
Flake lock file updates:

• Updated input 'authentik':
    'github:nix-community/authentik-nix/7e4730351fb6df479c46a1bf7e23d46a0b0c5d46?narHash=sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM%3D' (2026-03-07)
  → 'github:nix-community/authentik-nix/4370b561c8bafb59773ce3a518506bcf1161dbdb?narHash=sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY%3D' (2026-04-13)
• Updated input 'authentik/authentik-src':
    'github:goauthentik/authentik/0dccbd4193c45c581e9fb7cd89df0c1487510f1f?narHash=sha256-0Vpf1hj9C8r%2BrhrCgwoNazpQ%2BmwgjdjDhuoKCxYQFWw%3D' (2026-03-03)
  → 'github:goauthentik/authentik/5249546862986202b901c2afd860992ec48c6ef6?narHash=sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4%3D' (2026-04-07)
• Updated input 'disko':
    'github:nix-community/disko/7b9f7f88ab3b339f8142dc246445abb3c370d3d3?narHash=sha256-khlHllTsovXgT2GZ0WxT4%2BRvuMjNeR5OW0UYeEHPYQo%3D' (2026-03-09)
  → 'github:nix-community/disko/32f4236bfc141ae930b5ba2fb604f561fed5219d?narHash=sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI%3D' (2026-04-19)
• Updated input 'mailserver':
    'git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11&rev=9cdd6869e513df8153db4b920c8f15d394e150f7' (2026-03-12)
  → 'git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11&rev=25e6dbb8fca3b6e779c5a46fd03bd760b2165bb5' (2026-03-19)
• Updated input 'mailserver/flake-compat':
    'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27)
  → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29)
• Updated input 'mailserver/git-hooks':
    'github:cachix/git-hooks.nix/7275fa67fbbb75891c16d9dee7d88e58aea2d761?narHash=sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA%3D' (2025-11-16)
  → 'github:cachix/git-hooks.nix/8baab586afc9c9b57645a734c820e4ac0a604af9?narHash=sha256-JDqZMgxUTCq85ObSaFw0HhE%2BlvdOre1lx9iI6vYyOEs%3D' (2026-03-07)
• Updated input 'mailserver/nixpkgs':
    'github:NixOS/nixpkgs/a320ce8e6e2cc6b4397eef214d202a50a4583829?narHash=sha256-6zddwDs2n%2Bn01l%2B1TG6PlyokDdXzu/oBmEejcH5L5%2BA%3D' (2025-11-24)
  → 'github:NixOS/nixpkgs/826430a188181a750ffa5948daff334039c5d741?narHash=sha256-JW2/QPyCVzmouqEp1H9kNa8JXd7xEhlam9sy3TYfhDY%3D' (2026-03-18)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0590cd39f728e129122770c029970378a79d076a?narHash=sha256-BHoB/XpbqoZkVYZCfXJXfkR%2BGXFqwb/4zbWnOr2cRcU%3D' (2026-03-11)
  → 'github:nixos/nixpkgs/10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac?narHash=sha256-vl3dkhlE5gzsItuHoEMVe%2BDlonsK%2B0836LIRDnm6MXQ%3D' (2026-04-21)
• Updated input 'sops':
    'github:Mic92/sops-nix/d1ff3b1034d5bab5d7d8086a7803c5a5968cd784?narHash=sha256-M3zEnq9OElB7zqc%2BmjgPlByPm1O5t2fbUrH3t/Hm5Ag%3D' (2026-03-09)
  → 'github:Mic92/sops-nix/bef289e2248991f7afeb95965c82fbcd8ff72598?narHash=sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI%3D' (2026-04-21)
 2026-04-24 14:42:39 +02:00
goeranh
c0c528ae29
geoip haproxy 2026-04-21 11:35:06 +02:00
goeranh
c89b6e7ee9
accept accept v6proxy proxy protocol 2026-04-21 11:34:31 +02:00
goeranh
1ba340e2a4
process metrics 2026-04-21 11:34:10 +02:00
goeranh
6ea0361692
send proxy protocol from hetzner 2026-04-21 09:06:13 +02:00
goeranh
3c186a9e56 Merge pull request 'monitoring' (#8) from monitoring into master 
Reviewed-on: https://codeberg.org/stura-htw-dresden/stura-infra/pulls/8
 2026-04-20 14:29:19 +02:00
goeranh
c31063ca56
purge logs and metrics after 4 weeks 2026-04-20 14:28:13 +02:00
goeranh
9a5716f2df
increase max series for queries 2026-04-20 14:10:33 +02:00
goeranh
e1530c606f
use extra input sink options 2026-04-20 13:53:12 +02:00
goeranh
53c592abd9
add extra inputs option for the loki and mimir sinks 2026-04-20 13:52:57 +02:00
goeranh
93e27dd3e5
receive proxmox logs 2026-04-20 13:07:21 +02:00
goeranh
dd2aa96e25
fix mimir 2026-04-20 13:07:13 +02:00
goeranh
fd02a136ef
scrape haproxy metrics 2026-04-20 13:06:04 +02:00
goeranh
e7cba90a45
fix vector settings 2026-04-20 12:10:18 +02:00
goeranh
e9fe620fa9
increase mimir and loki rate limits 2026-04-20 12:01:36 +02:00
goeranh
ef8607e38e
include monitoring module per default 2026-04-20 11:55:49 +02:00
goeranh
5ef710f8f2
dont generate domains, doesnt work for mon.adm.htw for example 2026-04-20 11:52:40 +02:00
goeranh
d435d8d487
use three letter domains 2026-04-20 11:52:26 +02:00
goeranh
9beef4e013
use recommended proxy settings 2026-04-20 11:40:07 +02:00
goeranh
641feb1b84
monitoring host# 2026-04-20 11:40:07 +02:00
goeranh
8c358daf56 Merge pull request 'proxy-protocol' (#7) from proxy-protocol into master 
Reviewed-on: https://codeberg.org/stura-htw-dresden/stura-infra/pulls/7
 2026-04-20 10:28:37 +02:00
goeranh
334c977988
enable proxy protocol for redmine 2026-04-20 10:26:54 +02:00
goeranh
29cff6eee8
enable proxy protocol for wiki 2026-04-20 10:26:46 +02:00
goeranh
f91ac73b72
enable proxy protocol in nextcloud 2026-04-20 10:26:33 +02:00
goeranh
5b2eb482df
formatting in proxy 2026-04-20 10:24:30 +02:00
goeranh
582822cd5b
remove explicit proxy, its in this flake 2026-04-20 09:45:47 +02:00
goeranh
279e106427
fix cloud duplicate 2026-04-20 09:17:36 +02:00
goeranh
a96f976be1
does not work on port 80 with acme 2026-04-20 09:02:20 +02:00
goeranh
9041fe3d69
conditionally send proxy protocol 2026-04-20 08:56:40 +02:00
goeranh
fe6650622f
haproxy maxconn 2026-04-10 15:38:30 +02:00
oxce
ca8c213e74 Änderung der adresse vom smtp mailserver 2026-03-27 18:11:47 +01:00
goeranh
9e3fa025cd
redirect bbb 2026-03-20 17:09:01 +01:00
goeranh
5bed1bbba1
remove git hooks 2026-03-20 16:24:09 +01:00
goeranh
52eb5d90d9
recursive resolver because we can 2026-03-13 23:20:13 +01:00
goeranh
242f8b7563
generate dns zone from forwards attrset 2026-03-13 22:24:27 +01:00
goeranh
006c95424f
enable bind dns and chrony ntp server and set them up in default.nix 2026-03-13 22:14:45 +01:00
goeranh
7d01f35fd0
host dns and ntp server on proxy 2026-03-13 21:51:25 +01:00
goeranh
982d984910
let nextlocud build again 2026-03-13 18:32:11 +01:00
goeranh
47d48d193d
explain hugo docs site 2026-03-13 18:17:49 +01:00
goeranh
8703e7df98
flake.lock: Update 
Flake lock file updates:

• Updated input 'authentik':
    'github:nix-community/authentik-nix/3df5c213032b8d28073d4baead699acea62ab50d?narHash=sha256-PPAgCKlRpxcZlEJ8NH2CGVaEogOc4nOs/eNF0hlAC2E%3D' (2026-02-21)
  → 'github:nix-community/authentik-nix/7e4730351fb6df479c46a1bf7e23d46a0b0c5d46?narHash=sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM%3D' (2026-03-07)
• Updated input 'authentik/authentik-go':
    'github:goauthentik/client-go/280022b0a8de5c8f4b2965d1147a1c4fa846ba64?narHash=sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM%2Bw3MuET9E%3D' (2026-02-05)
  → 'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d?narHash=sha256-zTEmvxe%2BBpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno%3D' (2026-02-23)
• Updated input 'authentik/authentik-src':
    'github:goauthentik/authentik/19ad8d3ae3f266ec1096bc4461fdf6bcda1aa079?narHash=sha256-alTyrMBbjZbw4jhEna8saabf93sqSrZCu%2BZ5xH3pZ7M%3D' (2026-02-12)
  → 'github:goauthentik/authentik/0dccbd4193c45c581e9fb7cd89df0c1487510f1f?narHash=sha256-0Vpf1hj9C8r%2BrhrCgwoNazpQ%2BmwgjdjDhuoKCxYQFWw%3D' (2026-03-03)
• Updated input 'authentik/flake-compat':
    'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3?narHash=sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0%2BrrA%3D' (2025-12-07)
  → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29)
• Updated input 'authentik/flake-parts':
    'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9?narHash=sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw%3D' (2025-12-15)
  → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381?narHash=sha256-AnYjnFWgS49RlqX7LrC4uA%2BsCCDBj0Ry/WOJ5XWAsa0%3D' (2026-02-02)
• Updated input 'authentik/flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14)
  → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c?narHash=sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ%2BQDT/KDuyHXVJOpM%3D' (2026-02-01)
• Updated input 'authentik/nixpkgs':
    'github:NixOS/nixpkgs/1412caf7bf9e660f2f962917c14b1ea1c3bc695e?narHash=sha256-AIdl6WAn9aymeaH/NvBj0H9qM%2BXuAuYbGMZaP0zcXAQ%3D' (2026-01-13)
  → 'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993?narHash=sha256-0MAd%2B0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU%3D' (2026-02-23)
• Updated input 'authentik/pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c?narHash=sha256-4bocaOyLa3AfiS8KrWjZQYu%2BIAta05u3gYZzZ6zXbT0%3D' (2025-11-20)
  → 'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4?narHash=sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8%3D' (2026-02-18)
• Updated input 'authentik/pyproject-nix':
    'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657?narHash=sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY%3D' (2025-11-26)
  → 'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937?narHash=sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic%3D' (2026-02-19)
• Updated input 'authentik/uv2nix':
    'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8?narHash=sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P%2BIAdAWOwpcOM%3D' (2025-12-13)
  → 'github:pyproject-nix/uv2nix/abe65de114300de41614002fe9dce2152ac2ac23?narHash=sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc%3D' (2026-02-27)
• Updated input 'disko':
    'github:nix-community/disko/a4cb7bf73f264d40560ba527f9280469f1f081c6?narHash=sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8%3D' (2026-02-23)
  → 'github:nix-community/disko/7b9f7f88ab3b339f8142dc246445abb3c370d3d3?narHash=sha256-khlHllTsovXgT2GZ0WxT4%2BRvuMjNeR5OW0UYeEHPYQo%3D' (2026-03-09)
• Updated input 'mailserver':
    'git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11&rev=23f0a53ca6e58e61e1ea2b86791c69b79c91656d' (2025-12-24)
  → 'git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11&rev=9cdd6869e513df8153db4b920c8f15d394e150f7' (2026-03-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/e764fc9a405871f1f6ca3d1394fb422e0a0c3951?narHash=sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk%3D' (2026-02-24)
  → 'github:nixos/nixpkgs/0590cd39f728e129122770c029970378a79d076a?narHash=sha256-BHoB/XpbqoZkVYZCfXJXfkR%2BGXFqwb/4zbWnOr2cRcU%3D' (2026-03-11)
• Updated input 'sops':
    'github:Mic92/sops-nix/b027513c32e5b39b59f64626b87fbe168ae02094?narHash=sha256-YV17Q5lEU0S9ppw08Y%2Bcs4eEQJBuc79AzblFoHORLMU%3D' (2026-02-23)
  → 'github:Mic92/sops-nix/d1ff3b1034d5bab5d7d8086a7803c5a5968cd784?narHash=sha256-M3zEnq9OElB7zqc%2BmjgPlByPm1O5t2fbUrH3t/Hm5Ag%3D' (2026-03-09)
 2026-03-13 18:07:20 +01:00
goeranh
d106386cc0
build a hugo docs page from the readme files 2026-03-13 18:06:20 +01:00
goeranh
bfe941217d
change vps location 2026-03-13 17:37:22 +01:00
goeranh
7e64664037 Merge pull request 'v6proxy' (#6) from v6proxy into master 
Reviewed-on: https://codeberg.org/stura-htw-dresden/stura-infra/pulls/6
 2026-03-13 17:33:18 +01:00