Commit graph

773 commits

Author SHA1 Message Date
37e36418a1 bvm-logger: add custom clickhouse config
Just make it less spammy into the journal, sheesh.
2022-01-01 16:31:05 +00:00
730d057e18 bvm-logger: enable journal2clickhouse for real 2022-01-01 15:24:32 +00:00
7b4e6c0e1b ops/nixos: oops, try to fix my.scrapeJournal.addr 2022-01-01 15:14:02 +00:00
c91a42948d journal2clickhouse: init 2022-01-01 15:08:52 +00:00
c5119b4882 ops/nixos: enable HTTP gateway if Tailscale is configured 2022-01-01 12:40:13 +00:00
1f13fd811d coredns: bind to specific interfaces/IPs 2022-01-01 09:03:25 +00:00
8e28b5bbfe ops/nixos: drop Google/AS15169 routes from Veloxserv to prefer RouteServer 2022-01-01 03:02:55 +00:00
bfd08b08cf ops/nixos: add fastly passive peer 2022-01-01 02:39:01 +00:00
6cfcd10e06 swann: use the router's public IP when making connections
For v6, the link is on an unrouted subnet so there's no way to address it from
outside. We don't want Linux to use the v6 subnet for connections it makes, so
we ask politely that the source on the route is actually an IP address that we
Like.
2022-01-01 02:11:59 +00:00
3458c7766e swann: switch from prod.euw1.riotgames.com to euw1.api.riotgames.com
The former appears to resolve, but no longer respond to ICMP ping (even from a
different network).  Switch to the documented API endpoint, which still
responds to ICMP ping.
2022-01-01 01:31:56 +00:00
3e98fae657 bvm-heptapod: autoStart deployer container 2022-01-01 00:43:15 +00:00
e182171916 ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
297e9c97e7 bvm-heptapod: add deployer container 2022-01-01 00:22:35 +00:00
8b3e77de1e swann: coredns shouldn't bind to 127.0.0.53 because systemd-resolved wants it 2021-12-31 23:52:57 +00:00
afc4834723 porcorosso: enable TLP for battery saving in laptop mode 2021-12-31 23:52:40 +00:00
a35a702e7d ops/nixos: disable avahi
We're using systemd-resolved, so just disable Avahi now.
2021-12-31 23:51:35 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
060f2cf96b nhsenglandtests: init 2021-12-31 07:00:32 +00:00
66d1ae3939 lib/hm/graphical-client-wayland: add mako 2021-12-31 04:48:51 +00:00
2d77689ed9 howl: enable bluetooth 2021-12-31 04:47:53 +00:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
837f7074ac ops/nixos: fix MAC address for vl-linx 2021-12-27 06:50:12 +00:00
a41abf3d6e ops/nixos/lib/hm: add element-desktop/element-desktop-wayland 2021-12-27 02:58:53 +00:00
ab9dd5d35a common: remove nhs.uk IPv6 mapping 2021-12-24 02:27:15 +00:00
ca6de1910d swann: services.unifi.openPorts -> openFirewall 2021-12-24 02:03:36 +00:00
05aea7f5f1 ops/nixos: migrate from services.redis to services.redis.servers."" 2021-12-24 02:02:57 +00:00
e55a824929 bvm-logger: install clickhouse 2021-12-24 01:50:59 +00:00
4e4e8de984 ops/nixos: init bvm-logger 2021-12-23 04:11:39 +00:00
69db0e2a98 baserow: add nginx to baserow group too 2021-12-21 08:31:11 +00:00
c7a9d4ef76 baserow: tweak umask for opendkim... 2021-12-21 08:22:01 +00:00
1c97d3cd15 baserow: add postfix to opendkim group 2021-12-21 08:19:27 +00:00
656df5ac5b common: add kitty.terminfo 2021-12-21 08:13:20 +00:00
ee2598c29b baserow: oops, need the config argument 2021-12-21 08:12:39 +00:00
455856d7c0 baserow: enable postfix (totoro) 2021-12-21 08:11:38 +00:00
93a070870a nix/pkgs/baserow: hooray, it works 2021-12-21 05:48:40 +00:00
576896970a bvm-heptapod: add more heptapod 2021-12-18 04:15:53 +00:00
5eb7f7102f bvm-heptapod: init 2021-12-17 01:28:39 +00:00
fee02312d3 blade-tuvok: move public interface off a VLAN
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.

Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00
d99fe8b153 depot: fixups 2021-12-08 02:37:12 +00:00
29f7073384 ops/nixos: compatibility with NixOS 22.05 2021-12-07 19:13:04 +00:00
b6e4741320 etheroute-lon01: stateful firewall for forwarded packets 2021-12-07 17:25:59 +00:00
81b19971d1 etheroute-lon01: IPIP shouldn't bind to that 2021-12-07 16:48:48 +00:00
a344287e92 etheroute-lon01: fix up IPIP 2021-12-07 16:13:32 +00:00
105fcf1d50 coredns/zones: quadv stuff 2021-12-07 16:01:57 +00:00
41c85d898b etheroute-lon01: export QuadV net 2021-12-07 15:48:50 +00:00
da0717b02c ops/nixos: don't announce QuadV net everywhere by default 2021-12-07 15:19:45 +00:00
a1ee1e396c ops/nixos: alacritty -> kitty 2021-11-28 12:51:40 +00:00
7cbd53de1a ops/nixos: add blast configs 2021-11-25 17:14:03 +00:00
1eda43af34 go/trains: go! trains! 2021-11-23 12:32:01 +00:00
6d21c17a2a totoro: increase ping latency threshold 2021-11-18 21:36:22 +00:00
86e0ce9af9 nix/pkgs/datez: init 2021-11-18 21:33:40 +00:00
84c965f7cd totoro: give postgresql more resources to play with 2021-11-18 20:40:28 +00:00
0621fbfbf1 go/streetworks: init, schedule on totoro 2021-11-08 20:08:56 +00:00
94470110ed totoro: scrape prometheus data from 2112 for trains 2021-11-07 18:14:42 +00:00
4cb0716c91 ops/nixos: move minotarproxy back to clouvider-lon01
Closes #13.
2021-11-06 19:56:06 +00:00
9c8f3824a8 ops/nixos/lib/blade: virtualisation.libvirtd.qemuRunAsRoot -> virtualisation.libvirtd.qemu.runAsRoot 2021-11-05 01:34:04 +00:00
0b8196b04f kusakabe: expunge 2021-11-05 01:30:45 +00:00
72a2867e63 ops/nixos: enable X11 forwarding for some hosts 2021-11-05 01:29:53 +00:00
8834def522 clouvider-fra01: add content to port 18081 as well 2021-10-31 12:35:05 +00:00
a241cf7e82 porcorosso: switch back to nvidia 2021-10-31 11:38:34 +00:00
fad32fad6b marukuru: set accept_ra=2 for eth0 2021-10-22 19:39:46 +01:00
c769f2aeb6 bvm-prosody: keep messages forever 2021-10-22 19:39:32 +01:00
b9034f71aa porcorosso: enable bluetooth 2021-10-22 02:49:50 +01:00
a4f786f709 hm: add su-cinema-ernie 2021-10-19 07:53:59 +01:00
b94b586d5b clouvider-fra01: add content.int.lukegb.com 2021-10-19 07:06:37 +01:00
7b0e63d99c porcorosso: intel, again 2021-10-19 05:14:58 +01:00
c535655086 totoro/swann: do shenanigans with PS5 RTMP 2021-09-30 17:10:52 +00:00
fb16bea95c swann: give PS5 a static IP 2021-09-30 16:07:12 +00:00
9ed22f57ad bvm-radius: actually add cuirecv policy file 2021-09-27 08:35:53 +00:00
79a06fc54f bvm-radius: also permit User-Name attr in response 2021-09-27 08:16:48 +00:00
9773272e20 bvm-radius: request CUI 2021-09-27 08:01:14 +00:00
6b766b111d bvm-radius: make sure nginx can see certificates 2021-09-27 08:00:41 +00:00
00a02f8772 coredns: use the correct syntax, oops 2021-09-25 21:27:24 +00:00
bbbdfd5138 as205479.net: hmm, what 2021-09-25 21:18:09 +00:00
c976214bf8 coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net 2021-09-25 21:03:14 +00:00
9c92e12742 bvm-radius: start serving as205479.net webpage 2021-09-25 20:51:24 +00:00
932afbda74 bvm-radius: require message authenticators 2021-09-25 20:36:40 +00:00
d6bd6e85ca bvm-radius: add freeradius configuration 2021-09-25 18:28:45 +00:00
a8718864c1 swann: configure for eduroam on VLAN 100 2021-09-25 17:38:21 +00:00
f93ec18859 bvm-radius: add ACME certs for as205479.net 2021-09-25 17:38:09 +00:00
b50fa68559 coredns: delegate _acme-challenge to GCP DNS 2021-09-25 13:17:52 +00:00
8e97938d3e bvm-radius: install eapol_test 2021-09-25 12:55:47 +00:00
f3c38e3bb2 bvm-radius: use IP rather than DNS in extraCommands
DNS resolution doesn't work during extraCommands, which... is probably reasonable. Let's not do that.
2021-09-25 12:39:44 +00:00
4530991827 bvm-radius: RADIUS fw/pkg setup 2021-09-25 12:32:27 +00:00
0d6ab41728 bvm-radius: add tailscale IP 2021-09-25 12:19:07 +00:00
c908e3ab5d coredns: add RADSEC entry for as205479.net. 2021-09-25 11:45:05 +00:00
4b1fd796ae bvm-radius: init 2021-09-24 22:50:30 +00:00
158e0afcf3 coredns: init bvm-radius 2021-09-24 22:46:44 +00:00
ccec4b308b as205479.net: add MX records 2021-09-19 00:08:03 +00:00
19782a9e63 ops/nixos: set group for isSystemUser users 2021-09-16 19:14:30 +00:00
cb7811898c blade-tuvok: set bgp_local_prefs 2021-09-10 20:46:05 +00:00
dbf906a9a7 blade-router: add cloudflare 2021-09-10 20:23:24 +00:00
3ba0ab045c blade-router: remove prefix limit 2021-09-10 20:00:31 +00:00
e7bfb107b1 coredns: update mac-mini tailscale IP 2021-09-05 08:07:14 +00:00
4bb015ee0d swann: use IPv6 endpoint for tuvok over EE
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
edfc04551a totoro: set for duration on BFD alert 2021-09-02 19:24:17 +00:00
d35a0a35ba swann: ee-scrape-data must output data with a newline 2021-09-02 19:23:03 +00:00
58b87a9f0e swann: add ee-scrape-data, for putting allowance data into prometheus 2021-09-02 19:19:53 +00:00
683e6ffc21 totoro: add alert for BFD session failure 2021-09-02 18:35:18 +00:00
3abe727604 blade-router: add google session, which will hopefully turn up eventually 2021-08-31 20:36:26 +00:00
b4c80a07fa blade-router: configure passive session towards AS62240 2021-08-31 16:39:23 +00:00
2c632e28d2 blade-tuvok: switch from ECMP to metrics 2021-08-31 12:12:44 +00:00
e95324c175 swann: yes, this one 2021-08-31 02:29:56 +00:00
2d0a607383 ops/nixos: enable bird-exporter-lfty 2021-08-31 02:26:50 +00:00
f7fbfa5436 nix/pkgs: init prometheus-bird-exporter-lfty 2021-08-31 02:01:38 +00:00
a0d97e082d blade-tuvok: also NAT things going out onto linx 2021-08-31 01:37:34 +00:00
9a5b0379cb blade-tuvok: set net.ipv6.conf.default.forwarding as well 2021-08-30 21:01:53 +01:00
b2e45b56bb blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled 2021-08-30 20:52:20 +01:00
7134fe904a ops/nixos: implement BFD+WG tunneling for mldn-rd 2021-08-30 19:58:21 +01:00
bc1932df9b hm: start 1password's gui silently 2021-08-30 14:26:25 +01:00
44e22b810c porcorosso: force wayland off 2021-08-30 14:23:20 +01:00
dbcaa51968 hgrc: remove requirement for topic 2021-08-20 23:40:53 +00:00
4b7680acae ops/nixos/blade: force external IP to vl-transit 2021-08-20 23:34:54 +00:00
0ee916e49e ops/nixos/bgp: don't export routes to FB 2021-08-20 23:34:43 +00:00
0dd2d5d442 ops/nixos/bgp: more filtering shenanigans 2021-08-19 00:23:09 +00:00
fdacf57ead blade-tuvok: LINX updates 2021-08-17 01:30:33 +00:00
8ad77134ae ops/nixos/coredns: force store paths 2021-08-16 02:32:44 +00:00
68e0ee0a18 ops/nixos/coredns: add bvm-netbox to int zone 2021-08-16 02:19:38 +00:00
05ddad31ad bvm-netbox: complete setup 2021-08-16 02:09:47 +00:00
94078428f1 bvm-netbox: add postgresql/redis/users 2021-08-15 22:57:36 +00:00
d54d0a2ede bvm-netbox: add tailscale IP 2021-08-15 22:57:26 +00:00
acf43c4544 bvm-netbox: fix NIC name 2021-08-15 22:48:46 +00:00
286ed4885d ops/nixos: add bvm-netbox 2021-08-15 22:46:57 +00:00
7a3f214944 ops/nixos: switch to VLANs for uplink to veloxserv 2021-08-15 22:02:51 +00:00
c79ca35b6f nixos/blade-router: disable routes-VRRP
This is no longer needed; I think actually it was some of the NixOS default
reverse-path filtering that was throwing me for a loop after all and nothing to
do with what was going on with Veloxserv.
2021-08-14 21:07:37 +00:00
23eda90726 ops/nixos/lib/common: add the running system hash to the exported metrics 2021-07-27 21:06:17 +00:00
e95ae8b3cb porcorosso: use autorandr 2021-07-26 14:02:57 +01:00
9dfb1d205d ops/nixos/lib/bgp: disable rp filtering on hosts running BGP 2021-07-17 14:29:04 +00:00
02bd3e4d31 bvm-nixosmgmt: enable forwarding 2021-07-17 08:41:34 +00:00
4c5f3f2d38 totoro: add raritan-sslrenew service 2021-07-17 01:45:31 +00:00
74fe28add8 ops/raritan/ssl-renew: init 2021-07-17 01:33:01 +00:00
1557066375 coredns: allow tailscale net 2021-07-16 01:32:54 +00:00
ded652a595 swann: change MAC address of VM-facing interface 2021-07-15 12:18:07 +00:00
78da7c9f4d swann: disable radvd/ndppd, add static IP for xerox printer 2021-07-15 11:55:10 +00:00
5fdf26f3e8 totoro: add alerts for smokeping 2021-07-13 00:55:53 +00:00
eea81a640e coredns: add bvm-plesk 2021-07-10 12:19:24 +00:00
9f5c1193b6 hgrc: tweak my settings along the lines of https://octobus.net/blog/2020-11-26-modern-mercurial.html 2021-07-03 19:02:18 +00:00
8b37f0fea4 clouvider-fra01: bump limits 2021-07-03 00:46:07 +00:00
66b6252d6f clouvider-lon01: withdraw 92.118.29.0/24 2021-07-03 00:14:54 +00:00
606ff984eb ops/nixos: minotarproxy-as-a-lib 2021-07-01 01:48:12 +00:00
b91ba12f0f totoro: monitor minotarproxy 2021-06-28 21:17:48 +00:00
cadeef609f hm/hgrc: switch from hggit to in-tree git 2021-06-22 20:48:11 +00:00
072cecb2e5 hm/gc-wayland: oops, no notification attr 2021-06-22 20:27:52 +00:00
eef598ec1f hm/graphical-client: add 1password to startup 2021-06-19 19:07:32 +01:00
f77cbec2db porcorosso: never mind, just nvidia 2021-06-19 18:33:50 +01:00
8c75ce4ecc porcorosso: try out nouveau+modesetting? 2021-06-19 18:31:21 +01:00
eba082c249 etheroute-lon01: renumber BGP session from 16089 to 3170 2021-06-11 12:28:30 +00:00
73b1e96727 swann: use /dev/null as /etc/hosts file for coredns 2021-05-31 23:54:07 +00:00
7195ed24c4 swann: change hosts lookup 2021-05-31 23:09:37 +00:00
c56b6b358f coredns: add blade-{oa,vcenet1,vcenet2,vcm} 2021-05-24 13:54:14 +00:00
5c88acf507 bvm-matrix: add turns as well 2021-05-24 13:53:47 +00:00
8f724ba140 bvm-minecraft: java 8 :( 2021-05-24 02:46:48 +00:00
1fc6e8f032 coredns: bump serials 2021-05-24 02:37:27 +00:00
98d5a362f2 bvm-matrix: enable experimental_features.spaces_enabled 2021-05-24 02:34:33 +00:00
499ff8f945 coredns: move bvm to root zone, out of public 2021-05-24 02:31:09 +00:00
aa334a1ec8 bvm-minecraft: add minecraft user, java 11 2021-05-24 02:18:04 +00:00
ed79fe89bd bvm-minecraft: init 2021-05-24 01:32:58 +00:00
1c08774667 bvm-matrix: set more secrets 2021-05-23 01:35:10 +00:00
169524b65a bvm-matrix: tweak Element config a bit 2021-05-22 23:26:02 +00:00
da13d6af17 bvm-matrix: fix element base_url 2021-05-22 23:22:58 +00:00
1f6fc87363 bvm-matrix: add element 2021-05-22 23:17:27 +00:00
4907f97d57 bvm-matrix: some more synapse configuration, enable postfix 2021-05-22 23:13:25 +00:00
d27b23b8b0 bvm-matrix: add macaroon secret key 2021-05-22 23:02:55 +00:00
320cc36312 bvm-matrix: fix DATABASE name in GRANT 2021-05-22 22:52:24 +00:00
38b306b095 bvm-matrix: add tailscale IP 2021-05-22 22:48:03 +00:00
477ca742bd bvm-matrix: fix interface name (enp2s0) 2021-05-22 22:45:52 +00:00
4dc516722b ops/nixos: add bvm-matrix 2021-05-22 21:48:13 +00:00
4d8968b712 totoro: remove OME 2021-05-21 23:50:46 +00:00
bb06285f6d swann: map www.nhs.uk to Akamai IPv6 address 2021-05-21 15:22:34 +00:00
dccdaa2608 common: map www.nhs.uk to Akamai IPv6 address 2021-05-21 15:21:29 +00:00
63ecd2d0ab swann: metric is a string field 2021-05-15 19:38:46 +00:00
9cee25b83c swann: use unifi rather than unifiLTS 2021-05-15 20:33:13 +01:00
098d3f4aae swann: add dedi2.eq2.co.uk to smokeping 2021-05-13 16:33:40 +00:00
4fb2a9e8e3 swann: tighten up IPv6 config 2021-05-13 10:14:42 +00:00
564c803136 swann: accept-ra on ens-virginmedia 2021-05-12 18:20:45 +00:00
ddfb0d084d swann: fix interface name 2021-05-12 18:19:09 +00:00
865329da21 swann: sneakily allocate myself :2 2021-05-12 18:15:57 +00:00
6ae099999f swann: enable ndppd/radvd 2021-05-12 18:12:41 +00:00
df870ded34 as205479.net: add fp-la{,-pri,-sec} 2021-05-09 11:28:28 +00:00
34117ecd00 bvm-nixosmgmt: allocate .5 2021-05-09 10:26:34 +00:00
b7cd20c769 ops/nixos: refactoring for sway 2021-05-06 03:56:20 +01:00
1c571d965a ops/nixos: add wayland support 2021-05-05 22:13:27 +01:00
561501afb7 howl: wait, there is no eno1 2021-05-05 21:54:02 +01:00
49c1af6624 howl: don't wait for dhcpcd 2021-05-05 00:04:30 +00:00
38a405cb72 howl: add Tailscale IP 2021-05-05 00:01:34 +00:00
df6a1fe819 howl: suspend loop workaround 2021-05-05 21:48:17 +01:00
c31da4140c ops/nixos/howl: init 2021-04-29 12:16:49 +00:00
dfb62d8c7e totoro: switch to postgresql_13 2021-04-25 21:44:05 +00:00
a4631a8fda ops/nixos/lib/blade: set rgw_data_log_backing back to omap 2021-04-23 13:32:34 +00:00
f3a99c40d3 totoro: oops, indent 2021-04-20 14:48:00 +00:00
6cba0be3b5 totoro: move all rules into a single group 2021-04-20 14:35:23 +00:00
eb9b1a43c0 Backed out changeset 4c2687c43d66 2021-04-20 14:18:45 +00:00
02ca2a46be totoro: attempt to repair rules by adding more blanks 2021-04-20 14:11:38 +00:00
3c48f56f6e totoro: track NixOS channels in my local Prometheus 2021-04-20 14:00:17 +00:00
36cc88bcef ipfs: add to pomerium, explicitly set IPs for swarm 2021-04-18 16:24:59 +00:00
42e8b1eed0 bvm-ipfs: add public IPv4/v6 addresses 2021-04-18 16:04:25 +00:00
2ee3044113 switch-prebuilt: use nix build instead of nix copy to use cache.nixos.org 2021-04-17 23:55:31 +00:00
43e8e05e7b ops/nixos: tweak alacritty settings 2021-04-17 20:28:27 +01:00
11066035e2 ops/nixos: add alacritty everywhere 2021-04-17 20:17:43 +01:00
0372f4b848 ops/nixos: set isNormalUser for all existing users
Now there's an assertion which requires either isNormalUser or isSystemUser, so
we set one of them for all the users we have already.
2021-04-17 20:16:27 +01:00