Commit graph

330 commits

Author SHA1 Message Date
a549f5bec3 clouvider-fra01: add ipfs UDP ports to firewall 2021-01-15 03:36:41 +00:00
67d2db0e7a kusakabe: add ipfs 2021-01-15 03:36:34 +00:00
44f4e9a023 clouvider-fra01: add ipfs 2021-01-15 00:58:36 +00:00
d20dd06aaf clouvider-lon01: disable SSH open-to-all 2021-01-12 00:00:34 +00:00
ad516941e8 clouvider-lon01: SSH firewalling changes 2021-01-11 23:45:06 +00:00
9dd18e2cdc ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics 2021-01-11 17:44:23 +00:00
6b95f54ca7 ops/nixos/lib/common: add systemd collector to all systems 2021-01-07 10:01:36 +00:00
aba7285824 totoro: add twitternuke timer 2021-01-06 21:29:33 +00:00
d38601fabe etheroute-lon01: allow unifi websockets 2021-01-04 21:15:43 +00:00
c92fe8b139 swann: switch to unifiHacked 2021-01-04 20:52:13 +00:00
f91109cb50 nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules 2021-01-04 15:50:42 +00:00
045f9f5b22 etheroute-lon01: unifi needs tls_skip_verify 2021-01-03 15:32:00 +00:00
596752caa0 etheroute-lon01: add unifi.int 2021-01-03 03:35:24 +00:00
6fec69886a clouvider-fra01: add lukegb to deluge group too 2021-01-02 16:18:56 +00:00
b2d8acd4b9 swann: swap unifiPackage to pkgs.unifi
unifiBeta is no more: https://github.com/NixOS/nixpkgs/pull/107797
2020-12-31 01:31:01 +00:00
eb9d9f54a5 nix/pkgs/grafana-plugins: rework a bit 2020-12-30 03:30:24 +00:00
405997d312 totoro: teach how to install grafana plugins from nix 2020-12-30 02:56:31 +00:00
26e379dfb7 depot-wide: create logged-out.int.lukegb.com 2020-12-30 00:57:53 +00:00
33117f2b45 totoro: don't prepend GF_ to grafana extraConfig 2020-12-29 21:23:20 +00:00
be3ce89fb4 etheroute-lon01: unset allowed_domains 2020-12-29 20:55:01 +00:00
7573280e5b etheroute-lon01: de-redundantify int.lukegb.com cert 2020-12-29 20:37:33 +00:00
1c550cf508 etheroute-lon01: rejiggle pomerium policy 2020-12-29 20:11:41 +00:00
4e20db9fcc totoro: install grafana 2020-12-29 20:08:55 +00:00
11c4b77eab etheroute-lon01: send more identity headers 2020-12-29 20:00:52 +00:00
6317f7ffba swann: enable Prometheus smokeping_prober 2020-12-29 18:57:18 +00:00
8773350ba6 etheroute-lon01: add prometheus and alertmanager 2020-12-29 16:57:26 +00:00
7d0493cacd deluge: patch deluge-web to try logging in with a fixed password first 2020-12-28 20:04:27 +00:00
aa9c1eb17e etheroute-lon01: hint that it's-a-me, lukegb 2020-12-28 19:26:39 +00:00
6f65c77ad3 etheroute-lon01: fix databroker connection string 2020-12-28 19:11:25 +00:00
2c0de76c8b etheroute-lon01: use redis for pomerium databroker storage 2020-12-28 19:09:55 +00:00
784138746f pomerium: document all known pomerium options as nixos module options 2020-12-28 18:54:00 +00:00
d3f6442301 etheroute-lon01: add things on clouvider-fra01 2020-12-28 15:56:54 +00:00
3a112b8218 clouvider-fra01: simplify 2020-12-28 15:54:43 +00:00
721018520b etheroute-lon01/pomerium: enable http redirect server 2020-12-28 15:40:13 +00:00
41bdeda58a pomerium: various fixups to make this work 2020-12-28 15:27:18 +00:00
10c6ddc4c9 etheroute-lon01: install pomerium 2020-12-28 14:08:24 +00:00
3ee1906b97 ops/nixos: init etheroute-lon01 2020-12-26 23:36:34 +00:00
161ed2af50 porcorosso: add lukegb to lxd group 2020-12-26 15:41:02 +00:00
8e2670548d porcorosso: enable lxd 2020-12-26 15:39:41 +00:00
ee5a7dc6ec porcorosso: intel 2020-12-23 23:35:16 +00:00
34d9b4eda5 hm/graphical-client: pull in nm-applet only for i3 2020-12-19 19:39:13 +00:00
9a14eadbb6 porcorosso: move intel selection to a nixos specialisation 2020-12-19 19:38:57 +00:00
cb4ba45b1b hm/graphical-client: enable nm-applet
I'm assuming (probably wrongly) that anything using my graphical-client preset
is _also_ using NetworkManager, which is probably true for real client machines
but may not be true on terminal services machines which also end up with this
preset.

Whatever, I'll work it out later.
2020-12-19 19:25:15 +00:00
d13dca3f02 porcorosso: switch to intel again 2020-12-19 19:23:02 +00:00
c59b3843c7 porcorosso: enable fwupd 2020-12-19 19:26:36 +00:00
2e50ce0489 porcorosso: enable the intermec-cups-driver 2020-12-19 19:26:25 +00:00
808b506123 ops/nixos/lib/low-space: fix 2020-12-06 15:22:40 +00:00
26de73b0fb marukuru: set journald SystemMaxUse to cap log size 2020-12-06 15:18:14 +00:00
9244e44518 ops/nixos/lib/common: add lukegb to 'audio' group 2020-12-03 03:00:40 +00:00
7b9191f261 clouvider-lon01: factorio: open firewall 2020-11-30 19:53:57 +00:00
23e97ff266 ops/nixos: add whitby-distributed to clouvider-lon01 2020-11-30 23:21:56 +00:00
52fc2c36dc clouvider-fra01: bump stateVersion, yolo
This will cause Deluge to update to Deluge2.
2020-11-29 02:31:29 +00:00
a589ca3e1f ops/nixos: remove propagatedBuildInputs from mercurial override 2020-11-25 13:12:36 +00:00
b82fbfb9f8 porcorosso: add obs-studio 2020-11-25 02:13:14 +00:00
8c36ae940b clouvider-lon01: add factorio server 2020-11-24 04:50:31 +00:00
311fc015f4 porcorosso: install Factorio 2020-11-24 02:56:18 +00:00
094f2334f8 ops/nixos/lib/home-manager: swap isDarwin for 'is external' check 2020-11-23 16:47:17 +00:00
80e85feede home-manager-ext: init
To allow using my home-manager config on Darwin (and other non-NixOS
machines), I introduce the concept of home-manager-ext, which gives
me a much easier hook to import my config elsewhere.
2020-11-23 07:22:00 -08:00
0f86867d05 porcorosso: swap /root for a bindmount instead 2020-11-23 15:19:23 +00:00
2043572a2b porcorosso: make /root a /persist/root symlink 2020-11-22 14:44:49 +00:00
5de4937d6d Add a GITHUB_TOKEN to my environment everywhere. 2020-11-21 00:51:24 +00:00
26352c7065 ops/nixos: add ability to define additional things to be scraped, use this for coredns 2020-11-18 02:02:23 +00:00
588a47e97f swann: set swann as DNS server for DHCP 2020-11-18 01:50:16 +00:00
68deb62b38 swann: enable coredns and use google public DNS over TLS 2020-11-18 01:49:44 +00:00
c0a6e48970 ops/nixos: add dnsutils to common for dig 2020-11-18 01:27:50 +00:00
087d774b56 swann: forward port 80 and 443 to totoro 2020-11-18 01:31:57 +00:00
2df9344303 totoro: set up pancake 2020-11-17 03:14:04 +00:00
4cb36fffbb totoro: add /srv and /srv/pancake 2020-11-17 02:39:01 +00:00
a31599ad1b ops/nixos: add restic everywhere 2020-11-17 02:21:46 +00:00
4a0897b0cb ops/nixos: add new packages, move other packages around 2020-11-17 02:10:23 +00:00
492d57ef29 hm/graphical-client: enable vaapi on chromium 2020-11-15 21:29:15 +00:00
8a9c00c7f0 porcorosso: add some vdpau/vaapi packages 2020-11-15 21:23:47 +00:00
6c91bbe714 hm: set up ssh 2020-11-09 00:21:32 +00:00
f2c8e2d3bf hm/graphical-client: set up session vars 2020-11-08 15:49:12 +00:00
07b76f5cf9 clouvider-lon01: only listen on specified IPs 2020-11-07 14:20:46 +00:00
b2384d844d clouvider-lon01: disable automatic nix-gc
It's used as a Nix build cache machine - since we don't have gcroot
generation, it's better to just not collect garbage for the moment.
2020-11-06 05:21:37 +00:00
65c2fce8a7 swann: add unifi-poller 2020-11-06 05:02:05 +00:00
17ac1212dd ops/nixos: add totoro as prometheus box; enable node-exporter everywhere 2020-11-06 04:52:54 +00:00
eba4f33a63 totoro: remove openshift cruft 2020-11-06 04:11:16 +00:00
b58f13a145 ops/nixos: globally enable zramSwap 2020-11-05 02:03:20 +00:00
57d4f7f05e nixos/home-manager: do ssh-add when making a login shell 2020-11-05 01:57:55 +00:00
bad3be7574 ops: tweak SSH auth; add red solo SK-resident key 2020-11-05 01:50:16 +00:00
2c0b4e3bb6 porcorosso: add libvirtd 2020-11-03 16:03:22 +00:00
cc5152300c marukuru/deployer: expose tailscale IPs 2020-11-04 21:58:49 +00:00
82c751a6e4 swann: install Unifi controller 2020-11-04 21:53:14 +00:00
a507a5380d ops/nixos: allow all traffic in on tailscale0 2020-11-04 21:53:02 +00:00
8d4b7f8c47 bgp: add default to satisfy ixvm-fra01 2020-11-04 17:41:28 +00:00
855feececa clouvider-lon01: set up as cache builder 2020-11-04 17:30:28 +00:00
252ad42fb2 clouvider-lon01: add minotarproxy 2020-11-04 17:23:52 +00:00
db911ee156 porcorosso: add libvirt persistance 2020-11-04 17:09:53 +00:00
86a09dab73 clouvider-lon01: add minotarproxy IPs 2020-11-04 16:41:15 +00:00
4da102053c clouvider-lon01: add ZNC 2020-11-04 16:27:46 +00:00
129bdd0e69 clouvider-lon01: update tailscale IP 2020-11-04 15:53:18 +00:00
7795bd1d0f clouvider-lon01: init 2020-11-04 15:51:55 +00:00
1233ac2d14 swann: tweak firewall params 2020-11-04 14:27:19 +00:00
d78f055270 ops: add lukegb_porcorosso_linux key 2020-11-03 15:25:03 +00:00
847e827d0a depot: fix up things 2020-11-01 21:39:25 +00:00
7a19e14649 ops/nixos: define a new my.ip.tailscale option which gets put into /etc/hosts everywhere 2020-11-01 18:25:01 +00:00
9499761e7f home-manager: set EDITOR and VISUAL to vim 2020-11-01 18:11:48 +00:00
658c98934b nixos/lib/common: update SSH authorized_keys 2020-11-01 14:42:52 +00:00
72ae247e4a swann: tune cake parameters 2020-11-01 14:33:18 +00:00
3acb27f020 swann: init 2020-11-01 14:25:17 +00:00
74371dbe8a totoro: add br-int interface 2020-10-31 17:04:30 +00:00
d3bee9d2de ops/nixos: import home-manager into lib/common 2020-10-31 11:44:52 +00:00
4ea585daa2 ixvm-fra01: update to new ASN 2020-10-28 14:41:42 +00:00
f5c80fe35d ops/nixos: further tweaks 2020-10-25 12:00:15 +00:00
29fa1e35fd nixos: start using home-manager 2020-10-25 11:36:16 +00:00
4e14ee8111 ops/nixos: mark nix.gc.automatic as default 2020-10-18 12:59:33 +00:00
e3f83ad608 ops/nixos: run nix-collect-garbage daily, except on clients 2020-10-18 01:17:35 +00:00
1aa2236f64 graphical-client: add dino 2020-10-17 12:17:47 +01:00
89d3afd8f0 ops/nixos: move some things into a graphical-clients module 2020-10-17 12:17:18 +01:00
6edb818126 ixvm-fra01: add kernel modules for VirtIO disk 2020-10-15 13:50:52 +00:00
3bab7ede2d totoro: add secretsync 2020-10-15 13:22:18 +00:00
d5d4d6eb33 kusakabe: updates for XMPP 2020-10-15 13:24:37 +00:00
e0969055f6 ops/nixos: make references to nixpkgs modules use relative paths 2020-10-10 19:39:26 +00:00
11a7fefe1c totoro: add openshift dependencies, tailscale expose 192.168.1.0/24 2020-09-13 15:16:03 +00:00
949c86e816 kusakabe: enable send-proxy-v2 for requests to OKD haproxy 2020-10-06 00:29:37 +00:00
382dad7c6d marukuru: add nix config to deployer container 2020-10-04 03:00:03 +01:00
190606746c ops/nixos/lib/common: add the binary cache credentials to nix.envVars 2020-10-04 02:56:34 +01:00
ee7ad0adfd kusakabe: also expose k8s apiserver 2020-10-04 01:15:58 +01:00
27f446fa8e porcorosso: enable podman 2020-10-04 01:03:28 +01:00
2c613bf2f1 porcorosso: switch back to nvidia 2020-10-04 00:11:45 +01:00
4b878360f5 kusakabe: add postgresql for twitterchiver 2020-10-03 23:13:20 +00:00
2b4f4d6b16 kusakabe: revamp config as VM host 2020-10-02 14:21:49 +00:00
7b53535355 misc: fix up after nixpkgs update 2020-09-30 17:39:34 +00:00
ae0eda1ba8 marukuru: disable gitlab's built-in prometheus instance 2020-09-30 16:09:41 +00:00
0a3a2043b1 porcorosso: switch to intel for X11; I'm on the move 2020-08-22 17:07:43 +01:00
ea8020262c ops/nixos/lib/common: add rsync 2020-09-07 10:59:47 +00:00
96f736ab7e marukuru/deployer: add rsync 2020-09-07 11:05:24 +00:00
03e5dbd72e kusakabe: enable libvirtd 2020-09-07 10:47:43 +00:00
054c4ee1dd porcorosso: remove obsolete fonts.fontconfig.penultimate option 2020-09-06 17:02:27 +00:00
ab0f4b5863 ops/nixos/lib/common: replace deployer password with ! 2020-09-06 16:45:56 +00:00
7b61a7e558 marukuru: migrate to virtualisation.oci-containers 2020-09-06 16:38:54 +00:00
863c7028f0 ops/nixos: add tailscale to common 2020-09-06 16:26:48 +00:00
36cca90e55 ops/nixos: add kusakabe 2020-09-05 18:37:06 +00:00
a71cb99af8 nixos/porcorosso: add totoro as a builder 2020-07-19 18:47:40 +01:00
24ba5c1c36 nixos: abstract out distributed builds 2020-07-19 18:20:21 +01:00
d629c95212 ops/nixos/totoro: add oven-media-engine 2020-07-19 17:59:20 +01:00
2088559ef5 porcorosso: add totoro mount 2020-07-19 17:49:56 +01:00
5efba00e97 ops/nixos/lib/common: add tmux 2020-07-08 18:36:21 +00:00
a74909c070 totoro: add irssi 2020-07-08 18:35:48 +00:00
a1115de05f totoro: use whitby as a build machine 2020-07-08 18:34:33 +00:00
88fbb167c9 totoro: add NFS 2020-07-04 19:36:38 +00:00
279be2c2c3 porcorosso: install virtmanager{,-qt} 2020-06-28 23:24:53 +01:00
a62a67ffd2 totoro: add lukegb to libvirtd group 2020-06-28 22:23:43 +00:00
78fee25f20 totoro: set up libvirt 2020-06-28 22:22:43 +00:00
e1c3016e0e totoro: add client 2020-06-28 18:38:49 +00:00
00e2f9e1d3 ops/nixos: factor things useful on general 'workstation' machines out 2020-06-28 19:38:20 +01:00
21fa99f68e porcorosso: add ripgrep 2020-06-28 19:33:06 +01:00
002c0cafc7 totoro: init 2020-06-28 18:32:52 +00:00