Commit graph

498 commits

Author SHA1 Message Date
ddfb0d084d swann: fix interface name 2021-05-12 18:19:09 +00:00
865329da21 swann: sneakily allocate myself :2 2021-05-12 18:15:57 +00:00
6ae099999f swann: enable ndppd/radvd 2021-05-12 18:12:41 +00:00
df870ded34 as205479.net: add fp-la{,-pri,-sec} 2021-05-09 11:28:28 +00:00
34117ecd00 bvm-nixosmgmt: allocate .5 2021-05-09 10:26:34 +00:00
b7cd20c769 ops/nixos: refactoring for sway 2021-05-06 03:56:20 +01:00
1c571d965a ops/nixos: add wayland support 2021-05-05 22:13:27 +01:00
561501afb7 howl: wait, there is no eno1 2021-05-05 21:54:02 +01:00
49c1af6624 howl: don't wait for dhcpcd 2021-05-05 00:04:30 +00:00
38a405cb72 howl: add Tailscale IP 2021-05-05 00:01:34 +00:00
df6a1fe819 howl: suspend loop workaround 2021-05-05 21:48:17 +01:00
c31da4140c ops/nixos/howl: init 2021-04-29 12:16:49 +00:00
dfb62d8c7e totoro: switch to postgresql_13 2021-04-25 21:44:05 +00:00
a4631a8fda ops/nixos/lib/blade: set rgw_data_log_backing back to omap 2021-04-23 13:32:34 +00:00
f3a99c40d3 totoro: oops, indent 2021-04-20 14:48:00 +00:00
6cba0be3b5 totoro: move all rules into a single group 2021-04-20 14:35:23 +00:00
eb9b1a43c0 Backed out changeset 4c2687c43d66 2021-04-20 14:18:45 +00:00
02ca2a46be totoro: attempt to repair rules by adding more blanks 2021-04-20 14:11:38 +00:00
3c48f56f6e totoro: track NixOS channels in my local Prometheus 2021-04-20 14:00:17 +00:00
36cc88bcef ipfs: add to pomerium, explicitly set IPs for swarm 2021-04-18 16:24:59 +00:00
42e8b1eed0 bvm-ipfs: add public IPv4/v6 addresses 2021-04-18 16:04:25 +00:00
2ee3044113 switch-prebuilt: use nix build instead of nix copy to use cache.nixos.org 2021-04-17 23:55:31 +00:00
43e8e05e7b ops/nixos: tweak alacritty settings 2021-04-17 20:28:27 +01:00
11066035e2 ops/nixos: add alacritty everywhere 2021-04-17 20:17:43 +01:00
0372f4b848 ops/nixos: set isNormalUser for all existing users
Now there's an assertion which requires either isNormalUser or isSystemUser, so
we set one of them for all the users we have already.
2021-04-17 20:16:27 +01:00
258d62613f ops/nixos/swann: drop unifiPackage, switch back to stock 2021-04-13 17:15:42 +00:00
4707c69469 bvm-nixosmgmt: add nix to rundeck 2021-04-10 23:12:24 +00:00
c398482f7b bvm-nixosmgmt: add openssh to path 2021-04-10 22:35:53 +00:00
e0241545d2 add mercurial to rundeck path 2021-04-10 22:17:28 +00:00
0ea95ab402 blade-{chakotay,kim}: disable rundeck; expected offline 2021-04-10 20:16:44 +00:00
bfa7051e2f ops/nixos: tidy up hostnames 2021-04-10 20:15:30 +00:00
1b3cb3f723 ops/secrets: add rundeck_deployer_rsa.pub 2021-04-10 20:01:31 +00:00
ecd086eae4 ops/nixos: set up things for generating rundeck nodes 2021-04-10 19:59:56 +00:00
5533fd502a ops/nixos: try setting searchDomains differently 2021-04-10 19:40:10 +00:00
d96ef542d7 etheroute-lon01: set X-Forwarded-Roles header for rundeck 2021-04-10 19:22:54 +00:00
d9662bcd10 etheroute-lon01: add rundeck 2021-04-10 17:22:11 +00:00
00cb06aff2 bvm-nixosmgmt: add rundeck 2021-04-10 17:20:35 +00:00
f1121433cf ci-root: actually index with current system (oops) 2021-04-09 19:31:58 +01:00
c65e8b8a54 ops/home-manager-ext: add built attribute
This is so we can more easily build these things on CI.
2021-04-09 18:14:31 +00:00
91f6cb3317 clouvider-lon01: add mac-mini as remote builder 2021-04-09 18:14:06 +00:00
6465f98036 as205479.net: add mac-mini.int 2021-04-09 18:51:07 +01:00
02db8ea7cb ops/nixos/lib/hm: support macOS again
The ntfy package expects to have pyobjc available when running under Darwin,
which is currently broken in nixpkgs. There's a fairly involved ongoing effort
to package it again, but in the mean time we just patch out the dep. I'm using
the pushover backend anyway.

To avoid having to rebuild it rather than just fetch from the NixOS cache, I
only override it when running on Darwin.
2021-04-09 18:48:46 +01:00
bb03f5ea0d ops/nixos: fixups for upstream pomerium module 2021-04-07 00:46:15 +00:00
13f2f79e6d graphical-client: add wallpapers
If I find more I like, I'll add them here, I guess. For the moment, there's
just the one.
2021-04-06 09:53:56 +01:00
f5622acaf7 nix/pkgs/flameshot: bump to my patched version 2021-04-05 14:57:59 +01:00
48bdb3559c lib/hm/graphical-client: add flameshot to environment 2021-04-05 13:00:02 +01:00
21fe79c904 ops/nixos: enable flameshot on graphical-client hosts 2021-04-05 12:42:35 +01:00
549b4f1ccc porcorosso: switch to pipewire 2021-04-05 12:40:41 +01:00
d582d3f352 ops/nixos/lib: inline latest_system_closure.sh
I can't be bothered to make it a proper script, and I also don't really want to
rely on invoking nix-shell at runtime (I'd rather have all the needed tools in
the system closure).
2021-04-04 19:35:38 +01:00
8dab1a04fe ops/nixos/lib: fix latest_system_closure for machines with - in hostname 2021-04-04 19:25:02 +01:00
33cfba2e2f ops/nixos/lib: enable 'switch-prebuilt latest' for getting latest closure 2021-04-04 18:25:01 +01:00
09a6c8cafe marukuru: switch heptapod image to being built with dockerTools
Fixes #1
2021-04-02 01:39:01 +00:00
fe3f343ef9 bvm-prosody: configure prosody 2021-04-02 00:52:45 +00:00
fbc3b47854 bvm-prosody: fix :/ 2021-04-01 15:55:54 +00:00
bcf1266bfe bvm-prosody: configure IP addresses 2021-04-01 15:50:27 +00:00
bab069b286 bvm-twitterchiver: add twitterchiver-{relatedfetcher,archiver} 2021-04-01 00:22:57 +00:00
0961a68532 twitterchiver: add secrets 2021-03-31 23:52:38 +00:00
8d4e26d3cf bvm-twitterchiver: use correct twitterchiver-viewer name 2021-03-31 23:44:52 +00:00
3073f290b0 bvm-twitterchiver: fix 2021-03-31 23:38:39 +00:00
69aba17ba4 bvm-twitterchiver: add twitterchiver-viewer 2021-03-31 23:33:44 +00:00
66bfd9a458 etheroute-lon01: add twitterchiver 2021-03-31 22:37:01 +00:00
bea33016f6 nixos/blade: oops, forgot }; 2021-03-31 21:20:56 +00:00
5b63d1555a nixos/blade: use tmpfs for /var/log and /var/cache 2021-03-31 21:20:08 +00:00
c972f3ae12 as205479.net: add bvm-win10 2021-03-31 19:39:56 +00:00
4ab9e1b19e marukuru: tweak gitlab settings 2021-03-30 20:49:42 +01:00
e2dffeceb5 marukuru: need to enable experimental mode 2021-03-30 20:23:26 +01:00
357a9ca041 marukuru: set random collection of IPv6 Docker options 2021-03-30 20:11:19 +01:00
f71179cbd6 coredns: add bvm-korobi 2021-03-30 12:51:17 +01:00
62dce112db blade-router: fix radvd prefix to actually be onlink 2021-03-30 11:59:27 +01:00
4c013cb2bc blade-router: use absolute path to birdc 2021-03-30 00:18:08 +00:00
e80a1750b8 blade-router: tweak notify script config 2021-03-30 00:09:02 +00:00
8b2238cf1e blade-router: add shebang to VRRP notify script 2021-03-30 00:01:19 +00:00
f05a063fce blade-router: add keepalived notify script for announcing/withdrawing routes 2021-03-29 23:54:26 +00:00
1071202e7f coredns: update DNS to match swapped IPs 2021-03-29 23:13:01 +00:00
bff07335b5 blade-router: switch router VIP 2021-03-29 23:09:26 +00:00
cae0c4eb94 blade-router: we need config attribute... 2021-03-29 23:29:26 +01:00
a5ffe43e14 blade-paris: fix imports 2021-03-29 23:28:30 +01:00
7de4d2690e blade-router: put radvd config in correct place 2021-03-29 23:27:40 +01:00
c5fc727f7a blade-router: fix 2021-03-29 23:26:50 +01:00
b09773e945 blade-paris: fix import 2021-03-29 23:25:50 +01:00
ac63880ed7 ops/nixos: abstract into blade-router 2021-03-29 23:24:57 +01:00
8236c7f698 blade-{paris,tuvok}: add radvd 2021-03-29 23:04:26 +01:00
878a457c83 blade-{paris,tuvok}: allow IPv6 VRRP as well... 2021-03-29 22:53:19 +01:00
c8b482c67a blade-{paris,tuvok}: add IPv6 link-local address as first
Mar 29 21:38:36 blade-tuvok Keepalived_vrrp[29221]: (mgmtGateway6) the first IPv6 VIP address should be link local
2021-03-29 22:43:53 +01:00
b0198cfa3d blade-{paris,tuvok}: split IPv4/IPv6 VRRP 2021-03-29 22:36:03 +01:00
0d46b6d4fe blade-{paris,tuvok}: add IPv6 gateway to keepalived 2021-03-29 21:03:06 +00:00
e1e3a24f36 ops/nixos/lib/coredns: add DNS records 2021-03-29 20:45:39 +00:00
b360944686 blade-{paris,tuvok}: add some IP addresses 2021-03-29 20:39:42 +00:00
d84075b124 clouvider-lon01: drop 92.118.28.0/24 2021-03-29 12:15:27 +00:00
3c7f759773 blade-paris/blade-tuvok: change v4/v6 announcements 2021-03-29 12:06:39 +00:00
b559512200 blade-paris/blade-tuvok: add BGP config 2021-03-29 11:47:44 +00:00
3ea210e884 marukuru: tweak GitLab Puma settings for low-mem
Per the GitLab docs
(https://docs.gitlab.com/ee/install/requirements.html#puma-settings):

> If the operating system has a maximum 2 GB of memory, the recommended number
> of threads is 1. A higher value will result in excess swapping, and decrease
> performance.

and

> In a memory-constrained environment with less than 4GB of RAM available,
> consider disabling Puma Clustered mode.
>
> Configuring Puma by setting the amount of workers to 0 could reduce memory
> usage by hundreds of MB. For details on Puma worker and thread settings, see
> Puma settings.
2021-03-28 23:25:14 +00:00
a3ed8a6da3 hm: add ntfy everywhere 2021-03-28 23:08:02 +00:00
0b1ccae353 bvm-prosody: actually name depot... 2021-03-28 22:52:04 +00:00
a44b09fb46 bvm-twitterchiver: create twitterchiver user 2021-03-28 22:48:43 +00:00
5a3a55e302 bvm-prosody: add coturn 2021-03-28 22:46:55 +00:00
efe1aa51db bvm-twitterchiver: add postgresql 2021-03-28 22:46:44 +00:00
d32585bff6 bvm-ipfs: enable ipfs 2021-03-28 15:34:54 +00:00
2b8dce0920 depot-wide: overhaul GitLab CI configuration
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
2021-03-28 15:27:46 +00:00
f8b4903286 bvm-prosody: add tailscale IP 2021-03-28 14:33:54 +00:00