d84075b124
clouvider-lon01: drop 92.118.28.0/24
2021-03-29 12:15:27 +00:00
3c7f759773
blade-paris/blade-tuvok: change v4/v6 announcements
2021-03-29 12:06:39 +00:00
b559512200
blade-paris/blade-tuvok: add BGP config
2021-03-29 11:47:44 +00:00
3ea210e884
marukuru: tweak GitLab Puma settings for low-mem
...
Per the GitLab docs
(https://docs.gitlab.com/ee/install/requirements.html#puma-settings ):
> If the operating system has a maximum 2 GB of memory, the recommended number
> of threads is 1. A higher value will result in excess swapping, and decrease
> performance.
and
> In a memory-constrained environment with less than 4GB of RAM available,
> consider disabling Puma Clustered mode.
>
> Configuring Puma by setting the amount of workers to 0 could reduce memory
> usage by hundreds of MB. For details on Puma worker and thread settings, see
> Puma settings.
2021-03-28 23:25:14 +00:00
a3ed8a6da3
hm: add ntfy everywhere
2021-03-28 23:08:02 +00:00
0b1ccae353
bvm-prosody: actually name depot...
2021-03-28 22:52:04 +00:00
a44b09fb46
bvm-twitterchiver: create twitterchiver user
2021-03-28 22:48:43 +00:00
5a3a55e302
bvm-prosody: add coturn
2021-03-28 22:46:55 +00:00
efe1aa51db
bvm-twitterchiver: add postgresql
2021-03-28 22:46:44 +00:00
d32585bff6
bvm-ipfs: enable ipfs
2021-03-28 15:34:54 +00:00
2b8dce0920
depot-wide: overhaul GitLab CI configuration
...
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
2021-03-28 15:27:46 +00:00
f8b4903286
bvm-prosody: add tailscale IP
2021-03-28 14:33:54 +00:00
2eeba92d9e
bvm-twitterchiver: add tailscale IP
2021-03-28 14:32:16 +00:00
e6c56c9a74
bvm-ipfs: add tailscale IP
2021-03-28 14:00:25 +00:00
7979d936a4
ops/nixos: init bvm-{twitterchiver,prosody,ipfs}
2021-03-28 13:10:27 +00:00
f27a8f8f1a
ops/nixos: mkBefore needs lib. in bvm.nix/blade.nix
2021-03-28 12:32:01 +00:00
f34d539462
bvm-nixosmgmt: condense down and abstract out
2021-03-28 12:26:11 +00:00
c1f450eb33
ops/nixos: flesh out DNS for internal blade IPs
2021-03-28 12:18:06 +00:00
0b60a516b4
bvm-nixosmgmt: actually change the hostname
2021-03-28 02:04:41 +00:00
701ab955af
coredns: update serial for as205479.net
2021-03-28 01:16:10 +00:00
b2e2f965c5
ops/nixos: rename various machines to comply with naming convention
...
* *-frantech should be frantech-*, it's provider first
* blade VMs now all begin bvm-
2021-03-28 00:34:36 +00:00
1883186bb8
hm/graphical-client: switch to google-chrome-beta from chromium
2021-03-25 10:54:01 +00:00
a99e0309c5
ops/nixos/fup: switch to using config file
2021-03-23 00:58:18 +00:00
11ed74003a
nixos/fup: allow large file uploads
2021-03-22 13:56:16 +00:00
86d9292cd1
blade-tuvok: change fup to listen on wildcard
...
It's broken otherwise, since the default server is based on the incoming IP,
and the precise listed IPs are more tightly binding.
2021-03-22 13:46:28 +00:00
ff5ea120e5
blade-tuvok/fup: override listen IPs
2021-03-22 02:50:27 +00:00
ca642bfa5e
blade-tuvok: add fup
2021-03-22 02:43:17 +00:00
787b04737e
treewide: add some SPDX headers
2021-03-20 20:46:56 +00:00
35cc195717
common: remove everything from hosts files
2021-03-20 16:42:08 +00:00
99dce2de2a
as205479.net: add totoro.int
2021-03-20 16:41:26 +00:00
33fd1da091
dns: add blades to zone
2021-03-20 15:22:09 +00:00
4c78164384
ops/nixos/common: set search domains
2021-03-20 15:01:28 +00:00
5cf89fbc2f
switch-prebuilt: check for existence before nix copy
2021-03-20 13:37:08 +00:00
422c47c3e0
switch-prebuilt: run stuff assuming we're a trusted-user
2021-03-20 13:22:17 +00:00
be5eee48b3
switch-prebuilt: init
2021-03-20 12:39:23 +00:00
154db9706a
lib/common: add deployer to trustedUsers
2021-03-20 12:34:01 +00:00
7737f962a9
marukuru/deployer: add jq somewhere more sensible
2021-03-20 12:17:41 +00:00
d8086e7042
ops/nixos: add jq everywhere
2021-03-20 12:11:45 +00:00
705bcd9446
marukuru/deployer: add jq
2021-03-20 11:57:21 +00:00
627c8bf17c
lib/coredns: fix firewall
2021-03-20 02:06:08 +00:00
b0a6ebe52d
ops/nixos: add coredns
2021-03-20 02:03:23 +00:00
7f27f9fb79
tuvok/paris: enable keepalived
2021-03-20 01:08:33 +00:00
c51e5d478d
lib/common: add --delete-older-than
2021-03-19 21:29:54 +00:00
9036f02fd0
blade-tuvok: allow 80/443
2021-03-19 21:27:42 +00:00
9ddb5d75f2
blade: restrict ceph firewall rules to storage network
2021-03-19 21:27:15 +00:00
4f5f2a780a
nixos-mgmt: init
2021-03-19 20:28:24 +00:00
3f3c92addc
blade-tuvok: serve objdump directly
2021-03-19 19:45:03 +00:00
10c7ee76b3
{las,lux,nyc}01-frantech: add tailscale IPs
2021-03-19 16:16:06 +00:00
0f0f61f2df
installcd: add to ci-root; tweak store
2021-03-19 01:19:14 +00:00
db1b568d63
{lux,las,nyc}01-frantech: init
2021-03-19 01:11:37 +00:00
c26a321f5f
home-manager: drop enableVaapi
2021-03-18 23:56:25 +00:00
4a381f03d3
ops/nixos: create installcd
2021-03-18 23:51:38 +00:00
665dc16239
etheroute-lon01: bump timeout, which is just 'timeout'
2021-03-18 23:50:54 +00:00
04a7792ad1
totoro: add NodeExporterDown alerts
2021-03-15 01:25:19 +00:00
dc2fb8e2b1
totoro: add power use alerts for blade system
2021-03-15 01:20:26 +00:00
238d3ad7a8
totoro: add pushover alertmanager output
2021-03-15 00:58:37 +00:00
c682fc0422
blade: fix serial console
2021-03-14 17:39:07 +00:00
bb1178e82c
blade: enable serial console for GRUB and boot
2021-03-14 17:34:08 +00:00
ff2be56561
blade: disable coredump writing
2021-03-14 17:25:03 +00:00
f3c5990de4
blade: nit: forgot a )
2021-03-14 15:56:58 +00:00
22dadde50a
blade-torres: remap en-storage onto a vlan
2021-03-14 15:52:53 +00:00
b3def9be96
ceph: add /var/lib/ceph mount
2021-03-14 14:35:36 +00:00
22cb1575b4
ceph: set up storage network 10.100.2.0/24
2021-03-14 14:35:32 +00:00
a51b864d0d
etheroute-lon01: set more finegrained timeouts
2021-03-14 13:00:37 +00:00
da6c3854bd
etheroute-lon01: move to objdump.zxcvbnm.ninja
2021-03-14 11:46:05 +00:00
38e34e2210
etheroute-lon01: add objdump.lukegb.com
2021-03-14 11:44:17 +00:00
f300882cea
ixvm-fra01: delete
2021-03-14 02:04:09 +00:00
dc68fb7305
blade: correct IP
2021-03-14 02:01:42 +00:00
74fd32c0b8
ops/nixos/blade: switch mon IPs in config
2021-03-14 01:23:24 +00:00
b51cf06282
totoro: prometheus: remove valveindexinstock, add snmp
2021-03-14 01:13:37 +00:00
a763c85e3d
blade: allow tailscale 41641/udp
2021-03-13 20:58:43 +00:00
e979f4e83e
blade: move journald storage to volatile
2021-03-13 20:57:04 +00:00
82655bcb8a
porcorosso: remove /home/lukegb/mnt
2021-03-13 20:56:57 +00:00
2f183e56dd
ops/nixos: fix systemPathJSON by using writeText instead of toFile
2021-03-13 17:05:49 +00:00
b01c15b85f
ops/nixos: make systems.json refer to the actual paths
2021-03-13 17:02:13 +00:00
9df7818dc5
ops/nixos: add systemPathJSON
...
This is a file which contains a mapping of system name to their store path, to
allow for easier retrieval from GCS.
2021-03-13 16:57:28 +00:00
cd29df194a
blade-paris: set default gateway for final resting place
2021-03-13 16:41:21 +00:00
b2a085f84c
ops/nixos/blade: enable NAT on routers
2021-03-13 16:41:05 +00:00
53b7ca1c8a
ops/nixos: revamp blade network config
2021-03-12 14:47:08 +00:00
b014ef780b
clouvider-lon01: give minotarproxy more IPs
2021-03-01 17:16:06 +00:00
7cd70420c6
blade-janeway: fix interfaces
2021-02-25 12:29:05 +00:00
a7094217ba
blade: tweak networking
2021-02-24 19:58:15 +00:00
e6c0cdc415
totoro: fix up valve index alerting
2021-02-23 01:07:33 +00:00
dc996b324b
totoro: add valveindexinstock
2021-02-23 00:16:41 +00:00
7c4334591a
kusakabe: disable send-proxy-v2 for openshift
2021-02-17 04:33:08 +00:00
5018ba70cd
home-manager/common: add iotop/iftop
2021-02-14 21:40:41 +00:00
caea9c19c4
lib/blade: mount boot drive to /boot
2021-02-13 16:07:33 +00:00
2596579835
lib/blade: add a ceph-osd-lvm-activate to prep the OSDs
2021-02-13 16:29:18 +00:00
0b865c968e
porcorosso: add lukegb to video group
2021-02-13 13:55:28 +00:00
6c9b15e908
porcorosso: enable acpilight
2021-02-13 13:50:13 +00:00
93b5d2c288
ops/nixos: enable ceph in libvirtd
2021-02-11 02:21:59 +00:00
a484168097
lib/blade: add ceph support to libvirtd
2021-02-11 00:34:27 +00:00
c94e94284f
lib/blade: decrease miimon
2021-02-11 00:27:25 +00:00
fc14641404
lib/blade: enable libvirtd group for lukegb
2021-02-11 00:22:47 +00:00
e81c71b85f
lib/blade: enable acpi_power_meter
2021-02-11 00:22:39 +00:00
82503b6192
ops/nixos/lib/blade: enable polkit for libvirtd access
2021-02-11 00:13:32 +00:00
4a53baab51
ops/nixos: fix lib/blade.nix
2021-02-10 23:39:36 +00:00
270b461b97
ops/nixos: create br-ext and put everything on it
2021-02-10 23:38:05 +00:00
5aa39f0693
ops/nixos: add osd daemons
2021-02-09 22:29:11 +00:00
4f043bb45a
ops/nixos: disable osd on hosts where I haven't set it up yet
2021-02-09 21:57:49 +00:00
372aed550f
ops/nixos: enable osds on blade-janeway
2021-02-09 21:47:04 +00:00
1ed83bd25a
ops/nixos/blade: add ceph
2021-02-09 01:17:54 +00:00
3239c4b0b6
blade-kim,blade-paris: add config
2021-02-09 00:00:18 +00:00
d2b95065e0
ops/nixos: populate tailscale IPs for chakotay, torres, tuvok
2021-02-08 22:33:42 +00:00
dad04a0062
ops/nixos: add other blade hosts
...
blade-paris and blade-kim are TBD
2021-02-08 22:26:22 +00:00
36bb93a80e
blade-janeway: add prefixLength (oops)
2021-02-08 20:46:39 +00:00
51a4d4bf36
porcorosso: enable avahi
2021-02-08 20:45:21 +00:00
37be1e38f8
ops/nixos: switch blades to static IPs
2021-02-08 20:45:15 +00:00
f55f861e17
ops/nixos: split most of blade-janeway into lib/blade.nix
2021-02-07 21:23:23 +00:00
b0e58ab198
ops/nixos: rename blade-leader to blade-janeway
2021-02-07 20:21:32 +00:00
e6f4d37982
ops/nixos: add fwupd to common
2021-01-30 18:47:12 +00:00
78040f6c94
nix/pkgs: init hp-rom; add to netboot
2021-01-30 18:47:01 +00:00
5d1284a26c
netboot: add mprime
2021-01-30 17:56:46 +00:00
8c4c8b3ccc
ops/nixos: add netboot for netbooting a basic system with my defaults
2021-01-30 15:40:33 +00:00
ba65db5865
ops/nixos: init blade-leader
2021-01-30 04:30:05 +00:00
c7df81d6a1
clouvider-fra01: add ts3spotifybot
2021-01-27 18:39:58 +00:00
413c38e348
kusakabe: rsyncd
2021-01-27 13:48:29 +00:00
25774139d1
ops/nixos: enable IPFS filestore on all nodes
2021-01-26 11:40:36 +00:00
7ec8e08ff0
totoro: add quotesdb for dev purposes
2021-01-20 17:55:31 +00:00
1fe4e04464
ops/nixos: add dev-quotes.bfob.gg to server aliases
2021-01-20 00:22:54 +00:00
5ee6a1c3b7
ops/nixos/quotes.bfob.gg: add my.quotesdb.listen option
2021-01-20 00:21:21 +00:00
b7574660de
web/quotes: prodify
2021-01-19 23:43:43 +00:00
ef81a0c080
quotes.bfob.gg: add to clouvider-lon01
2021-01-19 23:41:47 +00:00
d12fb60c20
kusakabe: open ipfs ports properly
2021-01-15 03:58:41 +00:00
6d3a3de05e
totoro: fix
2021-01-15 03:42:38 +00:00
b7bd209b5e
swann: forward IPFS ports to totoro
2021-01-15 03:41:24 +00:00
e4902496a7
totoro: add ipfs ports to firewall
2021-01-15 03:39:36 +00:00
2a7b7517a8
totoro: enable ipfs
2021-01-15 03:38:43 +00:00
a549f5bec3
clouvider-fra01: add ipfs UDP ports to firewall
2021-01-15 03:36:41 +00:00
67d2db0e7a
kusakabe: add ipfs
2021-01-15 03:36:34 +00:00
44f4e9a023
clouvider-fra01: add ipfs
2021-01-15 00:58:36 +00:00
d20dd06aaf
clouvider-lon01: disable SSH open-to-all
2021-01-12 00:00:34 +00:00
ad516941e8
clouvider-lon01: SSH firewalling changes
2021-01-11 23:45:06 +00:00
9dd18e2cdc
ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics
2021-01-11 17:44:23 +00:00
6b95f54ca7
ops/nixos/lib/common: add systemd collector to all systems
2021-01-07 10:01:36 +00:00
aba7285824
totoro: add twitternuke timer
2021-01-06 21:29:33 +00:00
d38601fabe
etheroute-lon01: allow unifi websockets
2021-01-04 21:15:43 +00:00
c92fe8b139
swann: switch to unifiHacked
2021-01-04 20:52:13 +00:00
f91109cb50
nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules
2021-01-04 15:50:42 +00:00
045f9f5b22
etheroute-lon01: unifi needs tls_skip_verify
2021-01-03 15:32:00 +00:00
596752caa0
etheroute-lon01: add unifi.int
2021-01-03 03:35:24 +00:00
6fec69886a
clouvider-fra01: add lukegb to deluge group too
2021-01-02 16:18:56 +00:00
b2d8acd4b9
swann: swap unifiPackage to pkgs.unifi
...
unifiBeta is no more: https://github.com/NixOS/nixpkgs/pull/107797
2020-12-31 01:31:01 +00:00
eb9d9f54a5
nix/pkgs/grafana-plugins: rework a bit
2020-12-30 03:30:24 +00:00
405997d312
totoro: teach how to install grafana plugins from nix
2020-12-30 02:56:31 +00:00
26e379dfb7
depot-wide: create logged-out.int.lukegb.com
2020-12-30 00:57:53 +00:00
33117f2b45
totoro: don't prepend GF_ to grafana extraConfig
2020-12-29 21:23:20 +00:00
be3ce89fb4
etheroute-lon01: unset allowed_domains
2020-12-29 20:55:01 +00:00
7573280e5b
etheroute-lon01: de-redundantify int.lukegb.com cert
2020-12-29 20:37:33 +00:00
1c550cf508
etheroute-lon01: rejiggle pomerium policy
2020-12-29 20:11:41 +00:00