b719181dfe
nixos: migrate to secretsmgr for sshd and ACME
2022-03-17 23:31:55 +00:00
daccfa5717
ops/nixos: migrate everything to vault-agent-acme
2022-03-07 00:52:03 +00:00
1cd0963bf5
blade-tuvok: add the forced-MAC's LL address
2022-01-30 17:54:59 +00:00
4b14ea5b4d
ops/nixos: remove rebuilder
...
It's in the common profile, we don't need it everywhere.
2022-01-23 16:57:20 +00:00
eb3b306439
Backed out changeset 073cf55ed346
...
Mischief managed
2022-01-15 13:32:47 +00:00
687d72cfdc
ops/nixos: experiment with ECMP
2022-01-15 13:32:41 +00:00
9be6bcaf2d
ops/nixos: set up gnetwork link
2022-01-14 19:42:06 +00:00
9ccf3b333d
blade-tuvok: provide a proper path to the sysctl utility
2022-01-10 22:40:57 +00:00
d79265ddad
ops/nixos: tidy up security.acme
2022-01-04 14:00:45 +00:00
fee02312d3
blade-tuvok: move public interface off a VLAN
...
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.
Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00
2c632e28d2
blade-tuvok: switch from ECMP to metrics
2021-08-31 12:12:44 +00:00
2d0a607383
ops/nixos: enable bird-exporter-lfty
2021-08-31 02:26:50 +00:00
f7fbfa5436
nix/pkgs: init prometheus-bird-exporter-lfty
2021-08-31 02:01:38 +00:00
a0d97e082d
blade-tuvok: also NAT things going out onto linx
2021-08-31 01:37:34 +00:00
9a5b0379cb
blade-tuvok: set net.ipv6.conf.default.forwarding as well
2021-08-30 21:01:53 +01:00
b2e45b56bb
blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled
2021-08-30 20:52:20 +01:00
7134fe904a
ops/nixos: implement BFD+WG tunneling for mldn-rd
2021-08-30 19:58:21 +01:00
fdacf57ead
blade-tuvok: LINX updates
2021-08-17 01:30:33 +00:00
ac63880ed7
ops/nixos: abstract into blade-router
2021-03-29 23:24:57 +01:00
8236c7f698
blade-{paris,tuvok}: add radvd
2021-03-29 23:04:26 +01:00
878a457c83
blade-{paris,tuvok}: allow IPv6 VRRP as well...
2021-03-29 22:53:19 +01:00
c8b482c67a
blade-{paris,tuvok}: add IPv6 link-local address as first
...
Mar 29 21:38:36 blade-tuvok Keepalived_vrrp[29221]: (mgmtGateway6) the first IPv6 VIP address should be link local
2021-03-29 22:43:53 +01:00
b0198cfa3d
blade-{paris,tuvok}: split IPv4/IPv6 VRRP
2021-03-29 22:36:03 +01:00
0d46b6d4fe
blade-{paris,tuvok}: add IPv6 gateway to keepalived
2021-03-29 21:03:06 +00:00
b360944686
blade-{paris,tuvok}: add some IP addresses
2021-03-29 20:39:42 +00:00
3c7f759773
blade-paris/blade-tuvok: change v4/v6 announcements
2021-03-29 12:06:39 +00:00
b559512200
blade-paris/blade-tuvok: add BGP config
2021-03-29 11:47:44 +00:00
86d9292cd1
blade-tuvok: change fup to listen on wildcard
...
It's broken otherwise, since the default server is based on the incoming IP,
and the precise listed IPs are more tightly binding.
2021-03-22 13:46:28 +00:00
ff5ea120e5
blade-tuvok/fup: override listen IPs
2021-03-22 02:50:27 +00:00
ca642bfa5e
blade-tuvok: add fup
2021-03-22 02:43:17 +00:00
7f27f9fb79
tuvok/paris: enable keepalived
2021-03-20 01:08:33 +00:00
9036f02fd0
blade-tuvok: allow 80/443
2021-03-19 21:27:42 +00:00
3f3c92addc
blade-tuvok: serve objdump directly
2021-03-19 19:45:03 +00:00
53b7ca1c8a
ops/nixos: revamp blade network config
2021-03-12 14:47:08 +00:00
270b461b97
ops/nixos: create br-ext and put everything on it
2021-02-10 23:38:05 +00:00
5aa39f0693
ops/nixos: add osd daemons
2021-02-09 22:29:11 +00:00
4f043bb45a
ops/nixos: disable osd on hosts where I haven't set it up yet
2021-02-09 21:57:49 +00:00
1ed83bd25a
ops/nixos/blade: add ceph
2021-02-09 01:17:54 +00:00
d2b95065e0
ops/nixos: populate tailscale IPs for chakotay, torres, tuvok
2021-02-08 22:33:42 +00:00
dad04a0062
ops/nixos: add other blade hosts
...
blade-paris and blade-kim are TBD
2021-02-08 22:26:22 +00:00
