6353ce6603
swann: make systemd-networkd-wait-online wait for _any_ NIC
2022-03-11 22:57:08 +00:00
f15e112da7
ssh-ca-vault: by default enable user matches
2022-03-11 22:31:57 +00:00
ae97fddae2
vault-agent-acme: migrate to using a single token file that writes the other files as a side-effect
...
This avoids annoying problems like "too many" retries for certificate issuance,
since we only ask for the secret once.
2022-03-11 22:07:31 +00:00
ac0c6eccef
ssh-ca-vault: init
2022-03-11 21:48:06 +00:00
86a6191a56
vault-agent-secrets: add wantedBy for all restartable units too
2022-03-11 18:48:54 +00:00
ada466bae0
vault-agent-secrets: put Before in the correct place
2022-03-11 18:48:08 +00:00
a66bd4822a
totoro: disable RP filter
2022-03-11 18:45:41 +00:00
fde964db82
hm/client: add VAULT_ADDR env variable
2022-03-11 18:44:52 +00:00
0187120a24
ops/nixos: move nix cache tokens into vault
2022-03-11 16:46:50 +00:00
4100b021aa
etheroute-lon01: add google service account token
2022-03-11 16:20:34 +00:00
dd746bec32
etheroute-lon01: use FQDN for Pomerium DNS
2022-03-11 16:20:24 +00:00
72a647b80f
baserow: disable moto tests which are broken for some reason
2022-03-11 15:53:04 +00:00
3cb0fa9787
3p/nixpkgs: add pr163678 to fix mercurial
2022-03-11 15:46:15 +00:00
e8b2667c01
heptapod-runner: make a separate drv and stop maintaining it as a patchset on top of gitlab-runner
2022-03-11 15:15:30 +00:00
34fa21a171
treewide: fix eval fallout from nixpkgs bump
2022-03-11 14:56:55 +00:00
Default email
8e65f7f0cc
Project import generated by Copybara.
...
GitOrigin-RevId: 062a0c5437b68f950b081bbfc8a699d57a4ee026
2022-03-05 17:20:37 +01:00
75a5b40962
3p/nixpkgs: remove handrolled pomerium fixes, migrate to upstream PR
2022-03-11 14:41:08 +00:00
c98f3312a7
etheroute-lon01: migrate to vault-agent-secrets
2022-03-11 14:40:55 +00:00
6e6e714cf1
ops/nixos: init vault-agent-secrets module
2022-03-11 14:40:08 +00:00
f9546ed62a
ts3spotifybot: remove for now
2022-03-11 10:02:22 +00:00
e50f682237
totoro: remove cloudflare credentials from raritan-sslrenew
2022-03-11 03:46:31 +00:00
4be2eaeb6d
nixos/lib/common: remove security.acme
2022-03-11 03:28:32 +00:00
0c458988de
ops/nixos: misc cleanups
2022-03-11 03:27:58 +00:00
daccfa5717
ops/nixos: migrate everything to vault-agent-acme
2022-03-07 00:52:03 +00:00
0c7f785107
vault-agent-acme: tidy up
2022-03-06 23:01:51 +00:00
8be4fe603e
vault-agent-acme: init
2022-03-06 22:26:49 +00:00
332d1ca100
nix/docker/vault: update Vault's plugin registry as part of upload
...
It's possible (and likely) that when we update the Vault image that the SHA256
of the plugin will also change.
Automatically update that as the last step of the deploy.
2022-03-06 17:10:58 +00:00
932b47e9e9
vault-acme: init
...
This is a Vault secrets plugin for provisioning SSL certificates using ACME.
2022-03-06 16:52:47 +00:00
6c3ecb4d0b
nix/docker/vault: init
...
This is the Docker image I use for deploying Vault.
2022-03-06 16:51:34 +00:00
a3eb1e4519
totoro: enable samba
2022-03-05 11:56:22 +00:00
f0e645fccb
swann: add lukegb01.ring.nlnog.net to smokeping prober
2022-03-03 18:44:56 +00:00
dfb663e659
blade-router: mark cloudflare as pending
2022-03-03 17:38:19 +00:00
c357d5ed8f
blade-router: add cloudflare2
2022-03-03 17:37:41 +00:00
610d5ccf40
hm/porcorosso-wsl: add nixpkgs to NIX_PATH
2022-03-03 16:25:34 +00:00
080577e0f3
swann: fix tailscale outbound
...
Tailscale adds a policy-based routing rule at priority 5200-ish, which is
before all the rules that we add. This avoids any Tailscale traffic going
out... over Tailscale, which would be bad.
Anyway, this breaks us because our main table is empty, so there's nowhere
for the Tailscale traffic to actually go. Oops.
Instead, use policy-based routing to send things over our WG tunnel, or over
any of our upstream connections depending on what's available.
2022-03-02 00:32:31 +00:00
75ce92b967
heptapod: update to 0.29.1
2022-03-01 00:00:23 +00:00
d79faeb3e0
porcorosso-wsl: add keychain
2022-02-27 19:44:48 +00:00
df2c10ed4e
porcorosso-wsl: init
2022-02-27 19:32:48 +00:00
Default email
871149a62e
Project import generated by Copybara.
...
GitOrigin-RevId: 7f9b6e2babf232412682c09e57ed666d8f84ac2d
2022-02-21 09:47:16 +01:00
deployer@bvm-nixosmgmt.blade.as205479.net
4cef54442e
nix/pkgs/plex-pass: update version to 1.25.6.5577-c8bd13540
2022-02-23 02:10:56 +00:00
bdd9890f2f
totoro: adjust to new Home Assistant settings style
2022-02-22 03:56:49 +00:00
Default email
792b51d22f
Project import generated by Copybara.
...
GitOrigin-RevId: d5f237872975e6fb6f76eef1368b5634ffcd266f
2022-02-20 05:27:41 +00:00
af9b73b83f
3p/nixpkgs: remove pr159074
2022-02-22 03:45:53 +00:00
bf207171aa
3p/nixpkgs: fix remarshal
2022-02-13 23:04:32 +00:00
75a87253dd
porcorosso: remove defunct nvidiaWayland option
2022-02-13 21:29:00 +00:00
ec4b06634c
3p/nixpkgs: remove pr157310.patch
2022-02-13 20:01:53 +00:00
Default email
81047829ea
Project import generated by Copybara.
...
GitOrigin-RevId: 48d63e924a2666baf37f4f14a18f19347fbd54a2
2022-02-10 15:34:41 -05:00
deployer@bvm-nixosmgmt.blade.as205479.net
e14cfe989c
nix/pkgs/plex-pass: update version to 1.25.5.5492-12f6b8c83
2022-02-09 02:10:53 +00:00
43f62d224f
ops/factorio/multiworld: prohibit /ws while hand-crafting
2022-02-05 21:04:03 +00:00
7b4b5dd1a4
clouvider-lon01: switch to -ws world
2022-02-05 17:52:06 +00:00