d96ef542d7
etheroute-lon01: set X-Forwarded-Roles header for rundeck
2021-04-10 19:22:54 +00:00
d9662bcd10
etheroute-lon01: add rundeck
2021-04-10 17:22:11 +00:00
00cb06aff2
bvm-nixosmgmt: add rundeck
2021-04-10 17:20:35 +00:00
f1121433cf
ci-root: actually index with current system (oops)
2021-04-09 19:31:58 +01:00
c65e8b8a54
ops/home-manager-ext: add built attribute
...
This is so we can more easily build these things on CI.
2021-04-09 18:14:31 +00:00
91f6cb3317
clouvider-lon01: add mac-mini as remote builder
2021-04-09 18:14:06 +00:00
6465f98036
as205479.net: add mac-mini.int
2021-04-09 18:51:07 +01:00
02db8ea7cb
ops/nixos/lib/hm: support macOS again
...
The ntfy package expects to have pyobjc available when running under Darwin,
which is currently broken in nixpkgs. There's a fairly involved ongoing effort
to package it again, but in the mean time we just patch out the dep. I'm using
the pushover backend anyway.
To avoid having to rebuild it rather than just fetch from the NixOS cache, I
only override it when running on Darwin.
2021-04-09 18:48:46 +01:00
bb03f5ea0d
ops/nixos: fixups for upstream pomerium module
2021-04-07 00:46:15 +00:00
13f2f79e6d
graphical-client: add wallpapers
...
If I find more I like, I'll add them here, I guess. For the moment, there's
just the one.
2021-04-06 09:53:56 +01:00
f5622acaf7
nix/pkgs/flameshot: bump to my patched version
2021-04-05 14:57:59 +01:00
48bdb3559c
lib/hm/graphical-client: add flameshot to environment
2021-04-05 13:00:02 +01:00
21fe79c904
ops/nixos: enable flameshot on graphical-client hosts
2021-04-05 12:42:35 +01:00
549b4f1ccc
porcorosso: switch to pipewire
2021-04-05 12:40:41 +01:00
d582d3f352
ops/nixos/lib: inline latest_system_closure.sh
...
I can't be bothered to make it a proper script, and I also don't really want to
rely on invoking nix-shell at runtime (I'd rather have all the needed tools in
the system closure).
2021-04-04 19:35:38 +01:00
8dab1a04fe
ops/nixos/lib: fix latest_system_closure for machines with - in hostname
2021-04-04 19:25:02 +01:00
33cfba2e2f
ops/nixos/lib: enable 'switch-prebuilt latest' for getting latest closure
2021-04-04 18:25:01 +01:00
09a6c8cafe
marukuru: switch heptapod image to being built with dockerTools
...
Fixes #1
2021-04-02 01:39:01 +00:00
fe3f343ef9
bvm-prosody: configure prosody
2021-04-02 00:52:45 +00:00
fbc3b47854
bvm-prosody: fix :/
2021-04-01 15:55:54 +00:00
bcf1266bfe
bvm-prosody: configure IP addresses
2021-04-01 15:50:27 +00:00
bab069b286
bvm-twitterchiver: add twitterchiver-{relatedfetcher,archiver}
2021-04-01 00:22:57 +00:00
0961a68532
twitterchiver: add secrets
2021-03-31 23:52:38 +00:00
8d4e26d3cf
bvm-twitterchiver: use correct twitterchiver-viewer name
2021-03-31 23:44:52 +00:00
3073f290b0
bvm-twitterchiver: fix
2021-03-31 23:38:39 +00:00
69aba17ba4
bvm-twitterchiver: add twitterchiver-viewer
2021-03-31 23:33:44 +00:00
66bfd9a458
etheroute-lon01: add twitterchiver
2021-03-31 22:37:01 +00:00
bea33016f6
nixos/blade: oops, forgot };
2021-03-31 21:20:56 +00:00
5b63d1555a
nixos/blade: use tmpfs for /var/log and /var/cache
2021-03-31 21:20:08 +00:00
c972f3ae12
as205479.net: add bvm-win10
2021-03-31 19:39:56 +00:00
4ab9e1b19e
marukuru: tweak gitlab settings
2021-03-30 20:49:42 +01:00
e2dffeceb5
marukuru: need to enable experimental mode
2021-03-30 20:23:26 +01:00
357a9ca041
marukuru: set random collection of IPv6 Docker options
2021-03-30 20:11:19 +01:00
f71179cbd6
coredns: add bvm-korobi
2021-03-30 12:51:17 +01:00
62dce112db
blade-router: fix radvd prefix to actually be onlink
2021-03-30 11:59:27 +01:00
4c013cb2bc
blade-router: use absolute path to birdc
2021-03-30 00:18:08 +00:00
e80a1750b8
blade-router: tweak notify script config
2021-03-30 00:09:02 +00:00
8b2238cf1e
blade-router: add shebang to VRRP notify script
2021-03-30 00:01:19 +00:00
f05a063fce
blade-router: add keepalived notify script for announcing/withdrawing routes
2021-03-29 23:54:26 +00:00
1071202e7f
coredns: update DNS to match swapped IPs
2021-03-29 23:13:01 +00:00
bff07335b5
blade-router: switch router VIP
2021-03-29 23:09:26 +00:00
cae0c4eb94
blade-router: we need config attribute...
2021-03-29 23:29:26 +01:00
a5ffe43e14
blade-paris: fix imports
2021-03-29 23:28:30 +01:00
7de4d2690e
blade-router: put radvd config in correct place
2021-03-29 23:27:40 +01:00
c5fc727f7a
blade-router: fix
2021-03-29 23:26:50 +01:00
b09773e945
blade-paris: fix import
2021-03-29 23:25:50 +01:00
ac63880ed7
ops/nixos: abstract into blade-router
2021-03-29 23:24:57 +01:00
8236c7f698
blade-{paris,tuvok}: add radvd
2021-03-29 23:04:26 +01:00
878a457c83
blade-{paris,tuvok}: allow IPv6 VRRP as well...
2021-03-29 22:53:19 +01:00
c8b482c67a
blade-{paris,tuvok}: add IPv6 link-local address as first
...
Mar 29 21:38:36 blade-tuvok Keepalived_vrrp[29221]: (mgmtGateway6) the first IPv6 VIP address should be link local
2021-03-29 22:43:53 +01:00
b0198cfa3d
blade-{paris,tuvok}: split IPv4/IPv6 VRRP
2021-03-29 22:36:03 +01:00
0d46b6d4fe
blade-{paris,tuvok}: add IPv6 gateway to keepalived
2021-03-29 21:03:06 +00:00
e1e3a24f36
ops/nixos/lib/coredns: add DNS records
2021-03-29 20:45:39 +00:00
b360944686
blade-{paris,tuvok}: add some IP addresses
2021-03-29 20:39:42 +00:00
d84075b124
clouvider-lon01: drop 92.118.28.0/24
2021-03-29 12:15:27 +00:00
3c7f759773
blade-paris/blade-tuvok: change v4/v6 announcements
2021-03-29 12:06:39 +00:00
b559512200
blade-paris/blade-tuvok: add BGP config
2021-03-29 11:47:44 +00:00
3ea210e884
marukuru: tweak GitLab Puma settings for low-mem
...
Per the GitLab docs
(https://docs.gitlab.com/ee/install/requirements.html#puma-settings ):
> If the operating system has a maximum 2 GB of memory, the recommended number
> of threads is 1. A higher value will result in excess swapping, and decrease
> performance.
and
> In a memory-constrained environment with less than 4GB of RAM available,
> consider disabling Puma Clustered mode.
>
> Configuring Puma by setting the amount of workers to 0 could reduce memory
> usage by hundreds of MB. For details on Puma worker and thread settings, see
> Puma settings.
2021-03-28 23:25:14 +00:00
a3ed8a6da3
hm: add ntfy everywhere
2021-03-28 23:08:02 +00:00
0b1ccae353
bvm-prosody: actually name depot...
2021-03-28 22:52:04 +00:00
a44b09fb46
bvm-twitterchiver: create twitterchiver user
2021-03-28 22:48:43 +00:00
5a3a55e302
bvm-prosody: add coturn
2021-03-28 22:46:55 +00:00
efe1aa51db
bvm-twitterchiver: add postgresql
2021-03-28 22:46:44 +00:00
d32585bff6
bvm-ipfs: enable ipfs
2021-03-28 15:34:54 +00:00
2b8dce0920
depot-wide: overhaul GitLab CI configuration
...
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
2021-03-28 15:27:46 +00:00
f8b4903286
bvm-prosody: add tailscale IP
2021-03-28 14:33:54 +00:00
2eeba92d9e
bvm-twitterchiver: add tailscale IP
2021-03-28 14:32:16 +00:00
e6c56c9a74
bvm-ipfs: add tailscale IP
2021-03-28 14:00:25 +00:00
7979d936a4
ops/nixos: init bvm-{twitterchiver,prosody,ipfs}
2021-03-28 13:10:27 +00:00
f27a8f8f1a
ops/nixos: mkBefore needs lib. in bvm.nix/blade.nix
2021-03-28 12:32:01 +00:00
f34d539462
bvm-nixosmgmt: condense down and abstract out
2021-03-28 12:26:11 +00:00
c1f450eb33
ops/nixos: flesh out DNS for internal blade IPs
2021-03-28 12:18:06 +00:00
0b60a516b4
bvm-nixosmgmt: actually change the hostname
2021-03-28 02:04:41 +00:00
701ab955af
coredns: update serial for as205479.net
2021-03-28 01:16:10 +00:00
b2e2f965c5
ops/nixos: rename various machines to comply with naming convention
...
* *-frantech should be frantech-*, it's provider first
* blade VMs now all begin bvm-
2021-03-28 00:34:36 +00:00
1883186bb8
hm/graphical-client: switch to google-chrome-beta from chromium
2021-03-25 10:54:01 +00:00
a99e0309c5
ops/nixos/fup: switch to using config file
2021-03-23 00:58:18 +00:00
11ed74003a
nixos/fup: allow large file uploads
2021-03-22 13:56:16 +00:00
86d9292cd1
blade-tuvok: change fup to listen on wildcard
...
It's broken otherwise, since the default server is based on the incoming IP,
and the precise listed IPs are more tightly binding.
2021-03-22 13:46:28 +00:00
ff5ea120e5
blade-tuvok/fup: override listen IPs
2021-03-22 02:50:27 +00:00
ca642bfa5e
blade-tuvok: add fup
2021-03-22 02:43:17 +00:00
787b04737e
treewide: add some SPDX headers
2021-03-20 20:46:56 +00:00
35cc195717
common: remove everything from hosts files
2021-03-20 16:42:08 +00:00
99dce2de2a
as205479.net: add totoro.int
2021-03-20 16:41:26 +00:00
33fd1da091
dns: add blades to zone
2021-03-20 15:22:09 +00:00
4c78164384
ops/nixos/common: set search domains
2021-03-20 15:01:28 +00:00
5cf89fbc2f
switch-prebuilt: check for existence before nix copy
2021-03-20 13:37:08 +00:00
422c47c3e0
switch-prebuilt: run stuff assuming we're a trusted-user
2021-03-20 13:22:17 +00:00
be5eee48b3
switch-prebuilt: init
2021-03-20 12:39:23 +00:00
154db9706a
lib/common: add deployer to trustedUsers
2021-03-20 12:34:01 +00:00
7737f962a9
marukuru/deployer: add jq somewhere more sensible
2021-03-20 12:17:41 +00:00
d8086e7042
ops/nixos: add jq everywhere
2021-03-20 12:11:45 +00:00
705bcd9446
marukuru/deployer: add jq
2021-03-20 11:57:21 +00:00
627c8bf17c
lib/coredns: fix firewall
2021-03-20 02:06:08 +00:00
b0a6ebe52d
ops/nixos: add coredns
2021-03-20 02:03:23 +00:00
7f27f9fb79
tuvok/paris: enable keepalived
2021-03-20 01:08:33 +00:00
c51e5d478d
lib/common: add --delete-older-than
2021-03-19 21:29:54 +00:00
9036f02fd0
blade-tuvok: allow 80/443
2021-03-19 21:27:42 +00:00
9ddb5d75f2
blade: restrict ceph firewall rules to storage network
2021-03-19 21:27:15 +00:00
4f5f2a780a
nixos-mgmt: init
2021-03-19 20:28:24 +00:00
3f3c92addc
blade-tuvok: serve objdump directly
2021-03-19 19:45:03 +00:00
10c7ee76b3
{las,lux,nyc}01-frantech: add tailscale IPs
2021-03-19 16:16:06 +00:00
0f0f61f2df
installcd: add to ci-root; tweak store
2021-03-19 01:19:14 +00:00
db1b568d63
{lux,las,nyc}01-frantech: init
2021-03-19 01:11:37 +00:00
c26a321f5f
home-manager: drop enableVaapi
2021-03-18 23:56:25 +00:00
4a381f03d3
ops/nixos: create installcd
2021-03-18 23:51:38 +00:00
665dc16239
etheroute-lon01: bump timeout, which is just 'timeout'
2021-03-18 23:50:54 +00:00
04a7792ad1
totoro: add NodeExporterDown alerts
2021-03-15 01:25:19 +00:00
dc2fb8e2b1
totoro: add power use alerts for blade system
2021-03-15 01:20:26 +00:00
238d3ad7a8
totoro: add pushover alertmanager output
2021-03-15 00:58:37 +00:00
c682fc0422
blade: fix serial console
2021-03-14 17:39:07 +00:00
bb1178e82c
blade: enable serial console for GRUB and boot
2021-03-14 17:34:08 +00:00
ff2be56561
blade: disable coredump writing
2021-03-14 17:25:03 +00:00
f3c5990de4
blade: nit: forgot a )
2021-03-14 15:56:58 +00:00
22dadde50a
blade-torres: remap en-storage onto a vlan
2021-03-14 15:52:53 +00:00
b3def9be96
ceph: add /var/lib/ceph mount
2021-03-14 14:35:36 +00:00
22cb1575b4
ceph: set up storage network 10.100.2.0/24
2021-03-14 14:35:32 +00:00
a51b864d0d
etheroute-lon01: set more finegrained timeouts
2021-03-14 13:00:37 +00:00
da6c3854bd
etheroute-lon01: move to objdump.zxcvbnm.ninja
2021-03-14 11:46:05 +00:00
38e34e2210
etheroute-lon01: add objdump.lukegb.com
2021-03-14 11:44:17 +00:00
f300882cea
ixvm-fra01: delete
2021-03-14 02:04:09 +00:00
dc68fb7305
blade: correct IP
2021-03-14 02:01:42 +00:00
74fd32c0b8
ops/nixos/blade: switch mon IPs in config
2021-03-14 01:23:24 +00:00
b51cf06282
totoro: prometheus: remove valveindexinstock, add snmp
2021-03-14 01:13:37 +00:00
a763c85e3d
blade: allow tailscale 41641/udp
2021-03-13 20:58:43 +00:00
e979f4e83e
blade: move journald storage to volatile
2021-03-13 20:57:04 +00:00
82655bcb8a
porcorosso: remove /home/lukegb/mnt
2021-03-13 20:56:57 +00:00
2f183e56dd
ops/nixos: fix systemPathJSON by using writeText instead of toFile
2021-03-13 17:05:49 +00:00
b01c15b85f
ops/nixos: make systems.json refer to the actual paths
2021-03-13 17:02:13 +00:00
9df7818dc5
ops/nixos: add systemPathJSON
...
This is a file which contains a mapping of system name to their store path, to
allow for easier retrieval from GCS.
2021-03-13 16:57:28 +00:00
cd29df194a
blade-paris: set default gateway for final resting place
2021-03-13 16:41:21 +00:00
b2a085f84c
ops/nixos/blade: enable NAT on routers
2021-03-13 16:41:05 +00:00
53b7ca1c8a
ops/nixos: revamp blade network config
2021-03-12 14:47:08 +00:00
b014ef780b
clouvider-lon01: give minotarproxy more IPs
2021-03-01 17:16:06 +00:00
7cd70420c6
blade-janeway: fix interfaces
2021-02-25 12:29:05 +00:00
a7094217ba
blade: tweak networking
2021-02-24 19:58:15 +00:00
e6c0cdc415
totoro: fix up valve index alerting
2021-02-23 01:07:33 +00:00
dc996b324b
totoro: add valveindexinstock
2021-02-23 00:16:41 +00:00
7c4334591a
kusakabe: disable send-proxy-v2 for openshift
2021-02-17 04:33:08 +00:00
5018ba70cd
home-manager/common: add iotop/iftop
2021-02-14 21:40:41 +00:00
caea9c19c4
lib/blade: mount boot drive to /boot
2021-02-13 16:07:33 +00:00
2596579835
lib/blade: add a ceph-osd-lvm-activate to prep the OSDs
2021-02-13 16:29:18 +00:00
0b865c968e
porcorosso: add lukegb to video group
2021-02-13 13:55:28 +00:00
6c9b15e908
porcorosso: enable acpilight
2021-02-13 13:50:13 +00:00
93b5d2c288
ops/nixos: enable ceph in libvirtd
2021-02-11 02:21:59 +00:00
a484168097
lib/blade: add ceph support to libvirtd
2021-02-11 00:34:27 +00:00
c94e94284f
lib/blade: decrease miimon
2021-02-11 00:27:25 +00:00
fc14641404
lib/blade: enable libvirtd group for lukegb
2021-02-11 00:22:47 +00:00
e81c71b85f
lib/blade: enable acpi_power_meter
2021-02-11 00:22:39 +00:00
82503b6192
ops/nixos/lib/blade: enable polkit for libvirtd access
2021-02-11 00:13:32 +00:00
4a53baab51
ops/nixos: fix lib/blade.nix
2021-02-10 23:39:36 +00:00
270b461b97
ops/nixos: create br-ext and put everything on it
2021-02-10 23:38:05 +00:00
5aa39f0693
ops/nixos: add osd daemons
2021-02-09 22:29:11 +00:00
4f043bb45a
ops/nixos: disable osd on hosts where I haven't set it up yet
2021-02-09 21:57:49 +00:00
372aed550f
ops/nixos: enable osds on blade-janeway
2021-02-09 21:47:04 +00:00
1ed83bd25a
ops/nixos/blade: add ceph
2021-02-09 01:17:54 +00:00
3239c4b0b6
blade-kim,blade-paris: add config
2021-02-09 00:00:18 +00:00
d2b95065e0
ops/nixos: populate tailscale IPs for chakotay, torres, tuvok
2021-02-08 22:33:42 +00:00
dad04a0062
ops/nixos: add other blade hosts
...
blade-paris and blade-kim are TBD
2021-02-08 22:26:22 +00:00
36bb93a80e
blade-janeway: add prefixLength (oops)
2021-02-08 20:46:39 +00:00
51a4d4bf36
porcorosso: enable avahi
2021-02-08 20:45:21 +00:00
37be1e38f8
ops/nixos: switch blades to static IPs
2021-02-08 20:45:15 +00:00
f55f861e17
ops/nixos: split most of blade-janeway into lib/blade.nix
2021-02-07 21:23:23 +00:00
b0e58ab198
ops/nixos: rename blade-leader to blade-janeway
2021-02-07 20:21:32 +00:00
e6f4d37982
ops/nixos: add fwupd to common
2021-01-30 18:47:12 +00:00
78040f6c94
nix/pkgs: init hp-rom; add to netboot
2021-01-30 18:47:01 +00:00
5d1284a26c
netboot: add mprime
2021-01-30 17:56:46 +00:00
8c4c8b3ccc
ops/nixos: add netboot for netbooting a basic system with my defaults
2021-01-30 15:40:33 +00:00
ba65db5865
ops/nixos: init blade-leader
2021-01-30 04:30:05 +00:00
c7df81d6a1
clouvider-fra01: add ts3spotifybot
2021-01-27 18:39:58 +00:00
413c38e348
kusakabe: rsyncd
2021-01-27 13:48:29 +00:00
25774139d1
ops/nixos: enable IPFS filestore on all nodes
2021-01-26 11:40:36 +00:00
7ec8e08ff0
totoro: add quotesdb for dev purposes
2021-01-20 17:55:31 +00:00
1fe4e04464
ops/nixos: add dev-quotes.bfob.gg to server aliases
2021-01-20 00:22:54 +00:00
5ee6a1c3b7
ops/nixos/quotes.bfob.gg: add my.quotesdb.listen option
2021-01-20 00:21:21 +00:00
b7574660de
web/quotes: prodify
2021-01-19 23:43:43 +00:00
ef81a0c080
quotes.bfob.gg: add to clouvider-lon01
2021-01-19 23:41:47 +00:00
d12fb60c20
kusakabe: open ipfs ports properly
2021-01-15 03:58:41 +00:00
6d3a3de05e
totoro: fix
2021-01-15 03:42:38 +00:00
b7bd209b5e
swann: forward IPFS ports to totoro
2021-01-15 03:41:24 +00:00
e4902496a7
totoro: add ipfs ports to firewall
2021-01-15 03:39:36 +00:00
2a7b7517a8
totoro: enable ipfs
2021-01-15 03:38:43 +00:00
a549f5bec3
clouvider-fra01: add ipfs UDP ports to firewall
2021-01-15 03:36:41 +00:00
67d2db0e7a
kusakabe: add ipfs
2021-01-15 03:36:34 +00:00
44f4e9a023
clouvider-fra01: add ipfs
2021-01-15 00:58:36 +00:00
d20dd06aaf
clouvider-lon01: disable SSH open-to-all
2021-01-12 00:00:34 +00:00
ad516941e8
clouvider-lon01: SSH firewalling changes
2021-01-11 23:45:06 +00:00
9dd18e2cdc
ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics
2021-01-11 17:44:23 +00:00
6b95f54ca7
ops/nixos/lib/common: add systemd collector to all systems
2021-01-07 10:01:36 +00:00
aba7285824
totoro: add twitternuke timer
2021-01-06 21:29:33 +00:00
d38601fabe
etheroute-lon01: allow unifi websockets
2021-01-04 21:15:43 +00:00
c92fe8b139
swann: switch to unifiHacked
2021-01-04 20:52:13 +00:00
f91109cb50
nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules
2021-01-04 15:50:42 +00:00
045f9f5b22
etheroute-lon01: unifi needs tls_skip_verify
2021-01-03 15:32:00 +00:00
596752caa0
etheroute-lon01: add unifi.int
2021-01-03 03:35:24 +00:00
6fec69886a
clouvider-fra01: add lukegb to deluge group too
2021-01-02 16:18:56 +00:00
b2d8acd4b9
swann: swap unifiPackage to pkgs.unifi
...
unifiBeta is no more: https://github.com/NixOS/nixpkgs/pull/107797
2020-12-31 01:31:01 +00:00
eb9d9f54a5
nix/pkgs/grafana-plugins: rework a bit
2020-12-30 03:30:24 +00:00
405997d312
totoro: teach how to install grafana plugins from nix
2020-12-30 02:56:31 +00:00
26e379dfb7
depot-wide: create logged-out.int.lukegb.com
2020-12-30 00:57:53 +00:00