79a06fc54f
bvm-radius: also permit User-Name attr in response
2021-09-27 08:16:48 +00:00
9773272e20
bvm-radius: request CUI
2021-09-27 08:01:14 +00:00
6b766b111d
bvm-radius: make sure nginx can see certificates
2021-09-27 08:00:41 +00:00
00a02f8772
coredns: use the correct syntax, oops
2021-09-25 21:27:24 +00:00
bbbdfd5138
as205479.net: hmm, what
2021-09-25 21:18:09 +00:00
c976214bf8
coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net
2021-09-25 21:03:14 +00:00
9c92e12742
bvm-radius: start serving as205479.net webpage
2021-09-25 20:51:24 +00:00
932afbda74
bvm-radius: require message authenticators
2021-09-25 20:36:40 +00:00
d6bd6e85ca
bvm-radius: add freeradius configuration
2021-09-25 18:28:45 +00:00
a8718864c1
swann: configure for eduroam on VLAN 100
2021-09-25 17:38:21 +00:00
f93ec18859
bvm-radius: add ACME certs for as205479.net
2021-09-25 17:38:09 +00:00
b50fa68559
coredns: delegate _acme-challenge to GCP DNS
2021-09-25 13:17:52 +00:00
8e97938d3e
bvm-radius: install eapol_test
2021-09-25 12:55:47 +00:00
f3c38e3bb2
bvm-radius: use IP rather than DNS in extraCommands
...
DNS resolution doesn't work during extraCommands, which... is probably reasonable. Let's not do that.
2021-09-25 12:39:44 +00:00
4530991827
bvm-radius: RADIUS fw/pkg setup
2021-09-25 12:32:27 +00:00
0d6ab41728
bvm-radius: add tailscale IP
2021-09-25 12:19:07 +00:00
c908e3ab5d
coredns: add RADSEC entry for as205479.net.
2021-09-25 11:45:05 +00:00
4b1fd796ae
bvm-radius: init
2021-09-24 22:50:30 +00:00
158e0afcf3
coredns: init bvm-radius
2021-09-24 22:46:44 +00:00
ccec4b308b
as205479.net: add MX records
2021-09-19 00:08:03 +00:00
19782a9e63
ops/nixos: set group for isSystemUser users
2021-09-16 19:14:30 +00:00
cb7811898c
blade-tuvok: set bgp_local_prefs
2021-09-10 20:46:05 +00:00
dbf906a9a7
blade-router: add cloudflare
2021-09-10 20:23:24 +00:00
3ba0ab045c
blade-router: remove prefix limit
2021-09-10 20:00:31 +00:00
e7bfb107b1
coredns: update mac-mini tailscale IP
2021-09-05 08:07:14 +00:00
4bb015ee0d
swann: use IPv6 endpoint for tuvok over EE
...
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
edfc04551a
totoro: set for duration on BFD alert
2021-09-02 19:24:17 +00:00
d35a0a35ba
swann: ee-scrape-data must output data with a newline
2021-09-02 19:23:03 +00:00
58b87a9f0e
swann: add ee-scrape-data, for putting allowance data into prometheus
2021-09-02 19:19:53 +00:00
683e6ffc21
totoro: add alert for BFD session failure
2021-09-02 18:35:18 +00:00
3abe727604
blade-router: add google session, which will hopefully turn up eventually
2021-08-31 20:36:26 +00:00
b4c80a07fa
blade-router: configure passive session towards AS62240
2021-08-31 16:39:23 +00:00
2c632e28d2
blade-tuvok: switch from ECMP to metrics
2021-08-31 12:12:44 +00:00
e95324c175
swann: yes, this one
2021-08-31 02:29:56 +00:00
2d0a607383
ops/nixos: enable bird-exporter-lfty
2021-08-31 02:26:50 +00:00
f7fbfa5436
nix/pkgs: init prometheus-bird-exporter-lfty
2021-08-31 02:01:38 +00:00
a0d97e082d
blade-tuvok: also NAT things going out onto linx
2021-08-31 01:37:34 +00:00
9a5b0379cb
blade-tuvok: set net.ipv6.conf.default.forwarding as well
2021-08-30 21:01:53 +01:00
b2e45b56bb
blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled
2021-08-30 20:52:20 +01:00
7134fe904a
ops/nixos: implement BFD+WG tunneling for mldn-rd
2021-08-30 19:58:21 +01:00
bc1932df9b
hm: start 1password's gui silently
2021-08-30 14:26:25 +01:00
44e22b810c
porcorosso: force wayland off
2021-08-30 14:23:20 +01:00
dbcaa51968
hgrc: remove requirement for topic
2021-08-20 23:40:53 +00:00
4b7680acae
ops/nixos/blade: force external IP to vl-transit
2021-08-20 23:34:54 +00:00
0ee916e49e
ops/nixos/bgp: don't export routes to FB
2021-08-20 23:34:43 +00:00
0dd2d5d442
ops/nixos/bgp: more filtering shenanigans
2021-08-19 00:23:09 +00:00
fdacf57ead
blade-tuvok: LINX updates
2021-08-17 01:30:33 +00:00
8ad77134ae
ops/nixos/coredns: force store paths
2021-08-16 02:32:44 +00:00
68e0ee0a18
ops/nixos/coredns: add bvm-netbox to int zone
2021-08-16 02:19:38 +00:00
05ddad31ad
bvm-netbox: complete setup
2021-08-16 02:09:47 +00:00
94078428f1
bvm-netbox: add postgresql/redis/users
2021-08-15 22:57:36 +00:00
d54d0a2ede
bvm-netbox: add tailscale IP
2021-08-15 22:57:26 +00:00
acf43c4544
bvm-netbox: fix NIC name
2021-08-15 22:48:46 +00:00
286ed4885d
ops/nixos: add bvm-netbox
2021-08-15 22:46:57 +00:00
7a3f214944
ops/nixos: switch to VLANs for uplink to veloxserv
2021-08-15 22:02:51 +00:00
c79ca35b6f
nixos/blade-router: disable routes-VRRP
...
This is no longer needed; I think actually it was some of the NixOS default
reverse-path filtering that was throwing me for a loop after all and nothing to
do with what was going on with Veloxserv.
2021-08-14 21:07:37 +00:00
23eda90726
ops/nixos/lib/common: add the running system hash to the exported metrics
2021-07-27 21:06:17 +00:00
e95ae8b3cb
porcorosso: use autorandr
2021-07-26 14:02:57 +01:00
9dfb1d205d
ops/nixos/lib/bgp: disable rp filtering on hosts running BGP
2021-07-17 14:29:04 +00:00
02bd3e4d31
bvm-nixosmgmt: enable forwarding
2021-07-17 08:41:34 +00:00
4c5f3f2d38
totoro: add raritan-sslrenew service
2021-07-17 01:45:31 +00:00
74fe28add8
ops/raritan/ssl-renew: init
2021-07-17 01:33:01 +00:00
1557066375
coredns: allow tailscale net
2021-07-16 01:32:54 +00:00
ded652a595
swann: change MAC address of VM-facing interface
2021-07-15 12:18:07 +00:00
78da7c9f4d
swann: disable radvd/ndppd, add static IP for xerox printer
2021-07-15 11:55:10 +00:00
5fdf26f3e8
totoro: add alerts for smokeping
2021-07-13 00:55:53 +00:00
eea81a640e
coredns: add bvm-plesk
2021-07-10 12:19:24 +00:00
9f5c1193b6
hgrc: tweak my settings along the lines of https://octobus.net/blog/2020-11-26-modern-mercurial.html
2021-07-03 19:02:18 +00:00
8b37f0fea4
clouvider-fra01: bump limits
2021-07-03 00:46:07 +00:00
66b6252d6f
clouvider-lon01: withdraw 92.118.29.0/24
2021-07-03 00:14:54 +00:00
606ff984eb
ops/nixos: minotarproxy-as-a-lib
2021-07-01 01:48:12 +00:00
b91ba12f0f
totoro: monitor minotarproxy
2021-06-28 21:17:48 +00:00
cadeef609f
hm/hgrc: switch from hggit to in-tree git
2021-06-22 20:48:11 +00:00
072cecb2e5
hm/gc-wayland: oops, no notification attr
2021-06-22 20:27:52 +00:00
eef598ec1f
hm/graphical-client: add 1password to startup
2021-06-19 19:07:32 +01:00
f77cbec2db
porcorosso: never mind, just nvidia
2021-06-19 18:33:50 +01:00
8c75ce4ecc
porcorosso: try out nouveau+modesetting?
2021-06-19 18:31:21 +01:00
eba082c249
etheroute-lon01: renumber BGP session from 16089 to 3170
2021-06-11 12:28:30 +00:00
73b1e96727
swann: use /dev/null as /etc/hosts file for coredns
2021-05-31 23:54:07 +00:00
7195ed24c4
swann: change hosts lookup
2021-05-31 23:09:37 +00:00
c56b6b358f
coredns: add blade-{oa,vcenet1,vcenet2,vcm}
2021-05-24 13:54:14 +00:00
5c88acf507
bvm-matrix: add turns as well
2021-05-24 13:53:47 +00:00
8f724ba140
bvm-minecraft: java 8 :(
2021-05-24 02:46:48 +00:00
1fc6e8f032
coredns: bump serials
2021-05-24 02:37:27 +00:00
98d5a362f2
bvm-matrix: enable experimental_features.spaces_enabled
2021-05-24 02:34:33 +00:00
499ff8f945
coredns: move bvm to root zone, out of public
2021-05-24 02:31:09 +00:00
aa334a1ec8
bvm-minecraft: add minecraft user, java 11
2021-05-24 02:18:04 +00:00
ed79fe89bd
bvm-minecraft: init
2021-05-24 01:32:58 +00:00
1c08774667
bvm-matrix: set more secrets
2021-05-23 01:35:10 +00:00
169524b65a
bvm-matrix: tweak Element config a bit
2021-05-22 23:26:02 +00:00
da13d6af17
bvm-matrix: fix element base_url
2021-05-22 23:22:58 +00:00
1f6fc87363
bvm-matrix: add element
2021-05-22 23:17:27 +00:00
4907f97d57
bvm-matrix: some more synapse configuration, enable postfix
2021-05-22 23:13:25 +00:00
d27b23b8b0
bvm-matrix: add macaroon secret key
2021-05-22 23:02:55 +00:00
320cc36312
bvm-matrix: fix DATABASE name in GRANT
2021-05-22 22:52:24 +00:00
38b306b095
bvm-matrix: add tailscale IP
2021-05-22 22:48:03 +00:00
477ca742bd
bvm-matrix: fix interface name (enp2s0)
2021-05-22 22:45:52 +00:00
4dc516722b
ops/nixos: add bvm-matrix
2021-05-22 21:48:13 +00:00
4d8968b712
totoro: remove OME
2021-05-21 23:50:46 +00:00
bb06285f6d
swann: map www.nhs.uk to Akamai IPv6 address
2021-05-21 15:22:34 +00:00
dccdaa2608
common: map www.nhs.uk to Akamai IPv6 address
2021-05-21 15:21:29 +00:00
63ecd2d0ab
swann: metric is a string field
2021-05-15 19:38:46 +00:00
9cee25b83c
swann: use unifi rather than unifiLTS
2021-05-15 20:33:13 +01:00
098d3f4aae
swann: add dedi2.eq2.co.uk to smokeping
2021-05-13 16:33:40 +00:00
4fb2a9e8e3
swann: tighten up IPv6 config
2021-05-13 10:14:42 +00:00
564c803136
swann: accept-ra on ens-virginmedia
2021-05-12 18:20:45 +00:00
ddfb0d084d
swann: fix interface name
2021-05-12 18:19:09 +00:00
865329da21
swann: sneakily allocate myself :2
2021-05-12 18:15:57 +00:00
6ae099999f
swann: enable ndppd/radvd
2021-05-12 18:12:41 +00:00
df870ded34
as205479.net: add fp-la{,-pri,-sec}
2021-05-09 11:28:28 +00:00
34117ecd00
bvm-nixosmgmt: allocate .5
2021-05-09 10:26:34 +00:00
b7cd20c769
ops/nixos: refactoring for sway
2021-05-06 03:56:20 +01:00
1c571d965a
ops/nixos: add wayland support
2021-05-05 22:13:27 +01:00
561501afb7
howl: wait, there is no eno1
2021-05-05 21:54:02 +01:00
49c1af6624
howl: don't wait for dhcpcd
2021-05-05 00:04:30 +00:00
38a405cb72
howl: add Tailscale IP
2021-05-05 00:01:34 +00:00
df6a1fe819
howl: suspend loop workaround
2021-05-05 21:48:17 +01:00
c31da4140c
ops/nixos/howl: init
2021-04-29 12:16:49 +00:00
dfb62d8c7e
totoro: switch to postgresql_13
2021-04-25 21:44:05 +00:00
a4631a8fda
ops/nixos/lib/blade: set rgw_data_log_backing back to omap
2021-04-23 13:32:34 +00:00
f3a99c40d3
totoro: oops, indent
2021-04-20 14:48:00 +00:00
6cba0be3b5
totoro: move all rules into a single group
2021-04-20 14:35:23 +00:00
eb9b1a43c0
Backed out changeset 4c2687c43d66
2021-04-20 14:18:45 +00:00
02ca2a46be
totoro: attempt to repair rules by adding more blanks
2021-04-20 14:11:38 +00:00
3c48f56f6e
totoro: track NixOS channels in my local Prometheus
2021-04-20 14:00:17 +00:00
36cc88bcef
ipfs: add to pomerium, explicitly set IPs for swarm
2021-04-18 16:24:59 +00:00
42e8b1eed0
bvm-ipfs: add public IPv4/v6 addresses
2021-04-18 16:04:25 +00:00
2ee3044113
switch-prebuilt: use nix build instead of nix copy to use cache.nixos.org
2021-04-17 23:55:31 +00:00
43e8e05e7b
ops/nixos: tweak alacritty settings
2021-04-17 20:28:27 +01:00
11066035e2
ops/nixos: add alacritty everywhere
2021-04-17 20:17:43 +01:00
0372f4b848
ops/nixos: set isNormalUser for all existing users
...
Now there's an assertion which requires either isNormalUser or isSystemUser, so
we set one of them for all the users we have already.
2021-04-17 20:16:27 +01:00
258d62613f
ops/nixos/swann: drop unifiPackage, switch back to stock
2021-04-13 17:15:42 +00:00
4707c69469
bvm-nixosmgmt: add nix to rundeck
2021-04-10 23:12:24 +00:00
c398482f7b
bvm-nixosmgmt: add openssh to path
2021-04-10 22:35:53 +00:00
e0241545d2
add mercurial to rundeck path
2021-04-10 22:17:28 +00:00
0ea95ab402
blade-{chakotay,kim}: disable rundeck; expected offline
2021-04-10 20:16:44 +00:00
bfa7051e2f
ops/nixos: tidy up hostnames
2021-04-10 20:15:30 +00:00
1b3cb3f723
ops/secrets: add rundeck_deployer_rsa.pub
2021-04-10 20:01:31 +00:00
ecd086eae4
ops/nixos: set up things for generating rundeck nodes
2021-04-10 19:59:56 +00:00
5533fd502a
ops/nixos: try setting searchDomains differently
2021-04-10 19:40:10 +00:00
d96ef542d7
etheroute-lon01: set X-Forwarded-Roles header for rundeck
2021-04-10 19:22:54 +00:00
d9662bcd10
etheroute-lon01: add rundeck
2021-04-10 17:22:11 +00:00
00cb06aff2
bvm-nixosmgmt: add rundeck
2021-04-10 17:20:35 +00:00
f1121433cf
ci-root: actually index with current system (oops)
2021-04-09 19:31:58 +01:00
c65e8b8a54
ops/home-manager-ext: add built attribute
...
This is so we can more easily build these things on CI.
2021-04-09 18:14:31 +00:00
91f6cb3317
clouvider-lon01: add mac-mini as remote builder
2021-04-09 18:14:06 +00:00
6465f98036
as205479.net: add mac-mini.int
2021-04-09 18:51:07 +01:00
02db8ea7cb
ops/nixos/lib/hm: support macOS again
...
The ntfy package expects to have pyobjc available when running under Darwin,
which is currently broken in nixpkgs. There's a fairly involved ongoing effort
to package it again, but in the mean time we just patch out the dep. I'm using
the pushover backend anyway.
To avoid having to rebuild it rather than just fetch from the NixOS cache, I
only override it when running on Darwin.
2021-04-09 18:48:46 +01:00
bb03f5ea0d
ops/nixos: fixups for upstream pomerium module
2021-04-07 00:46:15 +00:00
13f2f79e6d
graphical-client: add wallpapers
...
If I find more I like, I'll add them here, I guess. For the moment, there's
just the one.
2021-04-06 09:53:56 +01:00
