lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions
1406 commits 1 branch 0 tags 365 MiB
Commit graph

50 commits

Author SHA1 Message Date
Luke Granger-Brown
6e746fb2cf etheroute-lon01: use gre rather than ipip 
Cloudflare Magic Transit appears to become Very Unhappy when you blast it with IPIP.

Use GRE instead, which it is happier with.
 2022-04-30 16:48:28 +01:00
Luke Granger-Brown
d21b733794 ops/nixos: add bgp.tools route collector 2022-04-30 16:48:01 +01:00
Luke Granger-Brown
35c014bdbe etheroute-lon01: configure endpoint my end 2022-04-26 09:16:25 +01:00
Luke Granger-Brown
8647af22d7 ops/nixos: put more things in Vault 2022-04-09 21:51:24 +01:00
Luke Granger-Brown
157629a402 paperless: allow websockets, set up postgres 2022-04-06 11:49:52 +01:00
Luke Granger-Brown
da71f20036 ops/nixos: enable paperless 2022-04-06 00:57:22 +01:00
Luke Granger-Brown
b719181dfe nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
Luke Granger-Brown
4100b021aa etheroute-lon01: add google service account token 2022-03-11 16:20:34 +00:00
Luke Granger-Brown
dd746bec32 etheroute-lon01: use FQDN for Pomerium DNS 2022-03-11 16:20:24 +00:00
Luke Granger-Brown
c98f3312a7 etheroute-lon01: migrate to vault-agent-secrets 2022-03-11 14:40:55 +00:00
Luke Granger-Brown
0c458988de ops/nixos: misc cleanups 2022-03-11 03:27:58 +00:00
Luke Granger-Brown
daccfa5717 ops/nixos: migrate everything to vault-agent-acme 2022-03-07 00:52:03 +00:00
Luke Granger-Brown
cbabb6f211 ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents 2022-01-30 20:30:20 +00:00
Luke Granger-Brown
4b14ea5b4d ops/nixos: remove rebuilder 
It's in the common profile, we don't need it everywhere.
 2022-01-23 16:57:20 +00:00
Luke Granger-Brown
ad95bffd3d ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
Luke Granger-Brown
2ddd50aef4 etheroute-lon01: disable TLS verification for totoro 
For some reason this is failing with a TLS alert that the certificate
is expired???
 2022-01-07 15:23:43 +00:00
Luke Granger-Brown
d79265ddad ops/nixos: tidy up security.acme 2022-01-04 14:00:45 +00:00
Luke Granger-Brown
05aea7f5f1 ops/nixos: migrate from services.redis to services.redis.servers."" 2021-12-24 02:02:57 +00:00
Luke Granger-Brown
b6e4741320 etheroute-lon01: stateful firewall for forwarded packets 2021-12-07 17:25:59 +00:00
Luke Granger-Brown
81b19971d1 etheroute-lon01: IPIP shouldn't bind to that 2021-12-07 16:48:48 +00:00
Luke Granger-Brown
a344287e92 etheroute-lon01: fix up IPIP 2021-12-07 16:13:32 +00:00
Luke Granger-Brown
41c85d898b etheroute-lon01: export QuadV net 2021-12-07 15:48:50 +00:00
Luke Granger-Brown
b94b586d5b clouvider-fra01: add content.int.lukegb.com 2021-10-19 07:06:37 +01:00
Luke Granger-Brown
05ddad31ad bvm-netbox: complete setup 2021-08-16 02:09:47 +00:00
Luke Granger-Brown
eba082c249 etheroute-lon01: renumber BGP session from 16089 to 3170 2021-06-11 12:28:30 +00:00
Luke Granger-Brown
36cc88bcef ipfs: add to pomerium, explicitly set IPs for swarm 2021-04-18 16:24:59 +00:00
Luke Granger-Brown
d96ef542d7 etheroute-lon01: set X-Forwarded-Roles header for rundeck 2021-04-10 19:22:54 +00:00
Luke Granger-Brown
d9662bcd10 etheroute-lon01: add rundeck 2021-04-10 17:22:11 +00:00
Luke Granger-Brown
bb03f5ea0d ops/nixos: fixups for upstream pomerium module 2021-04-07 00:46:15 +00:00
Luke Granger-Brown
66bfd9a458 etheroute-lon01: add twitterchiver 2021-03-31 22:37:01 +00:00
Luke Granger-Brown
665dc16239 etheroute-lon01: bump timeout, which is just 'timeout' 2021-03-18 23:50:54 +00:00
Luke Granger-Brown
a51b864d0d etheroute-lon01: set more finegrained timeouts 2021-03-14 13:00:37 +00:00
Luke Granger-Brown
da6c3854bd etheroute-lon01: move to objdump.zxcvbnm.ninja 2021-03-14 11:46:05 +00:00
Luke Granger-Brown
38e34e2210 etheroute-lon01: add objdump.lukegb.com 2021-03-14 11:44:17 +00:00
Luke Granger-Brown
d38601fabe etheroute-lon01: allow unifi websockets 2021-01-04 21:15:43 +00:00
Luke Granger-Brown
045f9f5b22 etheroute-lon01: unifi needs tls_skip_verify 2021-01-03 15:32:00 +00:00
Luke Granger-Brown
596752caa0 etheroute-lon01: add unifi.int 2021-01-03 03:35:24 +00:00
Luke Granger-Brown
26e379dfb7 depot-wide: create logged-out.int.lukegb.com 2020-12-30 00:57:53 +00:00
Luke Granger-Brown
be3ce89fb4 etheroute-lon01: unset allowed_domains 2020-12-29 20:55:01 +00:00
Luke Granger-Brown
7573280e5b etheroute-lon01: de-redundantify int.lukegb.com cert 2020-12-29 20:37:33 +00:00
Luke Granger-Brown
1c550cf508 etheroute-lon01: rejiggle pomerium policy 2020-12-29 20:11:41 +00:00
Luke Granger-Brown
11c4b77eab etheroute-lon01: send more identity headers 2020-12-29 20:00:52 +00:00
Luke Granger-Brown
8773350ba6 etheroute-lon01: add prometheus and alertmanager 2020-12-29 16:57:26 +00:00
Luke Granger-Brown
aa9c1eb17e etheroute-lon01: hint that it's-a-me, lukegb 2020-12-28 19:26:39 +00:00
Luke Granger-Brown
6f65c77ad3 etheroute-lon01: fix databroker connection string 2020-12-28 19:11:25 +00:00
Luke Granger-Brown
2c0de76c8b etheroute-lon01: use redis for pomerium databroker storage 2020-12-28 19:09:55 +00:00
Luke Granger-Brown
784138746f pomerium: document all known pomerium options as nixos module options 2020-12-28 18:54:00 +00:00
Luke Granger-Brown
41bdeda58a pomerium: various fixups to make this work 2020-12-28 15:27:18 +00:00
Luke Granger-Brown
10c6ddc4c9 etheroute-lon01: install pomerium 2020-12-28 14:08:24 +00:00
Luke Granger-Brown
3ee1906b97 ops/nixos: init etheroute-lon01 2020-12-26 23:36:34 +00:00