2714def613
etheroute-lon01: add code.int.lukegb.com
2023-08-19 22:43:34 +00:00
f1f295f027
swann: switch to IPv4 for wireguard as well
...
I'm having trouble getting a properly delegated prefix for tethering on the
Quectel modem inside kerrigan. One day I'll figure it out I guess.
2023-08-19 22:37:13 +00:00
ddfb67cdd1
totoro: enable openvscode-server
2023-08-19 21:13:16 +00:00
b985351394
cofractal-ams01: make bindMountSvc more stable
2023-08-17 02:50:57 +00:00
e07896407e
graphical-client: fonts.fonts -> fonts.packages
2023-08-11 23:09:22 +01:00
b16bfb93ce
treewide: hack/nixpkgs, which uses _our_ nixpkgs, not actual nixpkgs
2023-08-11 23:05:35 +01:00
7a8614d2f7
swann: switch to erbium (this is broken)
2023-08-08 23:29:58 +01:00
e97a7d69f0
kerrigan: switch to systemd-boot
2023-08-08 23:28:42 +01:00
b5d1f9b80f
ops/nixos/erbium: init
2023-08-08 23:25:06 +01:00
b904a15186
nixos/bgp: on machines with lots of routes, disable SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME
2023-08-06 18:02:28 +01:00
dda412fa6c
totoro: coventry -> coventry-2
2023-07-28 21:13:44 +00:00
1c847d3eda
etheroute-lon01: set up gsl1
2023-07-28 21:13:35 +00:00
e93f012772
swann: migrate to erbium
2023-08-06 17:06:18 +01:00
670ffb4186
bgp: for 92.118.31.0/24, prepend with AS197753 for now
2023-07-24 13:28:17 +01:00
4f588c0267
coredns: quadv.net
2023-07-24 13:13:52 +01:00
7d221ced9a
etheroute-lon01: make cofractal-ams01 public
2023-07-21 16:47:47 +00:00
5d47f75c2f
swann: don't add mopup rules for wg-intfs, since we'll get that via BGP
2023-07-19 23:28:58 +01:00
d1a4a792ef
ops/nixos: reinit blade-paris
2023-07-02 16:05:13 +00:00
dba2db07b1
patch minor incompatibilities with 3p/nixpkgs update
2023-07-01 12:53:49 +00:00
551c4f27ad
etheroute-lon01: GRE->Wireguard
2023-07-15 12:09:18 +01:00
1c4530988d
etheroute-lon01: switch to networkd
2023-07-11 12:01:46 +01:00
528ed1debc
swann: add qvmpc6552
2023-07-11 12:01:00 +01:00
52fd493096
blade-paris: not on ZFS
2023-07-11 11:40:55 +01:00
b8f338d6fa
porcorosso: try to make sddm use wayland (unsuccessfully), and hide the deployer user
2023-06-18 20:32:43 +01:00
364eaa2c55
porcorosso: systemd-stage1, plymouth, gdm->sddm
2023-05-29 02:39:49 +01:00
f7f8691649
fr24feed: try to bind /etc/fr24feed in instead
2023-05-29 00:15:19 +01:00
1c9b9e9fcd
swann: boot.tmpOnTmpfs -> boot.tmp.useTmpfs
2023-05-28 01:32:25 +01:00
4921cabb8a
ops/nixos: drop boot.loader.grub.version = 2 - doesn't do anything anymore
2023-05-27 20:26:35 +01:00
86f193d44a
secretsmgr: add bare hostnames everywhere
2023-05-26 17:39:01 +01:00
450ae89942
cofractal-ams01: update tailcsale IP
2023-05-26 00:01:17 +01:00
eaa3bf1810
intel-oclcpuexp: init
2023-05-26 00:01:07 +01:00
e0c88bac2d
porcorosso: more plasma tweaks; let's try Wayland again
2023-05-16 13:48:55 +01:00
074b3d25b6
porcorosso: let's try KDE
2023-05-14 15:04:36 +01:00
a12f2a8b07
bvm-netbox: add livetaild.lukegb.dev
2023-05-14 15:04:26 +01:00
6f95606d71
cofractal-ams01: fix systemd.network.networks
2023-05-11 11:52:47 +01:00
3eaa849f81
cofractal-ams01: tweak networkd RequiredForOnline, add libvirtd
2023-05-11 11:27:15 +01:00
dea2ddd168
hm: add blast-{csgo,worker}{1,2}-jump
2023-05-07 14:39:32 +01:00
c283dc8f90
ops/nixos: update etheroute-lon01 tailscale IP
2023-04-18 20:59:21 +00:00
7fe7452e2f
ops/nixos: add tumblrandom
2023-04-18 20:05:51 +00:00
2d1bf2ffae
bgp: fix problem where I forgot to add depot
2023-04-15 14:47:37 +00:00
28e7704f44
ops/nixos: move tailscale/systemd-networkd fixes to lib/bgp
2023-04-15 14:36:22 +00:00
389be0c195
cofractal-ams01: switch to tailscale-in-polling mode to reduce logspam and CPU
2023-04-15 14:31:39 +00:00
f0846a9171
cofractal-ams01: give systemd-networkd a chance to start up...
2023-04-15 14:11:40 +00:00
4faf4a4630
swann: disable unifi
2023-04-15 02:45:10 +00:00
857e659f1f
cofractal-ams01: stop factorio versions.json splicing, disable ipfs
2023-04-15 00:41:49 +00:00
ddc00228c9
blade-tuvok: fix boot.loader.grub, update wireguard services
2023-03-18 17:53:03 +00:00
24cd61c461
etheroute-lon01: IPv4 renumber
2023-03-16 10:32:09 +00:00
20e2cd4e2c
cofractal-ams01: add mod-settings
2023-03-12 21:58:43 +00:00
e602587fb6
cofractal-ams01: allow IPFS
2023-03-12 20:47:56 +00:00
7d78a2cee0
cofractal-ams01: init factorio
2023-03-12 20:33:25 +00:00
03dc26854e
totoro: services.openssh.forwardX11 -> services.openssh.settings.X11Forwarding
2023-03-12 14:19:54 +00:00
721a7e6828
ops/nixos: refactor ssh_config
2023-03-12 03:58:52 +00:00
9aa6298df4
ssh-ca: also sign for otter-acoustic.ts.net
2023-03-12 03:53:42 +00:00
6d24fe6e78
ops/nixos: whitby-distributed
2023-03-12 03:51:10 +00:00
c5d4542bbb
ops/nixos/lib/content: fixup
2023-03-12 03:35:48 +00:00
ca7b57a78a
cofractal-ams01: adopt more responsibility from clouvider-fra01
2023-03-12 03:15:34 +00:00
f0712a966a
nixbuild-distributed: tweak secret format
2023-03-12 02:04:08 +00:00
9d6aa88d2d
ops/nixos: add gitlab-runner-cacher, unassign clouvider-lon01, assign cofractal-ams01
2023-03-11 18:15:45 +00:00
4daa3a593a
nixbuild-distributed: create
2023-03-09 21:33:42 +00:00
a17cc6e422
totoro: enable NFS
2023-03-09 21:33:22 +00:00
40baed5b59
cofractal-ams01: enable aarch64-linux binfmt emulation
2023-03-05 12:34:40 +00:00
2f41c3a0f7
cofractal-ams01: switch back to default kernel
2023-03-05 12:31:07 +00:00
a861c3f460
3p/nixpkgs: drop prison-zxing, upstreamed
2023-03-05 12:21:05 +00:00
09610ee555
hm/client: copybara only on x86 Linux
2023-02-12 17:57:39 +00:00
916240fe30
home-assistant: drop api_key/user_key
2023-02-12 17:08:46 +00:00
3efed27d62
treewide: adapt to newer nixpkgs
2023-02-04 00:24:32 +00:00
7c6bdab11c
etheroute-lon01: quadv1-4
2023-02-03 23:30:35 +00:00
28cbcf08a4
kerrigan: provision IPv6
2023-01-21 22:46:00 +00:00
12d9be8909
kerrigan: working IPv6 passthru
2023-01-21 22:38:56 +00:00
6fd15f1080
kerrigan: configure radvd for IPv6 forwarding
2023-01-21 19:54:18 +00:00
d3fdb0b04d
ops/nixos/common: demand system as an arg
2023-01-21 18:59:48 +00:00
c8f1d10e4e
switch-prebuilt: update
2023-01-21 18:52:15 +00:00
f1118a9a04
cofractal-ams01: support v4-on-v6 + ENH
2023-01-19 09:29:37 +00:00
9213875d8b
cofractal-ams01: bgp-over-ipv4
2023-01-18 23:41:42 +00:00
756c1a3dd2
cofractal-ams01: more turnup bits
2023-01-18 21:43:48 +00:00
605dae808a
cofractal-ams01: init placeholder
2023-01-17 22:09:48 +00:00
0583eb2f07
clouvider-lon01: enable aarch64 emulation
2023-01-17 21:49:53 +00:00
f8aaa89d74
coredns: update oracle-lon01, add cofractal-ams01
2023-01-17 21:45:18 +00:00
3fdced1c68
kerrigan: init MochaBin
2023-01-17 19:36:53 +00:00
f053953bb6
ops/raritan: migrate to using vault for username/password
2023-01-15 16:37:30 +00:00
35a9ec6bf5
nhsenglandtests: delete
2023-01-15 16:26:50 +00:00
8407c1a743
hm/common: point at actual terminfo dir
2023-01-15 16:14:14 +00:00
e2b9b63743
terminfos: init
2023-01-15 16:10:12 +00:00
ff0eff593d
totoro: tweak alertmanager setup
2023-01-14 22:24:01 +00:00
ed03e709c5
euw1.api.riotgames.com is on AWS and isn't useful
2023-01-14 22:17:36 +00:00
77c4d9d7c2
totoro: ADSB
2023-01-09 02:09:04 +00:00
91b44d92e4
howl: add redis and postgresql, but don't start them by default
2023-01-08 05:44:13 +00:00
40ed8549b8
resolve some warnings
2022-12-29 14:15:58 +00:00
376e20fe04
ops/nixos: update to cope with the fact we now have warnings/errors at the top level in the exporters set
2022-12-19 08:27:41 +00:00
46c0e2713a
porcorosso/blast: update IPs, add hl2prom
2022-12-19 07:54:48 +00:00
7d752e9871
porcorosso: fix networkmanager bindmount
2022-12-14 05:35:46 +00:00
757900436a
hm/common: update blast IPs
2022-12-14 05:35:38 +00:00
c758bcb61a
hm/client: fix path to jj
2022-12-04 22:03:47 +00:00
754afefc78
jj: init at c52a14eac6532ba814c88f2c8c740415293bfb1a
2022-12-04 21:52:55 +00:00
494935849b
porcorosso: make sure the lukegb database exists
2022-12-04 02:31:03 +00:00
980a2be55c
ops/nixos/hm/client: add git-absorb
2022-12-02 03:04:25 +00:00
08332c8a7b
hm/graphical-client: drop yubioath-desktop, since it got deleted from nixpkgs
2022-11-30 11:06:19 +00:00
6f77028a62
ops: pending changes
2022-11-30 10:50:47 +00:00
3c7d0fa54e
clouvider-lon01: add live1 relay
2022-11-24 13:03:16 +00:00
154ea3a393
howl: disable lukegbgp/try to fix bindsTo/partOf
2022-11-13 19:37:02 +00:00
79ae0d7fef
nix/pkgs/baserow/web-frontend: fix
...
We need to use openssl-legacy-provider to fix an issue with OpenSSL 3.x,
because Webpack (or Nuxt?) need to use deprecated hashes.
2022-11-09 00:35:09 +00:00
b03bf3ea87
baserow: drop mjml-tcpserver
2022-11-02 02:08:52 +00:00
f34d5e20db
hm/common: no manuals
2022-11-02 00:49:53 +00:00
f143d0be51
3p/nixpkgs: post-bump fixups
2022-10-31 21:41:42 +00:00
1d7a00e684
hm/graphical-client: add 'discord'
2022-10-31 20:09:53 +00:00
9dee33f3dc
swann: reenable unifi controller
2022-10-09 18:15:47 +01:00
e772336dc5
porcorosso: bump system.stateVersion (will change postgresql version)
2022-10-08 22:11:21 +01:00
86539ec1f2
totoro: bump system.stateVersion
2022-10-08 22:05:50 +01:00
068f1e2d9c
treewide: various warning fixups
2022-10-08 21:49:16 +01:00
88334fa721
hm/porcorosso-wsl: drop genie
2022-10-08 21:27:01 +01:00
f216bbad29
ops/nixos: services.ipfs --> services.kubo
2022-10-08 21:20:04 +01:00
746c427690
hm/ext: init SSH config tweaks for 3p systems
2022-10-08 21:14:36 +01:00
e03ae8b853
treewide: fix things up for new nixpkgs
2022-10-02 22:23:44 +01:00
2796d03b22
nixos/client: add udisks2
2022-09-24 16:40:45 +01:00
18d7f36feb
howl/porcorosso: switch NetworkManager/system-connections from symlink to bind mount
2022-09-18 17:53:02 +01:00
bfe31111ba
bvm-paperless: oops, need to put square brackets there
2022-09-11 22:50:08 +01:00
27eb5b251e
blade-router: tweak export filter to drop local communities
2022-08-17 02:30:09 +01:00
a8bb05ba1e
blade-router: add ovh
2022-08-17 00:50:45 +01:00
9752742d76
bgp: force next-hop for OVH since I just can't talk to their router 2
2022-09-04 21:10:33 +01:00
2e56cddee5
hm/common: add a 'github' server alias
2022-09-04 21:10:20 +01:00
c16856f8ab
treewide: add my.ip.tailscale6
2022-09-02 00:22:16 +01:00
04df4d0a98
depotwide: make closures smaller, especially on frantech machines
2022-08-27 19:38:03 +01:00
4d0091c35e
as205479.net: add IPv6 tailnet, swap etheroute-lon01
2022-08-26 21:10:05 +01:00
203cba674d
blade: oops, we need SPICE
2022-08-26 21:00:52 +01:00
bc6832b6ca
etheroute-lon01: reinstall, reconfig bgp.tools session
2022-08-26 21:00:43 +01:00
bd37aaa161
porcorosso: enable swtpm and secure boot OVMF
2022-08-19 19:55:03 +01:00
e917fa122d
bvm-netbox: oops, ninovpn
2022-08-19 19:26:44 +01:00
e43e0a4e25
ops/nixos: switch from iosevka to iosevka-bin
2022-08-14 23:01:39 +01:00
e25a1ba6c4
depotwide: fix stuff
2022-08-14 21:01:26 +01:00
65d5cf0f92
porcorosso: some various changes
2022-08-14 18:11:14 +01:00
159da44acf
totoro: enable nodered
2022-08-14 18:10:49 +01:00
5c1742e13f
depotwide: add google-cloudflare role
2022-08-10 01:51:46 +01:00
54ba8ff398
bvm-matrix: add a pointless hostname to the cert set
2022-07-21 09:46:56 +01:00
d1b8449d76
ops/nixos/blade-router: don't export routes to LINX collector
...
It confuses some other people on LINX, so for the avoidance of arguments let's Just Not.
2022-07-15 12:03:37 +01:00
49cab76737
nixos/hm/common: tweak ssh settings
2022-07-15 08:59:43 +01:00
64940e45d6
ops/nixos/graphical-client: install qFlipper
2022-07-07 22:06:35 +01:00
f9f7542da5
bvm-paperless: add more paperless env variables
2022-06-29 21:39:56 +01:00
5f19f9d783
totoro: add gateway
2022-06-25 17:43:30 +00:00
a5fb805dfa
totoro: set default gateway. oops.
2022-06-25 17:35:49 +00:00
dd10a6ba6b
totoro: switch to networkd
2022-06-19 20:34:43 +00:00
2884ced8a3
bvm-paperless: fix DBHOST to use unix sockets again
2022-06-19 21:21:15 +01:00
679c040677
Backed out changeset a532ddc33432
2022-06-19 21:02:02 +01:00
855faad5a0
bvm-prosody: eventphone stuff
2022-06-19 21:01:55 +01:00
d04959acf9
bvm-paperless: clear password for paperless to force unix auth
2022-06-19 20:59:51 +01:00
bfe2fb1707
totoro: add deluge, expose content share over Samba
2022-06-19 00:55:31 +00:00
bd2be7196a
nixos/common: add pam-ussh
2022-06-04 12:21:32 +01:00
2c6be52ce9
howl: add BGP for EMFIX
2022-06-04 12:15:43 +01:00
e68f8b615f
hm/graphical-client-wayland: use wallpaper
2022-04-18 16:45:14 +01:00
60e6ae8af5
nixos/blade-router: bump LINX LON1 netmask to /21
2022-05-29 22:03:56 +01:00
977ee51c54
ops/nixos: change default for RP check to loose to silence Tailscale warnings
2022-05-21 16:31:58 +01:00
f7686f6a5a
hm/common: add whitby alias for ssh
2022-05-17 01:41:48 +01:00
7f587564de
porcorosso-wsl: don't try to load ed25519, use genie
2022-05-17 01:37:01 +01:00
4f3c21a8ea
blade: tweak rbd_cache settings
2022-05-02 17:40:32 +01:00
13d51a7978
ops/nixos: move gitlab-runner registration token to vault
2022-05-13 21:45:36 +00:00
bf601faa89
nix/pkgs/authentik: init
2022-05-12 22:55:10 +00:00
cb383c46ad
ops/nixos/lib/coredns: add IPv6 address for oracle-lon01
2022-05-12 18:38:16 +00:00
8d1ae0fce1
bvm-prosody: use SQLite3
2022-05-02 17:20:03 +01:00
58793004a2
ops/nixos/hm/common: Tweak the IP for SAR1.
2022-04-30 16:48:35 +01:00
6e746fb2cf
etheroute-lon01: use gre rather than ipip
...
Cloudflare Magic Transit appears to become Very Unhappy when you blast it with IPIP.
Use GRE instead, which it is happier with.
2022-04-30 16:48:28 +01:00
d21b733794
ops/nixos: add bgp.tools route collector
2022-04-30 16:48:01 +01:00
04e013b237
ops/nixos/bgp: add support for route collectors
2022-04-30 16:47:35 +01:00
8acf275884
porcorosso: add lukegb to dialout
...
I would like to be able to use /dev/ttyUSB0 without sudo thanks.
2022-04-30 16:46:31 +01:00
35c014bdbe
etheroute-lon01: configure endpoint my end
2022-04-26 09:16:25 +01:00
e51d58fac6
ops/vault: bump ACME TTL
2022-04-20 23:47:09 +01:00
6f70c36b8f
ops/nixos/blade: further nuke forwardX11
2022-04-16 01:52:50 +01:00
514d703560
ops/nixos/blade: nuke forwardX11
2022-04-16 01:48:32 +01:00
7b4febe0ab
ops/nixos/blade: honey I shrunk the closure
2022-04-10 02:20:41 +00:00
784324fd20
ops/nixos: decommission virgin media
2022-04-15 23:42:05 +01:00
75d3386cd2
treewide: fix up for nixpkgs bump
2022-04-15 23:33:53 +01:00
29ac5c60c3
oracle-lon01: do more complicated routing, because google
2022-04-15 11:58:16 +00:00
b5fbf1f472
oracle-lon01: add my first aarch64-linux boxen
2022-04-13 12:03:56 +00:00
dca96efffe
fup: move config to secret
2022-04-10 01:37:37 +01:00
8647af22d7
ops/nixos: put more things in Vault
2022-04-09 21:51:24 +01:00
2536214734
deluge: migrate auth file to vault
2022-04-09 20:59:11 +01:00
b238831963
frantech-nyc01: no more bgp
2022-04-07 04:13:33 +01:00
55b6bd2a19
ops/nixos: add nixos-size to measure total closure pinned by booted-system/current-system mismatch
2022-04-07 03:42:17 +00:00
157629a402
paperless: allow websockets, set up postgres
2022-04-06 11:49:52 +01:00
fa8f317d6f
totoro: add firewall rule for Lifx
2022-04-06 01:00:55 +01:00
da71f20036
ops/nixos: enable paperless
2022-04-06 00:57:22 +01:00
57c5a7d1ce
coredns: add bvm-paperless.int
2022-04-05 11:28:10 +01:00
2585d70127
porcorosso: tidy up gl packages
2022-04-05 03:14:07 +00:00
8f6ae5cfd4
bvm-paperless: init
2022-04-04 19:11:22 +00:00
f8f5d48eec
porcorosso: blocklist r8152/r8153_ecm
2022-04-03 19:47:19 +01:00
b40f3435f4
swann: switch to SFP
2022-03-30 16:42:37 +00:00
addba44d44
coredns: fix ipv6 zones
2022-03-30 17:25:25 +01:00
4b6b4842d1
update dns
2022-03-29 21:30:09 +01:00
3a32590571
go/access: init
2022-03-25 01:24:21 +00:00
eb163962a4
nixos/common: add wireguard-tools
2022-03-24 22:22:18 +00:00
b8acd6e31b
swann: re-enable vault-agent
2022-03-20 19:10:24 +00:00
7592e76a31
tokend: init
...
tokend is responsible for issuing service-scoped tokens based on the token held
and generated by the Vault Agent.
It can also generate "server-user" scoped tokens, which exist for convenience's
sake: they are not a strong attestation of the user on the machine, and have
limited privileges compared to a Vault token issued using e.g. `vault login
-method=oidc`.
2022-03-20 17:47:52 +00:00
58a907b700
nixos/vault-agent: listen on UDS only
...
This UDS is going to be private to vault-agent and tokend (which doesn't exist
yet).
As a stopgap, for the moment, secretsmgrd will be granted direct access to
speak to the Vault Agent over the UDS.
tokend will be responsible for provisioning applications with tokens, by
issuing subtokens which have roles corresponding to the user account requesting
access.
2022-03-20 11:14:51 +00:00
d97a1b7437
bvm-radius: reenable roaming2.ja.net
2022-03-20 11:08:34 +00:00
132cb805b3
ops/vault: use wrapping token to protect secret IDs in transit
2022-03-20 10:14:02 +00:00
829d179d37
nixos/common: make the EnvironmentFile optional to avoid... problems
...
In general, it's better for us to fail to pass credentials to the Nix daemon
than it is for the Nix daemon to fail to start up entirely.
We will restart the daemon once the secrets have been delivered anyway.
2022-03-20 10:00:17 +00:00
c9ffb4ed3e
secretsmgr: actually _enable_ the timer unit
2022-03-18 01:08:35 +00:00
ce698ab382
nixos/secretsmgr: add the timer unit
2022-03-18 01:03:55 +00:00
b719181dfe
nixos: migrate to secretsmgr for sshd and ACME
2022-03-17 23:31:55 +00:00
702cd972ab
nixos/vault-agent: should care about /var/lib/vault-agent instead
2022-03-17 12:27:10 +00:00
b0d2782369
nixos/vault-agent: set a longer timeout on HTTP requests to upstream
2022-03-17 01:25:44 +00:00
b469b24c5a
totoro: add live2 alias
2022-03-14 21:28:58 +00:00