Commit graph

1405 commits

Author SHA1 Message Date
9472db4577 ops/nixos: consolidate Frantech VM configs into lib/frantech.nix 2022-01-08 21:49:09 +00:00
ad95bffd3d ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
f463055acf ops/nixos: pipewire for everyone 2022-01-08 21:41:30 +00:00
4b2c0f7fa8 porcorosso: set up PRIME so we can draw to my laptop's internal display! 2022-01-08 21:28:03 +00:00
1348172aba porcorosso: remove unused hyperv config 2022-01-08 19:54:03 +00:00
1b4b7f0a80 porcorosso: remove default.pa 2022-01-08 19:45:55 +00:00
2ddd50aef4 etheroute-lon01: disable TLS verification for totoro
For some reason this is failing with a TLS alert that the certificate
is expired???
2022-01-07 15:23:43 +00:00
fe09e44c5c porcorosso: block i2c-nvidia-gpu, causes X11 to fail to init 2022-01-07 12:51:18 +00:00
bac7e1fb69 porcorosso: remove blast config 2022-01-07 12:42:55 +00:00
5b7f6eb880 3p/nixpkgs: add patches to mercurial package 2022-01-08 17:05:28 +00:00
Default email
3a47dd4636 Project import generated by Copybara.
GitOrigin-RevId: ff377a78794d412a35245e05428c8f95fef3951f
2022-01-07 12:07:37 +08:00
Default email
391e4a2fe6 Project import generated by Copybara.
GitOrigin-RevId: ff377a78794d412a35245e05428c8f95fef3951f
2022-01-07 12:07:37 +08:00
05be94e4d7 ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken.

At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has
DNSKEY records but there's no matching DS record at .com for it.

There are also other reports: https://github.com/systemd/systemd/issues/12388

tl;dr: it just doesn't work, let's not use that.
2022-01-08 12:09:26 +00:00
506a584dea totoro: set up podman socket support 2022-01-08 12:08:04 +00:00
Default email
3e7541c14f Project import generated by Copybara.
GitOrigin-RevId: ff377a78794d412a35245e05428c8f95fef3951f
2022-01-07 12:07:37 +08:00
9e79ad0cfa bvm-radius: add new roaming2.ja.net IPs 2022-01-07 11:49:24 +00:00
5001971b87 totoro: add bvm-.* alerts 2022-01-06 17:51:39 +00:00
6ab12dcad5 ops/nixos: rm marukuru 2022-01-06 15:55:21 +00:00
Default email
2495e3f88b Project import generated by Copybara.
GitOrigin-RevId: 78cd22c1b8604de423546cd49bfe264b786eca13
2022-01-03 17:56:52 +01:00
d79265ddad ops/nixos: tidy up security.acme 2022-01-04 14:00:45 +00:00
de71fd5c9a ops/nixos/lib/common: add global DNS servers 2022-01-04 13:32:56 +00:00
8cc6e2001a ops/nixos: create permanent quotesdb user
Stop relying on DynamicUser because it messes a bit with postgres' auth.
2022-01-01 21:49:23 +00:00
3318874168 marukuru: remove heptapod{,-runner} 2022-01-01 21:31:01 +00:00
67b038c2bc ops/nixos/common: turn off logRefusedConnections - it's super noisy 2022-01-01 20:56:41 +00:00
37e36418a1 bvm-logger: add custom clickhouse config
Just make it less spammy into the journal, sheesh.
2022-01-01 16:31:05 +00:00
086f5fe597 journal2clickhouse: coerce things that look like strings back to strings
There's binary data sometimes, but on the whole I don't care about preserving
it properly (sorry), so let's just coerce it to a string if it is supposed to
go into a "proper" field.
2022-01-01 16:30:38 +00:00
7e848a2622 go/journal2clickhouse: fix the Classic Bug 2022-01-01 15:31:47 +00:00
730d057e18 bvm-logger: enable journal2clickhouse for real 2022-01-01 15:24:32 +00:00
7b4e6c0e1b ops/nixos: oops, try to fix my.scrapeJournal.addr 2022-01-01 15:14:02 +00:00
c91a42948d journal2clickhouse: init 2022-01-01 15:08:52 +00:00
c5119b4882 ops/nixos: enable HTTP gateway if Tailscale is configured 2022-01-01 12:40:13 +00:00
1f13fd811d coredns: bind to specific interfaces/IPs 2022-01-01 09:03:25 +00:00
8e28b5bbfe ops/nixos: drop Google/AS15169 routes from Veloxserv to prefer RouteServer 2022-01-01 03:02:55 +00:00
bfd08b08cf ops/nixos: add fastly passive peer 2022-01-01 02:39:01 +00:00
6cfcd10e06 swann: use the router's public IP when making connections
For v6, the link is on an unrouted subnet so there's no way to address it from
outside. We don't want Linux to use the v6 subnet for connections it makes, so
we ask politely that the source on the route is actually an IP address that we
Like.
2022-01-01 02:11:59 +00:00
3458c7766e swann: switch from prod.euw1.riotgames.com to euw1.api.riotgames.com
The former appears to resolve, but no longer respond to ICMP ping (even from a
different network).  Switch to the documented API endpoint, which still
responds to ICMP ping.
2022-01-01 01:31:56 +00:00
3e98fae657 bvm-heptapod: autoStart deployer container 2022-01-01 00:43:15 +00:00
e182171916 ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
297e9c97e7 bvm-heptapod: add deployer container 2022-01-01 00:22:35 +00:00
8b3e77de1e swann: coredns shouldn't bind to 127.0.0.53 because systemd-resolved wants it 2021-12-31 23:52:57 +00:00
afc4834723 porcorosso: enable TLP for battery saving in laptop mode 2021-12-31 23:52:40 +00:00
a35a702e7d ops/nixos: disable avahi
We're using systemd-resolved, so just disable Avahi now.
2021-12-31 23:51:35 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
060f2cf96b nhsenglandtests: init 2021-12-31 07:00:32 +00:00
66d1ae3939 lib/hm/graphical-client-wayland: add mako 2021-12-31 04:48:51 +00:00
2d77689ed9 howl: enable bluetooth 2021-12-31 04:47:53 +00:00
Default email
a425ba4985 Project import generated by Copybara.
GitOrigin-RevId: 5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3
2021-12-30 14:39:12 +01:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
Default email
a6d62be0d1 Project import generated by Copybara.
GitOrigin-RevId: ac169ec6371f0d835542db654a65e0f2feb07838
2021-12-26 18:43:05 +01:00
837f7074ac ops/nixos: fix MAC address for vl-linx 2021-12-27 06:50:12 +00:00