Commit graph

1082 commits

Author SHA1 Message Date
e9b55e00a9 totoro: configure openvscode-server to listen on tailscale on v6 2023-08-19 22:43:47 +00:00
2714def613 etheroute-lon01: add code.int.lukegb.com 2023-08-19 22:43:34 +00:00
f1f295f027 swann: switch to IPv4 for wireguard as well
I'm having trouble getting a properly delegated prefix for tethering on the
Quectel modem inside kerrigan. One day I'll figure it out I guess.
2023-08-19 22:37:13 +00:00
ddfb67cdd1 totoro: enable openvscode-server 2023-08-19 21:13:16 +00:00
b985351394 cofractal-ams01: make bindMountSvc more stable 2023-08-17 02:50:57 +00:00
e07896407e graphical-client: fonts.fonts -> fonts.packages 2023-08-11 23:09:22 +01:00
b16bfb93ce treewide: hack/nixpkgs, which uses _our_ nixpkgs, not actual nixpkgs 2023-08-11 23:05:35 +01:00
7a8614d2f7 swann: switch to erbium (this is broken) 2023-08-08 23:29:58 +01:00
e97a7d69f0 kerrigan: switch to systemd-boot 2023-08-08 23:28:42 +01:00
b5d1f9b80f ops/nixos/erbium: init 2023-08-08 23:25:06 +01:00
b904a15186 nixos/bgp: on machines with lots of routes, disable SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME 2023-08-06 18:02:28 +01:00
dda412fa6c totoro: coventry -> coventry-2 2023-07-28 21:13:44 +00:00
1c847d3eda etheroute-lon01: set up gsl1 2023-07-28 21:13:35 +00:00
e93f012772 swann: migrate to erbium 2023-08-06 17:06:18 +01:00
670ffb4186 bgp: for 92.118.31.0/24, prepend with AS197753 for now 2023-07-24 13:28:17 +01:00
4f588c0267 coredns: quadv.net 2023-07-24 13:13:52 +01:00
7d221ced9a etheroute-lon01: make cofractal-ams01 public 2023-07-21 16:47:47 +00:00
5d47f75c2f swann: don't add mopup rules for wg-intfs, since we'll get that via BGP 2023-07-19 23:28:58 +01:00
d1a4a792ef ops/nixos: reinit blade-paris 2023-07-02 16:05:13 +00:00
dba2db07b1 patch minor incompatibilities with 3p/nixpkgs update 2023-07-01 12:53:49 +00:00
551c4f27ad etheroute-lon01: GRE->Wireguard 2023-07-15 12:09:18 +01:00
1c4530988d etheroute-lon01: switch to networkd 2023-07-11 12:01:46 +01:00
528ed1debc swann: add qvmpc6552 2023-07-11 12:01:00 +01:00
52fd493096 blade-paris: not on ZFS 2023-07-11 11:40:55 +01:00
b8f338d6fa porcorosso: try to make sddm use wayland (unsuccessfully), and hide the deployer user 2023-06-18 20:32:43 +01:00
364eaa2c55 porcorosso: systemd-stage1, plymouth, gdm->sddm 2023-05-29 02:39:49 +01:00
f7f8691649 fr24feed: try to bind /etc/fr24feed in instead 2023-05-29 00:15:19 +01:00
1c9b9e9fcd swann: boot.tmpOnTmpfs -> boot.tmp.useTmpfs 2023-05-28 01:32:25 +01:00
4921cabb8a ops/nixos: drop boot.loader.grub.version = 2 - doesn't do anything anymore 2023-05-27 20:26:35 +01:00
86f193d44a secretsmgr: add bare hostnames everywhere 2023-05-26 17:39:01 +01:00
450ae89942 cofractal-ams01: update tailcsale IP 2023-05-26 00:01:17 +01:00
eaa3bf1810 intel-oclcpuexp: init 2023-05-26 00:01:07 +01:00
e0c88bac2d porcorosso: more plasma tweaks; let's try Wayland again 2023-05-16 13:48:55 +01:00
074b3d25b6 porcorosso: let's try KDE 2023-05-14 15:04:36 +01:00
a12f2a8b07 bvm-netbox: add livetaild.lukegb.dev 2023-05-14 15:04:26 +01:00
6f95606d71 cofractal-ams01: fix systemd.network.networks 2023-05-11 11:52:47 +01:00
3eaa849f81 cofractal-ams01: tweak networkd RequiredForOnline, add libvirtd 2023-05-11 11:27:15 +01:00
dea2ddd168 hm: add blast-{csgo,worker}{1,2}-jump 2023-05-07 14:39:32 +01:00
983941331d ops/vault: add nixbuild to clouvider-lon01 2023-05-07 14:39:17 +01:00
c283dc8f90 ops/nixos: update etheroute-lon01 tailscale IP 2023-04-18 20:59:21 +00:00
7fe7452e2f ops/nixos: add tumblrandom 2023-04-18 20:05:51 +00:00
2d1bf2ffae bgp: fix problem where I forgot to add depot 2023-04-15 14:47:37 +00:00
28e7704f44 ops/nixos: move tailscale/systemd-networkd fixes to lib/bgp 2023-04-15 14:36:22 +00:00
389be0c195 cofractal-ams01: switch to tailscale-in-polling mode to reduce logspam and CPU 2023-04-15 14:31:39 +00:00
f0846a9171 cofractal-ams01: give systemd-networkd a chance to start up... 2023-04-15 14:11:40 +00:00
4faf4a4630 swann: disable unifi 2023-04-15 02:45:10 +00:00
857e659f1f cofractal-ams01: stop factorio versions.json splicing, disable ipfs 2023-04-15 00:41:49 +00:00
ddc00228c9 blade-tuvok: fix boot.loader.grub, update wireguard services 2023-03-18 17:53:03 +00:00
24cd61c461 etheroute-lon01: IPv4 renumber 2023-03-16 10:32:09 +00:00
20e2cd4e2c cofractal-ams01: add mod-settings 2023-03-12 21:58:43 +00:00
e602587fb6 cofractal-ams01: allow IPFS 2023-03-12 20:47:56 +00:00
7d78a2cee0 cofractal-ams01: init factorio 2023-03-12 20:33:25 +00:00
03dc26854e totoro: services.openssh.forwardX11 -> services.openssh.settings.X11Forwarding 2023-03-12 14:19:54 +00:00
721a7e6828 ops/nixos: refactor ssh_config 2023-03-12 03:58:52 +00:00
9aa6298df4 ssh-ca: also sign for otter-acoustic.ts.net 2023-03-12 03:53:42 +00:00
6d24fe6e78 ops/nixos: whitby-distributed 2023-03-12 03:51:10 +00:00
c5d4542bbb ops/nixos/lib/content: fixup 2023-03-12 03:35:48 +00:00
ca7b57a78a cofractal-ams01: adopt more responsibility from clouvider-fra01 2023-03-12 03:15:34 +00:00
f0712a966a nixbuild-distributed: tweak secret format 2023-03-12 02:04:08 +00:00
9d6aa88d2d ops/nixos: add gitlab-runner-cacher, unassign clouvider-lon01, assign cofractal-ams01 2023-03-11 18:15:45 +00:00
4daa3a593a nixbuild-distributed: create 2023-03-09 21:33:42 +00:00
a17cc6e422 totoro: enable NFS 2023-03-09 21:33:22 +00:00
40baed5b59 cofractal-ams01: enable aarch64-linux binfmt emulation 2023-03-05 12:34:40 +00:00
2f41c3a0f7 cofractal-ams01: switch back to default kernel 2023-03-05 12:31:07 +00:00
a861c3f460 3p/nixpkgs: drop prison-zxing, upstreamed 2023-03-05 12:21:05 +00:00
08d59f4e20 ops/vault: create binary-cache-deployer 2023-02-25 22:16:56 +00:00
d901b12f91 ops/vault: permit lukegbcom-deployer to write to lukegb-flipperzero bucket 2023-02-25 22:11:35 +00:00
09610ee555 hm/client: copybara only on x86 Linux 2023-02-12 17:57:39 +00:00
916240fe30 home-assistant: drop api_key/user_key 2023-02-12 17:08:46 +00:00
3efed27d62 treewide: adapt to newer nixpkgs 2023-02-04 00:24:32 +00:00
7c6bdab11c etheroute-lon01: quadv1-4 2023-02-03 23:30:35 +00:00
28cbcf08a4 kerrigan: provision IPv6 2023-01-21 22:46:00 +00:00
12d9be8909 kerrigan: working IPv6 passthru 2023-01-21 22:38:56 +00:00
6fd15f1080 kerrigan: configure radvd for IPv6 forwarding 2023-01-21 19:54:18 +00:00
d3fdb0b04d ops/nixos/common: demand system as an arg 2023-01-21 18:59:48 +00:00
c8f1d10e4e switch-prebuilt: update 2023-01-21 18:52:15 +00:00
f1118a9a04 cofractal-ams01: support v4-on-v6 + ENH 2023-01-19 09:29:37 +00:00
9213875d8b cofractal-ams01: bgp-over-ipv4 2023-01-18 23:41:42 +00:00
756c1a3dd2 cofractal-ams01: more turnup bits 2023-01-18 21:43:48 +00:00
605dae808a cofractal-ams01: init placeholder 2023-01-17 22:09:48 +00:00
0583eb2f07 clouvider-lon01: enable aarch64 emulation 2023-01-17 21:49:53 +00:00
f8aaa89d74 coredns: update oracle-lon01, add cofractal-ams01 2023-01-17 21:45:18 +00:00
3fdced1c68 kerrigan: init MochaBin 2023-01-17 19:36:53 +00:00
8731a6a37f ops/vault: allow servers to read their own wireguard keys 2023-01-15 19:23:53 +00:00
f053953bb6 ops/raritan: migrate to using vault for username/password 2023-01-15 16:37:30 +00:00
35a9ec6bf5 nhsenglandtests: delete 2023-01-15 16:26:50 +00:00
8407c1a743 hm/common: point at actual terminfo dir 2023-01-15 16:14:14 +00:00
e2b9b63743 terminfos: init 2023-01-15 16:10:12 +00:00
ff0eff593d totoro: tweak alertmanager setup 2023-01-14 22:24:01 +00:00
ed03e709c5 euw1.api.riotgames.com is on AWS and isn't useful 2023-01-14 22:17:36 +00:00
77c4d9d7c2 totoro: ADSB 2023-01-09 02:09:04 +00:00
91b44d92e4 howl: add redis and postgresql, but don't start them by default 2023-01-08 05:44:13 +00:00
653ac8f5f0 updateplexpass: use Plex Pass key to fetch new versions 2023-01-08 01:54:22 +00:00
40ed8549b8 resolve some warnings 2022-12-29 14:15:58 +00:00
376e20fe04 ops/nixos: update to cope with the fact we now have warnings/errors at the top level in the exporters set 2022-12-19 08:27:41 +00:00
46c0e2713a porcorosso/blast: update IPs, add hl2prom 2022-12-19 07:54:48 +00:00
7d752e9871 porcorosso: fix networkmanager bindmount 2022-12-14 05:35:46 +00:00
757900436a hm/common: update blast IPs 2022-12-14 05:35:38 +00:00
c758bcb61a hm/client: fix path to jj 2022-12-04 22:03:47 +00:00
754afefc78 jj: init at c52a14eac6532ba814c88f2c8c740415293bfb1a 2022-12-04 21:52:55 +00:00
494935849b porcorosso: make sure the lukegb database exists 2022-12-04 02:31:03 +00:00
980a2be55c ops/nixos/hm/client: add git-absorb 2022-12-02 03:04:25 +00:00
08332c8a7b hm/graphical-client: drop yubioath-desktop, since it got deleted from nixpkgs 2022-11-30 11:06:19 +00:00
6f77028a62 ops: pending changes 2022-11-30 10:50:47 +00:00
3c7d0fa54e clouvider-lon01: add live1 relay 2022-11-24 13:03:16 +00:00
154ea3a393 howl: disable lukegbgp/try to fix bindsTo/partOf 2022-11-13 19:37:02 +00:00
79ae0d7fef nix/pkgs/baserow/web-frontend: fix
We need to use openssl-legacy-provider to fix an issue with OpenSSL 3.x,
because Webpack (or Nuxt?) need to use deprecated hashes.
2022-11-09 00:35:09 +00:00
b03bf3ea87 baserow: drop mjml-tcpserver 2022-11-02 02:08:52 +00:00
f34d5e20db hm/common: no manuals 2022-11-02 00:49:53 +00:00
f143d0be51 3p/nixpkgs: post-bump fixups 2022-10-31 21:41:42 +00:00
1d7a00e684 hm/graphical-client: add 'discord' 2022-10-31 20:09:53 +00:00
9dee33f3dc swann: reenable unifi controller 2022-10-09 18:15:47 +01:00
e772336dc5 porcorosso: bump system.stateVersion (will change postgresql version) 2022-10-08 22:11:21 +01:00
86539ec1f2 totoro: bump system.stateVersion 2022-10-08 22:05:50 +01:00
068f1e2d9c treewide: various warning fixups 2022-10-08 21:49:16 +01:00
88334fa721 hm/porcorosso-wsl: drop genie 2022-10-08 21:27:01 +01:00
f216bbad29 ops/nixos: services.ipfs --> services.kubo 2022-10-08 21:20:04 +01:00
746c427690 hm/ext: init SSH config tweaks for 3p systems 2022-10-08 21:14:36 +01:00
e03ae8b853 treewide: fix things up for new nixpkgs 2022-10-02 22:23:44 +01:00
2796d03b22 nixos/client: add udisks2 2022-09-24 16:40:45 +01:00
18d7f36feb howl/porcorosso: switch NetworkManager/system-connections from symlink to bind mount 2022-09-18 17:53:02 +01:00
bfe31111ba bvm-paperless: oops, need to put square brackets there 2022-09-11 22:50:08 +01:00
27eb5b251e blade-router: tweak export filter to drop local communities 2022-08-17 02:30:09 +01:00
a8bb05ba1e blade-router: add ovh 2022-08-17 00:50:45 +01:00
9752742d76 bgp: force next-hop for OVH since I just can't talk to their router 2 2022-09-04 21:10:33 +01:00
2e56cddee5 hm/common: add a 'github' server alias 2022-09-04 21:10:20 +01:00
c16856f8ab treewide: add my.ip.tailscale6 2022-09-02 00:22:16 +01:00
04df4d0a98 depotwide: make closures smaller, especially on frantech machines 2022-08-27 19:38:03 +01:00
4d0091c35e as205479.net: add IPv6 tailnet, swap etheroute-lon01 2022-08-26 21:10:05 +01:00
203cba674d blade: oops, we need SPICE 2022-08-26 21:00:52 +01:00
bc6832b6ca etheroute-lon01: reinstall, reconfig bgp.tools session 2022-08-26 21:00:43 +01:00
bd37aaa161 porcorosso: enable swtpm and secure boot OVMF 2022-08-19 19:55:03 +01:00
e917fa122d bvm-netbox: oops, ninovpn 2022-08-19 19:26:44 +01:00
e43e0a4e25 ops/nixos: switch from iosevka to iosevka-bin 2022-08-14 23:01:39 +01:00
e25a1ba6c4 depotwide: fix stuff 2022-08-14 21:01:26 +01:00
65d5cf0f92 porcorosso: some various changes 2022-08-14 18:11:14 +01:00
159da44acf totoro: enable nodered 2022-08-14 18:10:49 +01:00
5c1742e13f depotwide: add google-cloudflare role 2022-08-10 01:51:46 +01:00
54ba8ff398 bvm-matrix: add a pointless hostname to the cert set 2022-07-21 09:46:56 +01:00
d1b8449d76 ops/nixos/blade-router: don't export routes to LINX collector
It confuses some other people on LINX, so for the avoidance of arguments let's Just Not.
2022-07-15 12:03:37 +01:00
49cab76737 nixos/hm/common: tweak ssh settings 2022-07-15 08:59:43 +01:00
64940e45d6 ops/nixos/graphical-client: install qFlipper 2022-07-07 22:06:35 +01:00
f9f7542da5 bvm-paperless: add more paperless env variables 2022-06-29 21:39:56 +01:00
5f19f9d783 totoro: add gateway 2022-06-25 17:43:30 +00:00
a5fb805dfa totoro: set default gateway. oops. 2022-06-25 17:35:49 +00:00
dd10a6ba6b totoro: switch to networkd 2022-06-19 20:34:43 +00:00
2884ced8a3 bvm-paperless: fix DBHOST to use unix sockets again 2022-06-19 21:21:15 +01:00
679c040677 Backed out changeset a532ddc33432 2022-06-19 21:02:02 +01:00
855faad5a0 bvm-prosody: eventphone stuff 2022-06-19 21:01:55 +01:00
d04959acf9 bvm-paperless: clear password for paperless to force unix auth 2022-06-19 20:59:51 +01:00
bfe2fb1707 totoro: add deluge, expose content share over Samba 2022-06-19 00:55:31 +00:00
bd2be7196a nixos/common: add pam-ussh 2022-06-04 12:21:32 +01:00
2c6be52ce9 howl: add BGP for EMFIX 2022-06-04 12:15:43 +01:00
e68f8b615f hm/graphical-client-wayland: use wallpaper 2022-04-18 16:45:14 +01:00
8b9c3494ff ops/vault/reissue-secret-id: don't fail on systems with no pre-existing secrets 2022-04-18 16:44:55 +01:00
60e6ae8af5 nixos/blade-router: bump LINX LON1 netmask to /21 2022-05-29 22:03:56 +01:00
977ee51c54 ops/nixos: change default for RP check to loose to silence Tailscale warnings 2022-05-21 16:31:58 +01:00
97d71c78a1 ops/vault: add authentik-backed auth 2022-05-21 15:42:55 +01:00
f7686f6a5a hm/common: add whitby alias for ssh 2022-05-17 01:41:48 +01:00
7f587564de porcorosso-wsl: don't try to load ed25519, use genie 2022-05-17 01:37:01 +01:00
4f3c21a8ea blade: tweak rbd_cache settings 2022-05-02 17:40:32 +01:00
13d51a7978 ops/nixos: move gitlab-runner registration token to vault 2022-05-13 21:45:36 +00:00
bf601faa89 nix/pkgs/authentik: init 2022-05-12 22:55:10 +00:00
cb383c46ad ops/nixos/lib/coredns: add IPv6 address for oracle-lon01 2022-05-12 18:38:16 +00:00
8d1ae0fce1 bvm-prosody: use SQLite3 2022-05-02 17:20:03 +01:00
58793004a2 ops/nixos/hm/common: Tweak the IP for SAR1. 2022-04-30 16:48:35 +01:00
6e746fb2cf etheroute-lon01: use gre rather than ipip
Cloudflare Magic Transit appears to become Very Unhappy when you blast it with IPIP.

Use GRE instead, which it is happier with.
2022-04-30 16:48:28 +01:00
d21b733794 ops/nixos: add bgp.tools route collector 2022-04-30 16:48:01 +01:00
04e013b237 ops/nixos/bgp: add support for route collectors 2022-04-30 16:47:35 +01:00
8acf275884 porcorosso: add lukegb to dialout
I would like to be able to use /dev/ttyUSB0 without sudo thanks.
2022-04-30 16:46:31 +01:00
35c014bdbe etheroute-lon01: configure endpoint my end 2022-04-26 09:16:25 +01:00
e51d58fac6 ops/vault: bump ACME TTL 2022-04-20 23:47:09 +01:00
6f70c36b8f ops/nixos/blade: further nuke forwardX11 2022-04-16 01:52:50 +01:00
514d703560 ops/nixos/blade: nuke forwardX11 2022-04-16 01:48:32 +01:00
7b4febe0ab ops/nixos/blade: honey I shrunk the closure 2022-04-10 02:20:41 +00:00
784324fd20 ops/nixos: decommission virgin media 2022-04-15 23:42:05 +01:00
75d3386cd2 treewide: fix up for nixpkgs bump 2022-04-15 23:33:53 +01:00
29ac5c60c3 oracle-lon01: do more complicated routing, because google 2022-04-15 11:58:16 +00:00
b5fbf1f472 oracle-lon01: add my first aarch64-linux boxen 2022-04-13 12:03:56 +00:00
dca96efffe fup: move config to secret 2022-04-10 01:37:37 +01:00
8647af22d7 ops/nixos: put more things in Vault 2022-04-09 21:51:24 +01:00
2536214734 deluge: migrate auth file to vault 2022-04-09 20:59:11 +01:00
b238831963 frantech-nyc01: no more bgp 2022-04-07 04:13:33 +01:00
55b6bd2a19 ops/nixos: add nixos-size to measure total closure pinned by booted-system/current-system mismatch 2022-04-07 03:42:17 +00:00
157629a402 paperless: allow websockets, set up postgres 2022-04-06 11:49:52 +01:00
fa8f317d6f totoro: add firewall rule for Lifx 2022-04-06 01:00:55 +01:00
da71f20036 ops/nixos: enable paperless 2022-04-06 00:57:22 +01:00
97a2e46eeb lukegbcom: autodeploy using Vault 2022-04-05 22:04:32 +01:00
57c5a7d1ce coredns: add bvm-paperless.int 2022-04-05 11:28:10 +01:00
2585d70127 porcorosso: tidy up gl packages 2022-04-05 03:14:07 +00:00
8f6ae5cfd4 bvm-paperless: init 2022-04-04 19:11:22 +00:00
f8f5d48eec porcorosso: blocklist r8152/r8153_ecm 2022-04-03 19:47:19 +01:00
b40f3435f4 swann: switch to SFP 2022-03-30 16:42:37 +00:00
addba44d44 coredns: fix ipv6 zones 2022-03-30 17:25:25 +01:00
4b6b4842d1 update dns 2022-03-29 21:30:09 +01:00
3a32590571 go/access: init 2022-03-25 01:24:21 +00:00
eb163962a4 nixos/common: add wireguard-tools 2022-03-24 22:22:18 +00:00
dbaabf1295 vault: deployer should be allowed to read nix-daemon secrets 2022-03-24 22:20:44 +00:00
b8acd6e31b swann: re-enable vault-agent 2022-03-20 19:10:24 +00:00
7592e76a31 tokend: init
tokend is responsible for issuing service-scoped tokens based on the token held
and generated by the Vault Agent.

It can also generate "server-user" scoped tokens, which exist for convenience's
sake: they are not a strong attestation of the user on the machine, and have
limited privileges compared to a Vault token issued using e.g. `vault login
-method=oidc`.
2022-03-20 17:47:52 +00:00