e9b55e00a9
totoro: configure openvscode-server to listen on tailscale on v6
2023-08-19 22:43:47 +00:00
2714def613
etheroute-lon01: add code.int.lukegb.com
2023-08-19 22:43:34 +00:00
f1f295f027
swann: switch to IPv4 for wireguard as well
...
I'm having trouble getting a properly delegated prefix for tethering on the
Quectel modem inside kerrigan. One day I'll figure it out I guess.
2023-08-19 22:37:13 +00:00
ddfb67cdd1
totoro: enable openvscode-server
2023-08-19 21:13:16 +00:00
b985351394
cofractal-ams01: make bindMountSvc more stable
2023-08-17 02:50:57 +00:00
e07896407e
graphical-client: fonts.fonts -> fonts.packages
2023-08-11 23:09:22 +01:00
b16bfb93ce
treewide: hack/nixpkgs, which uses _our_ nixpkgs, not actual nixpkgs
2023-08-11 23:05:35 +01:00
7a8614d2f7
swann: switch to erbium (this is broken)
2023-08-08 23:29:58 +01:00
e97a7d69f0
kerrigan: switch to systemd-boot
2023-08-08 23:28:42 +01:00
b5d1f9b80f
ops/nixos/erbium: init
2023-08-08 23:25:06 +01:00
b904a15186
nixos/bgp: on machines with lots of routes, disable SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME
2023-08-06 18:02:28 +01:00
dda412fa6c
totoro: coventry -> coventry-2
2023-07-28 21:13:44 +00:00
1c847d3eda
etheroute-lon01: set up gsl1
2023-07-28 21:13:35 +00:00
e93f012772
swann: migrate to erbium
2023-08-06 17:06:18 +01:00
670ffb4186
bgp: for 92.118.31.0/24, prepend with AS197753 for now
2023-07-24 13:28:17 +01:00
4f588c0267
coredns: quadv.net
2023-07-24 13:13:52 +01:00
7d221ced9a
etheroute-lon01: make cofractal-ams01 public
2023-07-21 16:47:47 +00:00
5d47f75c2f
swann: don't add mopup rules for wg-intfs, since we'll get that via BGP
2023-07-19 23:28:58 +01:00
d1a4a792ef
ops/nixos: reinit blade-paris
2023-07-02 16:05:13 +00:00
dba2db07b1
patch minor incompatibilities with 3p/nixpkgs update
2023-07-01 12:53:49 +00:00
551c4f27ad
etheroute-lon01: GRE->Wireguard
2023-07-15 12:09:18 +01:00
1c4530988d
etheroute-lon01: switch to networkd
2023-07-11 12:01:46 +01:00
528ed1debc
swann: add qvmpc6552
2023-07-11 12:01:00 +01:00
52fd493096
blade-paris: not on ZFS
2023-07-11 11:40:55 +01:00
b8f338d6fa
porcorosso: try to make sddm use wayland (unsuccessfully), and hide the deployer user
2023-06-18 20:32:43 +01:00
364eaa2c55
porcorosso: systemd-stage1, plymouth, gdm->sddm
2023-05-29 02:39:49 +01:00
f7f8691649
fr24feed: try to bind /etc/fr24feed in instead
2023-05-29 00:15:19 +01:00
1c9b9e9fcd
swann: boot.tmpOnTmpfs -> boot.tmp.useTmpfs
2023-05-28 01:32:25 +01:00
4921cabb8a
ops/nixos: drop boot.loader.grub.version = 2 - doesn't do anything anymore
2023-05-27 20:26:35 +01:00
86f193d44a
secretsmgr: add bare hostnames everywhere
2023-05-26 17:39:01 +01:00
450ae89942
cofractal-ams01: update tailcsale IP
2023-05-26 00:01:17 +01:00
eaa3bf1810
intel-oclcpuexp: init
2023-05-26 00:01:07 +01:00
e0c88bac2d
porcorosso: more plasma tweaks; let's try Wayland again
2023-05-16 13:48:55 +01:00
074b3d25b6
porcorosso: let's try KDE
2023-05-14 15:04:36 +01:00
a12f2a8b07
bvm-netbox: add livetaild.lukegb.dev
2023-05-14 15:04:26 +01:00
6f95606d71
cofractal-ams01: fix systemd.network.networks
2023-05-11 11:52:47 +01:00
3eaa849f81
cofractal-ams01: tweak networkd RequiredForOnline, add libvirtd
2023-05-11 11:27:15 +01:00
dea2ddd168
hm: add blast-{csgo,worker}{1,2}-jump
2023-05-07 14:39:32 +01:00
983941331d
ops/vault: add nixbuild to clouvider-lon01
2023-05-07 14:39:17 +01:00
c283dc8f90
ops/nixos: update etheroute-lon01 tailscale IP
2023-04-18 20:59:21 +00:00
7fe7452e2f
ops/nixos: add tumblrandom
2023-04-18 20:05:51 +00:00
2d1bf2ffae
bgp: fix problem where I forgot to add depot
2023-04-15 14:47:37 +00:00
28e7704f44
ops/nixos: move tailscale/systemd-networkd fixes to lib/bgp
2023-04-15 14:36:22 +00:00
389be0c195
cofractal-ams01: switch to tailscale-in-polling mode to reduce logspam and CPU
2023-04-15 14:31:39 +00:00
f0846a9171
cofractal-ams01: give systemd-networkd a chance to start up...
2023-04-15 14:11:40 +00:00
4faf4a4630
swann: disable unifi
2023-04-15 02:45:10 +00:00
857e659f1f
cofractal-ams01: stop factorio versions.json splicing, disable ipfs
2023-04-15 00:41:49 +00:00
ddc00228c9
blade-tuvok: fix boot.loader.grub, update wireguard services
2023-03-18 17:53:03 +00:00
24cd61c461
etheroute-lon01: IPv4 renumber
2023-03-16 10:32:09 +00:00
20e2cd4e2c
cofractal-ams01: add mod-settings
2023-03-12 21:58:43 +00:00
e602587fb6
cofractal-ams01: allow IPFS
2023-03-12 20:47:56 +00:00
7d78a2cee0
cofractal-ams01: init factorio
2023-03-12 20:33:25 +00:00
03dc26854e
totoro: services.openssh.forwardX11 -> services.openssh.settings.X11Forwarding
2023-03-12 14:19:54 +00:00
721a7e6828
ops/nixos: refactor ssh_config
2023-03-12 03:58:52 +00:00
9aa6298df4
ssh-ca: also sign for otter-acoustic.ts.net
2023-03-12 03:53:42 +00:00
6d24fe6e78
ops/nixos: whitby-distributed
2023-03-12 03:51:10 +00:00
c5d4542bbb
ops/nixos/lib/content: fixup
2023-03-12 03:35:48 +00:00
ca7b57a78a
cofractal-ams01: adopt more responsibility from clouvider-fra01
2023-03-12 03:15:34 +00:00
f0712a966a
nixbuild-distributed: tweak secret format
2023-03-12 02:04:08 +00:00
9d6aa88d2d
ops/nixos: add gitlab-runner-cacher, unassign clouvider-lon01, assign cofractal-ams01
2023-03-11 18:15:45 +00:00
4daa3a593a
nixbuild-distributed: create
2023-03-09 21:33:42 +00:00
a17cc6e422
totoro: enable NFS
2023-03-09 21:33:22 +00:00
40baed5b59
cofractal-ams01: enable aarch64-linux binfmt emulation
2023-03-05 12:34:40 +00:00
2f41c3a0f7
cofractal-ams01: switch back to default kernel
2023-03-05 12:31:07 +00:00
a861c3f460
3p/nixpkgs: drop prison-zxing, upstreamed
2023-03-05 12:21:05 +00:00
08d59f4e20
ops/vault: create binary-cache-deployer
2023-02-25 22:16:56 +00:00
d901b12f91
ops/vault: permit lukegbcom-deployer to write to lukegb-flipperzero bucket
2023-02-25 22:11:35 +00:00
09610ee555
hm/client: copybara only on x86 Linux
2023-02-12 17:57:39 +00:00
916240fe30
home-assistant: drop api_key/user_key
2023-02-12 17:08:46 +00:00
3efed27d62
treewide: adapt to newer nixpkgs
2023-02-04 00:24:32 +00:00
7c6bdab11c
etheroute-lon01: quadv1-4
2023-02-03 23:30:35 +00:00
28cbcf08a4
kerrigan: provision IPv6
2023-01-21 22:46:00 +00:00
12d9be8909
kerrigan: working IPv6 passthru
2023-01-21 22:38:56 +00:00
6fd15f1080
kerrigan: configure radvd for IPv6 forwarding
2023-01-21 19:54:18 +00:00
d3fdb0b04d
ops/nixos/common: demand system as an arg
2023-01-21 18:59:48 +00:00
c8f1d10e4e
switch-prebuilt: update
2023-01-21 18:52:15 +00:00
f1118a9a04
cofractal-ams01: support v4-on-v6 + ENH
2023-01-19 09:29:37 +00:00
9213875d8b
cofractal-ams01: bgp-over-ipv4
2023-01-18 23:41:42 +00:00
756c1a3dd2
cofractal-ams01: more turnup bits
2023-01-18 21:43:48 +00:00
605dae808a
cofractal-ams01: init placeholder
2023-01-17 22:09:48 +00:00
0583eb2f07
clouvider-lon01: enable aarch64 emulation
2023-01-17 21:49:53 +00:00
f8aaa89d74
coredns: update oracle-lon01, add cofractal-ams01
2023-01-17 21:45:18 +00:00
3fdced1c68
kerrigan: init MochaBin
2023-01-17 19:36:53 +00:00
8731a6a37f
ops/vault: allow servers to read their own wireguard keys
2023-01-15 19:23:53 +00:00
f053953bb6
ops/raritan: migrate to using vault for username/password
2023-01-15 16:37:30 +00:00
35a9ec6bf5
nhsenglandtests: delete
2023-01-15 16:26:50 +00:00
8407c1a743
hm/common: point at actual terminfo dir
2023-01-15 16:14:14 +00:00
e2b9b63743
terminfos: init
2023-01-15 16:10:12 +00:00
ff0eff593d
totoro: tweak alertmanager setup
2023-01-14 22:24:01 +00:00
ed03e709c5
euw1.api.riotgames.com is on AWS and isn't useful
2023-01-14 22:17:36 +00:00
77c4d9d7c2
totoro: ADSB
2023-01-09 02:09:04 +00:00
91b44d92e4
howl: add redis and postgresql, but don't start them by default
2023-01-08 05:44:13 +00:00
653ac8f5f0
updateplexpass: use Plex Pass key to fetch new versions
2023-01-08 01:54:22 +00:00
40ed8549b8
resolve some warnings
2022-12-29 14:15:58 +00:00
376e20fe04
ops/nixos: update to cope with the fact we now have warnings/errors at the top level in the exporters set
2022-12-19 08:27:41 +00:00
46c0e2713a
porcorosso/blast: update IPs, add hl2prom
2022-12-19 07:54:48 +00:00
7d752e9871
porcorosso: fix networkmanager bindmount
2022-12-14 05:35:46 +00:00
757900436a
hm/common: update blast IPs
2022-12-14 05:35:38 +00:00
c758bcb61a
hm/client: fix path to jj
2022-12-04 22:03:47 +00:00
754afefc78
jj: init at c52a14eac6532ba814c88f2c8c740415293bfb1a
2022-12-04 21:52:55 +00:00
494935849b
porcorosso: make sure the lukegb database exists
2022-12-04 02:31:03 +00:00
980a2be55c
ops/nixos/hm/client: add git-absorb
2022-12-02 03:04:25 +00:00
08332c8a7b
hm/graphical-client: drop yubioath-desktop, since it got deleted from nixpkgs
2022-11-30 11:06:19 +00:00
6f77028a62
ops: pending changes
2022-11-30 10:50:47 +00:00
3c7d0fa54e
clouvider-lon01: add live1 relay
2022-11-24 13:03:16 +00:00
154ea3a393
howl: disable lukegbgp/try to fix bindsTo/partOf
2022-11-13 19:37:02 +00:00
79ae0d7fef
nix/pkgs/baserow/web-frontend: fix
...
We need to use openssl-legacy-provider to fix an issue with OpenSSL 3.x,
because Webpack (or Nuxt?) need to use deprecated hashes.
2022-11-09 00:35:09 +00:00
b03bf3ea87
baserow: drop mjml-tcpserver
2022-11-02 02:08:52 +00:00
f34d5e20db
hm/common: no manuals
2022-11-02 00:49:53 +00:00
f143d0be51
3p/nixpkgs: post-bump fixups
2022-10-31 21:41:42 +00:00
1d7a00e684
hm/graphical-client: add 'discord'
2022-10-31 20:09:53 +00:00
9dee33f3dc
swann: reenable unifi controller
2022-10-09 18:15:47 +01:00
e772336dc5
porcorosso: bump system.stateVersion (will change postgresql version)
2022-10-08 22:11:21 +01:00
86539ec1f2
totoro: bump system.stateVersion
2022-10-08 22:05:50 +01:00
068f1e2d9c
treewide: various warning fixups
2022-10-08 21:49:16 +01:00
88334fa721
hm/porcorosso-wsl: drop genie
2022-10-08 21:27:01 +01:00
f216bbad29
ops/nixos: services.ipfs --> services.kubo
2022-10-08 21:20:04 +01:00
746c427690
hm/ext: init SSH config tweaks for 3p systems
2022-10-08 21:14:36 +01:00
e03ae8b853
treewide: fix things up for new nixpkgs
2022-10-02 22:23:44 +01:00
2796d03b22
nixos/client: add udisks2
2022-09-24 16:40:45 +01:00
18d7f36feb
howl/porcorosso: switch NetworkManager/system-connections from symlink to bind mount
2022-09-18 17:53:02 +01:00
bfe31111ba
bvm-paperless: oops, need to put square brackets there
2022-09-11 22:50:08 +01:00
27eb5b251e
blade-router: tweak export filter to drop local communities
2022-08-17 02:30:09 +01:00
a8bb05ba1e
blade-router: add ovh
2022-08-17 00:50:45 +01:00
9752742d76
bgp: force next-hop for OVH since I just can't talk to their router 2
2022-09-04 21:10:33 +01:00
2e56cddee5
hm/common: add a 'github' server alias
2022-09-04 21:10:20 +01:00
c16856f8ab
treewide: add my.ip.tailscale6
2022-09-02 00:22:16 +01:00
04df4d0a98
depotwide: make closures smaller, especially on frantech machines
2022-08-27 19:38:03 +01:00
4d0091c35e
as205479.net: add IPv6 tailnet, swap etheroute-lon01
2022-08-26 21:10:05 +01:00
203cba674d
blade: oops, we need SPICE
2022-08-26 21:00:52 +01:00
bc6832b6ca
etheroute-lon01: reinstall, reconfig bgp.tools session
2022-08-26 21:00:43 +01:00
bd37aaa161
porcorosso: enable swtpm and secure boot OVMF
2022-08-19 19:55:03 +01:00
e917fa122d
bvm-netbox: oops, ninovpn
2022-08-19 19:26:44 +01:00
e43e0a4e25
ops/nixos: switch from iosevka to iosevka-bin
2022-08-14 23:01:39 +01:00
e25a1ba6c4
depotwide: fix stuff
2022-08-14 21:01:26 +01:00
65d5cf0f92
porcorosso: some various changes
2022-08-14 18:11:14 +01:00
159da44acf
totoro: enable nodered
2022-08-14 18:10:49 +01:00
5c1742e13f
depotwide: add google-cloudflare role
2022-08-10 01:51:46 +01:00
54ba8ff398
bvm-matrix: add a pointless hostname to the cert set
2022-07-21 09:46:56 +01:00
d1b8449d76
ops/nixos/blade-router: don't export routes to LINX collector
...
It confuses some other people on LINX, so for the avoidance of arguments let's Just Not.
2022-07-15 12:03:37 +01:00
49cab76737
nixos/hm/common: tweak ssh settings
2022-07-15 08:59:43 +01:00
64940e45d6
ops/nixos/graphical-client: install qFlipper
2022-07-07 22:06:35 +01:00
f9f7542da5
bvm-paperless: add more paperless env variables
2022-06-29 21:39:56 +01:00
5f19f9d783
totoro: add gateway
2022-06-25 17:43:30 +00:00
a5fb805dfa
totoro: set default gateway. oops.
2022-06-25 17:35:49 +00:00
dd10a6ba6b
totoro: switch to networkd
2022-06-19 20:34:43 +00:00
2884ced8a3
bvm-paperless: fix DBHOST to use unix sockets again
2022-06-19 21:21:15 +01:00
679c040677
Backed out changeset a532ddc33432
2022-06-19 21:02:02 +01:00
855faad5a0
bvm-prosody: eventphone stuff
2022-06-19 21:01:55 +01:00
d04959acf9
bvm-paperless: clear password for paperless to force unix auth
2022-06-19 20:59:51 +01:00
bfe2fb1707
totoro: add deluge, expose content share over Samba
2022-06-19 00:55:31 +00:00
bd2be7196a
nixos/common: add pam-ussh
2022-06-04 12:21:32 +01:00
2c6be52ce9
howl: add BGP for EMFIX
2022-06-04 12:15:43 +01:00
e68f8b615f
hm/graphical-client-wayland: use wallpaper
2022-04-18 16:45:14 +01:00
8b9c3494ff
ops/vault/reissue-secret-id: don't fail on systems with no pre-existing secrets
2022-04-18 16:44:55 +01:00
60e6ae8af5
nixos/blade-router: bump LINX LON1 netmask to /21
2022-05-29 22:03:56 +01:00
977ee51c54
ops/nixos: change default for RP check to loose to silence Tailscale warnings
2022-05-21 16:31:58 +01:00
97d71c78a1
ops/vault: add authentik-backed auth
2022-05-21 15:42:55 +01:00
f7686f6a5a
hm/common: add whitby alias for ssh
2022-05-17 01:41:48 +01:00
7f587564de
porcorosso-wsl: don't try to load ed25519, use genie
2022-05-17 01:37:01 +01:00
4f3c21a8ea
blade: tweak rbd_cache settings
2022-05-02 17:40:32 +01:00
13d51a7978
ops/nixos: move gitlab-runner registration token to vault
2022-05-13 21:45:36 +00:00
bf601faa89
nix/pkgs/authentik: init
2022-05-12 22:55:10 +00:00
cb383c46ad
ops/nixos/lib/coredns: add IPv6 address for oracle-lon01
2022-05-12 18:38:16 +00:00
8d1ae0fce1
bvm-prosody: use SQLite3
2022-05-02 17:20:03 +01:00
58793004a2
ops/nixos/hm/common: Tweak the IP for SAR1.
2022-04-30 16:48:35 +01:00
6e746fb2cf
etheroute-lon01: use gre rather than ipip
...
Cloudflare Magic Transit appears to become Very Unhappy when you blast it with IPIP.
Use GRE instead, which it is happier with.
2022-04-30 16:48:28 +01:00
d21b733794
ops/nixos: add bgp.tools route collector
2022-04-30 16:48:01 +01:00
04e013b237
ops/nixos/bgp: add support for route collectors
2022-04-30 16:47:35 +01:00
8acf275884
porcorosso: add lukegb to dialout
...
I would like to be able to use /dev/ttyUSB0 without sudo thanks.
2022-04-30 16:46:31 +01:00
35c014bdbe
etheroute-lon01: configure endpoint my end
2022-04-26 09:16:25 +01:00
e51d58fac6
ops/vault: bump ACME TTL
2022-04-20 23:47:09 +01:00
6f70c36b8f
ops/nixos/blade: further nuke forwardX11
2022-04-16 01:52:50 +01:00
514d703560
ops/nixos/blade: nuke forwardX11
2022-04-16 01:48:32 +01:00
7b4febe0ab
ops/nixos/blade: honey I shrunk the closure
2022-04-10 02:20:41 +00:00
784324fd20
ops/nixos: decommission virgin media
2022-04-15 23:42:05 +01:00
75d3386cd2
treewide: fix up for nixpkgs bump
2022-04-15 23:33:53 +01:00
29ac5c60c3
oracle-lon01: do more complicated routing, because google
2022-04-15 11:58:16 +00:00
b5fbf1f472
oracle-lon01: add my first aarch64-linux boxen
2022-04-13 12:03:56 +00:00
dca96efffe
fup: move config to secret
2022-04-10 01:37:37 +01:00
8647af22d7
ops/nixos: put more things in Vault
2022-04-09 21:51:24 +01:00
2536214734
deluge: migrate auth file to vault
2022-04-09 20:59:11 +01:00
b238831963
frantech-nyc01: no more bgp
2022-04-07 04:13:33 +01:00
55b6bd2a19
ops/nixos: add nixos-size to measure total closure pinned by booted-system/current-system mismatch
2022-04-07 03:42:17 +00:00
157629a402
paperless: allow websockets, set up postgres
2022-04-06 11:49:52 +01:00
fa8f317d6f
totoro: add firewall rule for Lifx
2022-04-06 01:00:55 +01:00
da71f20036
ops/nixos: enable paperless
2022-04-06 00:57:22 +01:00
97a2e46eeb
lukegbcom: autodeploy using Vault
2022-04-05 22:04:32 +01:00
57c5a7d1ce
coredns: add bvm-paperless.int
2022-04-05 11:28:10 +01:00
2585d70127
porcorosso: tidy up gl packages
2022-04-05 03:14:07 +00:00
8f6ae5cfd4
bvm-paperless: init
2022-04-04 19:11:22 +00:00
f8f5d48eec
porcorosso: blocklist r8152/r8153_ecm
2022-04-03 19:47:19 +01:00
b40f3435f4
swann: switch to SFP
2022-03-30 16:42:37 +00:00
addba44d44
coredns: fix ipv6 zones
2022-03-30 17:25:25 +01:00
4b6b4842d1
update dns
2022-03-29 21:30:09 +01:00
3a32590571
go/access: init
2022-03-25 01:24:21 +00:00
eb163962a4
nixos/common: add wireguard-tools
2022-03-24 22:22:18 +00:00
dbaabf1295
vault: deployer should be allowed to read nix-daemon secrets
2022-03-24 22:20:44 +00:00
b8acd6e31b
swann: re-enable vault-agent
2022-03-20 19:10:24 +00:00
7592e76a31
tokend: init
...
tokend is responsible for issuing service-scoped tokens based on the token held
and generated by the Vault Agent.
It can also generate "server-user" scoped tokens, which exist for convenience's
sake: they are not a strong attestation of the user on the machine, and have
limited privileges compared to a Vault token issued using e.g. `vault login
-method=oidc`.
2022-03-20 17:47:52 +00:00