Commit graph

652 commits

Author SHA1 Message Date
a35a702e7d ops/nixos: disable avahi
We're using systemd-resolved, so just disable Avahi now.
2021-12-31 23:51:35 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
060f2cf96b nhsenglandtests: init 2021-12-31 07:00:32 +00:00
66d1ae3939 lib/hm/graphical-client-wayland: add mako 2021-12-31 04:48:51 +00:00
2d77689ed9 howl: enable bluetooth 2021-12-31 04:47:53 +00:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
837f7074ac ops/nixos: fix MAC address for vl-linx 2021-12-27 06:50:12 +00:00
a41abf3d6e ops/nixos/lib/hm: add element-desktop/element-desktop-wayland 2021-12-27 02:58:53 +00:00
ab9dd5d35a common: remove nhs.uk IPv6 mapping 2021-12-24 02:27:15 +00:00
ca6de1910d swann: services.unifi.openPorts -> openFirewall 2021-12-24 02:03:36 +00:00
05aea7f5f1 ops/nixos: migrate from services.redis to services.redis.servers."" 2021-12-24 02:02:57 +00:00
e55a824929 bvm-logger: install clickhouse 2021-12-24 01:50:59 +00:00
4e4e8de984 ops/nixos: init bvm-logger 2021-12-23 04:11:39 +00:00
69db0e2a98 baserow: add nginx to baserow group too 2021-12-21 08:31:11 +00:00
c7a9d4ef76 baserow: tweak umask for opendkim... 2021-12-21 08:22:01 +00:00
1c97d3cd15 baserow: add postfix to opendkim group 2021-12-21 08:19:27 +00:00
656df5ac5b common: add kitty.terminfo 2021-12-21 08:13:20 +00:00
ee2598c29b baserow: oops, need the config argument 2021-12-21 08:12:39 +00:00
455856d7c0 baserow: enable postfix (totoro) 2021-12-21 08:11:38 +00:00
93a070870a nix/pkgs/baserow: hooray, it works 2021-12-21 05:48:40 +00:00
576896970a bvm-heptapod: add more heptapod 2021-12-18 04:15:53 +00:00
5eb7f7102f bvm-heptapod: init 2021-12-17 01:28:39 +00:00
fee02312d3 blade-tuvok: move public interface off a VLAN
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.

Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00
d99fe8b153 depot: fixups 2021-12-08 02:37:12 +00:00
29f7073384 ops/nixos: compatibility with NixOS 22.05 2021-12-07 19:13:04 +00:00
b6e4741320 etheroute-lon01: stateful firewall for forwarded packets 2021-12-07 17:25:59 +00:00
81b19971d1 etheroute-lon01: IPIP shouldn't bind to that 2021-12-07 16:48:48 +00:00
a344287e92 etheroute-lon01: fix up IPIP 2021-12-07 16:13:32 +00:00
105fcf1d50 coredns/zones: quadv stuff 2021-12-07 16:01:57 +00:00
41c85d898b etheroute-lon01: export QuadV net 2021-12-07 15:48:50 +00:00
da0717b02c ops/nixos: don't announce QuadV net everywhere by default 2021-12-07 15:19:45 +00:00
a1ee1e396c ops/nixos: alacritty -> kitty 2021-11-28 12:51:40 +00:00
7cbd53de1a ops/nixos: add blast configs 2021-11-25 17:14:03 +00:00
1eda43af34 go/trains: go! trains! 2021-11-23 12:32:01 +00:00
6d21c17a2a totoro: increase ping latency threshold 2021-11-18 21:36:22 +00:00
86e0ce9af9 nix/pkgs/datez: init 2021-11-18 21:33:40 +00:00
84c965f7cd totoro: give postgresql more resources to play with 2021-11-18 20:40:28 +00:00
0621fbfbf1 go/streetworks: init, schedule on totoro 2021-11-08 20:08:56 +00:00
94470110ed totoro: scrape prometheus data from 2112 for trains 2021-11-07 18:14:42 +00:00
4cb0716c91 ops/nixos: move minotarproxy back to clouvider-lon01
Closes #13.
2021-11-06 19:56:06 +00:00
9c8f3824a8 ops/nixos/lib/blade: virtualisation.libvirtd.qemuRunAsRoot -> virtualisation.libvirtd.qemu.runAsRoot 2021-11-05 01:34:04 +00:00
0b8196b04f kusakabe: expunge 2021-11-05 01:30:45 +00:00
72a2867e63 ops/nixos: enable X11 forwarding for some hosts 2021-11-05 01:29:53 +00:00
8834def522 clouvider-fra01: add content to port 18081 as well 2021-10-31 12:35:05 +00:00
a241cf7e82 porcorosso: switch back to nvidia 2021-10-31 11:38:34 +00:00
fad32fad6b marukuru: set accept_ra=2 for eth0 2021-10-22 19:39:46 +01:00
c769f2aeb6 bvm-prosody: keep messages forever 2021-10-22 19:39:32 +01:00
b9034f71aa porcorosso: enable bluetooth 2021-10-22 02:49:50 +01:00
a4f786f709 hm: add su-cinema-ernie 2021-10-19 07:53:59 +01:00
b94b586d5b clouvider-fra01: add content.int.lukegb.com 2021-10-19 07:06:37 +01:00
7b0e63d99c porcorosso: intel, again 2021-10-19 05:14:58 +01:00
c535655086 totoro/swann: do shenanigans with PS5 RTMP 2021-09-30 17:10:52 +00:00
fb16bea95c swann: give PS5 a static IP 2021-09-30 16:07:12 +00:00
9ed22f57ad bvm-radius: actually add cuirecv policy file 2021-09-27 08:35:53 +00:00
79a06fc54f bvm-radius: also permit User-Name attr in response 2021-09-27 08:16:48 +00:00
9773272e20 bvm-radius: request CUI 2021-09-27 08:01:14 +00:00
6b766b111d bvm-radius: make sure nginx can see certificates 2021-09-27 08:00:41 +00:00
00a02f8772 coredns: use the correct syntax, oops 2021-09-25 21:27:24 +00:00
bbbdfd5138 as205479.net: hmm, what 2021-09-25 21:18:09 +00:00
c976214bf8 coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net 2021-09-25 21:03:14 +00:00
9c92e12742 bvm-radius: start serving as205479.net webpage 2021-09-25 20:51:24 +00:00
932afbda74 bvm-radius: require message authenticators 2021-09-25 20:36:40 +00:00
d6bd6e85ca bvm-radius: add freeradius configuration 2021-09-25 18:28:45 +00:00
a8718864c1 swann: configure for eduroam on VLAN 100 2021-09-25 17:38:21 +00:00
f93ec18859 bvm-radius: add ACME certs for as205479.net 2021-09-25 17:38:09 +00:00
b50fa68559 coredns: delegate _acme-challenge to GCP DNS 2021-09-25 13:17:52 +00:00
8e97938d3e bvm-radius: install eapol_test 2021-09-25 12:55:47 +00:00
f3c38e3bb2 bvm-radius: use IP rather than DNS in extraCommands
DNS resolution doesn't work during extraCommands, which... is probably reasonable. Let's not do that.
2021-09-25 12:39:44 +00:00
4530991827 bvm-radius: RADIUS fw/pkg setup 2021-09-25 12:32:27 +00:00
0d6ab41728 bvm-radius: add tailscale IP 2021-09-25 12:19:07 +00:00
c908e3ab5d coredns: add RADSEC entry for as205479.net. 2021-09-25 11:45:05 +00:00
4b1fd796ae bvm-radius: init 2021-09-24 22:50:30 +00:00
158e0afcf3 coredns: init bvm-radius 2021-09-24 22:46:44 +00:00
ccec4b308b as205479.net: add MX records 2021-09-19 00:08:03 +00:00
19782a9e63 ops/nixos: set group for isSystemUser users 2021-09-16 19:14:30 +00:00
cb7811898c blade-tuvok: set bgp_local_prefs 2021-09-10 20:46:05 +00:00
dbf906a9a7 blade-router: add cloudflare 2021-09-10 20:23:24 +00:00
3ba0ab045c blade-router: remove prefix limit 2021-09-10 20:00:31 +00:00
e7bfb107b1 coredns: update mac-mini tailscale IP 2021-09-05 08:07:14 +00:00
4bb015ee0d swann: use IPv6 endpoint for tuvok over EE
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
edfc04551a totoro: set for duration on BFD alert 2021-09-02 19:24:17 +00:00
d35a0a35ba swann: ee-scrape-data must output data with a newline 2021-09-02 19:23:03 +00:00
58b87a9f0e swann: add ee-scrape-data, for putting allowance data into prometheus 2021-09-02 19:19:53 +00:00
683e6ffc21 totoro: add alert for BFD session failure 2021-09-02 18:35:18 +00:00
3abe727604 blade-router: add google session, which will hopefully turn up eventually 2021-08-31 20:36:26 +00:00
b4c80a07fa blade-router: configure passive session towards AS62240 2021-08-31 16:39:23 +00:00
2c632e28d2 blade-tuvok: switch from ECMP to metrics 2021-08-31 12:12:44 +00:00
e95324c175 swann: yes, this one 2021-08-31 02:29:56 +00:00
2d0a607383 ops/nixos: enable bird-exporter-lfty 2021-08-31 02:26:50 +00:00
f7fbfa5436 nix/pkgs: init prometheus-bird-exporter-lfty 2021-08-31 02:01:38 +00:00
a0d97e082d blade-tuvok: also NAT things going out onto linx 2021-08-31 01:37:34 +00:00
9a5b0379cb blade-tuvok: set net.ipv6.conf.default.forwarding as well 2021-08-30 21:01:53 +01:00
b2e45b56bb blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled 2021-08-30 20:52:20 +01:00
7134fe904a ops/nixos: implement BFD+WG tunneling for mldn-rd 2021-08-30 19:58:21 +01:00
bc1932df9b hm: start 1password's gui silently 2021-08-30 14:26:25 +01:00
44e22b810c porcorosso: force wayland off 2021-08-30 14:23:20 +01:00
dbcaa51968 hgrc: remove requirement for topic 2021-08-20 23:40:53 +00:00
4b7680acae ops/nixos/blade: force external IP to vl-transit 2021-08-20 23:34:54 +00:00
0ee916e49e ops/nixos/bgp: don't export routes to FB 2021-08-20 23:34:43 +00:00
0dd2d5d442 ops/nixos/bgp: more filtering shenanigans 2021-08-19 00:23:09 +00:00