d99fe8b153
depot: fixups
2021-12-08 02:37:12 +00:00
29f7073384
ops/nixos: compatibility with NixOS 22.05
2021-12-07 19:13:04 +00:00
b6e4741320
etheroute-lon01: stateful firewall for forwarded packets
2021-12-07 17:25:59 +00:00
81b19971d1
etheroute-lon01: IPIP shouldn't bind to that
2021-12-07 16:48:48 +00:00
a344287e92
etheroute-lon01: fix up IPIP
2021-12-07 16:13:32 +00:00
105fcf1d50
coredns/zones: quadv stuff
2021-12-07 16:01:57 +00:00
41c85d898b
etheroute-lon01: export QuadV net
2021-12-07 15:48:50 +00:00
da0717b02c
ops/nixos: don't announce QuadV net everywhere by default
2021-12-07 15:19:45 +00:00
a1ee1e396c
ops/nixos: alacritty -> kitty
2021-11-28 12:51:40 +00:00
7cbd53de1a
ops/nixos: add blast configs
2021-11-25 17:14:03 +00:00
1eda43af34
go/trains: go! trains!
2021-11-23 12:32:01 +00:00
6d21c17a2a
totoro: increase ping latency threshold
2021-11-18 21:36:22 +00:00
86e0ce9af9
nix/pkgs/datez: init
2021-11-18 21:33:40 +00:00
84c965f7cd
totoro: give postgresql more resources to play with
2021-11-18 20:40:28 +00:00
0621fbfbf1
go/streetworks: init, schedule on totoro
2021-11-08 20:08:56 +00:00
94470110ed
totoro: scrape prometheus data from 2112 for trains
2021-11-07 18:14:42 +00:00
4cb0716c91
ops/nixos: move minotarproxy back to clouvider-lon01
...
Closes #13 .
2021-11-06 19:56:06 +00:00
9c8f3824a8
ops/nixos/lib/blade: virtualisation.libvirtd.qemuRunAsRoot -> virtualisation.libvirtd.qemu.runAsRoot
2021-11-05 01:34:04 +00:00
0b8196b04f
kusakabe: expunge
2021-11-05 01:30:45 +00:00
72a2867e63
ops/nixos: enable X11 forwarding for some hosts
2021-11-05 01:29:53 +00:00
8834def522
clouvider-fra01: add content to port 18081 as well
2021-10-31 12:35:05 +00:00
a241cf7e82
porcorosso: switch back to nvidia
2021-10-31 11:38:34 +00:00
fad32fad6b
marukuru: set accept_ra=2 for eth0
2021-10-22 19:39:46 +01:00
c769f2aeb6
bvm-prosody: keep messages forever
2021-10-22 19:39:32 +01:00
b9034f71aa
porcorosso: enable bluetooth
2021-10-22 02:49:50 +01:00
a4f786f709
hm: add su-cinema-ernie
2021-10-19 07:53:59 +01:00
b94b586d5b
clouvider-fra01: add content.int.lukegb.com
2021-10-19 07:06:37 +01:00
7b0e63d99c
porcorosso: intel, again
2021-10-19 05:14:58 +01:00
c535655086
totoro/swann: do shenanigans with PS5 RTMP
2021-09-30 17:10:52 +00:00
fb16bea95c
swann: give PS5 a static IP
2021-09-30 16:07:12 +00:00
9ed22f57ad
bvm-radius: actually add cuirecv policy file
2021-09-27 08:35:53 +00:00
79a06fc54f
bvm-radius: also permit User-Name attr in response
2021-09-27 08:16:48 +00:00
9773272e20
bvm-radius: request CUI
2021-09-27 08:01:14 +00:00
6b766b111d
bvm-radius: make sure nginx can see certificates
2021-09-27 08:00:41 +00:00
00a02f8772
coredns: use the correct syntax, oops
2021-09-25 21:27:24 +00:00
bbbdfd5138
as205479.net: hmm, what
2021-09-25 21:18:09 +00:00
c976214bf8
coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net
2021-09-25 21:03:14 +00:00
9c92e12742
bvm-radius: start serving as205479.net webpage
2021-09-25 20:51:24 +00:00
932afbda74
bvm-radius: require message authenticators
2021-09-25 20:36:40 +00:00
d6bd6e85ca
bvm-radius: add freeradius configuration
2021-09-25 18:28:45 +00:00
a8718864c1
swann: configure for eduroam on VLAN 100
2021-09-25 17:38:21 +00:00
f93ec18859
bvm-radius: add ACME certs for as205479.net
2021-09-25 17:38:09 +00:00
b50fa68559
coredns: delegate _acme-challenge to GCP DNS
2021-09-25 13:17:52 +00:00
8e97938d3e
bvm-radius: install eapol_test
2021-09-25 12:55:47 +00:00
f3c38e3bb2
bvm-radius: use IP rather than DNS in extraCommands
...
DNS resolution doesn't work during extraCommands, which... is probably reasonable. Let's not do that.
2021-09-25 12:39:44 +00:00
4530991827
bvm-radius: RADIUS fw/pkg setup
2021-09-25 12:32:27 +00:00
0d6ab41728
bvm-radius: add tailscale IP
2021-09-25 12:19:07 +00:00
c908e3ab5d
coredns: add RADSEC entry for as205479.net.
2021-09-25 11:45:05 +00:00
4b1fd796ae
bvm-radius: init
2021-09-24 22:50:30 +00:00
158e0afcf3
coredns: init bvm-radius
2021-09-24 22:46:44 +00:00
ccec4b308b
as205479.net: add MX records
2021-09-19 00:08:03 +00:00
19782a9e63
ops/nixos: set group for isSystemUser users
2021-09-16 19:14:30 +00:00
cb7811898c
blade-tuvok: set bgp_local_prefs
2021-09-10 20:46:05 +00:00
dbf906a9a7
blade-router: add cloudflare
2021-09-10 20:23:24 +00:00
3ba0ab045c
blade-router: remove prefix limit
2021-09-10 20:00:31 +00:00
e7bfb107b1
coredns: update mac-mini tailscale IP
2021-09-05 08:07:14 +00:00
4bb015ee0d
swann: use IPv6 endpoint for tuvok over EE
...
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
edfc04551a
totoro: set for duration on BFD alert
2021-09-02 19:24:17 +00:00
d35a0a35ba
swann: ee-scrape-data must output data with a newline
2021-09-02 19:23:03 +00:00
58b87a9f0e
swann: add ee-scrape-data, for putting allowance data into prometheus
2021-09-02 19:19:53 +00:00
683e6ffc21
totoro: add alert for BFD session failure
2021-09-02 18:35:18 +00:00
3abe727604
blade-router: add google session, which will hopefully turn up eventually
2021-08-31 20:36:26 +00:00
b4c80a07fa
blade-router: configure passive session towards AS62240
2021-08-31 16:39:23 +00:00
2c632e28d2
blade-tuvok: switch from ECMP to metrics
2021-08-31 12:12:44 +00:00
e95324c175
swann: yes, this one
2021-08-31 02:29:56 +00:00
2d0a607383
ops/nixos: enable bird-exporter-lfty
2021-08-31 02:26:50 +00:00
f7fbfa5436
nix/pkgs: init prometheus-bird-exporter-lfty
2021-08-31 02:01:38 +00:00
a0d97e082d
blade-tuvok: also NAT things going out onto linx
2021-08-31 01:37:34 +00:00
9a5b0379cb
blade-tuvok: set net.ipv6.conf.default.forwarding as well
2021-08-30 21:01:53 +01:00
b2e45b56bb
blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled
2021-08-30 20:52:20 +01:00
7134fe904a
ops/nixos: implement BFD+WG tunneling for mldn-rd
2021-08-30 19:58:21 +01:00
bc1932df9b
hm: start 1password's gui silently
2021-08-30 14:26:25 +01:00
44e22b810c
porcorosso: force wayland off
2021-08-30 14:23:20 +01:00
dbcaa51968
hgrc: remove requirement for topic
2021-08-20 23:40:53 +00:00
4b7680acae
ops/nixos/blade: force external IP to vl-transit
2021-08-20 23:34:54 +00:00
0ee916e49e
ops/nixos/bgp: don't export routes to FB
2021-08-20 23:34:43 +00:00
0dd2d5d442
ops/nixos/bgp: more filtering shenanigans
2021-08-19 00:23:09 +00:00
fdacf57ead
blade-tuvok: LINX updates
2021-08-17 01:30:33 +00:00
8ad77134ae
ops/nixos/coredns: force store paths
2021-08-16 02:32:44 +00:00
68e0ee0a18
ops/nixos/coredns: add bvm-netbox to int zone
2021-08-16 02:19:38 +00:00
05ddad31ad
bvm-netbox: complete setup
2021-08-16 02:09:47 +00:00
94078428f1
bvm-netbox: add postgresql/redis/users
2021-08-15 22:57:36 +00:00
d54d0a2ede
bvm-netbox: add tailscale IP
2021-08-15 22:57:26 +00:00
acf43c4544
bvm-netbox: fix NIC name
2021-08-15 22:48:46 +00:00
286ed4885d
ops/nixos: add bvm-netbox
2021-08-15 22:46:57 +00:00
7a3f214944
ops/nixos: switch to VLANs for uplink to veloxserv
2021-08-15 22:02:51 +00:00
c79ca35b6f
nixos/blade-router: disable routes-VRRP
...
This is no longer needed; I think actually it was some of the NixOS default
reverse-path filtering that was throwing me for a loop after all and nothing to
do with what was going on with Veloxserv.
2021-08-14 21:07:37 +00:00
23eda90726
ops/nixos/lib/common: add the running system hash to the exported metrics
2021-07-27 21:06:17 +00:00
e95ae8b3cb
porcorosso: use autorandr
2021-07-26 14:02:57 +01:00
9dfb1d205d
ops/nixos/lib/bgp: disable rp filtering on hosts running BGP
2021-07-17 14:29:04 +00:00
02bd3e4d31
bvm-nixosmgmt: enable forwarding
2021-07-17 08:41:34 +00:00
4c5f3f2d38
totoro: add raritan-sslrenew service
2021-07-17 01:45:31 +00:00
1557066375
coredns: allow tailscale net
2021-07-16 01:32:54 +00:00
ded652a595
swann: change MAC address of VM-facing interface
2021-07-15 12:18:07 +00:00
78da7c9f4d
swann: disable radvd/ndppd, add static IP for xerox printer
2021-07-15 11:55:10 +00:00
5fdf26f3e8
totoro: add alerts for smokeping
2021-07-13 00:55:53 +00:00
eea81a640e
coredns: add bvm-plesk
2021-07-10 12:19:24 +00:00
9f5c1193b6
hgrc: tweak my settings along the lines of https://octobus.net/blog/2020-11-26-modern-mercurial.html
2021-07-03 19:02:18 +00:00
8b37f0fea4
clouvider-fra01: bump limits
2021-07-03 00:46:07 +00:00
66b6252d6f
clouvider-lon01: withdraw 92.118.29.0/24
2021-07-03 00:14:54 +00:00
606ff984eb
ops/nixos: minotarproxy-as-a-lib
2021-07-01 01:48:12 +00:00
b91ba12f0f
totoro: monitor minotarproxy
2021-06-28 21:17:48 +00:00
cadeef609f
hm/hgrc: switch from hggit to in-tree git
2021-06-22 20:48:11 +00:00
072cecb2e5
hm/gc-wayland: oops, no notification attr
2021-06-22 20:27:52 +00:00
eef598ec1f
hm/graphical-client: add 1password to startup
2021-06-19 19:07:32 +01:00
f77cbec2db
porcorosso: never mind, just nvidia
2021-06-19 18:33:50 +01:00
8c75ce4ecc
porcorosso: try out nouveau+modesetting?
2021-06-19 18:31:21 +01:00
eba082c249
etheroute-lon01: renumber BGP session from 16089 to 3170
2021-06-11 12:28:30 +00:00
73b1e96727
swann: use /dev/null as /etc/hosts file for coredns
2021-05-31 23:54:07 +00:00
7195ed24c4
swann: change hosts lookup
2021-05-31 23:09:37 +00:00
c56b6b358f
coredns: add blade-{oa,vcenet1,vcenet2,vcm}
2021-05-24 13:54:14 +00:00
5c88acf507
bvm-matrix: add turns as well
2021-05-24 13:53:47 +00:00
8f724ba140
bvm-minecraft: java 8 :(
2021-05-24 02:46:48 +00:00
1fc6e8f032
coredns: bump serials
2021-05-24 02:37:27 +00:00
98d5a362f2
bvm-matrix: enable experimental_features.spaces_enabled
2021-05-24 02:34:33 +00:00
499ff8f945
coredns: move bvm to root zone, out of public
2021-05-24 02:31:09 +00:00
aa334a1ec8
bvm-minecraft: add minecraft user, java 11
2021-05-24 02:18:04 +00:00
ed79fe89bd
bvm-minecraft: init
2021-05-24 01:32:58 +00:00
1c08774667
bvm-matrix: set more secrets
2021-05-23 01:35:10 +00:00
169524b65a
bvm-matrix: tweak Element config a bit
2021-05-22 23:26:02 +00:00
da13d6af17
bvm-matrix: fix element base_url
2021-05-22 23:22:58 +00:00
1f6fc87363
bvm-matrix: add element
2021-05-22 23:17:27 +00:00
4907f97d57
bvm-matrix: some more synapse configuration, enable postfix
2021-05-22 23:13:25 +00:00
d27b23b8b0
bvm-matrix: add macaroon secret key
2021-05-22 23:02:55 +00:00
320cc36312
bvm-matrix: fix DATABASE name in GRANT
2021-05-22 22:52:24 +00:00
38b306b095
bvm-matrix: add tailscale IP
2021-05-22 22:48:03 +00:00
477ca742bd
bvm-matrix: fix interface name (enp2s0)
2021-05-22 22:45:52 +00:00
4dc516722b
ops/nixos: add bvm-matrix
2021-05-22 21:48:13 +00:00
4d8968b712
totoro: remove OME
2021-05-21 23:50:46 +00:00
bb06285f6d
swann: map www.nhs.uk to Akamai IPv6 address
2021-05-21 15:22:34 +00:00
dccdaa2608
common: map www.nhs.uk to Akamai IPv6 address
2021-05-21 15:21:29 +00:00
63ecd2d0ab
swann: metric is a string field
2021-05-15 19:38:46 +00:00
9cee25b83c
swann: use unifi rather than unifiLTS
2021-05-15 20:33:13 +01:00
098d3f4aae
swann: add dedi2.eq2.co.uk to smokeping
2021-05-13 16:33:40 +00:00
4fb2a9e8e3
swann: tighten up IPv6 config
2021-05-13 10:14:42 +00:00
564c803136
swann: accept-ra on ens-virginmedia
2021-05-12 18:20:45 +00:00
ddfb0d084d
swann: fix interface name
2021-05-12 18:19:09 +00:00
865329da21
swann: sneakily allocate myself :2
2021-05-12 18:15:57 +00:00
6ae099999f
swann: enable ndppd/radvd
2021-05-12 18:12:41 +00:00
df870ded34
as205479.net: add fp-la{,-pri,-sec}
2021-05-09 11:28:28 +00:00
34117ecd00
bvm-nixosmgmt: allocate .5
2021-05-09 10:26:34 +00:00
b7cd20c769
ops/nixos: refactoring for sway
2021-05-06 03:56:20 +01:00
1c571d965a
ops/nixos: add wayland support
2021-05-05 22:13:27 +01:00
561501afb7
howl: wait, there is no eno1
2021-05-05 21:54:02 +01:00
49c1af6624
howl: don't wait for dhcpcd
2021-05-05 00:04:30 +00:00
38a405cb72
howl: add Tailscale IP
2021-05-05 00:01:34 +00:00
df6a1fe819
howl: suspend loop workaround
2021-05-05 21:48:17 +01:00
c31da4140c
ops/nixos/howl: init
2021-04-29 12:16:49 +00:00
dfb62d8c7e
totoro: switch to postgresql_13
2021-04-25 21:44:05 +00:00
a4631a8fda
ops/nixos/lib/blade: set rgw_data_log_backing back to omap
2021-04-23 13:32:34 +00:00