616a441451
clouvider-lon01: swap back to the other save
2022-02-02 02:20:19 +00:00
28b70d8e5a
clouvider-lon01: swap game save
2022-02-01 22:56:21 +00:00
11739cc4c6
clouvider-lon01: change factorio savegame
2022-01-31 23:35:18 +00:00
cbabb6f211
ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents
2022-01-30 20:30:20 +00:00
14a8bd4945
lib/blade-router: fix
2022-01-30 20:22:10 +00:00
1cd0963bf5
blade-tuvok: add the forced-MAC's LL address
2022-01-30 17:54:59 +00:00
947d959cfe
hm/graphical-client-wayland: swap to env variable + normal element-desktop
2022-01-30 16:46:01 +00:00
652cb68e09
bgp: avoid sending routes to clouvider over routeservers
2022-01-30 15:57:35 +00:00
e6b3dab777
clouvider-fra01: readd deluge
2022-01-24 22:08:38 +00:00
4065f9ac28
ops/nixos/hm: add vault
2022-01-23 23:58:55 +00:00
e30a6d203b
porcorosso: reconfigure monitors again
2022-01-23 23:38:52 +00:00
7c418666fe
ops/nixos: add some vault-agent setup
2022-01-23 23:38:40 +00:00
3ad4c2399a
nix/pkgs/lutris: add more deps
2022-01-23 23:37:19 +00:00
4729529b4d
totoro: move plex stuff onto a macVLAN interface
2022-01-23 17:58:04 +00:00
7673e8be9d
bvm-radius: take roaming2 out of the rotation
2022-01-23 17:57:52 +00:00
4b14ea5b4d
ops/nixos: remove rebuilder
...
It's in the common profile, we don't need it everywhere.
2022-01-23 16:57:20 +00:00
3eb564f12b
ops/nixos: factor out various things from clouvider-fra01
2022-01-23 16:58:29 +00:00
bf8e6b62ed
ops/nixos/hm: switch to networkmanagerapplet
2022-01-20 22:50:47 +00:00
bd3c7c090e
totoro: add HA config
2022-01-17 04:04:07 +00:00
6276e4b620
ops/nixos: add common-updater-scripts to hm/client
2022-01-16 18:04:24 +00:00
d8186b8f14
ops/nixos/graphical-client: enable gnome-keyring
2022-01-16 18:04:14 +00:00
afae9bec9a
totoro: add some home-assistant gubbins
2022-01-17 02:38:33 +00:00
eb3b306439
Backed out changeset 073cf55ed346
...
Mischief managed
2022-01-15 13:32:47 +00:00
687d72cfdc
ops/nixos: experiment with ECMP
2022-01-15 13:32:41 +00:00
9be6bcaf2d
ops/nixos: set up gnetwork link
2022-01-14 19:42:06 +00:00
7cfef2cd98
coredns/zones: add lukegb01.ring.nlnog.net
2022-01-10 23:35:54 +00:00
9ccf3b333d
blade-tuvok: provide a proper path to the sysctl utility
2022-01-10 22:40:57 +00:00
4f0a7b60bc
ops/nixos: use higher-priority 'mkDefault'
2022-01-09 21:38:17 +00:00
ea10f06a4c
ops/nixos: more cleanups
2022-01-09 00:22:52 +00:00
2770e7c086
porcorosso: tweak setup-display so that it overrides panning
2022-01-08 22:17:13 +00:00
9472db4577
ops/nixos: consolidate Frantech VM configs into lib/frantech.nix
2022-01-08 21:49:09 +00:00
ad95bffd3d
ops/nixos: tidy up networking.useDHCP
2022-01-08 21:45:18 +00:00
f463055acf
ops/nixos: pipewire for everyone
2022-01-08 21:41:30 +00:00
4b2c0f7fa8
porcorosso: set up PRIME so we can draw to my laptop's internal display!
2022-01-08 21:28:03 +00:00
1348172aba
porcorosso: remove unused hyperv config
2022-01-08 19:54:03 +00:00
1b4b7f0a80
porcorosso: remove default.pa
2022-01-08 19:45:55 +00:00
2ddd50aef4
etheroute-lon01: disable TLS verification for totoro
...
For some reason this is failing with a TLS alert that the certificate
is expired???
2022-01-07 15:23:43 +00:00
fe09e44c5c
porcorosso: block i2c-nvidia-gpu, causes X11 to fail to init
2022-01-07 12:51:18 +00:00
bac7e1fb69
porcorosso: remove blast config
2022-01-07 12:42:55 +00:00
05be94e4d7
ops/nixos/common: disable DNSSEC in systemd-resolved
...
It's super broken.
At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has
DNSKEY records but there's no matching DS record at .com for it.
There are also other reports: https://github.com/systemd/systemd/issues/12388
tl;dr: it just doesn't work, let's not use that.
2022-01-08 12:09:26 +00:00
506a584dea
totoro: set up podman socket support
2022-01-08 12:08:04 +00:00
9e79ad0cfa
bvm-radius: add new roaming2.ja.net IPs
2022-01-07 11:49:24 +00:00
5001971b87
totoro: add bvm-.* alerts
2022-01-06 17:51:39 +00:00
6ab12dcad5
ops/nixos: rm marukuru
2022-01-06 15:55:21 +00:00
d79265ddad
ops/nixos: tidy up security.acme
2022-01-04 14:00:45 +00:00
de71fd5c9a
ops/nixos/lib/common: add global DNS servers
2022-01-04 13:32:56 +00:00
8cc6e2001a
ops/nixos: create permanent quotesdb user
...
Stop relying on DynamicUser because it messes a bit with postgres' auth.
2022-01-01 21:49:23 +00:00
3318874168
marukuru: remove heptapod{,-runner}
2022-01-01 21:31:01 +00:00
67b038c2bc
ops/nixos/common: turn off logRefusedConnections - it's super noisy
2022-01-01 20:56:41 +00:00
37e36418a1
bvm-logger: add custom clickhouse config
...
Just make it less spammy into the journal, sheesh.
2022-01-01 16:31:05 +00:00
730d057e18
bvm-logger: enable journal2clickhouse for real
2022-01-01 15:24:32 +00:00
7b4e6c0e1b
ops/nixos: oops, try to fix my.scrapeJournal.addr
2022-01-01 15:14:02 +00:00
c91a42948d
journal2clickhouse: init
2022-01-01 15:08:52 +00:00
c5119b4882
ops/nixos: enable HTTP gateway if Tailscale is configured
2022-01-01 12:40:13 +00:00
1f13fd811d
coredns: bind to specific interfaces/IPs
2022-01-01 09:03:25 +00:00
8e28b5bbfe
ops/nixos: drop Google/AS15169 routes from Veloxserv to prefer RouteServer
2022-01-01 03:02:55 +00:00
bfd08b08cf
ops/nixos: add fastly passive peer
2022-01-01 02:39:01 +00:00
6cfcd10e06
swann: use the router's public IP when making connections
...
For v6, the link is on an unrouted subnet so there's no way to address it from
outside. We don't want Linux to use the v6 subnet for connections it makes, so
we ask politely that the source on the route is actually an IP address that we
Like.
2022-01-01 02:11:59 +00:00
3458c7766e
swann: switch from prod.euw1.riotgames.com to euw1.api.riotgames.com
...
The former appears to resolve, but no longer respond to ICMP ping (even from a
different network). Switch to the documented API endpoint, which still
responds to ICMP ping.
2022-01-01 01:31:56 +00:00
3e98fae657
bvm-heptapod: autoStart deployer container
2022-01-01 00:43:15 +00:00
e182171916
ops/nixos: disable LLMNR
2022-01-01 00:41:37 +00:00
297e9c97e7
bvm-heptapod: add deployer container
2022-01-01 00:22:35 +00:00
8b3e77de1e
swann: coredns shouldn't bind to 127.0.0.53 because systemd-resolved wants it
2021-12-31 23:52:57 +00:00
afc4834723
porcorosso: enable TLP for battery saving in laptop mode
2021-12-31 23:52:40 +00:00
a35a702e7d
ops/nixos: disable avahi
...
We're using systemd-resolved, so just disable Avahi now.
2021-12-31 23:51:35 +00:00
f35a79444c
ops/nixos: add better support for specialisations
2021-12-31 23:51:09 +00:00
060f2cf96b
nhsenglandtests: init
2021-12-31 07:00:32 +00:00
66d1ae3939
lib/hm/graphical-client-wayland: add mako
2021-12-31 04:48:51 +00:00
2d77689ed9
howl: enable bluetooth
2021-12-31 04:47:53 +00:00
6cb1af2f35
ops/nixos: start using systemd-resolved
2021-12-28 18:42:42 +00:00
837f7074ac
ops/nixos: fix MAC address for vl-linx
2021-12-27 06:50:12 +00:00
a41abf3d6e
ops/nixos/lib/hm: add element-desktop/element-desktop-wayland
2021-12-27 02:58:53 +00:00
ab9dd5d35a
common: remove nhs.uk IPv6 mapping
2021-12-24 02:27:15 +00:00
ca6de1910d
swann: services.unifi.openPorts -> openFirewall
2021-12-24 02:03:36 +00:00
05aea7f5f1
ops/nixos: migrate from services.redis to services.redis.servers.""
2021-12-24 02:02:57 +00:00
e55a824929
bvm-logger: install clickhouse
2021-12-24 01:50:59 +00:00
4e4e8de984
ops/nixos: init bvm-logger
2021-12-23 04:11:39 +00:00
69db0e2a98
baserow: add nginx to baserow group too
2021-12-21 08:31:11 +00:00
c7a9d4ef76
baserow: tweak umask for opendkim...
2021-12-21 08:22:01 +00:00
1c97d3cd15
baserow: add postfix to opendkim group
2021-12-21 08:19:27 +00:00
656df5ac5b
common: add kitty.terminfo
2021-12-21 08:13:20 +00:00
ee2598c29b
baserow: oops, need the config argument
2021-12-21 08:12:39 +00:00
455856d7c0
baserow: enable postfix (totoro)
2021-12-21 08:11:38 +00:00
93a070870a
nix/pkgs/baserow: hooray, it works
2021-12-21 05:48:40 +00:00
576896970a
bvm-heptapod: add more heptapod
2021-12-18 04:15:53 +00:00
5eb7f7102f
bvm-heptapod: init
2021-12-17 01:28:39 +00:00
fee02312d3
blade-tuvok: move public interface off a VLAN
...
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.
Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00
d99fe8b153
depot: fixups
2021-12-08 02:37:12 +00:00
29f7073384
ops/nixos: compatibility with NixOS 22.05
2021-12-07 19:13:04 +00:00
b6e4741320
etheroute-lon01: stateful firewall for forwarded packets
2021-12-07 17:25:59 +00:00
81b19971d1
etheroute-lon01: IPIP shouldn't bind to that
2021-12-07 16:48:48 +00:00
a344287e92
etheroute-lon01: fix up IPIP
2021-12-07 16:13:32 +00:00
105fcf1d50
coredns/zones: quadv stuff
2021-12-07 16:01:57 +00:00
41c85d898b
etheroute-lon01: export QuadV net
2021-12-07 15:48:50 +00:00
da0717b02c
ops/nixos: don't announce QuadV net everywhere by default
2021-12-07 15:19:45 +00:00
a1ee1e396c
ops/nixos: alacritty -> kitty
2021-11-28 12:51:40 +00:00
7cbd53de1a
ops/nixos: add blast configs
2021-11-25 17:14:03 +00:00
1eda43af34
go/trains: go! trains!
2021-11-23 12:32:01 +00:00
6d21c17a2a
totoro: increase ping latency threshold
2021-11-18 21:36:22 +00:00
86e0ce9af9
nix/pkgs/datez: init
2021-11-18 21:33:40 +00:00
84c965f7cd
totoro: give postgresql more resources to play with
2021-11-18 20:40:28 +00:00
0621fbfbf1
go/streetworks: init, schedule on totoro
2021-11-08 20:08:56 +00:00
94470110ed
totoro: scrape prometheus data from 2112 for trains
2021-11-07 18:14:42 +00:00
4cb0716c91
ops/nixos: move minotarproxy back to clouvider-lon01
...
Closes #13 .
2021-11-06 19:56:06 +00:00
9c8f3824a8
ops/nixos/lib/blade: virtualisation.libvirtd.qemuRunAsRoot -> virtualisation.libvirtd.qemu.runAsRoot
2021-11-05 01:34:04 +00:00
0b8196b04f
kusakabe: expunge
2021-11-05 01:30:45 +00:00
72a2867e63
ops/nixos: enable X11 forwarding for some hosts
2021-11-05 01:29:53 +00:00
8834def522
clouvider-fra01: add content to port 18081 as well
2021-10-31 12:35:05 +00:00
a241cf7e82
porcorosso: switch back to nvidia
2021-10-31 11:38:34 +00:00
fad32fad6b
marukuru: set accept_ra=2 for eth0
2021-10-22 19:39:46 +01:00
c769f2aeb6
bvm-prosody: keep messages forever
2021-10-22 19:39:32 +01:00
b9034f71aa
porcorosso: enable bluetooth
2021-10-22 02:49:50 +01:00
a4f786f709
hm: add su-cinema-ernie
2021-10-19 07:53:59 +01:00
b94b586d5b
clouvider-fra01: add content.int.lukegb.com
2021-10-19 07:06:37 +01:00
7b0e63d99c
porcorosso: intel, again
2021-10-19 05:14:58 +01:00
c535655086
totoro/swann: do shenanigans with PS5 RTMP
2021-09-30 17:10:52 +00:00
fb16bea95c
swann: give PS5 a static IP
2021-09-30 16:07:12 +00:00
9ed22f57ad
bvm-radius: actually add cuirecv policy file
2021-09-27 08:35:53 +00:00
79a06fc54f
bvm-radius: also permit User-Name attr in response
2021-09-27 08:16:48 +00:00
9773272e20
bvm-radius: request CUI
2021-09-27 08:01:14 +00:00
6b766b111d
bvm-radius: make sure nginx can see certificates
2021-09-27 08:00:41 +00:00
00a02f8772
coredns: use the correct syntax, oops
2021-09-25 21:27:24 +00:00
bbbdfd5138
as205479.net: hmm, what
2021-09-25 21:18:09 +00:00
c976214bf8
coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net
2021-09-25 21:03:14 +00:00
9c92e12742
bvm-radius: start serving as205479.net webpage
2021-09-25 20:51:24 +00:00
932afbda74
bvm-radius: require message authenticators
2021-09-25 20:36:40 +00:00
d6bd6e85ca
bvm-radius: add freeradius configuration
2021-09-25 18:28:45 +00:00
a8718864c1
swann: configure for eduroam on VLAN 100
2021-09-25 17:38:21 +00:00
f93ec18859
bvm-radius: add ACME certs for as205479.net
2021-09-25 17:38:09 +00:00
b50fa68559
coredns: delegate _acme-challenge to GCP DNS
2021-09-25 13:17:52 +00:00
8e97938d3e
bvm-radius: install eapol_test
2021-09-25 12:55:47 +00:00
f3c38e3bb2
bvm-radius: use IP rather than DNS in extraCommands
...
DNS resolution doesn't work during extraCommands, which... is probably reasonable. Let's not do that.
2021-09-25 12:39:44 +00:00
4530991827
bvm-radius: RADIUS fw/pkg setup
2021-09-25 12:32:27 +00:00
0d6ab41728
bvm-radius: add tailscale IP
2021-09-25 12:19:07 +00:00
c908e3ab5d
coredns: add RADSEC entry for as205479.net.
2021-09-25 11:45:05 +00:00
4b1fd796ae
bvm-radius: init
2021-09-24 22:50:30 +00:00
158e0afcf3
coredns: init bvm-radius
2021-09-24 22:46:44 +00:00
ccec4b308b
as205479.net: add MX records
2021-09-19 00:08:03 +00:00
19782a9e63
ops/nixos: set group for isSystemUser users
2021-09-16 19:14:30 +00:00
cb7811898c
blade-tuvok: set bgp_local_prefs
2021-09-10 20:46:05 +00:00
dbf906a9a7
blade-router: add cloudflare
2021-09-10 20:23:24 +00:00
3ba0ab045c
blade-router: remove prefix limit
2021-09-10 20:00:31 +00:00
e7bfb107b1
coredns: update mac-mini tailscale IP
2021-09-05 08:07:14 +00:00
4bb015ee0d
swann: use IPv6 endpoint for tuvok over EE
...
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
edfc04551a
totoro: set for duration on BFD alert
2021-09-02 19:24:17 +00:00
d35a0a35ba
swann: ee-scrape-data must output data with a newline
2021-09-02 19:23:03 +00:00
58b87a9f0e
swann: add ee-scrape-data, for putting allowance data into prometheus
2021-09-02 19:19:53 +00:00
683e6ffc21
totoro: add alert for BFD session failure
2021-09-02 18:35:18 +00:00
3abe727604
blade-router: add google session, which will hopefully turn up eventually
2021-08-31 20:36:26 +00:00
b4c80a07fa
blade-router: configure passive session towards AS62240
2021-08-31 16:39:23 +00:00
2c632e28d2
blade-tuvok: switch from ECMP to metrics
2021-08-31 12:12:44 +00:00
e95324c175
swann: yes, this one
2021-08-31 02:29:56 +00:00
2d0a607383
ops/nixos: enable bird-exporter-lfty
2021-08-31 02:26:50 +00:00
f7fbfa5436
nix/pkgs: init prometheus-bird-exporter-lfty
2021-08-31 02:01:38 +00:00
a0d97e082d
blade-tuvok: also NAT things going out onto linx
2021-08-31 01:37:34 +00:00
9a5b0379cb
blade-tuvok: set net.ipv6.conf.default.forwarding as well
2021-08-30 21:01:53 +01:00
b2e45b56bb
blade-tuvok: make sure wg-endpoint sysctl gets forwarding enabled
2021-08-30 20:52:20 +01:00
7134fe904a
ops/nixos: implement BFD+WG tunneling for mldn-rd
2021-08-30 19:58:21 +01:00
bc1932df9b
hm: start 1password's gui silently
2021-08-30 14:26:25 +01:00
44e22b810c
porcorosso: force wayland off
2021-08-30 14:23:20 +01:00
dbcaa51968
hgrc: remove requirement for topic
2021-08-20 23:40:53 +00:00
4b7680acae
ops/nixos/blade: force external IP to vl-transit
2021-08-20 23:34:54 +00:00
0ee916e49e
ops/nixos/bgp: don't export routes to FB
2021-08-20 23:34:43 +00:00
0dd2d5d442
ops/nixos/bgp: more filtering shenanigans
2021-08-19 00:23:09 +00:00
fdacf57ead
blade-tuvok: LINX updates
2021-08-17 01:30:33 +00:00
8ad77134ae
ops/nixos/coredns: force store paths
2021-08-16 02:32:44 +00:00
68e0ee0a18
ops/nixos/coredns: add bvm-netbox to int zone
2021-08-16 02:19:38 +00:00
05ddad31ad
bvm-netbox: complete setup
2021-08-16 02:09:47 +00:00
94078428f1
bvm-netbox: add postgresql/redis/users
2021-08-15 22:57:36 +00:00
d54d0a2ede
bvm-netbox: add tailscale IP
2021-08-15 22:57:26 +00:00
acf43c4544
bvm-netbox: fix NIC name
2021-08-15 22:48:46 +00:00
286ed4885d
ops/nixos: add bvm-netbox
2021-08-15 22:46:57 +00:00
7a3f214944
ops/nixos: switch to VLANs for uplink to veloxserv
2021-08-15 22:02:51 +00:00
c79ca35b6f
nixos/blade-router: disable routes-VRRP
...
This is no longer needed; I think actually it was some of the NixOS default
reverse-path filtering that was throwing me for a loop after all and nothing to
do with what was going on with Veloxserv.
2021-08-14 21:07:37 +00:00
23eda90726
ops/nixos/lib/common: add the running system hash to the exported metrics
2021-07-27 21:06:17 +00:00
e95ae8b3cb
porcorosso: use autorandr
2021-07-26 14:02:57 +01:00
9dfb1d205d
ops/nixos/lib/bgp: disable rp filtering on hosts running BGP
2021-07-17 14:29:04 +00:00
02bd3e4d31
bvm-nixosmgmt: enable forwarding
2021-07-17 08:41:34 +00:00
4c5f3f2d38
totoro: add raritan-sslrenew service
2021-07-17 01:45:31 +00:00
74fe28add8
ops/raritan/ssl-renew: init
2021-07-17 01:33:01 +00:00
1557066375
coredns: allow tailscale net
2021-07-16 01:32:54 +00:00
ded652a595
swann: change MAC address of VM-facing interface
2021-07-15 12:18:07 +00:00
78da7c9f4d
swann: disable radvd/ndppd, add static IP for xerox printer
2021-07-15 11:55:10 +00:00
5fdf26f3e8
totoro: add alerts for smokeping
2021-07-13 00:55:53 +00:00
eea81a640e
coredns: add bvm-plesk
2021-07-10 12:19:24 +00:00
9f5c1193b6
hgrc: tweak my settings along the lines of https://octobus.net/blog/2020-11-26-modern-mercurial.html
2021-07-03 19:02:18 +00:00
8b37f0fea4
clouvider-fra01: bump limits
2021-07-03 00:46:07 +00:00
66b6252d6f
clouvider-lon01: withdraw 92.118.29.0/24
2021-07-03 00:14:54 +00:00
606ff984eb
ops/nixos: minotarproxy-as-a-lib
2021-07-01 01:48:12 +00:00
b91ba12f0f
totoro: monitor minotarproxy
2021-06-28 21:17:48 +00:00
cadeef609f
hm/hgrc: switch from hggit to in-tree git
2021-06-22 20:48:11 +00:00
072cecb2e5
hm/gc-wayland: oops, no notification attr
2021-06-22 20:27:52 +00:00
eef598ec1f
hm/graphical-client: add 1password to startup
2021-06-19 19:07:32 +01:00
f77cbec2db
porcorosso: never mind, just nvidia
2021-06-19 18:33:50 +01:00
8c75ce4ecc
porcorosso: try out nouveau+modesetting?
2021-06-19 18:31:21 +01:00
eba082c249
etheroute-lon01: renumber BGP session from 16089 to 3170
2021-06-11 12:28:30 +00:00
73b1e96727
swann: use /dev/null as /etc/hosts file for coredns
2021-05-31 23:54:07 +00:00
7195ed24c4
swann: change hosts lookup
2021-05-31 23:09:37 +00:00
c56b6b358f
coredns: add blade-{oa,vcenet1,vcenet2,vcm}
2021-05-24 13:54:14 +00:00
5c88acf507
bvm-matrix: add turns as well
2021-05-24 13:53:47 +00:00