Commit graph

266 commits

Author SHA1 Message Date
9472db4577 ops/nixos: consolidate Frantech VM configs into lib/frantech.nix 2022-01-08 21:49:09 +00:00
ad95bffd3d ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
f463055acf ops/nixos: pipewire for everyone 2022-01-08 21:41:30 +00:00
05be94e4d7 ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken.

At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has
DNSKEY records but there's no matching DS record at .com for it.

There are also other reports: https://github.com/systemd/systemd/issues/12388

tl;dr: it just doesn't work, let's not use that.
2022-01-08 12:09:26 +00:00
6ab12dcad5 ops/nixos: rm marukuru 2022-01-06 15:55:21 +00:00
d79265ddad ops/nixos: tidy up security.acme 2022-01-04 14:00:45 +00:00
de71fd5c9a ops/nixos/lib/common: add global DNS servers 2022-01-04 13:32:56 +00:00
8cc6e2001a ops/nixos: create permanent quotesdb user
Stop relying on DynamicUser because it messes a bit with postgres' auth.
2022-01-01 21:49:23 +00:00
67b038c2bc ops/nixos/common: turn off logRefusedConnections - it's super noisy 2022-01-01 20:56:41 +00:00
7b4e6c0e1b ops/nixos: oops, try to fix my.scrapeJournal.addr 2022-01-01 15:14:02 +00:00
c91a42948d journal2clickhouse: init 2022-01-01 15:08:52 +00:00
c5119b4882 ops/nixos: enable HTTP gateway if Tailscale is configured 2022-01-01 12:40:13 +00:00
1f13fd811d coredns: bind to specific interfaces/IPs 2022-01-01 09:03:25 +00:00
8e28b5bbfe ops/nixos: drop Google/AS15169 routes from Veloxserv to prefer RouteServer 2022-01-01 03:02:55 +00:00
bfd08b08cf ops/nixos: add fastly passive peer 2022-01-01 02:39:01 +00:00
e182171916 ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
060f2cf96b nhsenglandtests: init 2021-12-31 07:00:32 +00:00
66d1ae3939 lib/hm/graphical-client-wayland: add mako 2021-12-31 04:48:51 +00:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
837f7074ac ops/nixos: fix MAC address for vl-linx 2021-12-27 06:50:12 +00:00
a41abf3d6e ops/nixos/lib/hm: add element-desktop/element-desktop-wayland 2021-12-27 02:58:53 +00:00
ab9dd5d35a common: remove nhs.uk IPv6 mapping 2021-12-24 02:27:15 +00:00
05aea7f5f1 ops/nixos: migrate from services.redis to services.redis.servers."" 2021-12-24 02:02:57 +00:00
4e4e8de984 ops/nixos: init bvm-logger 2021-12-23 04:11:39 +00:00
69db0e2a98 baserow: add nginx to baserow group too 2021-12-21 08:31:11 +00:00
c7a9d4ef76 baserow: tweak umask for opendkim... 2021-12-21 08:22:01 +00:00
1c97d3cd15 baserow: add postfix to opendkim group 2021-12-21 08:19:27 +00:00
656df5ac5b common: add kitty.terminfo 2021-12-21 08:13:20 +00:00
ee2598c29b baserow: oops, need the config argument 2021-12-21 08:12:39 +00:00
455856d7c0 baserow: enable postfix (totoro) 2021-12-21 08:11:38 +00:00
93a070870a nix/pkgs/baserow: hooray, it works 2021-12-21 05:48:40 +00:00
5eb7f7102f bvm-heptapod: init 2021-12-17 01:28:39 +00:00
fee02312d3 blade-tuvok: move public interface off a VLAN
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.

Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00
29f7073384 ops/nixos: compatibility with NixOS 22.05 2021-12-07 19:13:04 +00:00
105fcf1d50 coredns/zones: quadv stuff 2021-12-07 16:01:57 +00:00
da0717b02c ops/nixos: don't announce QuadV net everywhere by default 2021-12-07 15:19:45 +00:00
a1ee1e396c ops/nixos: alacritty -> kitty 2021-11-28 12:51:40 +00:00
7cbd53de1a ops/nixos: add blast configs 2021-11-25 17:14:03 +00:00
86e0ce9af9 nix/pkgs/datez: init 2021-11-18 21:33:40 +00:00
9c8f3824a8 ops/nixos/lib/blade: virtualisation.libvirtd.qemuRunAsRoot -> virtualisation.libvirtd.qemu.runAsRoot 2021-11-05 01:34:04 +00:00
a4f786f709 hm: add su-cinema-ernie 2021-10-19 07:53:59 +01:00
00a02f8772 coredns: use the correct syntax, oops 2021-09-25 21:27:24 +00:00
bbbdfd5138 as205479.net: hmm, what 2021-09-25 21:18:09 +00:00
c976214bf8 coredns: _acme-challenge.www.as205479.net -> _acme-challenge.as205479.net 2021-09-25 21:03:14 +00:00
9c92e12742 bvm-radius: start serving as205479.net webpage 2021-09-25 20:51:24 +00:00
a8718864c1 swann: configure for eduroam on VLAN 100 2021-09-25 17:38:21 +00:00
b50fa68559 coredns: delegate _acme-challenge to GCP DNS 2021-09-25 13:17:52 +00:00
0d6ab41728 bvm-radius: add tailscale IP 2021-09-25 12:19:07 +00:00
c908e3ab5d coredns: add RADSEC entry for as205479.net. 2021-09-25 11:45:05 +00:00