Commit graph

1047 commits

Author SHA1 Message Date
721018520b etheroute-lon01/pomerium: enable http redirect server 2020-12-28 15:40:13 +00:00
41bdeda58a pomerium: various fixups to make this work 2020-12-28 15:27:18 +00:00
10c6ddc4c9 etheroute-lon01: install pomerium 2020-12-28 14:08:24 +00:00
3ee1906b97 ops/nixos: init etheroute-lon01 2020-12-26 23:36:34 +00:00
161ed2af50 porcorosso: add lukegb to lxd group 2020-12-26 15:41:02 +00:00
8e2670548d porcorosso: enable lxd 2020-12-26 15:39:41 +00:00
ee5a7dc6ec porcorosso: intel 2020-12-23 23:35:16 +00:00
34d9b4eda5 hm/graphical-client: pull in nm-applet only for i3 2020-12-19 19:39:13 +00:00
9a14eadbb6 porcorosso: move intel selection to a nixos specialisation 2020-12-19 19:38:57 +00:00
cb4ba45b1b hm/graphical-client: enable nm-applet
I'm assuming (probably wrongly) that anything using my graphical-client preset
is _also_ using NetworkManager, which is probably true for real client machines
but may not be true on terminal services machines which also end up with this
preset.

Whatever, I'll work it out later.
2020-12-19 19:25:15 +00:00
d13dca3f02 porcorosso: switch to intel again 2020-12-19 19:23:02 +00:00
c59b3843c7 porcorosso: enable fwupd 2020-12-19 19:26:36 +00:00
2e50ce0489 porcorosso: enable the intermec-cups-driver 2020-12-19 19:26:25 +00:00
808b506123 ops/nixos/lib/low-space: fix 2020-12-06 15:22:40 +00:00
26de73b0fb marukuru: set journald SystemMaxUse to cap log size 2020-12-06 15:18:14 +00:00
9244e44518 ops/nixos/lib/common: add lukegb to 'audio' group 2020-12-03 03:00:40 +00:00
7b9191f261 clouvider-lon01: factorio: open firewall 2020-11-30 19:53:57 +00:00
23e97ff266 ops/nixos: add whitby-distributed to clouvider-lon01 2020-11-30 23:21:56 +00:00
52fc2c36dc clouvider-fra01: bump stateVersion, yolo
This will cause Deluge to update to Deluge2.
2020-11-29 02:31:29 +00:00
a589ca3e1f ops/nixos: remove propagatedBuildInputs from mercurial override 2020-11-25 13:12:36 +00:00
b82fbfb9f8 porcorosso: add obs-studio 2020-11-25 02:13:14 +00:00
8c36ae940b clouvider-lon01: add factorio server 2020-11-24 04:50:31 +00:00
311fc015f4 porcorosso: install Factorio 2020-11-24 02:56:18 +00:00
094f2334f8 ops/nixos/lib/home-manager: swap isDarwin for 'is external' check 2020-11-23 16:47:17 +00:00
80e85feede home-manager-ext: init
To allow using my home-manager config on Darwin (and other non-NixOS
machines), I introduce the concept of home-manager-ext, which gives
me a much easier hook to import my config elsewhere.
2020-11-23 07:22:00 -08:00
0f86867d05 porcorosso: swap /root for a bindmount instead 2020-11-23 15:19:23 +00:00
2043572a2b porcorosso: make /root a /persist/root symlink 2020-11-22 14:44:49 +00:00
5de4937d6d Add a GITHUB_TOKEN to my environment everywhere. 2020-11-21 00:51:24 +00:00
26352c7065 ops/nixos: add ability to define additional things to be scraped, use this for coredns 2020-11-18 02:02:23 +00:00
588a47e97f swann: set swann as DNS server for DHCP 2020-11-18 01:50:16 +00:00
68deb62b38 swann: enable coredns and use google public DNS over TLS 2020-11-18 01:49:44 +00:00
c0a6e48970 ops/nixos: add dnsutils to common for dig 2020-11-18 01:27:50 +00:00
087d774b56 swann: forward port 80 and 443 to totoro 2020-11-18 01:31:57 +00:00
2df9344303 totoro: set up pancake 2020-11-17 03:14:04 +00:00
4cb36fffbb totoro: add /srv and /srv/pancake 2020-11-17 02:39:01 +00:00
a31599ad1b ops/nixos: add restic everywhere 2020-11-17 02:21:46 +00:00
4a0897b0cb ops/nixos: add new packages, move other packages around 2020-11-17 02:10:23 +00:00
492d57ef29 hm/graphical-client: enable vaapi on chromium 2020-11-15 21:29:15 +00:00
8a9c00c7f0 porcorosso: add some vdpau/vaapi packages 2020-11-15 21:23:47 +00:00
6c91bbe714 hm: set up ssh 2020-11-09 00:21:32 +00:00
f2c8e2d3bf hm/graphical-client: set up session vars 2020-11-08 15:49:12 +00:00
07b76f5cf9 clouvider-lon01: only listen on specified IPs 2020-11-07 14:20:46 +00:00
b2384d844d clouvider-lon01: disable automatic nix-gc
It's used as a Nix build cache machine - since we don't have gcroot
generation, it's better to just not collect garbage for the moment.
2020-11-06 05:21:37 +00:00
65c2fce8a7 swann: add unifi-poller 2020-11-06 05:02:05 +00:00
17ac1212dd ops/nixos: add totoro as prometheus box; enable node-exporter everywhere 2020-11-06 04:52:54 +00:00
eba4f33a63 totoro: remove openshift cruft 2020-11-06 04:11:16 +00:00
b58f13a145 ops/nixos: globally enable zramSwap 2020-11-05 02:03:20 +00:00
57d4f7f05e nixos/home-manager: do ssh-add when making a login shell 2020-11-05 01:57:55 +00:00
bad3be7574 ops: tweak SSH auth; add red solo SK-resident key 2020-11-05 01:50:16 +00:00
2c0b4e3bb6 porcorosso: add libvirtd 2020-11-03 16:03:22 +00:00
cc5152300c marukuru/deployer: expose tailscale IPs 2020-11-04 21:58:49 +00:00
82c751a6e4 swann: install Unifi controller 2020-11-04 21:53:14 +00:00
a507a5380d ops/nixos: allow all traffic in on tailscale0 2020-11-04 21:53:02 +00:00
8d4b7f8c47 bgp: add default to satisfy ixvm-fra01 2020-11-04 17:41:28 +00:00
855feececa clouvider-lon01: set up as cache builder 2020-11-04 17:30:28 +00:00
252ad42fb2 clouvider-lon01: add minotarproxy 2020-11-04 17:23:52 +00:00
db911ee156 porcorosso: add libvirt persistance 2020-11-04 17:09:53 +00:00
86a09dab73 clouvider-lon01: add minotarproxy IPs 2020-11-04 16:41:15 +00:00
4da102053c clouvider-lon01: add ZNC 2020-11-04 16:27:46 +00:00
129bdd0e69 clouvider-lon01: update tailscale IP 2020-11-04 15:53:18 +00:00
7795bd1d0f clouvider-lon01: init 2020-11-04 15:51:55 +00:00
1233ac2d14 swann: tweak firewall params 2020-11-04 14:27:19 +00:00
d78f055270 ops: add lukegb_porcorosso_linux key 2020-11-03 15:25:03 +00:00
847e827d0a depot: fix up things 2020-11-01 21:39:25 +00:00
7a19e14649 ops/nixos: define a new my.ip.tailscale option which gets put into /etc/hosts everywhere 2020-11-01 18:25:01 +00:00
9499761e7f home-manager: set EDITOR and VISUAL to vim 2020-11-01 18:11:48 +00:00
658c98934b nixos/lib/common: update SSH authorized_keys 2020-11-01 14:42:52 +00:00
72ae247e4a swann: tune cake parameters 2020-11-01 14:33:18 +00:00
3acb27f020 swann: init 2020-11-01 14:25:17 +00:00
74371dbe8a totoro: add br-int interface 2020-10-31 17:04:30 +00:00
d3bee9d2de ops/nixos: import home-manager into lib/common 2020-10-31 11:44:52 +00:00
4ea585daa2 ixvm-fra01: update to new ASN 2020-10-28 14:41:42 +00:00
f5c80fe35d ops/nixos: further tweaks 2020-10-25 12:00:15 +00:00
29fa1e35fd nixos: start using home-manager 2020-10-25 11:36:16 +00:00
4e14ee8111 ops/nixos: mark nix.gc.automatic as default 2020-10-18 12:59:33 +00:00
e3f83ad608 ops/nixos: run nix-collect-garbage daily, except on clients 2020-10-18 01:17:35 +00:00
1aa2236f64 graphical-client: add dino 2020-10-17 12:17:47 +01:00
89d3afd8f0 ops/nixos: move some things into a graphical-clients module 2020-10-17 12:17:18 +01:00
6edb818126 ixvm-fra01: add kernel modules for VirtIO disk 2020-10-15 13:50:52 +00:00
3bab7ede2d totoro: add secretsync 2020-10-15 13:22:18 +00:00
d5d4d6eb33 kusakabe: updates for XMPP 2020-10-15 13:24:37 +00:00
e0969055f6 ops/nixos: make references to nixpkgs modules use relative paths 2020-10-10 19:39:26 +00:00
11a7fefe1c totoro: add openshift dependencies, tailscale expose 192.168.1.0/24 2020-09-13 15:16:03 +00:00
949c86e816 kusakabe: enable send-proxy-v2 for requests to OKD haproxy 2020-10-06 00:29:37 +00:00
382dad7c6d marukuru: add nix config to deployer container 2020-10-04 03:00:03 +01:00
190606746c ops/nixos/lib/common: add the binary cache credentials to nix.envVars 2020-10-04 02:56:34 +01:00
ee7ad0adfd kusakabe: also expose k8s apiserver 2020-10-04 01:15:58 +01:00
27f446fa8e porcorosso: enable podman 2020-10-04 01:03:28 +01:00
2c613bf2f1 porcorosso: switch back to nvidia 2020-10-04 00:11:45 +01:00
4b878360f5 kusakabe: add postgresql for twitterchiver 2020-10-03 23:13:20 +00:00
2b4f4d6b16 kusakabe: revamp config as VM host 2020-10-02 14:21:49 +00:00
7b53535355 misc: fix up after nixpkgs update 2020-09-30 17:39:34 +00:00
ae0eda1ba8 marukuru: disable gitlab's built-in prometheus instance 2020-09-30 16:09:41 +00:00
0a3a2043b1 porcorosso: switch to intel for X11; I'm on the move 2020-08-22 17:07:43 +01:00
ea8020262c ops/nixos/lib/common: add rsync 2020-09-07 10:59:47 +00:00
96f736ab7e marukuru/deployer: add rsync 2020-09-07 11:05:24 +00:00
03e5dbd72e kusakabe: enable libvirtd 2020-09-07 10:47:43 +00:00
054c4ee1dd porcorosso: remove obsolete fonts.fontconfig.penultimate option 2020-09-06 17:02:27 +00:00
ab0f4b5863 ops/nixos/lib/common: replace deployer password with ! 2020-09-06 16:45:56 +00:00
7b61a7e558 marukuru: migrate to virtualisation.oci-containers 2020-09-06 16:38:54 +00:00
863c7028f0 ops/nixos: add tailscale to common 2020-09-06 16:26:48 +00:00
36cca90e55 ops/nixos: add kusakabe 2020-09-05 18:37:06 +00:00
a71cb99af8 nixos/porcorosso: add totoro as a builder 2020-07-19 18:47:40 +01:00
24ba5c1c36 nixos: abstract out distributed builds 2020-07-19 18:20:21 +01:00
d629c95212 ops/nixos/totoro: add oven-media-engine 2020-07-19 17:59:20 +01:00
2088559ef5 porcorosso: add totoro mount 2020-07-19 17:49:56 +01:00
5efba00e97 ops/nixos/lib/common: add tmux 2020-07-08 18:36:21 +00:00
a74909c070 totoro: add irssi 2020-07-08 18:35:48 +00:00
a1115de05f totoro: use whitby as a build machine 2020-07-08 18:34:33 +00:00
88fbb167c9 totoro: add NFS 2020-07-04 19:36:38 +00:00
279be2c2c3 porcorosso: install virtmanager{,-qt} 2020-06-28 23:24:53 +01:00
a62a67ffd2 totoro: add lukegb to libvirtd group 2020-06-28 22:23:43 +00:00
78fee25f20 totoro: set up libvirt 2020-06-28 22:22:43 +00:00
e1c3016e0e totoro: add client 2020-06-28 18:38:49 +00:00
00e2f9e1d3 ops/nixos: factor things useful on general 'workstation' machines out 2020-06-28 19:38:20 +01:00
21fa99f68e porcorosso: add ripgrep 2020-06-28 19:33:06 +01:00
002c0cafc7 totoro: init 2020-06-28 18:32:52 +00:00
39cf295d69 porcorosso: remove hardware.u2f 2020-06-20 23:13:51 +01:00
d32ee29a2d porcorosso: postgresql/redis 2020-06-20 23:11:24 +01:00
1506327979 hgrc: fix smartlogstart 2020-06-18 00:20:00 +01:00
f3d1fee59d nix/pkgs: add bazel-run userenv 2020-06-16 09:39:54 +01:00
a7945b45f9 porcorosso: add go 2020-06-13 18:31:37 +01:00
6b09925449 porcorosso: tweak NTFS mount settings 2020-06-13 18:29:10 +01:00
48011ebba9 licensing: Apache-2.0, make almost reuse-lint clean 2020-06-07 15:03:12 +01:00
15c82b0498 local repo fixups after bump of nixpkgs 2020-06-06 13:12:39 +01:00
2d8e414bc0 ops/nixos/clouvider-fra01: enable Label plugin in Deluge 2020-06-06 00:46:24 +00:00
6f62ebd120 clouvider-fra01: apply oauth2 to int.lukegb.com as well 2020-06-01 00:10:48 +01:00
17f7cda651 clouvider-fra01: refactor HTTP config a bit 2020-05-31 23:53:39 +01:00
e656191b7b clouvider-fra01: add int.lukegb.com which points at oauth2proxy 2020-05-31 22:28:01 +00:00
299893c475 clouvider-fra01: sonarr/radarr 2020-05-31 21:27:23 +01:00
dd59e9afed clouvider-fra01: remove old mercurial package 2020-05-31 21:23:47 +01:00
1e3821be14 clouvider-fra01: add sonarr/radarr users to content group 2020-05-31 21:20:02 +01:00
0ce1f45b41 clouvider-fra01: add sonarr/radarr 2020-05-31 21:01:56 +01:00
3c28fa6878 marukuru: update heptapod to 0.13.0-py3 2020-05-31 19:51:20 +01:00
643cb31750 porcorosso: try installing lutris 2020-05-31 18:58:29 +01:00
82ed70f0c9 ops/nixos/lib/hgrc: add purge extension 2020-05-22 13:09:36 +01:00
7473787ecb porcorosso: add direnv and lorri 2020-05-22 13:04:47 +01:00
d9cc0c9de1 ops/nixos/lib: don't use the s3 binary cache except when rebuilder-ing. 2020-05-22 13:04:17 +01:00
abbbc2c216 hg-git: add 0.9.0a1 for py3, and use that 2020-05-17 03:23:54 +01:00
2712655c50 ops/nixos/lib/hgrc: colourise rev ID based on phase 2020-05-16 14:08:27 +01:00
9824a286f8 ops/nixos/porcorosso: add copybara 2020-05-16 16:44:29 +01:00
9567a9803b ops/nixos/porcorosso: add NTFS drive 2020-05-11 21:15:49 +01:00
d7897ddbe5 ops/nixos/lib: add hgrc in a more sensible way 2020-05-11 17:30:13 +01:00
a58ee896ff ops/nixos/porcorosso: add whois 2020-05-11 16:45:02 +01:00
ee46deed22 ops/nixos/porcorosso: enable fontconfig-penultimate 2020-05-11 16:39:57 +01:00
3af02e4d98 ops/nixos/porcorosso: oh, I'm supposed to use fonts.fonts 2020-05-11 16:38:09 +01:00
e3b0cbce16 ops/nixos/porcorosso: import more packages 2020-05-11 16:31:17 +01:00
3d8a588f3a ops/nixos/porcorosso: move some packages into user packages 2020-05-11 16:21:48 +01:00
75791a83a7 ops/nixos/porcorosso: install teamspeak_client globally 2020-05-11 16:18:17 +01:00
6daf53d556 ops/nixos/lib/hgrc: add topics extension 2020-05-11 16:18:03 +01:00
84b964fffd porcorosso: add 'windows' script for rebooting to windows 2020-05-10 15:25:37 +01:00
e715c20f64 porcorosso: add deluge 2020-05-10 02:12:29 +01:00
91d742c1cd gitlab-ci: try and get deploys works 2020-05-09 23:49:32 +01:00
84f607d7cf *: try setting up automated deploys
This won't work yet, since the deployer user isn't correctly configured,
but this should at least trigger the right sets of things to happen.
2020-05-09 18:53:17 +01:00
c5d03b795e ops/nixos: give everything a consistent mercurial 2020-05-09 18:15:12 +01:00
0c461e9422 common: add my hgrc so I can have evolve everywhere 2020-05-09 14:42:19 +01:00
0236b2450b porcorosso: start using manifest variable 2020-05-09 14:27:10 +01:00
c110580d82 porcorosso: swap path to a string.
Can't use a path here since this doesn't exist on CI.
2020-05-09 12:59:51 +01:00
0474fea9f7 clouvider-fra01: set deluge.authFile 2020-05-09 12:56:56 +01:00
a708872dec porcorosso: add a configured secretsync 2020-05-09 12:45:31 +01:00
02112f071c clouvider-fra01: deluge 2020-05-09 11:14:37 +01:00
606151ddb4 ops/nixos: move rebuilder derivation into its own file. 2020-05-09 11:14:25 +01:00
f34991e545 nixos/lib/common: oops, meant "cache", not hydra 2020-05-09 01:10:37 +01:00
2508b6ed9a ops/nixos: add deployer user 2020-05-09 01:10:20 +01:00
bc50bdb7d2 ops/nixos: add GCP binary cache 2020-05-09 00:03:21 +01:00
19c29c56ff ops/nixos: fix things 2020-05-08 23:34:17 +01:00
06910a0445 ixvm-fra01: remove bird.nix 2020-05-08 23:29:30 +01:00
c4a6c2592f ixvm-fra01: merge useless changes 2020-05-08 23:29:10 +01:00
83cfa93b11 merge in local changes from marukuru 2020-05-08 23:28:42 +01:00
1e7fcadc97 ops/nixos: rework everything to factor common things out 2020-05-08 23:26:21 +01:00
24fe8291c2 marukuru: switch to heptapod 2020-05-08 22:24:50 +00:00
bcaf738b8f ixvm-fra01: add export_community 2020-05-08 21:48:44 +00:00
23bb45a60a Backed out changeset 1b4ecdc5b78d 2020-05-08 16:55:57 +00:00
9c45d867e2 Merge ixvm-fra01 changes 2020-05-08 17:52:55 +01:00
c6d883af9a ixvm-fra01: fix up bird config 2020-05-08 16:52:04 +00:00
a68ea0ce27 marukuru: add builder1 user 2020-05-07 00:52:42 +01:00
cc168a96d9 ixvm-fra01: add listen bgp dual 2020-05-06 23:44:16 +01:00
326f7259b7 ixvm-fra01: allow disabling peering 2020-05-06 23:37:31 +01:00
f27ec35837 ixvm-fra01: add lukegb to bird2 group 2020-05-06 23:29:57 +01:00
cf4109aaf9 ixvm-fra01: add bird config 2020-05-06 23:27:14 +01:00
5dbc575e95 clouvider-fra01: add content user/group. 2020-05-06 10:14:04 +01:00
25956f7607 clouvider-fra01: add Plex Pass media server. 2020-05-06 10:02:00 +01:00
79c7b70a96 porcorosso: add javaws bin that drops into a FHS env.
This allows me to use Supermicro's BMC, which appears to drop a
stunnel binary into /tmp and then execute it, which doesn't work
properly in Nix because nothing is where it is expected to be.
2020-05-06 10:01:46 +01:00
07829d4e34 clouvider-fra01: no need for /etc/nixos symlink 2020-05-06 00:35:00 +01:00
d8276603fa Add first-pass for clouvider-fra01. 2020-05-06 00:28:23 +01:00
10ea6c910e marukuru: readd pygments and phabricator group 2020-05-03 19:18:12 +01:00
dfbcb353af marukuru: GRUB should be on vda
sda doesn't exist.
2020-05-03 19:01:37 +01:00
f9b63a858f ops/nixos: switch to more standard NixOS module system
Sorry tazjin.
2020-05-03 18:44:11 +01:00
27f2c9edb7 marukuru: set ACME email 2020-05-03 17:58:56 +01:00
2f35c4835b marukuru: add 2020-05-03 17:56:16 +01:00
28e47f9384 ops/nixos: add assimilate.sh script 2020-05-03 17:42:00 +01:00
306add0be2 ixvm-fra01: add rebuilder
Everything should have this, I should make this just applied in default.nix...
2020-05-03 17:03:03 +01:00
b1e61c5fc0 ixvm-fra01: learn to spell fileSystems 2020-05-03 16:55:53 +01:00
ae625bc10e ixvm-fra01: add to ops/nixos as well... 2020-05-03 15:48:07 +01:00
506f161147 ixvm-fra01: add 2020-05-03 15:42:03 +01:00
45d3894011 porcorosso: add nixpkgs to NIX_PATH, add hg-evolve.
Reviewers: lukegb

Reviewed By: lukegb

Differential Revision: https://phab.lukegb.com/D9
2020-04-30 09:50:52 +01:00
1006e41bfb ops/nixos/porcorosso: create
Summary:
Adds porcorosso to the depot, and also adds the supporting Nix architecture required to make this work.

This also tests that encryption is working correctly.

Reviewers: tazjin

Reviewed By: tazjin

Subscribers: tazjin

Differential Revision: https://phab.lukegb.com/D8
2020-04-30 05:49:19 +01:00