Commit graph

387 commits

Author SHA1 Message Date
2f183e56dd ops/nixos: fix systemPathJSON by using writeText instead of toFile 2021-03-13 17:05:49 +00:00
b01c15b85f ops/nixos: make systems.json refer to the actual paths 2021-03-13 17:02:13 +00:00
9df7818dc5 ops/nixos: add systemPathJSON
This is a file which contains a mapping of system name to their store path, to
allow for easier retrieval from GCS.
2021-03-13 16:57:28 +00:00
cd29df194a blade-paris: set default gateway for final resting place 2021-03-13 16:41:21 +00:00
b2a085f84c ops/nixos/blade: enable NAT on routers 2021-03-13 16:41:05 +00:00
53b7ca1c8a ops/nixos: revamp blade network config 2021-03-12 14:47:08 +00:00
b014ef780b clouvider-lon01: give minotarproxy more IPs 2021-03-01 17:16:06 +00:00
7cd70420c6 blade-janeway: fix interfaces 2021-02-25 12:29:05 +00:00
a7094217ba blade: tweak networking 2021-02-24 19:58:15 +00:00
e6c0cdc415 totoro: fix up valve index alerting 2021-02-23 01:07:33 +00:00
dc996b324b totoro: add valveindexinstock 2021-02-23 00:16:41 +00:00
7c4334591a kusakabe: disable send-proxy-v2 for openshift 2021-02-17 04:33:08 +00:00
5018ba70cd home-manager/common: add iotop/iftop 2021-02-14 21:40:41 +00:00
caea9c19c4 lib/blade: mount boot drive to /boot 2021-02-13 16:07:33 +00:00
2596579835 lib/blade: add a ceph-osd-lvm-activate to prep the OSDs 2021-02-13 16:29:18 +00:00
0b865c968e porcorosso: add lukegb to video group 2021-02-13 13:55:28 +00:00
6c9b15e908 porcorosso: enable acpilight 2021-02-13 13:50:13 +00:00
93b5d2c288 ops/nixos: enable ceph in libvirtd 2021-02-11 02:21:59 +00:00
a484168097 lib/blade: add ceph support to libvirtd 2021-02-11 00:34:27 +00:00
c94e94284f lib/blade: decrease miimon 2021-02-11 00:27:25 +00:00
fc14641404 lib/blade: enable libvirtd group for lukegb 2021-02-11 00:22:47 +00:00
e81c71b85f lib/blade: enable acpi_power_meter 2021-02-11 00:22:39 +00:00
82503b6192 ops/nixos/lib/blade: enable polkit for libvirtd access 2021-02-11 00:13:32 +00:00
4a53baab51 ops/nixos: fix lib/blade.nix 2021-02-10 23:39:36 +00:00
270b461b97 ops/nixos: create br-ext and put everything on it 2021-02-10 23:38:05 +00:00
5aa39f0693 ops/nixos: add osd daemons 2021-02-09 22:29:11 +00:00
4f043bb45a ops/nixos: disable osd on hosts where I haven't set it up yet 2021-02-09 21:57:49 +00:00
372aed550f ops/nixos: enable osds on blade-janeway 2021-02-09 21:47:04 +00:00
1ed83bd25a ops/nixos/blade: add ceph 2021-02-09 01:17:54 +00:00
3239c4b0b6 blade-kim,blade-paris: add config 2021-02-09 00:00:18 +00:00
d2b95065e0 ops/nixos: populate tailscale IPs for chakotay, torres, tuvok 2021-02-08 22:33:42 +00:00
dad04a0062 ops/nixos: add other blade hosts
blade-paris and blade-kim are TBD
2021-02-08 22:26:22 +00:00
36bb93a80e blade-janeway: add prefixLength (oops) 2021-02-08 20:46:39 +00:00
51a4d4bf36 porcorosso: enable avahi 2021-02-08 20:45:21 +00:00
37be1e38f8 ops/nixos: switch blades to static IPs 2021-02-08 20:45:15 +00:00
f55f861e17 ops/nixos: split most of blade-janeway into lib/blade.nix 2021-02-07 21:23:23 +00:00
b0e58ab198 ops/nixos: rename blade-leader to blade-janeway 2021-02-07 20:21:32 +00:00
e6f4d37982 ops/nixos: add fwupd to common 2021-01-30 18:47:12 +00:00
78040f6c94 nix/pkgs: init hp-rom; add to netboot 2021-01-30 18:47:01 +00:00
5d1284a26c netboot: add mprime 2021-01-30 17:56:46 +00:00
8c4c8b3ccc ops/nixos: add netboot for netbooting a basic system with my defaults 2021-01-30 15:40:33 +00:00
ba65db5865 ops/nixos: init blade-leader 2021-01-30 04:30:05 +00:00
c7df81d6a1 clouvider-fra01: add ts3spotifybot 2021-01-27 18:39:58 +00:00
413c38e348 kusakabe: rsyncd 2021-01-27 13:48:29 +00:00
25774139d1 ops/nixos: enable IPFS filestore on all nodes 2021-01-26 11:40:36 +00:00
7ec8e08ff0 totoro: add quotesdb for dev purposes 2021-01-20 17:55:31 +00:00
1fe4e04464 ops/nixos: add dev-quotes.bfob.gg to server aliases 2021-01-20 00:22:54 +00:00
5ee6a1c3b7 ops/nixos/quotes.bfob.gg: add my.quotesdb.listen option 2021-01-20 00:21:21 +00:00
b7574660de web/quotes: prodify 2021-01-19 23:43:43 +00:00
ef81a0c080 quotes.bfob.gg: add to clouvider-lon01 2021-01-19 23:41:47 +00:00
d12fb60c20 kusakabe: open ipfs ports properly 2021-01-15 03:58:41 +00:00
6d3a3de05e totoro: fix 2021-01-15 03:42:38 +00:00
b7bd209b5e swann: forward IPFS ports to totoro 2021-01-15 03:41:24 +00:00
e4902496a7 totoro: add ipfs ports to firewall 2021-01-15 03:39:36 +00:00
2a7b7517a8 totoro: enable ipfs 2021-01-15 03:38:43 +00:00
a549f5bec3 clouvider-fra01: add ipfs UDP ports to firewall 2021-01-15 03:36:41 +00:00
67d2db0e7a kusakabe: add ipfs 2021-01-15 03:36:34 +00:00
44f4e9a023 clouvider-fra01: add ipfs 2021-01-15 00:58:36 +00:00
d20dd06aaf clouvider-lon01: disable SSH open-to-all 2021-01-12 00:00:34 +00:00
ad516941e8 clouvider-lon01: SSH firewalling changes 2021-01-11 23:45:06 +00:00
9dd18e2cdc ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics 2021-01-11 17:44:23 +00:00
6b95f54ca7 ops/nixos/lib/common: add systemd collector to all systems 2021-01-07 10:01:36 +00:00
aba7285824 totoro: add twitternuke timer 2021-01-06 21:29:33 +00:00
d38601fabe etheroute-lon01: allow unifi websockets 2021-01-04 21:15:43 +00:00
c92fe8b139 swann: switch to unifiHacked 2021-01-04 20:52:13 +00:00
f91109cb50 nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules 2021-01-04 15:50:42 +00:00
045f9f5b22 etheroute-lon01: unifi needs tls_skip_verify 2021-01-03 15:32:00 +00:00
596752caa0 etheroute-lon01: add unifi.int 2021-01-03 03:35:24 +00:00
6fec69886a clouvider-fra01: add lukegb to deluge group too 2021-01-02 16:18:56 +00:00
b2d8acd4b9 swann: swap unifiPackage to pkgs.unifi
unifiBeta is no more: https://github.com/NixOS/nixpkgs/pull/107797
2020-12-31 01:31:01 +00:00
eb9d9f54a5 nix/pkgs/grafana-plugins: rework a bit 2020-12-30 03:30:24 +00:00
405997d312 totoro: teach how to install grafana plugins from nix 2020-12-30 02:56:31 +00:00
26e379dfb7 depot-wide: create logged-out.int.lukegb.com 2020-12-30 00:57:53 +00:00
33117f2b45 totoro: don't prepend GF_ to grafana extraConfig 2020-12-29 21:23:20 +00:00
be3ce89fb4 etheroute-lon01: unset allowed_domains 2020-12-29 20:55:01 +00:00
7573280e5b etheroute-lon01: de-redundantify int.lukegb.com cert 2020-12-29 20:37:33 +00:00
1c550cf508 etheroute-lon01: rejiggle pomerium policy 2020-12-29 20:11:41 +00:00
4e20db9fcc totoro: install grafana 2020-12-29 20:08:55 +00:00
11c4b77eab etheroute-lon01: send more identity headers 2020-12-29 20:00:52 +00:00
6317f7ffba swann: enable Prometheus smokeping_prober 2020-12-29 18:57:18 +00:00
8773350ba6 etheroute-lon01: add prometheus and alertmanager 2020-12-29 16:57:26 +00:00
7d0493cacd deluge: patch deluge-web to try logging in with a fixed password first 2020-12-28 20:04:27 +00:00
aa9c1eb17e etheroute-lon01: hint that it's-a-me, lukegb 2020-12-28 19:26:39 +00:00
6f65c77ad3 etheroute-lon01: fix databroker connection string 2020-12-28 19:11:25 +00:00
2c0de76c8b etheroute-lon01: use redis for pomerium databroker storage 2020-12-28 19:09:55 +00:00
784138746f pomerium: document all known pomerium options as nixos module options 2020-12-28 18:54:00 +00:00
d3f6442301 etheroute-lon01: add things on clouvider-fra01 2020-12-28 15:56:54 +00:00
3a112b8218 clouvider-fra01: simplify 2020-12-28 15:54:43 +00:00
721018520b etheroute-lon01/pomerium: enable http redirect server 2020-12-28 15:40:13 +00:00
41bdeda58a pomerium: various fixups to make this work 2020-12-28 15:27:18 +00:00
10c6ddc4c9 etheroute-lon01: install pomerium 2020-12-28 14:08:24 +00:00
3ee1906b97 ops/nixos: init etheroute-lon01 2020-12-26 23:36:34 +00:00
161ed2af50 porcorosso: add lukegb to lxd group 2020-12-26 15:41:02 +00:00
8e2670548d porcorosso: enable lxd 2020-12-26 15:39:41 +00:00
ee5a7dc6ec porcorosso: intel 2020-12-23 23:35:16 +00:00
34d9b4eda5 hm/graphical-client: pull in nm-applet only for i3 2020-12-19 19:39:13 +00:00
9a14eadbb6 porcorosso: move intel selection to a nixos specialisation 2020-12-19 19:38:57 +00:00
cb4ba45b1b hm/graphical-client: enable nm-applet
I'm assuming (probably wrongly) that anything using my graphical-client preset
is _also_ using NetworkManager, which is probably true for real client machines
but may not be true on terminal services machines which also end up with this
preset.

Whatever, I'll work it out later.
2020-12-19 19:25:15 +00:00
d13dca3f02 porcorosso: switch to intel again 2020-12-19 19:23:02 +00:00
c59b3843c7 porcorosso: enable fwupd 2020-12-19 19:26:36 +00:00
2e50ce0489 porcorosso: enable the intermec-cups-driver 2020-12-19 19:26:25 +00:00
808b506123 ops/nixos/lib/low-space: fix 2020-12-06 15:22:40 +00:00
26de73b0fb marukuru: set journald SystemMaxUse to cap log size 2020-12-06 15:18:14 +00:00
9244e44518 ops/nixos/lib/common: add lukegb to 'audio' group 2020-12-03 03:00:40 +00:00
7b9191f261 clouvider-lon01: factorio: open firewall 2020-11-30 19:53:57 +00:00
23e97ff266 ops/nixos: add whitby-distributed to clouvider-lon01 2020-11-30 23:21:56 +00:00
52fc2c36dc clouvider-fra01: bump stateVersion, yolo
This will cause Deluge to update to Deluge2.
2020-11-29 02:31:29 +00:00
4c0778487f ops/maint/update_nixpkgs: remove propagatedBuildInputs 2020-11-25 13:19:35 +00:00
a589ca3e1f ops/nixos: remove propagatedBuildInputs from mercurial override 2020-11-25 13:12:36 +00:00
b82fbfb9f8 porcorosso: add obs-studio 2020-11-25 02:13:14 +00:00
8c36ae940b clouvider-lon01: add factorio server 2020-11-24 04:50:31 +00:00
311fc015f4 porcorosso: install Factorio 2020-11-24 02:56:18 +00:00
094f2334f8 ops/nixos/lib/home-manager: swap isDarwin for 'is external' check 2020-11-23 16:47:17 +00:00
80e85feede home-manager-ext: init
To allow using my home-manager config on Darwin (and other non-NixOS
machines), I introduce the concept of home-manager-ext, which gives
me a much easier hook to import my config elsewhere.
2020-11-23 07:22:00 -08:00
0f86867d05 porcorosso: swap /root for a bindmount instead 2020-11-23 15:19:23 +00:00
2043572a2b porcorosso: make /root a /persist/root symlink 2020-11-22 14:44:49 +00:00
5de4937d6d Add a GITHUB_TOKEN to my environment everywhere. 2020-11-21 00:51:24 +00:00
26352c7065 ops/nixos: add ability to define additional things to be scraped, use this for coredns 2020-11-18 02:02:23 +00:00
588a47e97f swann: set swann as DNS server for DHCP 2020-11-18 01:50:16 +00:00
68deb62b38 swann: enable coredns and use google public DNS over TLS 2020-11-18 01:49:44 +00:00
c0a6e48970 ops/nixos: add dnsutils to common for dig 2020-11-18 01:27:50 +00:00
087d774b56 swann: forward port 80 and 443 to totoro 2020-11-18 01:31:57 +00:00
2df9344303 totoro: set up pancake 2020-11-17 03:14:04 +00:00
4cb36fffbb totoro: add /srv and /srv/pancake 2020-11-17 02:39:01 +00:00
a31599ad1b ops/nixos: add restic everywhere 2020-11-17 02:21:46 +00:00
4a0897b0cb ops/nixos: add new packages, move other packages around 2020-11-17 02:10:23 +00:00
492d57ef29 hm/graphical-client: enable vaapi on chromium 2020-11-15 21:29:15 +00:00
8a9c00c7f0 porcorosso: add some vdpau/vaapi packages 2020-11-15 21:23:47 +00:00
6c91bbe714 hm: set up ssh 2020-11-09 00:21:32 +00:00
f2c8e2d3bf hm/graphical-client: set up session vars 2020-11-08 15:49:12 +00:00
07b76f5cf9 clouvider-lon01: only listen on specified IPs 2020-11-07 14:20:46 +00:00
b2384d844d clouvider-lon01: disable automatic nix-gc
It's used as a Nix build cache machine - since we don't have gcroot
generation, it's better to just not collect garbage for the moment.
2020-11-06 05:21:37 +00:00
65c2fce8a7 swann: add unifi-poller 2020-11-06 05:02:05 +00:00
17ac1212dd ops/nixos: add totoro as prometheus box; enable node-exporter everywhere 2020-11-06 04:52:54 +00:00
eba4f33a63 totoro: remove openshift cruft 2020-11-06 04:11:16 +00:00
b58f13a145 ops/nixos: globally enable zramSwap 2020-11-05 02:03:20 +00:00
57d4f7f05e nixos/home-manager: do ssh-add when making a login shell 2020-11-05 01:57:55 +00:00
bad3be7574 ops: tweak SSH auth; add red solo SK-resident key 2020-11-05 01:50:16 +00:00
2c0b4e3bb6 porcorosso: add libvirtd 2020-11-03 16:03:22 +00:00
cc5152300c marukuru/deployer: expose tailscale IPs 2020-11-04 21:58:49 +00:00
82c751a6e4 swann: install Unifi controller 2020-11-04 21:53:14 +00:00
a507a5380d ops/nixos: allow all traffic in on tailscale0 2020-11-04 21:53:02 +00:00
8d4b7f8c47 bgp: add default to satisfy ixvm-fra01 2020-11-04 17:41:28 +00:00
855feececa clouvider-lon01: set up as cache builder 2020-11-04 17:30:28 +00:00
252ad42fb2 clouvider-lon01: add minotarproxy 2020-11-04 17:23:52 +00:00
db911ee156 porcorosso: add libvirt persistance 2020-11-04 17:09:53 +00:00
86a09dab73 clouvider-lon01: add minotarproxy IPs 2020-11-04 16:41:15 +00:00
4da102053c clouvider-lon01: add ZNC 2020-11-04 16:27:46 +00:00
129bdd0e69 clouvider-lon01: update tailscale IP 2020-11-04 15:53:18 +00:00
7795bd1d0f clouvider-lon01: init 2020-11-04 15:51:55 +00:00