Commit graph

431 commits

Author SHA1 Message Date
787b04737e treewide: add some SPDX headers 2021-03-20 20:46:56 +00:00
35cc195717 common: remove everything from hosts files 2021-03-20 16:42:08 +00:00
99dce2de2a as205479.net: add totoro.int 2021-03-20 16:41:26 +00:00
33fd1da091 dns: add blades to zone 2021-03-20 15:22:09 +00:00
4c78164384 ops/nixos/common: set search domains 2021-03-20 15:01:28 +00:00
5cf89fbc2f switch-prebuilt: check for existence before nix copy 2021-03-20 13:37:08 +00:00
422c47c3e0 switch-prebuilt: run stuff assuming we're a trusted-user 2021-03-20 13:22:17 +00:00
be5eee48b3 switch-prebuilt: init 2021-03-20 12:39:23 +00:00
154db9706a lib/common: add deployer to trustedUsers 2021-03-20 12:34:01 +00:00
7737f962a9 marukuru/deployer: add jq somewhere more sensible 2021-03-20 12:17:41 +00:00
d8086e7042 ops/nixos: add jq everywhere 2021-03-20 12:11:45 +00:00
705bcd9446 marukuru/deployer: add jq 2021-03-20 11:57:21 +00:00
627c8bf17c lib/coredns: fix firewall 2021-03-20 02:06:08 +00:00
b0a6ebe52d ops/nixos: add coredns 2021-03-20 02:03:23 +00:00
7f27f9fb79 tuvok/paris: enable keepalived 2021-03-20 01:08:33 +00:00
c51e5d478d lib/common: add --delete-older-than 2021-03-19 21:29:54 +00:00
9036f02fd0 blade-tuvok: allow 80/443 2021-03-19 21:27:42 +00:00
9ddb5d75f2 blade: restrict ceph firewall rules to storage network 2021-03-19 21:27:15 +00:00
4f5f2a780a nixos-mgmt: init 2021-03-19 20:28:24 +00:00
3f3c92addc blade-tuvok: serve objdump directly 2021-03-19 19:45:03 +00:00
10c7ee76b3 {las,lux,nyc}01-frantech: add tailscale IPs 2021-03-19 16:16:06 +00:00
0f0f61f2df installcd: add to ci-root; tweak store 2021-03-19 01:19:14 +00:00
db1b568d63 {lux,las,nyc}01-frantech: init 2021-03-19 01:11:37 +00:00
c26a321f5f home-manager: drop enableVaapi 2021-03-18 23:56:25 +00:00
4a381f03d3 ops/nixos: create installcd 2021-03-18 23:51:38 +00:00
665dc16239 etheroute-lon01: bump timeout, which is just 'timeout' 2021-03-18 23:50:54 +00:00
04a7792ad1 totoro: add NodeExporterDown alerts 2021-03-15 01:25:19 +00:00
dc2fb8e2b1 totoro: add power use alerts for blade system 2021-03-15 01:20:26 +00:00
238d3ad7a8 totoro: add pushover alertmanager output 2021-03-15 00:58:37 +00:00
c682fc0422 blade: fix serial console 2021-03-14 17:39:07 +00:00
bb1178e82c blade: enable serial console for GRUB and boot 2021-03-14 17:34:08 +00:00
ff2be56561 blade: disable coredump writing 2021-03-14 17:25:03 +00:00
f3c5990de4 blade: nit: forgot a ) 2021-03-14 15:56:58 +00:00
22dadde50a blade-torres: remap en-storage onto a vlan 2021-03-14 15:52:53 +00:00
b3def9be96 ceph: add /var/lib/ceph mount 2021-03-14 14:35:36 +00:00
22cb1575b4 ceph: set up storage network 10.100.2.0/24 2021-03-14 14:35:32 +00:00
a51b864d0d etheroute-lon01: set more finegrained timeouts 2021-03-14 13:00:37 +00:00
da6c3854bd etheroute-lon01: move to objdump.zxcvbnm.ninja 2021-03-14 11:46:05 +00:00
38e34e2210 etheroute-lon01: add objdump.lukegb.com 2021-03-14 11:44:17 +00:00
f300882cea ixvm-fra01: delete 2021-03-14 02:04:09 +00:00
dc68fb7305 blade: correct IP 2021-03-14 02:01:42 +00:00
74fd32c0b8 ops/nixos/blade: switch mon IPs in config 2021-03-14 01:23:24 +00:00
b51cf06282 totoro: prometheus: remove valveindexinstock, add snmp 2021-03-14 01:13:37 +00:00
a763c85e3d blade: allow tailscale 41641/udp 2021-03-13 20:58:43 +00:00
e979f4e83e blade: move journald storage to volatile 2021-03-13 20:57:04 +00:00
82655bcb8a porcorosso: remove /home/lukegb/mnt 2021-03-13 20:56:57 +00:00
2f183e56dd ops/nixos: fix systemPathJSON by using writeText instead of toFile 2021-03-13 17:05:49 +00:00
b01c15b85f ops/nixos: make systems.json refer to the actual paths 2021-03-13 17:02:13 +00:00
9df7818dc5 ops/nixos: add systemPathJSON
This is a file which contains a mapping of system name to their store path, to
allow for easier retrieval from GCS.
2021-03-13 16:57:28 +00:00
cd29df194a blade-paris: set default gateway for final resting place 2021-03-13 16:41:21 +00:00
b2a085f84c ops/nixos/blade: enable NAT on routers 2021-03-13 16:41:05 +00:00
53b7ca1c8a ops/nixos: revamp blade network config 2021-03-12 14:47:08 +00:00
b014ef780b clouvider-lon01: give minotarproxy more IPs 2021-03-01 17:16:06 +00:00
7cd70420c6 blade-janeway: fix interfaces 2021-02-25 12:29:05 +00:00
a7094217ba blade: tweak networking 2021-02-24 19:58:15 +00:00
e6c0cdc415 totoro: fix up valve index alerting 2021-02-23 01:07:33 +00:00
dc996b324b totoro: add valveindexinstock 2021-02-23 00:16:41 +00:00
7c4334591a kusakabe: disable send-proxy-v2 for openshift 2021-02-17 04:33:08 +00:00
5018ba70cd home-manager/common: add iotop/iftop 2021-02-14 21:40:41 +00:00
caea9c19c4 lib/blade: mount boot drive to /boot 2021-02-13 16:07:33 +00:00
2596579835 lib/blade: add a ceph-osd-lvm-activate to prep the OSDs 2021-02-13 16:29:18 +00:00
0b865c968e porcorosso: add lukegb to video group 2021-02-13 13:55:28 +00:00
6c9b15e908 porcorosso: enable acpilight 2021-02-13 13:50:13 +00:00
93b5d2c288 ops/nixos: enable ceph in libvirtd 2021-02-11 02:21:59 +00:00
a484168097 lib/blade: add ceph support to libvirtd 2021-02-11 00:34:27 +00:00
c94e94284f lib/blade: decrease miimon 2021-02-11 00:27:25 +00:00
fc14641404 lib/blade: enable libvirtd group for lukegb 2021-02-11 00:22:47 +00:00
e81c71b85f lib/blade: enable acpi_power_meter 2021-02-11 00:22:39 +00:00
82503b6192 ops/nixos/lib/blade: enable polkit for libvirtd access 2021-02-11 00:13:32 +00:00
4a53baab51 ops/nixos: fix lib/blade.nix 2021-02-10 23:39:36 +00:00
270b461b97 ops/nixos: create br-ext and put everything on it 2021-02-10 23:38:05 +00:00
5aa39f0693 ops/nixos: add osd daemons 2021-02-09 22:29:11 +00:00
4f043bb45a ops/nixos: disable osd on hosts where I haven't set it up yet 2021-02-09 21:57:49 +00:00
372aed550f ops/nixos: enable osds on blade-janeway 2021-02-09 21:47:04 +00:00
1ed83bd25a ops/nixos/blade: add ceph 2021-02-09 01:17:54 +00:00
3239c4b0b6 blade-kim,blade-paris: add config 2021-02-09 00:00:18 +00:00
d2b95065e0 ops/nixos: populate tailscale IPs for chakotay, torres, tuvok 2021-02-08 22:33:42 +00:00
dad04a0062 ops/nixos: add other blade hosts
blade-paris and blade-kim are TBD
2021-02-08 22:26:22 +00:00
36bb93a80e blade-janeway: add prefixLength (oops) 2021-02-08 20:46:39 +00:00
51a4d4bf36 porcorosso: enable avahi 2021-02-08 20:45:21 +00:00
37be1e38f8 ops/nixos: switch blades to static IPs 2021-02-08 20:45:15 +00:00
f55f861e17 ops/nixos: split most of blade-janeway into lib/blade.nix 2021-02-07 21:23:23 +00:00
b0e58ab198 ops/nixos: rename blade-leader to blade-janeway 2021-02-07 20:21:32 +00:00
e6f4d37982 ops/nixos: add fwupd to common 2021-01-30 18:47:12 +00:00
78040f6c94 nix/pkgs: init hp-rom; add to netboot 2021-01-30 18:47:01 +00:00
5d1284a26c netboot: add mprime 2021-01-30 17:56:46 +00:00
8c4c8b3ccc ops/nixos: add netboot for netbooting a basic system with my defaults 2021-01-30 15:40:33 +00:00
ba65db5865 ops/nixos: init blade-leader 2021-01-30 04:30:05 +00:00
c7df81d6a1 clouvider-fra01: add ts3spotifybot 2021-01-27 18:39:58 +00:00
413c38e348 kusakabe: rsyncd 2021-01-27 13:48:29 +00:00
25774139d1 ops/nixos: enable IPFS filestore on all nodes 2021-01-26 11:40:36 +00:00
7ec8e08ff0 totoro: add quotesdb for dev purposes 2021-01-20 17:55:31 +00:00
1fe4e04464 ops/nixos: add dev-quotes.bfob.gg to server aliases 2021-01-20 00:22:54 +00:00
5ee6a1c3b7 ops/nixos/quotes.bfob.gg: add my.quotesdb.listen option 2021-01-20 00:21:21 +00:00
b7574660de web/quotes: prodify 2021-01-19 23:43:43 +00:00
ef81a0c080 quotes.bfob.gg: add to clouvider-lon01 2021-01-19 23:41:47 +00:00
d12fb60c20 kusakabe: open ipfs ports properly 2021-01-15 03:58:41 +00:00
6d3a3de05e totoro: fix 2021-01-15 03:42:38 +00:00
b7bd209b5e swann: forward IPFS ports to totoro 2021-01-15 03:41:24 +00:00
e4902496a7 totoro: add ipfs ports to firewall 2021-01-15 03:39:36 +00:00
2a7b7517a8 totoro: enable ipfs 2021-01-15 03:38:43 +00:00
a549f5bec3 clouvider-fra01: add ipfs UDP ports to firewall 2021-01-15 03:36:41 +00:00
67d2db0e7a kusakabe: add ipfs 2021-01-15 03:36:34 +00:00
44f4e9a023 clouvider-fra01: add ipfs 2021-01-15 00:58:36 +00:00
d20dd06aaf clouvider-lon01: disable SSH open-to-all 2021-01-12 00:00:34 +00:00
ad516941e8 clouvider-lon01: SSH firewalling changes 2021-01-11 23:45:06 +00:00
9dd18e2cdc ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics 2021-01-11 17:44:23 +00:00
6b95f54ca7 ops/nixos/lib/common: add systemd collector to all systems 2021-01-07 10:01:36 +00:00
aba7285824 totoro: add twitternuke timer 2021-01-06 21:29:33 +00:00
d38601fabe etheroute-lon01: allow unifi websockets 2021-01-04 21:15:43 +00:00
c92fe8b139 swann: switch to unifiHacked 2021-01-04 20:52:13 +00:00
f91109cb50 nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules 2021-01-04 15:50:42 +00:00
045f9f5b22 etheroute-lon01: unifi needs tls_skip_verify 2021-01-03 15:32:00 +00:00
596752caa0 etheroute-lon01: add unifi.int 2021-01-03 03:35:24 +00:00
6fec69886a clouvider-fra01: add lukegb to deluge group too 2021-01-02 16:18:56 +00:00
b2d8acd4b9 swann: swap unifiPackage to pkgs.unifi
unifiBeta is no more: https://github.com/NixOS/nixpkgs/pull/107797
2020-12-31 01:31:01 +00:00
eb9d9f54a5 nix/pkgs/grafana-plugins: rework a bit 2020-12-30 03:30:24 +00:00
405997d312 totoro: teach how to install grafana plugins from nix 2020-12-30 02:56:31 +00:00
26e379dfb7 depot-wide: create logged-out.int.lukegb.com 2020-12-30 00:57:53 +00:00
33117f2b45 totoro: don't prepend GF_ to grafana extraConfig 2020-12-29 21:23:20 +00:00
be3ce89fb4 etheroute-lon01: unset allowed_domains 2020-12-29 20:55:01 +00:00
7573280e5b etheroute-lon01: de-redundantify int.lukegb.com cert 2020-12-29 20:37:33 +00:00
1c550cf508 etheroute-lon01: rejiggle pomerium policy 2020-12-29 20:11:41 +00:00
4e20db9fcc totoro: install grafana 2020-12-29 20:08:55 +00:00
11c4b77eab etheroute-lon01: send more identity headers 2020-12-29 20:00:52 +00:00
6317f7ffba swann: enable Prometheus smokeping_prober 2020-12-29 18:57:18 +00:00
8773350ba6 etheroute-lon01: add prometheus and alertmanager 2020-12-29 16:57:26 +00:00
7d0493cacd deluge: patch deluge-web to try logging in with a fixed password first 2020-12-28 20:04:27 +00:00
aa9c1eb17e etheroute-lon01: hint that it's-a-me, lukegb 2020-12-28 19:26:39 +00:00
6f65c77ad3 etheroute-lon01: fix databroker connection string 2020-12-28 19:11:25 +00:00
2c0de76c8b etheroute-lon01: use redis for pomerium databroker storage 2020-12-28 19:09:55 +00:00
784138746f pomerium: document all known pomerium options as nixos module options 2020-12-28 18:54:00 +00:00
d3f6442301 etheroute-lon01: add things on clouvider-fra01 2020-12-28 15:56:54 +00:00
3a112b8218 clouvider-fra01: simplify 2020-12-28 15:54:43 +00:00
721018520b etheroute-lon01/pomerium: enable http redirect server 2020-12-28 15:40:13 +00:00
41bdeda58a pomerium: various fixups to make this work 2020-12-28 15:27:18 +00:00
10c6ddc4c9 etheroute-lon01: install pomerium 2020-12-28 14:08:24 +00:00
3ee1906b97 ops/nixos: init etheroute-lon01 2020-12-26 23:36:34 +00:00
161ed2af50 porcorosso: add lukegb to lxd group 2020-12-26 15:41:02 +00:00
8e2670548d porcorosso: enable lxd 2020-12-26 15:39:41 +00:00
ee5a7dc6ec porcorosso: intel 2020-12-23 23:35:16 +00:00
34d9b4eda5 hm/graphical-client: pull in nm-applet only for i3 2020-12-19 19:39:13 +00:00
9a14eadbb6 porcorosso: move intel selection to a nixos specialisation 2020-12-19 19:38:57 +00:00
cb4ba45b1b hm/graphical-client: enable nm-applet
I'm assuming (probably wrongly) that anything using my graphical-client preset
is _also_ using NetworkManager, which is probably true for real client machines
but may not be true on terminal services machines which also end up with this
preset.

Whatever, I'll work it out later.
2020-12-19 19:25:15 +00:00
d13dca3f02 porcorosso: switch to intel again 2020-12-19 19:23:02 +00:00
c59b3843c7 porcorosso: enable fwupd 2020-12-19 19:26:36 +00:00
2e50ce0489 porcorosso: enable the intermec-cups-driver 2020-12-19 19:26:25 +00:00
808b506123 ops/nixos/lib/low-space: fix 2020-12-06 15:22:40 +00:00
26de73b0fb marukuru: set journald SystemMaxUse to cap log size 2020-12-06 15:18:14 +00:00
9244e44518 ops/nixos/lib/common: add lukegb to 'audio' group 2020-12-03 03:00:40 +00:00