Commit graph

436 commits

Author SHA1 Message Date
5b63d1555a nixos/blade: use tmpfs for /var/log and /var/cache 2021-03-31 21:20:08 +00:00
c972f3ae12 as205479.net: add bvm-win10 2021-03-31 19:39:56 +00:00
4ab9e1b19e marukuru: tweak gitlab settings 2021-03-30 20:49:42 +01:00
e2dffeceb5 marukuru: need to enable experimental mode 2021-03-30 20:23:26 +01:00
357a9ca041 marukuru: set random collection of IPv6 Docker options 2021-03-30 20:11:19 +01:00
f71179cbd6 coredns: add bvm-korobi 2021-03-30 12:51:17 +01:00
62dce112db blade-router: fix radvd prefix to actually be onlink 2021-03-30 11:59:27 +01:00
4c013cb2bc blade-router: use absolute path to birdc 2021-03-30 00:18:08 +00:00
e80a1750b8 blade-router: tweak notify script config 2021-03-30 00:09:02 +00:00
8b2238cf1e blade-router: add shebang to VRRP notify script 2021-03-30 00:01:19 +00:00
f05a063fce blade-router: add keepalived notify script for announcing/withdrawing routes 2021-03-29 23:54:26 +00:00
1071202e7f coredns: update DNS to match swapped IPs 2021-03-29 23:13:01 +00:00
bff07335b5 blade-router: switch router VIP 2021-03-29 23:09:26 +00:00
cae0c4eb94 blade-router: we need config attribute... 2021-03-29 23:29:26 +01:00
a5ffe43e14 blade-paris: fix imports 2021-03-29 23:28:30 +01:00
7de4d2690e blade-router: put radvd config in correct place 2021-03-29 23:27:40 +01:00
c5fc727f7a blade-router: fix 2021-03-29 23:26:50 +01:00
b09773e945 blade-paris: fix import 2021-03-29 23:25:50 +01:00
ac63880ed7 ops/nixos: abstract into blade-router 2021-03-29 23:24:57 +01:00
8236c7f698 blade-{paris,tuvok}: add radvd 2021-03-29 23:04:26 +01:00
878a457c83 blade-{paris,tuvok}: allow IPv6 VRRP as well... 2021-03-29 22:53:19 +01:00
c8b482c67a blade-{paris,tuvok}: add IPv6 link-local address as first
Mar 29 21:38:36 blade-tuvok Keepalived_vrrp[29221]: (mgmtGateway6) the first IPv6 VIP address should be link local
2021-03-29 22:43:53 +01:00
b0198cfa3d blade-{paris,tuvok}: split IPv4/IPv6 VRRP 2021-03-29 22:36:03 +01:00
0d46b6d4fe blade-{paris,tuvok}: add IPv6 gateway to keepalived 2021-03-29 21:03:06 +00:00
e1e3a24f36 ops/nixos/lib/coredns: add DNS records 2021-03-29 20:45:39 +00:00
b360944686 blade-{paris,tuvok}: add some IP addresses 2021-03-29 20:39:42 +00:00
d84075b124 clouvider-lon01: drop 92.118.28.0/24 2021-03-29 12:15:27 +00:00
3c7f759773 blade-paris/blade-tuvok: change v4/v6 announcements 2021-03-29 12:06:39 +00:00
b559512200 blade-paris/blade-tuvok: add BGP config 2021-03-29 11:47:44 +00:00
3ea210e884 marukuru: tweak GitLab Puma settings for low-mem
Per the GitLab docs
(https://docs.gitlab.com/ee/install/requirements.html#puma-settings):

> If the operating system has a maximum 2 GB of memory, the recommended number
> of threads is 1. A higher value will result in excess swapping, and decrease
> performance.

and

> In a memory-constrained environment with less than 4GB of RAM available,
> consider disabling Puma Clustered mode.
>
> Configuring Puma by setting the amount of workers to 0 could reduce memory
> usage by hundreds of MB. For details on Puma worker and thread settings, see
> Puma settings.
2021-03-28 23:25:14 +00:00
a3ed8a6da3 hm: add ntfy everywhere 2021-03-28 23:08:02 +00:00
0b1ccae353 bvm-prosody: actually name depot... 2021-03-28 22:52:04 +00:00
a44b09fb46 bvm-twitterchiver: create twitterchiver user 2021-03-28 22:48:43 +00:00
5a3a55e302 bvm-prosody: add coturn 2021-03-28 22:46:55 +00:00
efe1aa51db bvm-twitterchiver: add postgresql 2021-03-28 22:46:44 +00:00
d32585bff6 bvm-ipfs: enable ipfs 2021-03-28 15:34:54 +00:00
2b8dce0920 depot-wide: overhaul GitLab CI configuration
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
2021-03-28 15:27:46 +00:00
f8b4903286 bvm-prosody: add tailscale IP 2021-03-28 14:33:54 +00:00
2eeba92d9e bvm-twitterchiver: add tailscale IP 2021-03-28 14:32:16 +00:00
e6c56c9a74 bvm-ipfs: add tailscale IP 2021-03-28 14:00:25 +00:00
7979d936a4 ops/nixos: init bvm-{twitterchiver,prosody,ipfs} 2021-03-28 13:10:27 +00:00
f27a8f8f1a ops/nixos: mkBefore needs lib. in bvm.nix/blade.nix 2021-03-28 12:32:01 +00:00
f34d539462 bvm-nixosmgmt: condense down and abstract out 2021-03-28 12:26:11 +00:00
c1f450eb33 ops/nixos: flesh out DNS for internal blade IPs 2021-03-28 12:18:06 +00:00
0b60a516b4 bvm-nixosmgmt: actually change the hostname 2021-03-28 02:04:41 +00:00
701ab955af coredns: update serial for as205479.net 2021-03-28 01:16:10 +00:00
b2e2f965c5 ops/nixos: rename various machines to comply with naming convention
* *-frantech should be frantech-*, it's provider first
* blade VMs now all begin bvm-
2021-03-28 00:34:36 +00:00
1883186bb8 hm/graphical-client: switch to google-chrome-beta from chromium 2021-03-25 10:54:01 +00:00
a99e0309c5 ops/nixos/fup: switch to using config file 2021-03-23 00:58:18 +00:00
11ed74003a nixos/fup: allow large file uploads 2021-03-22 13:56:16 +00:00
86d9292cd1 blade-tuvok: change fup to listen on wildcard
It's broken otherwise, since the default server is based on the incoming IP,
and the precise listed IPs are more tightly binding.
2021-03-22 13:46:28 +00:00
ff5ea120e5 blade-tuvok/fup: override listen IPs 2021-03-22 02:50:27 +00:00
ca642bfa5e blade-tuvok: add fup 2021-03-22 02:43:17 +00:00
787b04737e treewide: add some SPDX headers 2021-03-20 20:46:56 +00:00
35cc195717 common: remove everything from hosts files 2021-03-20 16:42:08 +00:00
99dce2de2a as205479.net: add totoro.int 2021-03-20 16:41:26 +00:00
33fd1da091 dns: add blades to zone 2021-03-20 15:22:09 +00:00
4c78164384 ops/nixos/common: set search domains 2021-03-20 15:01:28 +00:00
5cf89fbc2f switch-prebuilt: check for existence before nix copy 2021-03-20 13:37:08 +00:00
422c47c3e0 switch-prebuilt: run stuff assuming we're a trusted-user 2021-03-20 13:22:17 +00:00
be5eee48b3 switch-prebuilt: init 2021-03-20 12:39:23 +00:00
154db9706a lib/common: add deployer to trustedUsers 2021-03-20 12:34:01 +00:00
7737f962a9 marukuru/deployer: add jq somewhere more sensible 2021-03-20 12:17:41 +00:00
d8086e7042 ops/nixos: add jq everywhere 2021-03-20 12:11:45 +00:00
705bcd9446 marukuru/deployer: add jq 2021-03-20 11:57:21 +00:00
627c8bf17c lib/coredns: fix firewall 2021-03-20 02:06:08 +00:00
b0a6ebe52d ops/nixos: add coredns 2021-03-20 02:03:23 +00:00
7f27f9fb79 tuvok/paris: enable keepalived 2021-03-20 01:08:33 +00:00
c51e5d478d lib/common: add --delete-older-than 2021-03-19 21:29:54 +00:00
9036f02fd0 blade-tuvok: allow 80/443 2021-03-19 21:27:42 +00:00
9ddb5d75f2 blade: restrict ceph firewall rules to storage network 2021-03-19 21:27:15 +00:00
4f5f2a780a nixos-mgmt: init 2021-03-19 20:28:24 +00:00
3f3c92addc blade-tuvok: serve objdump directly 2021-03-19 19:45:03 +00:00
10c7ee76b3 {las,lux,nyc}01-frantech: add tailscale IPs 2021-03-19 16:16:06 +00:00
0f0f61f2df installcd: add to ci-root; tweak store 2021-03-19 01:19:14 +00:00
db1b568d63 {lux,las,nyc}01-frantech: init 2021-03-19 01:11:37 +00:00
c26a321f5f home-manager: drop enableVaapi 2021-03-18 23:56:25 +00:00
4a381f03d3 ops/nixos: create installcd 2021-03-18 23:51:38 +00:00
665dc16239 etheroute-lon01: bump timeout, which is just 'timeout' 2021-03-18 23:50:54 +00:00
04a7792ad1 totoro: add NodeExporterDown alerts 2021-03-15 01:25:19 +00:00
dc2fb8e2b1 totoro: add power use alerts for blade system 2021-03-15 01:20:26 +00:00
238d3ad7a8 totoro: add pushover alertmanager output 2021-03-15 00:58:37 +00:00
c682fc0422 blade: fix serial console 2021-03-14 17:39:07 +00:00
bb1178e82c blade: enable serial console for GRUB and boot 2021-03-14 17:34:08 +00:00
ff2be56561 blade: disable coredump writing 2021-03-14 17:25:03 +00:00
f3c5990de4 blade: nit: forgot a ) 2021-03-14 15:56:58 +00:00
22dadde50a blade-torres: remap en-storage onto a vlan 2021-03-14 15:52:53 +00:00
b3def9be96 ceph: add /var/lib/ceph mount 2021-03-14 14:35:36 +00:00
22cb1575b4 ceph: set up storage network 10.100.2.0/24 2021-03-14 14:35:32 +00:00
a51b864d0d etheroute-lon01: set more finegrained timeouts 2021-03-14 13:00:37 +00:00
da6c3854bd etheroute-lon01: move to objdump.zxcvbnm.ninja 2021-03-14 11:46:05 +00:00
38e34e2210 etheroute-lon01: add objdump.lukegb.com 2021-03-14 11:44:17 +00:00
f300882cea ixvm-fra01: delete 2021-03-14 02:04:09 +00:00
dc68fb7305 blade: correct IP 2021-03-14 02:01:42 +00:00
74fd32c0b8 ops/nixos/blade: switch mon IPs in config 2021-03-14 01:23:24 +00:00
b51cf06282 totoro: prometheus: remove valveindexinstock, add snmp 2021-03-14 01:13:37 +00:00
a763c85e3d blade: allow tailscale 41641/udp 2021-03-13 20:58:43 +00:00
e979f4e83e blade: move journald storage to volatile 2021-03-13 20:57:04 +00:00
82655bcb8a porcorosso: remove /home/lukegb/mnt 2021-03-13 20:56:57 +00:00
2f183e56dd ops/nixos: fix systemPathJSON by using writeText instead of toFile 2021-03-13 17:05:49 +00:00