Commit graph

76 commits

Author SHA1 Message Date
ac0c6eccef ssh-ca-vault: init 2022-03-11 21:48:06 +00:00
0187120a24 ops/nixos: move nix cache tokens into vault 2022-03-11 16:46:50 +00:00
6e6e714cf1 ops/nixos: init vault-agent-secrets module 2022-03-11 14:40:08 +00:00
4be2eaeb6d nixos/lib/common: remove security.acme 2022-03-11 03:28:32 +00:00
8be4fe603e vault-agent-acme: init 2022-03-06 22:26:49 +00:00
cbabb6f211 ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents 2022-01-30 20:30:20 +00:00
7c418666fe ops/nixos: add some vault-agent setup 2022-01-23 23:38:40 +00:00
4f0a7b60bc ops/nixos: use higher-priority 'mkDefault' 2022-01-09 21:38:17 +00:00
ad95bffd3d ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
05be94e4d7 ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken.

At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has
DNSKEY records but there's no matching DS record at .com for it.

There are also other reports: https://github.com/systemd/systemd/issues/12388

tl;dr: it just doesn't work, let's not use that.
2022-01-08 12:09:26 +00:00
d79265ddad ops/nixos: tidy up security.acme 2022-01-04 14:00:45 +00:00
de71fd5c9a ops/nixos/lib/common: add global DNS servers 2022-01-04 13:32:56 +00:00
67b038c2bc ops/nixos/common: turn off logRefusedConnections - it's super noisy 2022-01-01 20:56:41 +00:00
7b4e6c0e1b ops/nixos: oops, try to fix my.scrapeJournal.addr 2022-01-01 15:14:02 +00:00
c91a42948d journal2clickhouse: init 2022-01-01 15:08:52 +00:00
c5119b4882 ops/nixos: enable HTTP gateway if Tailscale is configured 2022-01-01 12:40:13 +00:00
e182171916 ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
ab9dd5d35a common: remove nhs.uk IPv6 mapping 2021-12-24 02:27:15 +00:00
656df5ac5b common: add kitty.terminfo 2021-12-21 08:13:20 +00:00
29f7073384 ops/nixos: compatibility with NixOS 22.05 2021-12-07 19:13:04 +00:00
19782a9e63 ops/nixos: set group for isSystemUser users 2021-09-16 19:14:30 +00:00
23eda90726 ops/nixos/lib/common: add the running system hash to the exported metrics 2021-07-27 21:06:17 +00:00
dccdaa2608 common: map www.nhs.uk to Akamai IPv6 address 2021-05-21 15:21:29 +00:00
11066035e2 ops/nixos: add alacritty everywhere 2021-04-17 20:17:43 +01:00
e0241545d2 add mercurial to rundeck path 2021-04-10 22:17:28 +00:00
bfa7051e2f ops/nixos: tidy up hostnames 2021-04-10 20:15:30 +00:00
ecd086eae4 ops/nixos: set up things for generating rundeck nodes 2021-04-10 19:59:56 +00:00
5533fd502a ops/nixos: try setting searchDomains differently 2021-04-10 19:40:10 +00:00
2b8dce0920 depot-wide: overhaul GitLab CI configuration
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
2021-03-28 15:27:46 +00:00
35cc195717 common: remove everything from hosts files 2021-03-20 16:42:08 +00:00
4c78164384 ops/nixos/common: set search domains 2021-03-20 15:01:28 +00:00
be5eee48b3 switch-prebuilt: init 2021-03-20 12:39:23 +00:00
154db9706a lib/common: add deployer to trustedUsers 2021-03-20 12:34:01 +00:00
d8086e7042 ops/nixos: add jq everywhere 2021-03-20 12:11:45 +00:00
c51e5d478d lib/common: add --delete-older-than 2021-03-19 21:29:54 +00:00
e6f4d37982 ops/nixos: add fwupd to common 2021-01-30 18:47:12 +00:00
ef81a0c080 quotes.bfob.gg: add to clouvider-lon01 2021-01-19 23:41:47 +00:00
9dd18e2cdc ops/nixos/lib/common: add nixos_running_system/nixos_booted_system node metrics 2021-01-11 17:44:23 +00:00
6b95f54ca7 ops/nixos/lib/common: add systemd collector to all systems 2021-01-07 10:01:36 +00:00
9244e44518 ops/nixos/lib/common: add lukegb to 'audio' group 2020-12-03 03:00:40 +00:00
a589ca3e1f ops/nixos: remove propagatedBuildInputs from mercurial override 2020-11-25 13:12:36 +00:00
094f2334f8 ops/nixos/lib/home-manager: swap isDarwin for 'is external' check 2020-11-23 16:47:17 +00:00
26352c7065 ops/nixos: add ability to define additional things to be scraped, use this for coredns 2020-11-18 02:02:23 +00:00
a31599ad1b ops/nixos: add restic everywhere 2020-11-17 02:21:46 +00:00
4a0897b0cb ops/nixos: add new packages, move other packages around 2020-11-17 02:10:23 +00:00
17ac1212dd ops/nixos: add totoro as prometheus box; enable node-exporter everywhere 2020-11-06 04:52:54 +00:00
b58f13a145 ops/nixos: globally enable zramSwap 2020-11-05 02:03:20 +00:00
bad3be7574 ops: tweak SSH auth; add red solo SK-resident key 2020-11-05 01:50:16 +00:00