Commit graph

629 commits

Author SHA1 Message Date
fe09e44c5c porcorosso: block i2c-nvidia-gpu, causes X11 to fail to init 2022-01-07 12:51:18 +00:00
bac7e1fb69 porcorosso: remove blast config 2022-01-07 12:42:55 +00:00
05be94e4d7 ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken.

At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has
DNSKEY records but there's no matching DS record at .com for it.

There are also other reports: https://github.com/systemd/systemd/issues/12388

tl;dr: it just doesn't work, let's not use that.
2022-01-08 12:09:26 +00:00
506a584dea totoro: set up podman socket support 2022-01-08 12:08:04 +00:00
9e79ad0cfa bvm-radius: add new roaming2.ja.net IPs 2022-01-07 11:49:24 +00:00
5001971b87 totoro: add bvm-.* alerts 2022-01-06 17:51:39 +00:00
6ab12dcad5 ops/nixos: rm marukuru 2022-01-06 15:55:21 +00:00
d79265ddad ops/nixos: tidy up security.acme 2022-01-04 14:00:45 +00:00
de71fd5c9a ops/nixos/lib/common: add global DNS servers 2022-01-04 13:32:56 +00:00
8cc6e2001a ops/nixos: create permanent quotesdb user
Stop relying on DynamicUser because it messes a bit with postgres' auth.
2022-01-01 21:49:23 +00:00
3318874168 marukuru: remove heptapod{,-runner} 2022-01-01 21:31:01 +00:00
67b038c2bc ops/nixos/common: turn off logRefusedConnections - it's super noisy 2022-01-01 20:56:41 +00:00
37e36418a1 bvm-logger: add custom clickhouse config
Just make it less spammy into the journal, sheesh.
2022-01-01 16:31:05 +00:00
730d057e18 bvm-logger: enable journal2clickhouse for real 2022-01-01 15:24:32 +00:00
7b4e6c0e1b ops/nixos: oops, try to fix my.scrapeJournal.addr 2022-01-01 15:14:02 +00:00
c91a42948d journal2clickhouse: init 2022-01-01 15:08:52 +00:00
c5119b4882 ops/nixos: enable HTTP gateway if Tailscale is configured 2022-01-01 12:40:13 +00:00
1f13fd811d coredns: bind to specific interfaces/IPs 2022-01-01 09:03:25 +00:00
8e28b5bbfe ops/nixos: drop Google/AS15169 routes from Veloxserv to prefer RouteServer 2022-01-01 03:02:55 +00:00
bfd08b08cf ops/nixos: add fastly passive peer 2022-01-01 02:39:01 +00:00
6cfcd10e06 swann: use the router's public IP when making connections
For v6, the link is on an unrouted subnet so there's no way to address it from
outside. We don't want Linux to use the v6 subnet for connections it makes, so
we ask politely that the source on the route is actually an IP address that we
Like.
2022-01-01 02:11:59 +00:00
3458c7766e swann: switch from prod.euw1.riotgames.com to euw1.api.riotgames.com
The former appears to resolve, but no longer respond to ICMP ping (even from a
different network).  Switch to the documented API endpoint, which still
responds to ICMP ping.
2022-01-01 01:31:56 +00:00
3e98fae657 bvm-heptapod: autoStart deployer container 2022-01-01 00:43:15 +00:00
e182171916 ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
297e9c97e7 bvm-heptapod: add deployer container 2022-01-01 00:22:35 +00:00
8b3e77de1e swann: coredns shouldn't bind to 127.0.0.53 because systemd-resolved wants it 2021-12-31 23:52:57 +00:00
afc4834723 porcorosso: enable TLP for battery saving in laptop mode 2021-12-31 23:52:40 +00:00
a35a702e7d ops/nixos: disable avahi
We're using systemd-resolved, so just disable Avahi now.
2021-12-31 23:51:35 +00:00
f35a79444c ops/nixos: add better support for specialisations 2021-12-31 23:51:09 +00:00
060f2cf96b nhsenglandtests: init 2021-12-31 07:00:32 +00:00
66d1ae3939 lib/hm/graphical-client-wayland: add mako 2021-12-31 04:48:51 +00:00
2d77689ed9 howl: enable bluetooth 2021-12-31 04:47:53 +00:00
6cb1af2f35 ops/nixos: start using systemd-resolved 2021-12-28 18:42:42 +00:00
837f7074ac ops/nixos: fix MAC address for vl-linx 2021-12-27 06:50:12 +00:00
a41abf3d6e ops/nixos/lib/hm: add element-desktop/element-desktop-wayland 2021-12-27 02:58:53 +00:00
ab9dd5d35a common: remove nhs.uk IPv6 mapping 2021-12-24 02:27:15 +00:00
ca6de1910d swann: services.unifi.openPorts -> openFirewall 2021-12-24 02:03:36 +00:00
05aea7f5f1 ops/nixos: migrate from services.redis to services.redis.servers."" 2021-12-24 02:02:57 +00:00
e55a824929 bvm-logger: install clickhouse 2021-12-24 01:50:59 +00:00
4e4e8de984 ops/nixos: init bvm-logger 2021-12-23 04:11:39 +00:00
69db0e2a98 baserow: add nginx to baserow group too 2021-12-21 08:31:11 +00:00
c7a9d4ef76 baserow: tweak umask for opendkim... 2021-12-21 08:22:01 +00:00
1c97d3cd15 baserow: add postfix to opendkim group 2021-12-21 08:19:27 +00:00
656df5ac5b common: add kitty.terminfo 2021-12-21 08:13:20 +00:00
ee2598c29b baserow: oops, need the config argument 2021-12-21 08:12:39 +00:00
455856d7c0 baserow: enable postfix (totoro) 2021-12-21 08:11:38 +00:00
93a070870a nix/pkgs/baserow: hooray, it works 2021-12-21 05:48:40 +00:00
576896970a bvm-heptapod: add more heptapod 2021-12-18 04:15:53 +00:00
5eb7f7102f bvm-heptapod: init 2021-12-17 01:28:39 +00:00
fee02312d3 blade-tuvok: move public interface off a VLAN
Previously, the public/internal interfaces were VLANned onto the same NIC. For
some reason, sometime the Emulex adapters seem to end up not getting configured
properly, which causes me no end of pain when I spend time trying to debug why
none of my VMs can see the internet anymore.

Instead of doing this, put the public interface onto its own actual virtual
network interface.
2021-12-17 00:27:24 +00:00