1
0
Commit Graph

590 Commits

Author SHA1 Message Date
98de6489f3 modules/nixfiles: Deploy system upgrade unit everywhere so updates can get startet remotely 2023-12-15 20:20:53 +01:00
d05f74ece9 modules/nixfiles: Specify dedicated system update times per host 2023-12-15 18:58:01 +01:00
0ea664287b users/isa: Move to users directory 2023-12-07 20:21:44 +01:00
01b1ce3caa pkgs/nixfiles: rename nixfiles-system-sync-to-hydra to nixfiles-system-upgrade 2023-12-01 18:02:44 +01:00
cff95863fd hosts/monitoring-3: Add alert for Synapse 2023-12-01 17:50:54 +01:00
2e68d00ca4 hosts/gatekeeper: update pubkey amy 2023-11-23 17:21:45 +01:00
203032d9f3 hosts/gatekeeper: add amy to wg-clrie 2023-11-22 21:38:31 +01:00
572fb59903 hosts/dn42-il-gw5,hosts/dn42-il-gw6: export routes to looking glass 2023-11-21 15:16:16 +01:00
5ad39391cf hosts/schule: remove host 2023-11-07 19:27:01 +01:00
9f77f2594c hosts/dn42-il-gw1,hosts/dn42-il-gw5,hosts/dn42-il-gw6,hosts/nonat: enable auto update 2023-11-05 22:30:31 +01:00
5fc75da28c hosts/zinc: enforce password for sudo 2023-11-05 13:41:46 +01:00
226e4198e0 hosts/monitoring-3: add synapse monitoring 2023-11-05 13:36:58 +01:00
4d4c5eed8c hosts/monitoring-3: add matrix server ping targets 2023-11-04 14:10:51 +01:00
43335679ed hosts/astatine: add user criese-nethinks 2023-10-29 20:06:30 +01:00
c013c4323a hosts/web-2: add install.nix.clerie.de 2023-10-25 21:45:38 +02:00
36e6d96d2c hosts/krypton: enable binfmt virt for aarch64-linux 2023-10-25 18:25:15 +02:00
5d870740b6 hosts/web-2: return known_hosts with proper mime type 2023-10-22 21:58:54 +02:00
24b8e750b5 pkgs/nixfiles: move nixfiles-auto-install to pkg 2023-10-20 23:45:43 +02:00
219c356e83 hosts/krypton: Update system 2023-10-17 16:45:09 +02:00
2e390e9ef9 hosts/web-2: update clerie.de 2023-10-12 22:16:44 +02:00
7ca735fa6d hosts/zinc: make sudo not require a password 2023-09-23 19:36:27 +02:00
9d310e9e8f hosts/zinc: enable gnome desktop 2023-09-23 17:55:26 +02:00
c2b1697fb5 hosts/zinc: move initrd stuff to seperate file 2023-09-22 21:00:43 +02:00
ac40659050 hosts/zinc: enable 5g modem via usb 2023-09-22 20:55:43 +02:00
3fb56cd9f3 host/zinc: rotate ssh host key 2023-09-22 20:30:35 +02:00
c46a031b39 modules/wireguard-initrd: add module for wireguard in initrd 2023-09-22 16:56:09 +02:00
08600173b9 hosts/krypton: add fractal-next 2023-09-22 16:32:57 +02:00
975e24b31a hosts/gatekeeper: add VPN connection for zinc initrd 2023-09-22 16:24:46 +02:00
2f22810091 hosts/gatekeeper: add wg-clerie zinc 2023-09-20 21:03:12 +02:00
ef3c2c0174 hosts/zinc: enable wg-clerie 2023-09-20 21:01:40 +02:00
eef227d45a hosts/zinc: add host 2023-09-20 20:35:47 +02:00
362a6fcf7f hosts/web-2: remove prediger workadventure map 2023-09-15 20:44:05 +02:00
1e22756876 hosts/web-2: host fieldpoc documentation 2023-09-15 20:43:09 +02:00
6fced94cb5 hosts/aluminium: enable new wg-clerie module 2023-09-15 20:24:25 +02:00
33b6731c59 hosts/hydra-1: Migrate from nix-serve to harmonia 2023-09-10 10:55:46 +02:00
e2f58fd25c hosts/web-2: Publish mitel-ommclient2 documentation using update-from-hydra 2023-09-09 14:15:24 +02:00
e515212708 hosts/web-2: deactive wetter.clerie.de because it requires nodejs that takes ages to build 2023-09-09 14:13:58 +02:00
553542071d hosts/osmium: deploy nixfiles inputs update script 2023-09-01 16:38:34 +02:00
e2dbc5244c hosts/krypton: add krita 2023-08-05 16:19:50 +02:00
deea08e0f9 hosts/krypton: update hardware configuration 2023-07-25 21:31:53 +02:00
6a3043d883 hosts/krypton: fix hibernate 2023-07-10 23:57:49 +02:00
fcc3f61fbd hosts/hydra-1: use localhost as builder too 2023-07-08 23:29:55 +02:00
c6a1e2531e hosts/krypton: add onlyoffice 2023-07-08 23:01:48 +02:00
25677a9e03 hosts/krypton: add xournalpp 2023-07-02 14:59:50 +02:00
9dae541043 modules/clerie-gc-dir: regularly clean up downloads directory 2023-07-01 11:59:12 +02:00
176075485f hosts/krypton: do not show systemd-boot selector on boot 2023-07-01 00:10:22 +02:00
1ff45a9068 hosts/monitoring-3: remove mail-1 from monitoring 2023-06-28 18:48:44 +02:00
942d226099 modules/backup: support excluding paths 2023-06-28 18:09:03 +02:00
80cc6522da hosts/krypton: enable backup 2023-06-20 20:36:53 +02:00
5ef293448d hosts/aluminium: add fieldpoc 2023-06-20 18:58:55 +02:00
14bc3b6fe8 hosts/aluminium: add ssh host key 2023-06-20 18:53:01 +02:00
dff3768ef3 hosts/krypton: add wg-clerie 2023-06-20 18:39:28 +02:00
376068a8e0 hosts/krypton: add ssh hostkey 2023-06-20 18:37:42 +02:00
11a5a520d8 modules/wg-clerie: migrate to age secrets 2023-06-20 18:36:28 +02:00
f07dbd3c53 hosts/krypton: do not dare using swap 2023-06-20 11:48:12 +02:00
cf3e4085b9 hosts/clerie: enable serial devices 2023-06-20 11:07:59 +02:00
3ec434470a configuration/desktop: cleanup config 2023-06-19 22:24:36 +02:00
417a739547 hosts/krypton,configuration/desktop: setup basic gnome environment 2023-06-19 22:20:47 +02:00
b481941eb2 hosts/krypton: add host 2023-06-19 19:45:28 +02:00
8936e6a8b5 hosts/web-2: add chaosevent.clerie.de 2023-06-13 17:53:45 +02:00
4715a5340e hosts/astatine: add guest user 2023-05-30 17:34:06 +02:00
5270f493b8 hosts/monitoring-3: Make alerting rules more relsilient against missing scrapes 2023-05-28 12:10:45 +02:00
ad137204c3 hosts/monitoring-3: tune altering rules for backups to reduce false positives 2023-05-25 04:33:43 +02:00
b77e9016d7 host/monitoring-3: add rule for backups that are behind 2023-05-24 08:41:35 +02:00
2205429088 hosts/mail-2: add to backup 2023-05-22 07:46:11 +02:00
eb611f9c57 hosts/mail-2: add to monitoring 2023-05-22 07:02:45 +02:00
22ed8fff6e hosts/mail-2: enable IPv6 in docker 2023-05-21 09:41:32 +02:00
dd20c29c70 hosts/mail-2: enable docker 2023-05-20 17:52:03 +02:00
196fcf30a0 hosts/mail-2: add ssh pubkey 2023-05-20 17:35:39 +02:00
919e054d6f host/mail-2: add host 2023-05-20 17:20:33 +02:00
4f01b4a8a1 hosts/clerie-backup,host/backup-4: restore missing htpasswd entries 2023-05-19 20:57:44 +02:00
628cc524a7 hosts/web-2: migrate to clerie-backup 2023-05-19 20:40:14 +02:00
05a2742a91 modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00
5fa2b58c3d hosts/backup-4: fix path to backup htpasswd 2023-05-16 09:28:44 +02:00
d241370821 hosts/clerie-backup,hosts/backup-4: change backup credentials for minecraft-2 2023-05-16 09:27:44 +02:00
98705a218c hosts/storage-2: set secrets permissions for nginx htpasswd 2023-05-16 08:13:12 +02:00
0393d26e71 flake.nix: update nixos-exporter and use provided modules 2023-05-09 11:56:53 +02:00
b4c5dc7c25 hosts/minecraft-2: test restic backup 2023-05-06 18:24:52 +02:00
2feb1b2b4c modules/monitoring: specify custom privateKeyFile path for wg-monitoring 2023-05-06 16:11:49 +02:00
f8328936b9 hosts/astatine: add monitoring secret 2023-05-06 15:40:42 +02:00
398067f533 hosts/monitoring-3: alert on averaged metrics 2023-05-04 14:43:14 +02:00
4834e5b91d hosts/dn42-ildix-service: add lookingglass 2023-05-04 14:35:30 +02:00
e9de141316 hosts/monioring-3: add more ping targets 2023-05-03 16:20:02 +02:00
a2deec6dfb hosts/web-2: radicale use secrets 2023-05-02 20:52:00 +02:00
bf0a8a31c3 hosts/storage-2: use secrets for basic auth 2023-05-02 20:40:30 +02:00
b60824e796 hosts/monitoring-3: use xmpp password from secrets 2023-05-02 20:27:03 +02:00
9982a4d710 hosts/hydra: use secrets for nix-cache 2023-05-02 20:14:02 +02:00
9d6a7b1c88 hosts/gatekeeper: add vpn secret 2023-05-02 19:57:21 +02:00
a34a637f48 hosts/dn42-il-gw1: migrate peering secrets to age 2023-05-02 19:52:02 +02:00
dcf8bc4035 modules/monitoring: migrate monitoring vpn secrets to age 2023-05-02 19:42:46 +02:00
cb12fb64cb hosts/web-2: expose know_hosts 2023-05-02 18:01:39 +02:00
d068fea2ce Add ssh public host keys 2023-05-02 10:33:56 +02:00
1cd9f1e52d hosts/backup-4: use secrets 2023-05-01 15:34:43 +02:00
1b8b074dc5 secrets: automatically detect and configure secrets 2023-05-01 15:08:54 +02:00
d2472c79ee lib/flake-helper.nix: Automatically load secrets from hosts secrets directory 2023-05-01 12:09:47 +02:00
09b043c26c Introduce agenix secrets management 2023-05-01 11:37:33 +02:00
f2d91c9820 hosts/dn42-il-gw1: e1mo endpoind changed 2023-04-30 19:25:02 +02:00
56a34de0cb hosts/clerie-backup,hosts/backup-4: add restic server backup nodes 2023-04-30 19:24:18 +02:00
f8ab76d163 hosts/storage-2: expose media directory via http 2023-04-29 21:03:02 +02:00
c2786dbeb3 hosts/storage-2: cleanup unused services 2023-04-29 18:56:50 +02:00
7570974a67 hosts/clerie-backup: swap backup storage 2023-04-25 14:46:49 +02:00
4647bf8d48 hosts/nonat: add blackbox exporter 2023-04-24 21:00:35 +02:00
c8acc39d8d modules/wg-clerie: add module for public IPv6 vpn 2023-04-23 15:31:54 +02:00
93f1fa77e0 hosts/palladium: prevent borg filling up root partition 2023-04-23 15:00:42 +02:00
882df0098f hosts/monitoring-3: alert for all storage drives when they are full 2023-04-22 18:30:51 +02:00
dcd8c37014 hosts/hydra-1,hosts/hydra-2,hosts/schule: migrate ssh settings 2023-04-21 22:07:54 +02:00
de8a485779 hosts/monitoring: use correct instance for backup storage monitoring rule 2023-04-18 22:52:52 +02:00
127d8bbb2e hosts/clerie-backup: remove unused backup repos 2023-04-18 22:46:15 +02:00
6fdbd10054 hosts/backup-4: add repo for krypton 2023-04-18 20:39:35 +02:00
fcb15969e8 hosts/backup-4: remove rsnapshot service 2023-04-18 19:54:15 +02:00
bfa57cd723 hosts/hydra-1: disable localhost build 2023-04-18 17:17:14 +02:00
4326867c4b hosts/osmium: tune garbage collector 2023-04-17 07:06:55 +02:00
d5f82fd794 hosts/hydra-1: allow root login 2023-04-17 06:33:45 +02:00
4b8a678873 hosts/hydra-*: enable ARM build on hydra 2023-04-16 16:17:13 +02:00
c68004f02e hosts/monitoring-3: add hydra monitoring 2023-04-16 16:01:45 +02:00
f62ceb8d2f hosts/osmium: Enable cross compiling 2023-04-16 15:31:30 +02:00
38edb24fca hosts/astatine: add to monitoring 2023-04-04 22:16:08 +02:00
0e4f3cce46 hosts/astatine: add event management vpn 2023-04-04 21:30:56 +02:00
622ea3fc64 hosts/gatekeeper: add vpn for astatine 2023-04-04 21:07:37 +02:00
5206cbac8d hosts/astatine: add host 2023-04-04 21:01:44 +02:00
41cd4792a6 hosts/monitoring-3: Replace InstanceUp alert with KernelChanged 2023-03-25 20:42:17 +01:00
62d2e6429a hosts/web-2: proper redirects for imprint 2023-03-22 22:51:19 +01:00
fd4e6aeae3 hosts/web-2: implement redirects for blog.clerie.de 2023-03-22 22:41:33 +01:00
c53b3e964b hosts/web-2: add legal.clerie.de 2023-03-22 22:27:36 +01:00
2085d8dda8 hosts/web-2: Do not log WebDAV Access 2023-03-15 22:50:08 +01:00
c554108bc7 hosts/web-2: configure logging for ip.clerie.de 2023-03-15 21:00:53 +01:00
66187e605a hosts/web-2: Tune logging for some vhosts 2023-03-15 20:32:18 +01:00
93ec60a43f hosts/web-2: update clerie.de 2023-03-09 21:51:08 +01:00
dbc008769e hosts/dn42-ildix-service: prepare BGP setup 2023-02-28 20:50:26 +01:00
1783a97ccb hosts/dn42-ildix-service: init host 2023-02-28 19:32:24 +01:00
6e62975666 hosts/_iso: fix bash syntax 2023-02-28 19:07:33 +01:00
1087715a1b hosts/_iso: add auto install script 2023-02-26 22:32:26 +01:00
bdbe54a3f8 hosts/_iso: customize baseName 2023-02-26 19:40:19 +01:00
01a5bcce57 add custom nixos install iso 2023-02-26 18:55:21 +01:00
c22975bdcd hosts/dn42-ildix-clerie: make publicly reachable 2023-02-26 11:10:08 +01:00
deefb9c312 hosts/clerie-backup: replicate to hetzner storage 2023-02-25 23:24:41 +01:00
2fd7a4c5aa hosts/monitoring-3: add monitoring of mercury 2023-02-24 23:47:46 +01:00
0a2bb76f40 hosts/hydra-1: use nix-serve-ng 2023-02-24 23:11:21 +01:00
ae1f68ac36 hosts/storage-2: add device to syncthing 2023-02-20 10:10:48 +01:00
403a58d266 hosts/storage-2: make music availiable via syncthing 2023-02-18 10:58:43 +01:00
7d04db9809 hosts/web-2: add drop.clerie.de shortlink for sending files 2023-02-17 22:42:13 +01:00
5649fd8b91 hosts/storage-2: prevent youtube-dl downloading tracks again and again and again 2023-02-17 22:02:27 +01:00
4626b87dcb hosts/carbon: make kea retry a couple of time for attaching to interfaces 2023-02-17 20:48:15 +01:00
cc501fc898 hosts/hydra-1: apply workaround for broken nix-serve 2023-02-10 23:32:34 +01:00
39869f4c8b hosts/hydra-2: fix typo in ip address 2023-02-06 14:19:04 +01:00
9849e4868d hosts/monitoring-3: Use solid-xmpp-alarm 2023-02-06 13:38:16 +01:00
8d623692c7 hosts/mail-1: Move monitoring config for manually managed host to config directly 2023-02-06 12:51:20 +01:00
9ee8585716 Replace lib/hosts.nix with an injected special argument containing the nix flake 2023-02-06 12:20:59 +01:00
8748015acc hosts: remove explicit per host configuration/common import 2023-02-05 21:19:05 +01:00
38567829f1 hosts/monitoring-3: alert on out of sync host system 2023-02-04 01:15:07 +01:00
4fffc64c35 hosts/monitoring-3: validate nixos hash versions 2023-02-04 00:57:55 +01:00
6082fb0744 hosts/monitoring-3: split host config to multiple files 2023-02-03 22:28:50 +01:00
0a1311252b hosts/schule: remove mongodb due to license issues 2023-02-03 21:40:51 +01:00
44148007fc hosts/monitoring-3: update changed option names 2023-02-03 21:23:26 +01:00
230cd17208 hosts/carbon: block incoming connections 2023-02-03 01:02:13 +01:00
f05567cbce hosts/carbon: enable mss clamping 2023-02-03 00:41:40 +01:00
5bb88492c2 hosts/storage-2: optimize music scraper 2023-01-18 20:40:45 +01:00
5a387c3c23 hosts/monitoring-3: update dashboard 2023-01-08 15:23:19 +01:00
cfd746fddb Introduce service levels and change alert routing based on this 2023-01-05 23:16:50 +01:00
30e22dff8d hosts/monitoring-3: use primary fqdn for instance label in prometheus 2023-01-05 22:02:48 +01:00
1dfba9663a activate NixOS monitoring in prometheus 2023-01-02 21:43:43 +01:00
1b0b4e2d95 hosts/beryllium: disable firewall 2022-12-30 17:47:12 +01:00
1ba4c66697 hosts/aluminium: use policyrouting for IPv4 too 2022-12-30 17:46:11 +01:00
bba5d8c044 hosts/beryllium: use named routing table 2022-12-29 22:50:34 +01:00
b3ef4e6bde hosts/beryllium: add management tunnel 2022-12-29 17:02:22 +01:00
8e96523837 hosts/beryllium: add host 2022-12-29 16:46:51 +01:00
6d89551808 hosts/storage-2: add bahnansagen 2022-12-29 16:16:13 +01:00
33195da4d7 host/aluminium: assign static management ip 2022-12-28 01:25:12 +01:00
2cfc9f1387 hosts/aluminium: init host 2022-12-28 00:39:35 +01:00
2e9da82d94 hosts/schule: add host 2022-12-09 23:24:09 +01:00
a6b7467aa9 hosts/hydra-1: Propagate own nix-cache when diplaying nix-env commands 2022-12-07 20:19:58 +01:00
91e6a42ea3 hosts/porter: add scholl service proxy 2022-12-05 20:45:00 +01:00
607fdde5fd hosts/web-2: fix data type of meowing 2022-11-29 20:55:48 +01:00
686c587587 hosts/hydra-1: display help page for nix cache 2022-11-18 23:59:00 +01:00
8ddfcf6c17 hosts/hydra-1: add nix-cache.clerie.de 2022-11-13 16:38:18 +01:00
df4e162a9b hosts/web-2: add tap.clerie.de 2022-11-08 17:04:03 +01:00
273e729eba hosts/carbon: add blackbox exporter 2022-11-02 18:46:24 +01:00
be5b1c1baf hosts/monitoring-3: move to blackbox monitoring 2022-10-31 22:54:06 +01:00
eefd8af665 hosts/storage-2: add share service 2022-10-31 21:46:54 +01:00
02c05983e6 hosts/hydra-1: pin buildmachine user 2022-10-18 07:11:20 +02:00
6dc04a8581 replace fetchGit with pkgs.fetchgit 2022-10-17 23:03:09 +02:00
ecd2885037 hosts/hydra-1: make ssh key accessible to hydra and pin hydra-2 host key 2022-10-17 21:09:58 +02:00
a48547445a hosts/hydra-1: ping remote builder host key 2022-10-16 12:50:16 +02:00
63d0f4b42f hosts/hydra-2: remove ssh command, because it doesn't work 2022-10-15 17:58:59 +02:00
fa025a7a65 hosts/hydra-*: enable distributed builds 2022-10-15 16:04:40 +02:00
701f8bd41f hosts/hydra-2: add host 2022-10-15 13:09:48 +02:00
4027b812a2 hosts/hydra-1: allow hydra to utilize cache 2022-10-14 14:53:39 +02:00
3d48949629 hosts/hydra: add http to restricted mode allow urls 2022-10-02 22:12:19 +02:00
f67a810a2b hosts/hydra-1: add hydra service 2022-10-02 17:46:39 +02:00
efe47bacb1 hosts/hydra-1: add new host 2022-10-02 16:51:23 +02:00
e9414209f5 hosts/monitoring-3: alert for hosts that just booted 2022-10-02 11:59:37 +02:00
2f91b7cd75 modules/chisel: Create proper module and lock down service 2022-09-29 19:02:05 +02:00
1d8b007b95 hosts/carbon: Remove from overlay network 2022-09-29 18:15:10 +02:00
ce10724700 hosts/osmium: Set custom garbage collector interval 2022-09-29 17:44:05 +02:00
75f612a857 hosts/porter: Add snowflake 2022-09-29 17:36:16 +02:00
b016e76f09 hosts/porter: Put chisel behind nginx 2022-09-28 22:47:52 +02:00
d54c8a6853 gatekeeper: Remove host from overlay network 2022-09-28 20:07:14 +02:00
c456f09dbf nonat: Remove host from overlay network 2022-09-28 19:55:37 +02:00
9c4672182a porter: Remove node from overlay network 2022-09-28 19:31:22 +02:00
5a46d7662e gatekeeper: Remove unused firewall rule that blocks all IPv4 DNS traffic as a side effect 2022-09-27 12:04:27 +02:00