infra

Author	SHA1	Message	Date
Raito Bezarius	9a04ef909b	feat(nixpkgs): run oxidized channel scripts We don't need weird Perl scripts where we are going. Here's a streaming channel-scripts deployment with plenty of bells, including OTLP. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-31 19:32:23 +02:00
Raito Bezarius	c969625b0f	fix(sniproxy): outside/inside of infra, the ingress IPs are different In my infrastructure, the source node is 99::1, outside of my infra, it's ::1. All of this machinery was never really meant to be used on this scale, so oopsie. We should build our own sniproxy at some point. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-30 19:01:44 +02:00
Raito Bezarius	0eaaf860d1	feat(common): enable system wide diff in the activation output This helps me to review what changes could be problematic in advance. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-23 20:43:00 +02:00
Pierre Bourdon	ce3a40671c	acme: make ToS and contact config common	2024-08-16 09:03:08 +02:00
Pierre Bourdon	50fadb45e2	common: define TZ in base server configs, remove heretical host-specific configuration	2024-08-13 22:38:40 +02:00
Pierre Bourdon	37bcb261ab	ssh-keys: add build-coord, rekey secrets	2024-08-13 22:36:30 +02:00
Raito Bezarius	3f2909dd8a	public-keys: add public01 SSH host key Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-13 19:15:05 +02:00
Yureka	b1c28cfc7c	bagel-cache.s3-web.delroth.net -> cache.forkos.org	2024-08-06 13:26:15 +02:00
Tom Hubrecht	8390caee53	users: Add thubrecht	2024-07-23 23:14:39 +02:00
hexchen	1b82c2f8fd	common/{admin,ssh-keys}: add hexchen	2024-07-23 23:07:12 +02:00
hexchen	26c5e56605	common/{admins,ssh-keys}: sort users	2024-07-23 23:06:17 +02:00
raito	56a04a6faf	buildbot: init Reviewed-on: #68	2024-07-18 08:57:56 +00:00
Raito Bezarius	e00d0331ec	common/known-ssh-keys: init Let's ensure that all our servers are aware of all host keys to avoid host key verification issues when needed. (example: buildbot → gerrit) Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-17 18:00:51 +02:00
Raito Bezarius	c3394264ba	hosts/buildbot: init Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-17 18:00:51 +02:00
Raito Bezarius	7789e9ce75	services/buildbot: init Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-17 18:00:51 +02:00
raito	81fc914d79	feat: change the default shell to zsh Reviewed-on: #59	2024-07-17 12:56:45 +00:00
emilylange	ab9caaf520	systems: add git.forkos.org	2024-07-16 15:44:08 +02:00
emilylange	d4caf7b71a	admins: add emilylange	2024-07-16 15:43:58 +02:00
Janik H.	af515792cc	admins: add janik	2024-07-13 01:10:39 +00:00
Janik H.	bed5ef022f	change the default user shell to zsh	2024-07-12 19:50:34 +02:00
Yureka	329f267b02	enable nftables on all hosts	2024-07-11 02:05:35 +02:00
Pierre Bourdon	58325e30dd	common/nix: use bagel-cache by default	2024-07-10 18:17:30 +02:00
Pierre Bourdon	70e608a8f7	common: provide a pinned nixpkgs on all infra machines	2024-07-10 17:17:18 +02:00
Yureka	3cbdbc45f7	more quality of life improvements...	2024-07-10 15:54:30 +02:00
K900	787b3af638	Add wob-vpn-gw key, rekey metrics push password for it	2024-07-10 15:13:05 +03:00
K900	e608b92e4f	Add htop and btop to default machine config	2024-07-10 15:01:09 +03:00
K900	9e7e6d42ab	Make nginx/loki/mimir go fast	2024-07-10 14:55:28 +03:00
Yureka	39d2352bbc	general quality of life improvements	2024-07-09 23:26:12 +00:00
Yureka	a7d21e96a0	add global hardening options	2024-07-09 23:26:12 +00:00
Pierre Bourdon	bc8ef7b5fc	ssh-keys: remove raito's key which is too NSA'd for agenix	2024-07-10 01:04:48 +02:00
Pierre Bourdon	61e8048445	sysadmin: remove pwru, does not build on latest nixpkgs	2024-07-10 01:01:27 +02:00
Raito Bezarius	f9f955214f	ssh-keys: add raito to secrets set Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-10 00:59:22 +02:00
Yureka	eb21cb6916	add baremetal builders	2024-07-10 00:35:01 +02:00
Yureka	c0e1d05b3c	admins: add yuka	2024-07-09 10:34:30 +02:00
Raito Bezarius	48579e8818	feat: add `gdb` to sysadmin tooling Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-08 22:10:06 +00:00
Luke Granger-Brown	d4e9dcc2a6	admins: provision lukegb hello I can be trusted with your infrastructure	2024-07-08 21:55:41 +00:00
Raito Bezarius	e803c198c1	admins: provision jade Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-07 13:15:27 +00:00
Raito Bezarius	578e24e634	systems: add fodwatch.forkos.org Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-07 13:15:27 +00:00
K900	3ad481c125	Clean up SSH key dupes, add Maxine	2024-07-05 16:10:31 +00:00
raito	fa1bc1ced9	Merge pull request 'gerrit01: those who finetune even further' (#20 ) from gerrit-finetuning into main Reviewed-on: delroth/bagel-infra#20	2024-07-05 12:37:43 +00:00
Raito Bezarius	e27f152f00	common/base-server: use ambiant stable lix by default Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-05 13:29:47 +02:00
Raito Bezarius	6fb584109a	common/raito-vm: disable `useDHCP` We are using networkd by default… Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-05 13:12:35 +02:00
Raito Bezarius	0b01e9a99f	gerrit01: those who finetune even further Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-05 12:23:44 +02:00
Raito Bezarius	832b0784d8	common/admins: add K900 Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-04 23:57:05 +02:00
Pierre Bourdon	bf8fe65f9f	bagel-box: update ssh host key & rekey	2024-07-04 13:59:18 +02:00
Raito Bezarius	98a33e4300	gerrit01: init With: - A package hierarchy - A source-based Gerrit deployment Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-01 21:22:36 +02:00
Raito Bezarius	e3f3c87c0d	meta01: init Includes: - Raito VM module - Raito proxy aware NGINX module - Base server module - Sysadmin module - New SSH keys - Netbox module Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-01 19:40:37 +02:00
Pierre Bourdon	04bd33e32c	infra: add agenix, add s3 credentials	2024-06-24 18:03:20 +02:00

48 commits