raito
3c9b077bb2
feat: add more admins tools from lix infra
...
We had this in our equivalent file.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
6d3e14ec27
feat: finer-grained ACLs for server accesses
...
In the process of adding multi-tenant infrastructure, it seems relevant
to add finer-grained ACLs.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:20:19 +02:00
raito
f321ab6450
users: add winterqt
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-28 21:09:06 +02:00
raito
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
raito
c969625b0f
fix(sniproxy): outside/inside of infra, the ingress IPs are different
...
In my infrastructure, the source node is 99::1, outside of my infra,
it's ::1.
All of this machinery was never really meant to be used on this scale,
so oopsie.
We should build our own sniproxy at some point.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-30 19:01:44 +02:00
raito
0eaaf860d1
feat(common): enable system wide diff in the activation output
...
This helps me to review what changes could be problematic in advance.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 20:43:00 +02:00
Pierre Bourdon
ce3a40671c
acme: make ToS and contact config common
2024-08-16 09:03:08 +02:00
Pierre Bourdon
50fadb45e2
common: define TZ in base server configs, remove heretical host-specific configuration
2024-08-13 22:38:40 +02:00
Pierre Bourdon
37bcb261ab
ssh-keys: add build-coord, rekey secrets
2024-08-13 22:36:30 +02:00
raito
3f2909dd8a
public-keys: add public01 SSH host key
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-13 19:15:05 +02:00
Yureka
b1c28cfc7c
bagel-cache.s3-web.delroth.net -> cache.forkos.org
2024-08-06 13:26:15 +02:00
Tom Hubrecht
8390caee53
users: Add thubrecht
2024-07-23 23:14:39 +02:00
hexchen
1b82c2f8fd
common/{admin,ssh-keys}: add hexchen
2024-07-23 23:07:12 +02:00
hexchen
26c5e56605
common/{admins,ssh-keys}: sort users
2024-07-23 23:06:17 +02:00
raito
56a04a6faf
buildbot: init
...
Reviewed-on: #68
2024-07-18 08:57:56 +00:00
raito
e00d0331ec
common/known-ssh-keys: init
...
Let's ensure that all our servers are aware of all host keys to avoid
host key verification issues when needed.
(example: buildbot → gerrit)
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito
c3394264ba
hosts/buildbot: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito
7789e9ce75
services/buildbot: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito
81fc914d79
feat: change the default shell to zsh
...
Reviewed-on: #59
2024-07-17 12:56:45 +00:00
emily
ab9caaf520
systems: add git.forkos.org
2024-07-16 15:44:08 +02:00
emily
d4caf7b71a
admins: add emilylange
2024-07-16 15:43:58 +02:00
Janik Haag
af515792cc
admins: add janik
2024-07-13 01:10:39 +00:00
Janik Haag
bed5ef022f
change the default user shell to zsh
2024-07-12 19:50:34 +02:00
Yureka
329f267b02
enable nftables on all hosts
2024-07-11 02:05:35 +02:00
Pierre Bourdon
58325e30dd
common/nix: use bagel-cache by default
2024-07-10 18:17:30 +02:00
Pierre Bourdon
70e608a8f7
common: provide a pinned nixpkgs on all infra machines
2024-07-10 17:17:18 +02:00
Yureka
3cbdbc45f7
more quality of life improvements...
2024-07-10 15:54:30 +02:00
Ilya K
787b3af638
Add wob-vpn-gw key, rekey metrics push password for it
2024-07-10 15:13:05 +03:00
Ilya K
e608b92e4f
Add htop and btop to default machine config
2024-07-10 15:01:09 +03:00
Ilya K
9e7e6d42ab
Make nginx/loki/mimir go fast
2024-07-10 14:55:28 +03:00
Yureka
39d2352bbc
general quality of life improvements
2024-07-09 23:26:12 +00:00
Yureka
a7d21e96a0
add global hardening options
2024-07-09 23:26:12 +00:00
Pierre Bourdon
bc8ef7b5fc
ssh-keys: remove raito's key which is too NSA'd for agenix
2024-07-10 01:04:48 +02:00
Pierre Bourdon
61e8048445
sysadmin: remove pwru, does not build on latest nixpkgs
2024-07-10 01:01:27 +02:00
raito
f9f955214f
ssh-keys: add raito to secrets set
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:59:22 +02:00
Yureka
eb21cb6916
add baremetal builders
2024-07-10 00:35:01 +02:00
Yureka
c0e1d05b3c
admins: add yuka
2024-07-09 10:34:30 +02:00
raito
48579e8818
feat: add gdb
to sysadmin tooling
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-08 22:10:06 +00:00
Luke Granger-Brown
d4e9dcc2a6
admins: provision lukegb
...
hello I can be trusted with your infrastructure
2024-07-08 21:55:41 +00:00
raito
e803c198c1
admins: provision jade
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-07 13:15:27 +00:00
raito
578e24e634
systems: add fodwatch.forkos.org
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-07 13:15:27 +00:00
Ilya K
3ad481c125
Clean up SSH key dupes, add Maxine
2024-07-05 16:10:31 +00:00
raito
fa1bc1ced9
Merge pull request 'gerrit01: those who finetune even further' ( #20 ) from gerrit-finetuning into main
...
Reviewed-on: delroth/bagel-infra#20
2024-07-05 12:37:43 +00:00
raito
e27f152f00
common/base-server: use ambiant stable lix by default
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-05 13:29:47 +02:00
raito
6fb584109a
common/raito-vm: disable useDHCP
...
We are using networkd by default…
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-05 13:12:35 +02:00
raito
0b01e9a99f
gerrit01: those who finetune even further
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-05 12:23:44 +02:00
raito
832b0784d8
common/admins: add K900
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-04 23:57:05 +02:00
Pierre Bourdon
bf8fe65f9f
bagel-box: update ssh host key & rekey
2024-07-04 13:59:18 +02:00
raito
98a33e4300
gerrit01: init
...
With:
- A package hierarchy
- A source-based Gerrit deployment
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-01 21:22:36 +02:00
raito
e3f3c87c0d
meta01: init
...
Includes:
- Raito VM module
- Raito proxy aware NGINX module
- Base server module
- Sysadmin module
- New SSH keys
- Netbox module
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-01 19:40:37 +02:00