maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9955 commits 1 branch 0 tags 188 MiB
Commit graph

46 commits

Author SHA1 Message Date
Vincent Ambo
923ca074ff feat(ops/nixos/camden): Link to the TVL monorepo doc 2020-06-07 17:48:24 +01:00
Vincent Ambo
dcb39d3198 feat(ops/nixos/camden): Index nixpkgs in hound 
There is a local nixpkgs clone at /var/git/nixpkgs which must be
manually set to have 'master' point at the desired ref (hound only
supports master).
 2020-05-26 11:55:13 +01:00
Vincent Ambo
b9b741287a feat(ops/nixos/camden): Set up hound at cs.tazj.in 2020-05-26 00:19:27 +00:00
Vincent Ambo
68e384a77f ffeat(ops/nixos): Add a dummy to make depot available in modules 
Because modules are not called via the default depot setup (for now
...), this introduces a dummy module that stores the depot tree itself
in the module configurations.

This makes it possible to write modules that use packages from the
depot.
 2020-05-26 00:17:55 +00:00
Vincent Ambo
56261f1c08 fix(ops/nixos): Pin systems to stable channel 
NixOS unstable has some software I want when building things, but it's
also broken.

This pins systems to the stable channel for now.
 2020-05-22 20:50:25 +01:00
Luke Granger-Brown
9993b0beba feat(ops/nixos/camden): add /meet/ redirect to tvl.fyi 
I'm too lazy to keep going to the website to click the button
and also too lazy to add my own redirect.

Add one to tvl.fyi.
 2020-05-11 01:24:13 +01:00
Vincent Ambo
7ef00d0f27 feat(ops/nixos/camden): Enable SSH agent auth 2020-04-26 18:34:10 +01:00
Vincent Ambo
322a76cb7a fix(ops/nixos/camden): Use new //fun/idual CLI structure 2020-04-26 15:51:38 +01:00
Vincent Ambo
64894062a9 feat(ops/nixos/camden): Disable camden firewall 
The local network is considered trusted and ingress from the outside
world is now handled by the Edgerouter.
 2020-04-26 14:58:42 +01:00
Vincent Ambo
6644d0031d feat(fun/idual && nixos/camden): Add light alarm systemd units 
Adds a systemd unit to run the idual light alarm using a transient
timer created by systemd-run.
 2020-04-26 00:28:19 +01:00
Vincent Ambo
8465a5435b fix(ops/nixos/camden): Introduce brute-force nginx issue fix 
This adds a timer running every minute that fixes the nginx
permissions that were broken in NixOS 20.03
 2020-04-22 12:04:05 +01:00
Vincent Ambo
a488bd3702 feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden 2020-04-21 22:56:37 +01:00
Vincent Ambo
2ca4287cf0 feat(ops/nixos/camden): Use my cachix cache on camden 
This cache is populated by sourcehut builds.
 2020-04-21 22:55:32 +01:00
Vincent Ambo
6a2beb5a6a feat(ops/nixos/camden): Add vhost for TVL homepage 2020-04-21 03:17:30 +01:00
Vincent Ambo
1229621d7b feat(ops/nixos/camden): Provision certificate for tvl.fyi 2020-04-21 03:05:03 +01:00
Vincent Ambo
d6f5ca7caf feat(ops/nixos/camden): Add static IPv6 address to camden 2020-04-20 17:06:19 +01:00
Vincent Ambo
0f0f1a547f feat(ops/nixos/camden): Configure honk service 2020-04-19 22:58:41 +00:00
Vincent Ambo
688175c1f7 feat(ops/nixos/camden): Install honk 2020-04-19 23:30:19 +01:00
Vincent Ambo
e90e3153f8 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in 2020-04-04 21:49:03 +01:00
Vincent Ambo
f43294cd90 chore(ops/nixos/camden): Use upstream tailscale module 2020-04-04 13:17:18 +01:00
Vincent Ambo
9caf09a244 feat(ops/nixos/camden): Enable RTMP support in nginx 
This makes it possible to live-stream various things at rtmp://tazj.in/tvl
 2020-04-04 01:39:37 +00:00
Vincent Ambo
814729bd04 fix(ops/nixos/camden): Add required options for ACME updates 
The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578
 2020-03-01 01:11:28 +00:00
Vincent Ambo
68d1d87a9b fix(ops/nixos/camden): Add missing quote in nginx config 2020-02-21 16:12:48 +00:00
Vincent Ambo
25d8e7ce25 feat(ops/nixos/camden): Modify nginx log format 
This log format contains more structured and correctly typed
information, which I can now use for dashboards and stuff in Stackdriver.
 2020-02-21 16:10:08 +00:00
Vincent Ambo
1e51a2135d fix(ops/nixos/camden): Configure nginx to not log hostnames 
Hostname prefixes break JSON serialisation, leading to useless
Stackdriver Logging entries.
 2020-02-21 16:01:54 +00:00
Vincent Ambo
703aebe6a9 feat(ops/nixos/camden): Install jq 2020-02-21 15:43:07 +00:00
Vincent Ambo
6e4df43f62 feat(ops/nixos/camden): Forward logs to Stackdriver Logging 
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.

The service account key for camden has been placed on the machine
manually.
 2020-02-21 15:35:51 +00:00
Vincent Ambo
4bbbb58cb5 chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
Vincent Ambo
0e54b3eb6a Merge branch 'fix/camden-trusted-users' 2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7 fix(ops/nixos/camden): Add myself to trusted Nix users 2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b fix(ops/nixos/camden): Use pounce from //third_party 2020-02-17 00:52:07 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx 
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
 2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service 
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
 2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs 
This directory is writeable by me and is intended to make it easy to
serve random blobs.
 2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog 
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
 2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs 
... and use it on Camden!
 2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00