about summary refs log tree commit diff
path: root/ops/machines/whitby
AgeCommit message (Collapse)AuthorFilesLines
2021-05-23 r/2610 feat(whitby): Enable fail2banGriffin Smith1-0/+2
I like running fail2ban on any machine that has stuff like ssh world-open, to limit the potential for password brute-force attacks etc. Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-22 r/2606 feat(ops/owothia): Add owothia module and deploy on whitbyVincent Ambo1-0/+8
This configures owothia to use her new bouncer to HackInt. Change-Id: I80eb8191c2b0f2a6f8a31d19b60250ade27c1913 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3129 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2604 chore(whitby): Move clbot to HackIntVincent Ambo1-9/+7
Points clbot at the new local ZNC instead. This will make it part of the things happening through the `tvlbot` account. Relates to b/101 Change-Id: I1c15ffa5720d3af34475c15bee3fdaa537ac659b Reviewed-on: https://cl.tvl.fyi/c/depot/+/3127 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2602 chore(whitby): Move irccat & panettone notifications to HackIntVincent Ambo1-5/+4
Change-Id: I6bd5c183d2c1c28b8c6b0201bdf22a66333d4aea Reviewed-on: https://cl.tvl.fyi/c/depot/+/3131 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2600 feat(whitby): Add shadowsocks serverFlorian Klink1-1/+8
This adds a shadowsocks service, running on port 8443, tcp and udp. The password is read from /etc/secrets/shadowsocks-secret.sec, and needs to be populated externally. Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 r/2598 feat(whitby): Initial ZNC configurationVincent Ambo1-0/+27
Bouncer to be used for TVL's IRC bots, see b/101 Change-Id: Ic9f71ecd94365d3baa31e0552b1ce16362f94557 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3124 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-05-05 r/2567 feat(ops/www): Configure atward.tvl.fyi and its aliasesVincent Ambo1-0/+1
Change-Id: I20dfb057f8184899226bcb4527010a6982d426f0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3094 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-03 r/2562 feat(ops): Add NixOS module for atwardVincent Ambo1-0/+4
Very standard, nothing fancy. Change-Id: Ibb286f221a4752abfb62e971b98e9496357040f5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3090 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-04-14 r/2511 feat(ops/modules): Add module for automatically collecting garbageVincent Ambo1-0/+10
Adds a module that automatically collects garbage based on disk space thresholds, and configures it to run hourly on whitby. This is implemented as an alternative to cl/2937, which I've been told uses a Nix feature that doesn't actually work. Under-the-hood this is simply a systemd timer running a shell script which checks available disk space and runs GC when necessary. Change-Id: I3c6b5de85b74ea52e7e16c53f2f900e0911c9805 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3014 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-13 r/2500 feat(whitby/grafana): use CAS SSOLuke Granger-Brown1-0/+52
There's a hard-coded list of Admin usernames for the moment. We should revisit this and get an actual groups setup in LDAP that's propagated through... Change-Id: Ic3601f1a9753573076769f4912038e9f1b60e139 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2982 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 r/2498 feat(whitby): Enable Grafana at status.tvl.suVincent Ambo1-4/+22
Enables a Grafana service pointing to whitby's local Prometheus instance, accessible at status.tvl.su. I've no idea how to configure Grafana and if it's possible to link it to CAS, but we'll see about that later. Notes: * the explicit fixpoint for whitby config has been removed as we have the `config` parameter available now * backups are enabled for the Grafana storage location Change-Id: If5ffe0c1a3378d1c88529129487c643642705fd2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2948 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 r/2497 refactor: Replace 'depotPath' with 'depot.path'Vincent Ambo1-20/+20
Instead of having two ways of accessing the path to the depot (one of which was stuttering, depot.depotPath) we settle on only one: depot.path. This was mostly used for NixOS module imports. Co-Authored-By: Florian Klink <flokli@flokli.de> Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 r/2493 feat(whitby): Enable Prometheus instance on whitbyVincent Ambo1-1/+24
Enables Prometheus with a local node exporter, and nothing else for now. Some additional collectors have been enabled for things that might be relevant on whitby: * systemd: all our services run in systemd * processes: might be interesting for build-related stats * logind: might be interesting for interactive usage stats Change-Id: I48dacdd9c68b4be9edff7b3cb6256dad562498c4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2930 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-12 r/2485 refactor(users/glittershark): Rename to grfnGriffin Smith1-3/+3
Rename my //users directory and all places that refer to glittershark to grfn, including nix references and documentation. This may require some extra attention inside of gerrit's database after it lands to allow me to actually push things. Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 r/2482 refactor(ops): Split //ops/nixos into different locationsVincent Ambo3-0/+470
Splits //ops/nixos into: * //ops/nixos.nix - utility functions for building systems * //ops/machines - shared machine definitions (read by readTree) * //ops/modules - shared NixOS modules (skipped by readTree) This simplifies working with the configuration fixpoint in whitby, and is overall a bit more in line with how NixOS systems in user folders currently work. Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: glittershark <grfn@gws.fyi>