Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-05-22 | r/814 fix(ops/nixos): Pin systems to stable channel | Vincent Ambo | 1 | -1/+1 | |
NixOS unstable has some software I want when building things, but it's also broken. This pins systems to the stable channel for now. | |||||
2020-05-11 | r/711 feat(ops/nixos/camden): add /meet/ redirect to tvl.fyi | Luke Granger-Brown | 1 | -0/+2 | |
I'm too lazy to keep going to the website to click the button and also too lazy to add my own redirect. Add one to tvl.fyi. | |||||
2020-04-26 | r/695 feat(ops/nixos/camden): Enable SSH agent auth | Vincent Ambo | 1 | -0/+3 | |
2020-04-26 | r/693 fix(ops/nixos/camden): Use new //fun/idual CLI structure | Vincent Ambo | 1 | -1/+2 | |
2020-04-26 | r/690 feat(ops/nixos/camden): Disable camden firewall | Vincent Ambo | 1 | -1/+1 | |
The local network is considered trusted and ingress from the outside world is now handled by the Edgerouter. | |||||
2020-04-26 | r/688 feat(fun/idual && nixos/camden): Add light alarm systemd units | Vincent Ambo | 1 | -1/+11 | |
Adds a systemd unit to run the idual light alarm using a transient timer created by systemd-run. | |||||
2020-04-22 | r/669 fix(ops/nixos/camden): Introduce brute-force nginx issue fix | Vincent Ambo | 1 | -0/+19 | |
This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03 | |||||
2020-04-21 | feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden | Vincent Ambo | 1 | -0/+2 | |
2020-04-21 | feat(ops/nixos/camden): Use my cachix cache on camden | Vincent Ambo | 1 | -0/+8 | |
This cache is populated by sourcehut builds. | |||||
2020-04-21 | r/650 feat(ops/nixos/camden): Add vhost for TVL homepage | Vincent Ambo | 1 | -0/+15 | |
2020-04-21 | r/648 feat(ops/nixos/camden): Provision certificate for tvl.fyi | Vincent Ambo | 1 | -0/+7 | |
2020-04-20 | r/640 feat(ops/nixos/camden): Add static IPv6 address to camden | Vincent Ambo | 1 | -0/+7 | |
2020-04-19 | r/639 feat(ops/nixos/camden): Configure honk service | Vincent Ambo | 1 | -0/+18 | |
2020-04-19 | r/637 feat(ops/nixos/camden): Install honk | Vincent Ambo | 1 | -0/+1 | |
2020-04-04 | r/626 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in | Vincent Ambo | 1 | -0/+2 | |
2020-04-04 | r/623 chore(ops/nixos/camden): Use upstream tailscale module | Vincent Ambo | 1 | -18/+1 | |
2020-04-04 | r/618 feat(ops/nixos/camden): Enable RTMP support in nginx | Vincent Ambo | 1 | -1/+25 | |
This makes it possible to live-stream various things at rtmp://tazj.in/tvl | |||||
2020-03-01 | r/589 fix(ops/nixos/camden): Add required options for ACME updates | Vincent Ambo | 1 | -12/+17 | |
The implementation for provisioning ACME certificates has changed in nixos-unstable[0] and now requires a few extra options to be set. [0]: https://github.com/NixOS/nixpkgs/pull/77578 | |||||
2020-02-21 | r/567 fix(ops/nixos/camden): Add missing quote in nginx config | Vincent Ambo | 1 | -1/+1 | |
2020-02-21 | r/566 feat(ops/nixos/camden): Modify nginx log format | Vincent Ambo | 1 | -8/+8 | |
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver. | |||||
2020-02-21 | r/565 fix(ops/nixos/camden): Configure nginx to not log hostnames | Vincent Ambo | 1 | -1/+1 | |
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries. | |||||
2020-02-21 | r/564 feat(ops/nixos/camden): Install jq | Vincent Ambo | 1 | -0/+1 | |
2020-02-21 | r/563 feat(ops/nixos/camden): Forward logs to Stackdriver Logging | Vincent Ambo | 1 | -0/+8 | |
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually. | |||||
2020-02-21 | r/559 chore: Rename pkgs->depot in all Nix file headers | Vincent Ambo | 1 | -12/+11 | |
2020-02-17 | r/557 Merge branch 'fix/camden-trusted-users' | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | fix(ops/nixos/camden): Add myself to trusted Nix users | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/556 fix(ops/nixos/camden): Use pounce from //third_party | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | r/553 feat(ops/nixos/camden): Install pounce on camden | Vincent Ambo | 1 | -1/+8 | |
2020-02-17 | r/552 feat(ops/nixos/camden): Enable support for mosh | Vincent Ambo | 1 | -0/+2 | |
2020-02-14 | r/550 refactor(ops/nixos/camden): Merge ACME certificate blocks | Vincent Ambo | 1 | -11/+7 | |
2020-02-14 | r/549 feat(camden): Move to actual tazj.in hostnames | Vincent Ambo | 1 | -4/+15 | |
2020-02-12 | r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden | Vincent Ambo | 1 | -0/+21 | |
2020-02-12 | r/546 feat(ops/nixos/camden): Move ACME configuration out of nginx | Vincent Ambo | 1 | -4/+13 | |
This makes it possible to re-use the same provisioning mechanism for multiple related domains. | |||||
2020-02-12 | r/545 feat(ops/nixos/camden): Set up cgit service | Vincent Ambo | 1 | -5/+27 | |
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. | |||||
2020-02-11 | r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config type | Vincent Ambo | 1 | -8/+10 | |
2020-02-11 | r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs | Vincent Ambo | 1 | -1/+5 | |
This directory is writeable by me and is intended to make it easy to serve random blobs. | |||||
2020-02-11 | r/541 feat(ops/nixos/camden): Enable haveged entropy "generator" | Vincent Ambo | 1 | -3/+4 | |
2020-02-11 | r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blog | Vincent Ambo | 1 | -0/+53 | |
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later. | |||||
2020-02-11 | r/538 fix(ops/nixos/camden): Use package set from depot pin | Vincent Ambo | 1 | -2/+9 | |
2020-02-11 | r/537 feat(nix/tailscale): Add function for generating tailscale ACLs | Vincent Ambo | 1 | -1/+8 | |
... and use it on Camden! | |||||
2020-02-11 | r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh | Vincent Ambo | 1 | -3/+21 | |
2020-02-11 | r/534 feat(ops/nixos): Add initial configuration for host camden | Vincent Ambo | 1 | -0/+90 | |