about summary refs log tree commit diff
path: root/ops/nixos/camden (follow)
AgeCommit message (Collapse)AuthorFilesLines
2020-06-11 r/901 fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timerVincent Ambo1-1/+1
2020-06-11 r/898 feat(ops/nixos/modules): Add TVL slapd moduleVincent Ambo1-0/+1
This initialises an OpenLDAP server for tvl.fyi This is the least annoying way to bootstrap Gerrit. Yep.
2020-06-11 r/897 feat(ops/nixos): Add module for configuring Gerrit for the repoVincent Ambo1-1/+19
2020-06-11 r/896 chore(ops/nixos/camden): Move camden back to nixos-unstableVincent Ambo1-1/+1
2020-06-07 r/885 feat(ops/nixos/camden): Link to the TVL monorepo docVincent Ambo1-0/+2
2020-05-26 r/858 feat(ops/nixos/camden): Index nixpkgs in houndVincent Ambo1-0/+8
There is a local nixpkgs clone at /var/git/nixpkgs which must be manually set to have 'master' point at the desired ref (hound only supports master).
2020-05-26 r/855 feat(ops/nixos/camden): Set up hound at cs.tazj.inVincent Ambo1-2/+30
2020-05-26 r/853 ffeat(ops/nixos): Add a dummy to make depot available in modulesVincent Ambo1-0/+5
Because modules are not called via the default depot setup (for now ...), this introduces a dummy module that stores the depot tree itself in the module configurations. This makes it possible to write modules that use packages from the depot.
2020-05-22 r/814 fix(ops/nixos): Pin systems to stable channelVincent Ambo1-1/+1
NixOS unstable has some software I want when building things, but it's also broken. This pins systems to the stable channel for now.
2020-05-11 r/711 feat(ops/nixos/camden): add /meet/ redirect to tvl.fyiLuke Granger-Brown1-0/+2
I'm too lazy to keep going to the website to click the button and also too lazy to add my own redirect. Add one to tvl.fyi.
2020-04-26 r/695 feat(ops/nixos/camden): Enable SSH agent authVincent Ambo1-0/+3
2020-04-26 r/693 fix(ops/nixos/camden): Use new //fun/idual CLI structureVincent Ambo1-1/+2
2020-04-26 r/690 feat(ops/nixos/camden): Disable camden firewallVincent Ambo1-1/+1
The local network is considered trusted and ingress from the outside world is now handled by the Edgerouter.
2020-04-26 r/688 feat(fun/idual && nixos/camden): Add light alarm systemd unitsVincent Ambo1-1/+11
Adds a systemd unit to run the idual light alarm using a transient timer created by systemd-run.
2020-04-22 r/669 fix(ops/nixos/camden): Introduce brute-force nginx issue fixVincent Ambo1-0/+19
This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03
2020-04-21 feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camdenVincent Ambo1-0/+2
2020-04-21 feat(ops/nixos/camden): Use my cachix cache on camdenVincent Ambo1-0/+8
This cache is populated by sourcehut builds.
2020-04-21 r/650 feat(ops/nixos/camden): Add vhost for TVL homepageVincent Ambo1-0/+15
2020-04-21 r/648 feat(ops/nixos/camden): Provision certificate for tvl.fyiVincent Ambo1-0/+7
2020-04-20 r/640 feat(ops/nixos/camden): Add static IPv6 address to camdenVincent Ambo1-0/+7
2020-04-19 r/639 feat(ops/nixos/camden): Configure honk serviceVincent Ambo1-0/+18
2020-04-19 r/637 feat(ops/nixos/camden): Install honkVincent Ambo1-0/+1
2020-04-04 r/626 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.inVincent Ambo1-0/+2
2020-04-04 r/623 chore(ops/nixos/camden): Use upstream tailscale moduleVincent Ambo1-18/+1
2020-04-04 r/618 feat(ops/nixos/camden): Enable RTMP support in nginxVincent Ambo1-1/+25
This makes it possible to live-stream various things at rtmp://tazj.in/tvl
2020-03-01 r/589 fix(ops/nixos/camden): Add required options for ACME updatesVincent Ambo1-12/+17
The implementation for provisioning ACME certificates has changed in nixos-unstable[0] and now requires a few extra options to be set. [0]: https://github.com/NixOS/nixpkgs/pull/77578
2020-02-21 r/567 fix(ops/nixos/camden): Add missing quote in nginx configVincent Ambo1-1/+1
2020-02-21 r/566 feat(ops/nixos/camden): Modify nginx log formatVincent Ambo1-8/+8
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 r/565 fix(ops/nixos/camden): Configure nginx to not log hostnamesVincent Ambo1-1/+1
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries.
2020-02-21 r/564 feat(ops/nixos/camden): Install jqVincent Ambo1-0/+1
2020-02-21 r/563 feat(ops/nixos/camden): Forward logs to Stackdriver LoggingVincent Ambo1-0/+8
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually.
2020-02-21 r/559 chore: Rename pkgs->depot in all Nix file headersVincent Ambo1-12/+11
2020-02-17 r/557 Merge branch 'fix/camden-trusted-users'Vincent Ambo1-0/+2
2020-02-17 fix(ops/nixos/camden): Add myself to trusted Nix usersVincent Ambo1-0/+2
2020-02-17 r/556 fix(ops/nixos/camden): Use pounce from //third_partyVincent Ambo1-1/+1
2020-02-17 r/553 feat(ops/nixos/camden): Install pounce on camdenVincent Ambo1-1/+8
2020-02-17 r/552 feat(ops/nixos/camden): Enable support for moshVincent Ambo1-0/+2
2020-02-14 r/550 refactor(ops/nixos/camden): Merge ACME certificate blocksVincent Ambo1-11/+7
2020-02-14 r/549 feat(camden): Move to actual tazj.in hostnamesVincent Ambo1-4/+15
2020-02-12 r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camdenVincent Ambo1-0/+21
2020-02-12 r/546 feat(ops/nixos/camden): Move ACME configuration out of nginxVincent Ambo1-4/+13
This makes it possible to re-use the same provisioning mechanism for multiple related domains.
2020-02-12 r/545 feat(ops/nixos/camden): Set up cgit serviceVincent Ambo1-5/+27
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport.
2020-02-11 r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config typeVincent Ambo1-8/+10
2020-02-11 r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobsVincent Ambo1-1/+5
This directory is writeable by me and is intended to make it easy to serve random blobs.
2020-02-11 r/541 feat(ops/nixos/camden): Enable haveged entropy "generator"Vincent Ambo1-3/+4
2020-02-11 r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blogVincent Ambo1-0/+53
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later.
2020-02-11 r/538 fix(ops/nixos/camden): Use package set from depot pinVincent Ambo1-2/+9
2020-02-11 r/537 feat(nix/tailscale): Add function for generating tailscale ACLsVincent Ambo1-1/+8
... and use it on Camden!
2020-02-11 r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale meshVincent Ambo1-3/+21
2020-02-11 r/534 feat(ops/nixos): Add initial configuration for host camdenVincent Ambo1-0/+90
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-08-16T00·57+0000