|
94253212c6
|
networking.firewall.checkReversePath = "loose" for tailscale
|
2023-09-11 22:38:44 +03:00 |
|
|
f33f8b3d1b
|
add bonnie++, remove nix-top
|
2023-09-11 22:01:59 +03:00 |
|
|
80aca1ede2
|
Revert "firewall: open iperf3 fully"
This reverts commit 56bc914934 .
|
2023-09-11 21:59:43 +03:00 |
|
|
56bc914934
|
firewall: open iperf3 fully
|
2023-09-11 21:54:12 +03:00 |
|
|
24412cbfc7
|
iperf: open up port
|
2023-09-11 21:43:34 +03:00 |
|
|
99342a6bb9
|
all: add iperf
|
2023-09-11 21:32:34 +03:00 |
|
|
27d663e63a
|
bugfix in attrset merging
|
2023-09-11 17:48:08 +03:00 |
|
|
a522300158
|
borgbackup: add numbers to jobs
|
2023-09-11 17:38:18 +03:00 |
|
|
5721531486
|
nitpicking
|
2023-09-11 17:27:14 +03:00 |
|
|
583f74cf3f
|
zfsborg: restructure config
Preparing for 2 repo destinations.
|
2023-09-11 17:25:12 +03:00 |
|
|
866347b042
|
add borgstor
|
2023-09-11 15:51:33 +03:00 |
|
|
377030d0c0
|
headscale: remove ipv6 subnet
it's confusing: I couldn't find an easy way to get the ipv4 address on a client
|
2023-09-11 14:37:05 +03:00 |
|
|
20ccb666c8
|
smtp
|
2023-09-07 19:46:47 +03:00 |
|
|
c7643a20d8
|
home-manager git name
|
2023-09-07 19:46:46 +03:00 |
|
|
fd9f30f7d4
|
snmp exporter: maybe exposing the file will work now?
|
2023-09-05 14:58:30 +03:00 |
|
|
24e6aa333e
|
snmp exporter: expose in vpn for all to see
|
2023-09-05 14:45:09 +03:00 |
|
|
5c1cccb8a4
|
snmp: from package back to module
|
2023-09-05 14:41:52 +03:00 |
|
|
2963f0a0d7
|
gc: every 7d
|
2023-09-03 07:20:49 +03:00 |
|
|
fe30f6c32a
|
Add dl.jakstys.lt
|
2023-08-29 15:41:57 +03:00 |
|
|
cc11726ed7
|
remove hel1-a
|
2023-08-27 15:17:54 +03:00 |
|
|
617b829589
|
deployerbot: add fra1-a
|
2023-08-27 01:04:09 +03:00 |
|
|
1db9253ae6
|
fra1-a
|
2023-08-26 23:37:16 +03:00 |
|
|
23347f6952
|
matrix-synapse: listen on 127.0.0.1
reverse proxying is over
|
2023-08-25 17:00:30 +03:00 |
|
|
3687d7cd73
|
matrix-synapse listen on 0.0.0.0
|
2023-08-25 16:14:12 +03:00 |
|
|
2776f8c517
|
fix extraConfigFiles
|
2023-08-25 16:03:46 +03:00 |
|
|
355d8c21cc
|
move matrix-synapse to it's module
|
2023-08-25 15:49:37 +03:00 |
|
|
3f9db2ad12
|
configure nvim
|
2023-08-25 11:01:46 +03:00 |
|
|
f87a712635
|
node_exporter gets its own uidgid
|
2023-08-25 09:55:21 +03:00 |
|
|
9740b42493
|
gitea: listen on 3001
|
2023-08-25 09:41:42 +03:00 |
|
|
6cf894ee68
|
move logRefusedConnections to base
|
2023-08-24 23:49:21 +03:00 |
|
|
c3168bb2d3
|
headscale
|
2023-08-24 23:46:45 +03:00 |
|
|
be4df58cbb
|
move gitea to its own module
|
2023-08-24 23:34:48 +03:00 |
|
|
86ee4ee571
|
enable chrony
|
2023-08-24 17:14:57 +03:00 |
|
|
407024dfa9
|
zfsunlock: use IP addresses + zfsunlock
|
2023-08-22 14:14:20 +03:00 |
|
|
8bd3af3878
|
tmux
|
2023-08-18 23:49:49 +03:00 |
|
|
4f337fe8c0
|
configure nvim system-wide
|
2023-08-18 23:33:56 +03:00 |
|
|
1522a5284e
|
neovim: default editor
|
2023-08-18 21:45:38 +03:00 |
|
|
a9ab4b4514
|
re-enabling vim
|
2023-08-18 19:07:52 +03:00 |
|
|
7063b1d84e
|
vim nitpicks
|
2023-08-18 18:50:39 +03:00 |
|
|
74b19c049b
|
remove some old leftovers from vimrc
|
2023-08-18 18:44:21 +03:00 |
|
|
e1378a3617
|
start with vim
|
2023-08-18 18:43:34 +03:00 |
|
|
3be112cc46
|
home-manager: use global pkgs
|
2023-08-18 16:30:26 +03:00 |
|
|
47453cdfe1
|
home-manager/motiejus: add very basic test configs
|
2023-08-18 16:26:00 +03:00 |
|
|
bbf562d205
|
move node_exporter to its own module
|
2023-08-18 09:32:01 +03:00 |
|
|
4dee4159e7
|
nix --accept-flake-config
|
2023-08-16 20:26:37 +03:00 |
|
|
b4ac54d9a7
|
install perf-tools
|
2023-08-16 00:04:38 +03:00 |
|
|
4354cde55e
|
vno1-rp3b
|
2023-08-15 07:18:26 +03:00 |
|
|
98a4ad79f8
|
grafana now on https://grafana.jakstys.lt, over vpn
|
2023-08-14 09:04:09 +03:00 |
|
|
a2a741d27e
|
fmt and formatting; nsd-acme is less verbose
|
2023-08-10 10:48:34 +03:00 |
|
|
fa435f65d0
|
zones don't need to be sanitized
it's DNS!
|
2023-08-10 10:46:06 +03:00 |
|
|
7bedc09abb
|
deployerbot: do not restart if changed
leads to interesting deadlocks when upgrading self
|
2023-08-10 10:40:07 +03:00 |
|
|
4878c42ca9
|
cron + alerting for cert updates
|
2023-08-10 00:46:36 +03:00 |
|
|
9059f84632
|
uacme can return 1 when cert is up to date
|
2023-08-10 00:37:21 +03:00 |
|
|
76a748e086
|
grafana is now prod
|
2023-08-10 00:29:56 +03:00 |
|
|
98816538d2
|
trying grafana1
|
2023-08-10 00:24:36 +03:00 |
|
|
69e6734eb7
|
nsd-acme: misc fixes
|
2023-08-09 15:55:05 +03:00 |
|
|
9a456192af
|
nsd-acme
|
2023-08-09 15:34:44 +03:00 |
|
|
3e66f95668
|
zfsunlock nitpick
|
2023-08-09 14:26:49 +03:00 |
|
|
9a7e42b95d
|
nsd: ConditionPathExists all files
|
2023-08-07 14:50:32 +03:00 |
|
|
5ae9886929
|
deployerbot: set PATH in systemd service definition
|
2023-08-07 14:39:38 +03:00 |
|
|
c8525b4e6b
|
node_exporter on hel1-a
|
2023-08-06 01:00:02 +03:00 |
|
|
665e79a984
|
prometheus: beginnings
|
2023-08-05 18:32:28 +03:00 |
|
|
f4e04faef3
|
friendlyport
|
2023-08-05 18:18:30 +03:00 |
|
|
43d6d25dd0
|
sysdig: enable everywhere
|
2023-08-05 17:27:13 +03:00 |
|
|
cf6eeb6f29
|
deployerbot: start action at 23:30 UTC
According to 'nixos infra status' finding a good time of day to run the
updates for nixos release non-small is futile.
|
2023-08-02 15:41:07 +03:00 |
|
|
07921f1eaa
|
nix flake update: schedule at 16:00 UTC
|
2023-08-01 14:24:32 +03:00 |
|
|
7a224096ba
|
set PATH once
|
2023-07-30 09:01:27 +03:00 |
|
|
c99adbbaa1
|
bring back exec
|
2023-07-30 08:59:58 +03:00 |
|
|
d536eb5656
|
set OLD_PATH once
|
2023-07-30 08:56:38 +03:00 |
|
|
afd7743f37
|
deployerbot: push after a successful deploy
|
2023-07-30 08:53:19 +03:00 |
|
|
482f01bb01
|
deployer: set -x
|
2023-07-30 07:36:12 +03:00 |
|
|
36bbceac03
|
limit deployerbot-follower to our vpn
|
2023-07-30 07:23:43 +03:00 |
|
|
d1b19e6cf6
|
deployerbot: do not set -x
|
2023-07-30 07:00:10 +03:00 |
|
|
a9e8904d28
|
add deployerbot-follower to trusted users
|
2023-07-30 06:55:04 +03:00 |
|
|
ef050725c1
|
deploy-rs can deploy multiple targets with --targets
|
2023-07-30 06:50:06 +03:00 |
|
|
69ee6c9caa
|
add comment re calendar time
|
2023-07-30 06:45:54 +03:00 |
|
|
f18a2ff855
|
deploy updates regularly
|
2023-07-30 06:41:13 +03:00 |
|
|
9de5120cc3
|
updaterbot: move all to deployer
|
2023-07-30 06:30:52 +03:00 |
|
|
9e0bd48a22
|
clean up old paths -- untested
|
2023-07-28 16:15:59 +03:00 |
|
|
49b9cc8351
|
vno1-oh2: enable deployerbot master
|
2023-07-28 16:09:41 +03:00 |
|
|
bff8cef210
|
fixes in deployment script
|
2023-07-28 15:55:16 +03:00 |
|
|
e588514c07
|
updater
|
2023-07-28 15:43:23 +03:00 |
|
|
a030ae0879
|
fix syntax error
|
2023-07-28 14:25:36 +03:00 |
|
|
579f21b0d1
|
hel1-a: make initrd consistent with vno1-oh2
|
2023-07-28 14:25:14 +03:00 |
|
|
bddb20cd13
|
updater: move to it's own service
|
2023-07-28 14:22:40 +03:00 |
|
|
e9c8320f72
|
unitstatus: unit status cmd is more robust
|
2023-07-28 14:04:26 +03:00 |
|
|
3237810611
|
unitstatus: remove escaping
Otherwise:
Invalid unit name "borgbackup/job//home" escaped as "borgbackup-job--home" (maybe you should use systemd-escape?).
|
2023-07-28 13:56:52 +03:00 |
|
|
45724064d1
|
add M-R
|
2023-07-28 09:10:40 +03:00 |
|
|
89f7838c93
|
add Irenos folder
|
2023-07-26 22:24:51 +03:00 |
|
|
0677c8eb2a
|
a few network traffic observability programs
|
2023-07-26 15:42:10 +03:00 |
|
|
8cecf18f43
|
mount zfs snapshots read-only
|
2023-07-26 15:36:11 +03:00 |
|
|
4522af453b
|
start/stop firewall commands
|
2023-07-26 15:14:12 +03:00 |
|
|
ab11ee31f2
|
vno1-oh2: pass ssh key to borg
|
2023-07-26 14:49:34 +03:00 |
|
|
bb5ae6d2f7
|
sshguard: whitelist all known public ips
|
2023-07-26 14:17:14 +03:00 |
|
|
99488618ce
|
enable sshguard and plocate
|
2023-07-26 14:12:09 +03:00 |
|
|
cff18bfb8f
|
move common zfs settings to modules/base
|
2023-07-26 14:01:57 +03:00 |
|
|
d4527c24a6
|
mailutils comes with postfix
|
2023-07-26 13:32:03 +03:00 |
|
|
bac191ef2f
|
postfix: add to vno1-oh2
|
2023-07-26 13:27:15 +03:00 |
|
|
bccefbc4ba
|
split backup dirs to their repos
|
2023-07-26 12:59:19 +03:00 |
|
|
4f1aa85659
|
syncthing
|
2023-07-26 12:55:15 +03:00 |
|