Commit Graph

154 Commits

Author SHA1 Message Date
Motiejus Jakštys 9c1bfd1b24 add a share for snapshots 2023-09-22 10:06:04 +03:00
Motiejus Jakštys 0507fb3328 deployerbot and backups: move time around so they don't ovelap 2023-09-21 06:55:17 +03:00
Motiejus Jakštys 21e96199bb deployerbot: use vpn for actual deploying anyway 2023-09-20 14:43:04 +03:00
Motiejus Jakštys 4973a1cdd4 deployerbot: fwminex allows vno1 2023-09-18 20:49:17 +03:00
Motiejus Jakštys ceb7fe191e ping 2023-09-18 20:32:22 +03:00
Motiejus Jakštys 5a5ffd6f00 upgrading fwminex too 2023-09-18 19:50:24 +03:00
Motiejus Jakštys c822cc95c2 node_exporter: enable on vno1 subnet 2023-09-18 19:29:27 +03:00
Motiejus Jakštys 40a1edb925 syncthing: do not share books with mxp10 2023-09-18 13:31:32 +03:00
Motiejus Jakštys 4740904244 syncthing host missing 2023-09-18 12:48:22 +03:00
Motiejus Jakštys 5a1745b6d9 add some hosts 2023-09-18 12:47:51 +03:00
Motiejus Jakštys 0802e17eb1 nix fmt 2023-09-18 12:46:46 +03:00
Motiejus Jakštys 031e85fa82 syncthing: more folders 2023-09-18 12:44:09 +03:00
Motiejus Jakštys e6a47f4420 syncthing: a few more folders 2023-09-18 12:38:17 +03:00
Motiejus Jakštys 52b1aa4450 syncthing: starting abstractions 2023-09-18 12:13:45 +03:00
Motiejus Jakštys a9ec83c732 fwminex: start syncthing 2023-09-18 12:07:41 +03:00
Motiejus Jakštys c84d618d97 jakstpub: fix a caddy error 2023-09-17 22:31:12 +03:00
Motiejus Jakštys ed8c51b45c syntax nitpicking 2023-09-17 22:16:11 +03:00
Motiejus Jakštys f38fd993d3 jakstpub: open up http 2023-09-17 22:13:33 +03:00
Motiejus Jakštys 0f9aa4ed0d deploy-rs: remove -- 2023-09-16 10:04:48 +03:00
Motiejus Jakštys a5d8ba9cdf deploy-rs: fix typo 2023-09-16 09:35:12 +03:00
Motiejus Jakštys fb4b54b24b deployerbot: use deploy-rs directly 2023-09-16 08:56:22 +03:00
Motiejus Jakštys b38c4013e7 cosmetics: quoting
it's fine, there is overrides.conf
2023-09-14 15:15:27 +03:00
Motiejus Jakštys b73f671bc0 silenceLogs is not picked up
Result:
$ cat result/etc/systemd/system/tailscaled.service
[Unit]
Description=Tailscale node agent
Documentation=https://tailscale.com/kb/
Wants=network-pre.target
After=network-pre.target NetworkManager.service systemd-resolved.service

[Service]
ExecStartPre=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
ExecStart=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=
ExecStopPost=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup

Restart=on-failure

RuntimeDirectory=tailscale
RuntimeDirectoryMode=0755
StateDirectory=tailscale
StateDirectoryMode=0700
CacheDirectory=tailscale
CacheDirectoryMode=0750
Type=notify

[Install]
WantedBy=multi-user.target
2023-09-14 15:10:18 +03:00
Motiejus Jakštys 76c07129f3 re-add () 2023-09-14 14:51:36 +03:00
Motiejus Jakštys fb3c39d7dc re-enable tailscale, oops 2023-09-14 14:48:54 +03:00
Motiejus Jakštys 9eb8147660 tailscale: silence logs on some machines 2023-09-14 14:37:55 +03:00
Motiejus Jakštys 553cda8fc7 vno1-rp3b: enable vno3 2023-09-14 13:23:04 +03:00
Motiejus Jakštys 85917635fd sshguard is now optional 2023-09-14 06:41:16 +03:00
Motiejus Jakštys e12e139128 samba: make file/dir masks a bit more restrictive 2023-09-13 09:00:28 +03:00
Motiejus Jakštys 4f152205ce samba: log level = 0 2023-09-12 23:27:23 +03:00
Motiejus Jakštys bef137b967 wsdd: specify existing hostname 2023-09-12 23:18:46 +03:00
Motiejus Jakštys 53ce3910aa replace nmbd with wsdd
https://askubuntu.com/questions/661611/make-samba-share-visible-in-windows-network
2023-09-12 23:10:59 +03:00
Motiejus Jakštys e45573c8a6 fix samba config
works!
2023-09-12 22:55:17 +03:00
Motiejus Jakštys 4f45d605e1 vno1-rp3b: some attempts at samba 2023-09-12 17:44:17 +03:00
Motiejus Jakštys 7891663a65 jakstpub: change home dir to /var/empty 2023-09-12 17:27:11 +03:00
Motiejus Jakštys 2dd8cda85a open up samba 2023-09-12 16:08:32 +03:00
Motiejus Jakštys e61944dfde rewrite firewall rules 2023-09-12 15:46:44 +03:00
Motiejus Jakštys 2b5b9bc57f samba some progress 2023-09-12 13:31:46 +03:00
Motiejus Jakštys 866347b042 add borgstor 2023-09-11 15:51:33 +03:00
Motiejus Jakštys 377030d0c0 headscale: remove ipv6 subnet
it's confusing: I couldn't find an easy way to get the ipv4 address on a client
2023-09-11 14:37:05 +03:00
Motiejus Jakštys 20ccb666c8 smtp 2023-09-07 19:46:47 +03:00
Motiejus Jakštys fd9f30f7d4 snmp exporter: maybe exposing the file will work now? 2023-09-05 14:58:30 +03:00
Motiejus Jakštys 24e6aa333e snmp exporter: expose in vpn for all to see 2023-09-05 14:45:09 +03:00
Motiejus Jakštys 5c1cccb8a4 snmp: from package back to module 2023-09-05 14:41:52 +03:00
Motiejus Jakštys fe30f6c32a Add dl.jakstys.lt 2023-08-29 15:41:57 +03:00
Motiejus Jakštys 617b829589 deployerbot: add fra1-a 2023-08-27 01:04:09 +03:00
Motiejus Jakštys 23347f6952 matrix-synapse: listen on 127.0.0.1
reverse proxying is over
2023-08-25 17:00:30 +03:00
Motiejus Jakštys 3687d7cd73 matrix-synapse listen on 0.0.0.0 2023-08-25 16:14:12 +03:00
Motiejus Jakštys 2776f8c517 fix extraConfigFiles 2023-08-25 16:03:46 +03:00
Motiejus Jakštys 355d8c21cc move matrix-synapse to it's module 2023-08-25 15:49:37 +03:00
Motiejus Jakštys f87a712635 node_exporter gets its own uidgid 2023-08-25 09:55:21 +03:00
Motiejus Jakštys 9740b42493 gitea: listen on 3001 2023-08-25 09:41:42 +03:00
Motiejus Jakštys c3168bb2d3 headscale 2023-08-24 23:46:45 +03:00
Motiejus Jakštys be4df58cbb move gitea to its own module 2023-08-24 23:34:48 +03:00
Motiejus Jakštys 407024dfa9 zfsunlock: use IP addresses + zfsunlock 2023-08-22 14:14:20 +03:00
Motiejus Jakštys bbf562d205 move node_exporter to its own module 2023-08-18 09:32:01 +03:00
Motiejus Jakštys 4dee4159e7 nix --accept-flake-config 2023-08-16 20:26:37 +03:00
Motiejus Jakštys 98a4ad79f8 grafana now on https://grafana.jakstys.lt, over vpn 2023-08-14 09:04:09 +03:00
Motiejus Jakštys a2a741d27e fmt and formatting; nsd-acme is less verbose 2023-08-10 10:48:34 +03:00
Motiejus Jakštys fa435f65d0 zones don't need to be sanitized
it's DNS!
2023-08-10 10:46:06 +03:00
Motiejus Jakštys 7bedc09abb deployerbot: do not restart if changed
leads to interesting deadlocks when upgrading self
2023-08-10 10:40:07 +03:00
Motiejus Jakštys 4878c42ca9 cron + alerting for cert updates 2023-08-10 00:46:36 +03:00
Motiejus Jakštys 9059f84632 uacme can return 1 when cert is up to date 2023-08-10 00:37:21 +03:00
Motiejus Jakštys 76a748e086 grafana is now prod 2023-08-10 00:29:56 +03:00
Motiejus Jakštys 98816538d2 trying grafana1 2023-08-10 00:24:36 +03:00
Motiejus Jakštys 69e6734eb7 nsd-acme: misc fixes 2023-08-09 15:55:05 +03:00
Motiejus Jakštys 9a456192af nsd-acme 2023-08-09 15:34:44 +03:00
Motiejus Jakštys 3e66f95668 zfsunlock nitpick 2023-08-09 14:26:49 +03:00
Motiejus Jakštys 9a7e42b95d nsd: ConditionPathExists all files 2023-08-07 14:50:32 +03:00
Motiejus Jakštys 5ae9886929 deployerbot: set PATH in systemd service definition 2023-08-07 14:39:38 +03:00
Motiejus Jakštys c8525b4e6b node_exporter on hel1-a 2023-08-06 01:00:02 +03:00
Motiejus Jakštys 665e79a984 prometheus: beginnings 2023-08-05 18:32:28 +03:00
Motiejus Jakštys f4e04faef3 friendlyport 2023-08-05 18:18:30 +03:00
Motiejus Jakštys cf6eeb6f29 deployerbot: start action at 23:30 UTC
According to 'nixos infra status' finding a good time of day to run the
updates for nixos release non-small is futile.
2023-08-02 15:41:07 +03:00
Motiejus Jakštys 07921f1eaa nix flake update: schedule at 16:00 UTC 2023-08-01 14:24:32 +03:00
Motiejus Jakštys 7a224096ba set PATH once 2023-07-30 09:01:27 +03:00
Motiejus Jakštys c99adbbaa1 bring back exec 2023-07-30 08:59:58 +03:00
Motiejus Jakštys d536eb5656 set OLD_PATH once 2023-07-30 08:56:38 +03:00
Motiejus Jakštys afd7743f37 deployerbot: push after a successful deploy 2023-07-30 08:53:19 +03:00
Motiejus Jakštys 482f01bb01 deployer: set -x 2023-07-30 07:36:12 +03:00
Motiejus Jakštys 36bbceac03 limit deployerbot-follower to our vpn 2023-07-30 07:23:43 +03:00
Motiejus Jakštys d1b19e6cf6 deployerbot: do not set -x 2023-07-30 07:00:10 +03:00
Motiejus Jakštys a9e8904d28 add deployerbot-follower to trusted users 2023-07-30 06:55:04 +03:00
Motiejus Jakštys ef050725c1 deploy-rs can deploy multiple targets with --targets 2023-07-30 06:50:06 +03:00
Motiejus Jakštys 69ee6c9caa add comment re calendar time 2023-07-30 06:45:54 +03:00
Motiejus Jakštys f18a2ff855 deploy updates regularly 2023-07-30 06:41:13 +03:00
Motiejus Jakštys 9de5120cc3 updaterbot: move all to deployer 2023-07-30 06:30:52 +03:00
Motiejus Jakštys 9e0bd48a22 clean up old paths -- untested 2023-07-28 16:15:59 +03:00
Motiejus Jakštys 49b9cc8351 vno1-oh2: enable deployerbot master 2023-07-28 16:09:41 +03:00
Motiejus Jakštys bff8cef210 fixes in deployment script 2023-07-28 15:55:16 +03:00
Motiejus Jakštys e588514c07 updater 2023-07-28 15:43:23 +03:00
Motiejus Jakštys bddb20cd13 updater: move to it's own service 2023-07-28 14:22:40 +03:00
Motiejus Jakštys 45724064d1 add M-R 2023-07-28 09:10:40 +03:00
Motiejus Jakštys 89f7838c93 add Irenos folder 2023-07-26 22:24:51 +03:00
Motiejus Jakštys 4522af453b start/stop firewall commands 2023-07-26 15:14:12 +03:00
Motiejus Jakštys cff18bfb8f move common zfs settings to modules/base 2023-07-26 14:01:57 +03:00
Motiejus Jakštys d4527c24a6 mailutils comes with postfix 2023-07-26 13:32:03 +03:00
Motiejus Jakštys bac191ef2f postfix: add to vno1-oh2 2023-07-26 13:27:15 +03:00
Motiejus Jakštys 4f1aa85659 syncthing 2023-07-26 12:55:15 +03:00
Motiejus Jakštys 8b673d25af change initrd pubkey of vno1-oh2 2023-07-24 16:46:35 +03:00