Commit Graph

175 Commits

Author SHA1 Message Date
Sebastien Bourdeauducq dd490121b6 nixbld: filter CUPS access using firewall
CUPS listenAddresses is problematic.
2019-10-15 19:20:32 +08:00
Sebastien Bourdeauducq f3fe798126 nixbld: disable libvirtd (#20) 2019-10-15 17:26:51 +08:00
Sebastien Bourdeauducq c0c9af04d4 nixbld: add openhardware.hk site 2019-10-09 21:33:37 +08:00
Sebastien Bourdeauducq a85a16ff73 nixbld: remove fractalide 2019-10-09 21:08:12 +08:00
Sebastien Bourdeauducq dfe48379c5 nixbld: document secret permissions 2019-10-09 10:41:15 +08:00
Sebastien Bourdeauducq 6a09d1cc6f nixbld: add QF users 2019-09-30 10:33:28 +08:00
Sebastien Bourdeauducq e05fd797fd nixbld: install gdb system-wide 2019-09-30 10:33:28 +08:00
Sebastien Bourdeauducq 771b91f4f3 nixbld: support yubikey+password 2FA 2019-09-22 20:25:03 +08:00
Sebastien Bourdeauducq 099b7dee2a nixbld: store email account info in /etc/nixos/secret 2019-09-19 09:44:34 +08:00
Sebastien Bourdeauducq d28167badf Revert "nixbld: use store_uri for hydra"
secret-key should not be used with the local store (https://github.com/NixOS/hydra/issues/679#issuecomment-532607341)

This reverts commit ef80154c64.
2019-09-18 18:46:18 +08:00
Sebastien Bourdeauducq ef80154c64 nixbld: use store_uri for hydra
Note that binary_cache_secret_key_file is actually not ignored, contrary to what the hydra warning message says.
binary_cache_secret_key_file is used by the perl code, when hydra itself as acting as a binary cache (over http), but store-uri is used by the c++ code, when the queue-runner is copying artifacts into whatever the store-uri is
This mess ought to be cleaned up in hydra at some point.
2019-09-18 17:35:39 +08:00
Sebastien Bourdeauducq 361d7445a5 nixbld: cleanup 2019-09-18 15:38:07 +08:00
Sebastien Bourdeauducq 0f45d03e32 nixbld: fix flarum 'bad gateway' error 2019-09-18 14:23:14 +08:00
Sebastien Bourdeauducq f531f0c0d7 nixbld: add IPv6 tunnel 2019-09-18 12:38:35 +08:00
Sebastien Bourdeauducq 9ea3e2e47b nixbld: factor out network interface names 2019-09-18 12:20:03 +08:00
Sebastien Bourdeauducq 3bd0f2c1e9 nixbld: LAN router
Replaces OpenWrt router that was limited to 100Mbps (new fiber is 300Mbps).
2019-09-18 12:13:10 +08:00
Sebastien Bourdeauducq 44018d0a56 nixbld: handle upstream patches properly in overridden packages 2019-09-18 11:57:13 +08:00
Sebastien Bourdeauducq 8efe227959 nixbld: NixOS 19.09 fixes 2019-09-17 17:22:43 +08:00
Sebastien Bourdeauducq 4f648fba07 nixbld: fix nginx alias_traversal configuration issue
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
2019-09-17 16:40:22 +08:00
Sebastien Bourdeauducq bd9062421d nixbld: enable apparmor
This doesn't do much for now and apparmor support needs some work, but this enables the
kernel boot options so we can fix apparmor later without having to reboot the server.
2019-09-16 09:32:58 +08:00
Sebastien Bourdeauducq b8b6fdbba5 nixbld: add prototype mail server 2019-09-13 12:48:51 +08:00
Sebastien Bourdeauducq 40e87731e0 nixbld: enable UPS monitoring 2019-09-11 17:37:59 +08:00
Sebastien Bourdeauducq 350701c682 nixbld: update installed packages 2019-09-05 16:47:01 +08:00
Sebastien Bourdeauducq 8a8f987098 nixbld: act as wifi access point 2019-09-05 15:27:44 +08:00
Astro dc3cc3f596 nixbld: run hydra hooks for artiq-manual only on success
should fix GH issue #18
2019-08-14 00:05:04 +02:00
Sebastien Bourdeauducq f92d6b96f4 nixbld: disable docker 2019-08-01 10:37:47 +08:00
Sebastien Bourdeauducq 405492b2e9 nixbld: add fish shell 2019-07-31 22:48:42 +08:00
Sebastien Bourdeauducq a86f29733e nixbld: redirect old artiq resources page 2019-07-31 22:48:42 +08:00
Sebastien Bourdeauducq 552b872bac nixbld: add legacy migen manual URL 2019-07-29 11:44:48 +08:00
Sebastien Bourdeauducq 820ede4ac3 nixbld: optimize web server settings 2019-07-27 11:27:28 +08:00
Sebastien Bourdeauducq 049ef39c29 remove ARTIQ-2 manual 2019-07-27 10:38:06 +08:00
Sebastien Bourdeauducq 4d0c0e295a nixbld: use custom 404 page 2019-07-26 21:29:54 +08:00
Sebastien Bourdeauducq 06e8e67d10 nixbld: increase max push size for HTTPS gitea 2019-07-22 19:34:07 +08:00
Sebastien Bourdeauducq af31db6d21 nixbld: add ARTIQ-4 manual legacy URL 2019-07-22 19:32:18 +08:00
Sebastien Bourdeauducq 00de3141b0 nixbld: update fractalide settings 2019-07-19 16:24:04 +08:00
Sebastien Bourdeauducq 618486ca8a nixbld: update web settings 2019-07-19 16:23:47 +08:00
Sebastien Bourdeauducq 78caeebf02 serve website from hydra 2019-07-19 15:57:35 +08:00
Sebastien Bourdeauducq 5326cab419 use recommended nginx patch 2019-07-19 15:19:39 +08:00
Sebastien Bourdeauducq c134bfd3c1 web fixes and improvements 2019-07-19 15:00:06 +08:00
Sebastien Bourdeauducq 4d9e1f6e36 nixbld: redirect old URLs 2019-07-18 23:25:35 +08:00
Sebastien Bourdeauducq 5173a26468 nixbld: ignore broken conda-generated index.html 2019-07-18 00:47:18 +08:00
Sebastien Bourdeauducq f51d24ac2e nixbld: publish conda channel on WWW 2019-07-18 00:20:05 +08:00
Sebastien Bourdeauducq dfa2a4017e nixbld: update documentation jobset name 2019-07-18 00:10:33 +08:00
Sebastien Bourdeauducq 41a19cbf34 update stewart settings 2019-07-01 22:53:39 +08:00
Sebastien Bourdeauducq 8d9faac567 backup: exclude gitea archives 2019-07-01 22:53:03 +08:00
Sebastien Bourdeauducq 9e796e5073 nixbld: add password on munin output 2019-06-24 18:54:44 +08:00
Sebastien Bourdeauducq e149012443 backup: fix improper copy/paste 2019-06-01 16:05:41 +08:00
Sebastien Bourdeauducq b01f6aee27 ensure hydra does not fill hard disk 2019-05-29 15:48:59 +08:00
Sebastien Bourdeauducq 3da02d5f47 raise hydra max_output_size
Anaconda is large and reinstalling it sometimes goes over that limit.
2019-05-29 15:32:19 +08:00
Sebastien Bourdeauducq 5f7def845a nixbld: forward more traffic to stewart's machine 2019-05-27 00:42:50 +08:00
Sebastien Bourdeauducq 7882767a71 nixbld: back up more 2019-05-25 00:31:32 +08:00
Sebastien Bourdeauducq 42fac07c85 nixbld: add simple backups (WIP) 2019-05-24 15:19:33 +08:00
Sebastien Bourdeauducq 64eaa90250 nixbld: enable munin 2019-05-24 10:26:59 +08:00
Sebastien Bourdeauducq 898e81abc3 nixbld: forward some traffic to stewart's machine 2019-05-22 19:23:41 +08:00
Sebastien Bourdeauducq 8d77380ff3 nixbld: disable ARTIQ manual caching in nginx 2019-05-22 19:23:21 +08:00
Sebastien Bourdeauducq ff6d082fc3 Revert "nixbld: refactor hydra-www-outputs to generate etags for nginx"
This reverts commit 8e3f1cc5a0.
2019-05-22 19:21:40 +08:00
Sebastien Bourdeauducq 8f051e300f Revert "nixbld: hydra-www-outputs-init before nginx.service"
This reverts commit 74bfc361e1.
2019-05-22 19:21:39 +08:00
Astro 74bfc361e1 nixbld: hydra-www-outputs-init before nginx.service
the service creates nginx config include files.
2019-05-22 01:54:10 +02:00
Astro 8e3f1cc5a0 nixbld: refactor hydra-www-outputs to generate etags for nginx
Should again resolve Gitea issue #12
2019-05-21 21:41:12 +02:00
Sebastien Bourdeauducq e7eedf0f48 nixbld: centralize package overrides 2019-05-21 16:47:47 +08:00
Sebastien Bourdeauducq 45c2ce2f0c nixbld: set up forum 2019-05-21 16:08:54 +08:00
Astro 71d631d416 nixbld: gather and serve artiq-manual from hydra outputs
Should resolve Gitea issue #12.
2019-05-20 18:58:57 +02:00
Sebastien Bourdeauducq 58f5901897 print path to docs in hydra-queue-runner logs 2019-05-20 09:57:32 +08:00
Sebastien Bourdeauducq 9fed94be78 make jq accessible in hydra runcommand 2019-05-20 09:57:04 +08:00
Sebastien Bourdeauducq 4b78fb8124 enable docker 2019-05-20 09:20:28 +08:00
Sebastien Bourdeauducq 07af1db124 get SSL certificate for hooks.m-labs.hk 2019-05-20 09:18:21 +08:00
Sebastien Bourdeauducq 0796a9efa1 disable notifico for now 2019-05-20 09:18:10 +08:00
Sebastien Bourdeauducq b91e17ea78 gitea: allows all file types for attachments 2019-05-20 09:08:39 +08:00
Astro 25de5790cd nixbld: add hydra runcommand config for artiq-manual pkgs
preparation for gitea issue #12
2019-05-13 18:35:27 +02:00
Astro b1b21e9c25 nixbld: add /gateware.html redirect to nginx
gitea issue #11
2019-05-13 18:17:42 +02:00
Astro 28879f2c89 nixbld: fix ssl for nginx hooks+notifico vhosts 2019-05-13 17:18:04 +02:00
Astro 5f5aa32341 nixbld: move services.redis into notifico/nixos-module 2019-05-13 16:23:48 +02:00
Astro 50407d2b86 nixbld: integrate notifico
gitea issue #9
2019-05-13 02:10:04 +02:00
Astro 1facdd7755 notifico/pkg: clean up 2019-05-10 00:43:21 +02:00
Astro 7cffd4f8f8 add notifico/pkg 2019-05-10 00:41:11 +02:00
Sebastien Bourdeauducq 141cb709de homu: fixes 2019-05-04 17:48:19 +08:00
Sebastien Bourdeauducq 3a4d24b062 nixbld: remove fixed UIDs
https://github.com/NixOS/nixpkgs/issues/60732#issuecomment-488829636
2019-05-03 16:40:04 +08:00
Sebastien Bourdeauducq 304bb235b5 nixbld: put static UIDs away from automatic range 2019-05-02 16:09:44 +08:00
Sebastien Bourdeauducq b47e660c2f enable homu 2019-05-02 13:54:21 +08:00
Sebastien Bourdeauducq ad2fe47688 homu: do not put configuration file in nix
* issue with multiline string values
* slight security problem
2019-05-02 13:53:34 +08:00
Sebastien Bourdeauducq 9d29f4fccc add whitequark user 2019-05-02 13:18:31 +08:00
Sebastien Bourdeauducq cbc1df481b remove buildbot.m-labs.hk 2019-05-02 13:09:46 +08:00
Sebastien Bourdeauducq d78930d09a nixbld: set some security options 2019-05-02 13:06:07 +08:00
Astro 9805090d9e homu: run under separate static user/group 2019-04-30 22:50:26 +02:00
Astro f684ad7f55 homu: prepare nixos integration
gitea issue #10
2019-04-30 22:38:58 +02:00
Sebastien Bourdeauducq 96cfa7b55f disable matterbridge for github bot notifications 2019-04-26 21:23:33 +08:00
Sebastien Bourdeauducq be406bd0c7 move mattermostgithub config to /etc/nixos/secret 2019-04-26 19:21:00 +08:00
Astro c0601e0f65 wrap mattermost-github-integration with uwsgi, add to nixbld 2019-04-26 00:16:33 +02:00
Astro 2365add996 move mattermost-github-integration, explicit imports 2019-04-25 17:34:00 +02:00
Sebastien Bourdeauducq f6ebe4a88d add homu package 2019-04-23 17:02:34 +08:00
Sebastien Bourdeauducq 816ead8b96 add astro user 2019-04-21 10:44:14 +08:00
Sebastien Bourdeauducq 87a664721b set up wireshark 2019-04-21 10:44:08 +08:00
Sebastien Bourdeauducq 7487560b10 host website 2019-04-21 10:43:48 +08:00
Sebastien Bourdeauducq 448934fe6e add rj 2019-04-18 19:49:02 +08:00
Sebastien Bourdeauducq 48fb502658 enable mosh 2019-04-18 19:48:58 +08:00
Sebastien Bourdeauducq 3e0bfb6558 fix VNC 2019-04-18 19:48:42 +08:00
Sebastien Bourdeauducq d16f6ed141 fix SSH key location 2019-04-14 18:35:01 +08:00
Sebastien Bourdeauducq c2cf0b08fa enable SSH X11 forwarding
X11's crappy "network transparent" protocol is somewhat usable with a wired GbE connection straight to the server.
2019-04-14 18:33:06 +08:00
Sebastien Bourdeauducq 4e002f8751 patch hydra instead of using forked repos 2019-04-14 18:32:01 +08:00
Sebastien Bourdeauducq bcfc9ea471 distribute aarch64 openocd 2019-04-08 23:45:30 +08:00