68534d2ce2
nixbld: IPv6 on internal networks
2019-10-16 13:48:13 +08:00
e89afabdfb
nixbld: isolate wifi network. Closes #20
2019-10-15 19:42:26 +08:00
dd490121b6
nixbld: filter CUPS access using firewall
...
CUPS listenAddresses is problematic.
2019-10-15 19:20:32 +08:00
f3fe798126
nixbld: disable libvirtd ( #20 )
2019-10-15 17:26:51 +08:00
c0c9af04d4
nixbld: add openhardware.hk site
2019-10-09 21:33:37 +08:00
a85a16ff73
nixbld: remove fractalide
2019-10-09 21:08:12 +08:00
dfe48379c5
nixbld: document secret permissions
2019-10-09 10:41:15 +08:00
6a09d1cc6f
nixbld: add QF users
2019-09-30 10:33:28 +08:00
e05fd797fd
nixbld: install gdb system-wide
2019-09-30 10:33:28 +08:00
771b91f4f3
nixbld: support yubikey+password 2FA
2019-09-22 20:25:03 +08:00
099b7dee2a
nixbld: store email account info in /etc/nixos/secret
2019-09-19 09:44:34 +08:00
d28167badf
Revert "nixbld: use store_uri for hydra"
...
secret-key should not be used with the local store (https://github.com/NixOS/hydra/issues/679#issuecomment-532607341 )
This reverts commit ef80154c64
.
2019-09-18 18:46:18 +08:00
ef80154c64
nixbld: use store_uri for hydra
...
Note that binary_cache_secret_key_file is actually not ignored, contrary to what the hydra warning message says.
binary_cache_secret_key_file is used by the perl code, when hydra itself as acting as a binary cache (over http), but store-uri is used by the c++ code, when the queue-runner is copying artifacts into whatever the store-uri is
This mess ought to be cleaned up in hydra at some point.
2019-09-18 17:35:39 +08:00
361d7445a5
nixbld: cleanup
2019-09-18 15:38:07 +08:00
0f45d03e32
nixbld: fix flarum 'bad gateway' error
2019-09-18 14:23:14 +08:00
f531f0c0d7
nixbld: add IPv6 tunnel
2019-09-18 12:38:35 +08:00
9ea3e2e47b
nixbld: factor out network interface names
2019-09-18 12:20:03 +08:00
3bd0f2c1e9
nixbld: LAN router
...
Replaces OpenWrt router that was limited to 100Mbps (new fiber is 300Mbps).
2019-09-18 12:13:10 +08:00
44018d0a56
nixbld: handle upstream patches properly in overridden packages
2019-09-18 11:57:13 +08:00
8efe227959
nixbld: NixOS 19.09 fixes
2019-09-17 17:22:43 +08:00
4f648fba07
nixbld: fix nginx alias_traversal configuration issue
...
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
2019-09-17 16:40:22 +08:00
bd9062421d
nixbld: enable apparmor
...
This doesn't do much for now and apparmor support needs some work, but this enables the
kernel boot options so we can fix apparmor later without having to reboot the server.
2019-09-16 09:32:58 +08:00
b8b6fdbba5
nixbld: add prototype mail server
2019-09-13 12:48:51 +08:00
40e87731e0
nixbld: enable UPS monitoring
2019-09-11 17:37:59 +08:00
350701c682
nixbld: update installed packages
2019-09-05 16:47:01 +08:00
8a8f987098
nixbld: act as wifi access point
2019-09-05 15:27:44 +08:00
dc3cc3f596
nixbld: run hydra hooks for artiq-manual only on success
...
should fix GH issue #18
2019-08-14 00:05:04 +02:00
f92d6b96f4
nixbld: disable docker
2019-08-01 10:37:47 +08:00
405492b2e9
nixbld: add fish shell
2019-07-31 22:48:42 +08:00
a86f29733e
nixbld: redirect old artiq resources page
2019-07-31 22:48:42 +08:00
552b872bac
nixbld: add legacy migen manual URL
2019-07-29 11:44:48 +08:00
820ede4ac3
nixbld: optimize web server settings
2019-07-27 11:27:28 +08:00
049ef39c29
remove ARTIQ-2 manual
2019-07-27 10:38:06 +08:00
4d0c0e295a
nixbld: use custom 404 page
2019-07-26 21:29:54 +08:00
06e8e67d10
nixbld: increase max push size for HTTPS gitea
2019-07-22 19:34:07 +08:00
af31db6d21
nixbld: add ARTIQ-4 manual legacy URL
2019-07-22 19:32:18 +08:00
00de3141b0
nixbld: update fractalide settings
2019-07-19 16:24:04 +08:00
618486ca8a
nixbld: update web settings
2019-07-19 16:23:47 +08:00
78caeebf02
serve website from hydra
2019-07-19 15:57:35 +08:00
5326cab419
use recommended nginx patch
2019-07-19 15:19:39 +08:00
c134bfd3c1
web fixes and improvements
2019-07-19 15:00:06 +08:00
4d9e1f6e36
nixbld: redirect old URLs
2019-07-18 23:25:35 +08:00
5173a26468
nixbld: ignore broken conda-generated index.html
2019-07-18 00:47:18 +08:00
f51d24ac2e
nixbld: publish conda channel on WWW
2019-07-18 00:20:05 +08:00
dfa2a4017e
nixbld: update documentation jobset name
2019-07-18 00:10:33 +08:00
41a19cbf34
update stewart settings
2019-07-01 22:53:39 +08:00
8d9faac567
backup: exclude gitea archives
2019-07-01 22:53:03 +08:00
9e796e5073
nixbld: add password on munin output
2019-06-24 18:54:44 +08:00
e149012443
backup: fix improper copy/paste
2019-06-01 16:05:41 +08:00
b01f6aee27
ensure hydra does not fill hard disk
2019-05-29 15:48:59 +08:00
3da02d5f47
raise hydra max_output_size
...
Anaconda is large and reinstalling it sometimes goes over that limit.
2019-05-29 15:32:19 +08:00
5f7def845a
nixbld: forward more traffic to stewart's machine
2019-05-27 00:42:50 +08:00
7882767a71
nixbld: back up more
2019-05-25 00:31:32 +08:00
42fac07c85
nixbld: add simple backups (WIP)
2019-05-24 15:19:33 +08:00
64eaa90250
nixbld: enable munin
2019-05-24 10:26:59 +08:00
898e81abc3
nixbld: forward some traffic to stewart's machine
2019-05-22 19:23:41 +08:00
8d77380ff3
nixbld: disable ARTIQ manual caching in nginx
2019-05-22 19:23:21 +08:00
ff6d082fc3
Revert "nixbld: refactor hydra-www-outputs to generate etags for nginx"
...
This reverts commit 8e3f1cc5a0
.
2019-05-22 19:21:40 +08:00
8f051e300f
Revert "nixbld: hydra-www-outputs-init before nginx.service"
...
This reverts commit 74bfc361e1
.
2019-05-22 19:21:39 +08:00
74bfc361e1
nixbld: hydra-www-outputs-init before nginx.service
...
the service creates nginx config include files.
2019-05-22 01:54:10 +02:00
8e3f1cc5a0
nixbld: refactor hydra-www-outputs to generate etags for nginx
...
Should again resolve Gitea issue #12
2019-05-21 21:41:12 +02:00
e7eedf0f48
nixbld: centralize package overrides
2019-05-21 16:47:47 +08:00
45c2ce2f0c
nixbld: set up forum
2019-05-21 16:08:54 +08:00
71d631d416
nixbld: gather and serve artiq-manual from hydra outputs
...
Should resolve Gitea issue #12 .
2019-05-20 18:58:57 +02:00
58f5901897
print path to docs in hydra-queue-runner logs
2019-05-20 09:57:32 +08:00
9fed94be78
make jq accessible in hydra runcommand
2019-05-20 09:57:04 +08:00
4b78fb8124
enable docker
2019-05-20 09:20:28 +08:00
07af1db124
get SSL certificate for hooks.m-labs.hk
2019-05-20 09:18:21 +08:00
0796a9efa1
disable notifico for now
2019-05-20 09:18:10 +08:00
b91e17ea78
gitea: allows all file types for attachments
2019-05-20 09:08:39 +08:00
25de5790cd
nixbld: add hydra runcommand config for artiq-manual pkgs
...
preparation for gitea issue #12
2019-05-13 18:35:27 +02:00
b1b21e9c25
nixbld: add /gateware.html redirect to nginx
...
gitea issue #11
2019-05-13 18:17:42 +02:00
28879f2c89
nixbld: fix ssl for nginx hooks+notifico vhosts
2019-05-13 17:18:04 +02:00
5f5aa32341
nixbld: move services.redis into notifico/nixos-module
2019-05-13 16:23:48 +02:00
50407d2b86
nixbld: integrate notifico
...
gitea issue #9
2019-05-13 02:10:04 +02:00
1facdd7755
notifico/pkg: clean up
2019-05-10 00:43:21 +02:00
7cffd4f8f8
add notifico/pkg
2019-05-10 00:41:11 +02:00
141cb709de
homu: fixes
2019-05-04 17:48:19 +08:00
3a4d24b062
nixbld: remove fixed UIDs
...
https://github.com/NixOS/nixpkgs/issues/60732#issuecomment-488829636
2019-05-03 16:40:04 +08:00
304bb235b5
nixbld: put static UIDs away from automatic range
2019-05-02 16:09:44 +08:00
b47e660c2f
enable homu
2019-05-02 13:54:21 +08:00
ad2fe47688
homu: do not put configuration file in nix
...
* issue with multiline string values
* slight security problem
2019-05-02 13:53:34 +08:00
9d29f4fccc
add whitequark user
2019-05-02 13:18:31 +08:00
cbc1df481b
remove buildbot.m-labs.hk
2019-05-02 13:09:46 +08:00
d78930d09a
nixbld: set some security options
2019-05-02 13:06:07 +08:00
9805090d9e
homu: run under separate static user/group
2019-04-30 22:50:26 +02:00
f684ad7f55
homu: prepare nixos integration
...
gitea issue #10
2019-04-30 22:38:58 +02:00
96cfa7b55f
disable matterbridge for github bot notifications
2019-04-26 21:23:33 +08:00
be406bd0c7
move mattermostgithub config to /etc/nixos/secret
2019-04-26 19:21:00 +08:00
c0601e0f65
wrap mattermost-github-integration with uwsgi, add to nixbld
2019-04-26 00:16:33 +02:00
2365add996
move mattermost-github-integration, explicit imports
2019-04-25 17:34:00 +02:00
f6ebe4a88d
add homu package
2019-04-23 17:02:34 +08:00
816ead8b96
add astro user
2019-04-21 10:44:14 +08:00
87a664721b
set up wireshark
2019-04-21 10:44:08 +08:00
7487560b10
host website
2019-04-21 10:43:48 +08:00
448934fe6e
add rj
2019-04-18 19:49:02 +08:00
48fb502658
enable mosh
2019-04-18 19:48:58 +08:00
3e0bfb6558
fix VNC
2019-04-18 19:48:42 +08:00
d16f6ed141
fix SSH key location
2019-04-14 18:35:01 +08:00
c2cf0b08fa
enable SSH X11 forwarding
...
X11's crappy "network transparent" protocol is somewhat usable with a wired GbE connection straight to the server.
2019-04-14 18:33:06 +08:00