Commit Graph

230 Commits

Author SHA1 Message Date
Sebastien Bourdeauducq 6d31b77f0e add .ph site 2023-03-23 15:22:25 +08:00
Sebastien Bourdeauducq ff37c5949e nixbld: add esavkin 2023-03-03 18:29:45 +08:00
Sebastien Bourdeauducq 8ea7b06218 remove therobs12 user 2023-02-16 11:55:29 +08:00
Sebastien Bourdeauducq c9f774d011 nixbld: install labelprinter 2023-02-10 18:26:12 +08:00
Sebastien Bourdeauducq 9babd68652 nixbld: give backupdl access to nextcloud 2023-01-31 15:41:15 +08:00
Sebastien Bourdeauducq b3f5f687aa nixbld: cleanup backupdl keys 2023-01-30 16:14:12 +08:00
Sebastien Bourdeauducq af27584100 nixbld: remove topquark12 user 2023-01-30 16:12:13 +08:00
Sebastien Bourdeauducq 4c7a2dfce3 nixbld: label printer permissions 2023-01-30 16:12:00 +08:00
Sebastien Bourdeauducq 30fa569bdc nixbld: block more insecure devices 2023-01-30 16:08:27 +08:00
Sebastien Bourdeauducq 9dee7c1888 nixbld: update backupdl key 2023-01-29 20:19:05 +08:00
Sebastien Bourdeauducq 0faa05aec3 nixbld: add back qnetp DNS 2023-01-29 18:29:16 +08:00
Sebastien Bourdeauducq faff3a5eef nixbld: relocation 2023-01-29 12:11:31 +08:00
Sebastien Bourdeauducq 3210289ebf fix *.mil DNS lookups 2023-01-28 09:54:13 +08:00
Sebastien Bourdeauducq dd0ebf1c47 nixbld: move to he.net DNS 2023-01-27 14:48:14 +08:00
Sebastien Bourdeauducq fb54880765 nixbld: start rt-fetchmail after dovecot 2023-01-04 11:54:30 +08:00
Sebastien Bourdeauducq ea0b7d6dc7 nixbld: enable POP3 2022-12-25 11:07:02 +08:00
Sebastien Bourdeauducq 3b224c56aa nixbld: ignore local IP for fail2ban 2022-12-24 15:42:35 +08:00
Sebastien Bourdeauducq 15d99bc68b nixbld: persist DNSSEC private key
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
Sebastien Bourdeauducq 70a7ce5d30 nixbld: remove obsolete ssh key 2022-12-03 17:14:23 +08:00
Sebastien Bourdeauducq 2af492e37e nixbld: NixOS 22.11 2022-12-03 16:29:32 +08:00
Sebastien Bourdeauducq 88dd1a5fc4 nixbld: update therobs shell 2022-11-11 17:58:10 +08:00
Sebastien Bourdeauducq cecda7e28b nixbld: update users 2022-11-11 17:46:10 +08:00
Sebastien Bourdeauducq 2d9b7767a6 nixbld: enable aarch64-linux binfmt emulation 2022-11-09 21:14:11 +08:00
Sebastien Bourdeauducq fb745a11e3 nixbld: new msys2 repos 2022-11-03 19:09:35 +08:00
Sebastien Bourdeauducq 0c8019516d nixbld: fix bind DNSSEC configuration for new version
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
Sebastien Bourdeauducq d2bfca1f25 nixbld: serve nmigen docs 2022-09-27 11:07:13 +08:00
Sebastien Bourdeauducq 9bc617a019 nixbld: fix munin auth 2022-09-23 11:00:49 +08:00
Sebastien Bourdeauducq e2e4b0842a nixbld: add yuk account 2022-09-21 10:12:25 +08:00
Sebastien Bourdeauducq 382c8bfaab nixbld: add aux key for backupdl 2022-09-17 19:19:00 +08:00
Sebastien Bourdeauducq ac022776e7 nixbld: SSH reverse proxy setup 2022-09-17 19:13:54 +08:00
Sebastien Bourdeauducq e9b02d0c72 nixbld: disable kk105 account 2022-09-13 08:50:16 +08:00
Sebastien Bourdeauducq 365ec54358 nixbld: install hedgedoc 2022-09-01 11:39:47 +08:00
Sebastien Bourdeauducq dc08412ba2 update email settings 2022-08-13 11:22:01 +08:00
Sebastien Bourdeauducq a517d429ab work around Google DNS geolocation fuckup 2022-08-12 18:37:42 +08:00
Sebastien Bourdeauducq 7dc4866314 nixbld: more email setup 2022-08-09 17:45:26 +08:00
Sebastien Bourdeauducq 5f7cb6113e nixbld: block siglent internet 2022-08-03 12:52:26 +08:00
Sebastien Bourdeauducq a147bb3883 nixbld: add topquark12 2022-07-31 19:40:45 +08:00
Sebastien Bourdeauducq 80ee7911cd nixbld: disable jitsi
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
Sebastien Bourdeauducq 66d7dd6efe nixbld: enable more fail2ban filters 2022-07-25 18:33:24 +08:00
Sebastien Bourdeauducq 93a40ea87d nixbld: reduce gitea spamminess 2022-07-25 18:33:08 +08:00
Sebastien Bourdeauducq e5250c88fb nixbld: web/hydra setup for flakes in ARTIQ stable 2022-07-08 19:00:38 +08:00
Sebastien Bourdeauducq 048863593a nixbld: remove obsolete ACME workaround 2022-07-04 16:22:40 +08:00
Sebastien Bourdeauducq 328a85c504 nixbld: install nextcloud 2022-06-30 17:33:09 +08:00
Sebastien Bourdeauducq 3ef19cbe93 nixbld: m-labs.hk DNS zone 2022-06-28 14:44:14 +08:00
Sebastien Bourdeauducq 6333165321 nixbld: setup email server for m-labs.hk 2022-06-27 18:17:30 +08:00
Sebastien Bourdeauducq 8bc44199fc nixbld: make bind CLI tools available 2022-06-27 18:16:38 +08:00
Sebastien Bourdeauducq 08ab958a76 nixbld: use semi-automatic DNSSEC 2022-06-27 13:08:16 +08:00
Sebastien Bourdeauducq 3909d7428d nixbld: DNS server (WIP) 2022-06-26 16:57:17 +08:00
Sebastien Bourdeauducq 70ad63ca56 nixbld: block internet access on insecure device 2022-06-23 15:33:37 +08:00
Sebastien Bourdeauducq 6cb5c84a9b nixbld: enable mail server again 2022-06-18 13:58:51 +08:00
Sebastien Bourdeauducq 7f599bdbc9 nixbld: remove gitea patch (merged upstream) 2022-06-07 10:17:15 +08:00
Sebastien Bourdeauducq ae5e85d611 nixbld: re-add networked derivations patch 2022-06-04 13:52:21 +08:00
Sebastien Bourdeauducq 5354daf585 nixbld: NixOS 22.05 2022-05-26 12:12:14 +08:00
Sebastien Bourdeauducq cb75072f15 nixbld: add kk105 2022-05-26 10:57:19 +08:00
Sebastien Bourdeauducq da3a82a52d nixbld: add spaqin 2022-05-06 16:55:00 +08:00
Sebastien Bourdeauducq aba22c34ca nixbld: add nkrackow 2022-05-05 19:23:40 +08:00
Sebastien Bourdeauducq a58a613418 nixbld: add .science tld 2022-04-14 12:17:22 +08:00
Sebastien Bourdeauducq 61c008ff43 nixbld: publish msys2 repos on web 2022-04-05 11:14:17 +08:00
Sebastien Bourdeauducq a8d28d2cbc hydra: add msys2 type 2022-04-04 15:05:39 +08:00
Sebastien Bourdeauducq 28ca789aae nixbld: use flake output for beta conda channel 2022-02-12 18:50:08 +08:00
Sebastien Bourdeauducq 0c04f014d7 nixbld: use sipyco flake output for manual 2022-02-12 11:23:19 +08:00
Sebastien Bourdeauducq d4c36b8cfd nixbld: use ARTIQ flake output for manual 2022-02-12 10:19:15 +08:00
Sebastien Bourdeauducq 0b8aa97192 nixbld: run AFWS server 2022-02-07 14:31:37 +08:00
Sebastien Bourdeauducq 995f8897a4 nixbld: work around hidden hydra sudo dependency 2022-01-17 18:48:23 +08:00
Sebastien Bourdeauducq 910506d3e4 nixbld: enable fail2ban 2022-01-03 14:34:57 +08:00
Sebastien Bourdeauducq ec7e9209f5 nixbld: improve root account security 2022-01-03 13:46:57 +08:00
Sebastien Bourdeauducq b70908f864 nixbld: restrict maxJobs again to avoid Vivado OOM 2021-12-03 11:03:36 +08:00
Sebastien Bourdeauducq a0cb49b59d nixbld: nixos 21.11 2021-12-01 18:11:06 +08:00
Sebastien Bourdeauducq 628e5fb9d7 nixbld: cleanup buildMachines 2021-11-25 10:42:01 +08:00
Sebastien Bourdeauducq c5c22da2ba nixbld: update nixops 2021-11-24 23:57:18 +08:00
Sebastien Bourdeauducq 8114dcfb6d nixbld: remove memtest86 2021-11-24 23:57:06 +08:00
Sebastien Bourdeauducq f5ff63b74b nixbld: remove hkadmin 2021-11-22 12:19:00 +08:00
Sebastien Bourdeauducq 813b4831c6 nixbld: cleanup 2021-11-22 12:17:58 +08:00
Sebastien Bourdeauducq c75cf3456b nixbld: improve backup
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
Sebastien Bourdeauducq 7342601788 nixbld: add occheung user 2021-11-11 12:12:46 +08:00
Sebastien Bourdeauducq 00d29eba4d nixbld: install borgbackup 2021-09-18 16:35:25 +08:00
Sebastien Bourdeauducq 82e161dba3 hydra: hack-patch allowed URIs to work around Nix issue #5039 2021-09-01 19:59:23 +08:00
Sebastien Bourdeauducq 4ce9c2a718 nixbld: enable flakes 2021-08-18 14:53:01 +08:00
Sebastien Bourdeauducq c96b3793c4 rt: persistent sessions 2021-08-12 13:39:53 +08:00
Sebastien Bourdeauducq 223ab96b5a nixbld: fix RT SSL 2021-08-11 12:02:33 +08:00
Sebastien Bourdeauducq 0e548d1eff nixbld: handle incoming RT emails 2021-08-11 11:57:05 +08:00
Sebastien Bourdeauducq e3578011a5 rt: email setup WIP 2021-08-11 10:54:24 +08:00
Sebastien Bourdeauducq d9536ff5db rt: fix API security problem 2021-08-11 10:54:12 +08:00
Sebastien Bourdeauducq a97302a80a nixbld: RT working, no mail 2021-08-10 21:28:14 +08:00
Sebastien Bourdeauducq ef3544f8f3 nixbld: publish conda channel archives 2021-08-10 19:08:25 +08:00
Sebastien Bourdeauducq 01212b4e51 nixbld: install iw and nvme-cli 2021-08-09 13:32:37 +08:00
Sebastien Bourdeauducq adccf47d3c nixbld: wifi problems 2021-08-09 13:32:18 +08:00
Sebastien Bourdeauducq 7d073e371c nixbld: add github backups 2021-08-07 17:47:16 +08:00
Sebastien Bourdeauducq 4c394a0976 nixbld: wifi problems 2021-08-07 17:45:53 +08:00
Sebastien Bourdeauducq 9474dfa3a2 nixbld: fix stateVersion 2021-08-07 13:19:47 +08:00
Sebastien Bourdeauducq 58252a93a4 nixbld: new server 2021-08-07 12:24:31 +08:00
Sebastien Bourdeauducq b7a49505bc nixbld: end mailserver experiment
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.

https://support.google.com/mail/answer/10336?p=NotAuthorizedError

Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
Sebastien Bourdeauducq b7cef86473 nixbld: nixos 21.05 2021-06-07 09:56:05 +08:00
Sebastien Bourdeauducq 3b4f5d27c8 nixbld: reduce zfs scrub frequency 2021-05-28 16:07:09 +08:00
Sebastien Bourdeauducq 2f8d46d872 nixbld: update for newer hydra (2021-05-03) 2021-05-13 15:46:52 +08:00
Sebastien Bourdeauducq 7b6ed95090 nixbld: disable Nix flarum module
hacky and buggy

https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
Sebastien Bourdeauducq a680baed40 nixbld: fix hydra-send-stats 2021-04-24 18:19:33 +08:00
Sebastien Bourdeauducq 536a134b32 nixbld: Hydra sysbuild patch merged upstream
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
Sebastien Bourdeauducq 7d04f99e33 nixbld: implement fbda8b064 correctly 2021-04-05 00:08:44 +08:00
Sebastien Bourdeauducq fbda8b0643 nixbld: disable IPv6 DAD
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00
Sebastien Bourdeauducq dbc288c813 fix IP for rpi-5, rename to rpi-ext 2021-03-05 18:57:20 +08:00
Sebastien Bourdeauducq a2a7b7458f nixbld: route ext wifi network 2021-03-04 15:54:41 +08:00
Sebastien Bourdeauducq ed9746f3f4 nixbld: set up artiq-legacy 2021-02-17 16:09:20 +08:00
Sebastien Bourdeauducq ed42476712 nixbld: work around Gitea token syntax problem (#14) 2021-01-27 11:59:10 +08:00
Sebastien Bourdeauducq 6d7235dfc4 nixbld: freeze nixos-mailserver commit 2021-01-26 18:26:17 +08:00
Astro e94fc3ea85 hydra: add patch for, configure giteastatus plugin
Fixes M-Labs/nix-scripts#32
2021-01-25 21:17:54 +01:00
Sebastien Bourdeauducq 169876e211 nixbld: add account creation note to gitea signin page 2021-01-23 17:20:05 +08:00
Sebastien Bourdeauducq 6bc5b75ccb nixbld: fix gitea errors 500
https://github.com/go-gitea/gitea/issues/14274
2021-01-11 16:19:30 +08:00
Sebastien Bourdeauducq 1fa9caf1b8 nixbld: work around nixos bug with acme and local dns resolver
https://github.com/NixOS/nixpkgs/issues/106862
2020-12-21 13:04:24 +08:00
Sebastien Bourdeauducq 5ea921f80f nixbld: disable openhardware.hk 2020-11-06 15:05:33 +08:00
Sebastien Bourdeauducq 5322347cb2 nixbld: fix acme permissions 2020-11-06 14:58:35 +08:00
Sebastien Bourdeauducq cffeaeba23 nixbld: nixos 20.09 WIP 2020-11-06 14:33:07 +08:00
Sebastien Bourdeauducq 8f62706b08 nixbld: update users 2020-10-27 14:57:07 +08:00
Sebastien Bourdeauducq 9cd9eb43f4 nixbld: add static IPs for cora and rust-pitaya 2020-10-14 12:53:51 +08:00
Astro 4ec72130b1 nixbld: add Nix unstable patch for networked derivations
Fixes Gitea issue #7
2020-10-06 00:45:56 +02:00
Astro 8ad847c7fa hydra: configure githubstatus plugin
Part of M-Labs/nix-scripts#32
2020-09-02 19:55:15 +02:00
Sebastien Bourdeauducq e3690e50f0 nixbld: enable gitea code search 2020-08-31 17:39:28 +08:00
Astro 24e1201ab1 flarum: init 2020-08-22 02:25:43 +02:00
Sebastien Bourdeauducq 4d8214d00e nixbld: open firewall for jitsi-videobridge 2020-08-03 15:32:06 +08:00
Sebastien Bourdeauducq 420796a547 nixbld: install jitsi 2020-08-03 15:19:56 +08:00
Sebastien Bourdeauducq 5322606804 disable homu
Not used anymore.
2020-08-02 20:44:01 +08:00
Sebastien Bourdeauducq c6c392d10f Revert "hydra: move store to zfs"
This is a mess: https://github.com/NixOS/hydra/issues/796

This reverts commit ac2ea5621d.
2020-07-29 19:03:34 +08:00
Sebastien Bourdeauducq ac2ea5621d hydra: move store to zfs 2020-07-26 23:53:04 +08:00
Sebastien Bourdeauducq 2cdff2b132 nixbld: turn on zfs autosnapshot 2020-07-26 22:29:38 +08:00
Sebastien Bourdeauducq d2f7181a1f nixbld: continue zfs setup 2020-07-26 22:21:31 +08:00
Sebastien Bourdeauducq deaf3e9e75 nixbld: enable ZFS 2020-07-25 19:21:41 +08:00
Sebastien Bourdeauducq 805a3e33ad nixbld: add Nix 'networked' derivations
This obsoletes the fixed-output derivation hack previously used on Hydra, and the associated retry patch.
2020-07-04 16:02:30 +08:00
Astro 45037cb464 nixbld: add hydra-restrictdist.patch
Preparation for M-Labs/nix-scripts#26
2020-06-26 20:20:03 +02:00
Sebastien Bourdeauducq a595a5b8ce update static IP allocation 2020-06-24 11:06:35 +08:00
Sebastien Bourdeauducq 5a0afc48d4 import from nix-scripts 2020-06-20 17:54:21 +08:00