Sebastien Bourdeauducq
e89afabdfb
nixbld: isolate wifi network. Closes #20
2019-10-15 19:42:26 +08:00
Sebastien Bourdeauducq
dd490121b6
nixbld: filter CUPS access using firewall
...
CUPS listenAddresses is problematic.
2019-10-15 19:20:32 +08:00
Sebastien Bourdeauducq
f3fe798126
nixbld: disable libvirtd ( #20 )
2019-10-15 17:26:51 +08:00
Sebastien Bourdeauducq
c0c9af04d4
nixbld: add openhardware.hk site
2019-10-09 21:33:37 +08:00
Sebastien Bourdeauducq
a85a16ff73
nixbld: remove fractalide
2019-10-09 21:08:12 +08:00
Sebastien Bourdeauducq
dfe48379c5
nixbld: document secret permissions
2019-10-09 10:41:15 +08:00
Sebastien Bourdeauducq
6a09d1cc6f
nixbld: add QF users
2019-09-30 10:33:28 +08:00
Sebastien Bourdeauducq
e05fd797fd
nixbld: install gdb system-wide
2019-09-30 10:33:28 +08:00
Sebastien Bourdeauducq
771b91f4f3
nixbld: support yubikey+password 2FA
2019-09-22 20:25:03 +08:00
Sebastien Bourdeauducq
099b7dee2a
nixbld: store email account info in /etc/nixos/secret
2019-09-19 09:44:34 +08:00
Sebastien Bourdeauducq
d28167badf
Revert "nixbld: use store_uri for hydra"
...
secret-key should not be used with the local store (https://github.com/NixOS/hydra/issues/679#issuecomment-532607341 )
This reverts commit ef80154c64
.
2019-09-18 18:46:18 +08:00
Sebastien Bourdeauducq
ef80154c64
nixbld: use store_uri for hydra
...
Note that binary_cache_secret_key_file is actually not ignored, contrary to what the hydra warning message says.
binary_cache_secret_key_file is used by the perl code, when hydra itself as acting as a binary cache (over http), but store-uri is used by the c++ code, when the queue-runner is copying artifacts into whatever the store-uri is
This mess ought to be cleaned up in hydra at some point.
2019-09-18 17:35:39 +08:00
Sebastien Bourdeauducq
361d7445a5
nixbld: cleanup
2019-09-18 15:38:07 +08:00
Sebastien Bourdeauducq
0f45d03e32
nixbld: fix flarum 'bad gateway' error
2019-09-18 14:23:14 +08:00
Sebastien Bourdeauducq
f531f0c0d7
nixbld: add IPv6 tunnel
2019-09-18 12:38:35 +08:00
Sebastien Bourdeauducq
9ea3e2e47b
nixbld: factor out network interface names
2019-09-18 12:20:03 +08:00
Sebastien Bourdeauducq
3bd0f2c1e9
nixbld: LAN router
...
Replaces OpenWrt router that was limited to 100Mbps (new fiber is 300Mbps).
2019-09-18 12:13:10 +08:00
Sebastien Bourdeauducq
44018d0a56
nixbld: handle upstream patches properly in overridden packages
2019-09-18 11:57:13 +08:00
Sebastien Bourdeauducq
8efe227959
nixbld: NixOS 19.09 fixes
2019-09-17 17:22:43 +08:00
Sebastien Bourdeauducq
4f648fba07
nixbld: fix nginx alias_traversal configuration issue
...
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
2019-09-17 16:40:22 +08:00
Sebastien Bourdeauducq
bd9062421d
nixbld: enable apparmor
...
This doesn't do much for now and apparmor support needs some work, but this enables the
kernel boot options so we can fix apparmor later without having to reboot the server.
2019-09-16 09:32:58 +08:00
Sebastien Bourdeauducq
b8b6fdbba5
nixbld: add prototype mail server
2019-09-13 12:48:51 +08:00
Sebastien Bourdeauducq
40e87731e0
nixbld: enable UPS monitoring
2019-09-11 17:37:59 +08:00
Sebastien Bourdeauducq
350701c682
nixbld: update installed packages
2019-09-05 16:47:01 +08:00
Sebastien Bourdeauducq
8a8f987098
nixbld: act as wifi access point
2019-09-05 15:27:44 +08:00
Astro
dc3cc3f596
nixbld: run hydra hooks for artiq-manual only on success
...
should fix GH issue #18
2019-08-14 00:05:04 +02:00
Sebastien Bourdeauducq
f92d6b96f4
nixbld: disable docker
2019-08-01 10:37:47 +08:00
Sebastien Bourdeauducq
405492b2e9
nixbld: add fish shell
2019-07-31 22:48:42 +08:00
Sebastien Bourdeauducq
a86f29733e
nixbld: redirect old artiq resources page
2019-07-31 22:48:42 +08:00
Sebastien Bourdeauducq
552b872bac
nixbld: add legacy migen manual URL
2019-07-29 11:44:48 +08:00
Sebastien Bourdeauducq
820ede4ac3
nixbld: optimize web server settings
2019-07-27 11:27:28 +08:00
Sebastien Bourdeauducq
049ef39c29
remove ARTIQ-2 manual
2019-07-27 10:38:06 +08:00
Sebastien Bourdeauducq
4d0c0e295a
nixbld: use custom 404 page
2019-07-26 21:29:54 +08:00
Sebastien Bourdeauducq
06e8e67d10
nixbld: increase max push size for HTTPS gitea
2019-07-22 19:34:07 +08:00
Sebastien Bourdeauducq
af31db6d21
nixbld: add ARTIQ-4 manual legacy URL
2019-07-22 19:32:18 +08:00
Sebastien Bourdeauducq
00de3141b0
nixbld: update fractalide settings
2019-07-19 16:24:04 +08:00
Sebastien Bourdeauducq
618486ca8a
nixbld: update web settings
2019-07-19 16:23:47 +08:00
Sebastien Bourdeauducq
78caeebf02
serve website from hydra
2019-07-19 15:57:35 +08:00
Sebastien Bourdeauducq
5326cab419
use recommended nginx patch
2019-07-19 15:19:39 +08:00
Sebastien Bourdeauducq
c134bfd3c1
web fixes and improvements
2019-07-19 15:00:06 +08:00
Sebastien Bourdeauducq
4d9e1f6e36
nixbld: redirect old URLs
2019-07-18 23:25:35 +08:00
Sebastien Bourdeauducq
5173a26468
nixbld: ignore broken conda-generated index.html
2019-07-18 00:47:18 +08:00
Sebastien Bourdeauducq
f51d24ac2e
nixbld: publish conda channel on WWW
2019-07-18 00:20:05 +08:00
Sebastien Bourdeauducq
dfa2a4017e
nixbld: update documentation jobset name
2019-07-18 00:10:33 +08:00
Sebastien Bourdeauducq
41a19cbf34
update stewart settings
2019-07-01 22:53:39 +08:00
Sebastien Bourdeauducq
8d9faac567
backup: exclude gitea archives
2019-07-01 22:53:03 +08:00
Sebastien Bourdeauducq
9e796e5073
nixbld: add password on munin output
2019-06-24 18:54:44 +08:00
Sebastien Bourdeauducq
e149012443
backup: fix improper copy/paste
2019-06-01 16:05:41 +08:00
Sebastien Bourdeauducq
b01f6aee27
ensure hydra does not fill hard disk
2019-05-29 15:48:59 +08:00
Sebastien Bourdeauducq
3da02d5f47
raise hydra max_output_size
...
Anaconda is large and reinstalling it sometimes goes over that limit.
2019-05-29 15:32:19 +08:00
Sebastien Bourdeauducq
5f7def845a
nixbld: forward more traffic to stewart's machine
2019-05-27 00:42:50 +08:00
Sebastien Bourdeauducq
7882767a71
nixbld: back up more
2019-05-25 00:31:32 +08:00
Sebastien Bourdeauducq
42fac07c85
nixbld: add simple backups (WIP)
2019-05-24 15:19:33 +08:00
Sebastien Bourdeauducq
64eaa90250
nixbld: enable munin
2019-05-24 10:26:59 +08:00
Sebastien Bourdeauducq
898e81abc3
nixbld: forward some traffic to stewart's machine
2019-05-22 19:23:41 +08:00
Sebastien Bourdeauducq
8d77380ff3
nixbld: disable ARTIQ manual caching in nginx
2019-05-22 19:23:21 +08:00
Sebastien Bourdeauducq
ff6d082fc3
Revert "nixbld: refactor hydra-www-outputs to generate etags for nginx"
...
This reverts commit 8e3f1cc5a0
.
2019-05-22 19:21:40 +08:00
Sebastien Bourdeauducq
8f051e300f
Revert "nixbld: hydra-www-outputs-init before nginx.service"
...
This reverts commit 74bfc361e1
.
2019-05-22 19:21:39 +08:00
Astro
74bfc361e1
nixbld: hydra-www-outputs-init before nginx.service
...
the service creates nginx config include files.
2019-05-22 01:54:10 +02:00
Astro
8e3f1cc5a0
nixbld: refactor hydra-www-outputs to generate etags for nginx
...
Should again resolve Gitea issue #12
2019-05-21 21:41:12 +02:00
Sebastien Bourdeauducq
e7eedf0f48
nixbld: centralize package overrides
2019-05-21 16:47:47 +08:00
Sebastien Bourdeauducq
45c2ce2f0c
nixbld: set up forum
2019-05-21 16:08:54 +08:00
Astro
71d631d416
nixbld: gather and serve artiq-manual from hydra outputs
...
Should resolve Gitea issue #12 .
2019-05-20 18:58:57 +02:00
Sebastien Bourdeauducq
58f5901897
print path to docs in hydra-queue-runner logs
2019-05-20 09:57:32 +08:00
Sebastien Bourdeauducq
9fed94be78
make jq accessible in hydra runcommand
2019-05-20 09:57:04 +08:00
Sebastien Bourdeauducq
4b78fb8124
enable docker
2019-05-20 09:20:28 +08:00
Sebastien Bourdeauducq
07af1db124
get SSL certificate for hooks.m-labs.hk
2019-05-20 09:18:21 +08:00
Sebastien Bourdeauducq
0796a9efa1
disable notifico for now
2019-05-20 09:18:10 +08:00
Sebastien Bourdeauducq
b91e17ea78
gitea: allows all file types for attachments
2019-05-20 09:08:39 +08:00
Astro
25de5790cd
nixbld: add hydra runcommand config for artiq-manual pkgs
...
preparation for gitea issue #12
2019-05-13 18:35:27 +02:00
Astro
b1b21e9c25
nixbld: add /gateware.html redirect to nginx
...
gitea issue #11
2019-05-13 18:17:42 +02:00
Astro
28879f2c89
nixbld: fix ssl for nginx hooks+notifico vhosts
2019-05-13 17:18:04 +02:00
Astro
5f5aa32341
nixbld: move services.redis into notifico/nixos-module
2019-05-13 16:23:48 +02:00
Astro
50407d2b86
nixbld: integrate notifico
...
gitea issue #9
2019-05-13 02:10:04 +02:00
Astro
1facdd7755
notifico/pkg: clean up
2019-05-10 00:43:21 +02:00
Astro
7cffd4f8f8
add notifico/pkg
2019-05-10 00:41:11 +02:00
Sebastien Bourdeauducq
141cb709de
homu: fixes
2019-05-04 17:48:19 +08:00
Sebastien Bourdeauducq
3a4d24b062
nixbld: remove fixed UIDs
...
https://github.com/NixOS/nixpkgs/issues/60732#issuecomment-488829636
2019-05-03 16:40:04 +08:00
Sebastien Bourdeauducq
304bb235b5
nixbld: put static UIDs away from automatic range
2019-05-02 16:09:44 +08:00
Sebastien Bourdeauducq
b47e660c2f
enable homu
2019-05-02 13:54:21 +08:00
Sebastien Bourdeauducq
ad2fe47688
homu: do not put configuration file in nix
...
* issue with multiline string values
* slight security problem
2019-05-02 13:53:34 +08:00
Sebastien Bourdeauducq
9d29f4fccc
add whitequark user
2019-05-02 13:18:31 +08:00
Sebastien Bourdeauducq
cbc1df481b
remove buildbot.m-labs.hk
2019-05-02 13:09:46 +08:00
Sebastien Bourdeauducq
d78930d09a
nixbld: set some security options
2019-05-02 13:06:07 +08:00
Astro
9805090d9e
homu: run under separate static user/group
2019-04-30 22:50:26 +02:00
Astro
f684ad7f55
homu: prepare nixos integration
...
gitea issue #10
2019-04-30 22:38:58 +02:00
Sebastien Bourdeauducq
96cfa7b55f
disable matterbridge for github bot notifications
2019-04-26 21:23:33 +08:00
Sebastien Bourdeauducq
be406bd0c7
move mattermostgithub config to /etc/nixos/secret
2019-04-26 19:21:00 +08:00
Astro
c0601e0f65
wrap mattermost-github-integration with uwsgi, add to nixbld
2019-04-26 00:16:33 +02:00
Astro
2365add996
move mattermost-github-integration, explicit imports
2019-04-25 17:34:00 +02:00
Sebastien Bourdeauducq
f6ebe4a88d
add homu package
2019-04-23 17:02:34 +08:00
Sebastien Bourdeauducq
816ead8b96
add astro user
2019-04-21 10:44:14 +08:00
Sebastien Bourdeauducq
87a664721b
set up wireshark
2019-04-21 10:44:08 +08:00
Sebastien Bourdeauducq
7487560b10
host website
2019-04-21 10:43:48 +08:00
Sebastien Bourdeauducq
448934fe6e
add rj
2019-04-18 19:49:02 +08:00
Sebastien Bourdeauducq
48fb502658
enable mosh
2019-04-18 19:48:58 +08:00
Sebastien Bourdeauducq
3e0bfb6558
fix VNC
2019-04-18 19:48:42 +08:00
Sebastien Bourdeauducq
d16f6ed141
fix SSH key location
2019-04-14 18:35:01 +08:00
Sebastien Bourdeauducq
c2cf0b08fa
enable SSH X11 forwarding
...
X11's crappy "network transparent" protocol is somewhat usable with a wired GbE connection straight to the server.
2019-04-14 18:33:06 +08:00
Sebastien Bourdeauducq
4e002f8751
patch hydra instead of using forked repos
2019-04-14 18:32:01 +08:00