Commit graph

161 commits

Author SHA1 Message Date
Magic_RB fabd23d92d
Fix dns zone for in.redalder.org
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-27 22:36:47 +02:00
Magic_RB 3dd66e0a9b
Add altra to DNS
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-27 21:04:21 +02:00
Magic_RB bd556bcc11
Reduce watchdog reboot time to 3 minutes
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-20 12:35:50 +02:00
Magic_RB 369b6ddadf
Enable Serial over Lan on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-20 12:35:34 +02:00
Magic_RB 5d516e080b Add new Minecraft modules and containers
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-19 00:37:47 +02:00
Magic_RB 0f0ebf822a
Fix wrong interface on nomad on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-18 11:47:43 +02:00
Magic_RB 686582722c
Fix wrong mount for vault on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-18 11:45:01 +02:00
Magic_RB 361e6b2065
Add ipmi_watchdog to blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-18 11:44:48 +02:00
Magic_RB cbc32aef09
Disable wlan on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-18 11:44:27 +02:00
Magic_RB f0cf4e1a54
Move Consul and Vault onto ZFS on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-10 23:36:07 +02:00
Magic_RB a5075271b4
Update inputs
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-10 23:35:56 +02:00
Magic_RB 9bc92124ed
Adjust firewall on blowhole to new motherboard
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-09 23:54:19 +02:00
Magic_RB de00d86dc4
Accept wireguard on the WAN interface
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-07-09 23:44:15 +02:00
Magic_RB 005cfe5eb1
Disable hostapd on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 21:53:17 +02:00
Magic_RB a64b46e61a
Make vault-agent not freak out on failed service restarts
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 21:52:45 +02:00
Magic_RB 39742dc4a2
Mark camera mount as nofail
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 14:25:51 +02:00
Magic_RB e73ff8a96a
Remove wacky NAS mounts, they're handled by ZFS natively now
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 14:25:16 +02:00
Magic_RB 8cfde06cdd
Switch jellyfin to a host volume and add new share for media
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 14:25:00 +02:00
Magic_RB 004cfb039b
Harden blowhole agains sealed Vault
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-28 14:23:08 +02:00
Magic_RB 134082a1da
Fix mainsail http path
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-19 02:40:50 +02:00
Magic_RB 9c0c892050
Fix blowhole nomad network
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-19 02:05:35 +02:00
Magic_RB c38b7e1918
Allow communication between containers
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-19 01:10:07 +02:00
Magic_RB ca2f480255
Fix incorrect flake host
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-19 00:55:05 +02:00
Magic_RB 637dc2877f
Permit unsupported envoy version
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-19 00:30:07 +02:00
Magic_RB de385c1d60
Fix nomad on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-18 23:20:10 +02:00
Magic_RB 64db0229c0
Fix failed evaluation without secrets in blowhole/firewall.nix
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-18 20:08:35 +02:00
Magic_RB 3b5a09f9cb
Enable the extension of lib
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-18 20:07:47 +02:00
Magic_RB fed32ecfca Possibly functional blowhole configuration
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-16 16:08:09 +02:00
Magic_RB b673fb12c1
Clean out the repository
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-06-10 10:34:14 +02:00
Magic_RB 8ce216d3f3
Add second DoH endpoint to proxy
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 16:14:30 +02:00
Magic_RB 6fdfe3511a
Rename stubby to dnscrypt-proxy2 in nftables comment on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:51:14 +02:00
Magic_RB 1b63b0aa1a
Allow containers in Nomad to reach Nomad
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:50:39 +02:00
Magic_RB 6bab5c1707
Switch out stubby for dnscrypt-proxy2
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:48:13 +02:00
Magic_RB 2b707885ab
Fixup klipper container
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:47:48 +02:00
Magic_RB 602b194cf8
Fix restarting of monitoring proxies by vault-agent
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:47:20 +02:00
Magic_RB 6f2ed9250a
Fix vault-agent restart on blowhole breaking klipper
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:46:56 +02:00
Magic_RB d8dce01fc1
Add nomad and matrix to internal DNS
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-28 12:46:27 +02:00
Magic_RB 9bd3b12c4a
Increase watchdog times on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-03 12:12:47 +02:00
Magic_RB eaa22d8e4c
Take logs from Docker
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-03 12:12:13 +02:00
Magic_RB 9a50d57305
Include extra labels in Docker from Nomad
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-03 12:11:43 +02:00
Magic_RB afa6ce6247
Fix hostapd mac address passwords
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-02 14:44:15 +02:00
Magic_RB 30ba25f277
Enable InfluxDB provider and provision Grafana
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-05-02 14:41:55 +02:00
Magic_RB 0804d717fc
consul on blowhole change loglevel go INFO
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-23 23:23:06 +02:00
Magic_RB 22a76d6274
Fix klipper envoy tokens on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-16 11:57:22 +02:00
Magic_RB a4dc73f311
Repin nixpkgs for hashicorp things
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-16 11:47:53 +02:00
Magic_RB eec8f409d6
Don't block outgoing DoT traffic, iifname doesn't work in output
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-04 00:41:25 +02:00
Magic_RB d2374ad9f6
Revert "Add codespace container"
This reverts commit 48066a7e0d.

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 18:40:20 +02:00
Magic_RB 48066a7e0d
Add codespace container
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 18:37:57 +02:00
Magic_RB 8e3b1fc69d
Add monitoring container PoC
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 17:54:35 +02:00
Magic_RB 8b5c787b8a
Move klipper into NixOS container
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 17:45:14 +02:00
Magic_RB dfe57b87da
Fix hostapd with per mac address psk
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 13:23:10 +02:00
Magic_RB f8bbdc9a54
Use tf in blowhole uterranix config
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 02:12:16 +02:00
Magic_RB cdc6d1b263
Use nixpkgs-hashicorp for vault and vault-agent
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 02:11:08 +02:00
Magic_RB ba73eb214f
Switch nixinate host to domain for blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:33:20 +02:00
Magic_RB 0bd739cab7
Add watchdog to blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:32:57 +02:00
Magic_RB 0328cac478
Fix ipv6 issues on blowhole which break adb
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:32:36 +02:00
Magic_RB a55613fefa
Add tmpfiles configuration to hashicorp-vault-agent on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:31:37 +02:00
Magic_RB 807f776c35
Add new uterranix config
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:29:47 +02:00
Magic_RB 1877d128b3
Add domain for influx
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:28:33 +02:00
Magic_RB 3f7585af77
Use specific nixpkgs pin for Hashicorp stuff
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-03 01:26:58 +02:00
Magic_RB eae03c9699
fix DNS
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-03-28 00:06:49 +02:00
Magic_RB 27f1978d23
Make module imports in blowhole relative
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-03-06 00:32:20 +01:00
Magic_RB bbe1a2a6ad
Move secrets templates out of vault-agent module
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-03-06 00:30:29 +01:00
Magic_RB abad79541e
Simplify DNS zones
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-03-06 00:29:03 +01:00
Magic_RB a0a3ae2656
Get rid off the wireguard RestartSec hack
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-19 01:11:03 +01:00
Magic_RB f923362537
Update inputs
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-19 01:03:49 +01:00
Magic_RB 084eb2edb6
fixup network mounting on omen
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-16 14:46:20 +01:00
Magic_RB 648e6cf8c1
basic hostap config
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-14 20:18:11 +01:00
Magic_RB 5643d663cd
Allow mounting certain shares from omen
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-10 00:31:50 +01:00
Magic_RB 45df9165a1
Increase file limit for nfs-mountd
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-10 00:31:23 +01:00
Magic_RB dd50adb45f
Switch to the 4port intel NIC
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-10 00:30:41 +01:00
Magic_RB 065bfdf651 Create secrets folder for vault-agent
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-02 19:00:04 +01:00
Magic_RB 0f2139f5e5
Make a dummy interface on blowhole until I get a physical one
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-02 10:13:40 +01:00
Magic_RB ef04a738ab
Pin Nomad network interface on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-02-02 10:13:15 +01:00
main b1381511dd
Setup static IP support in dhcpd
Signed-off-by: main <magic_rb@redalder.org>
2022-12-21 23:19:13 +01:00
main 0756c15c56
Move bind directory to somewhere persistent
Fixs bind breaking on reboot, according to
https://github.com/NixOS/nixpkgs/issues/204391

Signed-off-by: main <magic_rb@redalder.org>
2022-12-18 23:48:43 +01:00
main 240d6de3e8
Unblock YouTube, I think I solved my addiction but I need it for music
Signed-off-by: main <magic_rb@redalder.org>
2022-12-18 23:26:18 +01:00
main 3e23308bf3
Fix Wireguard not being brought up after boot due to DNS failure
Signed-off-by: main <magic_rb@redalder.org>
2022-12-18 22:27:17 +01:00
main 2d3fe86f3f
Open port 80 on blowhole to vpn
Signed-off-by: main <magic_rb@redalder.org>
2022-12-07 23:01:44 +01:00
main 2f818f2963
Hopefully make the relmount happen on boot on blowhole
Signed-off-by: main <magic_rb@redalder.org>
2022-12-03 16:47:33 +01:00
main 6cb4ed2050
Enable sshdEmacs for blowhole
Signed-off-by: main <magic_rb@redalder.org>
2022-12-03 16:47:18 +01:00
main 4154559032
Fix GRUB installation
Signed-off-by: main <magic_rb@redalder.org>
2022-11-27 20:22:12 +01:00
main 51c3c162bc
Fix wireguard failing to start due to DNS being late
Signed-off-by: main <magic_rb@redalder.org>
2022-11-27 20:21:53 +01:00
main 8b700b61cc
Make sure everything evaluates and builds even without secrets
Signed-off-by: main <magic_rb@redalder.org>
2022-11-23 20:48:59 +01:00
Magic_RB dccb75934a
Get rid of containerd on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-10-30 15:45:41 +01:00
Magic_RB cf77bf433f
utillinux -> util-linux
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-10-30 15:28:04 +01:00
main 8f713ccc5b
Add PostgreSQL for Matrix
Signed-off-by: main <magic_rb@redalder.org>
2022-10-30 15:13:02 +01:00
main cc3eaff12f
Add database for home assistant
Signed-off-by: main <magic_rb@redalder.org>
2022-10-27 13:27:21 +02:00
main 60086123f3
Add Nomad-Docker Nix integration
Signed-off-by: main <magic_rb@redalder.org>
2022-10-27 13:23:08 +02:00
Magic_RB 6425857776
Setup acme.sh for Vault
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-10-11 07:55:42 +02:00
main e50e5b84df
Minor cleanup
Signed-off-by: main <magic_rb@redalder.org>
2022-10-07 22:05:56 +02:00
Magic_RB 50db004480
Nomad changes, reset and disabling of GPU
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-09-26 18:46:20 +02:00
Magic_RB 5ec1c33f60
DNS related networking changes
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-09-26 18:46:20 +02:00
Magic_RB 21c4058241
update NFS shares
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-09-26 18:46:20 +02:00
Magic_RB 3f835a36da
Block youtube.com
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-09-26 18:46:20 +02:00
Magic_RB cacd4ac151
Change DNS
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-09-17 11:55:51 +02:00
main caab60ee5b Modify ical2org to handle homework well
Signed-off-by: main <magic_rb@redalder.org>
2022-09-17 11:34:45 +02:00
Magic_RB 6616c4f9a2
NFS exports
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-08-27 23:21:15 +02:00
Magic_RB 180902ae52
Fork nixinate again and add secret override to the options
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-08-27 22:41:36 +02:00
Magic_RB 9cb7a01750
Fix a little DNS issue on blowhole
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-08-27 22:41:10 +02:00