sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2819 commits 1 branch 0 tags 3.4 MiB
Commit graph

491 commits

Author SHA1 Message Date
matthewcroughan
7e0f467660 modules/*/community-builder: add user matthewcroughan 2024-02-24 15:57:41 +00:00
zowoq
9e026e0366 modules/nixos/monitoring: add ofborg prometheus and eval queue alert 2024-02-04 10:51:26 +00:00
zowoq
6a302a08cb modules/nixos/hydra: set localhost supportedFeatures from host configuration 2024-01-28 17:17:02 +00:00
zowoq
635224ff57 modules/nixos/remote-workers: set supportedFeatures from host configuration 2024-01-28 17:17:02 +00:00
zowoq
ce979d7349 modules/darwin/common: only allow ssh_host_ed25519_key 
81dd4e0557
we do the same for nixos
 2024-01-25 21:50:15 +00:00
zowoq
881f8334b5 modules/nixos/hydra: update allowed-uris 2024-01-25 03:32:56 +00:00
zowoq
6cc4b2a2c0 Revert "modules/nixos/hydra: pin package" 
This reverts commit 6c1e5c3ade.
 2024-01-25 03:32:56 +00:00
zowoq
5cb6b93100 modules/*/reboot: reduce window from 6 to 3 hours 2024-01-25 02:44:52 +00:00
zowoq
50fa6f0686 modules/nixos/monitoring/prometheus: set retention time to 30 days 
default is 15 days
 2024-01-23 22:56:05 +00:00
zowoq
c03246f531 add wants to services using network-online.target 
c2853e2588
 2024-01-22 03:39:59 +00:00
Matthieu Coudron
b8349ad5b0 modules/*/community-builder: add user teto 2024-01-21 22:58:42 +00:00
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
zowoq
770c3d9ed4 modules/nixos/remote-workers: use ssh-ng 2024-01-09 01:28:31 +00:00
zowoq
a740ae4da0 modules/nixos/hydra: copy /etc/nix/machines, use ssh 2024-01-09 01:28:31 +00:00
zowoq
33cd718b0e modules/shared/remote-builder: add ssh/ssh-ng wrapper 2024-01-09 01:28:31 +00:00
zowoq
911374bbea modules/nixos/common: use latest kernel 2024-01-07 11:17:11 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
Jörg Thalheim
e1e51ea3b5 remote-workers: enable kvm/nixos-test support on build04 2024-01-07 08:45:02 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
zowoq
8713cd3c58 build04: switch to new hardware 2024-01-04 09:09:13 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
a2629f2a37 modules/nixos/buildbot: update cachix 2023-12-24 07:16:59 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
38f5a5ac47 modules/shared/builder: add gc.gbFree option 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00
zowoq
134882a2b4 modules/darwin/common/reboot: add logs 2023-12-18 02:48:42 +00:00
zowoq
659ea8f2dd modules/nixos/common/security: drop fail2ban 2023-12-17 11:32:53 +00:00
Maximilian Bosch
b0e7287cc3 darwin/keys/ma27: update 2023-12-17 11:32:21 +00:00
zowoq
4143922c6b build02: switch to new hardware 2023-12-13 05:53:33 +00:00
sternenseemann
efbbb2035d darwin/community-builder: add user sternenseemann 
Please there is an angry mob of aarch64-darwin users in front of my
house that want me to fix aarch64-darwin Haskell issues.
 2023-12-12 13:18:25 +00:00
zowoq
aa20e930c6 modules/darwin/common/flake-inputs: fix inputs 2023-12-11 22:52:42 +00:00
zowoq
008c339c6b docs/community-builder: add note about darwin keys 2023-12-10 23:30:21 +00:00
zowoq
7d06814c71 rotate cachix token 2023-12-09 04:21:37 +00:00
zowoq
57f607814c modules/nixos/hydra: drop options 2023-12-09 00:16:00 +00:00
zowoq
18890baf28 modules/nixos/disko-raid: refactor imports 2023-12-09 00:16:00 +00:00
zowoq
c5315f3624 modules/nixos/zfs -> hosts/build02 
only used on this host
 2023-12-09 00:16:00 +00:00
zowoq
8c24b1494a modules/nixos/buildbot: use buildbot instead of buildbot-full 2023-12-08 11:46:25 +00:00
zowoq
f840f7ccc0 modules/nixos/buildbot: add prometheus 2023-12-08 11:46:25 +00:00
zowoq
6c1e5c3ade modules/nixos/hydra: pin package 2023-12-08 11:32:39 +00:00
zowoq
716454ff9d modules/nixos/hercules-ci: use auth token instead of signing key for cachix 2023-12-08 00:54:58 +00:00
Jörg Thalheim
b01aa3a7e2 monitoring: build03 -> build01 for smart errors 2023-12-04 08:20:28 +00:00
Jörg Thalheim
4c68367b89 build01: migrate to disko config 2023-12-04 08:20:28 +00:00
Ilan Joselevich
1a5337ccae darwin/community-builder: add kranzes 2023-12-04 03:18:26 +00:00
Jade Lovelace
2270ffe8d2 darwin/community-builder: add jade 2023-12-03 23:01:53 +00:00
zowoq
b01030c2f0 build03/postgresql: move from modules/hydra 
remove ensureDatabases as it isn't compatible with the hydra module
 2023-12-03 22:09:02 +00:00
zowoq
db839e2ce2 modules/nixos/github-org-backup: only exclude nix, nixpkgs 2023-12-03 22:07:36 +00:00
zowoq
3d12fbe26a modules/nixos/buildbot: increase evalWorkerCount to 16 2023-12-02 11:57:19 +00:00
zowoq
83f3142fd8 modules/nixos/buildbot: add Upholds 2023-12-02 07:26:29 +00:00