Commit graph

48 commits

Author SHA1 Message Date
Jörg Thalheim
399f16d3fb cachix: restart on failure 2022-01-05 09:31:23 +01:00
Jörg Thalheim
1ba33b66fd telegraf: allow firewall again 2021-12-26 15:52:30 +01:00
Jörg Thalheim
095d3824b4 fix telegraf 2021-12-26 15:40:16 +01:00
Jörg Thalheim
018211dd23 hercules: also encrypt for build02 2021-12-26 08:58:06 +01:00
Jörg Thalheim
bd37717135 add raid profile 2021-12-26 07:44:39 +01:00
Jörg Thalheim
5bc6609701 telegraf: fix eval 2021-12-26 07:29:19 +01:00
Jörg Thalheim
ee392c8ef5 update telegraf 2021-12-26 07:18:31 +01:00
Jörg Thalheim
c3ad852d68 telegraf: replace mdraid script with builtin input 2021-12-26 07:03:03 +01:00
Jörg Thalheim
3bee12b3be don't restart deploy agent 2021-12-24 11:09:37 +01:00
Jörg Thalheim
f2707303ba cachix-deploy: add nix to the path 2021-12-24 11:03:08 +01:00
Jörg Thalheim
391d1a83d3 fix cachix deploy agent 2021-12-24 11:01:09 +01:00
Jörg Thalheim
0d8cd2eb09 cachix: override with unstable version 2021-12-24 10:51:23 +01:00
Jörg Thalheim
8fb62a6084 try to upgrade hercules 2021-12-24 08:18:51 +01:00
Jörg Thalheim
6b8924f2a1 hercules: add cachix deploy agent secrets 2021-12-24 07:42:09 +01:00
Jörg Thalheim
bc1339587a add cachix deploy 2021-12-23 20:39:49 +01:00
Jörg Thalheim
57a722e79d drop cachix niv source 2021-12-06 07:43:58 +01:00
zimbatm
a68e7ed9b3
deploy hercules-ci on build03 2021-11-11 23:08:28 +01:00
Jörg Thalheim
1d7887051b update nix-community-cache.yaml build build02 2021-10-24 01:09:08 +02:00
Jörg Thalheim
eefe2f63ab drop unused gitlab-runner 2021-10-24 01:02:23 +02:00
Jörg Thalheim
14cd3b3598 fix module evaluation 2021-09-29 19:53:32 +02:00
Jörg Thalheim
e40617c555 fixup key for build02 2021-09-29 19:43:42 +02:00
Jörg Thalheim
63f27cd249 add zimbatm's key and rencrypt all files 2021-09-29 19:03:27 +02:00
Jörg Thalheim
0c07216370 migrate to sops-nix 2021-09-25 22:35:55 +02:00
Jörg Thalheim
2ea7b93855 build01: install some packages for nixpkgs development 2021-08-26 23:24:44 +02:00
Jörg Thalheim
b74f24fc0e build01: clone-nixpkgs 2021-08-26 23:24:24 +02:00
Jörg Thalheim
211b0e53ee add build04 2021-08-18 00:05:21 +02:00
Jörg Thalheim
850b388f32 cachix-watch-store: switch to type notify 2021-08-15 07:43:08 +02:00
Jörg Thalheim
61e39d0f3f build03: beta test cachix fixes 2021-08-11 17:57:16 +02:00
Jörg Thalheim
c65de96b68 nix-community-cache: increase stop timeout 2021-07-17 07:01:54 +02:00
Jörg Thalheim
85c71163d0
use correct systemd property for nix-gc timeout 2021-06-25 08:18:57 +02:00
Jörg Thalheim
7ee386ef37
nix-community: increase timeout 2021-06-24 06:51:54 +02:00
Jörg Thalheim
c8ab60c209
fix eval 2021-06-08 11:10:16 +02:00
Jörg Thalheim
f35d4a3b58
zfs: switch to unstable 2021-06-08 10:51:33 +02:00
Jörg Thalheim
a37cd1f3dc
kexec: fix references 2021-05-11 16:57:29 +02:00
Jörg Thalheim
30faf7535a
termite: remove since it breaks the build
It's libvte build is broken.
Maybe re-add once this is fixed or find a different way to ship terminfo.
2021-05-09 08:33:14 +02:00
Jörg Thalheim
683a78abe9
build01: shutdown gitlab runner 2021-04-19 09:57:26 +02:00
Jörg Thalheim
34db098f5b
nix-community: allow cachix to finish uploads before stopping it
At the time of writing cachix is catching SIGINT and upload
remaining derivations before terminating.
2021-04-10 07:30:19 +02:00
Jörg Thalheim
9feee2a4c4
nix-community-cache: workaround race between nix-gc and cachix-watch-store 2021-04-09 10:19:36 +02:00
adisbladis
648f33bae1
Auto restart cachix-watch-store on failure
Currently if something fails to push Cachix crashes and exits but not restarting.
2021-03-30 05:37:58 +02:00
adisbladis
77bc7308c9
Migrate from queued-build-hook to cachix watch-store
We've had instability with the former, and it turns out Cachix has
gained some functionality that's better for our use case.
2021-03-29 19:39:37 +02:00
Jörg Thalheim
d8f2fa59ad
nix-community-cache: fix causes of warnings in the log 2021-03-29 09:49:02 +02:00
Jörg Thalheim
e7ee175b0d
Revert "work-around docker<-> networkd issue"
This reverts commit d271183727.
2021-03-25 22:11:32 +01:00
Jörg Thalheim
d271183727
work-around docker<-> networkd issue 2021-03-25 21:26:45 +01:00
Jörg Thalheim
0cc6cfe34b
simplify hetzner network do dhcp for v4 2021-03-24 18:28:27 +01:00
Jörg Thalheim
9f8273fd48
improve recovery documentation 2021-03-24 18:28:27 +01:00
zimbatm
94569f1ec3
fixup! roles/security: allow sudo without password ()
pam sudo is not needed by virtual of the passwordless sudo
2021-03-08 21:05:23 +01:00
Jonas Chevalier
ad6720bfda
roles/security: allow sudo without password ()
Encourage users to SSH as their own users. Wser accounts were not able
to `sudo` as they don't have a password associated to them.
2021-03-08 20:00:02 +00:00
Jonas Chevalier
37e48b712e
move things around a bit ()
* keep ./services for instances

./profiles is for config-only modules

./services are like profiles, but configure a single instance of a
service. Those are fronted by Nginx as the load-balancer and have a DNS
entry as well.

* ci: build build03 as well

* move hydra to services

* move matterbridge to services

* move marvin-mk2 to services

* build01: share the remainder profiles

* build02: use the nix-community-cache

* fixup kexec

* rename profiles to roles

* README: sync with reality
2021-03-07 16:28:44 +00:00