Jörg Thalheim
399f16d3fb
cachix: restart on failure
2022-01-05 09:31:23 +01:00
Jörg Thalheim
1ba33b66fd
telegraf: allow firewall again
2021-12-26 15:52:30 +01:00
Jörg Thalheim
095d3824b4
fix telegraf
2021-12-26 15:40:16 +01:00
Jörg Thalheim
018211dd23
hercules: also encrypt for build02
2021-12-26 08:58:06 +01:00
Jörg Thalheim
bd37717135
add raid profile
2021-12-26 07:44:39 +01:00
Jörg Thalheim
5bc6609701
telegraf: fix eval
2021-12-26 07:29:19 +01:00
Jörg Thalheim
ee392c8ef5
update telegraf
2021-12-26 07:18:31 +01:00
Jörg Thalheim
c3ad852d68
telegraf: replace mdraid script with builtin input
2021-12-26 07:03:03 +01:00
Jörg Thalheim
3bee12b3be
don't restart deploy agent
2021-12-24 11:09:37 +01:00
Jörg Thalheim
f2707303ba
cachix-deploy: add nix to the path
2021-12-24 11:03:08 +01:00
Jörg Thalheim
391d1a83d3
fix cachix deploy agent
2021-12-24 11:01:09 +01:00
Jörg Thalheim
0d8cd2eb09
cachix: override with unstable version
2021-12-24 10:51:23 +01:00
Jörg Thalheim
8fb62a6084
try to upgrade hercules
2021-12-24 08:18:51 +01:00
Jörg Thalheim
6b8924f2a1
hercules: add cachix deploy agent secrets
2021-12-24 07:42:09 +01:00
Jörg Thalheim
bc1339587a
add cachix deploy
2021-12-23 20:39:49 +01:00
Jörg Thalheim
57a722e79d
drop cachix niv source
2021-12-06 07:43:58 +01:00
zimbatm
a68e7ed9b3
deploy hercules-ci on build03
2021-11-11 23:08:28 +01:00
Jörg Thalheim
1d7887051b
update nix-community-cache.yaml build build02
2021-10-24 01:09:08 +02:00
Jörg Thalheim
eefe2f63ab
drop unused gitlab-runner
2021-10-24 01:02:23 +02:00
Jörg Thalheim
14cd3b3598
fix module evaluation
2021-09-29 19:53:32 +02:00
Jörg Thalheim
e40617c555
fixup key for build02
2021-09-29 19:43:42 +02:00
Jörg Thalheim
63f27cd249
add zimbatm's key and rencrypt all files
2021-09-29 19:03:27 +02:00
Jörg Thalheim
0c07216370
migrate to sops-nix
2021-09-25 22:35:55 +02:00
Jörg Thalheim
2ea7b93855
build01: install some packages for nixpkgs development
2021-08-26 23:24:44 +02:00
Jörg Thalheim
b74f24fc0e
build01: clone-nixpkgs
2021-08-26 23:24:24 +02:00
Jörg Thalheim
211b0e53ee
add build04
2021-08-18 00:05:21 +02:00
Jörg Thalheim
850b388f32
cachix-watch-store: switch to type notify
2021-08-15 07:43:08 +02:00
Jörg Thalheim
61e39d0f3f
build03: beta test cachix fixes
2021-08-11 17:57:16 +02:00
Jörg Thalheim
c65de96b68
nix-community-cache: increase stop timeout
2021-07-17 07:01:54 +02:00
Jörg Thalheim
85c71163d0
use correct systemd property for nix-gc timeout
2021-06-25 08:18:57 +02:00
Jörg Thalheim
7ee386ef37
nix-community: increase timeout
2021-06-24 06:51:54 +02:00
Jörg Thalheim
c8ab60c209
fix eval
2021-06-08 11:10:16 +02:00
Jörg Thalheim
f35d4a3b58
zfs: switch to unstable
2021-06-08 10:51:33 +02:00
Jörg Thalheim
a37cd1f3dc
kexec: fix references
2021-05-11 16:57:29 +02:00
Jörg Thalheim
30faf7535a
termite: remove since it breaks the build
...
It's libvte build is broken.
Maybe re-add once this is fixed or find a different way to ship terminfo.
2021-05-09 08:33:14 +02:00
Jörg Thalheim
683a78abe9
build01: shutdown gitlab runner
2021-04-19 09:57:26 +02:00
Jörg Thalheim
34db098f5b
nix-community: allow cachix to finish uploads before stopping it
...
At the time of writing cachix is catching SIGINT and upload
remaining derivations before terminating.
2021-04-10 07:30:19 +02:00
Jörg Thalheim
9feee2a4c4
nix-community-cache: workaround race between nix-gc and cachix-watch-store
2021-04-09 10:19:36 +02:00
adisbladis
648f33bae1
Auto restart cachix-watch-store on failure
...
Currently if something fails to push Cachix crashes and exits but not restarting.
2021-03-30 05:37:58 +02:00
adisbladis
77bc7308c9
Migrate from queued-build-hook
to cachix watch-store
...
We've had instability with the former, and it turns out Cachix has
gained some functionality that's better for our use case.
2021-03-29 19:39:37 +02:00
Jörg Thalheim
d8f2fa59ad
nix-community-cache: fix causes of warnings in the log
2021-03-29 09:49:02 +02:00
Jörg Thalheim
e7ee175b0d
Revert "work-around docker<-> networkd issue"
...
This reverts commit d271183727
.
2021-03-25 22:11:32 +01:00
Jörg Thalheim
d271183727
work-around docker<-> networkd issue
2021-03-25 21:26:45 +01:00
Jörg Thalheim
0cc6cfe34b
simplify hetzner network do dhcp for v4
2021-03-24 18:28:27 +01:00
Jörg Thalheim
9f8273fd48
improve recovery documentation
2021-03-24 18:28:27 +01:00
zimbatm
94569f1ec3
fixup! roles/security: allow sudo without password ( #63 )
...
pam sudo is not needed by virtual of the passwordless sudo
2021-03-08 21:05:23 +01:00
Jonas Chevalier
ad6720bfda
roles/security: allow sudo without password ( #63 )
...
Encourage users to SSH as their own users. Wser accounts were not able
to `sudo` as they don't have a password associated to them.
2021-03-08 20:00:02 +00:00
Jonas Chevalier
37e48b712e
move things around a bit ( #61 )
...
* keep ./services for instances
./profiles is for config-only modules
./services are like profiles, but configure a single instance of a
service. Those are fronted by Nginx as the load-balancer and have a DNS
entry as well.
* ci: build build03 as well
* move hydra to services
* move matterbridge to services
* move marvin-mk2 to services
* build01: share the remainder profiles
* build02: use the nix-community-cache
* fixup kexec
* rename profiles to roles
* README: sync with reality
2021-03-07 16:28:44 +00:00