sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2176 commits 1 branch 0 tags 3.4 MiB
Commit graph

214 commits

Author SHA1 Message Date
Ember 'n0emis' Keske
f98bd5644a darwin/community-builder: add user ember 2024-03-28 02:44:19 +00:00
Pablo Ovelleiro Corral
a53d7c7414 Add pinpox key to darwin 2024-03-27 22:43:17 +00:00
Pablo Ovelleiro Corral
006213a749 Add pinpox 2024-03-27 22:43:17 +00:00
jopejoe1
c47efd57da darwin/community-builder: jopejoe1 update ssh key 2024-03-27 22:41:02 +00:00
zowoq
b7d0c7a4c5 modules/nixos/monitoring: remove grafana 2024-03-22 23:35:57 +00:00
zowoq
6bdb32d87d modules/nixos/monitoring/alert-rules: add comin 2024-03-22 06:10:00 +00:00
zowoq
2999dc1192 modules/nixos/common/comin: add telegraf 2024-03-22 06:10:00 +00:00
binarycat
35c460928a nixos/community-builder: add binarycat 2024-03-22 01:54:14 +00:00
zowoq
7b83b7e285 modules/nixos: add comin 2024-03-22 01:01:57 +00:00
zowoq
36125d58aa modules/nixos/disko-raid: add option for filesystem type 2024-03-16 23:41:14 +00:00
annalee
c0263ecb84 darwin/community-builder: add user annalee 2024-03-16 07:51:44 +00:00
zowoq
2d3f246125 modules/nixos/monitoring: ofborg: telegraf -> prometheus 
scraping this target with telegraf isn't working since 1.30.0
 2024-03-14 23:52:55 +00:00
zowoq
6987a1b9de modules/shared: add known-hosts 2024-03-09 23:40:07 +00:00
zowoq
9fe39f8ba2 modules/shared/remote-builder: add option to use different keys for the builders 2024-03-09 22:41:11 +00:00
zowoq
a49acde26b build03: move current builders under host 2024-03-09 22:41:11 +00:00
zowoq
252fca47eb switch back to nixpkgs hercules ci agent 2024-03-08 09:51:00 +00:00
zowoq
06633fbc5a modules/darwin/common: switch back to default 50gb gc 2024-03-08 08:01:24 +00:00
zowoq
1ff767bded darwin01: init 2024-03-08 07:38:14 +00:00
a-kenji
52b02a7824 darwin/community-builder: add user kenji 2024-03-07 16:11:31 +00:00
Puck Meerburg
1450ec832f darwin/community-builder: add user puckipedia 2024-03-07 14:52:57 +00:00
jopejoe1
a6c946dfdb darwin/community-builder: add user jopejoe1 2024-03-06 23:42:43 +00:00
zimbatm
8603c1d570 darwin: disable netbios on activation 
We have received a notification from the German Federal Office for
Information Security (BSI) about our NetBIOS being enabled, and it
potentially being used for DDoS reflection attacks.
 2024-03-06 11:50:51 +00:00
pennae
b6564a5b90 darwin/community-builder: add pennae 2024-03-01 23:00:42 +00:00
matthewcroughan
7e0f467660 modules/*/community-builder: add user matthewcroughan 2024-02-24 15:57:41 +00:00
zowoq
9e026e0366 modules/nixos/monitoring: add ofborg prometheus and eval queue alert 2024-02-04 10:51:26 +00:00
zowoq
6a302a08cb modules/nixos/hydra: set localhost supportedFeatures from host configuration 2024-01-28 17:17:02 +00:00
zowoq
635224ff57 modules/nixos/remote-workers: set supportedFeatures from host configuration 2024-01-28 17:17:02 +00:00
zowoq
ce979d7349 modules/darwin/common: only allow ssh_host_ed25519_key 
81dd4e0557
we do the same for nixos
 2024-01-25 21:50:15 +00:00
zowoq
881f8334b5 modules/nixos/hydra: update allowed-uris 2024-01-25 03:32:56 +00:00
zowoq
6cc4b2a2c0 Revert "modules/nixos/hydra: pin package" 
This reverts commit 6c1e5c3ade.
 2024-01-25 03:32:56 +00:00
zowoq
5cb6b93100 modules/*/reboot: reduce window from 6 to 3 hours 2024-01-25 02:44:52 +00:00
zowoq
50fa6f0686 modules/nixos/monitoring/prometheus: set retention time to 30 days 
default is 15 days
 2024-01-23 22:56:05 +00:00
zowoq
c03246f531 add wants to services using network-online.target 
c2853e2588
 2024-01-22 03:39:59 +00:00
Matthieu Coudron
b8349ad5b0 modules/*/community-builder: add user teto 2024-01-21 22:58:42 +00:00
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
zowoq
770c3d9ed4 modules/nixos/remote-workers: use ssh-ng 2024-01-09 01:28:31 +00:00
zowoq
a740ae4da0 modules/nixos/hydra: copy /etc/nix/machines, use ssh 2024-01-09 01:28:31 +00:00
zowoq
33cd718b0e modules/shared/remote-builder: add ssh/ssh-ng wrapper 2024-01-09 01:28:31 +00:00
zowoq
911374bbea modules/nixos/common: use latest kernel 2024-01-07 11:17:11 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
Jörg Thalheim
e1e51ea3b5 remote-workers: enable kvm/nixos-test support on build04 2024-01-07 08:45:02 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
zowoq
8713cd3c58 build04: switch to new hardware 2024-01-04 09:09:13 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
a2629f2a37 modules/nixos/buildbot: update cachix 2023-12-24 07:16:59 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
38f5a5ac47 modules/shared/builder: add gc.gbFree option 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00