sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2077 commits 1 branch 0 tags 3.4 MiB
Commit graph

180 commits

Author SHA1 Message Date
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
zowoq
770c3d9ed4 modules/nixos/remote-workers: use ssh-ng 2024-01-09 01:28:31 +00:00
zowoq
a740ae4da0 modules/nixos/hydra: copy /etc/nix/machines, use ssh 2024-01-09 01:28:31 +00:00
zowoq
33cd718b0e modules/shared/remote-builder: add ssh/ssh-ng wrapper 2024-01-09 01:28:31 +00:00
zowoq
911374bbea modules/nixos/common: use latest kernel 2024-01-07 11:17:11 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
Jörg Thalheim
e1e51ea3b5 remote-workers: enable kvm/nixos-test support on build04 2024-01-07 08:45:02 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
zowoq
8713cd3c58 build04: switch to new hardware 2024-01-04 09:09:13 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
a2629f2a37 modules/nixos/buildbot: update cachix 2023-12-24 07:16:59 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
38f5a5ac47 modules/shared/builder: add gc.gbFree option 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00
zowoq
134882a2b4 modules/darwin/common/reboot: add logs 2023-12-18 02:48:42 +00:00
zowoq
659ea8f2dd modules/nixos/common/security: drop fail2ban 2023-12-17 11:32:53 +00:00
Maximilian Bosch
b0e7287cc3 darwin/keys/ma27: update 2023-12-17 11:32:21 +00:00
zowoq
4143922c6b build02: switch to new hardware 2023-12-13 05:53:33 +00:00
sternenseemann
efbbb2035d darwin/community-builder: add user sternenseemann 
Please there is an angry mob of aarch64-darwin users in front of my
house that want me to fix aarch64-darwin Haskell issues.
 2023-12-12 13:18:25 +00:00
zowoq
aa20e930c6 modules/darwin/common/flake-inputs: fix inputs 2023-12-11 22:52:42 +00:00
zowoq
008c339c6b docs/community-builder: add note about darwin keys 2023-12-10 23:30:21 +00:00
zowoq
7d06814c71 rotate cachix token 2023-12-09 04:21:37 +00:00
zowoq
57f607814c modules/nixos/hydra: drop options 2023-12-09 00:16:00 +00:00
zowoq
18890baf28 modules/nixos/disko-raid: refactor imports 2023-12-09 00:16:00 +00:00
zowoq
c5315f3624 modules/nixos/zfs -> hosts/build02 
only used on this host
 2023-12-09 00:16:00 +00:00
zowoq
8c24b1494a modules/nixos/buildbot: use buildbot instead of buildbot-full 2023-12-08 11:46:25 +00:00
zowoq
f840f7ccc0 modules/nixos/buildbot: add prometheus 2023-12-08 11:46:25 +00:00
zowoq
6c1e5c3ade modules/nixos/hydra: pin package 2023-12-08 11:32:39 +00:00
zowoq
716454ff9d modules/nixos/hercules-ci: use auth token instead of signing key for cachix 2023-12-08 00:54:58 +00:00
Jörg Thalheim
b01aa3a7e2 monitoring: build03 -> build01 for smart errors 2023-12-04 08:20:28 +00:00
Jörg Thalheim
4c68367b89 build01: migrate to disko config 2023-12-04 08:20:28 +00:00
Ilan Joselevich
1a5337ccae darwin/community-builder: add kranzes 2023-12-04 03:18:26 +00:00
Jade Lovelace
2270ffe8d2 darwin/community-builder: add jade 2023-12-03 23:01:53 +00:00
zowoq
b01030c2f0 build03/postgresql: move from modules/hydra 
remove ensureDatabases as it isn't compatible with the hydra module
 2023-12-03 22:09:02 +00:00
zowoq
db839e2ce2 modules/nixos/github-org-backup: only exclude nix, nixpkgs 2023-12-03 22:07:36 +00:00
zowoq
3d12fbe26a modules/nixos/buildbot: increase evalWorkerCount to 16 2023-12-02 11:57:19 +00:00
zowoq
83f3142fd8 modules/nixos/buildbot: add Upholds 2023-12-02 07:26:29 +00:00
zowoq
b917a32aae build02: remove hercules 2023-12-02 03:37:48 +00:00
zowoq
92957ad208 modules/darwin/common: disable includeUninstaller 2023-11-27 03:49:14 +00:00
zowoq
42fb15140f modules/darwin/community-builder/users: re-enable forceRecreate 2023-11-25 01:52:13 +00:00
zowoq
7deb90df67 refactor buildbot, watch-store 2023-11-23 05:42:58 +00:00
zowoq
78a1f03f2e modules/nixos/hydra: remove secret 2023-11-23 05:25:48 +00:00
zowoq
e55dafbe9d modules/nixos/monitoring/grafana: ensurePermissions -> ensureDBOwnership 2023-11-20 00:24:48 +00:00
zowoq
5f03801844 remove web01 and lemmy 2023-11-19 22:44:53 +00:00
zowoq
2a72d56e9a refactor cachix secrets 
each of these are only used on single host so they don't need to be shared
 2023-11-16 21:29:45 +00:00
zowoq
5c7bab039b modules/nixos/monitoring/alert-rules: alert at 90% disk usage 2023-11-14 23:20:22 +00:00
zowoq
59a3df7098 modules/nixos/community-builder/users: make everyone trusted 2023-11-14 21:32:33 +00:00
Gaetan Lepage
948be209f2 modules/nixos/community-builder: add glepage user 2023-11-14 08:55:14 +00:00