Commit graph

468 commits

Author SHA1 Message Date
Max
b5e4aeb266 cluster/services/forge: prepare for ascension 2024-06-04 19:54:44 +02:00
Max
82f34e96f2 cluster/services/matrix: use DNS01 challenge for cinny cert 2024-06-01 22:01:48 +02:00
Max
4e7c83361b cluster/services/websites: host hyprspace docs 2024-06-01 21:36:39 +02:00
Max
3a61f93b5b cluster/services/matrix: host static resources redundantly 2024-05-29 10:17:49 +02:00
Max
c4ee4559f6 cluster/services/hercules-ci-multi-agent: add hyprspace org 2024-05-24 22:51:57 +02:00
Max
e4b2eae2c3 cluster/services/monitoring: keep grafana running 2024-05-17 19:29:05 +02:00
Max
c445867b16 cluster/services/dns: use new hyprspace dns server address 2024-05-17 14:12:01 +02:00
Max
a7ae49128e VEGAS/vault, cluster/services/vault: drop 2024-05-17 14:08:40 +02:00
Max
5c67cc7880 cluster/services/search: use tor 2024-04-30 03:10:33 +02:00
Max
eccf23ce9e cluster/services/tor: init 2024-04-30 02:34:51 +02:00
Max
e36260c449 cluster/services/attic: doh 2024-04-25 02:14:08 +02:00
Max
9ae4ed5ce9 cluster/services/attic: also use the garage bucket for the binary cache 2024-04-21 23:43:28 +02:00
Max
964ab05fad cluster/services/nginx: enable proxyResolveWhileRunning 2024-04-21 23:41:13 +02:00
Max
c26db970ac cluster/services/storage: host garage web endpoint 2024-04-21 23:40:21 +02:00
Max
45af3167b2 cluster/services/hercules-ci-multi-agent: use garage 2024-04-19 18:26:35 +02:00
Max
dc7f39c905 Revert "cluster/services/attic: auto-restart atticd"
This reverts commit 6a51b09f8c.
Done upstream now.
2024-02-22 11:26:22 +01:00
Max
6a51b09f8c cluster/services/attic: auto-restart atticd 2024-02-12 22:49:51 +01:00
Max
40a3521bc1 cluster/services/meet: don't use SCTP datachannel 2024-01-27 09:27:06 +01:00
Max
5a519d3a48 cluster/services/certificates: setfacl on current directory 2023-12-31 04:02:51 +01:00
Max
30e926a654 cluster/services/dns: don't rewrite NS and SOA requests 2023-12-30 14:12:38 +01:00
Max
400664edf8 cluster/services/idm: enable sudo auth with pam_rssh 2023-12-06 01:01:09 +01:00
Max
42e2fb5af6 cluster/services/soda: add internal dns record 2023-12-05 23:25:57 +01:00
Max
82bf6c028a cluster/services/nextcloud: nextcloud26 -> nextcloud27 2023-12-05 22:55:07 +01:00
Max
7972c40a4d cluster/services/idm: remove backported pam module 2023-12-05 22:42:25 +01:00
Max
0943c410c3 cluster: switch to exec dns01 provider 2023-12-04 23:33:20 +01:00
Max
bfd7a4214c cluster/services/acme-client: switch to acme-dns with custom script 2023-12-04 23:33:20 +01:00
Max
3231b65a26 cluster/services/cdn-shield: init 2023-12-04 23:33:20 +01:00
Max
0fef0fca66 cluster/services/n8n: init 2023-12-04 23:33:20 +01:00
Max
779429c289 cluster/services/gitlab: init 2023-12-04 23:33:20 +01:00
Max
2a49d440f7 cluster/services/vault: init 2023-12-04 23:33:20 +01:00
Max
f1e68e7e28 cluster/services/reflex: init 2023-12-04 23:33:20 +01:00
Max
195fe56279 cluster/services/bitwarden: init 2023-12-04 23:33:20 +01:00
Max
5150894720 cluster/services/ipfs: more dns records 2023-12-04 23:33:20 +01:00
Max
bde04dac87 cluster/services/websites: add dns records for old sites 2023-12-04 23:33:20 +01:00
Max
0a6755dac5 cluster/services/sso: init 2023-12-04 23:33:20 +01:00
Max
9abd4b6c0a cluster/services/attic: add dns records 2023-12-04 23:33:20 +01:00
Max
6d22f7bdb7 cluster/services/meet: add dns records 2023-12-04 23:33:20 +01:00
Max
001f6cd078 cluster/services/fbi: init 2023-12-04 23:33:20 +01:00
Max
e961260700 cluster/services/object-storage: add dns records 2023-12-04 23:33:20 +01:00
Max
38d8894676 cluster/services/nextcloud: add dns records 2023-12-04 23:33:20 +01:00
Max
bbaf0b0c14 cluster/services/soda: add dns records 2023-12-04 23:33:20 +01:00
Max
cb8744b99a cluster/services/matrix: add dns records 2023-12-04 23:33:20 +01:00
Max
38d22c1964 cluster/services/warehouse: add dns records 2023-12-04 23:33:20 +01:00
Max
4aadf0c482 cluster/services/forge: add dns records 2023-12-04 23:33:20 +01:00
Max
7d7714db4c cluster/services/search: add dns records 2023-12-04 23:33:20 +01:00
Max
b24f73bc4b cluster/services/idm: add dns records 2023-12-04 23:33:20 +01:00
Max
93ceb5c0ea cluster/services/websites: add top-level dns record 2023-12-04 23:33:20 +01:00
Max
eae6934b92 cluster/services/dns: add nameserver records 2023-12-04 23:33:20 +01:00
Max
afb95e1d3b cluster/services/mail: init 2023-12-04 23:33:20 +01:00
Max
a09b8ff7c5 cluster/services/dns: create dns records for machines 2023-12-04 23:33:20 +01:00
Max
2a9fdfa4f9 cluster/services/dns: switch to acme-dns, host static records 2023-12-04 23:33:20 +01:00
Max
eaa4bdb449 cluster/services/dns: support TXT records 2023-12-04 23:28:02 +01:00
Max
b485a93df4 cluster/services/storage: use consul catalog api for garage discovery 2023-12-02 13:40:51 +01:00
Max
1554d59c7d cluster/services/nextcloud: remove enableBrokenCiphersForSSE 2023-12-02 02:48:44 +01:00
Max
f973ca2084 cluster/services/storage: mkForce garage's StateDirectory 2023-12-02 01:06:20 +01:00
Max
79b6798fe6 cluster/services/attic: enable garbage collection 2023-12-02 00:18:10 +01:00
Max
9c9c8d250d Revert "cluster/services/attic: use DynamicUser"
This reverts commit 2a75c2ae02.
2023-12-02 00:10:58 +01:00
Max
02ea8d50c7 cluster/services/attic: wait for postgresql 2023-12-01 23:22:01 +01:00
Max
2a75c2ae02 cluster/services/attic: use DynamicUser 2023-12-01 23:21:36 +01:00
Max
03e802bcab cluster/services/ipfs: give ipfs-cluster more time to start 2023-12-01 23:12:42 +01:00
Max
993cb7f967 cluster/services/hercules-ci-multi-agent: disable AWS IMDS lookups
so this was the reason hci has been so fucking slow substituting things

fuck you, jeff
2023-12-01 18:28:34 +01:00
Max
4b34be5916 packages/cachix: init with patch 2023-12-01 17:45:27 +01:00
Max
24722bf586 cluster/services/hercules-ci-multi-agent: move agent processes to builder.slice 2023-12-01 01:05:55 +01:00
Max
ff4e3af21e cluster/services/patroni: move one worker from prophet to grail 2023-12-01 00:25:13 +01:00
Max
9227c66448 cluster/services/storage: increase garage upload size limit 2023-11-11 20:01:02 +01:00
Max
4c25e003b7 cluster/services/storage: monitor garage with blackbox 2023-11-09 21:42:13 +01:00
Max
0ce00ad1dc cluster/services/monitoring: move tempo to s3 2023-11-08 23:10:10 +01:00
Max
bbfdd6440c cluster/services/monitoring: enable env var resolution in loki config 2023-11-08 19:55:19 +01:00
Max
ee8750f748 cluster/services/monitoring: prepare loki for s3 2023-11-07 22:22:24 +01:00
Max
f88749fd95 cluster/services/monitoring: create buckets for loki and tempo 2023-11-06 20:53:20 +01:00
Max
2d1d8c5370 cluster/services/storage: disable-expect100 2023-11-05 01:11:17 +01:00
Max
a087445358 cluster/services/monitoring: move one blackbox agent from VEGAS to grail 2023-11-05 00:12:19 +01:00
Max
d6fe67c14e cluster/services/storage: use external s3 endpoint for remote storage 2023-11-04 23:36:19 +01:00
Max
b332dc4a4e cluster/services/storage: scrape metrics from garage 2023-11-04 20:12:11 +01:00
Max
eefc380890 cluster/services/dns: trace coredns 2023-11-04 03:59:27 +01:00
Max
83b9ed9c09 cluster/services/monitoring: fix tempo, add zipkin endpoint 2023-11-04 03:59:17 +01:00
Max
3c7cb33820 cluster/services/monitoring: make tempo-grpc listen on localhost 2023-11-04 03:22:20 +01:00
Max
da9c1cca67 cluster/services/storage: rotate storage auth for prophet 2023-11-04 02:09:22 +01:00
Max
eb69940c8f cluster/services/attic: rotate s3 credentials 2023-11-04 02:08:07 +01:00
Max
2aed1f4df2 cluster/services/storage: add grail to garage cluster 2023-11-04 02:07:29 +01:00
Max
84644cfbf6 cluster/services/monitoring: enable monitoring on grail 2023-11-04 01:24:34 +01:00
Max
df1b0e1850 cluster/services/certificates: allow grail to use the internal wildcard cert 2023-11-04 01:18:50 +01:00
Max
491666c17a cluster/services/consul: add grail 2023-11-04 01:17:59 +01:00
Max
20991ec5d8 cluster/services/acme-dns-client: add grail 2023-11-04 01:17:59 +01:00
Max
55c0b848a6 cluster/services/nginx: add grail 2023-11-04 01:17:59 +01:00
Max
6cb9c5a9f3 cluster/services/dns: add grail to clients 2023-11-04 01:17:59 +01:00
Max
5200dab0eb cluster/services/cachix-deploy-agent: add grail 2023-11-04 01:17:59 +01:00
Max
2c01ab818a cluster/services/idm: add grail to clients 2023-11-04 00:47:04 +01:00
Max
125732e03a cluster/services/wireguard: add grail to mesh 2023-11-04 00:47:04 +01:00
Max
0752d1e1d8 cluster/services/storage: don't explicitly set port in s3 endpoint url 2023-11-03 22:09:45 +01:00
Max
971d53e9ea cluster/services/attic: use external garage endpoint 2023-11-03 21:46:40 +01:00
Max
fdf3980e3f cluster/services/storage: use cluster link 2023-11-03 21:45:36 +01:00
Max
e1c4f0e9ec cluster/services/storage: use the actual health endpoint 2023-11-03 21:33:46 +01:00
Max
6a2299e049 cluster/services/storage: fix garage gateway proxy config 2023-11-03 21:17:54 +01:00
Max
4f49aad9dd cluster/services/storage: split garage config for tests 2023-11-03 20:57:35 +01:00
Max
8f8c2bc0ce cluster/services/storage: garage health endpoint does not like HEAD 2023-11-03 20:47:34 +01:00
Max
024dcc78b0 cluster/services/storage: expose garage 2023-11-03 20:40:34 +01:00
Max
13d1dd572f cluster/services/consul: add dns records 2023-11-03 01:58:32 +01:00
Max
07544555c7 cluster/services/ipfs: simplify regex 2023-11-02 23:59:02 +01:00
Max
b60a1cd5a2 cluster/services/dns: fix regex handling 2023-11-02 23:58:49 +01:00
Max
2bdb62b255 cluster/services/ipfs: use regex rewrite type 2023-11-02 23:56:38 +01:00
Max
b2c9676a49 cluster/services/websites: rewrite.target -> consulService 2023-11-02 23:55:33 +01:00
Max
e3b6d66991 cluster/services/dns: fix typo 2023-11-02 23:55:10 +01:00
Max
d65fb75f78 cluster/services/websites: add dns records 2023-11-02 23:50:27 +01:00
Max
5284c0f6d5 cluster/services/irc: add dns records 2023-11-02 23:45:34 +01:00
Max
58f60eef45 cluster/services/ipfs: add dns records 2023-11-02 23:43:58 +01:00
Max
88754861db cluster/services/dns: support alternative rewrite types in declarative dns 2023-11-02 23:42:59 +01:00
Max
7ff75a72f5 cluster/services/dns: add dns records 2023-11-02 23:21:22 +01:00
Max
b217be06d5 cluster/services/monitoring: add dns records 2023-11-02 23:15:09 +01:00
Max
6102a4ccca cluster/services/dns: implement basic declarative dns 2023-11-02 23:11:13 +01:00
Max
b24e82be3f cluster/services/storage: add grep to runGarage 2023-11-02 19:53:07 +01:00
Max
db416ab9e2 cluster/services/storage: remove broken incantation 2023-11-02 19:50:10 +01:00
Max
b2e30146d9 cluster/services/storage: remove checkmate from garage cluster 2023-11-02 19:13:34 +01:00
Max
7c3ee49b82 cluster/services/storage: limit garage memory usage on low-memory nodes 2023-11-02 03:37:11 +01:00
Max
10c5d853d7 cluster/services/storage: move prophet storage to S3 2023-11-02 03:22:28 +01:00
Max
25f3b2da0a cluster/services/storage: fix config for heresy 2023-11-02 03:21:57 +01:00
Max
4d0d1d2254 cluster/services/attic: move to garage 2023-10-31 22:19:08 +01:00
Max
9edfe4f2de cluster/services/storage: allow configuring garage buckets and keys through cluster options 2023-10-31 18:41:40 +01:00
Max
cec2fc0bc1 cluster/services/storage: serviceConfig.RequiresMountsFor -> unitConfig.RequiresMountsFor 2023-10-31 15:37:15 +01:00
Max
f4779a8512 cluster/services/storage: declarative garage keys and buckets 2023-10-30 23:06:06 +01:00
Max
7eb3eea599 cluster/services/storage: externalize garage layout implementation 2023-10-30 23:06:06 +01:00
Max
1b3a990866 cluster/services/storage: add garage 2023-10-30 23:06:06 +01:00
Max
c877404caf cluster/services/idm: fix infra-admins policy tmpfiles rules 2023-10-30 01:57:03 +01:00
Max
4f31e37014 cluster/services/idm: wait for nscd before starting idm-nss-ready 2023-10-30 01:40:43 +01:00
Max
f6813d933d cluster/services/hercules-ci-multi-agent: remove some hardening options that break effects 2023-10-29 15:22:56 +01:00
Max
7916856d92 cluster/services/ipfs: update config, host routing API endpoint 2023-10-27 19:22:39 +02:00
Max
451da5558a cluster/services/hercules-ci-multi-agent: set home directory 2023-10-26 02:14:31 +02:00
Max
55d19314a9 cluster/services/hercules-ci-multi-agent: use hercules-ci-agent package from flake 2023-10-26 02:14:20 +02:00
Max
2335305284 cluster/services/hercules-ci-multi-agent: use kranzes' refactored modules 2023-10-26 01:35:31 +02:00
Max
cf807b7b61 cluster/services/dns: expose hyprspace namespace on coredns 2023-10-24 23:41:34 +02:00
Max
542d7e95f8 cluster/services/consul: host remote API on vstub 2023-10-24 23:41:06 +02:00
Max
402f25ccc5 cluster/services/idm: fix stdout buffering for idm-nss-ready 2023-10-22 13:50:22 +02:00
Gerg-L
31260502a8
massive improvements 2023-09-19 10:19:27 -04:00
Max
163f111a81 cluster/services/meet: remove blackbox check 2023-09-04 16:39:54 +02:00
Max
ae48e4807a treewide: massive refactor 2023-09-03 01:11:49 +02:00
Max
6a4b07f036 cluster/services/warehouse: workaround for ffmpeg config bug 2023-08-29 00:23:47 +02:00
Max
9245b0909e cluster/services/warehouse: move from VEGAS 2023-08-28 23:30:00 +02:00
Max
f423f868c5 cluster/services/monitoring: grafana: use distributed service 2023-08-27 16:26:17 +02:00
Max
f71774102e cluster/services/patroni: use our postgresql 2023-08-23 21:48:04 +02:00
Max
a79b829da5 cluster/services/ipfs: use strictMounts 2023-08-23 17:04:01 +02:00
Max
e40a40dc93 cluster/services/monitoring: use default dataDir for Grafana 2023-08-23 01:01:12 +02:00
Max
53d283c918 cluster/services/patroni: set external waldir 2023-08-23 00:59:53 +02:00
Max
2705e5835a cluster/services/ipfs: set RequiresMountsFor 2023-08-23 00:58:36 +02:00
Max
3ca29def33 cluster/services/storage: mount external storage on prophet 2023-08-23 00:57:35 +02:00
Max
365e4c69c9 cluster/services/storage: mount heresy via external-storage 2023-08-23 00:56:27 +02:00
Max
8ddc79bf5b cluster/services/monitoring: make grafana-ha more resilient to weird failures 2023-08-21 19:19:23 +02:00
Max
3742dd45fb cluster/services/forge: init 2023-07-24 00:52:14 +02:00
Max
d84dc11af7 cluster/services/hercules-ci-multi-agent: provide cachix deploy token 2023-07-23 14:00:41 +02:00
Max
664b92203d cluster/services/cachix-deploy-agent: init 2023-07-23 14:00:41 +02:00
Max
44143ff07f cluster/services/storage: init 2023-07-09 15:39:54 +02:00
Max
d751a0f16f cluster/services/attic: increase max upload size to 4GB 2023-06-16 17:27:40 +02:00
Max
2aeb766afb VEGAS/nix: move to cluster/services/attic and adapt for migration 2023-06-16 17:20:57 +02:00
Max
116d257fc4 cluster/services/attic: make dataDir writable 2023-06-14 02:10:29 +02:00
Max
bf88c4720b cluster/services/attic: init 2023-06-13 23:28:14 +02:00
Max
a49766e75a cluster/services/idm: allow infra admins to read systemd journal 2023-06-12 23:44:46 +02:00
Max
9ec0faeea2 cluster/services/idm: implement helpers for IDM NSS 2023-06-12 23:44:22 +02:00
Max
38d40c2abe cluster/services/nextcloud: nextcloud25 -> nextcloud26 2023-06-12 20:56:42 +02:00
Max
bd771be6ee cluster/services/monitoring: fix tempo querier frontend address 2023-06-12 20:56:42 +02:00
Max
af6259a8e4 cluster/services/idm: enable LDAP 2023-06-12 20:56:42 +02:00
Max
640eb9df23 cluster/services/irc: switch to kanidm for verification 2023-06-12 20:56:42 +02:00
Max
a9801c3308 cluster/services/idm: add policy for soda 2023-06-12 20:56:42 +02:00
Max
6dcdf7aeaa cluster/services/idm: include soda 2023-06-12 20:56:42 +02:00
Max
3f7667aa2a cluster/services/idm: enable unixd 2023-06-12 20:56:42 +02:00
Max
44d874c5c6 cluster/services/idm: init 2023-06-12 20:56:42 +02:00
Max
a6d0b92a54 cluster/services/certificates: give kanidm access to internal cert 2023-06-09 19:01:44 +02:00
Max
bd94d0d868 cluster/services/monitoring: auto-restart grafana 2023-06-09 18:14:33 +02:00
Max
5f097c6b6b cluster/services/dns: OIDC_OAUTH_SERVER_METADATA_URL -> OIDC_OAUTH_METADATA_URL 2023-06-06 17:11:54 +02:00
Max
7c557e98f7 prophet/meet: use colibriRestApi 2023-06-06 17:11:54 +02:00
Max
34097c81f1 cluster/services/soda: init with check 2023-06-05 23:22:24 +02:00
Max
642399088c cluster/services/monitoring: add blackbox sshConnect module 2023-06-05 23:17:56 +02:00
Max
81e9274c77 cluster/services/ipfs: add blackbox check for gateway 2023-06-05 22:34:20 +02:00
Max
d0ebfa278a cluster/services/matrix: migrate from VEGAS/matrix, add blackbox check 2023-06-05 22:00:03 +02:00
Max
9075ef05cd cluster/services/meet: migrate from prophet/meet, add blackbox check 2023-06-05 21:02:53 +02:00
Max
bc35407987 cluster/services/monitoring: fix grafana frontend check 2023-06-05 21:02:53 +02:00
Max
4610811a48 cluster/services/consul: fix remote api frontend check 2023-06-05 21:02:53 +02:00
Max
d5492689c4 cluster/services/ipfs: fix gateway frontend check 2023-06-05 21:02:53 +02:00
Max
d6caf48aed cluster/services/object-storage: migrate from VEGAS/object-storage, add blackbox check 2023-06-05 01:26:43 +02:00
Max
c4e437578c cluster/services/nextcloud: migrate from VEGAS/nextcloud, add blackbox check 2023-06-05 01:21:21 +02:00
Max
ae62e395a5 cluster/services/monitoring: add blackbox nextcloudStatus module 2023-06-05 01:14:45 +02:00
Max
b4b3899c5b cluster/services/search: migrate from VEGAS/searxng, add blackbox check 2023-06-05 00:58:43 +02:00
Max
72f8a047e9 cluster/services/irc: fix monitoring target 2023-06-05 00:17:46 +02:00
Max
1389d46d5c cluster/services/irc: monitor with blackbox 2023-06-05 00:02:37 +02:00
Max
d274edbb2d cluster/services/monitoring: add blackbox ircConnect module 2023-06-04 23:56:54 +02:00
Max
ad0a3f8cc2 cluster/services/websites: refactor and register blackbox check 2023-06-04 23:29:13 +02:00
Max
7f9742089b cluster/services/monitoring: make blackbox targets configurable through cluster config 2023-06-04 23:06:53 +02:00
Max
4202954095 cluster/services/monitoring: add blackbox tcpConnect module 2023-06-04 22:48:58 +02:00
Max
8f1ec4c40a cluster/services/monitoring: rekey secrets 2023-06-04 22:48:58 +02:00
Max
5bd83ec5c1 cluster/services/monitoring: make grafana highly available 2023-06-04 22:48:58 +02:00
Max
1aebeef6a2 cluster/services/monitoring: make tempo datasource externally accessible 2023-06-03 01:04:37 +02:00
Max
a55fc7bb44 cluster/services/ipfs: configure public gateway address on node 2023-06-02 23:39:41 +02:00
Max
3e0684ffb5 cluster/services/ipfs: make gateway consul service public 2023-06-02 23:26:44 +02:00
Max
56d0d07d26 cluster/services/ipfs: add consul service for gateway 2023-06-02 22:53:54 +02:00
Max
70f67f6e71 cluster/services/irc: no DNS indirection 2023-06-02 21:58:00 +02:00
Max
d308f80ab5 cluster/services/websites: no DNS indirection 2023-06-02 21:05:14 +02:00
Max
d264751a9f cluster/services/ipfs: metrics via grafana-agent 2023-06-02 18:50:02 +02:00
Max
a714c37cec cluster/services/ipfs: split remote api, rework gateway 2023-06-02 18:34:15 +02:00
Max
4fb9373f1f cluster/services/ipfs: split io tweaks 2023-06-02 17:51:00 +02:00
Max
f41265ed00 cluster/services/ipfs: switch to cluster otlp trace endpoint 2023-06-02 17:38:12 +02:00
Max
d0ec0c4f82 cluster/services/monitoring: make tempo otlp receivers externally accessible 2023-06-02 17:35:53 +02:00
Max
98b2537482 cluster/services/patroni: enable metrics 2023-06-01 23:18:22 +02:00