jonmro/pvv-nixos-config
1
0
Fork 0
forked from Drift/pvv-nixos-config
Code Pull Requests Activity
920 Commits 17 Branches 0 Tags
9efda802cb3ef80e1c9be76ffafcf19bde42fd33
Commit Graph

84 Commits

Author SHA1 Message Date
Vegard Bieker Matthey
35907be4f2 update sops keys for skrott 2026-02-07 22:17:09 +01:00
h7x4
210f74dc59 secrets: sops updatekeys 2026-02-08 05:19:26 +09:00
h7x4
c3c98392ad bicep/hookshot: add passkey to sops 2026-01-26 21:52:58 +09:00
h7x4
e01fd902eb bekkalokk/mediawiki: move secret.key to sops 2026-01-26 17:55:55 +09:00
h7x4
f50372fabd .sops.yaml: remove yet more remains of jokum 2026-01-26 13:53:30 +09:00
h7x4
0f355046de .sops.yaml: add skrott 2026-01-26 13:53:16 +09:00
h7x4
034f6540d9 secrets/skrott: add database password 2026-01-25 23:30:41 +09:00
h7x4
52ac4ca775 skrott: update dibbler + config 2026-01-25 20:56:33 +09:00
h7x4
0f11cca8ec bicep/matrix: use sops templates to render structured files 2026-01-21 11:08:26 +09:00
h7x4
e5dd5b6325 bicep/matrix: attempt to set up livekit 2026-01-21 10:14:08 +09:00
h7x4
1080589aef secrets/*/*: update keys 2026-01-16 07:36:43 +01:00
h7x4
5e18855c7c skrott: register sops with dibbler db url 2026-01-12 02:32:21 +09:00
h7x4
cedaf2a517 kommode/gitea: declarative pubkey 2025-12-22 15:35:54 +09:00
h7x4
9b22b53e95 secrets/bakke: update keys 2025-12-22 15:10:22 +09:00
h7x4
0a6e50e04c secrets/kommode: update gitea signing key 2025-12-22 15:08:53 +09:00
Felix Albrigtsen
0491df32f7 Init bakke (!87) 
New backup server just dropped!
This server is awfully slow, and the mdraid setup is awfully slow, and I doubt that this will be a good experience, but we now have a backup server again?

- Tried Disko and nixos-anywhere
- Tried using mdraid
- Found that md is ancient and bad
- Found that disko is 100% extra steps, and a lot more complicated and noisy than just formatting your disks yourself
- Found that systemd-boot doesn't support mdraid
- Found that we probably don't need to mirror the boot partition :)
- Found that old hardware is slow
- Found that old hardware can have poor support for iPXE with UEFI, and might do weird BIOS stuff on you when you least expect it
- Reaffirmed that zfs is love

Current disk layout:
- mdraid for boot/root disk
    - 4TB WD Red with 500MiB ESP with systemd-boot, Remaining mdraid - Old?
    - 4TB WD Red with 500MiB Unused partition, Remaining mdraid - Old?
- zfs pool "tank" for the actual backup data
    - 8TB Toshiba MG08 - New
    - 8TB Exos 7E10 - New

TODO:

- Document the death of Toriel on the wiki
- Document Bakke on the wiki
  - ... describing the poco loco disk layout
- Start backing stuff up
  - Restic? Borg? Rsync?
  - Make backup retention policy and zfs snapshot system
  - Document backup procedures

Reviewed-on: Drift/pvv-nixos-config#87
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
Co-committed-by: Felix Albrigtsen <felix@albrigtsen.it>
 2025-12-22 04:08:30 +01:00
h7x4
c2bc84dc6f lupine: rotate gitea registration key 2025-12-04 15:07:21 +09:00
Daniel Olsen
938e916025 update bicep key 2025-12-02 01:51:40 +01:00
Daniel Olsen
d9a9fcfef1 danio has a new sops key 2025-12-02 01:40:54 +01:00
h7x4
9e68287f1b bicep/minecraft-heatmap: change postgres password, add to sops 2025-08-25 14:38:25 +02:00
Øystein Tveit
b821d36f40 bicep/minecraft-heatmap: init 2025-08-25 14:26:37 +02:00
h7x4
234a7030f0 kommode/gitea: make secrets declarative 2025-08-03 03:39:18 +02:00
Albert
043099eb37 hosts/lupine: init 
Co-authored-by: h7x4 <h7x4@nani.wtf>
 2025-07-30 20:30:28 +02:00
h7x4
4fa544b430 WIP: bicep/ooye: init 2025-06-22 00:59:23 +02:00
h7x4
20ade0d619 bicep: add git-mirroring service 2025-05-08 23:41:43 +02:00
h7x4
b7fca76ea5 ildkule/mysqld_exporter: use nix-sops template for config 2025-03-16 21:09:12 +01:00
h7x4
08b010cb93 kommode/sops: init 2025-03-16 14:04:09 +01:00
Øystein Tveit
edb448f7a0 ustetind/gitea-runners: update docker image, update registration keys 2024-12-22 23:17:41 +01:00
Øystein Tveit
1f85208587 hosts/ustetind: set up gitea-runners 2024-12-09 22:24:54 +01:00
h7x4
5242d99260 bekkalokk/gitea: add gpg signing key 2024-11-24 03:23:54 +01:00
Daniel Olsen
47ed79986c bicep/matrix: use sops templates for appservice registrations 2024-10-14 15:46:58 +02:00
Daniel Olsen
2c86a2d812 bicep/matrix/hookshot: More configuration 2024-10-14 00:13:15 +02:00
Daniel Olsen
d4fd3f8332 bicep/matrix/hookshot: add nginx 2024-10-13 06:03:26 +02:00
Oystein Kristoffer Tveit
f5c16f46f1 Merge pull request 'disable-postgres-on-bekkalokk' (!85) from disable-postgres-on-bekkalokk into main 
Reviewed-on: Drift/pvv-nixos-config#85
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
 2024-10-13 02:34:45 +02:00
h7x4
aa71d497f1 bekkalokk/roundcube: add postgres password 2024-10-12 23:57:27 +02:00
Daniel Olsen
c56d157c3f add registration secret 2024-10-12 23:49:10 +02:00
Daniel Olsen
cd23e35aac bicep/matrix: update module and remove deprecated options 2024-09-27 06:38:12 +02:00
Daniel Olsen
201784fa21 bluemap on bekkalokk 💀 2024-09-02 15:11:32 +02:00
h7x4
bd42412b94 bekkalokk/gitea/import-users: refactor + add members to groups 2024-08-27 22:07:29 +02:00
h7x4
b0f555667c bekkalokk/gitea: set up gitea-web sync units 2024-08-26 20:36:03 +02:00
h7x4
f5c99b58c8 bicep/calendar-bot: reactivate 2024-08-15 23:22:50 +02:00
h7x4
95a5603f27 secrets: run sops updatekeys on everything 2024-08-04 02:04:29 +02:00
Felix Albrigtsen
35d745b156 bekkalokk: add vaultwarden 2024-05-26 04:19:17 +02:00
h7x4
bcf2ceed32 gitea: setup mail 2024-05-12 02:26:13 +02:00
Felix Albrigtsen
55e8f01d1d Upgrade ildkule (!36) 
This PR is made while moving Ildkule from PVE on joshua, to Openstack on stack.it.ntnu.no.

- The main monitoring dashboard is moved from https://ildkule.pvv.ntnu.no to https://grafana.pvv.ntnu.no.
- A new service is added: uptime-kuma on https://uptime.pvv.ntnu.no.
- The (hardware) configuration for ildkule is updated to fit the new virtualization environment, boot loader, network interfaces, etc.
- Metrics exporters on other hosts should be updated to allow connections from the new host

As this is the first proper server running on openstack, and therefore outside our main IP range, we might discover challenges in our network structure. For example, the database servers usually only allow connections from this range, so Ildkule can no longer access it. This should be explored, documented and/or fixed as we move more services.

Reviewed-on: Drift/pvv-nixos-config#36
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
Co-committed-by: Felix Albrigtsen <felix@albrigtsen.it>
 2024-04-21 23:36:25 +02:00
h7x4
6851879a03 bekkalokk: remove keycloak 2024-04-14 23:59:46 +02:00
h7x4
9577477460 bekkalokk/nettsiden: add secrets 2024-04-10 23:04:20 +02:00
h7x4
8657e77514 bekkalokk: set up pvv-nettsiden 2024-04-10 23:04:18 +02:00
h7x4
d531419f35 bekkalokk: init mediawiki 
Co-authored-by: Jørn Åne <yorinad@pvv.ntnu.no>
 2024-04-01 23:57:39 +02:00
h7x4
806b18ede8 bekkalokk: init idp-simplesamlphp 2024-04-01 23:57:39 +02:00