| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
These machines are gone, no need to keep the configuration around.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the API key for gandi to the secrest, create a profile for acme with
my defaults.
The profile is loaded by tahoe since that's where our services are
running on.
Update all the servers in nginx to listen on their wireguard interface.
|
|
|
|
|
| |
I'm not using rclone anymore and I'm not storing the backups to GCS
buckets either.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.
Enable the service on tahoe.
Don't restart the unit when its definition has changed.
|
| |
|
|
|
|
|
|
|
| |
This is using the public keys from:
- my user on my laptop
- the root user on tahoe
- the backup key stored on the USB drive
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They've recently removed from nixpkgs the version of mongodb that was
used by unifi. I updated to the latest version (7) and did the migration
of the DB manually (see https://github.com/NixOS/nixpkgs/pull/207382):
```
nix-shell -p mongodb-3_4 mongodb-tools
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --repair
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongodump --out=/root/mongodump
pkill mongod
exit
nix-shell -p mongodb-4_2 mongodb-tools
mv /var/lib/unifi/data/db /var/lib/unifi/data/db_bak
mkdir /var/lib/unifi/data/db
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongorestore /root/mongodump
pkill mongod
```
Once this was done, the exporter was also broken, has it has been
renamed. There are two different services for it in nixpkgs:
`services.unpoller` and `services.prometheus.exporters.unpoller`. Only
the last one works.
From what I can tell, everything is working now.
|
| |
|
| |
|
|
|
|
|
| |
The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
|
|
|
|
| |
This reverts commit 614fc2fcce0e9ae0bcfdc6e08d3c4bac846d02a8.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration needs to be updated, we set the value for
`bucket_policy_only` to true now that we've set the bucket to use
uniform bucket level
access (https://cloud.google.com/storage/docs/uniform-bucket-level-access).
Change-Id: I7e9516709af4be35a3964937c1dbd728bcfe1f01
Reviewed-on: https://cl.fcuny.net/c/world/+/709
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I17ea0baab0d74888ed1b21342c583495d3f52643
Reviewed-on: https://cl.fcuny.net/c/world/+/705
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the secure configuration for gerrit is not managed by nix.
This is likely going to break in the future and I'll hate myself for
that. Let's move it into nix and encrypt it with age, like we do for
other secrets.
Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982
Reviewed-on: https://cl.fcuny.net/c/world/+/622
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I do not use drone anymore, no need to keep this around.
Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e
Reviewed-on: https://cl.fcuny.net/c/world/+/411
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
We need to ensure the agents can read the secrets / tokens to vote after
a build.
Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084
Reviewed-on: https://cl.fcuny.net/c/world/+/341
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9
Reviewed-on: https://cl.fcuny.net/c/world/+/283
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
There's one user per agent. If we don't set an owner for that file, it
will be owned by root. Let's set the ownership to the first builder.
Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081
Reviewed-on: https://cl.fcuny.net/c/world/+/281
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I'm not using drone anymore. I don't need the CLI and the secret to be
installed.
Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714
Reviewed-on: https://cl.fcuny.net/c/world/+/261
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The secret is the configuration for the gerrit-hook tool. It contains
the URL to our gerrit instance, the username/password for the gerrit
user used by the tool, the API token for buildKite and the name of the
organization in buildKite.
Change-Id: I58233e085c92d4c5db5635eb9942a5e87ee9e55d
Reviewed-on: https://cl.fcuny.net/c/world/+/204
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I652a3326caf8f949e9734849d1492f7b9764a766
Reviewed-on: https://cl.fcuny.net/c/world/+/167
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
|