| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
It creates the user, ensure sftp is configured correctly, and rsync the
backups to rsync.net once a day.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Get rid of configuration that was duplicated (a lot of things are
already handled by the upstream module).
|
|
|
|
| |
I need to set a password.
|
| |
|
|
|
|
|
|
| |
Both tahoe and carmel are using nginx, and we can simplify the
configuration by moving common parts to the profile and have these hosts
import it.
|
|
|
|
| |
It's the only host that uses this code.
|
|
|
|
| |
The hosts should be explicit about what to import.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the API key for gandi to the secrest, create a profile for acme with
my defaults.
The profile is loaded by tahoe since that's where our services are
running on.
Update all the servers in nginx to listen on their wireguard interface.
|
|
|
|
| |
I don't use GPG anymore and I don't read mail in Emacs anymore.
|
| |
|
| |
|
|
|
|
|
| |
This is a major refactor, similar to what was done for the hosts, but in
a single commit.
|
| |
|
|
|
|
| |
This remove ssh on workstations. I also drop mosh since I don't use it.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The NAS and the router are "servers", and we create a base profile for
them.
We add a default profile that will set things that are common to all my
hosts, and we start with the locales.
Update tahoe/carmel to use the server profile.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
There's too many moving parts and layers of abstractions, for no
benefits: I only have to manage 3-4 machines.
Going to create profiles, move things there, and stop with the `enable`
pattern.
|
|
|
|
|
| |
I'm not using rclone anymore and I'm not storing the backups to GCS
buckets either.
|
| |
|
| |
|
|
|
|
|
| |
Backups are not synchronized with rclone to gcloud, but instead with
rsync to rsync.net.
|
|
|
|
|
| |
The path to the restic repository has changed, and we are a bit more
specific about the paths we want to backup.
|
|
|
|
|
|
|
| |
Configure correctly the systemd unit to run restic on aptos.
Be more specific about the paths we want to backup, instead of backing
up '/home' and maintaining a large exclusion list.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dedicated account for backup should be named 'backup', as it's more
generic.
While it's a system account, I still need to be able to log in the host
remotely with sftp, so we give it a UID (991).
The account needs to be able to sftp to tahoe in order to store the
backups from remote hosts. However we don't want this user to get a
shell and be able to browse the host, so we configure sshd to chroot the
user to where the backups are stored.
|
| |
|
|
|
|
|
|
| |
This is the user I'll be using to do my backups. This is a system user,
and there's only one public key added to it. This key is only used for
backups and will be managed in this repository.
|
| |
|
|
|
|
|
|
|
| |
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
|
|
|
|
|
| |
This will help to organize and structure monitoring modules a bit
better.
|
| |
|
|
|
|
| |
This is way too verbose
|
| |
|
|
|
|
| |
No need to release the lease if we are rebooting.
|
|
|
|
|
| |
Bind to the wireguard interface, and use the port 8067 (67 is the port
used for DHCP requests).
|
|
|
|
|
|
| |
The option `dhcp-script` can be used to run a script every time a new
lease is added or deleted. We configure this option to run the script
that generates a static HTML file with the leases.
|
| |
|
| |
|
|
|
|
| |
This is managed in the tailscale module.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.
There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.
There are 2 VLANs to configure: one for IoT devices and one for guest.
|
|
|
|
|
|
|
|
|
|
| |
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.
Enable the service on tahoe.
Don't restart the unit when its definition has changed.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
I keep running into issues when using fish: I'm not familiar with the
syntax and I don't use it enough that it sticks. I also need to google
stuff regularly to figure out how things are supposed to work. This is
annoying enough that the supposed benefits of fish are not worth it for
me.
|
|
|
|
| |
This secret is not needed system wide, I only need it to run some tools.
|
|
|
|
|
|
| |
I used the keyring only to start the GPG agent and unlock the ssh keys.
But since I'm storing the ssh keys on yubikeys and I don't use GPG, I
can remove it.
|
| |
|
|
|
|
|
|
|
| |
This is using the public keys from:
- my user on my laptop
- the root user on tahoe
- the backup key stored on the USB drive
|
|
|
|
|
|
|
| |
This is now using the public keys from various age keys:
- one for my user on the laptop
- one for the root user on the laptop
- one backup key stored on the USB drive
|
|
|
|
|
| |
It's not working as I want, let's fix it first then we can enable it
again later.
|
|
|
|
| |
It's not running anymore.
|
|
|
|
|
|
|
|
| |
Replace gitea with gitolite + cgit. I don't need a whole git forge for
myself, especially since I don't use most of the features.
The main thing I'm losing with this change is CI (via drone), but this
is not really a big loss for now.
|
|
|
|
| |
This is to use the yubikeys correctly
|
| |
|
|
|
|
|
|
| |
This is not working as I thought it would: I was expecting this to only
work with the first login, but any time I log out of my account it logs
in right away again.
|
| |
|
|
|
|
|
| |
I don't need to backup videos, and the cache of my home directory. I
also don't need to keep that many snapshots around.
|
|
|
|
|
|
|
|
|
|
|
| |
fractal(-next) is a client for matrix. It's GTK4 native and uses rust.
While not much nicer looking than element, it's not an electron app,
which I prefer (electron is slow, and element would freeze/crash from
time to time).
I renamed the module from element to matrix-client, in case I switch to
something else in the future (or if there are additional
configurations).
|
|
|
|
|
|
|
|
|
| |
When the laptop boots, I already have to enter a passphrase to unlock
the disks, I can trust that it's me and can automatically log into the
system.
Enable systemd integration for sway so that the correct session is
started and environment variables are imported properly.
|
|
|
|
| |
The machine is connected to a rotated screen.
|
|
|
|
|
|
|
| |
Due to md device uuid availability issue in initrd.
Refs:
- https://github.com/NixOS/nixpkgs/issues/196800
- https://github.com/NixOS/nixpkgs/issues/199551
|
|
|
|
|
| |
This is a broken unit and I don't need it (see
https://github.com/nixos/nixpkgs/issues/72394).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They've recently removed from nixpkgs the version of mongodb that was
used by unifi. I updated to the latest version (7) and did the migration
of the DB manually (see https://github.com/NixOS/nixpkgs/pull/207382):
```
nix-shell -p mongodb-3_4 mongodb-tools
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --repair
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongodump --out=/root/mongodump
pkill mongod
exit
nix-shell -p mongodb-4_2 mongodb-tools
mv /var/lib/unifi/data/db /var/lib/unifi/data/db_bak
mkdir /var/lib/unifi/data/db
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongorestore /root/mongodump
pkill mongod
```
Once this was done, the exporter was also broken, has it has been
renamed. There are two different services for it in nixpkgs:
`services.unpoller` and `services.prometheus.exporters.unpoller`. Only
the last one works.
From what I can tell, everything is working now.
|
| |
|
| |
|
|
|
|
|
| |
The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
|
|
|
|
| |
This reverts commit 614fc2fcce0e9ae0bcfdc6e08d3c4bac846d02a8.
|
| |
|
|
|
|
|
| |
Since I'm moving everything back to GitHub I don't need to run these
services anymore.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When rebuilding the host (through `nixos-rebuild switch --flake`) I
don't want to rebuild also my home-manager configuration. I want these
to be two different steps.
I rebuild the home-manager configuration more frequently and it's a
waste of time and CPU to rebuild the world every time.
This is a pretty large refactoring:
- move checks back into the flake: if I modify a check, the
configuration for `pre-commits` is not regenerated, as the file with the
checks is not monitored with `direnv` (I could probably configure it for
it, but not now)
- remove `home.nix` from the host level configuration
- introduce a `mkHomeManagerConfiguration` function to manage the
different user@host
- fix a warning with the rust overlay
|
|
|
|
|
|
|
|
| |
Installing the rust overlay to get the various tools installed. This is
done by a new module for home-manager, and is installed only on my
laptop at the moment.
Change-Id: I80c1633ca04da82f4321a0687a05d1df7c523702
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration needs to be updated, we set the value for
`bucket_policy_only` to true now that we've set the bucket to use
uniform bucket level
access (https://cloud.google.com/storage/docs/uniform-bucket-level-access).
Change-Id: I7e9516709af4be35a3964937c1dbd728bcfe1f01
Reviewed-on: https://cl.fcuny.net/c/world/+/709
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: Ie87672629ff23eeb93f5308898014cc737490b7c
Reviewed-on: https://cl.fcuny.net/c/world/+/708
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I17ea0baab0d74888ed1b21342c583495d3f52643
Reviewed-on: https://cl.fcuny.net/c/world/+/705
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the secure configuration for gerrit is not managed by nix.
This is likely going to break in the future and I'll hate myself for
that. Let's move it into nix and encrypt it with age, like we do for
other secrets.
Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982
Reviewed-on: https://cl.fcuny.net/c/world/+/622
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I don't need to backup these directories in my home.
Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b
Reviewed-on: https://cl.fcuny.net/c/world/+/620
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The pre-commit hook for new lines reported and correct a number of
issues, so let's commit them now and after that we ca enable the hook
for the repository.
Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740
Reviewed-on: https://cl.fcuny.net/c/world/+/592
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I75df9d3ba133e3f7380a518e1b8c70a564f60482
Reviewed-on: https://cl.fcuny.net/c/world/+/481
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7
Reviewed-on: https://cl.fcuny.net/c/world/+/457
Reviewed-by: Franck Cuny <franck@fcuny.net>
Tested-by: CI
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm considering trying again fish, and there are a number of things that
should be common between zsh and fish (aliases, environment variables,
...).
Instead of duplicating these settings multiple time, I'm consolidating
the shell configurations under `home/shell`, and I can set the shell I
want to use with `my.home.shell.name`.
The first step is to move the modules for fish and zsh under
`home/shell`, add an interface to pick which one I want to use, and
modify the `host/home.nix` configuration to keep using zsh with the new
interface.
Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf
Reviewed-on: https://cl.fcuny.net/c/world/+/455
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I do not use drone anymore, no need to keep this around.
Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e
Reviewed-on: https://cl.fcuny.net/c/world/+/411
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
We need to ensure the agents can read the secrets / tokens to vote after
a build.
Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084
Reviewed-on: https://cl.fcuny.net/c/world/+/341
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All the modules that are setup by the profiles are now managed at the
host level. This simplify some configuration, and will make it easier to
adjust things at the host instead of trying to squeeze everything into
profiles.
This will also help the refactoring later, when I'll split nixos and
home-manager configuration.
Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5
Reviewed-on: https://cl.fcuny.net/c/world/+/297
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
| |
All the configuration is done at the host level.
Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693
Reviewed-on: https://cl.fcuny.net/c/world/+/296
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff
Reviewed-on: https://cl.fcuny.net/c/world/+/295
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0
Reviewed-on: https://cl.fcuny.net/c/world/+/294
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
Remove the trusted profiles, the modules are installed directly within
the host configuration.
Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078
Reviewed-on: https://cl.fcuny.net/c/world/+/293
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
Consume the modules related to multimedia applications at the host
level, instead of having a level of indirection with a profile.
Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002
Reviewed-on: https://cl.fcuny.net/c/world/+/292
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Ibb55ee455423c101fb6d3e62a2e9e4593682cf16
Reviewed-on: https://cl.fcuny.net/c/world/+/291
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
As for the bluetooth configuration, we don't need that level of
indirection. The laptop can consume these services directly, and we can
drop the profile for laptop.
Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e
Reviewed-on: https://cl.fcuny.net/c/world/+/290
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
I don't need a profile for this, the module can be consumed directly
from the host's hardware configuration. It removes one level of
indirection and helps us toward the goal of completely removing all the
profiles.
Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114
Reviewed-on: https://cl.fcuny.net/c/world/+/289
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9
Reviewed-on: https://cl.fcuny.net/c/world/+/283
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
There's one user per agent. If we don't set an owner for that file, it
will be owned by root. Let's set the ownership to the first builder.
Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081
Reviewed-on: https://cl.fcuny.net/c/world/+/281
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I'm not using drone anymore. I don't need the CLI and the secret to be
installed.
Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714
Reviewed-on: https://cl.fcuny.net/c/world/+/261
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The secret is the configuration for the gerrit-hook tool. It contains
the URL to our gerrit instance, the username/password for the gerrit
user used by the tool, the API token for buildKite and the name of the
organization in buildKite.
Change-Id: I58233e085c92d4c5db5635eb9942a5e87ee9e55d
Reviewed-on: https://cl.fcuny.net/c/world/+/204
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I12cc741bdfb074f7d2a006547860362176afe372
Reviewed-on: https://cl.fcuny.net/c/world/+/169
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I652a3326caf8f949e9734849d1492f7b9764a766
Reviewed-on: https://cl.fcuny.net/c/world/+/167
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I will not be using drone anymore, and will likely replace it with
buildkite.
Change-Id: I45d91c43090aaba119855158e071dae377c1897f
Reviewed-on: https://cl.fcuny.net/c/world/+/162
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2
Reviewed-on: https://cl.fcuny.net/c/world/+/62
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`zsh' is available everywhere and is compatible with bash. When using
`fish' I need to remember how to do things. While the completion style
is nicer, I don't care about the rest. I prefer to have a consistent
experience in the shell, no matter where am I.
This is an initial configuration, I might need to make a few changes as
I go.
|
| |
|
|
|
|
|
| |
This is the configuration needed to interact with GCP from this
repository. We only want it on aptos for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.
I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).
For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
|
| |
|
|
|
|
| |
Add the cert and key for aptos.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This will ultimately replace traefik.
|
|
|
|
|
|
| |
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
|
| |
|
|
|
|
|
| |
Refactor a bit the configuration, which should simplify the management
and usage of secrets from now on.
|
|
|
|
| |
Do a single backup for the host, instead of running multiple ones.
|
|
|
|
| |
So we can unlock the disks remotely.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
aptos is now using the new home-manager setup.
|
|
|
|
|
|
|
|
|
|
| |
All the modules that are needed for home-manager should be under
`home/`, and each host will have a `host.nix` where the modules are
enabled as needed. Later on we can create some profiles to make it
easier to consume the configuration.
I apply this only to tahoe for now, as the amount of packages needed for
my user are pretty limited.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
The list of public share is configurable too.
|
|
|
|
|
|
|
|
|
| |
We don't need the previous `hosts/common/system` configs anymore, as
everything has been moved out.
We keep some boot configuration for carmel in the host configuration for
now, but I need to check why I don't have similar settings for
tahoe (since I also need to unlock the host remotely).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Move the networking configuration for the hosts to its own file.
|
|
|
|
| |
Also install mosh and ensure the firewall opens the correct ports.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the start of yet another refactoring of the configuration.
Sound configuration is moving to a module, and we enable it as needed at
the host level. It takes care of configuring pipewire and install the
packages needed too.
This module is applied to the laptop and the desktop.
|
|
|
|
| |
We're using the ones from the prober
|
| |
|
|
|
|
|
|
|
|
| |
If we don't, by default we try over ipv6, and this is not going to work
well for us (yet):
```
ts=2022-04-05T01:39:13.830414184Z caller=main.go:130 module=https_2xx target=https://notes.fcuny.net level=error msg="Error for HTTP request" err="Get \"https://[2a09:8280:1::a:2aed]\": dial tcp [2a09:8280:1::a:2aed]:443: connect: network is unreachable"
```
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
|
|
|
|
| |
Apply the role to tahoe.
|
|
|
|
|
| |
We also don't need the music-organizer anymore since we're switching to
beets.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
we're shutting it down!
|
| |
|
| |
|
|
|
|
| |
why not ?
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Profiles contain a collection of modules.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Add a couple of secrets to store the configuration and the service
account, and add a timer to synchronize the restic repository to a GCS
bucket once a day.
|
| |
|
|
|
|
| |
Otherwise, `git` will conflict, since it exists on both domains.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fcuny.net is for public facing domains, while fcuny.xyz are for domains
on the tailscale network.
I need to support configuration in traefik for both. The main
difference, for traefik, is the domain name and which let's encrypt
challenge to use (DNS for TS, HTTP for public).
Refactor the function `mkServiceConfig` to accept the domain and LE
challenge as argument, and add new entries for git.fcuny.net and
git.fcuny.xyz.
|
| |
|
| |
|
|
|
|
| |
It's always useful to have it around.
|
| |
|
|
|
|
|
|
|
| |
Instead of rsync-ing these folders to a GCS bucket, I should instead do
a backup. If I screw up something, the content will be sync-ed, and I
won't be able to restore it. It's better (maybe more expensive, but
that's OK) to keep snapshots and be able to restore.
|
|
|
|
|
| |
If they start running at the same time, they won't be able to succeed
since there's a global lock on the repository.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|