B4L/cnx-network-clan
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • d8bbf08c7a Add mx1 to secret vars/shared/mail-dmarc-cred/passphrase main Berwn 2026-06-21 03:28:02 +07:00
  • e6036d9d1b Add mx1 to secret vars/shared/mail-dmarc-cred/hash Berwn 2026-06-21 03:28:01 +07:00
  • f7b64617b9 Update vars via generator mail-dmarc-cred for machine control Berwn 2026-06-21 03:27:56 +07:00
  • 60db8c60b0 Add parsedmarc DMARC report analyzer on control Berwn 2026-06-21 03:27:23 +07:00
  • b8bea27a9c Update runbook docs for web01 reverse proxy and per-host ACME keys Berwn 2026-06-21 03:17:51 +07:00
  • 415a050f6a Scrape web01 node_exporter into VictoriaMetrics Berwn 2026-06-21 03:08:56 +07:00
  • 3f3f4118c1 Use Singapore time (UTC+8) for mx1 and web01 Berwn 2026-06-21 03:07:57 +07:00
  • dfdeb84ab8 Set time.timeZone on mx1 and web01 Berwn 2026-06-21 03:07:31 +07:00
  • 48bf7fb250 Add web01 public reverse proxy with DNS-01 wildcard TLS Berwn 2026-06-21 03:05:54 +07:00
  • 86a2928825 update(inventory.json): Installed web01 Berwn 2026-06-21 02:28:43 +07:00
  • f6da01ba18 Add web01 to secret vars/shared/dns-acme-web01-secret/secret Berwn 2026-06-21 02:26:44 +07:00
  • eeed40bcb5 Update vars via generator dns-acme-web01-rfc2136 for machine web01 Berwn 2026-06-21 02:26:44 +07:00
  • aac8f9d8e6 Update vars via generator dns-acme-web01-knot for machine ns1 Berwn 2026-06-21 02:26:43 +07:00
  • f5874bc337 Update vars via generator zerotier for machine web01 Berwn 2026-06-21 02:26:33 +07:00
  • 2481d4bf92 Update vars via generator tor_tor for machine web01 Berwn 2026-06-21 02:26:32 +07:00
  • 2d8096ee57 Update vars via generator state-version for machine web01 Berwn 2026-06-21 02:26:30 +07:00
  • 1a4a749d78 Update vars via generator root-password for machine web01 Berwn 2026-06-21 02:26:30 +07:00
  • 1c779d8013 Update vars via generator openssh for machine web01 Berwn 2026-06-21 02:26:30 +07:00
  • 9c4e036b09 Update vars via generator emergency-access for machine web01 Berwn 2026-06-21 02:26:30 +07:00
  • 8139b91fbc Add machine web01 to secrets Berwn 2026-06-21 02:26:30 +07:00
  • c436389619 Update secret web01-age.key Berwn 2026-06-21 02:26:29 +07:00
  • 9fc97e65b2 Update vars via generator dns-acme-web01-secret for machine ns1 Berwn 2026-06-21 02:26:29 +07:00
  • bd84bf7c85 Set disk schema of machine: web01 to single-disk Berwn 2026-06-21 02:25:24 +07:00
  • 848dc0dff7 machines/web01/facter.json: update hardware configuration Berwn 2026-06-21 02:23:00 +07:00
  • 95aff44f86 Add machine web01 Berwn 2026-06-21 01:58:59 +07:00
  • f42569e992 Add provisioned Grafana uptime dashboard for all hosts Berwn 2026-06-21 01:57:08 +07:00
  • 1dd3aadb97 Add mail.cnx.email client alias as a cert SAN Berwn 2026-06-18 15:01:03 +07:00
  • dc21348727 Format drifted files to satisfy the treefmt flake-check gate Berwn 2026-06-18 14:49:48 +07:00
  • 1cb6f39ea2 Add declarative SNM mail stack on mx1 with DNS-01, DANE, MTA-STS Berwn 2026-06-18 14:47:20 +07:00
  • 026a26dd53 Add ns1 to secret vars/shared/dns-acme-mx1-secret/secret Berwn 2026-06-18 14:11:40 +07:00
  • 7e5d50b260 Update vars via generator dns-acme-mx1-knot for machine ns1 Berwn 2026-06-18 14:11:40 +07:00
  • 312de984c1 Update vars via generator dns-acme-rfc2136 for machine mx1 Berwn 2026-06-18 14:11:40 +07:00
  • d76aa8cc8d Update vars via generator mail-passwd-postmaster-at-cnx-email for machine mx1 Berwn 2026-06-18 14:11:36 +07:00
  • 0a78cad06e Update vars via generator dns-acme-mx1-secret for machine mx1 Berwn 2026-06-18 14:11:36 +07:00
  • d1b24017aa Use no-store for docs: epoch mtimes make revalidation serve stale Berwn 2026-06-18 12:24:38 +07:00
  • 77a18df257 Stop browsers serving stale docs by forcing revalidation Berwn 2026-06-18 12:19:42 +07:00
  • a4fe2a7b3a Document how to pull registrar DS records from Knot on ns1 Berwn 2026-06-18 12:12:10 +07:00
  • 6e4178df04 Onboard mx1 mail host and factor out per-host public IPs Berwn 2026-06-18 11:53:14 +07:00
  • 2c89ab913c update(inventory.json): Installed mx1 Berwn 2026-06-18 11:35:22 +07:00
  • 84c3eece58 Update vars via generator zerotier for machine mx1 Berwn 2026-06-18 11:33:06 +07:00
  • 7f5227d2e2 Update vars via generator tor_tor for machine mx1 Berwn 2026-06-18 11:33:06 +07:00
  • ebf4efe5c9 Update vars via generator state-version for machine mx1 Berwn 2026-06-18 11:33:04 +07:00
  • 64b7eb1934 Update vars via generator root-password for machine mx1 Berwn 2026-06-18 11:33:04 +07:00
  • e763d76ae9 Update vars via generator openssh for machine mx1 Berwn 2026-06-18 11:33:03 +07:00
  • b65f526ea2 Update vars via generator emergency-access for machine mx1 Berwn 2026-06-18 11:33:03 +07:00
  • 3a0bc2dba4 Add machine mx1 to secrets Berwn 2026-06-18 11:33:03 +07:00
  • 6098fe9a3b Update secret mx1-age.key Berwn 2026-06-18 11:33:03 +07:00
  • 8d9981ee5a Set disk schema of machine: mx1 to single-disk Berwn 2026-06-18 11:32:33 +07:00
  • afc2e997c0 machines/mx1/facter.json: update hardware configuration Berwn 2026-06-18 11:32:22 +07:00
  • faaa7b66c0 Add machine mx1 Berwn 2026-06-18 11:21:27 +07:00
  • 9c8a2abf3f Bind VictoriaLogs on IPv6 so the mesh can ship journald to it Berwn 2026-06-17 17:27:56 +07:00
  • 0eb883061b Keep systemd-journal-upload retrying instead of failing a deploy Berwn 2026-06-17 17:09:30 +07:00
  • d4a171640b Add VictoriaLogs for centralized journald across all hosts Berwn 2026-06-17 16:53:52 +07:00
  • c7b0f206c8 Alert on and chart blackbox DNS probe failures Berwn 2026-06-17 15:42:13 +07:00
  • 54f607d063 Add blackbox exporter for outside-in DNS probes Berwn 2026-06-17 15:37:45 +07:00
  • 0544bf95e5 Add vmalert rules for failed and stale backups Berwn 2026-06-17 15:17:12 +07:00
  • 1ea5bda23f Add CNX Backups dashboard and document the backup setup Berwn 2026-06-17 15:13:47 +07:00
  • ed746b58c3 Update vars via generator borgbackup for machine ns1 Berwn 2026-06-17 15:07:13 +07:00
  • 044891927b Back up Knot DNSSEC keystore from ns1 to control via borgbackup Berwn 2026-06-17 15:06:58 +07:00
  • 7ae3221b83 Add Active alerts panel to the top of the CNX DNS dashboard Berwn 2026-06-17 14:51:33 +07:00
  • 4c7c74836d Add vmalert alerting rules for DNS and host health Berwn 2026-06-17 14:49:32 +07:00
  • a7d4c0e567 Add mdBook infra runbook served by Caddy on control Berwn 2026-06-17 14:26:21 +07:00
  • 3a8fe660a5 Swap ZeroTier external members: drop Alex/Alex-gateway, add alex-nixos Berwn 2026-06-17 12:15:26 +07:00
  • 9aa83d70a2 Admit external ZeroTier members to the mesh by node id Berwn 2026-06-17 12:13:47 +07:00
  • 848c4ec47d Read mesh host map from clan zerotier vars instead of hardcoding Berwn 2026-06-17 11:53:56 +07:00
  • 8ac96b2d10 Enable IPv6 dialing for VictoriaMetrics scrapes Berwn 2026-06-17 10:51:31 +07:00
  • 1405605eac Remove key(s) for user berwn from secrets Berwn 2026-06-17 10:29:23 +07:00
  • ad0c47e046 Add key(s) for user berwn to secrets Berwn 2026-06-17 10:26:55 +07:00
  • fb7b269f68 Update vars via generator grafana-admin for machine control Berwn 2026-06-17 10:17:45 +07:00
  • 33ac7e106b Add VictoriaMetrics + Grafana DNS monitoring over the mesh Berwn 2026-06-17 10:17:27 +07:00
  • 63446173bc monitor.cnx.network DNS test Berwn 2026-06-16 19:03:49 +07:00
  • aa604bda9a Switch ns1 zone serial-policy to unixtime Berwn 2026-06-16 18:59:45 +07:00
  • e795960dcf Configure static public IPv6 on control, ns1, ns2 Berwn 2026-06-16 18:04:33 +07:00
  • 6783ad7c17 Add internet networking service for direct SSH to public IPs Berwn 2026-06-16 18:04:29 +07:00
  • a49aea3c7a vars fix Berwn 2026-06-16 16:59:54 +07:00
  • de7d950596 Format tree with treefmt Berwn 2026-06-16 16:46:17 +07:00
  • cf0d796bee Add treefmt formatter (nix fmt + flake check gate) Berwn 2026-06-16 16:46:14 +07:00
  • 3302b70485 clan.core.sops.defaultGroups to all machines kurogeek 2026-06-16 16:46:55 +07:00
  • c85da6b8fc Add user berwn to group admins kurogeek 2026-06-16 16:44:32 +07:00
  • d50603743e Add user kurogeek to group admins kurogeek 2026-06-16 16:44:25 +07:00
  • 95b9375324 Grant kurogeek admin SSH access on all machines Berwn 2026-06-16 16:30:18 +07:00
  • 70cbfe84b1 Add user kurogeek to secrets Berwn 2026-06-16 16:24:23 +07:00
  • a3482face5 Allow ACME DNS-01 dynamic updates on ns1 Berwn 2026-06-14 17:12:17 +07:00
  • 8330eaa8ce Update vars via generator dns-acme-tsig for machine ns1 Berwn 2026-06-14 17:07:17 +07:00
  • dc51cfbdb5 Enable DNSSEC and automatic SOA serials on the DNS zones Berwn 2026-06-14 16:27:30 +07:00
  • 5864054b00 Move Hetzner firewall rules into a separate data file Berwn 2026-06-14 15:49:00 +07:00
  • 344f432640 Add Hetzner Cloud firewall auto-sync from clan config Berwn 2026-06-14 15:40:05 +07:00
  • dbb67dbd9c Update vars via generator hetzner-firewall for machine control Berwn 2026-06-14 15:37:25 +07:00
  • 2506b21ffa Enable emergency-access recovery service Berwn 2026-06-14 15:02:34 +07:00
  • 306a2cf61e Set per-machine timezones and enable NTP Berwn 2026-06-14 15:02:34 +07:00
  • 91578a2b43 Update vars via generator emergency-access for machine ns2 Berwn 2026-06-14 15:00:25 +07:00
  • ab8288aef9 Update vars via generator emergency-access for machine ns1 Berwn 2026-06-14 15:00:24 +07:00
  • 7b292b8279 Update vars via generator emergency-access for machine control Berwn 2026-06-14 15:00:24 +07:00
  • 56f0af3153 Fix knot startup on ns1/ns2: TSIG key perms and port 53 conflict Berwn 2026-06-14 14:49:10 +07:00
  • 9de95b4fb5 update(inventory.json): Installed ns2 Berwn 2026-06-14 13:34:17 +07:00
  • 099383ccfa update(inventory.json): Installed ns1 Berwn 2026-06-14 13:29:53 +07:00
  • 807785cdab Add authoritative DNS on ns1/ns2 and finalize clan config Berwn 2026-06-14 13:24:23 +07:00
  • 9f1a2861ce Add ns2 to secret vars/shared/dns-tsig/tsig.conf Berwn 2026-06-14 13:22:43 +07:00
  • 2798e8e8f0 Update vars via generator dns-tsig for machine ns1 Berwn 2026-06-14 13:22:39 +07:00
  • a40c4d1800 Set disk schema of machine: ns2 to single-disk Berwn 2026-06-14 13:19:56 +07:00