diff --git a/build/haumea/default.nix b/build/haumea/default.nix index 9b575570..e7d89e61 100644 --- a/build/haumea/default.nix +++ b/build/haumea/default.nix @@ -12,7 +12,6 @@ ./boot.nix ./network.nix ./postgresql.nix - ./zrepl.nix ]; networking = { diff --git a/build/haumea/network.nix b/build/haumea/network.nix index 0cc7f3cc..6f39eebf 100644 --- a/build/haumea/network.nix +++ b/build/haumea/network.nix @@ -1,15 +1,6 @@ { systemd.network = { enable = true; - netdevs = { - "20-vlan4000" = { - netdevConfig = { - Kind = "vlan"; - Name = "vlan4000"; - }; - vlanConfig.Id = 4000; - }; - }; networks = { "30-enp35s0" = { matchConfig = { @@ -30,16 +21,6 @@ networkConfig.Description = "WAN"; linkConfig.RequiredForOnline = true; }; - "30-vlan4000" = { - matchConfig.Name = "vlan4000"; - linkConfig = { - MTUBytes = "1400"; - RequiredForOnline = "routable"; - }; - address = [ - "10.0.40.1/31" - ]; - }; }; }; } diff --git a/build/haumea/zrepl.nix b/build/haumea/zrepl.nix deleted file mode 100644 index dec508ad..00000000 --- a/build/haumea/zrepl.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ - config, - lib, - ... -}: - -{ - age.secrets."zrepl-ssh-key" = { - file = ../secrets/zrepl-ssh-key.age; - mode = "0400"; - }; - - programs.ssh = { - knownHosts = { - rsync-net = { - hostNames = [ - "zh2543b.rsync.net" - "2001:1620:2019::324" - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlIcNwmx7id/XdYKZzVX2KtZQ4PAsEa9KVQ9N43L3PX"; - }; - }; - }; - - services.zrepl = - let - defaultBackupJob = { - type = "push"; - filesystems."rpool/safe<" = true; - snapshotting = { - type = "periodic"; - interval = "30m"; - prefix = "zrepl_snap_"; - hooks = [ - { - # https://zrepl.github.io/master/configuration/snapshotting.html#postgres-checkpoint-hook - type = "postgres-checkpoint"; - dsn = "host=/run/postgresql dbname=hydra user=root sslmode=disable"; - filesystems."rpool/safe/postgres" = true; - } - ]; - }; - - # The current pruning setup is an exponentially growing scheme, at both sides. - pruning = { - keep_sender = [ - { type = "not_replicated"; } - { - type = "grid"; - regex = "^zrepl_snap_.*"; - grid = lib.concatStringsSep " | " [ - "1x1h(keep=all)" - "1x1h" - "1x2h" - "1x4h" - # "grid" acts weird if an interval isn't a whole-number multiple - # of the previous one, so we jump from 8h to 24h - "2x8h" - "1x1d" - "1x2d" - "1x4d" - "1x8d" - # At this point we keep ~10 snapshots spanning 8--16 days (depends on moment), - # with exponentially increasing spacing (almost). - ]; - } - ]; - keep_receiver = [ - { - type = "grid"; - regex = "^zrepl_snap_.*"; - grid = lib.concatStringsSep " | " [ - "2x1h(keep=all)" - "2x1h" - "2x2h" - "2x4h" - "4x8h" - # At this point the grid spans 2 days by ~13 snapshots. - # (See note above about 8h -> 24h.) - "2x1d" - "2x2d" - "2x4d" - "2x8d" - "2x16d" - "2x32d" - "2x64d" - "2x128d" - # At this point we keep ~29 snapshots spanning 384--512 days (depends on moment), - # with exponentially increasing spacing (almost). - ]; - } - ]; - }; - }; - in - { - enable = true; - settings = { - global = { - logging = [ - { - type = "syslog"; - level = "info"; - format = "human"; - } - ]; - }; - - jobs = [ - # Covers 20240629+ - ( - defaultBackupJob - // { - name = "rsyncnet"; - connect = { - identity_file = config.age.secrets."zrepl-ssh-key".path; - type = "ssh+stdinserver"; - host = "zh4461b.rsync.net"; - user = "root"; - port = 22; - }; - } - ) - /* - rsync.net provides a VM with FreeBSD - - almost nothing is preserved on upgrades except this "data1" zpool - $ scp ./zrepl.yml root@zh4461b.rsync.net:/usr/local/etc/zrepl/zrepl.yml - # pkg install zrepl - # service zrepl enable - # service zrepl start - */ - ]; - }; - }; -} diff --git a/build/hydra.nix b/build/hydra.nix index ba427efd..c7fcbbb6 100644 --- a/build/hydra.nix +++ b/build/hydra.nix @@ -70,7 +70,7 @@ in services.hydra-dev.enable = true; services.hydra-dev.buildMachinesFiles = [ "/etc/nix/machines" ]; - services.hydra-dev.dbi = "dbi:Pg:dbname=hydra;host=10.0.40.1;user=hydra;"; + services.hydra-dev.dbi = "dbi:Pg:dbname=hydra;host=10.0.40.3;user=hydra;"; services.hydra-dev.logo = ./hydra-logo.png; services.hydra-dev.hydraURL = "https://hydra.nixos.org"; services.hydra-dev.notificationSender = "edolstra@gmail.com"; diff --git a/build/mimas/network.nix b/build/mimas/network.nix index 26128b70..33e07cea 100644 --- a/build/mimas/network.nix +++ b/build/mimas/network.nix @@ -39,7 +39,7 @@ RequiredForOnline = "routable"; }; address = [ - "10.0.40.0/31" + "10.0.40.2/31" ]; }; }; diff --git a/build/secrets.nix b/build/secrets.nix index 058f0f7c..db079967 100644 --- a/build/secrets.nix +++ b/build/secrets.nix @@ -16,7 +16,7 @@ let rfc39-github = [ machines.pluto ]; rfc39-record-push = [ machines.pluto ]; tarball-mirror-aws-credentials = [ machines.pluto ]; - zrepl-ssh-key = [ machines.haumea ]; + zrepl-ssh-key = [ machines.titan ]; }; in builtins.listToAttrs ( diff --git a/build/secrets/alertmanager-matrix-forwarder.age b/build/secrets/alertmanager-matrix-forwarder.age index bc6e9c5d..bb5e2910 100644 Binary files a/build/secrets/alertmanager-matrix-forwarder.age and b/build/secrets/alertmanager-matrix-forwarder.age differ diff --git a/build/secrets/alertmanager-oauth2-proxy-env.age b/build/secrets/alertmanager-oauth2-proxy-env.age index 68fbdccf..3a83b842 100644 Binary files a/build/secrets/alertmanager-oauth2-proxy-env.age and b/build/secrets/alertmanager-oauth2-proxy-env.age differ diff --git a/build/secrets/fastly-exporter-env.age b/build/secrets/fastly-exporter-env.age index cfc0e743..3d058cf2 100644 --- a/build/secrets/fastly-exporter-env.age +++ b/build/secrets/fastly-exporter-env.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 s9hT2g dgCOoedaGMAU+kk+TCYfSGhcEjkT8XOY2O1i/Dc3vW4 -7AmsZxzp5QBVAkaAzSce1axdQtUyJoqeTvLSkQ6j9nw --> ssh-ed25519 Gr9EaQ pJD5EMbL4SJl75Tal0IVykiPIpIwBjcw867N0c0D4GI -PzGaPo1LnRjlC6qsCxFjplSMrkoMIUFd+m0BeSKndlA --> ssh-ed25519 3ENwVg o8/QdXUWRL9O8qaBpiZYiDE6Y+P3K539RAgSQFC/Gi0 -7YxQavzqt3G5xxXNdWa4m2R5Yc7xL3yywhnqX/LWWA0 +-> ssh-ed25519 s9hT2g RO6Blf+MB32dW1vWtwpsdutfPRDhXp6qMh+9K5mP/yI +aojG0tr0pQ172/Sgrcm4ltdGJH5uCdW6hpgvFE/gDFE +-> ssh-ed25519 Gr9EaQ ByRH47STTrDIIyt8d/EitsWGW2zHs3XWE44A3AJVZy4 +fhT87Y7e7J41Cfrvldh152mVTz9dD4PuaxN3S6OkXfc +-> ssh-ed25519 3ENwVg Wk0Tt67znuSj137ODLVZ+jmYD+QZ06pnEia24XJau20 +1n5AUDJ7G4BrD4jZ/bFtmehX5wqd5nmaIluzVd+bGeY -> ssh-rsa MuWD+w -UiC3Jo2FMnLWRuOiP4xp1q7a8cIKUGFw8D+jODMfDTbBwdZqyeoUf8a3WvdHmCA0 -NvCpr+CBa7ZQ4oeE9sw9iVdbsvLxR2Ny+zFfNzih2BHR/tbqSFZSZj2oTZcponWj -h6wrAsu1QMQx0Ofpr7kco/DWMGjRofOcKQJbmoqDiKKAsf9rvzhVu/wJvaTNQqAU -Nge6CdKT/vjALtHb2W6GgE6PY+yEbH34iGqC7KCE1nLYHIpwSGBdL9bQRsZhksOh -JLVaure4CH7XTbdvYQVmwK9lN/6DTlxTU/hR+POD4oCGl8mv7ZaeNHV/4IN10C2v -MWeDLGKQO37QgTt82C4eyQ --> ssh-ed25519 92bXiA NjVy+K4v9VBBR6rcaSNVy6yLzPnOHBq+6oeefTtmb24 -IsWe5OQp9hTOGYkmxMCnp+z2XRxuOhJ6xTVbc+Ucu5Y ---- SflrB0oDOkbOfGHFTHV+lm4ruzKfrPiSC6owWmx3uGA -Bt(J/&:n KTb55 e -p]N01DTk@#s} *'W:+FCp\qz_sl \ No newline at end of file +swfRBQIzsOuJe0NW1fjEPTNbCNdDCj/tvajEZQexxZV2koyXzCZMZu6WkUE7EWIQ +9dg3dN+SgIBDsBCimVwDLdlKCv07Y4EYVJcUKWQyGrCnyKD0fNL+H/b0NFvkln5d +xpWShnL/zTEa/Bz/1ftzTcDV4B6g75HyIrfXnc5yNQPsk7w4u+tvUIZFiPsUkwj9 +2raYpVSZG07xPxDDujADlNLuVNhTCw2MxN/cUS4u7iN9cMilFwND0clRVjQl4APe +Wnzb5iZ73sMi4wg2Qf8+O//zxe9221krnpjhdkyR3k8Oxk4SPACSxuLKKXn5PVcD +Gi8C3sxSSTLzpwAqySR94g +-> ssh-ed25519 92bXiA TXBDrIkPKkagHD7cvWsD0BkE8p0pJYIK5LaCCxDvzF0 +gpkhwY7kVYK23ALcahfAucaOP2Tf6UJ9QuFCxbWND3k +-> ssh-ed25519 Y121Gw IMc36vETqcH985olPop763Y/SIPl0GdRDecUFlmqU1A +pWOPIMjlWkKFMxZAhnBNu5nmTn0YA3/pss3vcr2uEvU +--- 0bm0YdyW2rphnkhcSz3jjdUe5eyELylNp4MhcSmAkdU +` NLS^ǩBbܲfEV[oI/JZ_^bYQ5CDўQg~4_aهdկl'$ \ No newline at end of file diff --git a/build/secrets/hydra-aws-credentials.age b/build/secrets/hydra-aws-credentials.age index 6d79804c..2224ee75 100644 Binary files a/build/secrets/hydra-aws-credentials.age and b/build/secrets/hydra-aws-credentials.age differ diff --git a/build/secrets/hydra-github-client-secret.age b/build/secrets/hydra-github-client-secret.age index 7da8bb51..62af22cf 100644 --- a/build/secrets/hydra-github-client-secret.age +++ b/build/secrets/hydra-github-client-secret.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 cKT5Kw 1zlvdl0Xt5hkKoRGtfGx1QHrN0eMVUKyuYPpll6gRkA -lCC3BPZ4YLIFF7RjFddc3Yd0PALE6psxoa83Gm9/CTk --> ssh-ed25519 Gr9EaQ cN7AQqu403k31C+Gnmir2cVovC5aEAiWI64Wx16Szk8 -77+c7wYsYi5UBiCdNYDjT912SnvQxYKoP8CaVePG2r0 --> ssh-ed25519 3ENwVg /XcvirXeMdnFwrWOl6vCBalahXht02pQEniTHb9rhiA -rA0fIND2liSyXBU+NgKAaFNPpFsR2PqaXh1dV5+yMMc +-> ssh-ed25519 cKT5Kw krCNPgqeLrULZyGtFdc2VwmEVaKC7uaDabi7tv3dHVw +OOEZQ4o4xqFs42TEYwNNWkOQbSvVkq8nGA38CIpgx+k +-> ssh-ed25519 Gr9EaQ /ciOg7Beq8wMwMlVlj+8qUfFkALaGuz4jV2DtG2HLB8 +MU0x/eqLEtUlygWfiBu41bZcPWRWXH40DeLkfTxmgMo +-> ssh-ed25519 3ENwVg HxpXlptq9Zp6AIRo0+poqbuFTHPRi/f/VGbL8ZO5fm8 +bt6tn4OrjXV+U6eDKuFEU8/dW5MkqOYqVdqkqVfCrG8 -> ssh-rsa MuWD+w -g8H4TxApVoRIEIWYKD6vIQKDVZVcIeZ1lQrZvlCDzKvm10Tf/gXHxYzetEjNW7Jj -xcW7AvClkhFvx30gV2yzGvcbppsILdz63Pi+lZDmmA6mMwEJvNmr2gJ299TZWOWf -b4Ea9JqIxxm5kSGa7uN3x08M45xqAiSKURfY/snnNOJ1xNn83wgIfaa+8kNoTxsd -rpkVOwSsoJSkPNSOPp/URvhY/AVG+UN038/ZdHHidPFQwkkUpD80gASwzoxabbKk -+YHSksOzsMpDqOgluUQ3/ZCHh0/enQjAipy4VOSnsyEsVw7RpO2oNajowPzQw69f -ev8u4w2VnRVDDdObXe0JnA --> ssh-ed25519 92bXiA SvFtyigSYI9qzl9Jp2hYe96IBeyDd5ud6CF5KXHA7QQ -eMDbXYBVdkrUGUzxuQ9Q3Zdt1FmedzPEBJF+pbi4XWw ---- KGAUCPEhq4lX6+8lAMCDnfZL07Fy0anAH1ElHfxREFA - --ާ"nb}I'ϩ$4A@ePa@2Ȁ& ϧ= \ No newline at end of file +qyi9QPAHw/dr845IdEOnyw6yu2M0b7nbX3ZCnClemJlmfFx1077RE0CWNEDR7LDt +0g8241mMIr85MYHDZuVPqH1W7ZTv/DFa39MJBhVCyC0Gl62Gz2ayO9d4flrQsvCv +NnaVKJPo0uxuvLTUlcX19WWVrt6v23sDMlChleUFdRJy84lMR8ouhtfZV1ipTqXq +4wZCsXgi1vV0F9oZ37KjV0irGECHNN9ehrrS943357+bJIlZMdVbsYLOXXiI8drr +mGzOwUFLvD5VRHTWgEZJz15oeanknTjpxrIt1AAJki+esPsKFRkEJ7eL6epXMclb +5iHW/MpgBXH0j8ARyg6/jw +-> ssh-ed25519 92bXiA qLAjwconq/2yxJnG91YE9UvpLe69rniXVAwHQYJS52E +X/W4+1RGYG6qCYGPiUl+yUmwwiNwt+zmhYHQ40d6C4k +-> ssh-ed25519 Y121Gw J21DUBHP2EpQPpOdUqNZ+deh/3DLjyYgT310v+EZAW8 +a8b8zJgf7DUW03hzGeW8dzvRq+Vl2RbmaG17muHoyDA +--- hAdUvRfRfdfakQXgM/QMbdpTBj+3vX0d0atqQVS6m4c +xG+BKE 5msMD{3,X9-gCksr:en \ No newline at end of file diff --git a/build/secrets/hydra-mirror-aws-credentials.age b/build/secrets/hydra-mirror-aws-credentials.age index c8de65dd..1d32dd0b 100644 --- a/build/secrets/hydra-mirror-aws-credentials.age +++ b/build/secrets/hydra-mirror-aws-credentials.age @@ -1,35 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 s9hT2g OuvdELzVyk8Sel5l6fFoE2+CM1S1O3RdNUwpSAqkxn4 -Y32bmIZHe+jiaGvsa+thNQIIEriR2tuQq8NZvrxwDfg --> ssh-ed25519 UnbSJQ 2CT1k3oo1pSYEd8CFOcoZ5Nwrpwpa1sXS34958HNgjg -v+EmGVUh3JUYa4udCKls3WXdalBExMthJow5Uld9Vb0 --> ssh-ed25519 Srtq2A zCu7JH2MpuOuuk4YBgfB9NlCl610R2FNFJ27r87Owzw -czcNNQiOiOKCP4ROLWP+XOIvYNoG/7iyx+5weyxSV48 --> ssh-ed25519 KdJNLg AvGJjg5AlUoQKH9NEvNUbBftXTKw0HPE3SNG51CxS20 -91gGua+pyUvqZ5bY94j0bljeA/9p+XG1oRMmvn4DM0k --> ssh-ed25519 92bXiA +Me2Jcvw8Ub+R+Gx37LMvKmk4s4eLFlnePGZwQN1q0I -2+eVvUDpoRTbWk+Vrp7h37KUELh/bR9D4+3eYZyzLE8 --> ssh-rsa ytBgrw -jeUZGWVC6OIY678lK82dLa4sboJIE/ZcOE0bVOB+HdJP0yWjHEtQgRO99V/PrQ75 -8ZNS8ax+cbL+x7UGw/601WMiOL5jHy4fYLBRODekCsVjzDpsAPurFXMblykapw1c -QpHOHU49JWBWU/l9QHDuejzEUUY1QQJI0T54JN5ln42se/QeOdvuWJLvK68mDON+ -rk54u6r9NQj+vEAAcvDa9gGAqdGJGNby3oFq3sh/dIsjNQ4U5+kAjeeOpYqQxfvC -07c+D+K9pXOG5w0rHjAVazBKCRMLeFWF6pzfJyw9bMnEx8D/OIa1EQ1AVLrbzKUB -dzuCVarVYfTv+0fqXAi9iQ +-> ssh-ed25519 s9hT2g 3oyWmMcrRcr1Evv9+Srx3z3OyKajSPpJiC3APOYE0RU +RCC/gmOyy0JRkWIRhzK37xckWnpQYQ74HVAKsRJdL+Y +-> ssh-ed25519 Gr9EaQ SW4eNlIrULIh+T/IywhzHe8A6wCxoHBSrg9LmC2yOWM +DbTv2Es+wHfOU6ylHfGi33BnZW9IhtmqawLBax1JPqE +-> ssh-ed25519 3ENwVg SKaButhSVmBUl8IA+yJk/z+An+/JV9oUQ/lAGEI/VXQ +6df01m0908K4WtxWoQZTwaETdm0liOz7U+hj4774rBQ -> ssh-rsa MuWD+w -k4zSKHQN1igQ+zL24b88+yjN4/E5+Ie5QQgFoo88UlIfXUeoesgT9e8Ey9O+OwLz -S4FGa7PM5L2UPaIZRbE3Z1OQ0EeGEJgnIaE8/l9chvDS2/0/hD5L3DT0mNdt5Fnd -4T72St6dbJjkPpFENjOJm2zynJEsKrPHzGyMtfqSrblEgoUtrKAkMoSAI4EwZv+I -JyjF2lnHtbvNFHYjHMeCrBnBB6ieLNXSZ5JraCKx2QMJPQxQx6J6zROYteN3LtTR -mNjU1rMQd49NGfdb8sQTUH/DcB4KjEJjz3RG9AVP1M9egagTY5iTM7vfZxmIqzA+ -xQgkDye3Yyzsif2Bvodu6w --> ssh-ed25519 K3b7BA b2PWOfkKT+O76tOihG5m2F2UlrOOHKLyv1ijY7ZZCS0 -vHcqfycT4qoq+6bBoISFsxQ/Mw5uXtRPO2KTE6s6D84 --> ssh-ed25519 Gr9EaQ Jv3gTB/55UuLdC6RZhwkYBF14rvvjkibAcvtUXdjGn8 -EiHxq6NJWa4wbq8fMcZZs9hfjiGRx34iHAwIJZvpPhs --> ssh-ed25519 3ENwVg g4DeKYZkTAwLokwZHKtp+bnKgyQjbZ6fiBNiwnxtoG0 -eG87gaj+ib/LuTew2/5vkE9A2nptOd+taMs4UYrO1To ---- 1ySTx32JKDPJOTIOf/LgJYZXil2TIZNHj20WirRFydY -Ռaouƹ.})Ad /<&RLz -;/tƆ$$br8Dh5 en:M9E-H7@196. -'"uw#njjK¦3JKH<+ \ No newline at end of file +Pc51cz+ZOpJ+bakeYitE0Es/gFPjBGMhnACiT7O7shcT7vYSJPNRM8IpTpOxfbf3 +HjzPBNjUihVjGshQ1JFaXbwfmnvF0yIImSlJtWDteyGX2x1yzt+/oA3zjj1KDfku +qdrhUSRnnobMrSuSaPE4DSnUddXbaMAY/kzzoxzU+nK9FusvJhCgmZ3XYhN+ew79 +aQs+7YXEgTH5J72monWgeYQkj4baTY32xFwqj9qPdx5JjMvtR4cX9xkC7R14EyBd +HJeCU87uiR3Ibc27COMso1YSp2u/quc7TKmjOHyYfyi7mYZU/JC2ccDsEr/HCE4m +x00f74TPjV2UY/raslCgYQ +-> ssh-ed25519 92bXiA 4PM+2XEb8unFUvJXgNqErFmUOToBgF/x5DvCCxWazGM +xn8PfNfujIkDXtbaH0RVtyzOCPCbDig8hnUOgqfsNGI +-> ssh-ed25519 Y121Gw faO3WbLjVR26NrVIJfGO5eSrT5DI6fdTYyxPWxD+DDI +e+WqhJj8EhpXU8nxfB4dDeZZqxvmR/xNfKXj4oT5U7s +--- CJHN+xb4JfmgPyfZ5QoCGQTo2m6jqIqF4EW88S55Ymg +j]}H܈vix:s{3rC#qeaW\ȘFV0:hs+t$ÈsPr\Ы]6Q2Nka؎M ,xN1/;O`2losѹg&` & \ No newline at end of file diff --git a/build/secrets/hydra-mirror-git-credentials.age b/build/secrets/hydra-mirror-git-credentials.age index 015cca22..c09d2de0 100644 Binary files a/build/secrets/hydra-mirror-git-credentials.age and b/build/secrets/hydra-mirror-git-credentials.age differ diff --git a/build/secrets/owncast-admin-password.age b/build/secrets/owncast-admin-password.age index 9ef53ddd..243243ca 100644 --- a/build/secrets/owncast-admin-password.age +++ b/build/secrets/owncast-admin-password.age @@ -1,18 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 s9hT2g zQ6WzOL+1nkg75J8o4SCxzvVZi6gYdSkUSCd+f0oUQk -dxItcKGnxUUhzuQWUNs3hmJwPaJF8Rhn4FJbom9tc0A --> ssh-ed25519 Gr9EaQ USWQtUTQsy1B1p4rGOgdfBYg2ch0fDAxHRA7m6gj9ho -UCA2ExE91+5aMHiRk2OmU4NSPySTzEWtXTpmN/q9RI0 --> ssh-ed25519 3ENwVg 3dpO8ExOR5pr9aIuRjzO7+JEJWCMfDawefoHNcyw0S8 -zF9V5KuZU6hiCtxzYDfrZ1tO6dU3HRZtjQz7ihteBG8 +-> ssh-ed25519 s9hT2g M/D2oe8ocLzBBe0VTEO6UZ0gZb+dL13/rfZ38N1KH1I +1KmR71+57D0aBRlU7ZvPz6Prg3mNrYc7myq7JRdQQH8 +-> ssh-ed25519 Gr9EaQ iOVXjyLAa/RSGBefsQismPkx53f9OGU1qMzO2rrqhhQ +8I6aGwAs7AFC/GWW7S+lv7vGyJW8T7Icv1bfHBtNdmE +-> ssh-ed25519 3ENwVg 5rP46xlqZkRF7u37BxB5PG5utkRHmfpYFxYiCA++xBY +K0/s0hGBIr88ZHocBrHrEuEUEefAnqH4Fe8dMlCcOHM -> ssh-rsa MuWD+w -ewDKxmREQzA0Ryc1CfXZ3DnctZ3LjdYhFZuEY97nQdywX4yrijjY/KecNpgI3AKy -yjBdS1cvrlXW5JY40kvwNGnsC2wAL74ccrBBxkPFxbenOTU8xdUBBSXLj3Ad392I -RvepOJBVg4i6JvBKZXfuDVEKijcmuuaa7QGfnnIawhGOu1crltU+SPW48V2ryH1N -xG35dle3FoND9jWoxsf6Ftznyn96pqj1t3g5BJYPvofaO8iqkBQr/zbQjimQm10n -HzIF9S7qf5I8kadvRFPf6nd7nWDCaT0LeSwzc4hA0FzqrfzU0VvM/K/XdO9hFR3N -K3kxQZg43pae4nt5Eqn1iA --> ssh-ed25519 92bXiA hggcpARKLg5rZ3zufQO/ArpFFd2eEfMdCBvuvjJSOX8 -seMbAuoEf5X7tjS2rPfQoBS45Vyy2Im8EBn32zDeJz4 ---- Y10ci1xFNmo/Hnf+XctF0uDe82ZLV0yPI9n5qcREOpg -?/Zm $j;0wo-{K֛`AG\v~0I4'7Dd \ No newline at end of file +BeO4rjxRzb54rbpEglPIkhluPp2wRBKxL97Ta4utvUnG44IXRnWt6tuj016qVTXZ +Z8OzrDVTwusXJZxmOehsgF/rogFAj1Ju+bf9s4fojv1nC8ITnsXLMQjzA0X/VcTA +DgVWw8+Elrt7sJGiL3C9ws9ATt/suPSdkL+aNhOvJXRwb9NfQUn+XowvJRg1VnzS +AQx9tTyGVB5GcI4LnxHnyqPj+6ZD/F9XqbHijTMrx60GqRlqeEu9JiUa0YtWnBgX +FcIrvoRQ6b7G5QDivbqCQ4VuJDrSd7xqKddQVea1KglrQHQdY3KFNUHVlEs1n49z +Nia8ty+qWIwAEfwyt6c0Tw +-> ssh-ed25519 92bXiA F7v+xOHVTL3wZ5KUHW+nAyrl93/awx5TXv4izicA0BM +OD2ivZ1FQ696Wh+odAA4xiJElXEhqsgBok7AJ3ny10Y +-> ssh-ed25519 Y121Gw YUG5YErjueT2gqqX1x34b6U35uhbdKZWgcTALMXTRXY +0F9uoegrWXP3lzjRk3eJCtu/OGZO/QqafpVPYitUM2k +--- M3nGs3hV2JaDDtPyuNeKpyh/OdpZAk/q39OTk8n9m7g +J!{-FF/"TK#ׅGGN|ZU DQ1d1Ԟş \ No newline at end of file diff --git a/build/secrets/pluto-backup-secret.age b/build/secrets/pluto-backup-secret.age index b94e9914..56dc687e 100644 --- a/build/secrets/pluto-backup-secret.age +++ b/build/secrets/pluto-backup-secret.age @@ -1,33 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 s9hT2g iiqAVBIhC7vXmxEAgrzYWXOYGbs4L0ayT72YMC0MQRQ -J4o6rL2z4685NRll1EXMVGqmblUSxqBCUIYYUUNoB3E --> ssh-ed25519 UnbSJQ 7cyyemPmnKRxXtaxkyiow+c4Faf4G4irZ4pc5VNuEnM -/eU3lpb2Xe2r6+VnPa4g1UDUJQSpK16PeXu6IzglSok --> ssh-ed25519 Srtq2A aenMWRJTY5LzQqLa2wZpzjhkIZaQOvS1qZLKwmoYUTw -BC0ty1E/0kjzVgDjdEB4VvfQowCqbOh5aZ8UNXekEBU --> ssh-ed25519 KdJNLg Qeli+hf2nj4jP824rEOD2EQB0WGMXucbUd/ijC7CSFc -aiclFpnZXyXRoT4sqGNRjxDP+EY8Hnx4OE4IzE5KS1o --> ssh-ed25519 92bXiA 5FYsuCVeKM70p2+OhWEW6fAFPZInJbhzZmvd/Ezsr18 -hIUn4Mp1y188LIe/aIl2yPY0Exh+VHK4wdYPVN7akso --> ssh-rsa ytBgrw -N3+N5DZyWWb8cZXM7f6kZaoE5q56PZLtDZAik69oCnnqzqcpJArv+jsiUktV6n6C -2IzXhnugqfvhHsCEgvo/mfIg49Pk8l+qrgdgCLtx3tNl3haLDI5zqLVETrH8d2v+ -Z+aXIVwzi/sT/z9oqj6Up8oWrnEhmdugVdkQgNpndFQ2O+ZFEaexg85/9km/Joz4 -6qMrvr21FkX+BXqhtB01h0f44OSPD7nJdzeiyz3f7AGKQB4EYBcb7DgLFSMrrsU9 -RQF/VBwHmJ0b4kMu5k8ozNWnFhaPGWhXsn2bi+QAh5526wwoZ3+bnZfEvCzf5OKK -hqFAFP+j9Fef5Im5pxmPRA +-> ssh-ed25519 s9hT2g reYMr+USW2vh77665Ga/KtPbeu5OrdgrKgI4sYo8plo +4eBoVfWTjRe4w6Vdl6OAXKJr7kaSJqVVm9se0rL7IEA +-> ssh-ed25519 Gr9EaQ lNX/PDcE3MXI0q/o7tnA9AlloF6uncD51FYTqdZP3j4 +otONyo6e5INW12x1Al5WqnTwfihRGL6dxdrH1/HYbe8 +-> ssh-ed25519 3ENwVg 2ZHD8vTCA+FPMRO1kSvUo937f9thS8IeTApGltFhjkQ +bEN1eLyrqMtY0KuZ3IkRdIJzvX0t4bb73XzlDcuAgII -> ssh-rsa MuWD+w -qL/PkS75WkFRkoQ18caMysXAWl4hF2TGZ65HDThuS+npmumdIZP1c9Zq2/nbTeO3 -Xj6SPHcQowD3HRqfZXNpsGmaSUBjufjd0sTZfQ9rauGxGSBmajxkHMNKupsk553D -BoCfGzzKp7f5GD6hcisVf9+qXwMVo9oEBjyUxzDw0sjmGOt03Ri6OJVqxniwsawE -aVIioeZrJxjaiQKotDF3UdYrbjmVipO2EBgl4bha88lAn2m/OjynnDSp7IS+gX81 -PORIh+0lXA0no2pQpZfcwBv7+P2oGV68IeQ34kuzBEoAwMVCxifnBaLxAOL7Jfj7 -4G5bzH3Pu3UvBzan5tJCMg --> ssh-ed25519 K3b7BA 4b9hz+nQHQDVT1BohPTavJD1iuwRZDayobLQ9rxCzjM -hxrYeUV2WF3rSuNhZ8jkpOyK42/2+zOT2JXG9RnoqdQ --> ssh-ed25519 Gr9EaQ jEec7HKm8thPxkgHBDfZP1hFcM4XZkzmek47N75fZDg -zPKVEwBE+ewrlgva1dBQxZep08i9fQNffvukadXZVCM --> ssh-ed25519 3ENwVg BByWp1z2wuuiVKRGO9AZw16+AaQ1c0CvoZQxbpxP/g4 -jljWkocfKTcFZT/MdFLTd5OS/ZXGzvgHOYhxUPqFEzo ---- 4iVYGxgzCUMuxyglrZeXMcFH/NjG6iFD2f+CAZDn6R8 -Dy}|iE%ժӌYX=XRjb\$T&6[ϰfA"w F{FJJo \ No newline at end of file +FPAZH3iUoF7It9uGw1DHksmbsYZcRqvZqGcjbnJLP/JiHmriUSyELQl7bH4n1+6H +GWhqBiqNKPWJoCq0y3vXaCzN9iFXwGCVaAyNZk3+ox/Q0dBietO0ux4MzajAWl8b +mr/UR3Mk2ybGkIBIfh1Wko8cdA+tWyCsl0CdSyqI2JY523xf/pOwcE0YLQ2kGhQc +ifu+AmIKqXbZiqhS0yj3+BM9rgJ5gVxZMKAp/CjpIBpEu/fmK64mRryAVsL0EEBF +O2CwBsqyFyJvcW3yTBdHxfKhorZrMrGO18d7CGFHGswU/AXi/UxyzrkfpjVgFUfm +b2qeI10f8PZAibqHYcQJBQ +-> ssh-ed25519 92bXiA sXYrwOcZlNpPoGELwRTsjfSNldPr6CVtv9VcYK1flGY +aMhNq6L5M70bUFR/o+7M/KcQyv9/BfVkxgzvU/fD5gk +-> ssh-ed25519 Y121Gw sGVkfMeghciO9g840KPsVsohEkEgC1Rb8mnQI0QZe2Y +uDzza0+uGQRMzTiUkYz9n6Jyt18i7TTHWBrX0p8vHAQ +--- rXFfiiTQ+BEa3Hvs0BTWxI+b1wPBwyTgWeq24QeqXVw +)caEuDW[c(8-_1nJ{6+KߤmUf5M~CiB2Ys΀hg#z? \ No newline at end of file diff --git a/build/secrets/pluto-backup-ssh-key.age b/build/secrets/pluto-backup-ssh-key.age index 6eedee7a..95dde5e8 100644 Binary files a/build/secrets/pluto-backup-ssh-key.age and b/build/secrets/pluto-backup-ssh-key.age differ diff --git a/build/secrets/rfc39-credentials.age b/build/secrets/rfc39-credentials.age index c012f874..9907ab1c 100644 Binary files a/build/secrets/rfc39-credentials.age and b/build/secrets/rfc39-credentials.age differ diff --git a/build/secrets/rfc39-github.age b/build/secrets/rfc39-github.age index 27a894db..20afda7f 100644 Binary files a/build/secrets/rfc39-github.age and b/build/secrets/rfc39-github.age differ diff --git a/build/secrets/rfc39-record-push.age b/build/secrets/rfc39-record-push.age index 3ff3fb7a..52f8e73d 100644 Binary files a/build/secrets/rfc39-record-push.age and b/build/secrets/rfc39-record-push.age differ diff --git a/build/secrets/tarball-mirror-aws-credentials.age b/build/secrets/tarball-mirror-aws-credentials.age index 73246f30..5e83b5ac 100644 Binary files a/build/secrets/tarball-mirror-aws-credentials.age and b/build/secrets/tarball-mirror-aws-credentials.age differ diff --git a/build/secrets/zrepl-ssh-key.age b/build/secrets/zrepl-ssh-key.age index 2bd5ac54..646fdeab 100644 Binary files a/build/secrets/zrepl-ssh-key.age and b/build/secrets/zrepl-ssh-key.age differ diff --git a/build/titan/postgresql.nix b/build/titan/postgresql.nix index bf7bb378..260a3e0c 100644 --- a/build/titan/postgresql.nix +++ b/build/titan/postgresql.nix @@ -19,12 +19,12 @@ networking.firewall.interfaces."vlan4000".allowedTCPPorts = [ 5432 ]; services.postgresql = { - enable = false; # TODO: enable after data migration + enable = true; enableJIT = true; - package = pkgs.postgresql_16; + package = pkgs.postgresql_18; # https://pgtune.leopard.in.ua/#/ settings = { - listen_addresses = lib.mkForce "10.254.1.9"; + listen_addresses = lib.mkForce "10.0.40.3"; # https://vadosware.io/post/everything-ive-seen-on-optimizing-postgres-on-zfs-on-linux/#zfs-related-tunables-on-the-postgres-side full_page_writes = "off"; @@ -97,7 +97,7 @@ # FIXME: don't use 'trust'. authentication = '' - host hydra all 10.254.1.1/32 trust + host hydra all 10.0.40.2/32 trust local all root peer map=prometheus ''; diff --git a/build/titan/zrepl.nix b/build/titan/zrepl.nix index 62e53324..80034e79 100644 --- a/build/titan/zrepl.nix +++ b/build/titan/zrepl.nix @@ -14,10 +14,10 @@ knownHosts = { rsync-net = { hostNames = [ - "zh2543b.rsync.net" - "2001:1620:2019::324" + "zh4461b.rsync.net" + "2001:1620:2019::336" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlIcNwmx7id/XdYKZzVX2KtZQ4PAsEa9KVQ9N43L3PX"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtF46LwRn+hC9vuw0vedXBKGNPMSIqrXdxl+EQOI/8J"; }; }; }; @@ -94,7 +94,7 @@ }; in { - enable = false; # TODO: enable post migration + enable = true; settings = { global = { logging = [ diff --git a/ssh-keys.nix b/ssh-keys.nix index d6ae52df..c715ca27 100644 --- a/ssh-keys.nix +++ b/ssh-keys.nix @@ -33,5 +33,6 @@ rec { haumea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBamzRwZmoLjBFoNruGSVJEahk02Ku7NrBOmqcRWxcPm"; pluto = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzc6B1S4mp3T3oWZnqQDkDVWFBIzLtkgkdgstfYZ5d/"; mimas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzfTNppOS5b5IvZl1wqjGTUZE0D/o/MY8d7uKPWDvIp"; + titan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDgz6s5Yho6/bjvrRDuJ2IewAZQaevAMOeMjVjMaw5e+"; }; }