d
pipe tcpdump -ni wg1 into promtail via
labels = "__path__"
u
togglables - sysd services (sing-box, tailscaled) that can be toggled by
non-root (using sudo rules) and have a script for doing that.
u
sudo rules + interface
u
script
u
xmonad integration
u
grafana declarative sources
u
terranix for simplified management
o
using flake parts prevents nixosModules from being checked
reason: fp wraps modules in m: { imports = [ m ]; }. do we
even need to check the modules?
o
move ssh keys to hosts.json
u
vault
d
vault
d
nats for rebiuld requests (with ref), etc.
d
agent: chown
d
agent: service restarts
u
PKI engine
i
tf files in config and a simple just script to pull state
d
store tf files in tree
u
provision secrets to tf via env on cd
u
generate .envrc with secrets (rotateable)
u
store state on s3
d
restucture module imports into a separate flake module it gets
modulesPath and imports it into attrsets based on directory
structure
u
rofi
u
clipboard manager
o
reapply file by unnixing and copying from
nixos-rebuild build
o
dev/undev just commands dev: replace github:head-gardener
urls in inputs with zoxide output undev: replace inputs back from
comments and lock-commit the input update
d
incident: jenkins build failed after slave couldn't
pull scm date: Mon Oct 28 02:41:59 AM +03 2024
reason: after a resolver change
(remove: tailscale) container didn't restart, and still
used the old resolv.confsolution:
restart
d
incident: btrbk-local fails to create root snapshot
date: Mon Oct 28 00:00:00 AM +03 2024
reason: btrbk-s3 already created it
solution: randomize service start times
d
incident: ci melted after 20 minutes while building
checks.mkDesktop http://blueberry:8080/job/config/22/consoledate: Mon Oct 28 00:03:07 AM +03 2024
reason: possible overload from another pipeline for the
same config solution: delete the old pipeline
u
incident: dns queries from behind sing-box take
absurdly long