simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
1240 commits 18 branches 0 tags 8 MiB
Commit graph

410 commits

Author SHA1 Message Date
Simon Bruder 0ab3260240
sayuri: Drop amdvlk in favour of radv 
DXVK segfaults/exhibits weird errors when using amdvlk since upgrading
to 21.05. Mesa’s radv does work and I did not notice a perofmance drop.
 2021-06-20 11:22:34 +02:00
Simon Bruder 71a5ea7a0d
Revert "fuuko/mautrix-whatsapp: Use unstable version from PR" 
This reverts commit e1b59d57ff.
 2021-06-19 16:02:04 +02:00
Simon Bruder e1b59d57ff
fuuko/mautrix-whatsapp: Use unstable version from PR 
nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/126966
 2021-06-15 19:20:25 +02:00
Simon Bruder 621d209680
sayuri: Add specialisation that disables mitigations 
x264 encodes over 2 times faster in one example with mitigations
disabled.
 2021-06-09 15:22:17 +02:00
Simon Bruder 80f33f9095
Add contact page 2021-06-02 13:24:36 +02:00
Simon Bruder e0efa77520
fuuko/nar-serve: Use NixOS module 
Since it does not provide a `package` option, it has to be overriden
with an overlay.
 2021-06-01 10:16:15 +02:00
Simon Bruder 56b9c6c37f
Add module for on-demand usage of mullvad 
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.

Fixes #32.
 2021-05-31 23:02:11 +02:00
Simon Bruder 6f31ded457
fuuko/wordclock: Use 15 character long password 
```cpp
    struct {
      char domain[32];
      char clientId[16];
      char user[16];
      char password[16];
    } mqtt;
```

(f637c2f39e/PersistentStorage.h)

This went unnoticed, because on NixOS, mosquitto does not validate
passwords by default.
 2021-05-28 23:08:20 +02:00
Simon Bruder c918486622
fuuko/mqtt: Make compatible with Mosquitto 2 
This now requires authenticating with a valid password, which it
apparently didn’t do before?
 2021-05-28 23:05:22 +02:00
Simon Bruder de3f8f8909
restic: Make restic prune regularily on fuuko 
Closes #41.
 2021-05-28 15:01:06 +02:00
Simon Bruder d3d41da2bc
vueko/murmur: Explicitly set murmur as system user 2021-05-28 14:24:25 +02:00
Simon Bruder e80a0b0c07
vueko/radicale: Use services.radicale.settings 2021-05-28 14:24:02 +02:00
Simon Bruder 7d7da189d0
nunotaba: Reinstall on btrfs filesystem 2021-05-28 14:05:14 +02:00
Simon Bruder 6cb59d0149
nunotaba: Use performance cpuFreqGovernor 
With kernel 5.10 powersave is stuck at 798 MHz for some reason.
 2021-05-28 14:05:13 +02:00
Simon Bruder 091f6b0e14
Update to 21.05 
This still uses the relase-21.05 branch which should later be changed to
nixos-21.05.
 2021-05-28 14:04:53 +02:00
Simon Bruder 36c0c67e36
sayuri: Update specs in readme 2021-05-27 18:06:34 +02:00
Simon Bruder d64f4a8741
vueko/mail: Add alias 2021-05-25 09:48:25 +02:00
Simon Bruder 71209d0cc8
vueko/mail: Add alias 2021-05-21 12:30:36 +02:00
Simon Bruder 961b497609
vueko/mail: Add alias 2021-05-17 19:05:24 +02:00
Simon Bruder 2c8a291ae9
Make flake inputs available as module argument 
This moves a bunch of stuff out of flake.nix into the modules they
belong to. This removes complexity from flake.nix and gives the project
a more organised structure.

Sadly, it is not possible to import modules from a flake outside of
flake.nix, since that leads to an infinite recursion (`config` has to be
evaluated before `config._modules.args.inputs` is available but `config`
depends on an import from `config._modules.args.inputs`). Therefore, the
`extraModules` argument in `machines/default.nix` has to be used for
that (it now has access to all flake inputs).
 2021-05-15 10:04:44 +02:00
Simon Bruder 531060668a
fuuko/hydra: Show logs after build is completed 2021-05-15 00:01:04 +02:00
Simon Bruder 9f70024257
fuuko/hydra: Make serving build artifacts work 
hydra-server.service does not have access to the signing key.
 2021-05-13 14:23:10 +02:00
Simon Bruder dc1698ffaa
fuuko: Add hydra 2021-05-13 13:07:17 +02:00
Simon Bruder ca2136ef04
sayuri: Allow discards on data ssd 2021-05-07 14:37:53 +02:00
Simon Bruder d3ec5f4ba1
sayuri: Reinstall on NVMe ssd 2021-05-04 23:15:05 +02:00
Simon Bruder c3a3d8a12a
Adapt documentation to current configuration 2021-05-04 21:45:05 +02:00
Simon Bruder 2bf9577b61
vueko/mail: Add alias 2021-05-03 19:33:53 +02:00
Simon Bruder 10ced7f2bb
fuuko/torrent: Make socat work after forced stop 
This should improve behavour after e.g. a power outage.
 2021-05-03 10:17:00 +02:00
Simon Bruder 440fc97f7f
AriaNg: Include as flake 2021-05-03 10:16:59 +02:00
Simon Bruder 51f814c70d
fuuko/go-neb: Use sops for secrets 2021-05-03 10:16:59 +02:00
Simon Bruder 84c72583fe
fuuko/drone-runner-exec: Use unstable nix 
This also adds /etc/static as read-only path to the sandbox, since
otherwise /etc/nix/nix.conf can’t be read.
 2021-05-01 18:31:05 +02:00
Simon Bruder 400b55a293
Convert to flake 
Fixes #3.
 2021-05-01 17:36:58 +02:00
Simon Bruder 7d19c9b039
sayuri: Use radeontop from unstable 2021-04-25 09:54:49 +02:00
Simon Bruder 78f4579556
vueko/mail: Add alias 2021-04-23 10:21:11 +02:00
Simon Bruder 08b8fce2d4
fuuko/gitea: Store session on disk 2021-04-19 14:35:42 +02:00
Simon Bruder 4af55ba3e9
vueko/mail: Add alias 2021-04-17 12:15:43 +02:00
Simon Bruder e070cb9107
vueko/mail: Add alias 2021-04-17 10:56:15 +02:00
Simon Bruder 438fad34fb
vueko/mail: Reorganise vim folds 2021-04-17 10:47:07 +02:00
Simon Bruder cd30750fdc
fuuko/media-backup: Init 
Fixes #49.
 2021-04-16 17:13:46 +02:00
Simon Bruder b9abd825cb
vueko/mail: Add alias 2021-04-14 15:43:16 +02:00
Simon Bruder ec09bbf6c6
fuuko/gitea: Remove version override 
Version 1.14.0 has been released and is in nixpkgs.
 2021-04-13 09:08:04 +02:00
Simon Bruder 602573cd34
fuuko/dnsmasq: Reliably work after reboot 2021-04-10 23:23:46 +02:00
Simon Bruder bb8c54065a
fuuko/drone/runner-exec: Remove port collision with grafana 
Drone docs [1] say “Overriding this value is not recommended”, however I
do not see why I should not be able to change it.

[1] https://docs.drone.io/runner/exec/configuration/reference/drone-http-bind/
 2021-04-10 23:21:46 +02:00
Simon Bruder 746581ceba
fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH 2021-04-10 20:16:08 +02:00
Simon Bruder bed82e297c
sayuri: Migrate to sops 
Fixes #38.
 2021-04-10 11:58:50 +02:00
Simon Bruder 5dff1a426f
fuuko/binary-cache: Add nar-serve 2021-04-08 21:40:14 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko 
See machines/fuuko/services/binary-cache.nix for limitations.
 2021-04-08 16:19:57 +02:00
Simon Bruder 68fbc9e185
fuuko/go-neb: Notify room if alert is firing 2021-04-08 10:04:30 +02:00
Simon Bruder 9dbd7f9c85
vueko/coturn: Manage shared secret with sops 
This requires not using the NixOS module, since it does not support
loading it from a file.
 2021-04-07 12:23:48 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets 
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
 2021-04-06 14:05:48 +02:00
Simon Bruder d253f74a06
sayuri: Fill in purpose section of readme 
Also, next time try to spell FIXME the right way so I don’t notice this
months after setting the machine up.
 2021-04-05 13:38:33 +02:00
Simon Bruder 5c4284d68c
fuuko: Add dnsmasq prometheus exporter 2021-04-05 13:18:43 +02:00
Simon Bruder c26539e607
fuuko/prometheus: Actually show node name in alerts 2021-04-04 14:34:44 +02:00
Simon Bruder 1b08afd515
fuuko/gitea: Also use ed25519 ssh key 2021-04-04 11:18:34 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ac7e1c1123
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00
Simon Bruder ce7425d8c4
Remove issei from vpn and prometheus 2021-04-02 18:13:09 +02:00
Simon Bruder 94b2746018
fuuko/go-neb: Add alertmanager matrix receiver 2021-04-02 17:46:07 +02:00
Simon Bruder 2897451a65
fuuko/prometheus: Set external URLs 2021-04-02 16:44:17 +02:00
Simon Bruder 8b1b969aa9
fuuko: Set target to production hostname 2021-04-02 15:10:14 +02:00
Simon Bruder 98a4f345eb
fuuko/matrix/mautrix-whatsapp: Init 2021-04-02 15:09:57 +02:00
Simon Bruder 0ae96653a5
fuuko/matrix/synapse: Init 2021-04-02 14:59:14 +02:00
Simon Bruder b6297d0153
vueko/coturn: Init 2021-03-31 12:08:35 +02:00
Simon Bruder 15075a818d
installation: Remove FIXME from comments 
Otherwise grepping for FIXME shows this, even though it’s not what you
expect.
 2021-03-30 23:49:08 +02:00
Simon Bruder 2d74dac8c0
fuuko/hedgedoc: Start after postgresql 2021-03-30 16:13:20 +02:00
Simon Bruder 50f0968738
fuuko: Add gitea 2021-03-29 14:08:53 +02:00
Simon Bruder 5491ef4817
vueko/mailserver: Add gitea user 2021-03-29 13:48:10 +02:00
Simon Bruder cb8a8f3c8d
fuuko/prometheus: Enable admin API 2021-03-28 11:04:48 +02:00
Simon Bruder 55099f1884
fuuko/prometheus: Raise retention time to 90d 2021-03-28 11:04:25 +02:00
Simon Bruder 9f8c80029d
vueko/mailserver: Add aliases 2021-03-26 19:40:20 +01:00
Simon Bruder 5e8fb02b78
vueko/mail: Add alias 2021-03-21 11:53:47 +01:00
Simon Bruder 58c72c3200
Allow build on machines that are missing secrets 2021-03-21 11:36:14 +01:00
Simon Bruder 7cb3142526
nunotaba: Disable docker 
Fixes #15.
 2021-03-13 10:59:43 +01:00
Simon Bruder 57652d8a79
fuuko: Add hedgedoc 2021-03-10 15:42:21 +01:00
Simon Bruder 966667b87f
fuuko: Exclude scans from system backup 2021-03-10 11:27:56 +01:00
Simon Bruder db54dfaed1
fuuko/dnsmasq: Allow DNS queries over TCP 
Sharepoint manages to return enormous responses when querying for an
AAAA record.

$ dig sitename.sharepoint.com AAAA
;; Truncated, retrying in TCP mode.
 2021-03-10 09:13:37 +01:00
Simon Bruder d6bddf40c0
fuuko: Add ankisyncd 2021-03-09 21:22:19 +01:00
Simon Bruder 3a5568a136
fuuko: Enable full postgresql backup 2021-03-09 11:50:32 +01:00
Simon Bruder 515939677b
fuuko/torrent: Add resolv.conf to aria2 netns 
Even though aria2 doesn’t respect it, it is useful for for debugging.
 2021-03-08 19:38:26 +01:00
Simon Bruder 3da67f7576
fuuko: Enable system backups 2021-03-08 17:33:30 +01:00
Simon Bruder e8626ba27a
fuuko: Add wordclock-dimmer 2021-03-08 17:03:30 +01:00
Simon Bruder 0c081d9805
fuuko: Add dnsmasq 2021-03-08 16:19:49 +01:00
Simon Bruder 786edd1caf
fuuko: Add aria2 2021-03-08 15:55:24 +01:00
Simon Bruder 07f152cb20
fuuko: Add media file index 2021-03-08 15:40:41 +01:00
Simon Bruder 878bdd30d5
fuuko: Add ftp server and scan converter 2021-03-08 15:30:04 +01:00
Simon Bruder d1cf0f698f
fuuko: Add grafana 2021-03-08 15:10:15 +01:00
Simon Bruder 70ee44fbc5
fuuko: Add prometheus fritzbox exporter 2021-03-08 15:10:15 +01:00
Simon Bruder f388995ef6
fuuko: Add prometheus 2021-03-08 15:10:15 +01:00
Simon Bruder df303dcc2b
fuuko: Init 2021-03-08 15:10:15 +01:00
Simon Bruder 724bcd31c5
vueko/nginx: Make vueko.sbruder.de default vhost 2021-03-07 15:51:09 +01:00
Simon Bruder b6e2d2f347
vueko/nginx: Enable recommended proxy settings 2021-03-07 15:49:24 +01:00
Simon Bruder 542a89ef57
sayuri: Add foldingathome specialisation 2021-03-06 15:32:18 +01:00
Simon Bruder cbf2536e32
vueko: Enable nginx hardening 2021-03-05 16:00:10 +01:00
Simon Bruder bdda31a807
vueko/mail: Add alias 2021-03-04 20:08:37 +01:00
Simon Bruder 86348d4c60
vueko: Add element-web 2021-02-28 16:16:06 +01:00
Simon Bruder 83f1c69713
restic/system: Constantly use system for naming 
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
 2021-02-28 12:22:43 +01:00
Simon Bruder c77328af22
Replace builtins with lib where possible 2021-02-27 19:57:00 +01:00
Simon Bruder b3d28b4752
vueko/mail: Add alias 2021-02-27 17:24:26 +01:00
Simon Bruder be7e67cf1f
wireguard/home: Make vueko central server 
This also restructures the wireguard/home configuration, since now
better peer management is possible.
 2021-02-20 19:57:04 +01:00
Simon Bruder 0ec1fb5257
Make aesni_intel module available on boot 
This should increase LUKS performance significantly. In reality,
however, it doesn’t work that well. The difference of raw vs encrypted
block device speed still ist ~ 100 MiB/s. Even more confusing is that
nunotaba’s Intel DC SSD only manages ~ 350 MiB/s **without** encryption.
 2021-02-17 15:33:10 +01:00
Simon Bruder e21c769524
machines/installation: Set key map 2021-02-16 17:34:21 +01:00
Simon Bruder 27285a098f
vueko: Serve imprint over http 2021-02-14 19:49:05 +01:00
Simon Bruder 474cc7d0f7
sayuri: Disable docker 2021-02-11 14:11:30 +01:00
Simon Bruder 3fc9846bf7
vueko: resolved: Disable dnssec 2021-02-10 14:22:00 +01:00
Simon Bruder 3ba514c502
vueko: Add readme 2021-02-09 13:38:32 +01:00
Simon Bruder bd8b809486
vueko: Add bang-evaluator 2021-02-07 21:02:11 +01:00
Simon Bruder b8601e6fd3
vueko/mailserver: Change user’s password 2021-02-07 19:59:50 +01:00
Simon Bruder f7287365ff
vueko: Add murmur 2021-02-07 12:29:22 +01:00
Simon Bruder 9b5a991074
vueko: Add wg-home 2021-02-06 17:10:49 +01:00
Simon Bruder 34ec244fcc
vueko: Add mail and dav server 2021-02-06 16:51:10 +01:00
Simon Bruder bfd192b2a8
vueko: Make small system 2021-02-05 15:39:17 +01:00
Simon Bruder daf867dcb9
machines: Add vueko 
This only adds a minimal configuration.
 2021-02-01 17:33:29 +01:00
Simon Bruder a02d3cb883
Use separate state version for every machine 
This also uses the system state version as the home-manager state
version.

Fixes #35.
 2021-01-31 12:21:05 +01:00
Simon Bruder 4664265bb0
Add installation machine 
Its configuration does not fit a real machine, but rather serves as a
minimal configuration for new machines during installation.
 2021-01-30 16:41:06 +01:00
Simon Bruder 241bc188cb
sayuri: Use performance scaling governor 
That machine is not very energy efficient anyway.
 2021-01-29 15:54:59 +01:00
Simon Bruder 05a72217aa
Use nixos-hardware for hardware configuration 
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).

Closes #21.
 2021-01-29 15:50:16 +01:00
Simon Bruder e7c6406820
Decouple machine configuration and deployment 
This allows custom scripts to access machine-specific variables.
 2021-01-28 17:08:08 +01:00
Simon Bruder d8b8e5de93
libvirt: Remove custom option 2021-01-20 16:31:59 +01:00
Simon Bruder 64ef37badd
Move global lidSwitchDocked setting to nunotaba 2021-01-20 16:27:51 +01:00
Simon Bruder 21a8f5a358
Make docker optional 2021-01-17 19:32:01 +01:00
Simon Bruder 7152112076
home/games: Add module and option 2021-01-07 18:29:18 +01:00
Simon Bruder 131d0cc1a5
Add options for unfree software and assets 2021-01-03 17:11:22 +01:00
Simon Bruder cb913a9b00
Add media-proxy 
This also adds secrets management for nginx. It is far from perfect
(e.g. nginx does not get reloaded when a secret changes).
 2020-12-31 15:44:24 +01:00
Simon Bruder e6b770875c
nunotaba,sayuri: Add tor client 2020-12-31 12:55:20 +01:00
Simon Bruder b435e1a182
restic: Parameterise extra paths and excludes 2020-12-21 13:09:25 +01:00
Simon Bruder c63305cb6b
Restructure krops deployments 2020-12-17 09:50:26 +01:00
Simon Bruder 903041b6e1
Use pass for secrets management 
Fixes #4
 2020-12-13 17:57:08 +01:00
Simon Bruder f53b777a7e
Use krops for deployments 2020-12-12 16:12:38 +01:00
Simon Bruder 61e61f0908
Reorganise hardware configuration 
Fixes #6.
 2020-12-06 13:58:48 +01:00
Simon Bruder 30a54af123
nunotaba: Use auto nix jobs 2020-12-06 13:58:47 +01:00
Simon Bruder b6bc87a6ee
Reformat hardware configuration 2020-12-06 13:58:47 +01:00
Simon Bruder e499e9236d
Remove depdendency on <nixpkgs> in hardware-configuration 2020-12-06 13:58:47 +01:00
Simon Bruder acc9940043
Remove dev profile 
Profiles are deprecated in favour of options.

For rust development, use nix-shell instead.
 2020-12-05 16:09:10 +01:00
Simon Bruder fca069698a
Reformat imports in configuration.nix 2020-12-05 16:05:26 +01:00
Simon Bruder 73021c1a94
Parameterise cpu config 2020-12-05 16:00:34 +01:00
Simon Bruder 76bd3a4bc8
Parameterise gpu config 2020-12-05 15:57:23 +01:00
Simon Bruder 9b22c91170
config.sbruder.gui → config.sbruder.gui.enable 2020-12-05 15:44:58 +01:00
Simon Bruder a23c3801cb
Parameterise libvirt 2020-12-05 15:40:54 +01:00
Simon Bruder ab39c6035c
Parameterise ssd module 2020-12-05 15:40:49 +01:00
Simon Bruder 74ddf83617
Parameterise wireguard 2020-12-05 15:40:44 +01:00
Simon Bruder 8a63f8aac4
Parameterise restic 2020-12-05 15:40:31 +01:00
Simon Bruder 6d0f3a9964
Reorganise profiles/options 2020-12-05 14:43:01 +01:00
Simon Bruder 00fc2f38cc
Remove tlp module and laptop profile 2020-12-05 13:49:03 +01:00
Simon Bruder 29ef4d90dd
Remove texlive module 2020-12-05 13:48:37 +01:00
Simon Bruder 6a2a9c48bc
Make gui global option 2020-12-05 13:48:06 +01:00
Simon Bruder 3191c9119f
user: base.nix → default.nix 2020-11-07 19:22:33 +01:00
Simon Bruder 5c56bcb727
Add sayuri 2020-10-17 23:18:22 +02:00
Simon Bruder eeae580fae
nunotaba: Enable intel cpu module 2020-10-17 13:20:24 +02:00
Simon Bruder 95f6544eda
Add ssd module 2020-10-17 13:14:42 +02:00
Simon Bruder 961e8fc7fc
Modularise opengl packages 2020-10-16 18:38:18 +02:00
Simon Bruder db1348014e
Update to 20.09 
MPV is disabled since the override options no longer work.
This also applies updated formatting.
 2020-09-25 22:32:42 +02:00
Simon Bruder 8b32cc4846
Add libvirt and virt-manager 2020-09-12 20:54:10 +02:00
Simon Bruder b36df78a29
Add tlp 2020-09-11 18:45:46 +02:00
Simon Bruder 56aa0c8de8
nunotaba: Remove texlive 
Running `nixos-rebuild switch` consumes 8% less memory. Where texlive is
needed, it should be used with nix-shell.
 2020-09-11 18:44:18 +02:00
Simon Bruder 28a74043c4
Include hardware configuration in repository 
This avoids surprises when nixos-generate-config is used on a running
system and an overlayfs for docker that is unavailable in stage 1 is
added to /etc/fstab (because it forces me to read what was changed).
 2020-08-30 10:03:48 +02:00
Simon Bruder f98781d03d
Add texlive (medium) 2020-08-26 01:08:08 +02:00
Simon Bruder 2258b24984
nunotaba: Change to production settings 2020-08-24 12:52:50 +02:00
Simon Bruder 5108a624f8
Use the same restic password for all machines 
Since they use the same repository (for deduplication), everything else
doesn’t make sense.
 2020-08-24 09:27:16 +02:00
Simon Bruder 96ca6aad63
Add secrets 2020-08-22 17:46:59 +02:00
Simon Bruder a05102e91c
Initial commit 2020-08-22 17:44:39 +02:00