Simon Bruder
5375a858bd
Replace steam with flatpak
...
I am no longer willing to accept hours upon hours of debugging just to
get the client to work. I don’t get why they would ship a 32-bit GTK2
executable that uses CEF with its sandbox disabled in 2024. Obviously,
this makes debugging quite hard as things don’t work well, even when
they work. This leaves red herrings everywhere (“Is this segfault a
symptom of the issue I’m facing or is that also happening to other users
where it works fine?”).
Flatpak also seems to have quite good sandboxing features when Flatseal
is used for every application to take away any unnecessary permissions.
2024-02-23 19:21:11 +01:00
Simon Bruder
9caef40c21
wkd: Init
2024-01-27 17:22:53 +01:00
Simon Bruder
10b8d432d5
Relicense
...
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:39:22 +01:00
Simon Bruder
26d85e97aa
infovhost: Init
...
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder
2a5da89f53
Do not enable fwupd on virtual machines
...
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder
0318ca56f9
Use gpg-agent as ssh agent
2023-12-20 23:55:42 +01:00
Simon Bruder
9107ce034c
nitrokey: Init
2023-12-20 16:53:42 +01:00
Simon Bruder
f39ce20c60
static-webserver: Init
...
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder
8519bada60
authoritative-dns: Init
2023-10-25 21:16:43 +02:00
Simon Bruder
bb5937c686
vnstat: Use UTC in database
2023-10-15 17:07:16 +02:00
Simon Bruder
91eb90e9c3
Enable nftables by default
2023-10-07 13:50:18 +02:00
Simon Bruder
09a9037f1c
Revert "Disable systemd-resolved"
...
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder
fcbd6806b9
Disable systemd-resolved
...
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder
5b39654159
mailserver: Separate into multiple files
2023-06-02 08:26:57 +02:00
Simon Bruder
1ec8a58921
Rename boot.cleanTmpDir
2023-06-01 19:54:22 +02:00
Simon Bruder
2f3d5c8b6b
Remove usage of nixFlakes
2023-06-01 19:54:22 +02:00
Simon Bruder
02a77c5cb2
resolved: Don’t cache negative results
2023-04-16 11:16:47 +02:00
Simon Bruder
91e739c91b
Fix resolving local names with resolved
2023-04-11 11:33:17 +02:00
Simon Bruder
d0ab2e1d47
Use better fallback resolvers for resolved
2023-04-07 14:36:01 +02:00
Simon Bruder
049dfd4be8
fancontrol: Init
2023-01-22 16:34:52 +01:00
Simon Bruder
a445953d46
Adapt locale configuration to new NixOS defaults
2022-12-10 14:51:07 +01:00
Simon Bruder
0bbe240018
tmux: Configure system-wide
...
This is useful on systems that are only accessed as root (e.g.,
servers).
2022-08-25 14:49:22 +02:00
Simon Bruder
8091bae559
ausweisapp: Init
2022-07-24 18:06:54 +02:00
Simon Bruder
a68420ca69
Sort modules includes
2022-07-08 11:51:04 +02:00
Simon Bruder
22d017999f
syncthing: Init
2022-07-08 11:51:04 +02:00
Simon Bruder
d177dcc710
Allow users to set set allow_other for fuse mounts
2022-06-15 00:45:51 +02:00
Simon Bruder
0bb4f4204d
Use new option for ACME email address
2022-05-31 15:04:53 +02:00
Simon Bruder
4712cd20be
media-mount: Init
2022-05-14 17:50:11 +02:00
Simon Bruder
606b203205
zsh: Globally set histsize to 100000
...
Otherwise this occasionally deletes my user’s history if the user config
is not fully loaded yet.
2022-04-28 09:32:03 +02:00
Simon Bruder
da56357ad8
zsh: Disable globbing of # globally
...
Otherwise using nix shell et al. as root is a pain.
2022-03-26 12:37:11 +01:00
Simon Bruder
faa84c574d
qbittorrent: Init module
2022-03-18 22:14:09 +01:00
Simon Bruder
175b5e1ef1
logitech: Init
2022-02-09 07:24:23 +01:00
Simon Bruder
cc8727fa80
Use nixFlakes instead of nixUnstable
2021-12-01 18:32:51 +01:00
Simon Bruder
b1f4b8b4b5
Add option to mark host as untrusted
...
This can be used to deploy a host that does not have access to the main
sops secrets file, e.g. because it does not have an encrypted root
partition.
2021-11-01 10:08:23 +01:00
Simon Bruder
9190c83c97
Fix ntfs support
2021-09-10 18:01:52 +02:00
Simon Bruder
29f0a5017f
programs: Move virt-manager to user profile
2021-08-28 11:24:51 +02:00
Simon Bruder
49aa48366a
games: Move to separate module
2021-08-06 18:55:10 +02:00
Simon Bruder
6ac026a535
Enable fwupd on full systems
2021-08-04 16:52:11 +02:00
Simon Bruder
8b9eb54806
games: Conditionally add emulators
...
This uses a crude arbitrary number to only install them onto machines
that can actually run them.
2021-07-26 20:44:46 +02:00
Simon Bruder
7959abe5f0
pipewire: Init and replace pulseaudio
2021-07-10 12:44:09 +02:00
Simon Bruder
56b9c6c37f
Add module for on-demand usage of mullvad
...
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.
Fixes #32 .
2021-05-31 23:02:11 +02:00
Simon Bruder
400b55a293
Convert to flake
...
Fixes #3 .
2021-05-01 17:36:58 +02:00
Simon Bruder
8a339c51a2
Show system closure diff on activation
2021-04-25 09:50:03 +02:00
Simon Bruder
feb82fca2e
nix: Make netrc readable by wheel group
...
This also splits the nix configuration from the default module into its
own file.
2021-04-09 11:34:49 +02:00
Simon Bruder
8d9e3af211
Add binary cache hosted on fuuko
...
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder
07d4260b95
nix: Use daemonNiceLevel instead of CPUSchedulingPolicy
2021-04-08 15:42:49 +02:00
Simon Bruder
4a8a7e0a4f
Use sops for secrets
...
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder
e94c72e42e
Add open ports for quick tests
2021-03-29 22:26:10 +02:00
Simon Bruder
a7ad88a5ec
Include unstable channel as overlay
...
This allows nix cli tools to access unstable from niv’s pinned rev
(instead of having to rely on uncached and unpinned
channel:nixos-unstable). Also packageOverrides might get
deprecated/removed[1] eventually.
[1]: https://github.com/NixOS/nixpkgs/issues/43266
2021-03-29 12:03:58 +02:00
Simon Bruder
270f20d05b
Add nginx hardening option
2021-03-05 15:58:53 +01:00