Simon Bruder
19eab9411c
ssh: Add all hostnames for storage box
2022-08-25 23:12:42 +02:00
Simon Bruder
0bbe240018
tmux: Configure system-wide
...
This is useful on systems that are only accessed as root (e.g.,
servers).
2022-08-25 14:49:22 +02:00
Simon Bruder
947a7d65a3
unfree: Remove yuzu-{ea,mainline}
2022-08-13 17:21:09 +02:00
Simon Bruder
6211ea6005
games: Blacklist hid_nintendo
...
It does not work with my 8BitDo Pro 2. Disabling the kernel module makes
it work with SDL’s hidraw driver.
2022-08-13 11:47:10 +02:00
Simon Bruder
0b4bfc931c
media-mount: Add storage box
2022-08-09 15:13:50 +02:00
Simon Bruder
8091bae559
ausweisapp: Init
2022-07-24 18:06:54 +02:00
Simon Bruder
97a1f12d7b
grub: Disable memtest86
...
The download URL does not work anymore.
2022-07-11 21:31:41 +02:00
Simon Bruder
9dd20698d1
mullvad: Update relays
2022-07-08 11:51:04 +02:00
Simon Bruder
a68420ca69
Sort modules includes
2022-07-08 11:51:04 +02:00
Simon Bruder
22d017999f
syncthing: Init
2022-07-08 11:51:04 +02:00
Simon Bruder
8dc59487f3
restic/system: Exclude /var/cache
2022-07-08 11:51:04 +02:00
Simon Bruder
2fc312dd47
flake: Use overlays.default for default overlay
...
The `overlay` output is deprecated.
2022-07-08 11:51:03 +02:00
Simon Bruder
d177dcc710
Allow users to set set allow_other for fuse mounts
2022-06-15 00:45:51 +02:00
Simon Bruder
67b30a52af
Remove private binary cache
...
I don’t actually use it and it adds complexity to installing new
machines.
2022-06-10 00:03:03 +02:00
Simon Bruder
b948f46fad
nunotaba: Re-init
2022-06-10 00:03:03 +02:00
Simon Bruder
98cd9fee9c
okarin: Remove
...
It was too slow to do anything useful with, so I cancelled it. Unless
something dramatically changes, I won’t rent servers from Contabo
anymore.
2022-06-01 15:39:02 +02:00
Simon Bruder
3e82450879
pipewire: Remove media-session config
...
It is disabled by default in favour of wireplumber.
2022-06-01 15:17:14 +02:00
Simon Bruder
0bb4f4204d
Use new option for ACME email address
2022-05-31 15:04:53 +02:00
Simon Bruder
23652c4b8f
restic/system: Exclude mounts
2022-05-15 11:14:34 +02:00
Simon Bruder
4712cd20be
media-mount: Init
2022-05-14 17:50:11 +02:00
Simon Bruder
f31fb7dc5d
udev: Add rule for TI-84+ SE
...
If it is plugged in for a longer time (a few minutes are enough), at
least on mayushii, the dock hangs and will not respond unless the
system is rebooted (re-plugging, restarting the dock and suspending does
not work). I couldn’t figure out why this is happening.
2022-05-11 16:38:32 +02:00
Simon Bruder
606b203205
zsh: Globally set histsize to 100000
...
Otherwise this occasionally deletes my user’s history if the user config
is not fully loaded yet.
2022-04-28 09:32:03 +02:00
Simon Bruder
76787d43a0
restic/system: Ignore /root/.cache
2022-04-23 21:10:55 +02:00
Simon Bruder
b307f1d518
fonts: Use blobmoji as default emoji font
2022-04-23 21:10:27 +02:00
Simon Bruder
141bfa4f46
yuzuru: Remove
...
It no longer hosts any services so it is going to be removed.
2022-04-09 10:12:12 +02:00
Simon Bruder
5cb356c368
makemkv: Init
2022-04-01 18:20:46 +02:00
Simon Bruder
c70da831eb
tools: Install sqlite globally
...
It often is needed on servers where there is no user.
2022-03-26 12:42:45 +01:00
Simon Bruder
da56357ad8
zsh: Disable globbing of # globally
...
Otherwise using nix shell et al. as root is a pain.
2022-03-26 12:37:11 +01:00
Simon Bruder
8dc3558c7c
qbittorrent/exporter: Do not expose seeding time
...
It is not useful and just wastes storage space.
2022-03-25 21:54:07 +01:00
Simon Bruder
954849f763
renge: Init
2022-03-23 17:34:56 +01:00
Simon Bruder
ea88259856
okarin/qbittorrent: Init
2022-03-19 10:35:09 +01:00
Simon Bruder
0e3bd19aa8
media-proxy: Unset referer for same-site requests
...
The qBittorrent WebUI does not work with it set to a different host than
the target. This implementation does not compromise security, because
the referer is only unset if the real referer was the locally proxied
page. All other referers are passed through verbatim.
2022-03-18 23:43:24 +01:00
Simon Bruder
faa84c574d
qbittorrent: Init module
2022-03-18 22:14:09 +01:00
Simon Bruder
7ed13269a7
okarin: Init
2022-03-03 10:51:19 +01:00
Simon Bruder
175b5e1ef1
logitech: Init
2022-02-09 07:24:23 +01:00
Simon Bruder
20b861a994
fuuko/torrent: Use AriaNg’s nixpkgs version
...
Otherwise node 10 will have to be built from source since it no longer
gets built by Hydra.
2022-01-23 11:58:37 +01:00
Simon Bruder
922e007db9
restic/system: Don’t explicitly ignore rust target
...
Newer cargo versions automatically add a CACHEDIR.TAG file to the target
directory.
2022-01-22 10:33:33 +01:00
Simon Bruder
6499b7b196
restic/system: Start earlier
...
This avoids the backup failing due to clients being suspended during the
backup.
2022-01-22 10:32:51 +01:00
Simon Bruder
0baeb59b38
tools: Add parted
2022-01-14 15:53:29 +01:00
Simon Bruder
6eadefd6fb
Revert "pipewire: Enable jack"
...
This reverts commit 9588343b6e
.
It causes issues with yuzu.
2022-01-02 16:45:21 +01:00
Simon Bruder
ac85009184
udev: Add rules for Switch Pro Controller
2021-12-19 11:25:51 +01:00
Simon Bruder
398ca91aa5
tools: Add wireshark
2021-12-10 18:00:13 +01:00
Simon Bruder
505697715d
nix: Remove fallback for deamon nice levels
2021-12-06 16:00:41 +01:00
Simon Bruder
2c160661ec
Apply fixes for breaking module changes in 21.11
2021-12-01 19:15:31 +01:00
Simon Bruder
cc8727fa80
Use nixFlakes instead of nixUnstable
2021-12-01 18:32:51 +01:00
Simon Bruder
a9817baee9
Remove unneeded packages from unstable
2021-12-01 18:32:51 +01:00
Simon Bruder
5517a5a3db
pipewire: Add helvum
2021-11-29 17:06:41 +01:00
Simon Bruder
ce6885abca
pipewire: Enable rtkit
2021-11-21 13:11:52 +01:00
Simon Bruder
9588343b6e
pipewire: Enable jack
...
This allows more complicated configurations via qjackctl.
2021-11-20 22:51:14 +01:00
Simon Bruder
1df9a87520
Make nix scheduling options compatible with 21.11
2021-11-20 16:29:48 +01:00
Simon Bruder
a220c7f9d9
mullvad: Update relays
2021-11-20 15:48:56 +01:00
Simon Bruder
58e6cad052
pipewire: Remove hacky override of bluez quirks db
...
Nixpkgs now treats it as data, so it is not set in the module.
As an alternative, hardware volume is disabled globally.
2021-11-08 18:04:14 +01:00
Simon Bruder
f4bf1ced57
yuzuru: Init
2021-11-01 10:10:40 +01:00
Simon Bruder
b1f4b8b4b5
Add option to mark host as untrusted
...
This can be used to deploy a host that does not have access to the main
sops secrets file, e.g. because it does not have an encrypted root
partition.
2021-11-01 10:08:23 +01:00
Simon Bruder
718e44402f
fuuko: Add factorio
2021-10-15 15:54:48 +02:00
Simon Bruder
ee390f869d
Revert "nix: Fix nix not working with local LFS repositories"
...
This reverts commit 050359f8ee
.
2021-10-12 20:45:21 +02:00
Simon Bruder
0ff89a0f6f
gui: Add upower
2021-10-10 16:32:03 +02:00
Simon Bruder
ec0a8dfa49
ssh: Add mayushii’ public host key
2021-10-10 11:43:04 +02:00
Simon Bruder
d52084a79b
nunotaba: Remove
2021-10-10 11:40:20 +02:00
Simon Bruder
d44db0d505
network-manager: Add networkmanagerapplet
...
This includes nm-connection-editor, which is needed to set up WPA2
enterprise connections.
2021-10-07 12:35:30 +02:00
Simon Bruder
31cec022e8
Revert "wireguard/home: Use peer-to-peer connections if possible"
...
This reverts commit bab6c5e5dc
.
2021-10-05 21:37:38 +02:00
Simon Bruder
7a08083af1
Revert "wireguard/home: Fix peer-to-peer connection"
...
This reverts commit d621e84a00
.
2021-10-05 21:31:37 +02:00
Simon Bruder
8bf63db6e5
mayushii: Init
2021-10-05 21:26:39 +02:00
Simon Bruder
ae8effee39
games: Add steam-sandbox
2021-10-04 16:57:10 +02:00
Simon Bruder
050359f8ee
nix: Fix nix not working with local LFS repositories
2021-09-25 17:17:49 +02:00
Simon Bruder
9190c83c97
Fix ntfs support
2021-09-10 18:01:52 +02:00
Simon Bruder
7db9922dc2
nginx: Disable access log by default
2021-09-08 01:12:56 +02:00
Simon Bruder
d621e84a00
wireguard/home: Fix peer-to-peer connection
...
Public clients also need to have all peers configured, so they can
connect to them.
2021-09-03 15:31:45 +02:00
Simon Bruder
bab6c5e5dc
wireguard/home: Use peer-to-peer connections if possible
2021-08-31 11:20:06 +02:00
Simon Bruder
0d9ec3383e
nginx-interactive-index: Make .. work again
...
This fixes a regression introduced in
77eab2497a
, which moved the heading into a
thead and the file listing into a tbody. Therefore, the .. entry is now
the first entry and has been excluded by the rule that previously
excluded the header.
2021-08-30 22:11:00 +02:00
Simon Bruder
ccc0d60d71
nginx-interactive-index: Implement stripes in javascript
...
This shows stripes correctly even after a filter has been entered.
Previously the absolute position (before filtering) has been used to
determine the row colour, which looked weird.
2021-08-29 14:14:07 +02:00
Simon Bruder
77eab2497a
nginx-interactive-index: Only apply stripes to body
2021-08-29 14:13:35 +02:00
Simon Bruder
f6d9bf82db
mullvad: Update relays
2021-08-29 12:32:50 +02:00
Simon Bruder
29f0a5017f
programs: Move virt-manager to user profile
2021-08-28 11:24:51 +02:00
Simon Bruder
15fdc8756a
pipewire: Disable hardware volume for HD 4.50BTNC
2021-08-21 15:47:17 +02:00
Simon Bruder
49aa48366a
games: Move to separate module
2021-08-06 18:55:10 +02:00
Simon Bruder
821a352c49
Annotate multiline strings with their language
2021-08-05 13:23:07 +02:00
Simon Bruder
6ac026a535
Enable fwupd on full systems
2021-08-04 16:52:11 +02:00
Simon Bruder
8b9eb54806
games: Conditionally add emulators
...
This uses a crude arbitrary number to only install them onto machines
that can actually run them.
2021-07-26 20:44:46 +02:00
Simon Bruder
11f7ac50ca
Set geographical location system-wide
2021-07-25 08:36:19 +02:00
Simon Bruder
6006e2cb46
nix: Add cached-nix-shell
2021-07-11 10:43:43 +02:00
Simon Bruder
f546f737fe
sway: Enable screencasts via xdg-desktop-portal-wlr
...
This also adds a blinking indicator to the status bar so it is obvious
when the screen is shared.
2021-07-10 16:27:26 +02:00
Simon Bruder
7959abe5f0
pipewire: Init and replace pulseaudio
2021-07-10 12:44:09 +02:00
Simon Bruder
12e24d0761
cups: Add elma
2021-07-07 18:25:14 +02:00
Simon Bruder
298ef93ed5
cups: Remove broken printers
2021-07-04 20:54:09 +02:00
Simon Bruder
8259b1455f
mulvad: Do not unlock pass when disabling tunnel
2021-06-01 11:37:59 +02:00
Simon Bruder
c0efaa02ba
mullvad: Move script into system module
...
It doesn’t make sense to install the configuration files system-wide but
the script only for the user.
2021-06-01 10:29:58 +02:00
Simon Bruder
56b9c6c37f
Add module for on-demand usage of mullvad
...
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.
Fixes #32 .
2021-05-31 23:02:11 +02:00
Simon Bruder
de3f8f8909
restic: Make restic prune regularily on fuuko
...
Closes #41 .
2021-05-28 15:01:06 +02:00
Simon Bruder
e9dc4601ad
restic: Do not initialise the repository
...
It already is initialised, and NixOS’ initialisation always prints all
existing snapshots to the journal which makes it almost impossible to
find the logs from the regular backup.
2021-05-28 15:01:06 +02:00
Simon Bruder
9025dfffb5
wireguard/dns: Make zone master zone
...
Since 21.05 it does not work when this is not set.
2021-05-28 14:24:50 +02:00
Simon Bruder
7450828b63
fonts: Do not enable X11 fonts dir
2021-05-27 18:07:00 +02:00
Simon Bruder
ea45b45c60
restic: Fix restic-auth script
...
Since I migrated to sops, the password store structure changed.
2021-05-27 14:38:33 +02:00
Simon Bruder
2c8a291ae9
Make flake inputs available as module argument
...
This moves a bunch of stuff out of flake.nix into the modules they
belong to. This removes complexity from flake.nix and gives the project
a more organised structure.
Sadly, it is not possible to import modules from a flake outside of
flake.nix, since that leads to an infinite recursion (`config` has to be
evaluated before `config._modules.args.inputs` is available but `config`
depends on an import from `config._modules.args.inputs`). Therefore, the
`extraModules` argument in `machines/default.nix` has to be used for
that (it now has access to all flake inputs).
2021-05-15 10:04:44 +02:00
Simon Bruder
400b55a293
Convert to flake
...
Fixes #3 .
2021-05-01 17:36:58 +02:00
Simon Bruder
af036e88db
nix: Enable flake support
2021-05-01 17:08:21 +02:00
Simon Bruder
5b5bf546b3
wireguard: Simplify sopsFile path
2021-05-01 16:53:06 +02:00
Simon Bruder
8a339c51a2
Show system closure diff on activation
2021-04-25 09:50:03 +02:00
Simon Bruder
feb82fca2e
nix: Make netrc readable by wheel group
...
This also splits the nix configuration from the default module into its
own file.
2021-04-09 11:34:49 +02:00
Simon Bruder
8d9e3af211
Add binary cache hosted on fuuko
...
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder
07d4260b95
nix: Use daemonNiceLevel instead of CPUSchedulingPolicy
2021-04-08 15:42:49 +02:00
Simon Bruder
4a8a7e0a4f
Use sops for secrets
...
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder
b595aceb7c
initrd-ssh: Treat host-key as state
...
This also removes the explicit passing of the public key fingerprint to
the unlock script, since the host key is no longer available in pass.
Unlocking still works, since the keys are configured in modules/ssh.nix.
2021-04-06 11:45:04 +02:00
Simon Bruder
41f8d468b6
restic/system: Include /root and /etc
2021-04-06 10:47:05 +02:00
Simon Bruder
a102f691a6
tools: Add ssh-to-pgp
2021-04-06 10:21:48 +02:00
Simon Bruder
37f95b3d79
ssh: Add global known hosts
...
Fixes #47 .
2021-04-04 11:29:31 +02:00
Simon Bruder
0212f2adbd
fuuko/drone: Init
2021-04-03 18:47:01 +02:00
Simon Bruder
ce7425d8c4
Remove issei from vpn and prometheus
2021-04-02 18:13:09 +02:00
Simon Bruder
e94c72e42e
Add open ports for quick tests
2021-03-29 22:26:10 +02:00
Simon Bruder
a7ad88a5ec
Include unstable channel as overlay
...
This allows nix cli tools to access unstable from niv’s pinned rev
(instead of having to rely on uncached and unpinned
channel:nixos-unstable). Also packageOverrides might get
deprecated/removed[1] eventually.
[1]: https://github.com/NixOS/nixpkgs/issues/43266
2021-03-29 12:03:58 +02:00
Simon Bruder
c8b7a9c8e9
gui: Install adwaita icons system-wide
2021-03-27 13:22:34 +01:00
Simon Bruder
c1992958bf
media-proxy: Start after network is online
2021-03-27 12:45:43 +01:00
Simon Bruder
58c72c3200
Allow build on machines that are missing secrets
2021-03-21 11:36:14 +01:00
Simon Bruder
9b9f574d52
tools: Add dmidecode
2021-03-10 15:49:53 +01:00
Simon Bruder
d73da1a131
restic/system: Limit upload to 1.5M by default
2021-03-08 18:46:35 +01:00
Simon Bruder
07f152cb20
fuuko: Add media file index
2021-03-08 15:40:41 +01:00
Simon Bruder
878bdd30d5
fuuko: Add ftp server and scan converter
2021-03-08 15:30:04 +01:00
Simon Bruder
542a89ef57
sayuri: Add foldingathome specialisation
2021-03-06 15:32:18 +01:00
Simon Bruder
270f20d05b
Add nginx hardening option
2021-03-05 15:58:53 +01:00
Simon Bruder
83f1c69713
restic/system: Constantly use system for naming
...
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
2021-02-28 12:22:43 +01:00
Simon Bruder
d7272e9db3
restic: Simplify timerConfig
...
The upstream restic module validates the types anyway, so I can drop the
ugly expression to copy the option.
2021-02-28 12:22:42 +01:00
Simon Bruder
6a8904011a
restic: Fix typo in excludes filename
2021-02-28 12:22:42 +01:00
Simon Bruder
c77328af22
Replace builtins with lib where possible
2021-02-27 19:57:00 +01:00
Simon Bruder
2a4e358502
node_exporter: Disable rapl collector
...
It does not work since the service does not have permission and
therefore writes errors into the journal every scrape.
2021-02-21 00:06:16 +01:00
Simon Bruder
13876617f5
node_exporter: Fix name of systemd collector
2021-02-21 00:04:26 +01:00
Simon Bruder
785bb2214b
wireguard/home: Add dns server
2021-02-20 19:57:10 +01:00
Simon Bruder
be7e67cf1f
wireguard/home: Make vueko central server
...
This also restructures the wireguard/home configuration, since now
better peer management is possible.
2021-02-20 19:57:04 +01:00
Simon Bruder
c921c2802a
tools: Add compsize
2021-02-20 12:47:27 +01:00
Simon Bruder
e0ef586e5e
nginx-interactive-index: Init
2021-02-18 12:10:03 +01:00
Simon Bruder
b00498f23d
tools: Add hdparm
2021-02-14 15:30:44 +01:00
Simon Bruder
eb97e936ed
zsh: Use grml config system wide
2021-02-14 13:29:51 +01:00
Simon Bruder
15cdd42845
Remove global swapiness
...
All machines should either import <nixpkgs-hardware/common/pc/hdd> or
<nixpkgs-hardware/common/pc/ssd> if they have swap.
2021-02-08 23:20:31 +01:00
Simon Bruder
29c6d37142
Remove journald extra configuration
...
Since `Storage=persistent` is the default in NixOS, it is not needed.
2021-02-08 23:19:02 +01:00
Simon Bruder
78c9a2cab9
tools: Add (r)age
2021-02-08 19:17:13 +01:00
Simon Bruder
62f1dbe30f
mailserver: Disable recipient_restrictions for submission
...
Otherwise, sending mails to slow destinations might fail (with the
client throwing an error).
2021-02-06 16:51:10 +01:00
Simon Bruder
9c62905442
mailserver: Add module
2021-02-06 12:48:05 +01:00
Simon Bruder
335f2908e7
tools: Add ccze
2021-02-05 17:51:29 +01:00
Simon Bruder
5ed071c0ed
Move admin tools to system tools
...
Fixes #37 .
This also removes some tools from the user profile since I do not need
them anymore.
2021-02-05 17:34:34 +01:00
Simon Bruder
998d47fd1a
nix: Only keep outputs and drvs on full systems
2021-02-05 17:19:19 +01:00
Simon Bruder
1437601d5a
Reduce locales and disable docs on small systems
2021-02-05 15:36:51 +01:00
Simon Bruder
520d750404
firewall: Entirely disable reverse path checking
...
This hopefully fixes #26 (or more specific a regression caused by it,
see the comment in the issue). I didn’t test it for long, but it seems
to work.
2021-02-02 21:40:30 +01:00
Simon Bruder
34c801c7e9
Make it possible to disable smartd per-machine
...
On virtual machines it does not make much sense to have it activated
(also the service fails to start).
2021-02-01 17:03:26 +01:00
Simon Bruder
cce86ac2c9
pkgs: Add wordclock-dimmer (including module)
2021-01-31 19:48:18 +01:00
Simon Bruder
a02d3cb883
Use separate state version for every machine
...
This also uses the system state version as the home-manager state
version.
Fixes #35 .
2021-01-31 12:21:05 +01:00
Simon Bruder
f211bae4e2
Globally set Let’s Encrypt requirements
2021-01-31 12:21:05 +01:00
Simon Bruder
05a72217aa
Use nixos-hardware for hardware configuration
...
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).
Closes #21 .
2021-01-29 15:50:16 +01:00
Simon Bruder
603a006df8
Make routing all traffic over wireguard tunnel work
...
Fixes #26 (regression introduced in
126a0dad4b
)
This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
2021-01-24 14:44:00 +01:00
Simon Bruder
bcbd5e772a
gui: Use better way to enable 32bit opengl support
2021-01-24 12:51:56 +01:00
Simon Bruder
428e8103d9
tools/adb: Use proper way to determine if x86_64
2021-01-20 16:40:36 +01:00
Simon Bruder
d8b8e5de93
libvirt: Remove custom option
2021-01-20 16:31:59 +01:00