simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
841 commits 18 branches 0 tags 8 MiB
Commit graph

219 commits

Author SHA1 Message Date
Simon Bruder 602573cd34
fuuko/dnsmasq: Reliably work after reboot 2021-04-10 23:23:46 +02:00
Simon Bruder bb8c54065a
fuuko/drone/runner-exec: Remove port collision with grafana 
Drone docs [1] say “Overriding this value is not recommended”, however I
do not see why I should not be able to change it.

[1] https://docs.drone.io/runner/exec/configuration/reference/drone-http-bind/
 2021-04-10 23:21:46 +02:00
Simon Bruder 746581ceba
fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH 2021-04-10 20:16:08 +02:00
Simon Bruder bed82e297c
sayuri: Migrate to sops 
Fixes #38.
 2021-04-10 11:58:50 +02:00
Simon Bruder 5dff1a426f
fuuko/binary-cache: Add nar-serve 2021-04-08 21:40:14 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko 
See machines/fuuko/services/binary-cache.nix for limitations.
 2021-04-08 16:19:57 +02:00
Simon Bruder 68fbc9e185
fuuko/go-neb: Notify room if alert is firing 2021-04-08 10:04:30 +02:00
Simon Bruder 9dbd7f9c85
vueko/coturn: Manage shared secret with sops 
This requires not using the NixOS module, since it does not support
loading it from a file.
 2021-04-07 12:23:48 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets 
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
 2021-04-06 14:05:48 +02:00
Simon Bruder d253f74a06
sayuri: Fill in purpose section of readme 
Also, next time try to spell FIXME the right way so I don’t notice this
months after setting the machine up.
 2021-04-05 13:38:33 +02:00
Simon Bruder 5c4284d68c
fuuko: Add dnsmasq prometheus exporter 2021-04-05 13:18:43 +02:00
Simon Bruder c26539e607
fuuko/prometheus: Actually show node name in alerts 2021-04-04 14:34:44 +02:00
Simon Bruder 1b08afd515
fuuko/gitea: Also use ed25519 ssh key 2021-04-04 11:18:34 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ac7e1c1123
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00
Simon Bruder ce7425d8c4
Remove issei from vpn and prometheus 2021-04-02 18:13:09 +02:00
Simon Bruder 94b2746018
fuuko/go-neb: Add alertmanager matrix receiver 2021-04-02 17:46:07 +02:00
Simon Bruder 2897451a65
fuuko/prometheus: Set external URLs 2021-04-02 16:44:17 +02:00
Simon Bruder 8b1b969aa9
fuuko: Set target to production hostname 2021-04-02 15:10:14 +02:00
Simon Bruder 98a4f345eb
fuuko/matrix/mautrix-whatsapp: Init 2021-04-02 15:09:57 +02:00
Simon Bruder 0ae96653a5
fuuko/matrix/synapse: Init 2021-04-02 14:59:14 +02:00
Simon Bruder b6297d0153
vueko/coturn: Init 2021-03-31 12:08:35 +02:00
Simon Bruder 15075a818d
installation: Remove FIXME from comments 
Otherwise grepping for FIXME shows this, even though it’s not what you
expect.
 2021-03-30 23:49:08 +02:00
Simon Bruder 2d74dac8c0
fuuko/hedgedoc: Start after postgresql 2021-03-30 16:13:20 +02:00
Simon Bruder 50f0968738
fuuko: Add gitea 2021-03-29 14:08:53 +02:00
Simon Bruder 5491ef4817
vueko/mailserver: Add gitea user 2021-03-29 13:48:10 +02:00
Simon Bruder cb8a8f3c8d
fuuko/prometheus: Enable admin API 2021-03-28 11:04:48 +02:00
Simon Bruder 55099f1884
fuuko/prometheus: Raise retention time to 90d 2021-03-28 11:04:25 +02:00
Simon Bruder 9f8c80029d
vueko/mailserver: Add aliases 2021-03-26 19:40:20 +01:00
Simon Bruder 5e8fb02b78
vueko/mail: Add alias 2021-03-21 11:53:47 +01:00
Simon Bruder 58c72c3200
Allow build on machines that are missing secrets 2021-03-21 11:36:14 +01:00
Simon Bruder 7cb3142526
nunotaba: Disable docker 
Fixes #15.
 2021-03-13 10:59:43 +01:00
Simon Bruder 57652d8a79
fuuko: Add hedgedoc 2021-03-10 15:42:21 +01:00
Simon Bruder 966667b87f
fuuko: Exclude scans from system backup 2021-03-10 11:27:56 +01:00
Simon Bruder db54dfaed1
fuuko/dnsmasq: Allow DNS queries over TCP 
Sharepoint manages to return enormous responses when querying for an
AAAA record.

$ dig sitename.sharepoint.com AAAA
;; Truncated, retrying in TCP mode.
 2021-03-10 09:13:37 +01:00
Simon Bruder d6bddf40c0
fuuko: Add ankisyncd 2021-03-09 21:22:19 +01:00
Simon Bruder 3a5568a136
fuuko: Enable full postgresql backup 2021-03-09 11:50:32 +01:00
Simon Bruder 515939677b
fuuko/torrent: Add resolv.conf to aria2 netns 
Even though aria2 doesn’t respect it, it is useful for for debugging.
 2021-03-08 19:38:26 +01:00
Simon Bruder 3da67f7576
fuuko: Enable system backups 2021-03-08 17:33:30 +01:00
Simon Bruder e8626ba27a
fuuko: Add wordclock-dimmer 2021-03-08 17:03:30 +01:00
Simon Bruder 0c081d9805
fuuko: Add dnsmasq 2021-03-08 16:19:49 +01:00
Simon Bruder 786edd1caf
fuuko: Add aria2 2021-03-08 15:55:24 +01:00
Simon Bruder 07f152cb20
fuuko: Add media file index 2021-03-08 15:40:41 +01:00
Simon Bruder 878bdd30d5
fuuko: Add ftp server and scan converter 2021-03-08 15:30:04 +01:00
Simon Bruder d1cf0f698f
fuuko: Add grafana 2021-03-08 15:10:15 +01:00
Simon Bruder 70ee44fbc5
fuuko: Add prometheus fritzbox exporter 2021-03-08 15:10:15 +01:00
Simon Bruder f388995ef6
fuuko: Add prometheus 2021-03-08 15:10:15 +01:00
Simon Bruder df303dcc2b
fuuko: Init 2021-03-08 15:10:15 +01:00
Simon Bruder 724bcd31c5
vueko/nginx: Make vueko.sbruder.de default vhost 2021-03-07 15:51:09 +01:00
Simon Bruder b6e2d2f347
vueko/nginx: Enable recommended proxy settings 2021-03-07 15:49:24 +01:00
Simon Bruder 542a89ef57
sayuri: Add foldingathome specialisation 2021-03-06 15:32:18 +01:00
Simon Bruder cbf2536e32
vueko: Enable nginx hardening 2021-03-05 16:00:10 +01:00
Simon Bruder bdda31a807
vueko/mail: Add alias 2021-03-04 20:08:37 +01:00
Simon Bruder 86348d4c60
vueko: Add element-web 2021-02-28 16:16:06 +01:00
Simon Bruder 83f1c69713
restic/system: Constantly use system for naming 
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
 2021-02-28 12:22:43 +01:00
Simon Bruder c77328af22
Replace builtins with lib where possible 2021-02-27 19:57:00 +01:00
Simon Bruder b3d28b4752
vueko/mail: Add alias 2021-02-27 17:24:26 +01:00
Simon Bruder be7e67cf1f
wireguard/home: Make vueko central server 
This also restructures the wireguard/home configuration, since now
better peer management is possible.
 2021-02-20 19:57:04 +01:00
Simon Bruder 0ec1fb5257
Make aesni_intel module available on boot 
This should increase LUKS performance significantly. In reality,
however, it doesn’t work that well. The difference of raw vs encrypted
block device speed still ist ~ 100 MiB/s. Even more confusing is that
nunotaba’s Intel DC SSD only manages ~ 350 MiB/s **without** encryption.
 2021-02-17 15:33:10 +01:00
Simon Bruder e21c769524
machines/installation: Set key map 2021-02-16 17:34:21 +01:00
Simon Bruder 27285a098f
vueko: Serve imprint over http 2021-02-14 19:49:05 +01:00
Simon Bruder 474cc7d0f7
sayuri: Disable docker 2021-02-11 14:11:30 +01:00
Simon Bruder 3fc9846bf7
vueko: resolved: Disable dnssec 2021-02-10 14:22:00 +01:00
Simon Bruder 3ba514c502
vueko: Add readme 2021-02-09 13:38:32 +01:00
Simon Bruder bd8b809486
vueko: Add bang-evaluator 2021-02-07 21:02:11 +01:00
Simon Bruder b8601e6fd3
vueko/mailserver: Change user’s password 2021-02-07 19:59:50 +01:00
Simon Bruder f7287365ff
vueko: Add murmur 2021-02-07 12:29:22 +01:00
Simon Bruder 9b5a991074
vueko: Add wg-home 2021-02-06 17:10:49 +01:00
Simon Bruder 34ec244fcc
vueko: Add mail and dav server 2021-02-06 16:51:10 +01:00
Simon Bruder bfd192b2a8
vueko: Make small system 2021-02-05 15:39:17 +01:00
Simon Bruder daf867dcb9
machines: Add vueko 
This only adds a minimal configuration.
 2021-02-01 17:33:29 +01:00
Simon Bruder a02d3cb883
Use separate state version for every machine 
This also uses the system state version as the home-manager state
version.

Fixes #35.
 2021-01-31 12:21:05 +01:00
Simon Bruder 4664265bb0
Add installation machine 
Its configuration does not fit a real machine, but rather serves as a
minimal configuration for new machines during installation.
 2021-01-30 16:41:06 +01:00
Simon Bruder 241bc188cb
sayuri: Use performance scaling governor 
That machine is not very energy efficient anyway.
 2021-01-29 15:54:59 +01:00
Simon Bruder 05a72217aa
Use nixos-hardware for hardware configuration 
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).

Closes #21.
 2021-01-29 15:50:16 +01:00
Simon Bruder e7c6406820
Decouple machine configuration and deployment 
This allows custom scripts to access machine-specific variables.
 2021-01-28 17:08:08 +01:00
Simon Bruder d8b8e5de93
libvirt: Remove custom option 2021-01-20 16:31:59 +01:00
Simon Bruder 64ef37badd
Move global lidSwitchDocked setting to nunotaba 2021-01-20 16:27:51 +01:00
Simon Bruder 21a8f5a358
Make docker optional 2021-01-17 19:32:01 +01:00
Simon Bruder 7152112076
home/games: Add module and option 2021-01-07 18:29:18 +01:00
Simon Bruder 131d0cc1a5
Add options for unfree software and assets 2021-01-03 17:11:22 +01:00
Simon Bruder cb913a9b00
Add media-proxy 
This also adds secrets management for nginx. It is far from perfect
(e.g. nginx does not get reloaded when a secret changes).
 2020-12-31 15:44:24 +01:00
Simon Bruder e6b770875c
nunotaba,sayuri: Add tor client 2020-12-31 12:55:20 +01:00
Simon Bruder b435e1a182
restic: Parameterise extra paths and excludes 2020-12-21 13:09:25 +01:00
Simon Bruder c63305cb6b
Restructure krops deployments 2020-12-17 09:50:26 +01:00
Simon Bruder 903041b6e1
Use pass for secrets management 
Fixes #4
 2020-12-13 17:57:08 +01:00
Simon Bruder f53b777a7e
Use krops for deployments 2020-12-12 16:12:38 +01:00
Simon Bruder 61e61f0908
Reorganise hardware configuration 
Fixes #6.
 2020-12-06 13:58:48 +01:00
Simon Bruder 30a54af123
nunotaba: Use auto nix jobs 2020-12-06 13:58:47 +01:00
Simon Bruder b6bc87a6ee
Reformat hardware configuration 2020-12-06 13:58:47 +01:00
Simon Bruder e499e9236d
Remove depdendency on <nixpkgs> in hardware-configuration 2020-12-06 13:58:47 +01:00
Simon Bruder acc9940043
Remove dev profile 
Profiles are deprecated in favour of options.

For rust development, use nix-shell instead.
 2020-12-05 16:09:10 +01:00
Simon Bruder fca069698a
Reformat imports in configuration.nix 2020-12-05 16:05:26 +01:00
Simon Bruder 73021c1a94
Parameterise cpu config 2020-12-05 16:00:34 +01:00
Simon Bruder 76bd3a4bc8
Parameterise gpu config 2020-12-05 15:57:23 +01:00
Simon Bruder 9b22c91170
config.sbruder.gui → config.sbruder.gui.enable 2020-12-05 15:44:58 +01:00
Simon Bruder a23c3801cb
Parameterise libvirt 2020-12-05 15:40:54 +01:00
Simon Bruder ab39c6035c
Parameterise ssd module 2020-12-05 15:40:49 +01:00
Simon Bruder 74ddf83617
Parameterise wireguard 2020-12-05 15:40:44 +01:00
Simon Bruder 8a63f8aac4
Parameterise restic 2020-12-05 15:40:31 +01:00
Simon Bruder 6d0f3a9964
Reorganise profiles/options 2020-12-05 14:43:01 +01:00
Simon Bruder 00fc2f38cc
Remove tlp module and laptop profile 2020-12-05 13:49:03 +01:00
Simon Bruder 29ef4d90dd
Remove texlive module 2020-12-05 13:48:37 +01:00
Simon Bruder 6a2a9c48bc
Make gui global option 2020-12-05 13:48:06 +01:00
Simon Bruder 3191c9119f
user: base.nix → default.nix 2020-11-07 19:22:33 +01:00
Simon Bruder 5c56bcb727
Add sayuri 2020-10-17 23:18:22 +02:00
Simon Bruder eeae580fae
nunotaba: Enable intel cpu module 2020-10-17 13:20:24 +02:00
Simon Bruder 95f6544eda
Add ssd module 2020-10-17 13:14:42 +02:00
Simon Bruder 961e8fc7fc
Modularise opengl packages 2020-10-16 18:38:18 +02:00
Simon Bruder db1348014e
Update to 20.09 
MPV is disabled since the override options no longer work.
This also applies updated formatting.
 2020-09-25 22:32:42 +02:00
Simon Bruder 8b32cc4846
Add libvirt and virt-manager 2020-09-12 20:54:10 +02:00
Simon Bruder b36df78a29
Add tlp 2020-09-11 18:45:46 +02:00
Simon Bruder 56aa0c8de8
nunotaba: Remove texlive 
Running `nixos-rebuild switch` consumes 8% less memory. Where texlive is
needed, it should be used with nix-shell.
 2020-09-11 18:44:18 +02:00
Simon Bruder 28a74043c4
Include hardware configuration in repository 
This avoids surprises when nixos-generate-config is used on a running
system and an overlayfs for docker that is unavailable in stage 1 is
added to /etc/fstab (because it forces me to read what was changed).
 2020-08-30 10:03:48 +02:00
Simon Bruder f98781d03d
Add texlive (medium) 2020-08-26 01:08:08 +02:00
Simon Bruder 2258b24984
nunotaba: Change to production settings 2020-08-24 12:52:50 +02:00
Simon Bruder 5108a624f8
Use the same restic password for all machines 
Since they use the same repository (for deduplication), everything else
doesn’t make sense.
 2020-08-24 09:27:16 +02:00
Simon Bruder 96ca6aad63
Add secrets 2020-08-22 17:46:59 +02:00
Simon Bruder a05102e91c
Initial commit 2020-08-22 17:44:39 +02:00