Simon Bruder
26d85e97aa
infovhost: Init
...
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder
0393661579
yuzuru: Init
2024-01-03 11:44:34 +01:00
Simon Bruder
2a5da89f53
Do not enable fwupd on virtual machines
...
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder
eef5f9b617
renge: Migrate to larger server
2023-12-31 17:31:17 +01:00
Simon Bruder
abccb6f9e0
initrd-ssh: Make /boot only accessible for root
2023-12-31 17:31:17 +01:00
Simon Bruder
0318ca56f9
Use gpg-agent as ssh agent
2023-12-20 23:55:42 +01:00
Simon Bruder
9107ce034c
nitrokey: Init
2023-12-20 16:53:42 +01:00
Simon Bruder
cd47e1da97
qbittorrent: Fix DNS in systemd service
...
With the host’s nsswitch, it tries to query nscd, which fails as the
socket is inaccessible.
2023-12-17 18:03:40 +01:00
Simon Bruder
47998fddd0
media-proxy: Use subdomains instead of paths
...
This should help with isolating the different services.
2023-12-16 11:56:04 +01:00
Simon Bruder
80fcaab244
nginx: Make recommended settings global
2023-12-16 10:19:20 +01:00
Simon Bruder
e126adc38d
authoritative-dns: Migrate to settings
2023-12-02 18:54:48 +01:00
Simon Bruder
ba843ac8c0
Upgrade to 23.11
...
Flake lock file updates:
• Updated input 'bang-evaluator':
'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01 ' (2021-08-01)
→ 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9 ' (2023-12-02)
• Updated input 'home-manager':
'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
→ 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
→ 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
→ 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
→ 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
→ 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43 ' (2023-10-04)
→ 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71 ' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
→ 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
→ 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
→ 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
→ 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
→ 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder
f39ce20c60
static-webserver: Init
...
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder
e897207daa
tools: Add rlwrap
2023-11-14 16:05:26 +01:00
Simon Bruder
1dc5b83380
pipewire: Enable jack
2023-11-12 01:00:25 +01:00
Simon Bruder
4f536a00d2
Switch home domain to shinonome-lab.de
...
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.
This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder
82d26cc548
dns: Do not log stats requests
2023-10-27 23:32:36 +02:00
Simon Bruder
af1d41ffda
dns: Add prometheus exporter
2023-10-26 01:18:17 +02:00
Simon Bruder
8519bada60
authoritative-dns: Init
2023-10-25 21:16:43 +02:00
Simon Bruder
dc3a17ffe0
wireguard/support: Remove DNS records for peers
...
For this use case, DNS is not very useful.
2023-10-23 19:38:00 +02:00
Simon Bruder
bb5937c686
vnstat: Use UTC in database
2023-10-15 17:07:16 +02:00
Simon Bruder
816004e80b
restic: Use QoS instead of uploadLimit
...
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.
The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder
91eb90e9c3
Enable nftables by default
2023-10-07 13:50:18 +02:00
Simon Bruder
3e1cd23aea
tools: Use bandwhich from unstable
2023-10-04 23:42:01 +02:00
Simon Bruder
16c0472bb0
nazuna: Enable torrent
2023-10-04 23:19:44 +02:00
Simon Bruder
3a12a3f53a
qbittorrent: Avoid using nscd
2023-10-04 23:19:44 +02:00
Simon Bruder
7fc8a4694c
nazuna: Init
2023-10-04 23:19:44 +02:00
Simon Bruder
a39a2ba616
nix: Make nix-shell not fail on non-krops machines
...
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder
287560e0fa
mpd: Add listenbrainz submitting
2023-09-19 12:23:38 +02:00
Simon Bruder
09a9037f1c
Revert "Disable systemd-resolved"
...
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder
fcbd6806b9
Disable systemd-resolved
...
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder
30485e7d70
mailserver: Enable postscreen
2023-08-18 15:15:07 +02:00
Simon Bruder
08b2bac970
mailserver: Add ManageSieve
2023-08-01 15:19:24 +02:00
Simon Bruder
eb2e268377
unfree: Remove packages no longer in use
2023-07-22 15:14:58 +02:00
Simon Bruder
0767d44b45
tools: Install tio system-wide
2023-07-21 15:06:29 +02:00
Simon Bruder
1b44e31627
shinobu: Init
2023-07-01 12:37:12 +02:00
Simon Bruder
472ff64011
fuuko: Add SSD for hot storage
...
Adding a new PCIe device changes the names of the network interfaces, so
they need to be adapted.
2023-06-28 23:13:57 +02:00
Simon Bruder
13b8781c71
mullvad: Update relays
2023-06-25 12:04:43 +02:00
Simon Bruder
e99a45dba5
pipewire: Add support for Focusrite Scarlett Solo Gen 3
...
The headphone output of my Behringer UMC202HD had sporadic cutouts.
While short, they were quite annoying.
I hope this interface (which costs 50% more) will work better.
2023-06-08 20:11:00 +02:00
Simon Bruder
0e0bdf7c3e
Revert "pipewire: Add configuration for UMC202HD"
...
This reverts commit 5462768f19
.
The new pipewire version from 23.05 automatically separates the inputs.
2023-06-03 18:34:12 +02:00
Simon Bruder
db391a3907
mailserver: Remove rejectSenders
...
This now gets handled by rspamd with a dynamic map.
2023-06-03 18:34:12 +02:00
Simon Bruder
5b39654159
mailserver: Separate into multiple files
2023-06-02 08:26:57 +02:00
Simon Bruder
f84e6d9bee
mailserver: Add option for autoconfig
2023-06-02 08:26:33 +02:00
Simon Bruder
21e139f313
mailserver: Allow using implicit TLS
...
The configuration dates back quite a bit and then STARTTLS was
considered the best option. However, with RFC 8314 from 2018, which now
recommends implicit TLS for IMAP and SMTP submission, this changed.
This allows using implicit TLS for those services. STARTTLS might become
deprecated and/or removed in the future.
2023-06-01 19:54:26 +02:00
Simon Bruder
e7fa0868ae
mailserver: Allow manually blocking sender domains
2023-06-01 19:54:26 +02:00
Simon Bruder
704f1e8d7f
fonts: Fix custom iosevka name
...
They no longer match the old name, only one that looks weird.
2023-06-01 19:54:25 +02:00
Simon Bruder
f9b6483fd6
grub: Remove version
2023-06-01 19:54:22 +02:00
Simon Bruder
1ec8a58921
Rename boot.cleanTmpDir
2023-06-01 19:54:22 +02:00
Simon Bruder
2f3d5c8b6b
Remove usage of nixFlakes
2023-06-01 19:54:22 +02:00
Simon Bruder
d43a2e51b5
ssh: Migrate to 23.05 format
2023-05-30 11:35:13 +02:00
Simon Bruder
5462768f19
pipewire: Add configuration for UMC202HD
...
This has some problems (as explained in the comment), but this at least
makes it work for now.
2023-05-25 20:27:07 +02:00
Simon Bruder
8a574b0417
mailserver: Add default mailboxes
...
This harmonizes the usage of directory names, and gives clients hints
about what mail should go where.
2023-05-14 20:42:15 +02:00
Simon Bruder
cc47b75704
okarin: Init
2023-05-06 11:39:31 +02:00
Simon Bruder
89bc09dcce
wireguard/home: Expose subnet
2023-05-06 11:39:31 +02:00
Simon Bruder
dd705bb298
Move ripgrep to system closure
2023-05-05 16:17:40 +02:00
Simon Bruder
0e27e590e4
mailserver: Add sieve for spam
2023-05-03 12:31:13 +02:00
Simon Bruder
0d3ec89038
mailserver: Add DKIM
2023-05-03 12:31:13 +02:00
Simon Bruder
0ca15315ad
mailserver: Add spam filter
2023-05-03 12:31:11 +02:00
Simon Bruder
cec6a8de65
mailserver: Set up DNS recursor
2023-05-03 12:31:11 +02:00
Simon Bruder
2f39d10a8a
vueko: Migrate to new server
2023-05-03 12:31:11 +02:00
Simon Bruder
78c2e80868
Remove nixpkgs-2205
...
It isn’t used anymore.
2023-04-16 11:26:31 +02:00
Simon Bruder
02a77c5cb2
resolved: Don’t cache negative results
2023-04-16 11:16:47 +02:00
Simon Bruder
a9e9032ab3
Revert "wireguard/home: Add basic overview page"
...
This reverts commit 642d97cb52
.
2023-04-15 18:09:52 +02:00
Simon Bruder
91e739c91b
Fix resolving local names with resolved
2023-04-11 11:33:17 +02:00
Simon Bruder
f05ee27364
tools: Add tcpdump
...
I don’t know I survived without it.
2023-04-09 18:23:29 +02:00
Simon Bruder
d0ab2e1d47
Use better fallback resolvers for resolved
2023-04-07 14:36:01 +02:00
Simon Bruder
4d93272cb0
wireguard/home: Switch to systemd-networkd
2023-04-07 14:14:31 +02:00
Simon Bruder
642d97cb52
wireguard/home: Add basic overview page
...
It is very basic and not pretty, but it is a base that can be extended.
2023-04-07 13:47:40 +02:00
Simon Bruder
fec939d816
wireguard/support: Init
2023-03-09 21:21:13 +01:00
Simon Bruder
cc4460f98b
hitagi: Use nixpkgs unstable
...
This is needed for Intel Arc support (Mesa 22.3+).
This also makes changes so the nixpkgs system evaluates without
errors/warnings (caused by my configuration).
2023-02-25 10:56:10 +01:00
Simon Bruder
b0dc7169cf
pipewire: Use helvum from unstable
...
The one from 22.11 does not build currently.
2023-02-20 22:35:11 +01:00
Simon Bruder
42a22e89b7
initrd-ssh: Improve module documentation
2023-02-15 11:35:59 +01:00
Simon Bruder
049dfd4be8
fancontrol: Init
2023-01-22 16:34:52 +01:00
Simon Bruder
03492fccad
Migrate sayuri to hitagi
2022-12-30 19:52:58 +01:00
Simon Bruder
e1e1ff06e0
gui: Enable udisks2
...
It no longer is implicitly enabled, so it has to be enabled explicitly.
2022-12-22 22:52:24 +01:00
Simon Bruder
0332206244
fonts/iosevka: Adjust style to match Nerd fonts 2.1
2022-12-21 19:14:06 +01:00
Simon Bruder
54c5cfb240
restic/system: Enable compression
...
Fixes #66 .
2022-12-13 09:59:31 +01:00
Simon Bruder
3cfb7b1d32
gui: Fix polkit syntax error
...
Somehow the ECMAscript compatibility was downgraded.
2022-12-11 16:22:23 +01:00
Simon Bruder
b6a903551e
fonts: Use custom Iosevka variant
...
I don’t like the new defaults.
2022-12-10 16:09:10 +01:00
Simon Bruder
91ec565702
nix: Use 22.11 options
2022-12-10 16:08:13 +01:00
Simon Bruder
ad89732961
sway: Make everything work again
...
This sadly has to downgrade some programs, if I find more time, I will
look more into this and try to make it work with the latest versions.
2022-12-10 16:08:03 +01:00
Simon Bruder
71308a9284
gui: Replace deprecated gtkUsePortal
2022-12-10 15:17:12 +01:00
Simon Bruder
a445953d46
Adapt locale configuration to new NixOS defaults
2022-12-10 14:51:07 +01:00
Simon Bruder
f81a86235d
ausweisapp: Use upstream module
2022-12-10 14:50:41 +01:00
Simon Bruder
c61023b863
Add tools for using digitizer
2022-12-02 18:54:51 +01:00
Simon Bruder
fd3bb4284b
Add prometheus co2 exporter
2022-11-03 16:40:05 +01:00
Simon Bruder
f51bc637da
wireguard/home: Hardcode server’s IPv4 address
...
Some devices (like fuuko) sadly do not have IPv6 connectivity which
makes their connection fail.
2022-10-15 23:28:33 +02:00
Simon Bruder
c0b743a65b
fuuko: Configure to work on-demand
...
This is so I can only enable it when I don’t mind it generating tons of
noise.
2022-10-07 22:20:29 +02:00
Simon Bruder
293312b447
mullvad: Add fzf helper
2022-09-30 12:22:28 +02:00
Simon Bruder
ecdbe9b936
mullvad: Update relays
...
This also changes the framework to handle different relay names.
2022-09-30 12:22:07 +02:00
Simon Bruder
ce90c3363b
cups: Use elma’s new fqdn
2022-09-24 19:29:32 +02:00
Simon Bruder
2cf49b9a18
media-proxy: Add storagebox
2022-09-23 00:14:45 +02:00
Simon Bruder
eb5d270e0b
qbittorrent: Fix exporter vendor sha256
...
For some reason it changed.
2022-09-22 22:09:37 +02:00
Simon Bruder
24db1faff9
syncthing: Do not harcode fuuko’s address
...
External reachability is not guaranteed in the future.
2022-09-13 18:49:54 +02:00
Simon Bruder
fa0afa040f
Clean up tools/programs
...
I haven’t really used some of them, so they don’t need to take space up
in the environment.
2022-09-11 01:21:59 +02:00
Simon Bruder
ea43e14792
Add often used tools to environment
...
I often find myself running them inside a nix shell. Having them
available in the environment makes using them easier and also is
possible when no internet connection is available, which is especially
useful for tools like wl-mirror.
2022-09-11 01:02:30 +02:00
Simon Bruder
9a5305bf19
media-mount: Ensure it is owned by user
...
Otherwise home-manager can’t symlink .envrc.
2022-09-04 15:46:18 +02:00
Simon Bruder
7c81e51d10
network-manger: Switch to iwd as wifi backend
...
wpa_supplicant often requires multiple tries to get a connection.
2022-09-01 22:30:49 +02:00
Simon Bruder
e31c264c92
restic: Do not limit upload by default
...
This allows servers that have a fast internet connection to complete
their backup in seconds instead of minutes.
2022-08-25 23:22:17 +02:00
Simon Bruder
4e78d87bde
restic: Use storage box and restic-rest-server
...
While this setup complicates things, it also should protect me against
(malicious) deletion of old backups.
2022-08-25 23:12:42 +02:00