Commit graph

431 commits

Author SHA1 Message Date
Simon Bruder 26d85e97aa
infovhost: Init
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder 0393661579
yuzuru: Init 2024-01-03 11:44:34 +01:00
Simon Bruder 2a5da89f53
Do not enable fwupd on virtual machines
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder eef5f9b617
renge: Migrate to larger server 2023-12-31 17:31:17 +01:00
Simon Bruder abccb6f9e0
initrd-ssh: Make /boot only accessible for root 2023-12-31 17:31:17 +01:00
Simon Bruder 0318ca56f9
Use gpg-agent as ssh agent 2023-12-20 23:55:42 +01:00
Simon Bruder 9107ce034c
nitrokey: Init 2023-12-20 16:53:42 +01:00
Simon Bruder cd47e1da97
qbittorrent: Fix DNS in systemd service
With the host’s nsswitch, it tries to query nscd, which fails as the
socket is inaccessible.
2023-12-17 18:03:40 +01:00
Simon Bruder 47998fddd0
media-proxy: Use subdomains instead of paths
This should help with isolating the different services.
2023-12-16 11:56:04 +01:00
Simon Bruder 80fcaab244
nginx: Make recommended settings global 2023-12-16 10:19:20 +01:00
Simon Bruder e126adc38d
authoritative-dns: Migrate to settings 2023-12-02 18:54:48 +01:00
Simon Bruder ba843ac8c0
Upgrade to 23.11
Flake lock file updates:

• Updated input 'bang-evaluator':
    'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01)
  → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
  → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
  → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
  → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
    'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04)
  → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
    'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
  → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
  → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
    follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
  → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder f39ce20c60
static-webserver: Init
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder e897207daa
tools: Add rlwrap 2023-11-14 16:05:26 +01:00
Simon Bruder 1dc5b83380
pipewire: Enable jack 2023-11-12 01:00:25 +01:00
Simon Bruder 4f536a00d2
Switch home domain to shinonome-lab.de
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.

This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder 82d26cc548
dns: Do not log stats requests 2023-10-27 23:32:36 +02:00
Simon Bruder af1d41ffda
dns: Add prometheus exporter 2023-10-26 01:18:17 +02:00
Simon Bruder 8519bada60
authoritative-dns: Init 2023-10-25 21:16:43 +02:00
Simon Bruder dc3a17ffe0
wireguard/support: Remove DNS records for peers
For this use case, DNS is not very useful.
2023-10-23 19:38:00 +02:00
Simon Bruder bb5937c686
vnstat: Use UTC in database 2023-10-15 17:07:16 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder 91eb90e9c3
Enable nftables by default 2023-10-07 13:50:18 +02:00
Simon Bruder 3e1cd23aea
tools: Use bandwhich from unstable 2023-10-04 23:42:01 +02:00
Simon Bruder 16c0472bb0
nazuna: Enable torrent 2023-10-04 23:19:44 +02:00
Simon Bruder 3a12a3f53a
qbittorrent: Avoid using nscd 2023-10-04 23:19:44 +02:00
Simon Bruder 7fc8a4694c
nazuna: Init 2023-10-04 23:19:44 +02:00
Simon Bruder a39a2ba616
nix: Make nix-shell not fail on non-krops machines
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder 287560e0fa
mpd: Add listenbrainz submitting 2023-09-19 12:23:38 +02:00
Simon Bruder 09a9037f1c
Revert "Disable systemd-resolved"
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder fcbd6806b9
Disable systemd-resolved
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder 30485e7d70
mailserver: Enable postscreen 2023-08-18 15:15:07 +02:00
Simon Bruder 08b2bac970
mailserver: Add ManageSieve 2023-08-01 15:19:24 +02:00
Simon Bruder eb2e268377
unfree: Remove packages no longer in use 2023-07-22 15:14:58 +02:00
Simon Bruder 0767d44b45
tools: Install tio system-wide 2023-07-21 15:06:29 +02:00
Simon Bruder 1b44e31627
shinobu: Init 2023-07-01 12:37:12 +02:00
Simon Bruder 472ff64011
fuuko: Add SSD for hot storage
Adding a new PCIe device changes the names of the network interfaces, so
they need to be adapted.
2023-06-28 23:13:57 +02:00
Simon Bruder 13b8781c71
mullvad: Update relays 2023-06-25 12:04:43 +02:00
Simon Bruder e99a45dba5
pipewire: Add support for Focusrite Scarlett Solo Gen 3
The headphone output of my Behringer UMC202HD had sporadic cutouts.
While short, they were quite annoying.

I hope this interface (which costs 50% more) will work better.
2023-06-08 20:11:00 +02:00
Simon Bruder 0e0bdf7c3e
Revert "pipewire: Add configuration for UMC202HD"
This reverts commit 5462768f19.

The new pipewire version from 23.05 automatically separates the inputs.
2023-06-03 18:34:12 +02:00
Simon Bruder db391a3907
mailserver: Remove rejectSenders
This now gets handled by rspamd with a dynamic map.
2023-06-03 18:34:12 +02:00
Simon Bruder 5b39654159
mailserver: Separate into multiple files 2023-06-02 08:26:57 +02:00
Simon Bruder f84e6d9bee
mailserver: Add option for autoconfig 2023-06-02 08:26:33 +02:00
Simon Bruder 21e139f313
mailserver: Allow using implicit TLS
The configuration dates back quite a bit and then STARTTLS was
considered the best option. However, with RFC 8314 from 2018, which now
recommends implicit TLS for IMAP and SMTP submission, this changed.

This allows using implicit TLS for those services. STARTTLS might become
deprecated and/or removed in the future.
2023-06-01 19:54:26 +02:00
Simon Bruder e7fa0868ae
mailserver: Allow manually blocking sender domains 2023-06-01 19:54:26 +02:00
Simon Bruder 704f1e8d7f
fonts: Fix custom iosevka name
They no longer match the old name, only one that looks weird.
2023-06-01 19:54:25 +02:00
Simon Bruder f9b6483fd6
grub: Remove version 2023-06-01 19:54:22 +02:00
Simon Bruder 1ec8a58921
Rename boot.cleanTmpDir 2023-06-01 19:54:22 +02:00
Simon Bruder 2f3d5c8b6b
Remove usage of nixFlakes 2023-06-01 19:54:22 +02:00
Simon Bruder d43a2e51b5
ssh: Migrate to 23.05 format 2023-05-30 11:35:13 +02:00
Simon Bruder 5462768f19
pipewire: Add configuration for UMC202HD
This has some problems (as explained in the comment), but this at least
makes it work for now.
2023-05-25 20:27:07 +02:00
Simon Bruder 8a574b0417
mailserver: Add default mailboxes
This harmonizes the usage of directory names, and gives clients hints
about what mail should go where.
2023-05-14 20:42:15 +02:00
Simon Bruder cc47b75704
okarin: Init 2023-05-06 11:39:31 +02:00
Simon Bruder 89bc09dcce
wireguard/home: Expose subnet 2023-05-06 11:39:31 +02:00
Simon Bruder dd705bb298
Move ripgrep to system closure 2023-05-05 16:17:40 +02:00
Simon Bruder 0e27e590e4
mailserver: Add sieve for spam 2023-05-03 12:31:13 +02:00
Simon Bruder 0d3ec89038
mailserver: Add DKIM 2023-05-03 12:31:13 +02:00
Simon Bruder 0ca15315ad
mailserver: Add spam filter 2023-05-03 12:31:11 +02:00
Simon Bruder cec6a8de65
mailserver: Set up DNS recursor 2023-05-03 12:31:11 +02:00
Simon Bruder 2f39d10a8a
vueko: Migrate to new server 2023-05-03 12:31:11 +02:00
Simon Bruder 78c2e80868
Remove nixpkgs-2205
It isn’t used anymore.
2023-04-16 11:26:31 +02:00
Simon Bruder 02a77c5cb2
resolved: Don’t cache negative results 2023-04-16 11:16:47 +02:00
Simon Bruder a9e9032ab3
Revert "wireguard/home: Add basic overview page"
This reverts commit 642d97cb52.
2023-04-15 18:09:52 +02:00
Simon Bruder 91e739c91b
Fix resolving local names with resolved 2023-04-11 11:33:17 +02:00
Simon Bruder f05ee27364
tools: Add tcpdump
I don’t know I survived without it.
2023-04-09 18:23:29 +02:00
Simon Bruder d0ab2e1d47
Use better fallback resolvers for resolved 2023-04-07 14:36:01 +02:00
Simon Bruder 4d93272cb0
wireguard/home: Switch to systemd-networkd 2023-04-07 14:14:31 +02:00
Simon Bruder 642d97cb52
wireguard/home: Add basic overview page
It is very basic and not pretty, but it is a base that can be extended.
2023-04-07 13:47:40 +02:00
Simon Bruder fec939d816
wireguard/support: Init 2023-03-09 21:21:13 +01:00
Simon Bruder cc4460f98b
hitagi: Use nixpkgs unstable
This is needed for Intel Arc support (Mesa 22.3+).

This also makes changes so the nixpkgs system evaluates without
errors/warnings (caused by my configuration).
2023-02-25 10:56:10 +01:00
Simon Bruder b0dc7169cf
pipewire: Use helvum from unstable
The one from 22.11 does not build currently.
2023-02-20 22:35:11 +01:00
Simon Bruder 42a22e89b7
initrd-ssh: Improve module documentation 2023-02-15 11:35:59 +01:00
Simon Bruder 049dfd4be8
fancontrol: Init 2023-01-22 16:34:52 +01:00
Simon Bruder 03492fccad
Migrate sayuri to hitagi 2022-12-30 19:52:58 +01:00
Simon Bruder e1e1ff06e0
gui: Enable udisks2
It no longer is implicitly enabled, so it has to be enabled explicitly.
2022-12-22 22:52:24 +01:00
Simon Bruder 0332206244
fonts/iosevka: Adjust style to match Nerd fonts 2.1 2022-12-21 19:14:06 +01:00
Simon Bruder 54c5cfb240
restic/system: Enable compression
Fixes #66.
2022-12-13 09:59:31 +01:00
Simon Bruder 3cfb7b1d32
gui: Fix polkit syntax error
Somehow the ECMAscript compatibility was downgraded.
2022-12-11 16:22:23 +01:00
Simon Bruder b6a903551e
fonts: Use custom Iosevka variant
I don’t like the new defaults.
2022-12-10 16:09:10 +01:00
Simon Bruder 91ec565702
nix: Use 22.11 options 2022-12-10 16:08:13 +01:00
Simon Bruder ad89732961
sway: Make everything work again
This sadly has to downgrade some programs, if I find more time, I will
look more into this and try to make it work with the latest versions.
2022-12-10 16:08:03 +01:00
Simon Bruder 71308a9284
gui: Replace deprecated gtkUsePortal 2022-12-10 15:17:12 +01:00
Simon Bruder a445953d46
Adapt locale configuration to new NixOS defaults 2022-12-10 14:51:07 +01:00
Simon Bruder f81a86235d
ausweisapp: Use upstream module 2022-12-10 14:50:41 +01:00
Simon Bruder c61023b863
Add tools for using digitizer 2022-12-02 18:54:51 +01:00
Simon Bruder fd3bb4284b
Add prometheus co2 exporter 2022-11-03 16:40:05 +01:00
Simon Bruder f51bc637da
wireguard/home: Hardcode server’s IPv4 address
Some devices (like fuuko) sadly do not have IPv6 connectivity which
makes their connection fail.
2022-10-15 23:28:33 +02:00
Simon Bruder c0b743a65b
fuuko: Configure to work on-demand
This is so I can only enable it when I don’t mind it generating tons of
noise.
2022-10-07 22:20:29 +02:00
Simon Bruder 293312b447
mullvad: Add fzf helper 2022-09-30 12:22:28 +02:00
Simon Bruder ecdbe9b936
mullvad: Update relays
This also changes the framework to handle different relay names.
2022-09-30 12:22:07 +02:00
Simon Bruder ce90c3363b
cups: Use elma’s new fqdn 2022-09-24 19:29:32 +02:00
Simon Bruder 2cf49b9a18
media-proxy: Add storagebox 2022-09-23 00:14:45 +02:00
Simon Bruder eb5d270e0b
qbittorrent: Fix exporter vendor sha256
For some reason it changed.
2022-09-22 22:09:37 +02:00
Simon Bruder 24db1faff9
syncthing: Do not harcode fuuko’s address
External reachability is not guaranteed in the future.
2022-09-13 18:49:54 +02:00
Simon Bruder fa0afa040f
Clean up tools/programs
I haven’t really used some of them, so they don’t need to take space up
in the environment.
2022-09-11 01:21:59 +02:00
Simon Bruder ea43e14792
Add often used tools to environment
I often find myself running them inside a nix shell. Having them
available in the environment makes using them easier and also is
possible when no internet connection is available, which is especially
useful for tools like wl-mirror.
2022-09-11 01:02:30 +02:00
Simon Bruder 9a5305bf19
media-mount: Ensure it is owned by user
Otherwise home-manager can’t symlink .envrc.
2022-09-04 15:46:18 +02:00
Simon Bruder 7c81e51d10
network-manger: Switch to iwd as wifi backend
wpa_supplicant often requires multiple tries to get a connection.
2022-09-01 22:30:49 +02:00
Simon Bruder e31c264c92
restic: Do not limit upload by default
This allows servers that have a fast internet connection to complete
their backup in seconds instead of minutes.
2022-08-25 23:22:17 +02:00
Simon Bruder 4e78d87bde
restic: Use storage box and restic-rest-server
While this setup complicates things, it also should protect me against
(malicious) deletion of old backups.
2022-08-25 23:12:42 +02:00