Commit graph

513 commits

Author SHA1 Message Date
Simon Bruder 1a7ef37376
home: Use nixosConfig instead of inheriting options 2021-02-12 21:12:03 +01:00
Simon Bruder 474cc7d0f7
sayuri: Disable docker 2021-02-11 14:11:30 +01:00
Simon Bruder 8689ace70d
Update sources 2021-02-11 13:13:16 +01:00
Simon Bruder 3fc9846bf7
vueko: resolved: Disable dnssec 2021-02-10 14:22:00 +01:00
Simon Bruder 3ba514c502
vueko: Add readme 2021-02-09 13:38:32 +01:00
Simon Bruder 15cdd42845
Remove global swapiness
All machines should either import <nixpkgs-hardware/common/pc/hdd> or
<nixpkgs-hardware/common/pc/ssd> if they have swap.
2021-02-08 23:20:31 +01:00
Simon Bruder 29c6d37142
Remove journald extra configuration
Since `Storage=persistent` is the default in NixOS, it is not needed.
2021-02-08 23:19:02 +01:00
Simon Bruder 8c92c1b792
youtube-dl: Add 2021-02-08 20:40:54 +01:00
Simon Bruder d6d2857322
git: Add textconv hook for age diff 2021-02-08 19:19:18 +01:00
Simon Bruder 78c9a2cab9
tools: Add (r)age 2021-02-08 19:17:13 +01:00
Simon Bruder bd8b809486
vueko: Add bang-evaluator 2021-02-07 21:02:11 +01:00
Simon Bruder dde17cf4ec
pkgs: Add bang-evaluator
I don’t know if (and doubt that) this is a good solution. I can’t simply
callPackage it, since it does not use a callPackage compatible nix
expression but rather a ready-to-build default.nix. Also, I need the
source in two different files, one of which can’t use nixpkgs fetchers.
2021-02-07 21:00:09 +01:00
Simon Bruder b8601e6fd3
vueko/mailserver: Change user’s password 2021-02-07 19:59:50 +01:00
Simon Bruder f7287365ff
vueko: Add murmur 2021-02-07 12:29:22 +01:00
Simon Bruder 8037f5eb5e
deploy: Only send the wanted machine configuration
This avoids having secrets that are managed with git-crypt on every
system.
2021-02-07 11:30:42 +01:00
Simon Bruder 1bf141ce03
Update sources 2021-02-06 19:14:08 +01:00
Simon Bruder 75a91e9116
vdirsyncer: Use new credentials 2021-02-06 18:07:53 +01:00
Simon Bruder 9b5a991074
vueko: Add wg-home 2021-02-06 17:10:49 +01:00
Simon Bruder 34ec244fcc
vueko: Add mail and dav server 2021-02-06 16:51:10 +01:00
Simon Bruder 62f1dbe30f
mailserver: Disable recipient_restrictions for submission
Otherwise, sending mails to slow destinations might fail (with the
client throwing an error).
2021-02-06 16:51:10 +01:00
Simon Bruder 9c62905442
mailserver: Add module 2021-02-06 12:48:05 +01:00
Simon Bruder e45b18abd0
Add 1 git-crypt collaborator
New collaborators:

	F309F8EC Simon Bruder <simon@sbruder.de>
2021-02-05 18:01:49 +01:00
Simon Bruder 335f2908e7
tools: Add ccze 2021-02-05 17:51:29 +01:00
Simon Bruder 5ed071c0ed
Move admin tools to system tools
Fixes #37.

This also removes some tools from the user profile since I do not need
them anymore.
2021-02-05 17:34:34 +01:00
Simon Bruder 998d47fd1a
nix: Only keep outputs and drvs on full systems 2021-02-05 17:19:19 +01:00
Simon Bruder bfd192b2a8
vueko: Make small system 2021-02-05 15:39:17 +01:00
Simon Bruder 1437601d5a
Reduce locales and disable docs on small systems 2021-02-05 15:36:51 +01:00
Simon Bruder 6a114a6b7f
Update sources 2021-02-05 14:11:53 +01:00
Simon Bruder 520d750404
firewall: Entirely disable reverse path checking
This hopefully fixes #26 (or more specific a regression caused by it,
see the comment in the issue). I didn’t test it for long, but it seems
to work.
2021-02-02 21:40:30 +01:00
Simon Bruder d8514ab12c
Re-enable waifu2x-converter-cpp
Upstream released a new version which fixes building with gcc10 and
nixpkgs already updated to it.
2021-02-01 20:51:34 +01:00
Simon Bruder 43fbc20020
Update sources 2021-02-01 20:45:22 +01:00
Simon Bruder daf867dcb9
machines: Add vueko
This only adds a minimal configuration.
2021-02-01 17:33:29 +01:00
Simon Bruder 34c801c7e9
Make it possible to disable smartd per-machine
On virtual machines it does not make much sense to have it activated
(also the service fails to start).
2021-02-01 17:03:26 +01:00
Simon Bruder cce86ac2c9
pkgs: Add wordclock-dimmer (including module) 2021-01-31 19:48:18 +01:00
Simon Bruder a02d3cb883
Use separate state version for every machine
This also uses the system state version as the home-manager state
version.

Fixes #35.
2021-01-31 12:21:05 +01:00
Simon Bruder f211bae4e2
Globally set Let’s Encrypt requirements 2021-01-31 12:21:05 +01:00
Simon Bruder 3304c8e62e
programs: Add poppler_utils 2021-01-30 23:27:53 +01:00
Simon Bruder ebddfd35ba
Update sources 2021-01-30 17:09:25 +01:00
Simon Bruder 1a63539df8
Update readme to better reflect current state
Fixes #7.
2021-01-30 16:43:04 +01:00
Simon Bruder 4664265bb0
Add installation machine
Its configuration does not fit a real machine, but rather serves as a
minimal configuration for new machines during installation.
2021-01-30 16:41:06 +01:00
Simon Bruder d61fc70f23
mpd: Only enable when gui is enabled 2021-01-30 13:27:29 +01:00
Simon Bruder 82d5a24dfa
deploy: Do not fail with broken local config 2021-01-29 16:04:38 +01:00
Simon Bruder 241bc188cb
sayuri: Use performance scaling governor
That machine is not very energy efficient anyway.
2021-01-29 15:54:59 +01:00
Simon Bruder 05a72217aa
Use nixos-hardware for hardware configuration
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).

Closes #21.
2021-01-29 15:50:16 +01:00
Simon Bruder 55fb2cfdda
shell.nix: Add luks remote unlock script
Closes #9.
2021-01-28 19:02:19 +01:00
Simon Bruder e7c6406820
Decouple machine configuration and deployment
This allows custom scripts to access machine-specific variables.
2021-01-28 17:08:08 +01:00
Simon Bruder 204962d0f3
user: Fix gui programs being installed by mistake 2021-01-28 16:35:54 +01:00
Simon Bruder 67fe507a2d
Update sources 2021-01-27 21:55:55 +01:00
Simon Bruder d6df163d2e
Update sources 2021-01-26 18:44:43 +01:00
Simon Bruder 603a006df8
Make routing all traffic over wireguard tunnel work
Fixes #26 (regression introduced in
126a0dad4b)

This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
2021-01-24 14:44:00 +01:00