Simon Bruder
270f20d05b
Add nginx hardening option
2021-03-05 15:58:53 +01:00
Simon Bruder
83f1c69713
restic/system: Constantly use system for naming
...
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
2021-02-28 12:22:43 +01:00
Simon Bruder
d7272e9db3
restic: Simplify timerConfig
...
The upstream restic module validates the types anyway, so I can drop the
ugly expression to copy the option.
2021-02-28 12:22:42 +01:00
Simon Bruder
6a8904011a
restic: Fix typo in excludes filename
2021-02-28 12:22:42 +01:00
Simon Bruder
c77328af22
Replace builtins with lib where possible
2021-02-27 19:57:00 +01:00
Simon Bruder
2a4e358502
node_exporter: Disable rapl collector
...
It does not work since the service does not have permission and
therefore writes errors into the journal every scrape.
2021-02-21 00:06:16 +01:00
Simon Bruder
13876617f5
node_exporter: Fix name of systemd collector
2021-02-21 00:04:26 +01:00
Simon Bruder
785bb2214b
wireguard/home: Add dns server
2021-02-20 19:57:10 +01:00
Simon Bruder
be7e67cf1f
wireguard/home: Make vueko central server
...
This also restructures the wireguard/home configuration, since now
better peer management is possible.
2021-02-20 19:57:04 +01:00
Simon Bruder
c921c2802a
tools: Add compsize
2021-02-20 12:47:27 +01:00
Simon Bruder
e0ef586e5e
nginx-interactive-index: Init
2021-02-18 12:10:03 +01:00
Simon Bruder
b00498f23d
tools: Add hdparm
2021-02-14 15:30:44 +01:00
Simon Bruder
eb97e936ed
zsh: Use grml config system wide
2021-02-14 13:29:51 +01:00
Simon Bruder
15cdd42845
Remove global swapiness
...
All machines should either import <nixpkgs-hardware/common/pc/hdd> or
<nixpkgs-hardware/common/pc/ssd> if they have swap.
2021-02-08 23:20:31 +01:00
Simon Bruder
29c6d37142
Remove journald extra configuration
...
Since `Storage=persistent` is the default in NixOS, it is not needed.
2021-02-08 23:19:02 +01:00
Simon Bruder
78c9a2cab9
tools: Add (r)age
2021-02-08 19:17:13 +01:00
Simon Bruder
62f1dbe30f
mailserver: Disable recipient_restrictions for submission
...
Otherwise, sending mails to slow destinations might fail (with the
client throwing an error).
2021-02-06 16:51:10 +01:00
Simon Bruder
9c62905442
mailserver: Add module
2021-02-06 12:48:05 +01:00
Simon Bruder
335f2908e7
tools: Add ccze
2021-02-05 17:51:29 +01:00
Simon Bruder
5ed071c0ed
Move admin tools to system tools
...
Fixes #37 .
This also removes some tools from the user profile since I do not need
them anymore.
2021-02-05 17:34:34 +01:00
Simon Bruder
998d47fd1a
nix: Only keep outputs and drvs on full systems
2021-02-05 17:19:19 +01:00
Simon Bruder
1437601d5a
Reduce locales and disable docs on small systems
2021-02-05 15:36:51 +01:00
Simon Bruder
520d750404
firewall: Entirely disable reverse path checking
...
This hopefully fixes #26 (or more specific a regression caused by it,
see the comment in the issue). I didn’t test it for long, but it seems
to work.
2021-02-02 21:40:30 +01:00
Simon Bruder
34c801c7e9
Make it possible to disable smartd per-machine
...
On virtual machines it does not make much sense to have it activated
(also the service fails to start).
2021-02-01 17:03:26 +01:00
Simon Bruder
cce86ac2c9
pkgs: Add wordclock-dimmer (including module)
2021-01-31 19:48:18 +01:00
Simon Bruder
a02d3cb883
Use separate state version for every machine
...
This also uses the system state version as the home-manager state
version.
Fixes #35 .
2021-01-31 12:21:05 +01:00
Simon Bruder
f211bae4e2
Globally set Let’s Encrypt requirements
2021-01-31 12:21:05 +01:00
Simon Bruder
05a72217aa
Use nixos-hardware for hardware configuration
...
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).
Closes #21 .
2021-01-29 15:50:16 +01:00
Simon Bruder
603a006df8
Make routing all traffic over wireguard tunnel work
...
Fixes #26 (regression introduced in
126a0dad4b
)
This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
2021-01-24 14:44:00 +01:00
Simon Bruder
bcbd5e772a
gui: Use better way to enable 32bit opengl support
2021-01-24 12:51:56 +01:00
Simon Bruder
428e8103d9
tools/adb: Use proper way to determine if x86_64
2021-01-20 16:40:36 +01:00
Simon Bruder
d8b8e5de93
libvirt: Remove custom option
2021-01-20 16:31:59 +01:00
Simon Bruder
e5f90116e8
network-manager: Reformat module
2021-01-20 16:28:52 +01:00
Simon Bruder
64ef37badd
Move global lidSwitchDocked setting to nunotaba
2021-01-20 16:27:51 +01:00
Simon Bruder
c1283b6ffa
Add option to disable large packages
...
Fixes #27
This adds the `sbruder.full` option (enabled by default), which disables
some otherwise enabled packages/modules when disabled. When setting it
to false on a full gui system it reduces the size of the system closure
by over 50%. It is intended for systems with low (main) disk space.
2021-01-20 16:23:18 +01:00
Simon Bruder
9cdf89fe15
firewall: Trust wg-home
...
Fixes regression introduced in 126a0dad4b
.
2021-01-18 00:05:18 +01:00
Simon Bruder
21a8f5a358
Make docker optional
2021-01-17 19:32:01 +01:00
Simon Bruder
126a0dad4b
Enable firewall by default
...
Fixes #25
2021-01-17 11:03:54 +01:00
Simon Bruder
39742c8fbd
restic: Remove hostname from service name
2021-01-08 21:33:45 +01:00
Simon Bruder
7152112076
home/games: Add module and option
2021-01-07 18:29:18 +01:00
Simon Bruder
37c54887b9
Add custom overlay
...
Fixes #20
2021-01-07 17:10:32 +01:00
Simon Bruder
a44f1fd1ac
Add optional ssh server to initrd
2021-01-07 13:39:25 +01:00
Simon Bruder
9a65a81c3c
tools: Only enable adb on x86_64-linux
...
Since it at least fails to build on aarch64.
2021-01-06 23:40:52 +01:00
Simon Bruder
7b2da0349c
Overhaul secrets management
2021-01-06 13:09:29 +01:00
Simon Bruder
3d73519a76
Make building without unfree software/assets work
...
This either removes the packages or replaces them with free packages.
2021-01-03 17:11:22 +01:00
Simon Bruder
131d0cc1a5
Add options for unfree software and assets
2021-01-03 17:11:22 +01:00
Simon Bruder
337ef729e1
sway: wallpaper: Specify license
2021-01-03 15:46:08 +01:00
Simon Bruder
9c51d36c4d
Use fetchpatch to fetch patches
2021-01-02 10:58:08 +01:00
Simon Bruder
fa8323bddc
Enable rar support of p7zip
2021-01-01 13:00:38 +01:00
Simon Bruder
a16b0e260c
gui: Add 32bit OpenGL
2021-01-01 12:33:13 +01:00
Simon Bruder
58d667f6b8
sway: Rename to gui
2021-01-01 12:32:55 +01:00
Simon Bruder
cb913a9b00
Add media-proxy
...
This also adds secrets management for nginx. It is far from perfect
(e.g. nginx does not get reloaded when a secret changes).
2020-12-31 15:44:24 +01:00
Simon Bruder
a34d5a110a
Disable command-not-found
2020-12-25 16:41:48 +01:00
Simon Bruder
e487cf4720
Only enable node exporter when wg-home is enabled
2020-12-22 12:09:14 +01:00
Simon Bruder
b435e1a182
restic: Parameterise extra paths and excludes
2020-12-21 13:09:25 +01:00
Simon Bruder
5937065d0e
restic: Clean up excludes
2020-12-21 13:08:22 +01:00
Simon Bruder
931c7ee91b
restic: Add restic-auth authentication wrapper
2020-12-21 12:54:33 +01:00
Simon Bruder
3d146db55c
restic: Make repository variable (in module)
2020-12-21 12:50:30 +01:00
Simon Bruder
f0e2843d19
Reformat restic module
2020-12-21 12:33:46 +01:00
Simon Bruder
5f56b5a3a7
Set monetary locale to use Euro
2020-12-20 17:10:22 +01:00
Simon Bruder
208922d9f9
Fix nix run
...
It requires an explicit `nixpkgs=` entry in `NIX_PATH` to work.
2020-12-13 17:57:09 +01:00
Simon Bruder
94d625784a
Pin unstable nixpkgs version
2020-12-13 17:57:09 +01:00
Simon Bruder
903041b6e1
Use pass for secrets management
...
Fixes #4
2020-12-13 17:57:08 +01:00
Simon Bruder
049e02089f
Set NIX_PATH to krops sources
2020-12-12 16:15:43 +01:00
Simon Bruder
91cd41286b
Add video4linux2loopback
2020-12-08 18:55:33 +01:00
Simon Bruder
0bbfafcafb
Make nix keep output of derivations with gc root
2020-12-06 13:58:46 +01:00
Simon Bruder
e53f2882f4
Disable system-wide sway extra packages
2020-12-06 13:58:45 +01:00
Simon Bruder
29cfc3750d
Move most tools to user environment
...
Fixes #1 .
2020-12-05 19:44:41 +01:00
Simon Bruder
bdc1c12f9c
Refactor pubkey configuration
2020-12-05 16:42:49 +01:00
Simon Bruder
acc9940043
Remove dev profile
...
Profiles are deprecated in favour of options.
For rust development, use nix-shell instead.
2020-12-05 16:09:10 +01:00
Simon Bruder
73021c1a94
Parameterise cpu config
2020-12-05 16:00:34 +01:00
Simon Bruder
76bd3a4bc8
Parameterise gpu config
2020-12-05 15:57:23 +01:00
Simon Bruder
9b22c91170
config.sbruder.gui → config.sbruder.gui.enable
2020-12-05 15:44:58 +01:00
Simon Bruder
a23c3801cb
Parameterise libvirt
2020-12-05 15:40:54 +01:00
Simon Bruder
ab39c6035c
Parameterise ssd module
2020-12-05 15:40:49 +01:00
Simon Bruder
74ddf83617
Parameterise wireguard
2020-12-05 15:40:44 +01:00
Simon Bruder
8a63f8aac4
Parameterise restic
2020-12-05 15:40:31 +01:00
Simon Bruder
6d0f3a9964
Reorganise profiles/options
2020-12-05 14:43:01 +01:00
Simon Bruder
2f8eca9167
Reformat grub module
2020-12-05 13:51:45 +01:00
Simon Bruder
00fc2f38cc
Remove tlp module and laptop profile
2020-12-05 13:49:03 +01:00
Simon Bruder
29ef4d90dd
Remove texlive module
2020-12-05 13:48:37 +01:00
Simon Bruder
6a2a9c48bc
Make gui global option
2020-12-05 13:48:06 +01:00
Simon Bruder
ba3a59d8c0
nix: Reduce priority of daemon
2020-12-02 22:18:27 +01:00
Simon Bruder
5fe03fb923
nix: Enable store auto optimisation
2020-12-02 22:17:50 +01:00
Simon Bruder
babdaef1f3
Use vim for system and nvim for user
2020-11-07 19:22:32 +01:00
Simon Bruder
bb95194619
home: Add zsh
...
This imports my (historically evolved) functions. I have to clean them
up sometime.
2020-11-07 19:22:31 +01:00
Simon Bruder
546060a7b8
mpd: Manage with home-manager
2020-11-07 15:27:13 +01:00
Simon Bruder
fa231a7196
sway: Fully move to home-manager (where possible)
2020-11-07 15:04:49 +01:00
Simon Bruder
80b16dddb2
pulseaudio: Add bluetooth support
2020-11-05 15:31:43 +01:00
Simon Bruder
9a045ce323
Reformat pulse config
2020-11-05 15:09:12 +01:00
Simon Bruder
97883d14bf
cli-tools: Add niv
2020-11-05 09:12:04 +01:00
Simon Bruder
aacf519720
office: Add English dictionaries
2020-11-03 10:58:23 +01:00
Simon Bruder
8417f9d40b
Update comment on state version
2020-11-02 13:47:31 +01:00
Simon Bruder
fa9948c60b
Make sudoers trusted nix users
2020-10-30 17:13:17 +01:00
Simon Bruder
844d78d026
gpu/amd: Uncomment HDMI RGB kernel patch
2020-10-30 14:00:31 +01:00
Simon Bruder
8e786cbe9b
cups: Disable tintenpisser
2020-10-24 13:34:07 +02:00
Simon Bruder
44aa1d363f
gpu/amd: Force RGB output for HDMI
2020-10-24 13:23:24 +02:00
Simon Bruder
7931f1f3f5
restic: Exclude /data/cache/
2020-10-22 21:59:34 +02:00
Simon Bruder
621a91457c
restic: Do not exclude Music
...
Once™ my server also uses NixOS, restic’s deduplication should remove
any overhead.
2020-10-22 21:59:27 +02:00
Simon Bruder
1244a6b5ed
cups: Declaratively add printers
2020-10-18 22:25:05 +02:00
Simon Bruder
56b5b2f82c
cli-tools: Add {pci,usb}utils
2020-10-18 20:13:21 +02:00
Simon Bruder
4928a1aa10
docker: Add credential-helpers
2020-10-18 11:46:26 +02:00
Simon Bruder
49e1d531da
Add amd gpu module
2020-10-17 23:17:20 +02:00
Simon Bruder
cb07de0f12
gpu/intel: Add beignet
2020-10-17 20:23:33 +02:00
Simon Bruder
e82728080f
grub: Add 1920×1200 resolution
2020-10-17 16:51:43 +02:00
Simon Bruder
95f6544eda
Add ssd module
2020-10-17 13:14:42 +02:00
Simon Bruder
dd01dc72a8
restic: Set nice and ionice
2020-10-17 09:58:44 +02:00
Simon Bruder
5838b757f4
cli-tools: Add sensors
2020-10-16 21:41:55 +02:00
Simon Bruder
efb94ade1d
Add cpu module for intel
2020-10-16 21:26:57 +02:00
Simon Bruder
961e8fc7fc
Modularise opengl packages
2020-10-16 18:38:18 +02:00
Simon Bruder
c03ae8fbd0
Update authorized keys
2020-10-16 16:07:45 +02:00
Simon Bruder
9d0b988594
Add sayuri ssh key
2020-10-16 15:32:32 +02:00
Simon Bruder
6b071bda3c
Remove kipf ssh key
2020-10-16 15:32:08 +02:00
Simon Bruder
84ad07f5f2
Remove dev/python module
...
pyls is used with nix-shell, so no system-wide installation is needed
anymore.
2020-10-11 14:46:44 +02:00
Simon Bruder
9956ab2829
fonts: Add lmodern
2020-10-11 13:02:48 +02:00
Simon Bruder
4d6c9d6e02
Use waybar from unstable and remove pulse override
...
Waybar 0.9.3 is broken (clicking frezees modules);
6535c9f1da5d863922ac42652e3b8a31fc2ee822 updates waybar to 0.9.4.
Also, since 37e47b7f7c5e0b766a9e917f8affa23cda0c3648 pulse support is
enable by default, so there is no need for an override.
2020-10-11 11:10:25 +02:00
Simon Bruder
8b9dbe1009
Use channels.nixos.org URL for unstable channel
2020-10-11 11:08:59 +02:00
Simon Bruder
2e572e5f95
cli-tools: Add delta
2020-10-07 22:23:27 +02:00
Simon Bruder
25dd28c180
cli-tools: Add ntfs3g
2020-10-04 21:54:10 +02:00
Simon Bruder
1e8a7ee19f
fonts: Alias “system-ui” to “sans-serif”
...
Because it is Cantarell by default (?)
2020-09-26 18:10:22 +02:00
Simon Bruder
58ddb029ff
Re-enable mpv without overrides
2020-09-26 11:33:05 +02:00
Simon Bruder
db1348014e
Update to 20.09
...
MPV is disabled since the override options no longer work.
This also applies updated formatting.
2020-09-25 22:32:42 +02:00
Simon Bruder
d93165edf6
restic: Be verbose
2020-09-14 07:15:58 +02:00
Simon Bruder
8b32cc4846
Add libvirt and virt-manager
2020-09-12 20:54:10 +02:00
Simon Bruder
20ef95691b
Disable tlp
...
Recalibrating my battery does not work and just breaks charging until
the battery is removed and plugged in again.
2020-09-11 22:47:40 +02:00
Simon Bruder
b36df78a29
Add tlp
2020-09-11 18:45:46 +02:00
Simon Bruder
5368f3d28c
Add udev rules for ST-Link
2020-09-10 15:12:31 +02:00
Simon Bruder
a6466b279a
Revert "cli-tools: Add unzip"
...
This reverts commit 35dedccf68
.
When unzip is used in a script, that script should use nix-shell. For
interactive usage, 7z is preferred.
2020-09-02 13:00:49 +02:00
Simon Bruder
a7f3db1712
cli-tools: Add imagemagick
2020-09-02 00:39:46 +02:00
Simon Bruder
35dedccf68
cli-tools: Add unzip
2020-09-02 00:36:54 +02:00
Simon Bruder
94c47e815c
dev/rust: Add gcc
2020-09-01 13:44:27 +02:00
Simon Bruder
cce3173235
media: Add audacity
2020-09-01 12:37:11 +02:00
Simon Bruder
be9bd76373
prometheus-node-exporter: Enable systemd collector
2020-09-01 11:24:36 +02:00
Simon Bruder
e80cf71f04
cups: Add avahi
2020-08-30 13:20:57 +02:00
Simon Bruder
5e94daa953
cli-tools: Add aria
2020-08-30 09:59:34 +02:00
Simon Bruder
e5d99a49fa
cups: Add gutenprint
2020-08-29 23:54:35 +02:00
Simon Bruder
e4a0522fce
cli-tools: Use git-annex from unstable
...
My repositories are at version 8, so I need at least that version.
2020-08-28 12:09:53 +02:00
Simon Bruder
383333c113
media: Add flac encoder
2020-08-28 11:48:58 +02:00
Simon Bruder
7402a970a1
Remove NUR
...
It is not used anywhere.
2020-08-27 09:51:58 +02:00
Simon Bruder
9c349672fb
cli-tools: Enable pass otp extension
2020-08-27 09:48:43 +02:00
Simon Bruder
1a9456acd7
cli-tools: Use interactive variant of sqlite
2020-08-27 09:38:47 +02:00
Simon Bruder
a7cc255463
cli-tools: Remove restic
...
It is enabled as service in another module, so including it here is
redundant.
2020-08-27 09:35:36 +02:00
Simon Bruder
68addf7bd8
Use wrapper for iotop
2020-08-27 09:33:03 +02:00
Simon Bruder
2391be36a8
Use wrapper for bandwhich
2020-08-27 09:31:00 +02:00
Simon Bruder
510242e028
cli-tools: Add nmap and zmap
2020-08-26 15:47:52 +02:00
Simon Bruder
159f97a5a1
cli-tools: Add bandwhich
2020-08-26 14:28:43 +02:00
Simon Bruder
3e7431e9e9
texlive: Use full version
...
Many packages that I often use are only part of texlive-full.
2020-08-26 08:53:25 +02:00
Simon Bruder
f98781d03d
Add texlive (medium)
2020-08-26 01:08:08 +02:00
Simon Bruder
76895c4378
mpd: Disable auto update
...
Since git annex creates a directory for every file, enabling auto update
has to watch many directories which leads to hitting the
`max_user_watches` limit.
2020-08-25 22:16:53 +02:00
Simon Bruder
ea3e76c6f4
Enable vaapi when gui is enabled
2020-08-25 21:07:42 +02:00