Commit graph

407 commits

Author SHA1 Message Date
Simon Bruder 14aa3e8d5e
Disable nano
I did not know that it was actually enabled on every system. This commit
replaces it with vim.
2024-06-01 13:57:51 +02:00
Simon Bruder 421beb7ea4
tools: Add nvme-cli 2024-06-01 13:57:46 +02:00
Simon Bruder de3e4ad1bd
Only enable fwupd on EFI systems 2024-06-01 13:57:45 +02:00
Simon Bruder 76e1ec00af
Migrate docker module to podman
This also enables podman on mayushii.
2024-06-01 13:57:44 +02:00
Simon Bruder 5e122fcef7
Do not use gpg-agent for ssh on headless systems 2024-06-01 13:57:37 +02:00
Simon Bruder d93d724b9f
okarin: Migrate to different VPS
Previously, it was hosted on Ionos’s VMware-based infrastructure. I
already had a VPS on their new KVM-based infrastructure, as I was
planning to migrate okarin to it eventually (as it is cheaper). However,
the new infrastructure does not offer PTR records for IPv6 addresses.
Therefore, I was waiting until they would implement that feature (as the
support promised me they would to in the near future).

However, they are now migrating the (at least my) guests from their
VMware hypervisors onto the KVM ones, assigning new IPv6 addresses to
them. This makes the old VPS essentially the same as the old one, but
with less memory and more expensive. So I decided to migrate now.
2024-06-01 13:57:33 +02:00
Simon Bruder b60dbcada1
tools: Fix reptyr build in qemu-user-aarch64
This was already fixed in NixOS unstable:
https://github.com/NixOS/nixpkgs/pull/292342
2024-06-01 13:54:20 +02:00
Simon Bruder 11609eb96f
authoritative-dns: Drop INWX secondaries 2024-06-01 13:54:04 +02:00
Simon Bruder 8f1d0a149c
node_exporter: Disable ARP netlink collector
It currently fails (logging an error message on every scrape). This
disables the netlink collector, making it fall back to reading ARP
entries from /proc/net/arp.
2024-02-24 20:52:38 +01:00
Simon Bruder a9f86e7ced
Fix resolving FQDN when resolved is enabled 2024-02-24 19:21:56 +01:00
Simon Bruder 3816e6fc5d
authoritative-dns: Add renge, yuzuru to secondaries 2024-02-24 13:22:17 +01:00
Simon Bruder 5375a858bd
Replace steam with flatpak
I am no longer willing to accept hours upon hours of debugging just to
get the client to work. I don’t get why they would ship a 32-bit GTK2
executable that uses CEF with its sandbox disabled in 2024. Obviously,
this makes debugging quite hard as things don’t work well, even when
they work. This leaves red herrings everywhere (“Is this segfault a
symptom of the issue I’m facing or is that also happening to other users
where it works fine?”).

Flatpak also seems to have quite good sandboxing features when Flatseal
is used for every application to take away any unnecessary permissions.
2024-02-23 19:21:11 +01:00
Simon Bruder 7f8859f85b
mailserver/postfix: Update copyright year
This was forgotten in c944812a68 and
242a2315be.
2024-02-15 13:10:42 +01:00
Simon Bruder 242a2315be
mailserver: Disallow requesting DSN over SMTP
This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
2024-02-03 01:15:17 +01:00
Simon Bruder c944812a68
mailserver: Extend Received header with TLS info 2024-02-03 00:12:05 +01:00
Simon Bruder 9caef40c21
wkd: Init 2024-01-27 17:22:53 +01:00
Simon Bruder e600e15141
nitrokey: Only enable on bare metal 2024-01-22 17:31:57 +01:00
Simon Bruder 04c7bc089f
nitrokey: Force learn keys from card on plug
This allows the signing key to be shared among multiple nitrokeys.
2024-01-22 17:31:56 +01:00
Simon Bruder 04a0a6e5ff
nitrokey: Fix module
For some reason, using the // atribute set merge operator does not work
here.
2024-01-22 17:31:54 +01:00
Simon Bruder 54218c7278
Use Nitrokey as PGP smartcard 2024-01-22 17:31:53 +01:00
Simon Bruder 226ce5035e
qbittorrent/exporter: Expose source code 2024-01-22 17:31:50 +01:00
Simon Bruder ab600a2b16
qbittorrent/exporter: Replace deprecated calls 2024-01-21 21:12:57 +01:00
Simon Bruder 10b8d432d5
Relicense
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:39:22 +01:00
Simon Bruder da349a7113
nginx-iteractive-index: Reimplement humanFileSize
The previous implementation was copy-pasted from a source that did not
allow redistribution or sublicensing. Therefore, I reimplemented the
function myself.
2024-01-10 21:31:54 +01:00
Simon Bruder 492af23f17
static-webserver: Specify default for deploy keys 2024-01-06 01:35:42 +01:00
Simon Bruder e48f367afd
static-webserver: Add optional imprint 2024-01-06 01:34:52 +01:00
Simon Bruder 26d85e97aa
infovhost: Init
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder 0393661579
yuzuru: Init 2024-01-03 11:44:34 +01:00
Simon Bruder 2a5da89f53
Do not enable fwupd on virtual machines
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder eef5f9b617
renge: Migrate to larger server 2023-12-31 17:31:17 +01:00
Simon Bruder abccb6f9e0
initrd-ssh: Make /boot only accessible for root 2023-12-31 17:31:17 +01:00
Simon Bruder 0318ca56f9
Use gpg-agent as ssh agent 2023-12-20 23:55:42 +01:00
Simon Bruder 9107ce034c
nitrokey: Init 2023-12-20 16:53:42 +01:00
Simon Bruder cd47e1da97
qbittorrent: Fix DNS in systemd service
With the host’s nsswitch, it tries to query nscd, which fails as the
socket is inaccessible.
2023-12-17 18:03:40 +01:00
Simon Bruder 47998fddd0
media-proxy: Use subdomains instead of paths
This should help with isolating the different services.
2023-12-16 11:56:04 +01:00
Simon Bruder 80fcaab244
nginx: Make recommended settings global 2023-12-16 10:19:20 +01:00
Simon Bruder e126adc38d
authoritative-dns: Migrate to settings 2023-12-02 18:54:48 +01:00
Simon Bruder ba843ac8c0
Upgrade to 23.11
Flake lock file updates:

• Updated input 'bang-evaluator':
    'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01)
  → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
  → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
  → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
  → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
    'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04)
  → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
    'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
  → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
  → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
    follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
  → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder f39ce20c60
static-webserver: Init
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder e897207daa
tools: Add rlwrap 2023-11-14 16:05:26 +01:00
Simon Bruder 1dc5b83380
pipewire: Enable jack 2023-11-12 01:00:25 +01:00
Simon Bruder 4f536a00d2
Switch home domain to shinonome-lab.de
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.

This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder 82d26cc548
dns: Do not log stats requests 2023-10-27 23:32:36 +02:00
Simon Bruder af1d41ffda
dns: Add prometheus exporter 2023-10-26 01:18:17 +02:00
Simon Bruder 8519bada60
authoritative-dns: Init 2023-10-25 21:16:43 +02:00
Simon Bruder dc3a17ffe0
wireguard/support: Remove DNS records for peers
For this use case, DNS is not very useful.
2023-10-23 19:38:00 +02:00
Simon Bruder bb5937c686
vnstat: Use UTC in database 2023-10-15 17:07:16 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder 91eb90e9c3
Enable nftables by default 2023-10-07 13:50:18 +02:00
Simon Bruder 3e1cd23aea
tools: Use bandwhich from unstable 2023-10-04 23:42:01 +02:00