Simon Bruder
14aa3e8d5e
Disable nano
...
I did not know that it was actually enabled on every system. This commit
replaces it with vim.
2024-06-01 13:57:51 +02:00
Simon Bruder
421beb7ea4
tools: Add nvme-cli
2024-06-01 13:57:46 +02:00
Simon Bruder
de3e4ad1bd
Only enable fwupd on EFI systems
2024-06-01 13:57:45 +02:00
Simon Bruder
76e1ec00af
Migrate docker module to podman
...
This also enables podman on mayushii.
2024-06-01 13:57:44 +02:00
Simon Bruder
5e122fcef7
Do not use gpg-agent for ssh on headless systems
2024-06-01 13:57:37 +02:00
Simon Bruder
d93d724b9f
okarin: Migrate to different VPS
...
Previously, it was hosted on Ionos’s VMware-based infrastructure. I
already had a VPS on their new KVM-based infrastructure, as I was
planning to migrate okarin to it eventually (as it is cheaper). However,
the new infrastructure does not offer PTR records for IPv6 addresses.
Therefore, I was waiting until they would implement that feature (as the
support promised me they would to in the near future).
However, they are now migrating the (at least my) guests from their
VMware hypervisors onto the KVM ones, assigning new IPv6 addresses to
them. This makes the old VPS essentially the same as the old one, but
with less memory and more expensive. So I decided to migrate now.
2024-06-01 13:57:33 +02:00
Simon Bruder
b60dbcada1
tools: Fix reptyr build in qemu-user-aarch64
...
This was already fixed in NixOS unstable:
https://github.com/NixOS/nixpkgs/pull/292342
2024-06-01 13:54:20 +02:00
Simon Bruder
11609eb96f
authoritative-dns: Drop INWX secondaries
2024-06-01 13:54:04 +02:00
Simon Bruder
8f1d0a149c
node_exporter: Disable ARP netlink collector
...
It currently fails (logging an error message on every scrape). This
disables the netlink collector, making it fall back to reading ARP
entries from /proc/net/arp.
2024-02-24 20:52:38 +01:00
Simon Bruder
a9f86e7ced
Fix resolving FQDN when resolved is enabled
2024-02-24 19:21:56 +01:00
Simon Bruder
3816e6fc5d
authoritative-dns: Add renge, yuzuru to secondaries
2024-02-24 13:22:17 +01:00
Simon Bruder
5375a858bd
Replace steam with flatpak
...
I am no longer willing to accept hours upon hours of debugging just to
get the client to work. I don’t get why they would ship a 32-bit GTK2
executable that uses CEF with its sandbox disabled in 2024. Obviously,
this makes debugging quite hard as things don’t work well, even when
they work. This leaves red herrings everywhere (“Is this segfault a
symptom of the issue I’m facing or is that also happening to other users
where it works fine?”).
Flatpak also seems to have quite good sandboxing features when Flatseal
is used for every application to take away any unnecessary permissions.
2024-02-23 19:21:11 +01:00
Simon Bruder
7f8859f85b
mailserver/postfix: Update copyright year
...
This was forgotten in c944812a68
and
242a2315be
.
2024-02-15 13:10:42 +01:00
Simon Bruder
242a2315be
mailserver: Disallow requesting DSN over SMTP
...
This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
2024-02-03 01:15:17 +01:00
Simon Bruder
c944812a68
mailserver: Extend Received header with TLS info
2024-02-03 00:12:05 +01:00
Simon Bruder
9caef40c21
wkd: Init
2024-01-27 17:22:53 +01:00
Simon Bruder
e600e15141
nitrokey: Only enable on bare metal
2024-01-22 17:31:57 +01:00
Simon Bruder
04c7bc089f
nitrokey: Force learn keys from card on plug
...
This allows the signing key to be shared among multiple nitrokeys.
2024-01-22 17:31:56 +01:00
Simon Bruder
04a0a6e5ff
nitrokey: Fix module
...
For some reason, using the // atribute set merge operator does not work
here.
2024-01-22 17:31:54 +01:00
Simon Bruder
54218c7278
Use Nitrokey as PGP smartcard
2024-01-22 17:31:53 +01:00
Simon Bruder
226ce5035e
qbittorrent/exporter: Expose source code
2024-01-22 17:31:50 +01:00
Simon Bruder
ab600a2b16
qbittorrent/exporter: Replace deprecated calls
2024-01-21 21:12:57 +01:00
Simon Bruder
10b8d432d5
Relicense
...
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:39:22 +01:00
Simon Bruder
da349a7113
nginx-iteractive-index: Reimplement humanFileSize
...
The previous implementation was copy-pasted from a source that did not
allow redistribution or sublicensing. Therefore, I reimplemented the
function myself.
2024-01-10 21:31:54 +01:00
Simon Bruder
492af23f17
static-webserver: Specify default for deploy keys
2024-01-06 01:35:42 +01:00
Simon Bruder
e48f367afd
static-webserver: Add optional imprint
2024-01-06 01:34:52 +01:00
Simon Bruder
26d85e97aa
infovhost: Init
...
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder
0393661579
yuzuru: Init
2024-01-03 11:44:34 +01:00
Simon Bruder
2a5da89f53
Do not enable fwupd on virtual machines
...
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder
eef5f9b617
renge: Migrate to larger server
2023-12-31 17:31:17 +01:00
Simon Bruder
abccb6f9e0
initrd-ssh: Make /boot only accessible for root
2023-12-31 17:31:17 +01:00
Simon Bruder
0318ca56f9
Use gpg-agent as ssh agent
2023-12-20 23:55:42 +01:00
Simon Bruder
9107ce034c
nitrokey: Init
2023-12-20 16:53:42 +01:00
Simon Bruder
cd47e1da97
qbittorrent: Fix DNS in systemd service
...
With the host’s nsswitch, it tries to query nscd, which fails as the
socket is inaccessible.
2023-12-17 18:03:40 +01:00
Simon Bruder
47998fddd0
media-proxy: Use subdomains instead of paths
...
This should help with isolating the different services.
2023-12-16 11:56:04 +01:00
Simon Bruder
80fcaab244
nginx: Make recommended settings global
2023-12-16 10:19:20 +01:00
Simon Bruder
e126adc38d
authoritative-dns: Migrate to settings
2023-12-02 18:54:48 +01:00
Simon Bruder
ba843ac8c0
Upgrade to 23.11
...
Flake lock file updates:
• Updated input 'bang-evaluator':
'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01 ' (2021-08-01)
→ 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9 ' (2023-12-02)
• Updated input 'home-manager':
'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
→ 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
→ 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
→ 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
→ 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
→ 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43 ' (2023-10-04)
→ 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71 ' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
→ 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
→ 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
→ 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
→ 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
→ 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder
f39ce20c60
static-webserver: Init
...
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder
e897207daa
tools: Add rlwrap
2023-11-14 16:05:26 +01:00
Simon Bruder
1dc5b83380
pipewire: Enable jack
2023-11-12 01:00:25 +01:00
Simon Bruder
4f536a00d2
Switch home domain to shinonome-lab.de
...
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.
This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder
82d26cc548
dns: Do not log stats requests
2023-10-27 23:32:36 +02:00
Simon Bruder
af1d41ffda
dns: Add prometheus exporter
2023-10-26 01:18:17 +02:00
Simon Bruder
8519bada60
authoritative-dns: Init
2023-10-25 21:16:43 +02:00
Simon Bruder
dc3a17ffe0
wireguard/support: Remove DNS records for peers
...
For this use case, DNS is not very useful.
2023-10-23 19:38:00 +02:00
Simon Bruder
bb5937c686
vnstat: Use UTC in database
2023-10-15 17:07:16 +02:00
Simon Bruder
816004e80b
restic: Use QoS instead of uploadLimit
...
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.
The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder
91eb90e9c3
Enable nftables by default
2023-10-07 13:50:18 +02:00
Simon Bruder
3e1cd23aea
tools: Use bandwhich from unstable
2023-10-04 23:42:01 +02:00