Commit graph

154 commits

Author SHA1 Message Date
Simon Bruder 56b9c6c37f
Add module for on-demand usage of mullvad
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.

Fixes #32.
2021-05-31 23:02:11 +02:00
Simon Bruder 6f31ded457
fuuko/wordclock: Use 15 character long password
```cpp
    struct {
      char domain[32];
      char clientId[16];
      char user[16];
      char password[16];
    } mqtt;
```

(f637c2f39e/PersistentStorage.h)

This went unnoticed, because on NixOS, mosquitto does not validate
passwords by default.
2021-05-28 23:08:20 +02:00
Simon Bruder c918486622
fuuko/mqtt: Make compatible with Mosquitto 2
This now requires authenticating with a valid password, which it
apparently didn’t do before?
2021-05-28 23:05:22 +02:00
Simon Bruder de3f8f8909
restic: Make restic prune regularily on fuuko
Closes #41.
2021-05-28 15:01:06 +02:00
Simon Bruder d3d41da2bc
vueko/murmur: Explicitly set murmur as system user 2021-05-28 14:24:25 +02:00
Simon Bruder e80a0b0c07
vueko/radicale: Use services.radicale.settings 2021-05-28 14:24:02 +02:00
Simon Bruder 7d7da189d0
nunotaba: Reinstall on btrfs filesystem 2021-05-28 14:05:14 +02:00
Simon Bruder 6cb59d0149
nunotaba: Use performance cpuFreqGovernor
With kernel 5.10 powersave is stuck at 798 MHz for some reason.
2021-05-28 14:05:13 +02:00
Simon Bruder 091f6b0e14
Update to 21.05
This still uses the relase-21.05 branch which should later be changed to
nixos-21.05.
2021-05-28 14:04:53 +02:00
Simon Bruder 36c0c67e36
sayuri: Update specs in readme 2021-05-27 18:06:34 +02:00
Simon Bruder d64f4a8741
vueko/mail: Add alias 2021-05-25 09:48:25 +02:00
Simon Bruder 71209d0cc8
vueko/mail: Add alias 2021-05-21 12:30:36 +02:00
Simon Bruder 961b497609
vueko/mail: Add alias 2021-05-17 19:05:24 +02:00
Simon Bruder 2c8a291ae9
Make flake inputs available as module argument
This moves a bunch of stuff out of flake.nix into the modules they
belong to. This removes complexity from flake.nix and gives the project
a more organised structure.

Sadly, it is not possible to import modules from a flake outside of
flake.nix, since that leads to an infinite recursion (`config` has to be
evaluated before `config._modules.args.inputs` is available but `config`
depends on an import from `config._modules.args.inputs`). Therefore, the
`extraModules` argument in `machines/default.nix` has to be used for
that (it now has access to all flake inputs).
2021-05-15 10:04:44 +02:00
Simon Bruder 531060668a
fuuko/hydra: Show logs after build is completed 2021-05-15 00:01:04 +02:00
Simon Bruder 9f70024257
fuuko/hydra: Make serving build artifacts work
hydra-server.service does not have access to the signing key.
2021-05-13 14:23:10 +02:00
Simon Bruder dc1698ffaa
fuuko: Add hydra 2021-05-13 13:07:17 +02:00
Simon Bruder ca2136ef04
sayuri: Allow discards on data ssd 2021-05-07 14:37:53 +02:00
Simon Bruder d3ec5f4ba1
sayuri: Reinstall on NVMe ssd 2021-05-04 23:15:05 +02:00
Simon Bruder c3a3d8a12a
Adapt documentation to current configuration 2021-05-04 21:45:05 +02:00
Simon Bruder 2bf9577b61
vueko/mail: Add alias 2021-05-03 19:33:53 +02:00
Simon Bruder 10ced7f2bb
fuuko/torrent: Make socat work after forced stop
This should improve behavour after e.g. a power outage.
2021-05-03 10:17:00 +02:00
Simon Bruder 440fc97f7f
AriaNg: Include as flake 2021-05-03 10:16:59 +02:00
Simon Bruder 51f814c70d
fuuko/go-neb: Use sops for secrets 2021-05-03 10:16:59 +02:00
Simon Bruder 84c72583fe
fuuko/drone-runner-exec: Use unstable nix
This also adds /etc/static as read-only path to the sandbox, since
otherwise /etc/nix/nix.conf can’t be read.
2021-05-01 18:31:05 +02:00
Simon Bruder 400b55a293
Convert to flake
Fixes #3.
2021-05-01 17:36:58 +02:00
Simon Bruder 7d19c9b039
sayuri: Use radeontop from unstable 2021-04-25 09:54:49 +02:00
Simon Bruder 78f4579556
vueko/mail: Add alias 2021-04-23 10:21:11 +02:00
Simon Bruder 08b8fce2d4
fuuko/gitea: Store session on disk 2021-04-19 14:35:42 +02:00
Simon Bruder 4af55ba3e9
vueko/mail: Add alias 2021-04-17 12:15:43 +02:00
Simon Bruder e070cb9107
vueko/mail: Add alias 2021-04-17 10:56:15 +02:00
Simon Bruder 438fad34fb
vueko/mail: Reorganise vim folds 2021-04-17 10:47:07 +02:00
Simon Bruder cd30750fdc
fuuko/media-backup: Init
Fixes #49.
2021-04-16 17:13:46 +02:00
Simon Bruder b9abd825cb
vueko/mail: Add alias 2021-04-14 15:43:16 +02:00
Simon Bruder ec09bbf6c6
fuuko/gitea: Remove version override
Version 1.14.0 has been released and is in nixpkgs.
2021-04-13 09:08:04 +02:00
Simon Bruder 602573cd34
fuuko/dnsmasq: Reliably work after reboot 2021-04-10 23:23:46 +02:00
Simon Bruder bb8c54065a
fuuko/drone/runner-exec: Remove port collision with grafana
Drone docs [1] say “Overriding this value is not recommended”, however I
do not see why I should not be able to change it.

[1] https://docs.drone.io/runner/exec/configuration/reference/drone-http-bind/
2021-04-10 23:21:46 +02:00
Simon Bruder 746581ceba
fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH 2021-04-10 20:16:08 +02:00
Simon Bruder bed82e297c
sayuri: Migrate to sops
Fixes #38.
2021-04-10 11:58:50 +02:00
Simon Bruder 5dff1a426f
fuuko/binary-cache: Add nar-serve 2021-04-08 21:40:14 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder 68fbc9e185
fuuko/go-neb: Notify room if alert is firing 2021-04-08 10:04:30 +02:00
Simon Bruder 9dbd7f9c85
vueko/coturn: Manage shared secret with sops
This requires not using the NixOS module, since it does not support
loading it from a file.
2021-04-07 12:23:48 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder d253f74a06
sayuri: Fill in purpose section of readme
Also, next time try to spell FIXME the right way so I don’t notice this
months after setting the machine up.
2021-04-05 13:38:33 +02:00
Simon Bruder 5c4284d68c
fuuko: Add dnsmasq prometheus exporter 2021-04-05 13:18:43 +02:00
Simon Bruder c26539e607
fuuko/prometheus: Actually show node name in alerts 2021-04-04 14:34:44 +02:00
Simon Bruder 1b08afd515
fuuko/gitea: Also use ed25519 ssh key 2021-04-04 11:18:34 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ac7e1c1123
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00