Commit graph

69 commits

Author SHA1 Message Date
Simon Bruder 8091bae559
ausweisapp: Init 2022-07-24 18:06:54 +02:00
Simon Bruder a68420ca69
Sort modules includes 2022-07-08 11:51:04 +02:00
Simon Bruder 22d017999f
syncthing: Init 2022-07-08 11:51:04 +02:00
Simon Bruder d177dcc710
Allow users to set set allow_other for fuse mounts 2022-06-15 00:45:51 +02:00
Simon Bruder 0bb4f4204d
Use new option for ACME email address 2022-05-31 15:04:53 +02:00
Simon Bruder 4712cd20be
media-mount: Init 2022-05-14 17:50:11 +02:00
Simon Bruder 606b203205
zsh: Globally set histsize to 100000
Otherwise this occasionally deletes my user’s history if the user config
is not fully loaded yet.
2022-04-28 09:32:03 +02:00
Simon Bruder da56357ad8
zsh: Disable globbing of # globally
Otherwise using nix shell et al. as root is a pain.
2022-03-26 12:37:11 +01:00
Simon Bruder faa84c574d
qbittorrent: Init module 2022-03-18 22:14:09 +01:00
Simon Bruder 175b5e1ef1
logitech: Init 2022-02-09 07:24:23 +01:00
Simon Bruder cc8727fa80
Use nixFlakes instead of nixUnstable 2021-12-01 18:32:51 +01:00
Simon Bruder b1f4b8b4b5
Add option to mark host as untrusted
This can be used to deploy a host that does not have access to the main
sops secrets file, e.g. because it does not have an encrypted root
partition.
2021-11-01 10:08:23 +01:00
Simon Bruder 9190c83c97
Fix ntfs support 2021-09-10 18:01:52 +02:00
Simon Bruder 29f0a5017f
programs: Move virt-manager to user profile 2021-08-28 11:24:51 +02:00
Simon Bruder 49aa48366a
games: Move to separate module 2021-08-06 18:55:10 +02:00
Simon Bruder 6ac026a535
Enable fwupd on full systems 2021-08-04 16:52:11 +02:00
Simon Bruder 8b9eb54806
games: Conditionally add emulators
This uses a crude arbitrary number to only install them onto machines
that can actually run them.
2021-07-26 20:44:46 +02:00
Simon Bruder 7959abe5f0
pipewire: Init and replace pulseaudio 2021-07-10 12:44:09 +02:00
Simon Bruder 56b9c6c37f
Add module for on-demand usage of mullvad
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.

Fixes #32.
2021-05-31 23:02:11 +02:00
Simon Bruder 400b55a293
Convert to flake
Fixes #3.
2021-05-01 17:36:58 +02:00
Simon Bruder 8a339c51a2
Show system closure diff on activation 2021-04-25 09:50:03 +02:00
Simon Bruder feb82fca2e
nix: Make netrc readable by wheel group
This also splits the nix configuration from the default module into its
own file.
2021-04-09 11:34:49 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder 07d4260b95
nix: Use daemonNiceLevel instead of CPUSchedulingPolicy 2021-04-08 15:42:49 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder e94c72e42e
Add open ports for quick tests 2021-03-29 22:26:10 +02:00
Simon Bruder a7ad88a5ec
Include unstable channel as overlay
This allows nix cli tools to access unstable from niv’s pinned rev
(instead of having to rely on uncached and unpinned
channel:nixos-unstable). Also packageOverrides might get
deprecated/removed[1] eventually.

[1]: https://github.com/NixOS/nixpkgs/issues/43266
2021-03-29 12:03:58 +02:00
Simon Bruder 270f20d05b
Add nginx hardening option 2021-03-05 15:58:53 +01:00
Simon Bruder 83f1c69713
restic/system: Constantly use system for naming
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
2021-02-28 12:22:43 +01:00
Simon Bruder e0ef586e5e
nginx-interactive-index: Init 2021-02-18 12:10:03 +01:00
Simon Bruder eb97e936ed
zsh: Use grml config system wide 2021-02-14 13:29:51 +01:00
Simon Bruder 15cdd42845
Remove global swapiness
All machines should either import <nixpkgs-hardware/common/pc/hdd> or
<nixpkgs-hardware/common/pc/ssd> if they have swap.
2021-02-08 23:20:31 +01:00
Simon Bruder 29c6d37142
Remove journald extra configuration
Since `Storage=persistent` is the default in NixOS, it is not needed.
2021-02-08 23:19:02 +01:00
Simon Bruder 9c62905442
mailserver: Add module 2021-02-06 12:48:05 +01:00
Simon Bruder 998d47fd1a
nix: Only keep outputs and drvs on full systems 2021-02-05 17:19:19 +01:00
Simon Bruder 1437601d5a
Reduce locales and disable docs on small systems 2021-02-05 15:36:51 +01:00
Simon Bruder 520d750404
firewall: Entirely disable reverse path checking
This hopefully fixes #26 (or more specific a regression caused by it,
see the comment in the issue). I didn’t test it for long, but it seems
to work.
2021-02-02 21:40:30 +01:00
Simon Bruder 34c801c7e9
Make it possible to disable smartd per-machine
On virtual machines it does not make much sense to have it activated
(also the service fails to start).
2021-02-01 17:03:26 +01:00
Simon Bruder cce86ac2c9
pkgs: Add wordclock-dimmer (including module) 2021-01-31 19:48:18 +01:00
Simon Bruder a02d3cb883
Use separate state version for every machine
This also uses the system state version as the home-manager state
version.

Fixes #35.
2021-01-31 12:21:05 +01:00
Simon Bruder f211bae4e2
Globally set Let’s Encrypt requirements 2021-01-31 12:21:05 +01:00
Simon Bruder 05a72217aa
Use nixos-hardware for hardware configuration
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).

Closes #21.
2021-01-29 15:50:16 +01:00
Simon Bruder 603a006df8
Make routing all traffic over wireguard tunnel work
Fixes #26 (regression introduced in
126a0dad4b)

This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
2021-01-24 14:44:00 +01:00
Simon Bruder c1283b6ffa
Add option to disable large packages
Fixes #27

This adds the `sbruder.full` option (enabled by default), which disables
some otherwise enabled packages/modules when disabled. When setting it
to false on a full gui system it reduces the size of the system closure
by over 50%. It is intended for systems with low (main) disk space.
2021-01-20 16:23:18 +01:00
Simon Bruder 126a0dad4b
Enable firewall by default
Fixes #25
2021-01-17 11:03:54 +01:00
Simon Bruder 7152112076
home/games: Add module and option 2021-01-07 18:29:18 +01:00
Simon Bruder 37c54887b9
Add custom overlay
Fixes #20
2021-01-07 17:10:32 +01:00
Simon Bruder a44f1fd1ac
Add optional ssh server to initrd 2021-01-07 13:39:25 +01:00
Simon Bruder 7b2da0349c
Overhaul secrets management 2021-01-06 13:09:29 +01:00
Simon Bruder 131d0cc1a5
Add options for unfree software and assets 2021-01-03 17:11:22 +01:00