Commit graph

377 commits

Author SHA1 Message Date
Simon Bruder a102f691a6
tools: Add ssh-to-pgp 2021-04-06 10:21:48 +02:00
Simon Bruder 37f95b3d79
ssh: Add global known hosts
Fixes #47.
2021-04-04 11:29:31 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ce7425d8c4
Remove issei from vpn and prometheus 2021-04-02 18:13:09 +02:00
Simon Bruder e94c72e42e
Add open ports for quick tests 2021-03-29 22:26:10 +02:00
Simon Bruder a7ad88a5ec
Include unstable channel as overlay
This allows nix cli tools to access unstable from niv’s pinned rev
(instead of having to rely on uncached and unpinned
channel:nixos-unstable). Also packageOverrides might get
deprecated/removed[1] eventually.

[1]: https://github.com/NixOS/nixpkgs/issues/43266
2021-03-29 12:03:58 +02:00
Simon Bruder c8b7a9c8e9
gui: Install adwaita icons system-wide 2021-03-27 13:22:34 +01:00
Simon Bruder c1992958bf
media-proxy: Start after network is online 2021-03-27 12:45:43 +01:00
Simon Bruder 58c72c3200
Allow build on machines that are missing secrets 2021-03-21 11:36:14 +01:00
Simon Bruder 9b9f574d52
tools: Add dmidecode 2021-03-10 15:49:53 +01:00
Simon Bruder d73da1a131
restic/system: Limit upload to 1.5M by default 2021-03-08 18:46:35 +01:00
Simon Bruder 07f152cb20
fuuko: Add media file index 2021-03-08 15:40:41 +01:00
Simon Bruder 878bdd30d5
fuuko: Add ftp server and scan converter 2021-03-08 15:30:04 +01:00
Simon Bruder 542a89ef57
sayuri: Add foldingathome specialisation 2021-03-06 15:32:18 +01:00
Simon Bruder 270f20d05b
Add nginx hardening option 2021-03-05 15:58:53 +01:00
Simon Bruder 83f1c69713
restic/system: Constantly use system for naming
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
2021-02-28 12:22:43 +01:00
Simon Bruder d7272e9db3
restic: Simplify timerConfig
The upstream restic module validates the types anyway, so I can drop the
ugly expression to copy the option.
2021-02-28 12:22:42 +01:00
Simon Bruder 6a8904011a
restic: Fix typo in excludes filename 2021-02-28 12:22:42 +01:00
Simon Bruder c77328af22
Replace builtins with lib where possible 2021-02-27 19:57:00 +01:00
Simon Bruder 2a4e358502
node_exporter: Disable rapl collector
It does not work since the service does not have permission and
therefore writes errors into the journal every scrape.
2021-02-21 00:06:16 +01:00
Simon Bruder 13876617f5
node_exporter: Fix name of systemd collector 2021-02-21 00:04:26 +01:00
Simon Bruder 785bb2214b
wireguard/home: Add dns server 2021-02-20 19:57:10 +01:00
Simon Bruder be7e67cf1f
wireguard/home: Make vueko central server
This also restructures the wireguard/home configuration, since now
better peer management is possible.
2021-02-20 19:57:04 +01:00
Simon Bruder c921c2802a
tools: Add compsize 2021-02-20 12:47:27 +01:00
Simon Bruder e0ef586e5e
nginx-interactive-index: Init 2021-02-18 12:10:03 +01:00
Simon Bruder b00498f23d
tools: Add hdparm 2021-02-14 15:30:44 +01:00
Simon Bruder eb97e936ed
zsh: Use grml config system wide 2021-02-14 13:29:51 +01:00
Simon Bruder 15cdd42845
Remove global swapiness
All machines should either import <nixpkgs-hardware/common/pc/hdd> or
<nixpkgs-hardware/common/pc/ssd> if they have swap.
2021-02-08 23:20:31 +01:00
Simon Bruder 29c6d37142
Remove journald extra configuration
Since `Storage=persistent` is the default in NixOS, it is not needed.
2021-02-08 23:19:02 +01:00
Simon Bruder 78c9a2cab9
tools: Add (r)age 2021-02-08 19:17:13 +01:00
Simon Bruder 62f1dbe30f
mailserver: Disable recipient_restrictions for submission
Otherwise, sending mails to slow destinations might fail (with the
client throwing an error).
2021-02-06 16:51:10 +01:00
Simon Bruder 9c62905442
mailserver: Add module 2021-02-06 12:48:05 +01:00
Simon Bruder 335f2908e7
tools: Add ccze 2021-02-05 17:51:29 +01:00
Simon Bruder 5ed071c0ed
Move admin tools to system tools
Fixes #37.

This also removes some tools from the user profile since I do not need
them anymore.
2021-02-05 17:34:34 +01:00
Simon Bruder 998d47fd1a
nix: Only keep outputs and drvs on full systems 2021-02-05 17:19:19 +01:00
Simon Bruder 1437601d5a
Reduce locales and disable docs on small systems 2021-02-05 15:36:51 +01:00
Simon Bruder 520d750404
firewall: Entirely disable reverse path checking
This hopefully fixes #26 (or more specific a regression caused by it,
see the comment in the issue). I didn’t test it for long, but it seems
to work.
2021-02-02 21:40:30 +01:00
Simon Bruder 34c801c7e9
Make it possible to disable smartd per-machine
On virtual machines it does not make much sense to have it activated
(also the service fails to start).
2021-02-01 17:03:26 +01:00
Simon Bruder cce86ac2c9
pkgs: Add wordclock-dimmer (including module) 2021-01-31 19:48:18 +01:00
Simon Bruder a02d3cb883
Use separate state version for every machine
This also uses the system state version as the home-manager state
version.

Fixes #35.
2021-01-31 12:21:05 +01:00
Simon Bruder f211bae4e2
Globally set Let’s Encrypt requirements 2021-01-31 12:21:05 +01:00
Simon Bruder 05a72217aa
Use nixos-hardware for hardware configuration
This removes the manual modules that use options to activate hardware
configuration. It seems to general (e.g. newer Intel GPUs require
different opencl icd) or not flexible enough (in case of the ssd
module).

Closes #21.
2021-01-29 15:50:16 +01:00
Simon Bruder 603a006df8
Make routing all traffic over wireguard tunnel work
Fixes #26 (regression introduced in
126a0dad4b)

This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
2021-01-24 14:44:00 +01:00
Simon Bruder bcbd5e772a
gui: Use better way to enable 32bit opengl support 2021-01-24 12:51:56 +01:00
Simon Bruder 428e8103d9
tools/adb: Use proper way to determine if x86_64 2021-01-20 16:40:36 +01:00
Simon Bruder d8b8e5de93
libvirt: Remove custom option 2021-01-20 16:31:59 +01:00
Simon Bruder e5f90116e8
network-manager: Reformat module 2021-01-20 16:28:52 +01:00
Simon Bruder 64ef37badd
Move global lidSwitchDocked setting to nunotaba 2021-01-20 16:27:51 +01:00
Simon Bruder c1283b6ffa
Add option to disable large packages
Fixes #27

This adds the `sbruder.full` option (enabled by default), which disables
some otherwise enabled packages/modules when disabled. When setting it
to false on a full gui system it reduces the size of the system closure
by over 50%. It is intended for systems with low (main) disk space.
2021-01-20 16:23:18 +01:00
Simon Bruder 9cdf89fe15
firewall: Trust wg-home
Fixes regression introduced in 126a0dad4b.
2021-01-18 00:05:18 +01:00
Simon Bruder 21a8f5a358
Make docker optional 2021-01-17 19:32:01 +01:00
Simon Bruder 126a0dad4b
Enable firewall by default
Fixes #25
2021-01-17 11:03:54 +01:00
Simon Bruder 39742c8fbd
restic: Remove hostname from service name 2021-01-08 21:33:45 +01:00
Simon Bruder 7152112076
home/games: Add module and option 2021-01-07 18:29:18 +01:00
Simon Bruder 37c54887b9
Add custom overlay
Fixes #20
2021-01-07 17:10:32 +01:00
Simon Bruder a44f1fd1ac
Add optional ssh server to initrd 2021-01-07 13:39:25 +01:00
Simon Bruder 9a65a81c3c
tools: Only enable adb on x86_64-linux
Since it at least fails to build on aarch64.
2021-01-06 23:40:52 +01:00
Simon Bruder 7b2da0349c
Overhaul secrets management 2021-01-06 13:09:29 +01:00
Simon Bruder 3d73519a76
Make building without unfree software/assets work
This either removes the packages or replaces them with free packages.
2021-01-03 17:11:22 +01:00
Simon Bruder 131d0cc1a5
Add options for unfree software and assets 2021-01-03 17:11:22 +01:00
Simon Bruder 337ef729e1
sway: wallpaper: Specify license 2021-01-03 15:46:08 +01:00
Simon Bruder 9c51d36c4d
Use fetchpatch to fetch patches 2021-01-02 10:58:08 +01:00
Simon Bruder fa8323bddc
Enable rar support of p7zip 2021-01-01 13:00:38 +01:00
Simon Bruder a16b0e260c
gui: Add 32bit OpenGL 2021-01-01 12:33:13 +01:00
Simon Bruder 58d667f6b8
sway: Rename to gui 2021-01-01 12:32:55 +01:00
Simon Bruder cb913a9b00
Add media-proxy
This also adds secrets management for nginx. It is far from perfect
(e.g. nginx does not get reloaded when a secret changes).
2020-12-31 15:44:24 +01:00
Simon Bruder a34d5a110a
Disable command-not-found 2020-12-25 16:41:48 +01:00
Simon Bruder e487cf4720
Only enable node exporter when wg-home is enabled 2020-12-22 12:09:14 +01:00
Simon Bruder b435e1a182
restic: Parameterise extra paths and excludes 2020-12-21 13:09:25 +01:00
Simon Bruder 5937065d0e
restic: Clean up excludes 2020-12-21 13:08:22 +01:00
Simon Bruder 931c7ee91b
restic: Add restic-auth authentication wrapper 2020-12-21 12:54:33 +01:00
Simon Bruder 3d146db55c
restic: Make repository variable (in module) 2020-12-21 12:50:30 +01:00
Simon Bruder f0e2843d19
Reformat restic module 2020-12-21 12:33:46 +01:00
Simon Bruder 5f56b5a3a7
Set monetary locale to use Euro 2020-12-20 17:10:22 +01:00
Simon Bruder 208922d9f9
Fix nix run
It requires an explicit `nixpkgs=` entry in `NIX_PATH` to work.
2020-12-13 17:57:09 +01:00
Simon Bruder 94d625784a
Pin unstable nixpkgs version 2020-12-13 17:57:09 +01:00
Simon Bruder 903041b6e1
Use pass for secrets management
Fixes #4
2020-12-13 17:57:08 +01:00
Simon Bruder 049e02089f
Set NIX_PATH to krops sources 2020-12-12 16:15:43 +01:00
Simon Bruder 91cd41286b
Add video4linux2loopback 2020-12-08 18:55:33 +01:00
Simon Bruder 0bbfafcafb
Make nix keep output of derivations with gc root 2020-12-06 13:58:46 +01:00
Simon Bruder e53f2882f4
Disable system-wide sway extra packages 2020-12-06 13:58:45 +01:00
Simon Bruder 29cfc3750d
Move most tools to user environment
Fixes #1.
2020-12-05 19:44:41 +01:00
Simon Bruder bdc1c12f9c
Refactor pubkey configuration 2020-12-05 16:42:49 +01:00
Simon Bruder acc9940043
Remove dev profile
Profiles are deprecated in favour of options.

For rust development, use nix-shell instead.
2020-12-05 16:09:10 +01:00
Simon Bruder 73021c1a94
Parameterise cpu config 2020-12-05 16:00:34 +01:00
Simon Bruder 76bd3a4bc8
Parameterise gpu config 2020-12-05 15:57:23 +01:00
Simon Bruder 9b22c91170
config.sbruder.gui → config.sbruder.gui.enable 2020-12-05 15:44:58 +01:00
Simon Bruder a23c3801cb
Parameterise libvirt 2020-12-05 15:40:54 +01:00
Simon Bruder ab39c6035c
Parameterise ssd module 2020-12-05 15:40:49 +01:00
Simon Bruder 74ddf83617
Parameterise wireguard 2020-12-05 15:40:44 +01:00
Simon Bruder 8a63f8aac4
Parameterise restic 2020-12-05 15:40:31 +01:00
Simon Bruder 6d0f3a9964
Reorganise profiles/options 2020-12-05 14:43:01 +01:00
Simon Bruder 2f8eca9167
Reformat grub module 2020-12-05 13:51:45 +01:00
Simon Bruder 00fc2f38cc
Remove tlp module and laptop profile 2020-12-05 13:49:03 +01:00
Simon Bruder 29ef4d90dd
Remove texlive module 2020-12-05 13:48:37 +01:00
Simon Bruder 6a2a9c48bc
Make gui global option 2020-12-05 13:48:06 +01:00
Simon Bruder ba3a59d8c0
nix: Reduce priority of daemon 2020-12-02 22:18:27 +01:00
Simon Bruder 5fe03fb923
nix: Enable store auto optimisation 2020-12-02 22:17:50 +01:00
Simon Bruder babdaef1f3
Use vim for system and nvim for user 2020-11-07 19:22:32 +01:00
Simon Bruder bb95194619
home: Add zsh
This imports my (historically evolved) functions. I have to clean them
up sometime.
2020-11-07 19:22:31 +01:00
Simon Bruder 546060a7b8
mpd: Manage with home-manager 2020-11-07 15:27:13 +01:00
Simon Bruder fa231a7196
sway: Fully move to home-manager (where possible) 2020-11-07 15:04:49 +01:00
Simon Bruder 80b16dddb2
pulseaudio: Add bluetooth support 2020-11-05 15:31:43 +01:00
Simon Bruder 9a045ce323
Reformat pulse config 2020-11-05 15:09:12 +01:00
Simon Bruder 97883d14bf
cli-tools: Add niv 2020-11-05 09:12:04 +01:00
Simon Bruder aacf519720
office: Add English dictionaries 2020-11-03 10:58:23 +01:00
Simon Bruder 8417f9d40b
Update comment on state version 2020-11-02 13:47:31 +01:00
Simon Bruder fa9948c60b
Make sudoers trusted nix users 2020-10-30 17:13:17 +01:00
Simon Bruder 844d78d026
gpu/amd: Uncomment HDMI RGB kernel patch 2020-10-30 14:00:31 +01:00
Simon Bruder 8e786cbe9b
cups: Disable tintenpisser 2020-10-24 13:34:07 +02:00
Simon Bruder 44aa1d363f
gpu/amd: Force RGB output for HDMI 2020-10-24 13:23:24 +02:00
Simon Bruder 7931f1f3f5
restic: Exclude /data/cache/ 2020-10-22 21:59:34 +02:00
Simon Bruder 621a91457c
restic: Do not exclude Music
Once™ my server also uses NixOS, restic’s deduplication should remove
any overhead.
2020-10-22 21:59:27 +02:00
Simon Bruder 1244a6b5ed
cups: Declaratively add printers 2020-10-18 22:25:05 +02:00
Simon Bruder 56b5b2f82c
cli-tools: Add {pci,usb}utils 2020-10-18 20:13:21 +02:00
Simon Bruder 4928a1aa10
docker: Add credential-helpers 2020-10-18 11:46:26 +02:00
Simon Bruder 49e1d531da
Add amd gpu module 2020-10-17 23:17:20 +02:00
Simon Bruder cb07de0f12
gpu/intel: Add beignet 2020-10-17 20:23:33 +02:00
Simon Bruder e82728080f
grub: Add 1920×1200 resolution 2020-10-17 16:51:43 +02:00
Simon Bruder 95f6544eda
Add ssd module 2020-10-17 13:14:42 +02:00
Simon Bruder dd01dc72a8
restic: Set nice and ionice 2020-10-17 09:58:44 +02:00
Simon Bruder 5838b757f4
cli-tools: Add sensors 2020-10-16 21:41:55 +02:00
Simon Bruder efb94ade1d
Add cpu module for intel 2020-10-16 21:26:57 +02:00
Simon Bruder 961e8fc7fc
Modularise opengl packages 2020-10-16 18:38:18 +02:00
Simon Bruder c03ae8fbd0
Update authorized keys 2020-10-16 16:07:45 +02:00
Simon Bruder 9d0b988594
Add sayuri ssh key 2020-10-16 15:32:32 +02:00
Simon Bruder 6b071bda3c
Remove kipf ssh key 2020-10-16 15:32:08 +02:00
Simon Bruder 84ad07f5f2
Remove dev/python module
pyls is used with nix-shell, so no system-wide installation is needed
anymore.
2020-10-11 14:46:44 +02:00
Simon Bruder 9956ab2829
fonts: Add lmodern 2020-10-11 13:02:48 +02:00
Simon Bruder 4d6c9d6e02
Use waybar from unstable and remove pulse override
Waybar 0.9.3 is broken (clicking frezees modules);
6535c9f1da5d863922ac42652e3b8a31fc2ee822 updates waybar to 0.9.4.

Also, since 37e47b7f7c5e0b766a9e917f8affa23cda0c3648 pulse support is
enable by default, so there is no need for an override.
2020-10-11 11:10:25 +02:00
Simon Bruder 8b9dbe1009
Use channels.nixos.org URL for unstable channel 2020-10-11 11:08:59 +02:00
Simon Bruder 2e572e5f95
cli-tools: Add delta 2020-10-07 22:23:27 +02:00
Simon Bruder 25dd28c180
cli-tools: Add ntfs3g 2020-10-04 21:54:10 +02:00
Simon Bruder 1e8a7ee19f
fonts: Alias “system-ui” to “sans-serif”
Because it is Cantarell by default (?)
2020-09-26 18:10:22 +02:00
Simon Bruder 58ddb029ff
Re-enable mpv without overrides 2020-09-26 11:33:05 +02:00
Simon Bruder db1348014e
Update to 20.09
MPV is disabled since the override options no longer work.
This also applies updated formatting.
2020-09-25 22:32:42 +02:00
Simon Bruder d93165edf6
restic: Be verbose 2020-09-14 07:15:58 +02:00
Simon Bruder 8b32cc4846
Add libvirt and virt-manager 2020-09-12 20:54:10 +02:00
Simon Bruder 20ef95691b
Disable tlp
Recalibrating my battery does not work and just breaks charging until
the battery is removed and plugged in again.
2020-09-11 22:47:40 +02:00
Simon Bruder b36df78a29
Add tlp 2020-09-11 18:45:46 +02:00
Simon Bruder 5368f3d28c
Add udev rules for ST-Link 2020-09-10 15:12:31 +02:00
Simon Bruder a6466b279a
Revert "cli-tools: Add unzip"
This reverts commit 35dedccf68.

When unzip is used in a script, that script should use nix-shell. For
interactive usage, 7z is preferred.
2020-09-02 13:00:49 +02:00
Simon Bruder a7f3db1712
cli-tools: Add imagemagick 2020-09-02 00:39:46 +02:00
Simon Bruder 35dedccf68
cli-tools: Add unzip 2020-09-02 00:36:54 +02:00
Simon Bruder 94c47e815c
dev/rust: Add gcc 2020-09-01 13:44:27 +02:00
Simon Bruder cce3173235
media: Add audacity 2020-09-01 12:37:11 +02:00
Simon Bruder be9bd76373
prometheus-node-exporter: Enable systemd collector 2020-09-01 11:24:36 +02:00
Simon Bruder e80cf71f04
cups: Add avahi 2020-08-30 13:20:57 +02:00
Simon Bruder 5e94daa953
cli-tools: Add aria 2020-08-30 09:59:34 +02:00
Simon Bruder e5d99a49fa
cups: Add gutenprint 2020-08-29 23:54:35 +02:00
Simon Bruder e4a0522fce
cli-tools: Use git-annex from unstable
My repositories are at version 8, so I need at least that version.
2020-08-28 12:09:53 +02:00
Simon Bruder 383333c113
media: Add flac encoder 2020-08-28 11:48:58 +02:00
Simon Bruder 7402a970a1
Remove NUR
It is not used anywhere.
2020-08-27 09:51:58 +02:00
Simon Bruder 9c349672fb
cli-tools: Enable pass otp extension 2020-08-27 09:48:43 +02:00
Simon Bruder 1a9456acd7
cli-tools: Use interactive variant of sqlite 2020-08-27 09:38:47 +02:00
Simon Bruder a7cc255463
cli-tools: Remove restic
It is enabled as service in another module, so including it here is
redundant.
2020-08-27 09:35:36 +02:00
Simon Bruder 68addf7bd8
Use wrapper for iotop 2020-08-27 09:33:03 +02:00
Simon Bruder 2391be36a8
Use wrapper for bandwhich 2020-08-27 09:31:00 +02:00
Simon Bruder 510242e028
cli-tools: Add nmap and zmap 2020-08-26 15:47:52 +02:00
Simon Bruder 159f97a5a1
cli-tools: Add bandwhich 2020-08-26 14:28:43 +02:00
Simon Bruder 3e7431e9e9
texlive: Use full version
Many packages that I often use are only part of texlive-full.
2020-08-26 08:53:25 +02:00
Simon Bruder f98781d03d
Add texlive (medium) 2020-08-26 01:08:08 +02:00
Simon Bruder 76895c4378
mpd: Disable auto update
Since git annex creates a directory for every file, enabling auto update
has to watch many directories which leads to hitting the
`max_user_watches` limit.
2020-08-25 22:16:53 +02:00
Simon Bruder ea3e76c6f4
Enable vaapi when gui is enabled 2020-08-25 21:07:42 +02:00
Simon Bruder 4faad88d6a
Use unstable alacritty
The version from 20.03 does not support scrolling while copying.
2020-08-25 20:50:22 +02:00
Simon Bruder e28ca5ba45
media: Add ffmpeg-full 2020-08-25 00:01:12 +02:00
Simon Bruder 5a2f0503a2
cli-tools: Add wget 2020-08-24 22:56:01 +02:00
Simon Bruder 1c7e440275
Add python language server 2020-08-24 22:26:48 +02:00
Simon Bruder ea950261dc
mpv: Enable archive and vapoursynth support 2020-08-24 22:12:54 +02:00
Simon Bruder a38caf06ac
sway: Disable hardware cursor
This applies redshift to the cursor
2020-08-24 20:59:26 +02:00
Simon Bruder 2719ad6744
sway: Make redshift verbose 2020-08-24 19:25:54 +02:00
Simon Bruder e46d3f843a
gui-tools: Add wl-clipboard 2020-08-24 17:47:17 +02:00
Simon Bruder 303546da21
pubkeys: Add simon@nunotaba 2020-08-24 12:56:55 +02:00
Simon Bruder 5108a624f8
Use the same restic password for all machines
Since they use the same repository (for deduplication), everything else
doesn’t make sense.
2020-08-24 09:27:16 +02:00
Simon Bruder 331dad50f3
web: Remove passff-host 2020-08-22 18:14:00 +02:00
Simon Bruder c6152d5d08
prometheus: Start after wg-home 2020-08-22 17:56:50 +02:00
Simon Bruder a05102e91c
Initial commit 2020-08-22 17:44:39 +02:00