simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
1675 commits 18 branches 0 tags 8 MiB
Commit graph

406 commits

Author SHA1 Message Date
Simon Bruder 0332206244
fonts/iosevka: Adjust style to match Nerd fonts 2.1 2022-12-21 19:14:06 +01:00
Simon Bruder 54c5cfb240
restic/system: Enable compression 
Fixes #66.
 2022-12-13 09:59:31 +01:00
Simon Bruder 3cfb7b1d32
gui: Fix polkit syntax error 
Somehow the ECMAscript compatibility was downgraded.
 2022-12-11 16:22:23 +01:00
Simon Bruder b6a903551e
fonts: Use custom Iosevka variant 
I don’t like the new defaults.
 2022-12-10 16:09:10 +01:00
Simon Bruder 91ec565702
nix: Use 22.11 options 2022-12-10 16:08:13 +01:00
Simon Bruder ad89732961
sway: Make everything work again 
This sadly has to downgrade some programs, if I find more time, I will
look more into this and try to make it work with the latest versions.
 2022-12-10 16:08:03 +01:00
Simon Bruder 71308a9284
gui: Replace deprecated gtkUsePortal 2022-12-10 15:17:12 +01:00
Simon Bruder a445953d46
Adapt locale configuration to new NixOS defaults 2022-12-10 14:51:07 +01:00
Simon Bruder f81a86235d
ausweisapp: Use upstream module 2022-12-10 14:50:41 +01:00
Simon Bruder c61023b863
Add tools for using digitizer 2022-12-02 18:54:51 +01:00
Simon Bruder fd3bb4284b
Add prometheus co2 exporter 2022-11-03 16:40:05 +01:00
Simon Bruder f51bc637da
wireguard/home: Hardcode server’s IPv4 address 
Some devices (like fuuko) sadly do not have IPv6 connectivity which
makes their connection fail.
 2022-10-15 23:28:33 +02:00
Simon Bruder c0b743a65b
fuuko: Configure to work on-demand 
This is so I can only enable it when I don’t mind it generating tons of
noise.
 2022-10-07 22:20:29 +02:00
Simon Bruder 293312b447
mullvad: Add fzf helper 2022-09-30 12:22:28 +02:00
Simon Bruder ecdbe9b936
mullvad: Update relays 
This also changes the framework to handle different relay names.
 2022-09-30 12:22:07 +02:00
Simon Bruder ce90c3363b
cups: Use elma’s new fqdn 2022-09-24 19:29:32 +02:00
Simon Bruder 2cf49b9a18
media-proxy: Add storagebox 2022-09-23 00:14:45 +02:00
Simon Bruder eb5d270e0b
qbittorrent: Fix exporter vendor sha256 
For some reason it changed.
 2022-09-22 22:09:37 +02:00
Simon Bruder 24db1faff9
syncthing: Do not harcode fuuko’s address 
External reachability is not guaranteed in the future.
 2022-09-13 18:49:54 +02:00
Simon Bruder fa0afa040f
Clean up tools/programs 
I haven’t really used some of them, so they don’t need to take space up
in the environment.
 2022-09-11 01:21:59 +02:00
Simon Bruder ea43e14792
Add often used tools to environment 
I often find myself running them inside a nix shell. Having them
available in the environment makes using them easier and also is
possible when no internet connection is available, which is especially
useful for tools like wl-mirror.
 2022-09-11 01:02:30 +02:00
Simon Bruder 9a5305bf19
media-mount: Ensure it is owned by user 
Otherwise home-manager can’t symlink .envrc.
 2022-09-04 15:46:18 +02:00
Simon Bruder 7c81e51d10
network-manger: Switch to iwd as wifi backend 
wpa_supplicant often requires multiple tries to get a connection.
 2022-09-01 22:30:49 +02:00
Simon Bruder e31c264c92
restic: Do not limit upload by default 
This allows servers that have a fast internet connection to complete
their backup in seconds instead of minutes.
 2022-08-25 23:22:17 +02:00
Simon Bruder 4e78d87bde
restic: Use storage box and restic-rest-server 
While this setup complicates things, it also should protect me against
(malicious) deletion of old backups.
 2022-08-25 23:12:42 +02:00
Simon Bruder 19eab9411c
ssh: Add all hostnames for storage box 2022-08-25 23:12:42 +02:00
Simon Bruder 0bbe240018
tmux: Configure system-wide 
This is useful on systems that are only accessed as root (e.g.,
servers).
 2022-08-25 14:49:22 +02:00
Simon Bruder 947a7d65a3
unfree: Remove yuzu-{ea,mainline} 2022-08-13 17:21:09 +02:00
Simon Bruder 6211ea6005
games: Blacklist hid_nintendo 
It does not work with my 8BitDo Pro 2. Disabling the kernel module makes
it work with SDL’s hidraw driver.
 2022-08-13 11:47:10 +02:00
Simon Bruder 0b4bfc931c
media-mount: Add storage box 2022-08-09 15:13:50 +02:00
Simon Bruder 8091bae559
ausweisapp: Init 2022-07-24 18:06:54 +02:00
Simon Bruder 97a1f12d7b
grub: Disable memtest86 
The download URL does not work anymore.
 2022-07-11 21:31:41 +02:00
Simon Bruder 9dd20698d1
mullvad: Update relays 2022-07-08 11:51:04 +02:00
Simon Bruder a68420ca69
Sort modules includes 2022-07-08 11:51:04 +02:00
Simon Bruder 22d017999f
syncthing: Init 2022-07-08 11:51:04 +02:00
Simon Bruder 8dc59487f3
restic/system: Exclude /var/cache 2022-07-08 11:51:04 +02:00
Simon Bruder 2fc312dd47
flake: Use overlays.default for default overlay 
The `overlay` output is deprecated.
 2022-07-08 11:51:03 +02:00
Simon Bruder d177dcc710
Allow users to set set allow_other for fuse mounts 2022-06-15 00:45:51 +02:00
Simon Bruder 67b30a52af
Remove private binary cache 
I don’t actually use it and it adds complexity to installing new
machines.
 2022-06-10 00:03:03 +02:00
Simon Bruder b948f46fad
nunotaba: Re-init 2022-06-10 00:03:03 +02:00
Simon Bruder 98cd9fee9c
okarin: Remove 
It was too slow to do anything useful with, so I cancelled it. Unless
something dramatically changes, I won’t rent servers from Contabo
anymore.
 2022-06-01 15:39:02 +02:00
Simon Bruder 3e82450879
pipewire: Remove media-session config 
It is disabled by default in favour of wireplumber.
 2022-06-01 15:17:14 +02:00
Simon Bruder 0bb4f4204d
Use new option for ACME email address 2022-05-31 15:04:53 +02:00
Simon Bruder 23652c4b8f
restic/system: Exclude mounts 2022-05-15 11:14:34 +02:00
Simon Bruder 4712cd20be
media-mount: Init 2022-05-14 17:50:11 +02:00
Simon Bruder f31fb7dc5d
udev: Add rule for TI-84+ SE 
If it is plugged in for a longer time (a few minutes are enough), at
least on mayushii, the dock hangs and will not respond unless the
system is rebooted (re-plugging, restarting the dock and suspending does
not work). I couldn’t figure out why this is happening.
 2022-05-11 16:38:32 +02:00
Simon Bruder 606b203205
zsh: Globally set histsize to 100000 
Otherwise this occasionally deletes my user’s history if the user config
is not fully loaded yet.
 2022-04-28 09:32:03 +02:00
Simon Bruder 76787d43a0
restic/system: Ignore /root/.cache 2022-04-23 21:10:55 +02:00
Simon Bruder b307f1d518
fonts: Use blobmoji as default emoji font 2022-04-23 21:10:27 +02:00
Simon Bruder 141bfa4f46
yuzuru: Remove 
It no longer hosts any services so it is going to be removed.
 2022-04-09 10:12:12 +02:00
Simon Bruder 5cb356c368
makemkv: Init 2022-04-01 18:20:46 +02:00
Simon Bruder c70da831eb
tools: Install sqlite globally 
It often is needed on servers where there is no user.
 2022-03-26 12:42:45 +01:00
Simon Bruder da56357ad8
zsh: Disable globbing of # globally 
Otherwise using nix shell et al. as root is a pain.
 2022-03-26 12:37:11 +01:00
Simon Bruder 8dc3558c7c
qbittorrent/exporter: Do not expose seeding time 
It is not useful and just wastes storage space.
 2022-03-25 21:54:07 +01:00
Simon Bruder 954849f763
renge: Init 2022-03-23 17:34:56 +01:00
Simon Bruder ea88259856
okarin/qbittorrent: Init 2022-03-19 10:35:09 +01:00
Simon Bruder 0e3bd19aa8
media-proxy: Unset referer for same-site requests 
The qBittorrent WebUI does not work with it set to a different host than
the target. This implementation does not compromise security, because
the referer is only unset if the real referer was the locally proxied
page. All other referers are passed through verbatim.
 2022-03-18 23:43:24 +01:00
Simon Bruder faa84c574d
qbittorrent: Init module 2022-03-18 22:14:09 +01:00
Simon Bruder 7ed13269a7
okarin: Init 2022-03-03 10:51:19 +01:00
Simon Bruder 175b5e1ef1
logitech: Init 2022-02-09 07:24:23 +01:00
Simon Bruder 20b861a994
fuuko/torrent: Use AriaNg’s nixpkgs version 
Otherwise node 10 will have to be built from source since it no longer
gets built by Hydra.
 2022-01-23 11:58:37 +01:00
Simon Bruder 922e007db9
restic/system: Don’t explicitly ignore rust target 
Newer cargo versions automatically add a CACHEDIR.TAG file to the target
directory.
 2022-01-22 10:33:33 +01:00
Simon Bruder 6499b7b196
restic/system: Start earlier 
This avoids the backup failing due to clients being suspended during the
backup.
 2022-01-22 10:32:51 +01:00
Simon Bruder 0baeb59b38
tools: Add parted 2022-01-14 15:53:29 +01:00
Simon Bruder 6eadefd6fb
Revert "pipewire: Enable jack" 
This reverts commit 9588343b6e.

It causes issues with yuzu.
 2022-01-02 16:45:21 +01:00
Simon Bruder ac85009184
udev: Add rules for Switch Pro Controller 2021-12-19 11:25:51 +01:00
Simon Bruder 398ca91aa5
tools: Add wireshark 2021-12-10 18:00:13 +01:00
Simon Bruder 505697715d
nix: Remove fallback for deamon nice levels 2021-12-06 16:00:41 +01:00
Simon Bruder 2c160661ec
Apply fixes for breaking module changes in 21.11 2021-12-01 19:15:31 +01:00
Simon Bruder cc8727fa80
Use nixFlakes instead of nixUnstable 2021-12-01 18:32:51 +01:00
Simon Bruder a9817baee9
Remove unneeded packages from unstable 2021-12-01 18:32:51 +01:00
Simon Bruder 5517a5a3db
pipewire: Add helvum 2021-11-29 17:06:41 +01:00
Simon Bruder ce6885abca
pipewire: Enable rtkit 2021-11-21 13:11:52 +01:00
Simon Bruder 9588343b6e
pipewire: Enable jack 
This allows more complicated configurations via qjackctl.
 2021-11-20 22:51:14 +01:00
Simon Bruder 1df9a87520
Make nix scheduling options compatible with 21.11 2021-11-20 16:29:48 +01:00
Simon Bruder a220c7f9d9
mullvad: Update relays 2021-11-20 15:48:56 +01:00
Simon Bruder 58e6cad052
pipewire: Remove hacky override of bluez quirks db 
Nixpkgs now treats it as data, so it is not set in the module.

As an alternative, hardware volume is disabled globally.
 2021-11-08 18:04:14 +01:00
Simon Bruder f4bf1ced57
yuzuru: Init 2021-11-01 10:10:40 +01:00
Simon Bruder b1f4b8b4b5
Add option to mark host as untrusted 
This can be used to deploy a host that does not have access to the main
sops secrets file, e.g. because it does not have an encrypted root
partition.
 2021-11-01 10:08:23 +01:00
Simon Bruder 718e44402f
fuuko: Add factorio 2021-10-15 15:54:48 +02:00
Simon Bruder ee390f869d
Revert "nix: Fix nix not working with local LFS repositories" 
This reverts commit 050359f8ee.
 2021-10-12 20:45:21 +02:00
Simon Bruder 0ff89a0f6f
gui: Add upower 2021-10-10 16:32:03 +02:00
Simon Bruder ec0a8dfa49
ssh: Add mayushii’ public host key 2021-10-10 11:43:04 +02:00
Simon Bruder d52084a79b
nunotaba: Remove 2021-10-10 11:40:20 +02:00
Simon Bruder d44db0d505
network-manager: Add networkmanagerapplet 
This includes nm-connection-editor, which is needed to set up WPA2
enterprise connections.
 2021-10-07 12:35:30 +02:00
Simon Bruder 31cec022e8
Revert "wireguard/home: Use peer-to-peer connections if possible" 
This reverts commit bab6c5e5dc.
 2021-10-05 21:37:38 +02:00
Simon Bruder 7a08083af1
Revert "wireguard/home: Fix peer-to-peer connection" 
This reverts commit d621e84a00.
 2021-10-05 21:31:37 +02:00
Simon Bruder 8bf63db6e5
mayushii: Init 2021-10-05 21:26:39 +02:00
Simon Bruder ae8effee39
games: Add steam-sandbox 2021-10-04 16:57:10 +02:00
Simon Bruder 050359f8ee
nix: Fix nix not working with local LFS repositories 2021-09-25 17:17:49 +02:00
Simon Bruder 9190c83c97
Fix ntfs support 2021-09-10 18:01:52 +02:00
Simon Bruder 7db9922dc2
nginx: Disable access log by default 2021-09-08 01:12:56 +02:00
Simon Bruder d621e84a00
wireguard/home: Fix peer-to-peer connection 
Public clients also need to have all peers configured, so they can
connect to them.
 2021-09-03 15:31:45 +02:00
Simon Bruder bab6c5e5dc
wireguard/home: Use peer-to-peer connections if possible 2021-08-31 11:20:06 +02:00
Simon Bruder 0d9ec3383e
nginx-interactive-index: Make .. work again 
This fixes a regression introduced in
77eab2497a, which moved the heading into a
thead and the file listing into a tbody. Therefore, the .. entry is now
the first entry and has been excluded by the rule that previously
excluded the header.
 2021-08-30 22:11:00 +02:00
Simon Bruder ccc0d60d71
nginx-interactive-index: Implement stripes in javascript 
This shows stripes correctly even after a filter has been entered.
Previously the absolute position (before filtering) has been used to
determine the row colour, which looked weird.
 2021-08-29 14:14:07 +02:00
Simon Bruder 77eab2497a
nginx-interactive-index: Only apply stripes to body 2021-08-29 14:13:35 +02:00
Simon Bruder f6d9bf82db
mullvad: Update relays 2021-08-29 12:32:50 +02:00
Simon Bruder 29f0a5017f
programs: Move virt-manager to user profile 2021-08-28 11:24:51 +02:00
Simon Bruder 15fdc8756a
pipewire: Disable hardware volume for HD 4.50BTNC 2021-08-21 15:47:17 +02:00
Simon Bruder 49aa48366a
games: Move to separate module 2021-08-06 18:55:10 +02:00
Simon Bruder 821a352c49
Annotate multiline strings with their language 2021-08-05 13:23:07 +02:00
Simon Bruder 6ac026a535
Enable fwupd on full systems 2021-08-04 16:52:11 +02:00
Simon Bruder 8b9eb54806
games: Conditionally add emulators 
This uses a crude arbitrary number to only install them onto machines
that can actually run them.
 2021-07-26 20:44:46 +02:00
Simon Bruder 11f7ac50ca
Set geographical location system-wide 2021-07-25 08:36:19 +02:00
Simon Bruder 6006e2cb46
nix: Add cached-nix-shell 2021-07-11 10:43:43 +02:00
Simon Bruder f546f737fe
sway: Enable screencasts via xdg-desktop-portal-wlr 
This also adds a blinking indicator to the status bar so it is obvious
when the screen is shared.
 2021-07-10 16:27:26 +02:00
Simon Bruder 7959abe5f0
pipewire: Init and replace pulseaudio 2021-07-10 12:44:09 +02:00
Simon Bruder 12e24d0761
cups: Add elma 2021-07-07 18:25:14 +02:00
Simon Bruder 298ef93ed5
cups: Remove broken printers 2021-07-04 20:54:09 +02:00
Simon Bruder 8259b1455f
mulvad: Do not unlock pass when disabling tunnel 2021-06-01 11:37:59 +02:00
Simon Bruder c0efaa02ba
mullvad: Move script into system module 
It doesn’t make sense to install the configuration files system-wide but
the script only for the user.
 2021-06-01 10:29:58 +02:00
Simon Bruder 56b9c6c37f
Add module for on-demand usage of mullvad 
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.

Fixes #32.
 2021-05-31 23:02:11 +02:00
Simon Bruder de3f8f8909
restic: Make restic prune regularily on fuuko 
Closes #41.
 2021-05-28 15:01:06 +02:00
Simon Bruder e9dc4601ad
restic: Do not initialise the repository 
It already is initialised, and NixOS’ initialisation always prints all
existing snapshots to the journal which makes it almost impossible to
find the logs from the regular backup.
 2021-05-28 15:01:06 +02:00
Simon Bruder 9025dfffb5
wireguard/dns: Make zone master zone 
Since 21.05 it does not work when this is not set.
 2021-05-28 14:24:50 +02:00
Simon Bruder 7450828b63
fonts: Do not enable X11 fonts dir 2021-05-27 18:07:00 +02:00
Simon Bruder ea45b45c60
restic: Fix restic-auth script 
Since I migrated to sops, the password store structure changed.
 2021-05-27 14:38:33 +02:00
Simon Bruder 2c8a291ae9
Make flake inputs available as module argument 
This moves a bunch of stuff out of flake.nix into the modules they
belong to. This removes complexity from flake.nix and gives the project
a more organised structure.

Sadly, it is not possible to import modules from a flake outside of
flake.nix, since that leads to an infinite recursion (`config` has to be
evaluated before `config._modules.args.inputs` is available but `config`
depends on an import from `config._modules.args.inputs`). Therefore, the
`extraModules` argument in `machines/default.nix` has to be used for
that (it now has access to all flake inputs).
 2021-05-15 10:04:44 +02:00
Simon Bruder 400b55a293
Convert to flake 
Fixes #3.
 2021-05-01 17:36:58 +02:00
Simon Bruder af036e88db
nix: Enable flake support 2021-05-01 17:08:21 +02:00
Simon Bruder 5b5bf546b3
wireguard: Simplify sopsFile path 2021-05-01 16:53:06 +02:00
Simon Bruder 8a339c51a2
Show system closure diff on activation 2021-04-25 09:50:03 +02:00
Simon Bruder feb82fca2e
nix: Make netrc readable by wheel group 
This also splits the nix configuration from the default module into its
own file.
 2021-04-09 11:34:49 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko 
See machines/fuuko/services/binary-cache.nix for limitations.
 2021-04-08 16:19:57 +02:00
Simon Bruder 07d4260b95
nix: Use daemonNiceLevel instead of CPUSchedulingPolicy 2021-04-08 15:42:49 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets 
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
 2021-04-06 14:05:48 +02:00
Simon Bruder b595aceb7c
initrd-ssh: Treat host-key as state 
This also removes the explicit passing of the public key fingerprint to
the unlock script, since the host key is no longer available in pass.
Unlocking still works, since the keys are configured in modules/ssh.nix.
 2021-04-06 11:45:04 +02:00
Simon Bruder 41f8d468b6
restic/system: Include /root and /etc 2021-04-06 10:47:05 +02:00
Simon Bruder a102f691a6
tools: Add ssh-to-pgp 2021-04-06 10:21:48 +02:00
Simon Bruder 37f95b3d79
ssh: Add global known hosts 
Fixes #47.
 2021-04-04 11:29:31 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ce7425d8c4
Remove issei from vpn and prometheus 2021-04-02 18:13:09 +02:00
Simon Bruder e94c72e42e
Add open ports for quick tests 2021-03-29 22:26:10 +02:00
Simon Bruder a7ad88a5ec
Include unstable channel as overlay 
This allows nix cli tools to access unstable from niv’s pinned rev
(instead of having to rely on uncached and unpinned
channel:nixos-unstable). Also packageOverrides might get
deprecated/removed[1] eventually.

[1]: https://github.com/NixOS/nixpkgs/issues/43266
 2021-03-29 12:03:58 +02:00
Simon Bruder c8b7a9c8e9
gui: Install adwaita icons system-wide 2021-03-27 13:22:34 +01:00
Simon Bruder c1992958bf
media-proxy: Start after network is online 2021-03-27 12:45:43 +01:00
Simon Bruder 58c72c3200
Allow build on machines that are missing secrets 2021-03-21 11:36:14 +01:00
Simon Bruder 9b9f574d52
tools: Add dmidecode 2021-03-10 15:49:53 +01:00
Simon Bruder d73da1a131
restic/system: Limit upload to 1.5M by default 2021-03-08 18:46:35 +01:00
Simon Bruder 07f152cb20
fuuko: Add media file index 2021-03-08 15:40:41 +01:00
Simon Bruder 878bdd30d5
fuuko: Add ftp server and scan converter 2021-03-08 15:30:04 +01:00
Simon Bruder 542a89ef57
sayuri: Add foldingathome specialisation 2021-03-06 15:32:18 +01:00
Simon Bruder 270f20d05b
Add nginx hardening option 2021-03-05 15:58:53 +01:00
Simon Bruder 83f1c69713
restic/system: Constantly use system for naming 
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
 2021-02-28 12:22:43 +01:00
Simon Bruder d7272e9db3
restic: Simplify timerConfig 
The upstream restic module validates the types anyway, so I can drop the
ugly expression to copy the option.
 2021-02-28 12:22:42 +01:00
Simon Bruder 6a8904011a
restic: Fix typo in excludes filename 2021-02-28 12:22:42 +01:00
Simon Bruder c77328af22
Replace builtins with lib where possible 2021-02-27 19:57:00 +01:00
Simon Bruder 2a4e358502
node_exporter: Disable rapl collector 
It does not work since the service does not have permission and
therefore writes errors into the journal every scrape.
 2021-02-21 00:06:16 +01:00
Simon Bruder 13876617f5
node_exporter: Fix name of systemd collector 2021-02-21 00:04:26 +01:00