Simon Bruder
621d209680
sayuri: Add specialisation that disables mitigations
...
x264 encodes over 2 times faster in one example with mitigations
disabled.
2021-06-09 15:22:17 +02:00
Simon Bruder
80f33f9095
Add contact page
2021-06-02 13:24:36 +02:00
Simon Bruder
e0efa77520
fuuko/nar-serve: Use NixOS module
...
Since it does not provide a `package` option, it has to be overriden
with an overlay.
2021-06-01 10:16:15 +02:00
Simon Bruder
56b9c6c37f
Add module for on-demand usage of mullvad
...
Since wg-quick does not require the configuration file to include a
private key and local addresses, they can be added after the execution
of wg-quick.
Fixes #32 .
2021-05-31 23:02:11 +02:00
Simon Bruder
6f31ded457
fuuko/wordclock: Use 15 character long password
...
```cpp
struct {
char domain[32];
char clientId[16];
char user[16];
char password[16];
} mqtt;
```
(f637c2f39e/PersistentStorage.h
)
This went unnoticed, because on NixOS, mosquitto does not validate
passwords by default.
2021-05-28 23:08:20 +02:00
Simon Bruder
c918486622
fuuko/mqtt: Make compatible with Mosquitto 2
...
This now requires authenticating with a valid password, which it
apparently didn’t do before?
2021-05-28 23:05:22 +02:00
Simon Bruder
de3f8f8909
restic: Make restic prune regularily on fuuko
...
Closes #41 .
2021-05-28 15:01:06 +02:00
Simon Bruder
d3d41da2bc
vueko/murmur: Explicitly set murmur as system user
2021-05-28 14:24:25 +02:00
Simon Bruder
e80a0b0c07
vueko/radicale: Use services.radicale.settings
2021-05-28 14:24:02 +02:00
Simon Bruder
7d7da189d0
nunotaba: Reinstall on btrfs filesystem
2021-05-28 14:05:14 +02:00
Simon Bruder
6cb59d0149
nunotaba: Use performance cpuFreqGovernor
...
With kernel 5.10 powersave is stuck at 798 MHz for some reason.
2021-05-28 14:05:13 +02:00
Simon Bruder
091f6b0e14
Update to 21.05
...
This still uses the relase-21.05 branch which should later be changed to
nixos-21.05.
2021-05-28 14:04:53 +02:00
Simon Bruder
36c0c67e36
sayuri: Update specs in readme
2021-05-27 18:06:34 +02:00
Simon Bruder
d64f4a8741
vueko/mail: Add alias
2021-05-25 09:48:25 +02:00
Simon Bruder
71209d0cc8
vueko/mail: Add alias
2021-05-21 12:30:36 +02:00
Simon Bruder
961b497609
vueko/mail: Add alias
2021-05-17 19:05:24 +02:00
Simon Bruder
2c8a291ae9
Make flake inputs available as module argument
...
This moves a bunch of stuff out of flake.nix into the modules they
belong to. This removes complexity from flake.nix and gives the project
a more organised structure.
Sadly, it is not possible to import modules from a flake outside of
flake.nix, since that leads to an infinite recursion (`config` has to be
evaluated before `config._modules.args.inputs` is available but `config`
depends on an import from `config._modules.args.inputs`). Therefore, the
`extraModules` argument in `machines/default.nix` has to be used for
that (it now has access to all flake inputs).
2021-05-15 10:04:44 +02:00
Simon Bruder
531060668a
fuuko/hydra: Show logs after build is completed
2021-05-15 00:01:04 +02:00
Simon Bruder
9f70024257
fuuko/hydra: Make serving build artifacts work
...
hydra-server.service does not have access to the signing key.
2021-05-13 14:23:10 +02:00
Simon Bruder
dc1698ffaa
fuuko: Add hydra
2021-05-13 13:07:17 +02:00
Simon Bruder
ca2136ef04
sayuri: Allow discards on data ssd
2021-05-07 14:37:53 +02:00
Simon Bruder
d3ec5f4ba1
sayuri: Reinstall on NVMe ssd
2021-05-04 23:15:05 +02:00
Simon Bruder
c3a3d8a12a
Adapt documentation to current configuration
2021-05-04 21:45:05 +02:00
Simon Bruder
2bf9577b61
vueko/mail: Add alias
2021-05-03 19:33:53 +02:00
Simon Bruder
10ced7f2bb
fuuko/torrent: Make socat work after forced stop
...
This should improve behavour after e.g. a power outage.
2021-05-03 10:17:00 +02:00
Simon Bruder
440fc97f7f
AriaNg: Include as flake
2021-05-03 10:16:59 +02:00
Simon Bruder
51f814c70d
fuuko/go-neb: Use sops for secrets
2021-05-03 10:16:59 +02:00
Simon Bruder
84c72583fe
fuuko/drone-runner-exec: Use unstable nix
...
This also adds /etc/static as read-only path to the sandbox, since
otherwise /etc/nix/nix.conf can’t be read.
2021-05-01 18:31:05 +02:00
Simon Bruder
400b55a293
Convert to flake
...
Fixes #3 .
2021-05-01 17:36:58 +02:00
Simon Bruder
7d19c9b039
sayuri: Use radeontop from unstable
2021-04-25 09:54:49 +02:00
Simon Bruder
78f4579556
vueko/mail: Add alias
2021-04-23 10:21:11 +02:00
Simon Bruder
08b8fce2d4
fuuko/gitea: Store session on disk
2021-04-19 14:35:42 +02:00
Simon Bruder
4af55ba3e9
vueko/mail: Add alias
2021-04-17 12:15:43 +02:00
Simon Bruder
e070cb9107
vueko/mail: Add alias
2021-04-17 10:56:15 +02:00
Simon Bruder
438fad34fb
vueko/mail: Reorganise vim folds
2021-04-17 10:47:07 +02:00
Simon Bruder
cd30750fdc
fuuko/media-backup: Init
...
Fixes #49 .
2021-04-16 17:13:46 +02:00
Simon Bruder
b9abd825cb
vueko/mail: Add alias
2021-04-14 15:43:16 +02:00
Simon Bruder
ec09bbf6c6
fuuko/gitea: Remove version override
...
Version 1.14.0 has been released and is in nixpkgs.
2021-04-13 09:08:04 +02:00
Simon Bruder
602573cd34
fuuko/dnsmasq: Reliably work after reboot
2021-04-10 23:23:46 +02:00
Simon Bruder
bb8c54065a
fuuko/drone/runner-exec: Remove port collision with grafana
...
Drone docs [1] say “Overriding this value is not recommended”, however I
do not see why I should not be able to change it.
[1] https://docs.drone.io/runner/exec/configuration/reference/drone-http-bind/
2021-04-10 23:21:46 +02:00
Simon Bruder
746581ceba
fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH
2021-04-10 20:16:08 +02:00
Simon Bruder
bed82e297c
sayuri: Migrate to sops
...
Fixes #38 .
2021-04-10 11:58:50 +02:00
Simon Bruder
5dff1a426f
fuuko/binary-cache: Add nar-serve
2021-04-08 21:40:14 +02:00
Simon Bruder
8d9e3af211
Add binary cache hosted on fuuko
...
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder
68fbc9e185
fuuko/go-neb: Notify room if alert is firing
2021-04-08 10:04:30 +02:00
Simon Bruder
9dbd7f9c85
vueko/coturn: Manage shared secret with sops
...
This requires not using the NixOS module, since it does not support
loading it from a file.
2021-04-07 12:23:48 +02:00
Simon Bruder
4a8a7e0a4f
Use sops for secrets
...
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder
d253f74a06
sayuri: Fill in purpose section of readme
...
Also, next time try to spell FIXME the right way so I don’t notice this
months after setting the machine up.
2021-04-05 13:38:33 +02:00
Simon Bruder
5c4284d68c
fuuko: Add dnsmasq prometheus exporter
2021-04-05 13:18:43 +02:00
Simon Bruder
c26539e607
fuuko/prometheus: Actually show node name in alerts
2021-04-04 14:34:44 +02:00
Simon Bruder
1b08afd515
fuuko/gitea: Also use ed25519 ssh key
2021-04-04 11:18:34 +02:00
Simon Bruder
0212f2adbd
fuuko/drone: Init
2021-04-03 18:47:01 +02:00
Simon Bruder
ac7e1c1123
fuuko/dnsmasq: Use DNS over TLS via stubby
2021-04-03 13:11:09 +02:00
Simon Bruder
ce7425d8c4
Remove issei from vpn and prometheus
2021-04-02 18:13:09 +02:00
Simon Bruder
94b2746018
fuuko/go-neb: Add alertmanager matrix receiver
2021-04-02 17:46:07 +02:00
Simon Bruder
2897451a65
fuuko/prometheus: Set external URLs
2021-04-02 16:44:17 +02:00
Simon Bruder
8b1b969aa9
fuuko: Set target to production hostname
2021-04-02 15:10:14 +02:00
Simon Bruder
98a4f345eb
fuuko/matrix/mautrix-whatsapp: Init
2021-04-02 15:09:57 +02:00
Simon Bruder
0ae96653a5
fuuko/matrix/synapse: Init
2021-04-02 14:59:14 +02:00
Simon Bruder
b6297d0153
vueko/coturn: Init
2021-03-31 12:08:35 +02:00
Simon Bruder
15075a818d
installation: Remove FIXME from comments
...
Otherwise grepping for FIXME shows this, even though it’s not what you
expect.
2021-03-30 23:49:08 +02:00
Simon Bruder
2d74dac8c0
fuuko/hedgedoc: Start after postgresql
2021-03-30 16:13:20 +02:00
Simon Bruder
50f0968738
fuuko: Add gitea
2021-03-29 14:08:53 +02:00
Simon Bruder
5491ef4817
vueko/mailserver: Add gitea user
2021-03-29 13:48:10 +02:00
Simon Bruder
cb8a8f3c8d
fuuko/prometheus: Enable admin API
2021-03-28 11:04:48 +02:00
Simon Bruder
55099f1884
fuuko/prometheus: Raise retention time to 90d
2021-03-28 11:04:25 +02:00
Simon Bruder
9f8c80029d
vueko/mailserver: Add aliases
2021-03-26 19:40:20 +01:00
Simon Bruder
5e8fb02b78
vueko/mail: Add alias
2021-03-21 11:53:47 +01:00
Simon Bruder
58c72c3200
Allow build on machines that are missing secrets
2021-03-21 11:36:14 +01:00
Simon Bruder
7cb3142526
nunotaba: Disable docker
...
Fixes #15 .
2021-03-13 10:59:43 +01:00
Simon Bruder
57652d8a79
fuuko: Add hedgedoc
2021-03-10 15:42:21 +01:00
Simon Bruder
966667b87f
fuuko: Exclude scans from system backup
2021-03-10 11:27:56 +01:00
Simon Bruder
db54dfaed1
fuuko/dnsmasq: Allow DNS queries over TCP
...
Sharepoint manages to return enormous responses when querying for an
AAAA record.
$ dig sitename.sharepoint.com AAAA
;; Truncated, retrying in TCP mode.
2021-03-10 09:13:37 +01:00
Simon Bruder
d6bddf40c0
fuuko: Add ankisyncd
2021-03-09 21:22:19 +01:00
Simon Bruder
3a5568a136
fuuko: Enable full postgresql backup
2021-03-09 11:50:32 +01:00
Simon Bruder
515939677b
fuuko/torrent: Add resolv.conf to aria2 netns
...
Even though aria2 doesn’t respect it, it is useful for for debugging.
2021-03-08 19:38:26 +01:00
Simon Bruder
3da67f7576
fuuko: Enable system backups
2021-03-08 17:33:30 +01:00
Simon Bruder
e8626ba27a
fuuko: Add wordclock-dimmer
2021-03-08 17:03:30 +01:00
Simon Bruder
0c081d9805
fuuko: Add dnsmasq
2021-03-08 16:19:49 +01:00
Simon Bruder
786edd1caf
fuuko: Add aria2
2021-03-08 15:55:24 +01:00
Simon Bruder
07f152cb20
fuuko: Add media file index
2021-03-08 15:40:41 +01:00
Simon Bruder
878bdd30d5
fuuko: Add ftp server and scan converter
2021-03-08 15:30:04 +01:00
Simon Bruder
d1cf0f698f
fuuko: Add grafana
2021-03-08 15:10:15 +01:00
Simon Bruder
70ee44fbc5
fuuko: Add prometheus fritzbox exporter
2021-03-08 15:10:15 +01:00
Simon Bruder
f388995ef6
fuuko: Add prometheus
2021-03-08 15:10:15 +01:00
Simon Bruder
df303dcc2b
fuuko: Init
2021-03-08 15:10:15 +01:00
Simon Bruder
724bcd31c5
vueko/nginx: Make vueko.sbruder.de default vhost
2021-03-07 15:51:09 +01:00
Simon Bruder
b6e2d2f347
vueko/nginx: Enable recommended proxy settings
2021-03-07 15:49:24 +01:00
Simon Bruder
542a89ef57
sayuri: Add foldingathome specialisation
2021-03-06 15:32:18 +01:00
Simon Bruder
cbf2536e32
vueko: Enable nginx hardening
2021-03-05 16:00:10 +01:00
Simon Bruder
bdda31a807
vueko/mail: Add alias
2021-03-04 20:08:37 +01:00
Simon Bruder
86348d4c60
vueko: Add element-web
2021-02-28 16:16:06 +01:00
Simon Bruder
83f1c69713
restic/system: Constantly use system for naming
...
In the future I may create add other backup jobs, so it should be clear,
that this only backs up the system.
2021-02-28 12:22:43 +01:00
Simon Bruder
c77328af22
Replace builtins with lib where possible
2021-02-27 19:57:00 +01:00
Simon Bruder
b3d28b4752
vueko/mail: Add alias
2021-02-27 17:24:26 +01:00
Simon Bruder
be7e67cf1f
wireguard/home: Make vueko central server
...
This also restructures the wireguard/home configuration, since now
better peer management is possible.
2021-02-20 19:57:04 +01:00
Simon Bruder
0ec1fb5257
Make aesni_intel module available on boot
...
This should increase LUKS performance significantly. In reality,
however, it doesn’t work that well. The difference of raw vs encrypted
block device speed still ist ~ 100 MiB/s. Even more confusing is that
nunotaba’s Intel DC SSD only manages ~ 350 MiB/s **without** encryption.
2021-02-17 15:33:10 +01:00
Simon Bruder
e21c769524
machines/installation: Set key map
2021-02-16 17:34:21 +01:00
Simon Bruder
27285a098f
vueko: Serve imprint over http
2021-02-14 19:49:05 +01:00
Simon Bruder
474cc7d0f7
sayuri: Disable docker
2021-02-11 14:11:30 +01:00