nix-dotfiles

oysteikt

Author	SHA1	Message	Date
Oystein Kristoffer Tveit	5dca478291	fcitx: use declarative config	2024-06-02 16:31:08 +02:00
Oystein Kristoffer Tveit	a8bfbbc532	common: add h7x4 to wireshark group	2024-06-02 16:30:31 +02:00
Oystein Kristoffer Tveit	4f561c1dae	gnupg: use curses pinentry	2024-06-02 16:30:09 +02:00
Oystein Kristoffer Tveit	c902040ade	common: move sudo-lecture out of etc	2024-06-02 16:29:48 +02:00
Oystein Kristoffer Tveit	347a731839	kasei: misc general config	2024-06-02 16:26:44 +02:00
Oystein Kristoffer Tveit	fce206e772	kasei: setup keybase using module	2024-06-02 16:18:56 +02:00
Oystein Kristoffer Tveit	dd800a3794	tsuki/nhk-scraper: WIP changes	2024-01-23 05:51:37 +01:00
Oystein Kristoffer Tveit	9f2e7f7ac1	tsuki/nginx: remove proxmox vhost	2024-01-23 05:49:17 +01:00
Oystein Kristoffer Tveit	df5f0dc9c4	tsuki/matrix: use postgres through socket	2024-01-23 05:46:24 +01:00
Oystein Kristoffer Tveit	4f020f4cdd	tsuki/matrix: downscale workers	2024-01-23 05:46:06 +01:00
Oystein Kristoffer Tveit	b8daea8fc1	tsuki/headscale: conditional config	2024-01-23 05:40:52 +01:00
Oystein Kristoffer Tveit	4d2875d168	tsuki/hedgedoc: use upstream module	2024-01-23 05:40:19 +01:00
Oystein Kristoffer Tveit	22f5345026	tsuki/hydra: harden server unit	2024-01-23 05:36:39 +01:00
Oystein Kristoffer Tveit	ce5c3666b9	tsuki/jupyter: set up tmpdirs for notebooks	2024-01-23 05:35:58 +01:00
Oystein Kristoffer Tveit	1ea23dc42e	tsuki: set system.stateVersion	2024-01-23 05:35:20 +01:00
Oystein Kristoffer Tveit	56df2f5e10	tsuki: lowercase hostname	2024-01-23 05:33:48 +01:00
Oystein Kristoffer Tveit	8ce9100913	kanidm: explicitly bind to localhost	2024-01-23 05:32:34 +01:00
Oystein Kristoffer Tveit	d629eedaaf	tsuki/navidrome: conditional config	2024-01-23 05:31:26 +01:00
Oystein Kristoffer Tveit	72e7626e9d	tsuki/postgres: tune for bare metal setup	2024-01-23 05:31:06 +01:00
Oystein Kristoffer Tveit	f49d3665fc	tsuki/vaultwarden: disable invitations	2024-01-23 05:30:14 +01:00
Oystein Kristoffer Tveit	fe50d92f8c	tsuki/vaultwarden: conditional config	2024-01-23 05:29:57 +01:00
Oystein Kristoffer Tveit	3d2825d1ec	tsuki/samba: init	2024-01-23 05:29:17 +01:00
Oystein Kristoffer Tveit	1efd3d4f0a	tsuki/kanidm: set up backups	2024-01-23 05:27:43 +01:00
Oystein Kristoffer Tveit	851d0c1fd0	tsuki/prometehus: set up slice for exporters	2024-01-23 05:26:22 +01:00
Oystein Kristoffer Tveit	0d3e805611	tsuki: move to bare metal, set up zfs	2024-01-23 05:24:47 +01:00
Oystein Kristoffer Tveit	3a52ba8901	treewide: update to nixos 23.11	2023-12-18 20:59:48 +01:00
Oystein Kristoffer Tveit	b1650e91a6	kasei: split services into `services` directory	2023-12-11 13:27:40 +01:00
Oystein Kristoffer Tveit	7193a12ac2	tsuki/services: remove some uses of secret ports	2023-10-06 18:27:21 +02:00
Oystein Kristoffer Tveit	3d613d1ac9	tsuki/invidious: use socket activation	2023-10-06 18:27:19 +02:00
Oystein Kristoffer Tveit	424fea0dc8	tsuki/jupyter: use socket activation	2023-10-06 18:27:18 +02:00
Oystein Kristoffer Tveit	5bb10df9e1	tsuki/borg: partial systemd hardening There's still quite a bit to do, but the service fails on a weird option that I've not been able to pin down. At least this is better than nothing ¯\_(ツ)_/¯	2023-10-06 18:27:17 +02:00
Oystein Kristoffer Tveit	450d26cf4b	tsuki/atuin: use socket activation	2023-10-06 18:27:16 +02:00
Oystein Kristoffer Tveit	aca2962eec	tsuki/vaultwarden: use socket activation	2023-10-06 18:27:15 +02:00
Oystein Kristoffer Tveit	caedfe1810	tsuki/matrix/stickers: use new module and add lots of stickerpacks	2023-10-06 18:27:14 +02:00
Oystein Kristoffer Tveit	6663a8f280	tsuki/atuin: systemd harden	2023-07-28 22:25:50 +02:00
Oystein Kristoffer Tveit	dec150ae98	gpg agent: systemwide -> homemanager	2023-07-28 22:23:43 +02:00
Oystein Kristoffer Tveit	5f7eb0c8a5	tsuki/prometheus: add exporters for hedgedoc and gitea	2023-07-28 22:09:43 +02:00
Oystein Kristoffer Tveit	d74ed2d045	tsuki/grafana: enable oauth2, misc hardening	2023-07-28 22:05:23 +02:00
Oystein Kristoffer Tveit	816a46603a	tsuki/vaultwarden: systemd harden	2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit	b5874e2bcd	tsuki/navidrome: init	2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit	c2026eefeb	tsuki/nginx: small refactor	2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit	e6605b3a73	common/sshd: socket activate	2023-07-28 22:05:21 +02:00
Oystein Kristoffer Tveit	c98a1a0541	tsuki/jupyter: harden security with sops and systemd	2023-07-28 22:00:07 +02:00
Oystein Kristoffer Tveit	4456244f2d	modules: add modules for socket activation	2023-07-28 21:32:13 +02:00
Oystein Kristoffer Tveit	f1e8c87acd	tsuki/configuration.nix: remove a few unused imports	2023-07-12 23:43:23 +02:00
Oystein Kristoffer Tveit	1f5832074b	tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior	2023-07-12 23:42:07 +02:00
Oystein Kristoffer Tveit	6c2bd3f2d5	tsuki/invidious: remove redundant code, add comments	2023-07-12 23:38:41 +02:00
Oystein Kristoffer Tveit	394a932988	tsuki/nginx: misc: - Move temporary website into its own file - Collect all http uris into upstreams - Convert some upstreams to UNIX sockets, as changed in the last few commits	2023-07-12 23:36:57 +02:00
Oystein Kristoffer Tveit	24a02d386c	tsuki/hedgedoc: misc: - Experiment with reducing the number of options in the module - Use UNIX socket behind nginx - "Upstream" systemd hardening to module	2023-07-12 23:34:23 +02:00
Oystein Kristoffer Tveit	5ea58f1b98	tsuki/gitea: use UNIX socket behind gitea	2023-07-12 23:30:39 +02:00
Oystein Kristoffer Tveit	fd052eea5a	tsuki/grafana: use UNIX socket behind nginx	2023-07-12 23:27:10 +02:00
Oystein Kristoffer Tveit	1f3b5addd3	tsuki/hedgedoc: misc: - configure oauth2 (this requires a custom module for now, will be resolved in 23.11) - harden systemd service - add systemd requires list - use socket postgres uri	2023-07-12 02:30:00 +02:00
Oystein Kristoffer Tveit	5250d40457	grub: remove version, attr for 23.05	2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit	cf42debf37	tsuki/invidious: misc: - bind to 127.0.0.1 - depend on postgresql systemd unit	2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit	c8db83b925	tsuki/plex: harden systemd unit	2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit	20de3c260f	tsuki/postgres: misc: - add postgresql backup service - harden systemd unit - increase max_connections	2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit	82ea6e9f5a	tsuki: add timed nhk easy news scraper	2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit	dddc92877c	tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer	2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit	68b181fc05	tsuki/matrix/mx-puppet-discord: disable temporarily This still uses an old version of node that is disabled in nixpkgs 23.05, disabling for now	2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit	98745298c7	tsuki/matrix/mautrix-facebook: disable Got banned one too many times, disabling for now.	2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit	8a42e97014	tsuki/monitoring: misc: - Secure grafana better, it had secrets in the nix store - Set up prometheus exporters for nginx and php-fpm - Add urls for dashboards - Disable automatic updates	2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit	25b6f0f3e9	tsuki/vaultwarden: add vaultwarden, password manager	2023-07-12 02:06:38 +02:00
Oystein Kristoffer Tveit	40e95ce030	tsuki/borg: set up borgbackup	2023-07-12 02:06:37 +02:00
Oystein Kristoffer Tveit	0e3a4c35d2	tsuki/atuin: set up atuin server	2023-07-12 02:06:16 +02:00
Oystein Kristoffer Tveit	fc0e4f6c52	tsuki/nginx/www: real website dead, add temporary website	2023-07-12 02:04:57 +02:00
Oystein Kristoffer Tveit	949f228c97	tsuki/hydra: put all services below `system-hydra.slice`	2023-07-12 02:04:56 +02:00
Oystein Kristoffer Tveit	7f8d60057d	tsuki/headscale: fix oauth2, and set up tailscale	2023-07-12 02:04:53 +02:00
Oystein Kristoffer Tveit	dc14eaa086	sops: add kasei to sops	2023-05-08 02:50:47 +02:00
Oystein Kristoffer Tveit	3267e5f687	tsuki/headscale: start working on oidc login	2023-05-08 02:36:17 +02:00
Oystein Kristoffer Tveit	cc03b64376	common: use machinevars to determine whether to use x11	2023-05-08 02:36:15 +02:00
Oystein Kristoffer Tveit	58061df4ab	tsuki: set up nextcloud, without enabling it	2023-05-08 02:36:14 +02:00
Oystein Kristoffer Tveit	32885239c3	tsuki/pgadmin: misc - The pgadmin config has grown, and as a result, it has been split from the postgres file. - Setup OAuth - Setup uWSGI and forward to nginx via socket (This last part is still a little borked, and the service is not functioning entirely just yet)	2023-05-08 02:36:13 +02:00
Oystein Kristoffer Tveit	53dbedef2b	tsuki/hedgedoc: small auth url improvement	2023-05-08 02:36:12 +02:00
Oystein Kristoffer Tveit	f8c06f985e	common: update openssh setting API	2023-05-08 02:36:12 +02:00
Oystein Kristoffer Tveit	7cdf122c58	tsuki: set up invidious	2023-05-08 02:36:10 +02:00
Oystein Kristoffer Tveit	df3aa7c10e	tsuki: setup oauth2 for pgadmin This commit also changes the pgadmin package from `22.11` to `unstable`	2023-03-17 01:28:33 +01:00
Oystein Kristoffer Tveit	5e2a5a939b	tsuki: move gitea postgres password to sops	2023-03-08 15:59:50 +01:00
Oystein Kristoffer Tveit	a82a3f95c0	tsuki: move hardware config to configuration file	2023-03-08 15:26:07 +01:00
Oystein Kristoffer Tveit	7a0fcf7805	tsuki: configure wildcard certs for nginx	2023-03-08 14:54:43 +01:00
Oystein Kristoffer Tveit	ebd854a0ae	gitea: set up oauth2	2023-03-08 14:54:42 +01:00
Oystein Kristoffer Tveit	dd6c99226e	tsuki: set up hedgedoc the dynmap subdomain was also renamed from "dyn" to "map" in this commit	2023-03-08 14:54:40 +01:00
Oystein Kristoffer Tveit	1d99bbfd46	Set up sops-nix	2023-03-07 23:15:21 +01:00
Oystein Kristoffer Tveit	2ad7b7b2c3	tsuki: remove keycloak	2023-03-07 23:15:20 +01:00
Oystein Kristoffer Tveit	0df70d6c72	tsuki: add well-known autoconfig for thunderbird mail	2023-03-07 23:15:19 +01:00
Oystein Kristoffer Tveit	d5ae85092c	tsuki: set up kanidm	2023-03-07 23:15:18 +01:00
Oystein Kristoffer Tveit	f41fcce8c6	common: add some more nix options	2023-02-26 04:36:21 +01:00
Oystein Kristoffer Tveit	7c3c830d6e	tsuki: add recommended minecraft jvm flags	2023-02-25 21:15:35 +01:00
Oystein Kristoffer Tveit	5b0dd71b4a	tsuki: add some systemd constraints Add some systemd constraints to some fix boottime service failures	2023-02-25 21:12:38 +01:00
Oystein Kristoffer Tveit	a08f6ce28e	tsuki: add `.well-known/matrix/client`	2023-02-25 21:10:39 +01:00
Oystein Kristoffer Tveit	1eefc118bf	tsuki: add postgres to environment	2023-02-25 20:01:57 +01:00
Oystein Kristoffer Tveit	7f416ed5b8	common.nix: fix weird headless-var recursion issue	2023-02-25 18:05:57 +01:00
Oystein Kristoffer Tveit	42938295ac	kasei: misc changes - new screen setup - new network setup - don't explicitly enable xserver and lightdm - add nvidia video drivers to x11	2023-02-25 18:04:55 +01:00
Oystein Kristoffer Tveit	7ee4535963	kasei: enable docker and libvirtd	2023-02-25 18:01:22 +01:00
Oystein Kristoffer Tveit	c215f945e9	kasei: move hardware-configuration to main config	2023-02-25 18:01:06 +01:00
Oystein Kristoffer Tveit	6b037127e2	kasei: add temporary logid service	2023-02-25 18:00:02 +01:00
Oystein Kristoffer Tveit	45497aea2b	tsuki: set up proper grafana infrastructure - Set up a bunch of exporters - Download matching dashboard declarations - Remove influxdb	2023-01-20 19:55:52 +01:00
Oystein Kristoffer Tveit	b772e3eca3	use resolved globally	2023-01-20 19:53:08 +01:00
Oystein Kristoffer Tveit	e840a95ebe	tsuki: use matrix-synapse-next module with workers	2023-01-20 19:52:04 +01:00
Oystein Kristoffer Tveit	47d8aa7899	tsuki: add headscale	2023-01-16 17:16:42 +01:00
Oystein Kristoffer Tveit	b5030a7c06	tsuki: move grafana config into nondeprecated attrset	2023-01-16 17:16:40 +01:00

1 2 3 4 5

205 Commits