Oystein Kristoffer Tveit
067a97bfbc
common/nix: add github access tokens
2024-06-25 20:21:16 +02:00
Oystein Kristoffer Tveit
f74c1f7aa8
secrets: split secrets per machine to reduce conflicts
2024-06-25 19:27:23 +02:00
Oystein Kristoffer Tveit
96a2a3b3a0
kasei: add binfmt.emulatedSystems
2024-06-25 19:03:00 +02:00
Oystein Kristoffer Tveit
f3bcaad18b
fcitx5: move configuration to home-manager
2024-06-25 19:01:07 +02:00
Oystein Kristoffer Tveit
73f527559e
tsuki/nginx: add vhost for experimental mutable bluemap setup
2024-06-10 00:50:11 +02:00
Oystein Kristoffer Tveit
a6c24b04a1
tsuki/nhk-easy-news-scraper: temporarily disable statedir + bindmount
2024-06-10 00:48:02 +02:00
Oystein Kristoffer Tveit
e3cedee060
tsuki/matrix-synapse: add dependencies to systemd slice
2024-06-10 00:46:49 +02:00
Oystein Kristoffer Tveit
53c6c32fb8
tsuki/plex: remove security hardening, included in nixos 24.05
2024-06-10 00:45:19 +02:00
Oystein Kristoffer Tveit
3a81abb683
tsuki/matrix-stickers: update hash for stickerpack
2024-06-10 00:44:39 +02:00
Oystein Kristoffer Tveit
9d090da7cd
rebase: remove mx-puppet-discord
2024-06-10 00:43:55 +02:00
Oystein Kristoffer Tveit
9187a62d6f
tsuki: use `ensureDBOwnership` for postgres for nixos 24.05 migration
2024-06-10 00:43:04 +02:00
Oystein Kristoffer Tveit
68bf2cd1b0
inputs/maunium-stickerpicker-nix: pin to release
2024-06-09 16:18:42 +02:00
Oystein Kristoffer Tveit
c7123f23ac
tsuki/invidious: remove
2024-06-09 16:13:32 +02:00
Oystein Kristoffer Tveit
e943f2fe5f
tsuki/headscale: disable
2024-06-09 16:13:32 +02:00
Oystein Kristoffer Tveit
830e5477f3
tsuki/navidrome: remove
2024-06-09 16:13:31 +02:00
Oystein Kristoffer Tveit
7f36a1b8c8
tsuki/mx-puppet-discord: remove
2024-06-09 16:13:31 +02:00
Oystein Kristoffer Tveit
2a388e29a5
tsuki/mautrix-facebook: remove
2024-06-09 16:13:31 +02:00
Oystein Kristoffer Tveit
2b0968283d
tsuki/gitea: remove
2024-06-09 16:13:31 +02:00
Oystein Kristoffer Tveit
a20bb288aa
tsuki/jupyter: remove
2024-06-09 15:40:57 +02:00
Oystein Kristoffer Tveit
3b736e4c61
tsuki/pgadmin: remove
2024-06-09 15:34:09 +02:00
Oystein Kristoffer Tveit
358a668aa7
tsuki/hydra: remove
2024-06-09 15:30:17 +02:00
Oystein Kristoffer Tveit
37a43a2bd9
tsuki/gitea-runners: init
2024-06-09 15:25:47 +02:00
Oystein Kristoffer Tveit
43cabb09ef
kasei/avahi: setup
2024-06-08 12:47:46 +02:00
Oystein Kristoffer Tveit
5bdf629e2f
nix-ld: setup
2024-06-08 12:45:43 +02:00
Oystein Kristoffer Tveit
89a667ec7e
nix: remove repl-flake experimental feature
2024-06-08 12:45:16 +02:00
Oystein Kristoffer Tveit
8dc56e4aa7
treewide: override several programs to conform to xdg dir spec
2024-06-08 12:37:01 +02:00
Oystein Kristoffer Tveit
9caab9f6a7
start update to nixpkgs 24.05 by updating kasei and common
2024-06-02 17:17:24 +02:00
Oystein Kristoffer Tveit
8f73eaf1b4
fonts: fix deprecated option names
2024-06-02 16:36:22 +02:00
Oystein Kristoffer Tveit
299eee4238
common: add more nix builder declarations
2024-06-02 16:34:07 +02:00
Oystein Kristoffer Tveit
29579969a4
common: declare local flake registry
2024-06-02 16:32:23 +02:00
Oystein Kristoffer Tveit
5dca478291
fcitx: use declarative config
2024-06-02 16:31:08 +02:00
Oystein Kristoffer Tveit
a8bfbbc532
common: add h7x4 to wireshark group
2024-06-02 16:30:31 +02:00
Oystein Kristoffer Tveit
4f561c1dae
gnupg: use curses pinentry
2024-06-02 16:30:09 +02:00
Oystein Kristoffer Tveit
c902040ade
common: move sudo-lecture out of etc
2024-06-02 16:29:48 +02:00
Oystein Kristoffer Tveit
347a731839
kasei: misc general config
2024-06-02 16:26:44 +02:00
Oystein Kristoffer Tveit
fce206e772
kasei: setup keybase using module
2024-06-02 16:18:56 +02:00
Oystein Kristoffer Tveit
dd800a3794
tsuki/nhk-scraper: WIP changes
2024-01-23 05:51:37 +01:00
Oystein Kristoffer Tveit
9f2e7f7ac1
tsuki/nginx: remove proxmox vhost
2024-01-23 05:49:17 +01:00
Oystein Kristoffer Tveit
df5f0dc9c4
tsuki/matrix: use postgres through socket
2024-01-23 05:46:24 +01:00
Oystein Kristoffer Tveit
4f020f4cdd
tsuki/matrix: downscale workers
2024-01-23 05:46:06 +01:00
Oystein Kristoffer Tveit
b8daea8fc1
tsuki/headscale: conditional config
2024-01-23 05:40:52 +01:00
Oystein Kristoffer Tveit
4d2875d168
tsuki/hedgedoc: use upstream module
2024-01-23 05:40:19 +01:00
Oystein Kristoffer Tveit
22f5345026
tsuki/hydra: harden server unit
2024-01-23 05:36:39 +01:00
Oystein Kristoffer Tveit
ce5c3666b9
tsuki/jupyter: set up tmpdirs for notebooks
2024-01-23 05:35:58 +01:00
Oystein Kristoffer Tveit
1ea23dc42e
tsuki: set system.stateVersion
2024-01-23 05:35:20 +01:00
Oystein Kristoffer Tveit
56df2f5e10
tsuki: lowercase hostname
2024-01-23 05:33:48 +01:00
Oystein Kristoffer Tveit
8ce9100913
kanidm: explicitly bind to localhost
2024-01-23 05:32:34 +01:00
Oystein Kristoffer Tveit
d629eedaaf
tsuki/navidrome: conditional config
2024-01-23 05:31:26 +01:00
Oystein Kristoffer Tveit
72e7626e9d
tsuki/postgres: tune for bare metal setup
2024-01-23 05:31:06 +01:00
Oystein Kristoffer Tveit
f49d3665fc
tsuki/vaultwarden: disable invitations
2024-01-23 05:30:14 +01:00
Oystein Kristoffer Tveit
fe50d92f8c
tsuki/vaultwarden: conditional config
2024-01-23 05:29:57 +01:00
Oystein Kristoffer Tveit
3d2825d1ec
tsuki/samba: init
2024-01-23 05:29:17 +01:00
Oystein Kristoffer Tveit
1efd3d4f0a
tsuki/kanidm: set up backups
2024-01-23 05:27:43 +01:00
Oystein Kristoffer Tveit
851d0c1fd0
tsuki/prometehus: set up slice for exporters
2024-01-23 05:26:22 +01:00
Oystein Kristoffer Tveit
0d3e805611
tsuki: move to bare metal, set up zfs
2024-01-23 05:24:47 +01:00
Oystein Kristoffer Tveit
3a52ba8901
treewide: update to nixos 23.11
2023-12-18 20:59:48 +01:00
Oystein Kristoffer Tveit
b1650e91a6
kasei: split services into `services` directory
2023-12-11 13:27:40 +01:00
Oystein Kristoffer Tveit
7193a12ac2
tsuki/services: remove some uses of secret ports
2023-10-06 18:27:21 +02:00
Oystein Kristoffer Tveit
3d613d1ac9
tsuki/invidious: use socket activation
2023-10-06 18:27:19 +02:00
Oystein Kristoffer Tveit
424fea0dc8
tsuki/jupyter: use socket activation
2023-10-06 18:27:18 +02:00
Oystein Kristoffer Tveit
5bb10df9e1
tsuki/borg: partial systemd hardening
...
There's still quite a bit to do, but the service fails on a weird option
that I've not been able to pin down. At least this is better than
nothing ¯\_(ツ)_/¯
2023-10-06 18:27:17 +02:00
Oystein Kristoffer Tveit
450d26cf4b
tsuki/atuin: use socket activation
2023-10-06 18:27:16 +02:00
Oystein Kristoffer Tveit
aca2962eec
tsuki/vaultwarden: use socket activation
2023-10-06 18:27:15 +02:00
Oystein Kristoffer Tveit
caedfe1810
tsuki/matrix/stickers: use new module and add lots of stickerpacks
2023-10-06 18:27:14 +02:00
Oystein Kristoffer Tveit
6663a8f280
tsuki/atuin: systemd harden
2023-07-28 22:25:50 +02:00
Oystein Kristoffer Tveit
dec150ae98
gpg agent: systemwide -> homemanager
2023-07-28 22:23:43 +02:00
Oystein Kristoffer Tveit
5f7eb0c8a5
tsuki/prometheus: add exporters for hedgedoc and gitea
2023-07-28 22:09:43 +02:00
Oystein Kristoffer Tveit
d74ed2d045
tsuki/grafana: enable oauth2, misc hardening
2023-07-28 22:05:23 +02:00
Oystein Kristoffer Tveit
816a46603a
tsuki/vaultwarden: systemd harden
2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit
b5874e2bcd
tsuki/navidrome: init
2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit
c2026eefeb
tsuki/nginx: small refactor
2023-07-28 22:05:22 +02:00
Oystein Kristoffer Tveit
e6605b3a73
common/sshd: socket activate
2023-07-28 22:05:21 +02:00
Oystein Kristoffer Tveit
c98a1a0541
tsuki/jupyter: harden security with sops and systemd
2023-07-28 22:00:07 +02:00
Oystein Kristoffer Tveit
4456244f2d
modules: add modules for socket activation
2023-07-28 21:32:13 +02:00
Oystein Kristoffer Tveit
f1e8c87acd
tsuki/configuration.nix: remove a few unused imports
2023-07-12 23:43:23 +02:00
Oystein Kristoffer Tveit
1f5832074b
tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior
2023-07-12 23:42:07 +02:00
Oystein Kristoffer Tveit
6c2bd3f2d5
tsuki/invidious: remove redundant code, add comments
2023-07-12 23:38:41 +02:00
Oystein Kristoffer Tveit
394a932988
tsuki/nginx: misc:
...
- Move temporary website into its own file
- Collect all http uris into upstreams
- Convert some upstreams to UNIX sockets, as changed in the last few
commits
2023-07-12 23:36:57 +02:00
Oystein Kristoffer Tveit
24a02d386c
tsuki/hedgedoc: misc:
...
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
2023-07-12 23:34:23 +02:00
Oystein Kristoffer Tveit
5ea58f1b98
tsuki/gitea: use UNIX socket behind gitea
2023-07-12 23:30:39 +02:00
Oystein Kristoffer Tveit
fd052eea5a
tsuki/grafana: use UNIX socket behind nginx
2023-07-12 23:27:10 +02:00
Oystein Kristoffer Tveit
1f3b5addd3
tsuki/hedgedoc: misc:
...
- configure oauth2 (this requires a custom module for now,
will be resolved in 23.11)
- harden systemd service
- add systemd requires list
- use socket postgres uri
2023-07-12 02:30:00 +02:00
Oystein Kristoffer Tveit
5250d40457
grub: remove version, attr for 23.05
2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit
cf42debf37
tsuki/invidious: misc:
...
- bind to 127.0.0.1
- depend on postgresql systemd unit
2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit
c8db83b925
tsuki/plex: harden systemd unit
2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit
20de3c260f
tsuki/postgres: misc:
...
- add postgresql backup service
- harden systemd unit
- increase max_connections
2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit
82ea6e9f5a
tsuki: add timed nhk easy news scraper
2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit
dddc92877c
tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer
2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit
68b181fc05
tsuki/matrix/mx-puppet-discord: disable temporarily
...
This still uses an old version of node that is disabled
in nixpkgs 23.05, disabling for now
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit
98745298c7
tsuki/matrix/mautrix-facebook: disable
...
Got banned one too many times, disabling for now.
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit
8a42e97014
tsuki/monitoring: misc:
...
- Secure grafana better, it had secrets in the nix store
- Set up prometheus exporters for nginx and php-fpm
- Add urls for dashboards
- Disable automatic updates
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit
25b6f0f3e9
tsuki/vaultwarden: add vaultwarden, password manager
2023-07-12 02:06:38 +02:00
Oystein Kristoffer Tveit
40e95ce030
tsuki/borg: set up borgbackup
2023-07-12 02:06:37 +02:00
Oystein Kristoffer Tveit
0e3a4c35d2
tsuki/atuin: set up atuin server
2023-07-12 02:06:16 +02:00
Oystein Kristoffer Tveit
fc0e4f6c52
tsuki/nginx/www: real website dead, add temporary website
2023-07-12 02:04:57 +02:00
Oystein Kristoffer Tveit
949f228c97
tsuki/hydra: put all services below `system-hydra.slice`
2023-07-12 02:04:56 +02:00
Oystein Kristoffer Tveit
7f8d60057d
tsuki/headscale: fix oauth2, and set up tailscale
2023-07-12 02:04:53 +02:00
Oystein Kristoffer Tveit
dc14eaa086
sops: add kasei to sops
2023-05-08 02:50:47 +02:00
Oystein Kristoffer Tveit
3267e5f687
tsuki/headscale: start working on oidc login
2023-05-08 02:36:17 +02:00
Oystein Kristoffer Tveit
cc03b64376
common: use machinevars to determine whether to use x11
2023-05-08 02:36:15 +02:00