Commit Graph

379 Commits

Author SHA1 Message Date
Oystein Kristoffer Tveit 24a02d386c
tsuki/hedgedoc: misc:
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
2023-07-12 23:34:23 +02:00
Oystein Kristoffer Tveit 5ea58f1b98
tsuki/gitea: use UNIX socket behind gitea 2023-07-12 23:30:39 +02:00
Oystein Kristoffer Tveit fd052eea5a
tsuki/grafana: use UNIX socket behind nginx 2023-07-12 23:27:10 +02:00
Oystein Kristoffer Tveit 1f3b5addd3
tsuki/hedgedoc: misc:
- configure oauth2 (this requires a custom module for now,
    will be resolved in 23.11)
- harden systemd service
- add systemd requires list
- use socket postgres uri
2023-07-12 02:30:00 +02:00
Oystein Kristoffer Tveit 96617500df
flake.nix: update several inputs, nixpkgs 23.05 2023-07-12 02:09:54 +02:00
Oystein Kristoffer Tveit 5250d40457
grub: remove version, attr for 23.05 2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit cf42debf37
tsuki/invidious: misc:
- bind to 127.0.0.1
- depend on postgresql systemd unit
2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit c8db83b925
tsuki/plex: harden systemd unit 2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit 20de3c260f
tsuki/postgres: misc:
- add postgresql backup service
- harden systemd unit
- increase max_connections
2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit 82ea6e9f5a
tsuki: add timed nhk easy news scraper 2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit dddc92877c
tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer 2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit 68b181fc05
tsuki/matrix/mx-puppet-discord: disable temporarily
This still uses an old version of node that is disabled
in nixpkgs 23.05, disabling for now
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 98745298c7
tsuki/matrix/mautrix-facebook: disable
Got banned one too many times, disabling for now.
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 8a42e97014
tsuki/monitoring: misc:
- Secure grafana better, it had secrets in the nix store
- Set up prometheus exporters for nginx and php-fpm
- Add urls for dashboards
- Disable automatic updates
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 25b6f0f3e9
tsuki/vaultwarden: add vaultwarden, password manager 2023-07-12 02:06:38 +02:00
Oystein Kristoffer Tveit 40e95ce030
tsuki/borg: set up borgbackup 2023-07-12 02:06:37 +02:00
Oystein Kristoffer Tveit 0e3a4c35d2
tsuki/atuin: set up atuin server 2023-07-12 02:06:16 +02:00
Oystein Kristoffer Tveit fc0e4f6c52
tsuki/nginx/www: real website dead, add temporary website 2023-07-12 02:04:57 +02:00
Oystein Kristoffer Tveit e0250a1572
home/atuin: set up sync 2023-07-12 02:04:56 +02:00
Oystein Kristoffer Tveit 949f228c97
tsuki/hydra: put all services below `system-hydra.slice` 2023-07-12 02:04:56 +02:00
Oystein Kristoffer Tveit 7f8d60057d
tsuki/headscale: fix oauth2, and set up tailscale 2023-07-12 02:04:53 +02:00
Oystein Kristoffer Tveit bb67d0b308
home/packages: add two packages
- birdtray
- libnotify
2023-05-08 02:52:06 +02:00
Oystein Kristoffer Tveit a25ef4ada9
home/git: add `switch-interactive` alias 2023-05-08 02:51:15 +02:00
Oystein Kristoffer Tveit dc14eaa086
sops: add kasei to sops 2023-05-08 02:50:47 +02:00
Oystein Kristoffer Tveit 139d5418be
gitignore: add rule ignoring all nix result types 2023-05-08 02:47:43 +02:00
Oystein Kristoffer Tveit e185f0780c
home/vscode: remove lots of unused extensions and config 2023-05-08 02:47:43 +02:00
Oystein Kristoffer Tveit 3267e5f687
tsuki/headscale: start working on oidc login 2023-05-08 02:36:17 +02:00
Oystein Kristoffer Tveit cc03b64376
common: use machinevars to determine whether to use x11 2023-05-08 02:36:15 +02:00
Oystein Kristoffer Tveit 58061df4ab
tsuki: set up nextcloud, without enabling it 2023-05-08 02:36:14 +02:00
Oystein Kristoffer Tveit 32885239c3
tsuki/pgadmin: misc
- The pgadmin config has grown, and as a result, it has been split from
    the postgres file.
- Setup OAuth
- Setup uWSGI and forward to nginx via socket
  (This last part is still a little borked, and the service is not
  functioning entirely just yet)
2023-05-08 02:36:13 +02:00
Oystein Kristoffer Tveit 53dbedef2b
tsuki/hedgedoc: small auth url improvement 2023-05-08 02:36:12 +02:00
Oystein Kristoffer Tveit f8c06f985e
common: update openssh setting API 2023-05-08 02:36:12 +02:00
Oystein Kristoffer Tveit 78939bbb55
home/zsh: partially disable slow compinit 2023-05-08 02:36:11 +02:00
Oystein Kristoffer Tveit 7cdf122c58
tsuki: set up invidious 2023-05-08 02:36:10 +02:00
Oystein Kristoffer Tveit 10997b802c
home/git: add `authors` alias 2023-05-08 01:49:29 +02:00
Oystein Kristoffer Tveit d33e310e7d
home: add atuin 2023-05-08 01:48:38 +02:00
Oystein Kristoffer Tveit 418ab8c155
shell: add systemd related aliases 2023-03-17 01:28:35 +01:00
Oystein Kristoffer Tveit e78d1408aa
packages: remove `mps-youtube`
This program apparently now has a fork at https://github.com/mps-youtube/yewtube
but I never used it, so I'd rather just remove it altogether
2023-03-17 01:28:34 +01:00
Oystein Kristoffer Tveit df3aa7c10e
tsuki: setup oauth2 for pgadmin
This commit also changes the pgadmin package from `22.11` to `unstable`
2023-03-17 01:28:33 +01:00
Oystein Kristoffer Tveit 5e2a5a939b
tsuki: move gitea postgres password to sops 2023-03-08 15:59:50 +01:00
Oystein Kristoffer Tveit a82a3f95c0
tsuki: move hardware config to configuration file 2023-03-08 15:26:07 +01:00
Oystein Kristoffer Tveit 7a0fcf7805
tsuki: configure wildcard certs for nginx 2023-03-08 14:54:43 +01:00
Oystein Kristoffer Tveit ebd854a0ae
gitea: set up oauth2 2023-03-08 14:54:42 +01:00
Oystein Kristoffer Tveit f34fd8e345
kanidm: temp override to 1.1.0-alpha.11 2023-03-08 14:54:41 +01:00
Oystein Kristoffer Tveit dd6c99226e
tsuki: set up hedgedoc
the dynmap subdomain was also renamed from "dyn" to "map" in this commit
2023-03-08 14:54:40 +01:00
Oystein Kristoffer Tveit 1d99bbfd46
Set up sops-nix 2023-03-07 23:15:21 +01:00
Oystein Kristoffer Tveit 2ad7b7b2c3
tsuki: remove keycloak 2023-03-07 23:15:20 +01:00
Oystein Kristoffer Tveit 0df70d6c72
tsuki: add well-known autoconfig for thunderbird mail 2023-03-07 23:15:19 +01:00
Oystein Kristoffer Tveit d5ae85092c
tsuki: set up kanidm 2023-03-07 23:15:18 +01:00
Oystein Kristoffer Tveit 72ec7c3f2c
gtk: make gtk3 bookmarks public
Let's hope they won't cause a CVE or something
2023-03-07 23:03:33 +01:00