8dc56e4aa7
treewide: override several programs to conform to xdg dir spec
2024-06-08 12:37:01 +02:00
9caab9f6a7
start update to nixpkgs 24.05 by updating kasei and common
2024-06-02 17:17:24 +02:00
8f73eaf1b4
fonts: fix deprecated option names
2024-06-02 16:36:22 +02:00
299eee4238
common: add more nix builder declarations
2024-06-02 16:34:07 +02:00
29579969a4
common: declare local flake registry
2024-06-02 16:32:23 +02:00
5dca478291
fcitx: use declarative config
2024-06-02 16:31:08 +02:00
a8bfbbc532
common: add h7x4 to wireshark group
2024-06-02 16:30:31 +02:00
4f561c1dae
gnupg: use curses pinentry
2024-06-02 16:30:09 +02:00
c902040ade
common: move sudo-lecture out of etc
2024-06-02 16:29:48 +02:00
347a731839
kasei: misc general config
2024-06-02 16:26:44 +02:00
fce206e772
kasei: setup keybase using module
2024-06-02 16:18:56 +02:00
dd800a3794
tsuki/nhk-scraper: WIP changes
2024-01-23 05:51:37 +01:00
9f2e7f7ac1
tsuki/nginx: remove proxmox vhost
2024-01-23 05:49:17 +01:00
df5f0dc9c4
tsuki/matrix: use postgres through socket
2024-01-23 05:46:24 +01:00
4f020f4cdd
tsuki/matrix: downscale workers
2024-01-23 05:46:06 +01:00
b8daea8fc1
tsuki/headscale: conditional config
2024-01-23 05:40:52 +01:00
4d2875d168
tsuki/hedgedoc: use upstream module
2024-01-23 05:40:19 +01:00
22f5345026
tsuki/hydra: harden server unit
2024-01-23 05:36:39 +01:00
ce5c3666b9
tsuki/jupyter: set up tmpdirs for notebooks
2024-01-23 05:35:58 +01:00
1ea23dc42e
tsuki: set system.stateVersion
2024-01-23 05:35:20 +01:00
56df2f5e10
tsuki: lowercase hostname
2024-01-23 05:33:48 +01:00
8ce9100913
kanidm: explicitly bind to localhost
2024-01-23 05:32:34 +01:00
d629eedaaf
tsuki/navidrome: conditional config
2024-01-23 05:31:26 +01:00
72e7626e9d
tsuki/postgres: tune for bare metal setup
2024-01-23 05:31:06 +01:00
f49d3665fc
tsuki/vaultwarden: disable invitations
2024-01-23 05:30:14 +01:00
fe50d92f8c
tsuki/vaultwarden: conditional config
2024-01-23 05:29:57 +01:00
3d2825d1ec
tsuki/samba: init
2024-01-23 05:29:17 +01:00
1efd3d4f0a
tsuki/kanidm: set up backups
2024-01-23 05:27:43 +01:00
851d0c1fd0
tsuki/prometehus: set up slice for exporters
2024-01-23 05:26:22 +01:00
0d3e805611
tsuki: move to bare metal, set up zfs
2024-01-23 05:24:47 +01:00
3a52ba8901
treewide: update to nixos 23.11
2023-12-18 20:59:48 +01:00
b1650e91a6
kasei: split services into services
directory
2023-12-11 13:27:40 +01:00
7193a12ac2
tsuki/services: remove some uses of secret ports
2023-10-06 18:27:21 +02:00
3d613d1ac9
tsuki/invidious: use socket activation
2023-10-06 18:27:19 +02:00
424fea0dc8
tsuki/jupyter: use socket activation
2023-10-06 18:27:18 +02:00
5bb10df9e1
tsuki/borg: partial systemd hardening
...
There's still quite a bit to do, but the service fails on a weird option
that I've not been able to pin down. At least this is better than
nothing ¯\_(ツ)_/¯
2023-10-06 18:27:17 +02:00
450d26cf4b
tsuki/atuin: use socket activation
2023-10-06 18:27:16 +02:00
aca2962eec
tsuki/vaultwarden: use socket activation
2023-10-06 18:27:15 +02:00
caedfe1810
tsuki/matrix/stickers: use new module and add lots of stickerpacks
2023-10-06 18:27:14 +02:00
6663a8f280
tsuki/atuin: systemd harden
2023-07-28 22:25:50 +02:00
dec150ae98
gpg agent: systemwide -> homemanager
2023-07-28 22:23:43 +02:00
5f7eb0c8a5
tsuki/prometheus: add exporters for hedgedoc and gitea
2023-07-28 22:09:43 +02:00
d74ed2d045
tsuki/grafana: enable oauth2, misc hardening
2023-07-28 22:05:23 +02:00
816a46603a
tsuki/vaultwarden: systemd harden
2023-07-28 22:05:22 +02:00
b5874e2bcd
tsuki/navidrome: init
2023-07-28 22:05:22 +02:00
c2026eefeb
tsuki/nginx: small refactor
2023-07-28 22:05:22 +02:00
e6605b3a73
common/sshd: socket activate
2023-07-28 22:05:21 +02:00
c98a1a0541
tsuki/jupyter: harden security with sops and systemd
2023-07-28 22:00:07 +02:00
4456244f2d
modules: add modules for socket activation
2023-07-28 21:32:13 +02:00
f1e8c87acd
tsuki/configuration.nix: remove a few unused imports
2023-07-12 23:43:23 +02:00
1f5832074b
tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior
2023-07-12 23:42:07 +02:00
6c2bd3f2d5
tsuki/invidious: remove redundant code, add comments
2023-07-12 23:38:41 +02:00
394a932988
tsuki/nginx: misc:
...
- Move temporary website into its own file
- Collect all http uris into upstreams
- Convert some upstreams to UNIX sockets, as changed in the last few
commits
2023-07-12 23:36:57 +02:00
24a02d386c
tsuki/hedgedoc: misc:
...
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
2023-07-12 23:34:23 +02:00
5ea58f1b98
tsuki/gitea: use UNIX socket behind gitea
2023-07-12 23:30:39 +02:00
fd052eea5a
tsuki/grafana: use UNIX socket behind nginx
2023-07-12 23:27:10 +02:00
1f3b5addd3
tsuki/hedgedoc: misc:
...
- configure oauth2 (this requires a custom module for now,
will be resolved in 23.11)
- harden systemd service
- add systemd requires list
- use socket postgres uri
2023-07-12 02:30:00 +02:00
5250d40457
grub: remove version, attr for 23.05
2023-07-12 02:06:41 +02:00
cf42debf37
tsuki/invidious: misc:
...
- bind to 127.0.0.1
- depend on postgresql systemd unit
2023-07-12 02:06:41 +02:00
c8db83b925
tsuki/plex: harden systemd unit
2023-07-12 02:06:41 +02:00
20de3c260f
tsuki/postgres: misc:
...
- add postgresql backup service
- harden systemd unit
- increase max_connections
2023-07-12 02:06:40 +02:00
82ea6e9f5a
tsuki: add timed nhk easy news scraper
2023-07-12 02:06:40 +02:00
dddc92877c
tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer
2023-07-12 02:06:40 +02:00
68b181fc05
tsuki/matrix/mx-puppet-discord: disable temporarily
...
This still uses an old version of node that is disabled
in nixpkgs 23.05, disabling for now
2023-07-12 02:06:39 +02:00
98745298c7
tsuki/matrix/mautrix-facebook: disable
...
Got banned one too many times, disabling for now.
2023-07-12 02:06:39 +02:00
8a42e97014
tsuki/monitoring: misc:
...
- Secure grafana better, it had secrets in the nix store
- Set up prometheus exporters for nginx and php-fpm
- Add urls for dashboards
- Disable automatic updates
2023-07-12 02:06:39 +02:00
25b6f0f3e9
tsuki/vaultwarden: add vaultwarden, password manager
2023-07-12 02:06:38 +02:00
40e95ce030
tsuki/borg: set up borgbackup
2023-07-12 02:06:37 +02:00
0e3a4c35d2
tsuki/atuin: set up atuin server
2023-07-12 02:06:16 +02:00
fc0e4f6c52
tsuki/nginx/www: real website dead, add temporary website
2023-07-12 02:04:57 +02:00
949f228c97
tsuki/hydra: put all services below system-hydra.slice
2023-07-12 02:04:56 +02:00
7f8d60057d
tsuki/headscale: fix oauth2, and set up tailscale
2023-07-12 02:04:53 +02:00
dc14eaa086
sops: add kasei to sops
2023-05-08 02:50:47 +02:00
3267e5f687
tsuki/headscale: start working on oidc login
2023-05-08 02:36:17 +02:00
cc03b64376
common: use machinevars to determine whether to use x11
2023-05-08 02:36:15 +02:00
58061df4ab
tsuki: set up nextcloud, without enabling it
2023-05-08 02:36:14 +02:00
32885239c3
tsuki/pgadmin: misc
...
- The pgadmin config has grown, and as a result, it has been split from
the postgres file.
- Setup OAuth
- Setup uWSGI and forward to nginx via socket
(This last part is still a little borked, and the service is not
functioning entirely just yet)
2023-05-08 02:36:13 +02:00
53dbedef2b
tsuki/hedgedoc: small auth url improvement
2023-05-08 02:36:12 +02:00
f8c06f985e
common: update openssh setting API
2023-05-08 02:36:12 +02:00
7cdf122c58
tsuki: set up invidious
2023-05-08 02:36:10 +02:00
df3aa7c10e
tsuki: setup oauth2 for pgadmin
...
This commit also changes the pgadmin package from `22.11` to `unstable`
2023-03-17 01:28:33 +01:00
5e2a5a939b
tsuki: move gitea postgres password to sops
2023-03-08 15:59:50 +01:00
a82a3f95c0
tsuki: move hardware config to configuration file
2023-03-08 15:26:07 +01:00
7a0fcf7805
tsuki: configure wildcard certs for nginx
2023-03-08 14:54:43 +01:00
ebd854a0ae
gitea: set up oauth2
2023-03-08 14:54:42 +01:00
dd6c99226e
tsuki: set up hedgedoc
...
the dynmap subdomain was also renamed from "dyn" to "map" in this commit
2023-03-08 14:54:40 +01:00
1d99bbfd46
Set up sops-nix
2023-03-07 23:15:21 +01:00
2ad7b7b2c3
tsuki: remove keycloak
2023-03-07 23:15:20 +01:00
0df70d6c72
tsuki: add well-known autoconfig for thunderbird mail
2023-03-07 23:15:19 +01:00
d5ae85092c
tsuki: set up kanidm
2023-03-07 23:15:18 +01:00
f41fcce8c6
common: add some more nix options
2023-02-26 04:36:21 +01:00
7c3c830d6e
tsuki: add recommended minecraft jvm flags
2023-02-25 21:15:35 +01:00
5b0dd71b4a
tsuki: add some systemd constraints
...
Add some systemd constraints to some fix boottime service failures
2023-02-25 21:12:38 +01:00
a08f6ce28e
tsuki: add .well-known/matrix/client
2023-02-25 21:10:39 +01:00
1eefc118bf
tsuki: add postgres to environment
2023-02-25 20:01:57 +01:00
7f416ed5b8
common.nix: fix weird headless-var recursion issue
2023-02-25 18:05:57 +01:00
42938295ac
kasei: misc changes
...
- new screen setup
- new network setup
- don't explicitly enable xserver and lightdm
- add nvidia video drivers to x11
2023-02-25 18:04:55 +01:00
7ee4535963
kasei: enable docker and libvirtd
2023-02-25 18:01:22 +01:00
c215f945e9
kasei: move hardware-configuration to main config
2023-02-25 18:01:06 +01:00
6b037127e2
kasei: add temporary logid service
2023-02-25 18:00:02 +01:00
45497aea2b
tsuki: set up proper grafana infrastructure
...
- Set up a bunch of exporters
- Download matching dashboard declarations
- Remove influxdb
2023-01-20 19:55:52 +01:00
b772e3eca3
use resolved globally
2023-01-20 19:53:08 +01:00
e840a95ebe
tsuki: use matrix-synapse-next module with workers
2023-01-20 19:52:04 +01:00
47d8aa7899
tsuki: add headscale
2023-01-16 17:16:42 +01:00
b5030a7c06
tsuki: move grafana config into nondeprecated attrset
2023-01-16 17:16:40 +01:00
3820be9ef9
tsuki: update matrix stickers
2023-01-16 17:16:39 +01:00
ef4f5d4dd4
tsuki: reduce amount of gitea backups, and move state dir
2023-01-16 16:11:28 +01:00
eaa2e9bd1d
tsuki: update matrix stickers
2023-01-16 16:10:12 +01:00
1b0ed26f15
tsuki: set up minecraft server
2023-01-16 16:06:34 +01:00
c78b2a2c26
tsuki: add osuchan service
2023-01-04 14:32:11 +01:00
47f8183490
tsuki: move all datafiles/drives to TrueNAS NFS
2023-01-03 23:01:08 +01:00
aea736c2df
tsuki: remove a lot of unused services
...
Removed:
- dokuwiki (this was never properly set up)
- libvirt (this is already a virtual machine, double virtualization bad)
- openldap (this will become the responsibility of keycloak)
- openvpn (this will become the responsibility of head/tailscale)
- samba (this is now the responsibility of TrueNAS)
- searx (I never used this)
- gitlab (this has become the responsibility of gitea and hydra)
- syncthing (this was never properly set up)
The nix cache nginx entry is also paused, as it wasn't functional.
In this commit and the previous commit, the nginx config for the
minecraft server was also taken down, as the whole host is deleted.
The plan is to set it up again, this time using tsuki.
2023-01-03 22:52:24 +01:00
3d088d73be
tsuki: add maunium stickerpickers
2023-01-03 22:46:21 +01:00
2e3c8631fe
bi-annual nixos upgrade: 22.05
-> 22.11
2022-11-26 22:50:17 +01:00
f2a89d7c82
grafana: split up configuration + postgres
...
- Move `services/grafana.nix` to `services/grafana/default.nix`
- Split up all data collectors into separate files under
`services/grafana`
- Make grafana use postgres as its database
2022-11-26 17:16:04 +01:00
850eaa9b1a
Switch to fcitx5
2022-11-20 18:32:03 +01:00
8de5dd5f23
shell: update fixdisplay command
...
- add new `position` and `primary` options for fixdisplay
- make command completely lowercase
- initialize global zshrc
2022-11-20 17:12:27 +01:00
af345b38fc
kasei: add special home-manager-testing system config
2022-11-19 16:35:01 +01:00
bd7980ad97
kasei: remove wifi drivers (switch to ethernet)
2022-11-19 16:18:25 +01:00
14acc9a389
buildMachines: fix tsuki builder url
2022-11-19 16:16:05 +01:00
b3aa6cad81
lib: move lib extensions into its own module argument
2022-11-19 16:14:18 +01:00
ec2dd35824
kasei: update fixdisplay command
2022-11-11 21:19:46 +01:00
f9280452fb
nginx: fix failing hosts
...
- nani.wtf has changed flake structure
- jupyter need websockets
2022-11-08 14:28:59 +01:00
61a99fae7b
postgres: add backup service, change initial mail
2022-11-08 14:20:33 +01:00
b5de57fd01
Add config for jupyter
2022-11-05 22:49:54 +01:00
5d78680e82
Add dirty hack to fix gitea temporarily
2022-11-03 23:16:18 +01:00
4647c562ab
Remove unused nginx.nix, which was renamed in 1881cb0
2022-10-14 00:06:00 +02:00
db29ccddca
Tweaked Gitea theme and config
2022-10-14 00:02:19 +02:00
bdc8817eef
Added nix builder config for tsuki and isvegg
...
- Also updated nix package name
2022-10-13 23:58:48 +02:00
1881cb0bca
Extended nani.wtf/.well-known with some new stuff
...
- Added WKD openpgp key
- Added security.txt
- Added keybase.txt
2022-10-13 23:42:42 +02:00
1ff35d1c2d
Add trusted matrix servers
2022-10-06 21:30:47 +02:00
cf7c367416
Several gitea changes:
...
- Add monokai theme
- Set package to unstable
- Set landing page to explore
2022-10-06 21:27:20 +02:00
591c1b0968
Add yubikey support
2022-09-22 04:08:38 +02:00
fe3bdd4949
add 'https' to hydra link for proper website links
2022-09-22 01:58:26 +02:00
2a722dbf73
Use hydra with unstable nix tool
2022-09-22 00:51:00 +02:00
531bd4bab3
Configure nginx to play nice with cloudflare
2022-09-22 00:48:21 +02:00
22419caadd
Several changes:
...
- Change secret outputs into home-manager and nixos specific
- Specifiy home-manager module import in flake.
2022-08-19 14:50:03 +02:00
b7d71c1e69
Change kasei nvidia driver
2022-08-19 12:55:26 +02:00
0fc1d15c35
Several changes to Xmonad/Xmobar:
...
- Change from xmobar to polybar
- Rename workspaces
- Add some new scratchpads
- Change xmonad.org to xmonad.hs
2022-08-19 03:49:21 +02:00
8f68ada082
Move home-manager related files into home directory
2022-08-19 01:54:13 +02:00
56a100f0c6
Set up samba
2022-08-19 01:08:22 +02:00
3f7f9ceead
Use unstable nix tool
2022-08-18 23:15:50 +02:00
68c1ee2656
Make project buildable
2022-08-16 03:24:06 +02:00
e72231e80a
Pull out more host settings to common
2022-08-16 02:09:56 +02:00
26218809a5
Several changes
2022-06-22 20:16:57 +02:00
1dcc822bfd
update synapse
2022-06-22 20:09:30 +02:00
efcfd09530
misc small changes
...
- make vscode linenumbers relative
- add vscode-server
- make gitea backup hourly
- some changes in nginx vhosts
- add disk to tsuki
- update flake lock
2022-06-21 01:52:34 +02:00
79a995e19e
Move colors and machinevars into modules
2022-06-21 01:47:36 +02:00
2eae0e5ebf
Upgrade to 22.05
2022-06-12 00:23:10 +02:00
8e3f28bc31
Extract lots of host config to common config
2022-06-12 00:07:40 +02:00