oysteikt/nix-dotfiles
1
1
Fork 0
Code Issues 141 Pull Requests Activity
258 Commits 5 Branches 0 Tags
5dca47829118881fb3a26b74d8549255adff60c2
Commit Graph

155 Commits

Author SHA1 Message Date
h7x4
5dca478291 fcitx: use declarative config 2024-06-02 16:31:08 +02:00
h7x4
a8bfbbc532 common: add h7x4 to wireshark group 2024-06-02 16:30:31 +02:00
h7x4
4f561c1dae gnupg: use curses pinentry 2024-06-02 16:30:09 +02:00
h7x4
c902040ade common: move sudo-lecture out of etc 2024-06-02 16:29:48 +02:00
h7x4
347a731839 kasei: misc general config 2024-06-02 16:26:44 +02:00
h7x4
fce206e772 kasei: setup keybase using module 2024-06-02 16:18:56 +02:00
h7x4
dd800a3794 tsuki/nhk-scraper: WIP changes 2024-01-23 05:51:37 +01:00
h7x4
9f2e7f7ac1 tsuki/nginx: remove proxmox vhost 2024-01-23 05:49:17 +01:00
h7x4
df5f0dc9c4 tsuki/matrix: use postgres through socket 2024-01-23 05:46:24 +01:00
h7x4
4f020f4cdd tsuki/matrix: downscale workers 2024-01-23 05:46:06 +01:00
h7x4
b8daea8fc1 tsuki/headscale: conditional config 2024-01-23 05:40:52 +01:00
h7x4
4d2875d168 tsuki/hedgedoc: use upstream module 2024-01-23 05:40:19 +01:00
h7x4
22f5345026 tsuki/hydra: harden server unit 2024-01-23 05:36:39 +01:00
h7x4
ce5c3666b9 tsuki/jupyter: set up tmpdirs for notebooks 2024-01-23 05:35:58 +01:00
h7x4
1ea23dc42e tsuki: set system.stateVersion 2024-01-23 05:35:20 +01:00
h7x4
56df2f5e10 tsuki: lowercase hostname 2024-01-23 05:33:48 +01:00
h7x4
8ce9100913 kanidm: explicitly bind to localhost 2024-01-23 05:32:34 +01:00
h7x4
d629eedaaf tsuki/navidrome: conditional config 2024-01-23 05:31:26 +01:00
h7x4
72e7626e9d tsuki/postgres: tune for bare metal setup 2024-01-23 05:31:06 +01:00
h7x4
f49d3665fc tsuki/vaultwarden: disable invitations 2024-01-23 05:30:14 +01:00
h7x4
fe50d92f8c tsuki/vaultwarden: conditional config 2024-01-23 05:29:57 +01:00
h7x4
3d2825d1ec tsuki/samba: init 2024-01-23 05:29:17 +01:00
h7x4
1efd3d4f0a tsuki/kanidm: set up backups 2024-01-23 05:27:43 +01:00
h7x4
851d0c1fd0 tsuki/prometehus: set up slice for exporters 2024-01-23 05:26:22 +01:00
h7x4
0d3e805611 tsuki: move to bare metal, set up zfs 2024-01-23 05:24:47 +01:00
h7x4
3a52ba8901 treewide: update to nixos 23.11 2023-12-18 20:59:48 +01:00
h7x4
b1650e91a6 kasei: split services into services directory 2023-12-11 13:27:40 +01:00
h7x4
7193a12ac2 tsuki/services: remove some uses of secret ports 2023-10-06 18:27:21 +02:00
h7x4
3d613d1ac9 tsuki/invidious: use socket activation 2023-10-06 18:27:19 +02:00
h7x4
424fea0dc8 tsuki/jupyter: use socket activation 2023-10-06 18:27:18 +02:00
h7x4
5bb10df9e1 tsuki/borg: partial systemd hardening 
There's still quite a bit to do, but the service fails on a weird option
that I've not been able to pin down. At least this is better than
nothing ¯\_(ツ)_/¯
 2023-10-06 18:27:17 +02:00
h7x4
450d26cf4b tsuki/atuin: use socket activation 2023-10-06 18:27:16 +02:00
h7x4
aca2962eec tsuki/vaultwarden: use socket activation 2023-10-06 18:27:15 +02:00
h7x4
caedfe1810 tsuki/matrix/stickers: use new module and add lots of stickerpacks 2023-10-06 18:27:14 +02:00
h7x4
6663a8f280 tsuki/atuin: systemd harden 2023-07-28 22:25:50 +02:00
h7x4
dec150ae98 gpg agent: systemwide -> homemanager 2023-07-28 22:23:43 +02:00
h7x4
5f7eb0c8a5 tsuki/prometheus: add exporters for hedgedoc and gitea 2023-07-28 22:09:43 +02:00
h7x4
d74ed2d045 tsuki/grafana: enable oauth2, misc hardening 2023-07-28 22:05:23 +02:00
h7x4
816a46603a tsuki/vaultwarden: systemd harden 2023-07-28 22:05:22 +02:00
h7x4
b5874e2bcd tsuki/navidrome: init 2023-07-28 22:05:22 +02:00
h7x4
c2026eefeb tsuki/nginx: small refactor 2023-07-28 22:05:22 +02:00
h7x4
e6605b3a73 common/sshd: socket activate 2023-07-28 22:05:21 +02:00
h7x4
c98a1a0541 tsuki/jupyter: harden security with sops and systemd 2023-07-28 22:00:07 +02:00
h7x4
4456244f2d modules: add modules for socket activation 2023-07-28 21:32:13 +02:00
h7x4
f1e8c87acd tsuki/configuration.nix: remove a few unused imports 2023-07-12 23:43:23 +02:00
h7x4
1f5832074b tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior 2023-07-12 23:42:07 +02:00
h7x4
6c2bd3f2d5 tsuki/invidious: remove redundant code, add comments 2023-07-12 23:38:41 +02:00
h7x4
394a932988 tsuki/nginx: misc: 
- Move temporary website into its own file
- Collect all http uris into upstreams
- Convert some upstreams to UNIX sockets, as changed in the last few
  commits
 2023-07-12 23:36:57 +02:00
h7x4
24a02d386c tsuki/hedgedoc: misc: 
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
 2023-07-12 23:34:23 +02:00
h7x4
5ea58f1b98 tsuki/gitea: use UNIX socket behind gitea 2023-07-12 23:30:39 +02:00