Commit Graph

207 Commits

Author SHA1 Message Date
299eee4238
common: add more nix builder declarations 2024-06-02 16:34:07 +02:00
29579969a4
common: declare local flake registry 2024-06-02 16:32:23 +02:00
5dca478291
fcitx: use declarative config 2024-06-02 16:31:08 +02:00
a8bfbbc532
common: add h7x4 to wireshark group 2024-06-02 16:30:31 +02:00
4f561c1dae
gnupg: use curses pinentry 2024-06-02 16:30:09 +02:00
c902040ade
common: move sudo-lecture out of etc 2024-06-02 16:29:48 +02:00
347a731839
kasei: misc general config 2024-06-02 16:26:44 +02:00
fce206e772
kasei: setup keybase using module 2024-06-02 16:18:56 +02:00
dd800a3794
tsuki/nhk-scraper: WIP changes 2024-01-23 05:51:37 +01:00
9f2e7f7ac1
tsuki/nginx: remove proxmox vhost 2024-01-23 05:49:17 +01:00
df5f0dc9c4
tsuki/matrix: use postgres through socket 2024-01-23 05:46:24 +01:00
4f020f4cdd
tsuki/matrix: downscale workers 2024-01-23 05:46:06 +01:00
b8daea8fc1
tsuki/headscale: conditional config 2024-01-23 05:40:52 +01:00
4d2875d168
tsuki/hedgedoc: use upstream module 2024-01-23 05:40:19 +01:00
22f5345026
tsuki/hydra: harden server unit 2024-01-23 05:36:39 +01:00
ce5c3666b9
tsuki/jupyter: set up tmpdirs for notebooks 2024-01-23 05:35:58 +01:00
1ea23dc42e
tsuki: set system.stateVersion 2024-01-23 05:35:20 +01:00
56df2f5e10
tsuki: lowercase hostname 2024-01-23 05:33:48 +01:00
8ce9100913
kanidm: explicitly bind to localhost 2024-01-23 05:32:34 +01:00
d629eedaaf
tsuki/navidrome: conditional config 2024-01-23 05:31:26 +01:00
72e7626e9d
tsuki/postgres: tune for bare metal setup 2024-01-23 05:31:06 +01:00
f49d3665fc
tsuki/vaultwarden: disable invitations 2024-01-23 05:30:14 +01:00
fe50d92f8c
tsuki/vaultwarden: conditional config 2024-01-23 05:29:57 +01:00
3d2825d1ec
tsuki/samba: init 2024-01-23 05:29:17 +01:00
1efd3d4f0a
tsuki/kanidm: set up backups 2024-01-23 05:27:43 +01:00
851d0c1fd0
tsuki/prometehus: set up slice for exporters 2024-01-23 05:26:22 +01:00
0d3e805611
tsuki: move to bare metal, set up zfs 2024-01-23 05:24:47 +01:00
3a52ba8901
treewide: update to nixos 23.11 2023-12-18 20:59:48 +01:00
b1650e91a6
kasei: split services into services directory 2023-12-11 13:27:40 +01:00
7193a12ac2
tsuki/services: remove some uses of secret ports 2023-10-06 18:27:21 +02:00
3d613d1ac9
tsuki/invidious: use socket activation 2023-10-06 18:27:19 +02:00
424fea0dc8
tsuki/jupyter: use socket activation 2023-10-06 18:27:18 +02:00
5bb10df9e1
tsuki/borg: partial systemd hardening
There's still quite a bit to do, but the service fails on a weird option
that I've not been able to pin down. At least this is better than
nothing ¯\_(ツ)_/¯
2023-10-06 18:27:17 +02:00
450d26cf4b
tsuki/atuin: use socket activation 2023-10-06 18:27:16 +02:00
aca2962eec
tsuki/vaultwarden: use socket activation 2023-10-06 18:27:15 +02:00
caedfe1810
tsuki/matrix/stickers: use new module and add lots of stickerpacks 2023-10-06 18:27:14 +02:00
6663a8f280
tsuki/atuin: systemd harden 2023-07-28 22:25:50 +02:00
dec150ae98
gpg agent: systemwide -> homemanager 2023-07-28 22:23:43 +02:00
5f7eb0c8a5
tsuki/prometheus: add exporters for hedgedoc and gitea 2023-07-28 22:09:43 +02:00
d74ed2d045
tsuki/grafana: enable oauth2, misc hardening 2023-07-28 22:05:23 +02:00
816a46603a
tsuki/vaultwarden: systemd harden 2023-07-28 22:05:22 +02:00
b5874e2bcd
tsuki/navidrome: init 2023-07-28 22:05:22 +02:00
c2026eefeb
tsuki/nginx: small refactor 2023-07-28 22:05:22 +02:00
e6605b3a73
common/sshd: socket activate 2023-07-28 22:05:21 +02:00
c98a1a0541
tsuki/jupyter: harden security with sops and systemd 2023-07-28 22:00:07 +02:00
4456244f2d
modules: add modules for socket activation 2023-07-28 21:32:13 +02:00
f1e8c87acd
tsuki/configuration.nix: remove a few unused imports 2023-07-12 23:43:23 +02:00
1f5832074b
tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior 2023-07-12 23:42:07 +02:00
6c2bd3f2d5
tsuki/invidious: remove redundant code, add comments 2023-07-12 23:38:41 +02:00
394a932988
tsuki/nginx: misc:
- Move temporary website into its own file
- Collect all http uris into upstreams
- Convert some upstreams to UNIX sockets, as changed in the last few
  commits
2023-07-12 23:36:57 +02:00
24a02d386c
tsuki/hedgedoc: misc:
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
2023-07-12 23:34:23 +02:00
5ea58f1b98
tsuki/gitea: use UNIX socket behind gitea 2023-07-12 23:30:39 +02:00
fd052eea5a
tsuki/grafana: use UNIX socket behind nginx 2023-07-12 23:27:10 +02:00
1f3b5addd3
tsuki/hedgedoc: misc:
- configure oauth2 (this requires a custom module for now,
    will be resolved in 23.11)
- harden systemd service
- add systemd requires list
- use socket postgres uri
2023-07-12 02:30:00 +02:00
5250d40457
grub: remove version, attr for 23.05 2023-07-12 02:06:41 +02:00
cf42debf37
tsuki/invidious: misc:
- bind to 127.0.0.1
- depend on postgresql systemd unit
2023-07-12 02:06:41 +02:00
c8db83b925
tsuki/plex: harden systemd unit 2023-07-12 02:06:41 +02:00
20de3c260f
tsuki/postgres: misc:
- add postgresql backup service
- harden systemd unit
- increase max_connections
2023-07-12 02:06:40 +02:00
82ea6e9f5a
tsuki: add timed nhk easy news scraper 2023-07-12 02:06:40 +02:00
dddc92877c
tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer 2023-07-12 02:06:40 +02:00
68b181fc05
tsuki/matrix/mx-puppet-discord: disable temporarily
This still uses an old version of node that is disabled
in nixpkgs 23.05, disabling for now
2023-07-12 02:06:39 +02:00
98745298c7
tsuki/matrix/mautrix-facebook: disable
Got banned one too many times, disabling for now.
2023-07-12 02:06:39 +02:00
8a42e97014
tsuki/monitoring: misc:
- Secure grafana better, it had secrets in the nix store
- Set up prometheus exporters for nginx and php-fpm
- Add urls for dashboards
- Disable automatic updates
2023-07-12 02:06:39 +02:00
25b6f0f3e9
tsuki/vaultwarden: add vaultwarden, password manager 2023-07-12 02:06:38 +02:00
40e95ce030
tsuki/borg: set up borgbackup 2023-07-12 02:06:37 +02:00
0e3a4c35d2
tsuki/atuin: set up atuin server 2023-07-12 02:06:16 +02:00
fc0e4f6c52
tsuki/nginx/www: real website dead, add temporary website 2023-07-12 02:04:57 +02:00
949f228c97
tsuki/hydra: put all services below system-hydra.slice 2023-07-12 02:04:56 +02:00
7f8d60057d
tsuki/headscale: fix oauth2, and set up tailscale 2023-07-12 02:04:53 +02:00
dc14eaa086
sops: add kasei to sops 2023-05-08 02:50:47 +02:00
3267e5f687
tsuki/headscale: start working on oidc login 2023-05-08 02:36:17 +02:00
cc03b64376
common: use machinevars to determine whether to use x11 2023-05-08 02:36:15 +02:00
58061df4ab
tsuki: set up nextcloud, without enabling it 2023-05-08 02:36:14 +02:00
32885239c3
tsuki/pgadmin: misc
- The pgadmin config has grown, and as a result, it has been split from
    the postgres file.
- Setup OAuth
- Setup uWSGI and forward to nginx via socket
  (This last part is still a little borked, and the service is not
  functioning entirely just yet)
2023-05-08 02:36:13 +02:00
53dbedef2b
tsuki/hedgedoc: small auth url improvement 2023-05-08 02:36:12 +02:00
f8c06f985e
common: update openssh setting API 2023-05-08 02:36:12 +02:00
7cdf122c58
tsuki: set up invidious 2023-05-08 02:36:10 +02:00
df3aa7c10e
tsuki: setup oauth2 for pgadmin
This commit also changes the pgadmin package from `22.11` to `unstable`
2023-03-17 01:28:33 +01:00
5e2a5a939b
tsuki: move gitea postgres password to sops 2023-03-08 15:59:50 +01:00
a82a3f95c0
tsuki: move hardware config to configuration file 2023-03-08 15:26:07 +01:00
7a0fcf7805
tsuki: configure wildcard certs for nginx 2023-03-08 14:54:43 +01:00
ebd854a0ae
gitea: set up oauth2 2023-03-08 14:54:42 +01:00
dd6c99226e
tsuki: set up hedgedoc
the dynmap subdomain was also renamed from "dyn" to "map" in this commit
2023-03-08 14:54:40 +01:00
1d99bbfd46
Set up sops-nix 2023-03-07 23:15:21 +01:00
2ad7b7b2c3
tsuki: remove keycloak 2023-03-07 23:15:20 +01:00
0df70d6c72
tsuki: add well-known autoconfig for thunderbird mail 2023-03-07 23:15:19 +01:00
d5ae85092c
tsuki: set up kanidm 2023-03-07 23:15:18 +01:00
f41fcce8c6
common: add some more nix options 2023-02-26 04:36:21 +01:00
7c3c830d6e
tsuki: add recommended minecraft jvm flags 2023-02-25 21:15:35 +01:00
5b0dd71b4a
tsuki: add some systemd constraints
Add some systemd constraints to some fix boottime service failures
2023-02-25 21:12:38 +01:00
a08f6ce28e
tsuki: add .well-known/matrix/client 2023-02-25 21:10:39 +01:00
1eefc118bf
tsuki: add postgres to environment 2023-02-25 20:01:57 +01:00
7f416ed5b8
common.nix: fix weird headless-var recursion issue 2023-02-25 18:05:57 +01:00
42938295ac
kasei: misc changes
- new screen setup
- new network setup
- don't explicitly enable xserver and lightdm
- add nvidia video drivers to x11
2023-02-25 18:04:55 +01:00
7ee4535963
kasei: enable docker and libvirtd 2023-02-25 18:01:22 +01:00
c215f945e9
kasei: move hardware-configuration to main config 2023-02-25 18:01:06 +01:00
6b037127e2
kasei: add temporary logid service 2023-02-25 18:00:02 +01:00
45497aea2b
tsuki: set up proper grafana infrastructure
- Set up a bunch of exporters
- Download matching dashboard declarations
- Remove influxdb
2023-01-20 19:55:52 +01:00
b772e3eca3
use resolved globally 2023-01-20 19:53:08 +01:00
e840a95ebe
tsuki: use matrix-synapse-next module with workers 2023-01-20 19:52:04 +01:00