| Commit message (Collapse) | Author | Files | Lines |
|
|
|
It's now managed in https://git.fcuny.net/monitoring/
|
|
Bind to the wireguard interface, and use the port 8067 (67 is the port
used for DHCP requests).
|
|
The option `dhcp-script` can be used to run a script every time a new
lease is added or deleted. We configure this option to run the script
that generates a static HTML file with the leases.
|
|
Parse the file that contains all the leases assigned by dnsmasq, and
create a static HTML page from it. This can be served by nginx to make
it easy to see what IP is assigned to a machine, and which machines are
currently on the network.
|
|
|
|
|
|
|
|
|
|
|
|
This is managed in the tailscale module.
|
|
|
|
|
|
|
|
|
|
I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.
There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.
There are 2 VLANs to configure: one for IoT devices and one for guest.
|
|
|
|
|
|
I only need to run sway and the ssh-agent on a workstation (desktop or
laptop). Start these two processes when the window manager starts.
|
|
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.
Enable the service on tahoe.
Don't restart the unit when its definition has changed.
|
|
|
|
|
|
|
|
|
|
fractal requires the gnome key chain but I got rid of it.
|
|
- source code pro for monospace
- dejavu sans for sans serif
- dejavu serif for serif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- add a comment for each ssh-key that is not stored on a yubikey
- simplify the git commit template
- remove some extra config that I don't need
|
|
I completely replaced the usage of `pass' with `passage'. There's no
need to keep a mapping file at this point, since my interaction with the
git server is through ssh.
|
|
|
|
|
|
This is a useful tool to know when I'm supposed to touch my
yubikey (sometimes I forget that some actions require that).
Also configure a systemd unit to run it, and configure it to send a
notification to the desktop (at the moment this is consumed by mako).
|
|
Turns out I don't need this one!
|
|
The code has moved to https://git.fcuny.net/dns-updater/
|
|
I do not need an agent anymore, since I don't need to decrypt anything
in GPG at this point!
|
|
|
|
We need to start the ssh agent (if needed) before we start sway.
|
|
Reports the number of systemd units (user and systems) that are in
failed state.
|
|
I keep running into issues when using fish: I'm not familiar with the
syntax and I don't use it enough that it sticks. I also need to google
stuff regularly to figure out how things are supposed to work. This is
annoying enough that the supposed benefits of fish are not worth it for
me.
|
|
This secret is not needed system wide, I only need it to run some tools.
|
|
Instead of using agenix for all the secrets, I can use homeage for
secrets that are related to my user sessions.
Secrets by default will be store under `~/.secrets'. They are encrypted
using `age' and to decrypt them, a key is expected to be located under
`~/.age/key.txt'.
The last place where I was using `pass' (and so GPG too) was for the
secrets for `mbsync': this change adds a secret for fastmail to the
repository and update `mbsync' configuration to use it.
|
|
I used the keyring only to start the GPG agent and unlock the ssh keys.
But since I'm storing the ssh keys on yubikeys and I don't use GPG, I
can remove it.
|
|
I need to be explicit about the path to the identity file.
Since I'm switching from pass to passage, I also want to disable the
automatic synchronization of the repository, and I don't need to have a
wrapper for git to push the secrets (I push through ssh now instead of
HTTPS).
|
|
Delete gnome's keyring documentation, I will not be using it anymore, so
no need to keep this around.
Add documentation about how to manage secrets, and clean up wireguard's
documentation.
|
|
|
|
This is using the public keys from:
- my user on my laptop
- the root user on tahoe
- the backup key stored on the USB drive
|
|
This is now using the public keys from various age keys:
- one for my user on the laptop
- one for the root user on the laptop
- one backup key stored on the USB drive
|
|
I'll re-key all my secrets with age keys instead of using ssh keys. This
change is to specify the path for the identities when agenix decrypts
the secrets.
|
|
|
|
See https://github.com/nix-community/home-manager/pull/3265
|
|
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/5f66c8aa774d8d488cba1cdc4f0c954d2a14e3a1' (2023-02-20)
→ 'github:ryantm/agenix/1abf0ade92bdf9dbcaa5155bb39e3ae19cb98aaa' (2023-03-04)
• Updated input 'emacs-overlay':
'github:nix-community/emacs-overlay/d7eeebd439b52b77958eb3d8043f3262701ddee2' (2023-02-20)
→ 'github:nix-community/emacs-overlay/2efd7c8d60ce0750097bbd327ec083e3ce545b31' (2023-03-04)
• Removed input 'gh-ssh-keys'
• Removed input 'gh-ssh-keys/crane'
• Removed input 'gh-ssh-keys/crane/flake-compat'
• Removed input 'gh-ssh-keys/crane/flake-utils'
• Removed input 'gh-ssh-keys/crane/nixpkgs'
• Removed input 'gh-ssh-keys/crane/rust-overlay'
• Removed input 'gh-ssh-keys/crane/rust-overlay/flake-utils'
• Removed input 'gh-ssh-keys/crane/rust-overlay/nixpkgs'
• Removed input 'gh-ssh-keys/flake-utils'
• Removed input 'gh-ssh-keys/nixpkgs'
• Removed input 'gh-ssh-keys/pre-commit-hooks'
• Removed input 'gh-ssh-keys/pre-commit-hooks/flake-utils'
• Removed input 'gh-ssh-keys/pre-commit-hooks/nixpkgs'
• Removed input 'gh-ssh-keys/rust-overlay'
• Removed input 'gh-ssh-keys/rust-overlay/flake-utils'
• Removed input 'gh-ssh-keys/rust-overlay/nixpkgs'
• Updated input 'home-manager':
'github:nix-community/home-manager/72ce74d3eae78a6b31538ea7ebe0c1fcf4a10f7a' (2023-02-20)
→ 'github:nix-community/home-manager/b9e3a29864798d55ec1d6579ab97876bb1ee9664' (2023-03-02)
• Removed input 'masked-emails'
• Removed input 'masked-emails/crane'
• Removed input 'masked-emails/crane/flake-compat'
• Removed input 'masked-emails/crane/flake-utils'
• Removed input 'masked-emails/crane/nixpkgs'
• Removed input 'masked-emails/crane/rust-overlay'
• Removed input 'masked-emails/crane/rust-overlay/flake-utils'
• Removed input 'masked-emails/crane/rust-overlay/nixpkgs'
• Removed input 'masked-emails/flake-utils'
• Removed input 'masked-emails/nixpkgs'
• Removed input 'masked-emails/pre-commit-hooks'
• Removed input 'masked-emails/pre-commit-hooks/flake-compat'
• Removed input 'masked-emails/pre-commit-hooks/flake-utils'
• Removed input 'masked-emails/pre-commit-hooks/gitignore'
• Removed input 'masked-emails/pre-commit-hooks/gitignore/nixpkgs'
• Removed input 'masked-emails/pre-commit-hooks/nixpkgs'
• Removed input 'masked-emails/pre-commit-hooks/nixpkgs-stable'
• Removed input 'masked-emails/rust-overlay'
• Removed input 'masked-emails/rust-overlay/flake-utils'
• Removed input 'masked-emails/rust-overlay/nixpkgs'
• Updated input 'naersk/nixpkgs':
'github:NixOS/nixpkgs/a1291d0d020a200c7ce3c48e96090bfa4890a475' (2023-02-19)
→ 'github:NixOS/nixpkgs/f5ffd5787786dde3a8bf648c7a1b5f78c4e01abb' (2023-03-03)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/0cf4274b5d06325bd16dbf879a30981bc283e58a' (2023-02-19)
→ 'github:NixOS/nixpkgs/96e18717904dfedcd884541e5a92bf9ff632cf39' (2023-03-02)
• Updated input 'nur':
'github:nix-community/NUR/3c39aebcd09c9d6c257140e07f3d2beac4a83043' (2023-02-20)
→ 'github:nix-community/NUR/2860ab344d033a877e6a03f1c33cb4b7b5e05ddf' (2023-03-04)
• Updated input 'pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/c9495f017f67a11e9c9909b032dc7762dfc853cf' (2023-02-20)
→ 'github:cachix/pre-commit-hooks.nix/382bee738397ca005206eefa36922cc10df8a21c' (2023-03-03)
• Updated input 'rust':
'github:oxalica/rust-overlay/98f11700e398cf2ae6da905df56badc17e265021' (2023-02-20)
→ 'github:oxalica/rust-overlay/c25d3e1951863ac0061d47a3fabf9aa7c91db5e5' (2023-03-04)
• Removed input 'sendsms'
• Removed input 'sendsms/crane'
• Removed input 'sendsms/crane/flake-compat'
• Removed input 'sendsms/crane/flake-utils'
• Removed input 'sendsms/crane/nixpkgs'
• Removed input 'sendsms/crane/rust-overlay'
• Removed input 'sendsms/crane/rust-overlay/flake-utils'
• Removed input 'sendsms/crane/rust-overlay/nixpkgs'
• Removed input 'sendsms/flake-utils'
• Removed input 'sendsms/nixpkgs'
• Removed input 'sendsms/pre-commit-hooks'
• Removed input 'sendsms/pre-commit-hooks/flake-utils'
• Removed input 'sendsms/pre-commit-hooks/nixpkgs'
• Removed input 'sendsms/rust-overlay'
• Removed input 'sendsms/rust-overlay/flake-utils'
• Removed input 'sendsms/rust-overlay/nixpkgs'
• Removed input 'x509-tools'
• Removed input 'x509-tools/crane'
• Removed input 'x509-tools/crane/flake-compat'
• Removed input 'x509-tools/crane/flake-utils'
• Removed input 'x509-tools/crane/nixpkgs'
• Removed input 'x509-tools/crane/rust-overlay'
• Removed input 'x509-tools/crane/rust-overlay/flake-utils'
• Removed input 'x509-tools/crane/rust-overlay/nixpkgs'
• Removed input 'x509-tools/flake-utils'
• Removed input 'x509-tools/nixpkgs'
• Removed input 'x509-tools/pre-commit-hooks'
• Removed input 'x509-tools/pre-commit-hooks/flake-utils'
• Removed input 'x509-tools/pre-commit-hooks/nixpkgs'
• Removed input 'x509-tools/rust-overlay'
• Removed input 'x509-tools/rust-overlay/flake-utils'
• Removed input 'x509-tools/rust-overlay/nixpkgs'
|
|
I'm rewriting them in go and they are not ready to be used yet.
|
|
|
|
|
|
It's not working as I want, let's fix it first then we |