| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
I don't use GPG anymore and I don't read mail in Emacs anymore.
|
| |
|
| |
|
|
|
|
|
| |
This is a major refactor, similar to what was done for the hosts, but in
a single commit.
|
|
|
|
| |
This remove ssh on workstations. I also drop mosh since I don't use it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
There's too many moving parts and layers of abstractions, for no
benefits: I only have to manage 3-4 machines.
Going to create profiles, move things there, and stop with the `enable`
pattern.
|
|
|
|
|
|
|
| |
Configure correctly the systemd unit to run restic on aptos.
Be more specific about the paths we want to backup, instead of backing
up '/home' and maintaining a large exclusion list.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.
There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.
There are 2 VLANs to configure: one for IoT devices and one for guest.
|
|
|
|
|
|
|
|
| |
I keep running into issues when using fish: I'm not familiar with the
syntax and I don't use it enough that it sticks. I also need to google
stuff regularly to figure out how things are supposed to work. This is
annoying enough that the supposed benefits of fish are not worth it for
me.
|
|
|
|
| |
This secret is not needed system wide, I only need it to run some tools.
|
|
|
|
|
|
| |
I used the keyring only to start the GPG agent and unlock the ssh keys.
But since I'm storing the ssh keys on yubikeys and I don't use GPG, I
can remove it.
|
|
|
|
|
|
|
| |
This is now using the public keys from various age keys:
- one for my user on the laptop
- one for the root user on the laptop
- one backup key stored on the USB drive
|
|
|
|
| |
It's not running anymore.
|
|
|
|
| |
This is to use the yubikeys correctly
|
| |
|
|
|
|
|
|
| |
This is not working as I thought it would: I was expecting this to only
work with the first login, but any time I log out of my account it logs
in right away again.
|
|
|
|
|
|
|
|
|
|
|
| |
fractal(-next) is a client for matrix. It's GTK4 native and uses rust.
While not much nicer looking than element, it's not an electron app,
which I prefer (electron is slow, and element would freeze/crash from
time to time).
I renamed the module from element to matrix-client, in case I switch to
something else in the future (or if there are additional
configurations).
|
|
|
|
|
|
|
|
|
| |
When the laptop boots, I already have to enter a passphrase to unlock
the disks, I can trust that it's me and can automatically log into the
system.
Enable systemd integration for sway so that the correct session is
started and environment variables are imported properly.
|
|
|
|
|
| |
The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When rebuilding the host (through `nixos-rebuild switch --flake`) I
don't want to rebuild also my home-manager configuration. I want these
to be two different steps.
I rebuild the home-manager configuration more frequently and it's a
waste of time and CPU to rebuild the world every time.
This is a pretty large refactoring:
- move checks back into the flake: if I modify a check, the
configuration for `pre-commits` is not regenerated, as the file with the
checks is not monitored with `direnv` (I could probably configure it for
it, but not now)
- remove `home.nix` from the host level configuration
- introduce a `mkHomeManagerConfiguration` function to manage the
different user@host
- fix a warning with the rust overlay
|
|
|
|
|
|
|
|
| |
Installing the rust overlay to get the various tools installed. This is
done by a new module for home-manager, and is installed only on my
laptop at the moment.
Change-Id: I80c1633ca04da82f4321a0687a05d1df7c523702
|
|
|
|
|
|
|
| |
Change-Id: Ie87672629ff23eeb93f5308898014cc737490b7c
Reviewed-on: https://cl.fcuny.net/c/world/+/708
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The pre-commit hook for new lines reported and correct a number of
issues, so let's commit them now and after that we ca enable the hook
for the repository.
Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740
Reviewed-on: https://cl.fcuny.net/c/world/+/592
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7
Reviewed-on: https://cl.fcuny.net/c/world/+/457
Reviewed-by: Franck Cuny <franck@fcuny.net>
Tested-by: CI
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm considering trying again fish, and there are a number of things that
should be common between zsh and fish (aliases, environment variables,
...).
Instead of duplicating these settings multiple time, I'm consolidating
the shell configurations under `home/shell`, and I can set the shell I
want to use with `my.home.shell.name`.
The first step is to move the modules for fish and zsh under
`home/shell`, add an interface to pick which one I want to use, and
modify the `host/home.nix` configuration to keep using zsh with the new
interface.
Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf
Reviewed-on: https://cl.fcuny.net/c/world/+/455
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All the modules that are setup by the profiles are now managed at the
host level. This simplify some configuration, and will make it easier to
adjust things at the host instead of trying to squeeze everything into
profiles.
This will also help the refactoring later, when I'll split nixos and
home-manager configuration.
Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5
Reviewed-on: https://cl.fcuny.net/c/world/+/297
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
| |
All the configuration is done at the host level.
Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693
Reviewed-on: https://cl.fcuny.net/c/world/+/296
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff
Reviewed-on: https://cl.fcuny.net/c/world/+/295
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0
Reviewed-on: https://cl.fcuny.net/c/world/+/294
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
Remove the trusted profiles, the modules are installed directly within
the host configuration.
Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078
Reviewed-on: https://cl.fcuny.net/c/world/+/293
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
Consume the modules related to multimedia applications at the host
level, instead of having a level of indirection with a profile.
Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002
Reviewed-on: https://cl.fcuny.net/c/world/+/292
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Ibb55ee455423c101fb6d3e62a2e9e4593682cf16
Reviewed-on: https://cl.fcuny.net/c/world/+/291
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
As for the bluetooth configuration, we don't need that level of
indirection. The laptop can consume these services directly, and we can
drop the profile for laptop.
Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e
Reviewed-on: https://cl.fcuny.net/c/world/+/290
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
I don't need a profile for this, the module can be consumed directly
from the host's hardware configuration. It removes one level of
indirection and helps us toward the goal of completely removing all the
profiles.
Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114
Reviewed-on: https://cl.fcuny.net/c/world/+/289
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`zsh' is available everywhere and is compatible with bash. When using
`fish' I need to remember how to do things. While the completion style
is nicer, I don't care about the rest. I prefer to have a consistent
experience in the shell, no matter where am I.
This is an initial configuration, I might need to make a few changes as
I go.
|
| |
|
|
|
|
|
| |
This is the configuration needed to interact with GCP from this
repository. We only want it on aptos for now.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.
I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).
For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
|
| |
|
|
|
|
| |
Add the cert and key for aptos.
|
|
|
|
|
|
| |
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
|
| |
|
| |
|
| |
|
|
|
|
| |
aptos is now using the new home-manager setup.
|
|
|
|
|
|
|
|
|
| |
We don't need the previous `hosts/common/system` configs anymore, as
everything has been moved out.
We keep some boot configuration for carmel in the host configuration for
now, but I need to check why I don't have similar settings for
tahoe (since I also need to unlock the host remotely).
|
| |
|
| |
|
| |
|
|
|
|
| |
Move the networking configuration for the hosts to its own file.
|
|
|
|
|
|
|
|
|
|
| |
This is the start of yet another refactoring of the configuration.
Sound configuration is moving to a module, and we enable it as needed at
the host level. It takes care of configuring pipewire and install the
packages needed too.
This module is applied to the laptop and the desktop.
|
| |
|
| |
|
| |
|
|
|
|
| |
This is done in the module itself.
|
| |
|
|
|
|
|
|
| |
The key was created under /run/agenix, which is wiped out after a
reboot. The key being absent prevents the wireguard interface to come
up. Store the key somewhere persistent to prevent this to happen.
|
|
|
|
|
|
|
|
|
| |
Add a new module to automatically configure the peers for wireguard. The
module needs a configuration file (in `configs/wireguard.toml`) which
lists all the peers, their IP and and their public keys. The secret keys
is encrypted as a secret with agenix.
There's some initial documentation on how to use this setup.
|
|
|
|
|
|
|
| |
Replace wpa_supplicant with iwd (I prefer that daemon and the associated
tool, iwctl).
Enable thermald for managing power.
|
|
aptos is my laptop (dell xps 13'). This adds the initial configuration
for it.
|