about summary refs log tree commit diff
path: root/hosts/aptos (follow)
Commit message (Collapse)AuthorAgeFilesLines
* profiles/workstation: reduce the number of moving partsFranck Cuny2023-05-011-13/+8
| | | | | | | | There's too many moving parts and layers of abstractions, for no benefits: I only have to manage 3-4 machines. Going to create profiles, move things there, and stop with the `enable` pattern.
* hosts/aptos: configure backups properlyFranck Cuny2023-04-291-8/+16
| | | | | | | Configure correctly the systemd unit to run restic on aptos. Be more specific about the paths we want to backup, instead of backing up '/home' and maintaining a large exclusion list.
* hosts/aptos: do backups over sftp with a dedicated ssh keyFranck Cuny2023-04-233-1/+10
|
* hosts/carmel: reconfigure the host as a routerFranck Cuny2023-04-031-0/+3
| | | | | | | | | | | | I'm not using it as a desktop, and the current router is getting old and will likely fail in the near future. It's also a debian machine configured manually, so let's reconfigure carmel as our new router. There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb will be used as the upstream interface, and one of the 10Gb will be for the LAN. There are 2 VLANs to configure: one for IoT devices and one for guest.
* home/shell: switch the default shell back to zshFranck Cuny2023-03-111-1/+1
| | | | | | | | I keep running into issues when using fish: I'm not familiar with the syntax and I don't use it enough that it sticks. I also need to google stuff regularly to figure out how things are supposed to work. This is annoying enough that the supposed benefits of fish are not worth it for me.
* secrets: move aptos' gcloud secrets to homeageFranck Cuny2023-03-112-5/+0
| | | | This secret is not needed system wide, I only need it to run some tools.
* home/gnome: no more keyringFranck Cuny2023-03-101-1/+0
| | | | | | I used the keyring only to start the GPG agent and unlock the ssh keys. But since I'm storing the ssh keys on yubikeys and I don't use GPG, I can remove it.
* hosts/aptos: re-key all the secrets with age identitiesFranck Cuny2023-03-106-18/+19
| | | | | | | This is now using the public keys from various age keys: - one for my user on the laptop - one for the root user on the laptop - one backup key stored on the USB drive
* ref(home/drone): remove droneFranck Cuny2023-03-021-1/+0
| | | | It's not running anymore.
* feat(modules/pcscd): install the pcscd daemonFranck Cuny2023-02-201-0/+3
| | | | This is to use the yubikeys correctly
* feat(home/age): install tooling related to age and yubikeysFranck Cuny2023-02-201-0/+2
|
* ref(aptos/services): don't use autologinFranck Cuny2023-01-221-1/+0
| | | | | | This is not working as I thought it would: I was expecting this to only work with the first login, but any time I log out of my account it logs in right away again.
* ref(home/matrix): replace element by fractalFranck Cuny2023-01-151-1/+1
| | | | | | | | | | | fractal(-next) is a client for matrix. It's GTK4 native and uses rust. While not much nicer looking than element, it's not an electron app, which I prefer (electron is slow, and element would freeze/crash from time to time). I renamed the module from element to matrix-client, in case I switch to something else in the future (or if there are additional configurations).
* ref(home/sway): auto login and enable systemd integrationFranck Cuny2023-01-151-0/+1
| | | | | | | | | When the laptop boots, I already have to enter a passphrase to unlock the disks, I can trust that it's me and can automatically log into the system. Enable systemd integration for sway so that the correct session is started and environment variables are imported properly.
* fix(services/drone): enable droneFranck Cuny2022-11-061-0/+1
| | | | | The URL for drone changed to https://ci.fcuny.net. The secrets also changed (and we remove the unencrypted file with secrets).
* fix(hosts): the WM manager needs to be in home.nixFranck Cuny2022-09-232-3/+4
|
* ref(home-manager): don't use home-manager when building the hostFranck Cuny2022-09-221-8/+1
| | | | | | | | | | | | | | | | | | | When rebuilding the host (through `nixos-rebuild switch --flake`) I don't want to rebuild also my home-manager configuration. I want these to be two different steps. I rebuild the home-manager configuration more frequently and it's a waste of time and CPU to rebuild the world every time. This is a pretty large refactoring: - move checks back into the flake: if I modify a check, the configuration for `pre-commits` is not regenerated, as the file with the checks is not monitored with `direnv` (I could probably configure it for it, but not now) - remove `home.nix` from the host level configuration - introduce a `mkHomeManagerConfiguration` function to manage the different user@host - fix a warning with the rust overlay
* feat(rust): add an overlay to install rustFranck Cuny2022-08-221-0/+1
| | | | | | | | Installing the rust overlay to get the various tools installed. This is done by a new module for home-manager, and is installed only on my laptop at the moment. Change-Id: I80c1633ca04da82f4321a0687a05d1df7c523702
* feat(home/terraform): install terraform when neededFranck Cuny2022-08-081-0/+1
| | | | | | | Change-Id: Ie87672629ff23eeb93f5308898014cc737490b7c Reviewed-on: https://cl.fcuny.net/c/world/+/708 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(new-lines): add or remove new lines where neededFranck Cuny2022-07-021-1/+0
| | | | | | | | | | | The pre-commit hook for new lines reported and correct a number of issues, so let's commit them now and after that we ca enable the hook for the repository. Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740 Reviewed-on: https://cl.fcuny.net/c/world/+/592 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home/shell): switch default shell to fishFranck Cuny2022-06-201-1/+1
| | | | | | | Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7 Reviewed-on: https://cl.fcuny.net/c/world/+/457 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* ref(home/shell): make it easier to share common things between shellsFranck Cuny2022-06-201-1/+1
| | | | | | | | | | | | | | | | | | | | I'm considering trying again fish, and there are a number of things that should be common between zsh and fish (aliases, environment variables, ...). Instead of duplicating these settings multiple time, I'm consolidating the shell configurations under `home/shell`, and I can set the shell I want to use with `my.home.shell.name`. The first step is to move the modules for fish and zsh under `home/shell`, add an interface to pick which one I want to use, and modify the `host/home.nix` configuration to keep using zsh with the new interface. Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf Reviewed-on: https://cl.fcuny.net/c/world/+/455 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-103-3/+6
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(profiles): get rid of all the profilesFranck Cuny2022-06-093-5/+13
| | | | | | | | | | | | | | All the modules that are setup by the profiles are now managed at the host level. This simplify some configuration, and will make it easier to adjust things at the host instead of trying to squeeze everything into profiles. This will also help the refactoring later, when I'll split nixos and home-manager configuration. Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5 Reviewed-on: https://cl.fcuny.net/c/world/+/297 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(GTK): remove the profile for GTKFranck Cuny2022-06-092-0/+4
| | | | | | | | All the configuration is done at the host level. Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693 Reviewed-on: https://cl.fcuny.net/c/world/+/296 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home): structure and add commentsFranck Cuny2022-06-091-17/+32
| | | | | | Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff Reviewed-on: https://cl.fcuny.net/c/world/+/295 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(desktop): move all the modules for home-manager to host levelFranck Cuny2022-06-091-0/+9
| | | | | | Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0 Reviewed-on: https://cl.fcuny.net/c/world/+/294 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(trusted): consume modules within host's configurationFranck Cuny2022-06-093-4/+13
| | | | | | | | | Remove the trusted profiles, the modules are installed directly within the host configuration. Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078 Reviewed-on: https://cl.fcuny.net/c/world/+/293 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(multimedia): move multimedia modules to hostsFranck Cuny2022-06-092-1/+3
| | | | | | | | | Consume the modules related to multimedia applications at the host level, instead of having a level of indirection with a profile. Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002 Reviewed-on: https://cl.fcuny.net/c/world/+/292 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(sane): move sane's configuration to correct placeFranck Cuny2022-06-092-3/+3
| | | | | | Change-Id: Ibb55ee455423c101fb6d3e62a2e9e4593682cf16 Reviewed-on: https://cl.fcuny.net/c/world/+/291 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(laptop): move services related to laptop to host's configurationFranck Cuny2022-06-092-2/+6
| | | | | | | | | | As for the bluetooth configuration, we don't need that level of indirection. The laptop can consume these services directly, and we can drop the profile for laptop. Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e Reviewed-on: https://cl.fcuny.net/c/world/+/290 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(bluetooth): remove the profileFranck Cuny2022-06-092-1/+2
| | | | | | | | | | | I don't need a profile for this, the module can be consumed directly from the host's hardware configuration. It removes one level of indirection and helps us toward the goal of completely removing all the profiles. Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114 Reviewed-on: https://cl.fcuny.net/c/world/+/289 Reviewed-by: Franck Cuny <franck@fcuny.net>
* bluetooh: enable on aptosFranck Cuny2022-05-161-0/+1
|
* zsh: switch to zsh as the default shellFranck Cuny2022-05-151-1/+1
| | | | | | | | | | `zsh' is available everywhere and is compatible with bash. When using `fish' I need to remember how to do things. While the completion style is nicer, I don't care about the rest. I prefer to have a consistent experience in the shell, no matter where am I. This is an initial configuration, I might need to make a few changes as I go.
* aptos: enable bluetoothFranck Cuny2022-05-121-0/+1
|
* secrets: add a new secrets for gcloud (aptos only)Franck Cuny2022-05-072-0/+5
| | | | | This is the configuration needed to interact with GCP from this repository. We only want it on aptos for now.
* backups: do backups for the laptopFranck Cuny2022-04-244-0/+34
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* scanner: install tools on the laptopFranck Cuny2022-04-241-0/+4
|
* syncthing: enable on trusted machinesFranck Cuny2022-04-214-2/+16
| | | | Add the cert and key for aptos.
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-132-0/+4
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* small fixesFranck Cuny2022-04-091-1/+1
|
* add a few more modules to home/ and delete stuffFranck Cuny2022-04-092-0/+3
|
* hosts: rename hardware-configuration to hardwareFranck Cuny2022-04-082-1/+1
|
* aptos: consume the new profilesFranck Cuny2022-04-083-3/+21
| | | | aptos is now using the new home-manager setup.
* refactor boot configuration to a moduleFranck Cuny2022-04-061-2/+0
| | | | | | | | | We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
* refactor intel related configurationFranck Cuny2022-04-052-28/+26
|
* refactor network configurationFranck Cuny2022-04-051-3/+19
|
* create a profile for laptopFranck Cuny2022-04-051-1/+1
|
* network: move tailscale in modulesFranck Cuny2022-04-052-20/+23
| | | | Move the networking configuration for the hosts to its own file.
* sound: add a new moduleFranck Cuny2022-04-052-0/+2
| | | | | | | | | | This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop.
* containers: enable dockerd and containerd on aptosFranck Cuny2022-03-121-0/+11
|
* tailscale: add tailscale to the laptop (aptos)Franck Cuny2022-03-051-0/+1
|
* aptos: nixfmtFranck Cuny2022-03-041-17/+10
|
* wireguard: drop configuration for aptosFranck Cuny2022-03-021-7/+0
| | | | This is done in the module itself.
* aptos: use the hardware module for xps9300Franck Cuny2022-02-272-1/+1
|
* agenix: store wireguard key in persistent storageFranck Cuny2022-02-241-0/+7
| | | | | | The key was created under /run/agenix, which is wiped out after a reboot. The key being absent prevents the wireguard interface to come up. Store the key somewhere persistent to prevent this to happen.
* wireguard: module and peers configurationsFranck Cuny2022-02-211-0/+1
| | | | | | | | | Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
* aptos: switch to iwd and enable thermaldFranck Cuny2022-02-211-3/+5
| | | | | | | Replace wpa_supplicant with iwd (I prefer that daemon and the associated tool, iwctl). Enable thermald for managing power.
* hosts: add aptosFranck Cuny2022-02-212-0/+91
aptos is my laptop (dell xps 13'). This adds the initial configuration for it.