about summary refs log tree commit diff
path: root/hosts/common (follow)
Commit message (Collapse)AuthorAgeFilesLines
* refactor users to a moduleFranck Cuny2022-04-052-33/+1
|
* refactor default packages to a moduleFranck Cuny2022-04-052-58/+2
|
* move locale configuration to a moduleFranck Cuny2022-04-052-13/+0
|
* console configuration is moved to a moduleFranck Cuny2022-04-051-5/+0
|
* network: move tailscale in modulesFranck Cuny2022-04-051-6/+0
| | | | Move the networking configuration for the hosts to its own file.
* ssh: refactor to a moduleFranck Cuny2022-04-052-7/+0
| | | | Also install mosh and ensure the firewall opens the correct ports.
* nix: refactor to a moduleFranck Cuny2022-04-052-19/+0
|
* sound: add a new moduleFranck Cuny2022-04-052-29/+2
| | | | | | | | | | This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop.
* dashboard: remove ping metricsFranck Cuny2022-04-041-96/+3
| | | | We're using the ones from the prober
* prometheus: fix configurationFranck Cuny2022-04-041-3/+1
|
* prometheus: we need to specify the IP protocolFranck Cuny2022-04-041-1/+5
| | | | | | | | If we don't, by default we try over ipv6, and this is not going to work well for us (yet): ``` ts=2022-04-05T01:39:13.830414184Z caller=main.go:130 module=https_2xx target=https://notes.fcuny.net level=error msg="Error for HTTP request" err="Get \"https://[2a09:8280:1::a:2aed]\": dial tcp [2a09:8280:1::a:2aed]:443: connect: network is unreachable" ```
* prometheus: I'll get this right this timeFranck Cuny2022-04-041-5/+3
|
* prometheus: set the scheme for the URLsFranck Cuny2022-04-041-5/+5
|
* prometheus: add scraper for HTTPFranck Cuny2022-04-041-0/+28
|
* prometheus: configure correctly the blackboxFranck Cuny2022-04-041-10/+23
|
* prometheus: attempt to configure blackbox exporterFranck Cuny2022-04-041-0/+34
|
* dashboard: more update for traefikFranck Cuny2022-04-041-452/+1478
|
* dashboards: more updates for traefikFranck Cuny2022-04-041-1/+2
|
* grafana: try to configure the data sourceFranck Cuny2022-04-041-9/+28
|
* grafana: add dashboard for traefikFranck Cuny2022-04-041-0/+783
|
* grafana: show last 6 hours for node exporterFranck Cuny2022-04-031-2/+2
|
* users: ensure I'm in the docker groupFranck Cuny2022-04-031-1/+1
|
* Revert "create a new role for navidrome"Franck Cuny2022-04-031-0/+24
| | | | This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
* create a new role for navidromeFranck Cuny2022-04-031-24/+0
| | | | Apply the role to tahoe.
* nas: backup navidrome data and add music subdomainFranck Cuny2022-03-282-0/+14
|
* nas: bind navidrome to all interfacesFranck Cuny2022-03-281-1/+4
|
* nas: initial setup for navidromeFranck Cuny2022-03-281-0/+8
|
* prometheus: stop scraping the NASFranck Cuny2022-03-261-4/+2
| | | | we're shutting it down!
* common: ensure zsh is installedFranck Cuny2022-03-251-0/+1
|
* gitea: remove invalid configurationFranck Cuny2022-03-251-1/+0
|
* shell: switch from zsh to fishFranck Cuny2022-03-252-3/+3
| | | | why not ?
* rclone: correct path for the backupsFranck Cuny2022-03-151-2/+2
|
* rclone: fix the pathFranck Cuny2022-03-141-1/+1
|
* prometheus: scrape gitea metricsFranck Cuny2022-03-131-0/+6
|
* gitea: enable metrics endpointFranck Cuny2022-03-131-0/+1
|
* rclone: rewrite the service unitFranck Cuny2022-03-131-5/+6
|
* default: install ethtool everywhereFranck Cuny2022-03-121-0/+1
|
* prometheus: collect more stuffFranck Cuny2022-03-121-1/+1
|
* hosts: add profilesFranck Cuny2022-03-122-41/+0
| | | | Profiles contain a collection of modules.
* users: add another ssh keyFranck Cuny2022-03-121-2/+8
|
* rclone: add users backupFranck Cuny2022-03-111-11/+12
|
* nas: enable rclone configurationFranck Cuny2022-03-111-0/+1
|
* prometheus: scrap more endpointsFranck Cuny2022-03-111-0/+30
|
* rclone: synchronize restic repo to GCSFranck Cuny2022-03-111-0/+29
| | | | | | Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day.
* traefik: typoFranck Cuny2022-03-091-1/+1
|
* traefik: make the rules as specific as possibleFranck Cuny2022-03-091-2/+4
| | | | Otherwise, `git` will conflict, since it exists on both domains.
* traefik: typoFranck Cuny2022-03-091-5/+5
|
* gitea: typoFranck Cuny2022-03-091-1/+1
|
* traefik: handle fcuny.net and fcuny.xyzFranck Cuny2022-03-091-7/+15
| | | | | | | | | | | | | fcuny.net is for public facing domains, while fcuny.xyz are for domains on the tailscale network. I need to support configuration in traefik for both. The main difference, for traefik, is the domain name and which let's encrypt challenge to use (DNS for TS, HTTP for public). Refactor the function `mkServiceConfig` to accept the domain and LE challenge as argument, and add new entries for git.fcuny.net and git.fcuny.xyz.
* gitea: do a backup with resticFranck Cuny2022-03-091-0/+12
|
* gitea: we need to specify the user for the DBFranck Cuny2022-03-091-1/+4
|
* system: install sqliteFranck Cuny2022-03-091-3/+3
| | | | It's always useful to have it around.
* gitea: initial configurationFranck Cuny2022-03-082-0/+28
|
* nas: backup photos and musicFranck Cuny2022-03-081-0/+12
| | | | | | | Instead of rsync-ing these folders to a GCS bucket, I should instead do a backup. If I screw up something, the content will be sync-ed, and I won't be able to restore it. It's better (maybe more expensive, but that's OK) to keep snapshots and be able to restore.
* backups: spread them so they don't clashFranck Cuny2022-03-073-0/+3
| | | | | If they start running at the same time, they won't be able to succeed since there's a global lock on the repository.
* grafana: backup the data directoryFranck Cuny2022-03-071-0/+14
|
* prometheus: backup the data directoryFranck Cuny2022-03-071-0/+14
|
* unifi: backup the data to the local reoFranck Cuny2022-03-071-0/+14
|
* prometheus: scrap unifi poller on the correct IPFranck Cuny2022-03-061-1/+1
|
* prometheus: scrape from unifi-pollerFranck Cuny2022-03-061-31/+40
|
* unifi: set the correct name for the poller's unitFranck Cuny2022-03-061-2/+2
|
* traefik: proper configuration for unifiFranck Cuny2022-03-061-0/+14
|
* unifi: configure the pollerFranck Cuny2022-03-061-5/+18
|
* unifi: add unifi on the NASFranck Cuny2022-03-062-0/+54
|
* transmission: disable the rpc allowlistFranck Cuny2022-03-061-2/+1
| | | | This is not working as I think, will follow up later.
* traefik: add transmission (bt.fcuny.xyz)Franck Cuny2022-03-061-2/+4
|
* nas: install transmissionFranck Cuny2022-03-062-0/+36
| | | | | Create a user and group 'nas' so we can run tranmission in it. This will also help us to enable some specific permissions on some directories.
* grafana: rename the instance for the routerFranck Cuny2022-03-061-16/+16
|
* grafana: add a few more dashboardsFranck Cuny2022-03-063-0/+10539
|
* traefik: getting a working configurationFranck Cuny2022-03-061-22/+21
|
* traefik: second attempt, simpleFranck Cuny2022-03-062-52/+35
|
* traefik: initial configurationFranck Cuny2022-03-062-0/+87
| | | | | | | | | I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age.
* backups: unit to run maintenance on my backupsFranck Cuny2022-03-052-0/+26
| | | | | This will be run via a timer once a day, to perform maintenance on my backups on the nas.
* prometheus: scrape nodeexporter for the rtrFranck Cuny2022-03-051-15/+24
|
* samba: fix path for music, add videosFranck Cuny2022-03-051-1/+7
|
* aptos: remove mem_sleep_defaultFranck Cuny2022-03-051-1/+0
| | | | The laptop was rebooting when I'd open the lid.
* tailscale: add tailscale to the laptop (aptos)Franck Cuny2022-03-051-0/+6
|
* grafana: disable analytics correctlyFranck Cuny2022-03-021-1/+2
|
* prometheus: relabel some machinesFranck Cuny2022-03-021-12/+20
| | | | | Don't use the IP from wireguard as the name of the host, let's map to the actual hostname.
* users: remove rsa keyFranck Cuny2022-03-021-1/+0
|
* grafana: disable analyticsFranck Cuny2022-03-021-0/+1
|
* grafana: provision dashboardsFranck Cuny2022-02-282-0/+14120
| | | | Start with node-exporter-full dashboard.
* grafana: setup provisioning correctlyFranck Cuny2022-02-281-6/+9
|
* grafana: fixFranck Cuny2022-02-281-1/+1
|
* grafana: configure admin user and data sourcesFranck Cuny2022-02-281-1/+9
|
* grafana: initial configurationFranck Cuny2022-02-282-0/+10
|
* prometheus: initial configuration for the serverFranck Cuny2022-02-282-0/+30
| | | | | | | Run prometheus via systemd, and configure to pull node-exporter's metrics from two hosts. The retention is set for 3 years.
* users: change my ssh key for the laptopFranck Cuny2022-02-271-1/+2
|
* hosts: ensure we have bash and zshFranck Cuny2022-02-271-0/+3
|
* nas: consume everything from the server profileFranck Cuny2022-02-271-0/+1
|
* server: create a new profileFranck Cuny2022-02-272-0/+19
| | | | | This is a profile for servers related stuff. We start with monitoring for now.
* samba: fix configurationFranck Cuny2022-02-271-3/+3
| | | | | Some settings were missing, others incorrect, and the name of the share was also incorrect.
* NAS: initial configurationFranck Cuny2022-02-272-0/+34
| | | | For now we only want samba on it.
* hardware: enable btrfs scrubber and fstrimmerFranck Cuny2022-02-271-0/+3
|
* software: drop nautilus, add a few more thingsFranck Cuny2022-02-271-4/+0
| | | | | | | | | Replace nautilus with pcmanfm, which is more than enough for my needs (I still can't open correctly images / PDF with nautilus, I don't care why). Add a few more packages (seahorse, easyeffects) to improve usability of the desktop.
* pam: drop GDM configurationFranck Cuny2022-02-271-2/+0
| | | | I don't use GDM anymore.
* hardware: start capturing hardware related stuffFranck Cuny2022-02-272-0/+10
| | | | | Create a new module for hardware related things, in order to configure correctly the various machines.
* gnome: add more gnome settingsFranck Cuny2022-02-241-1/+14
| | | | | | | Without these settings a few things are not working correctly (nautilus can't browse ssh servers for example). This module needs to be renamed too.
* xserver: drop it completelyFranck Cuny2022-02-241-14/+0
| | | | | | | | | | | | | Let's remove this, I was only using it to get GDM running, but that's causing a bunch of issues so far: - not all environment variables are loaded correctly - some units are not loaded in time When trying to use xorg and i3, I have way too many tears and I can't figure out a proper configuration. To make it easier, I'm going to keep sway and start `sway` from `tty1` directly.
* ssh: authenticate only using ssh keyFranck Cuny2022-02-211-0/+1
|
* system: install a few more packagesFranck Cuny2022-02-211-1/+10
|
* users: add ssh keys for aptos and carmelFranck Cuny2022-02-211-2/+2
|
* fonts: add font-awesome for i3statusFranck Cuny2022-02-211-0/+1
|
* xserver: add at-spi2-core packageFranck Cuny2022-02-181-1/+5
| | | | | See https://github.com/NixOS/nixpkgs/issues/16327 for details (this removes warnings in some services)
* boot: fix the prefixFranck Cuny2022-02-181-1/+1
|
* xserver: natural scrolling is part of touchpad.Franck Cuny2022-02-181-1/+1
|
* fonts: rename some optionsFranck Cuny2022-02-181-2/+1
| | | | | `fontconfig.ultimate` does not exists anymore, and `enableFontDir` has been renamed to `fontDir.enable`.
* system: add locale and securityFranck Cuny2022-02-183-2/+19
|
* desktop: enable natural scrollingFranck Cuny2022-02-181-2/+4
|
* boot: reorganize and add commentsFranck Cuny2022-02-181-0/+8
| | | | Most of the options for booting are common to all hosts.
* fonts: add more fonts for the systemFranck Cuny2022-02-181-1/+8
|
* sway: configure correctly dbus / keyringFranck Cuny2022-02-171-8/+16
|
* sway: install all the required packagesFranck Cuny2022-02-161-1/+15
|
* home-manager: move activate logic in users' configFranck Cuny2022-02-161-4/+1
|
* hosts: enable rtkit with audio moduleFranck Cuny2022-02-141-0/+2
|
* hosts: unlock disks remotely on bootFranck Cuny2022-02-132-3/+24
| | | | | Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot.
* desktop: ensure we're installing swayFranck Cuny2022-02-131-1/+7
|
* motd: drop, there's no need for thatFranck Cuny2022-02-132-13/+0
|
* sway: first attempt at configuring swayFranck Cuny2022-02-131-11/+3
| | | | | Let's switch right away to sway instead, now that there's an emacs package to support wayland.
* hosts: install linux perf tools for the hostFranck Cuny2022-02-131-1/+8
|
* hosts: decrypt root disk via ssh on bootFranck Cuny2022-02-132-0/+6
|
* desktop: gnome related thingsFranck Cuny2022-02-131-1/+10
|
* hosts: enable avahi on desktopFranck Cuny2022-02-131-0/+5
| | | | This is going to be needed to print (for example).
* hosts: load services at the host levelFranck Cuny2022-02-121-0/+15
| | | | | | These services are not configured at the user level, but at the host level. We might need a better separation in the future, in case I don't use xserver for example.
* hosts: rename commons to commonFranck Cuny2022-02-1213-0/+212