Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | refactor modules for btrfs, ssd, and fwupd | Franck Cuny | 2022-04-05 | 2 | -9/+1 |
| | |||||
* | refactor network configuration | Franck Cuny | 2022-04-05 | 2 | -20/+1 |
| | |||||
* | refactor security to a module | Franck Cuny | 2022-04-05 | 2 | -6/+1 |
| | |||||
* | refactor users to a module | Franck Cuny | 2022-04-05 | 2 | -33/+1 |
| | |||||
* | refactor default packages to a module | Franck Cuny | 2022-04-05 | 2 | -58/+2 |
| | |||||
* | move locale configuration to a module | Franck Cuny | 2022-04-05 | 2 | -13/+0 |
| | |||||
* | console configuration is moved to a module | Franck Cuny | 2022-04-05 | 1 | -5/+0 |
| | |||||
* | network: move tailscale in modules | Franck Cuny | 2022-04-05 | 1 | -6/+0 |
| | | | | Move the networking configuration for the hosts to its own file. | ||||
* | ssh: refactor to a module | Franck Cuny | 2022-04-05 | 2 | -7/+0 |
| | | | | Also install mosh and ensure the firewall opens the correct ports. | ||||
* | nix: refactor to a module | Franck Cuny | 2022-04-05 | 2 | -19/+0 |
| | |||||
* | sound: add a new module | Franck Cuny | 2022-04-05 | 2 | -29/+2 |
| | | | | | | | | | | This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop. | ||||
* | dashboard: remove ping metrics | Franck Cuny | 2022-04-04 | 1 | -96/+3 |
| | | | | We're using the ones from the prober | ||||
* | prometheus: fix configuration | Franck Cuny | 2022-04-04 | 1 | -3/+1 |
| | |||||
* | prometheus: we need to specify the IP protocol | Franck Cuny | 2022-04-04 | 1 | -1/+5 |
| | | | | | | | | If we don't, by default we try over ipv6, and this is not going to work well for us (yet): ``` ts=2022-04-05T01:39:13.830414184Z caller=main.go:130 module=https_2xx target=https://notes.fcuny.net level=error msg="Error for HTTP request" err="Get \"https://[2a09:8280:1::a:2aed]\": dial tcp [2a09:8280:1::a:2aed]:443: connect: network is unreachable" ``` | ||||
* | prometheus: I'll get this right this time | Franck Cuny | 2022-04-04 | 1 | -5/+3 |
| | |||||
* | prometheus: set the scheme for the URLs | Franck Cuny | 2022-04-04 | 1 | -5/+5 |
| | |||||
* | prometheus: add scraper for HTTP | Franck Cuny | 2022-04-04 | 1 | -0/+28 |
| | |||||
* | prometheus: configure correctly the blackbox | Franck Cuny | 2022-04-04 | 1 | -10/+23 |
| | |||||
* | prometheus: attempt to configure blackbox exporter | Franck Cuny | 2022-04-04 | 1 | -0/+34 |
| | |||||
* | dashboard: more update for traefik | Franck Cuny | 2022-04-04 | 1 | -452/+1478 |
| | |||||
* | dashboards: more updates for traefik | Franck Cuny | 2022-04-04 | 1 | -1/+2 |
| | |||||
* | grafana: try to configure the data source | Franck Cuny | 2022-04-04 | 1 | -9/+28 |
| | |||||
* | grafana: add dashboard for traefik | Franck Cuny | 2022-04-04 | 1 | -0/+783 |
| | |||||
* | grafana: show last 6 hours for node exporter | Franck Cuny | 2022-04-03 | 1 | -2/+2 |
| | |||||
* | users: ensure I'm in the docker group | Franck Cuny | 2022-04-03 | 1 | -1/+1 |
| | |||||
* | Revert "create a new role for navidrome" | Franck Cuny | 2022-04-03 | 1 | -0/+24 |
| | | | | This reverts commit 814a495e9c74e3211c6b6640397111115832207b. | ||||
* | create a new role for navidrome | Franck Cuny | 2022-04-03 | 1 | -24/+0 |
| | | | | Apply the role to tahoe. | ||||
* | nas: backup navidrome data and add music subdomain | Franck Cuny | 2022-03-28 | 2 | -0/+14 |
| | |||||
* | nas: bind navidrome to all interfaces | Franck Cuny | 2022-03-28 | 1 | -1/+4 |
| | |||||
* | nas: initial setup for navidrome | Franck Cuny | 2022-03-28 | 1 | -0/+8 |
| | |||||
* | prometheus: stop scraping the NAS | Franck Cuny | 2022-03-26 | 1 | -4/+2 |
| | | | | we're shutting it down! | ||||
* | common: ensure zsh is installed | Franck Cuny | 2022-03-25 | 1 | -0/+1 |
| | |||||
* | gitea: remove invalid configuration | Franck Cuny | 2022-03-25 | 1 | -1/+0 |
| | |||||
* | shell: switch from zsh to fish | Franck Cuny | 2022-03-25 | 2 | -3/+3 |
| | | | | why not ? | ||||
* | rclone: correct path for the backups | Franck Cuny | 2022-03-15 | 1 | -2/+2 |
| | |||||
* | rclone: fix the path | Franck Cuny | 2022-03-14 | 1 | -1/+1 |
| | |||||
* | prometheus: scrape gitea metrics | Franck Cuny | 2022-03-13 | 1 | -0/+6 |
| | |||||
* | gitea: enable metrics endpoint | Franck Cuny | 2022-03-13 | 1 | -0/+1 |
| | |||||
* | rclone: rewrite the service unit | Franck Cuny | 2022-03-13 | 1 | -5/+6 |
| | |||||
* | default: install ethtool everywhere | Franck Cuny | 2022-03-12 | 1 | -0/+1 |
| | |||||
* | prometheus: collect more stuff | Franck Cuny | 2022-03-12 | 1 | -1/+1 |
| | |||||
* | hosts: add profiles | Franck Cuny | 2022-03-12 | 2 | -41/+0 |
| | | | | Profiles contain a collection of modules. | ||||
* | users: add another ssh key | Franck Cuny | 2022-03-12 | 1 | -2/+8 |
| | |||||
* | rclone: add users backup | Franck Cuny | 2022-03-11 | 1 | -11/+12 |
| | |||||
* | nas: enable rclone configuration | Franck Cuny | 2022-03-11 | 1 | -0/+1 |
| | |||||
* | prometheus: scrap more endpoints | Franck Cuny | 2022-03-11 | 1 | -0/+30 |
| | |||||
* | rclone: synchronize restic repo to GCS | Franck Cuny | 2022-03-11 | 1 | -0/+29 |
| | | | | | | Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day. | ||||
* | traefik: typo | Franck Cuny | 2022-03-09 | 1 | -1/+1 |
| | |||||
* | traefik: make the rules as specific as possible | Franck Cuny | 2022-03-09 | 1 | -2/+4 |
| | | | | Otherwise, `git` will conflict, since it exists on both domains. | ||||
* | traefik: typo | Franck Cuny | 2022-03-09 | 1 | -5/+5 |
| | |||||
* | gitea: typo | Franck Cuny | 2022-03-09 | 1 | -1/+1 |
| | |||||
* | traefik: handle fcuny.net and fcuny.xyz | Franck Cuny | 2022-03-09 | 1 | -7/+15 |
| | | | | | | | | | | | | | fcuny.net is for public facing domains, while fcuny.xyz are for domains on the tailscale network. I need to support configuration in traefik for both. The main difference, for traefik, is the domain name and which let's encrypt challenge to use (DNS for TS, HTTP for public). Refactor the function `mkServiceConfig` to accept the domain and LE challenge as argument, and add new entries for git.fcuny.net and git.fcuny.xyz. | ||||
* | gitea: do a backup with restic | Franck Cuny | 2022-03-09 | 1 | -0/+12 |
| | |||||
* | gitea: we need to specify the user for the DB | Franck Cuny | 2022-03-09 | 1 | -1/+4 |
| | |||||
* | system: install sqlite | Franck Cuny | 2022-03-09 | 1 | -3/+3 |
| | | | | It's always useful to have it around. | ||||
* | gitea: initial configuration | Franck Cuny | 2022-03-08 | 2 | -0/+28 |
| | |||||
* | nas: backup photos and music | Franck Cuny | 2022-03-08 | 1 | -0/+12 |
| | | | | | | | Instead of rsync-ing these folders to a GCS bucket, I should instead do a backup. If I screw up something, the content will be sync-ed, and I won't be able to restore it. It's better (maybe more expensive, but that's OK) to keep snapshots and be able to restore. | ||||
* | backups: spread them so they don't clash | Franck Cuny | 2022-03-07 | 3 | -0/+3 |
| | | | | | If they start running at the same time, they won't be able to succeed since there's a global lock on the repository. | ||||
* | grafana: backup the data directory | Franck Cuny | 2022-03-07 | 1 | -0/+14 |
| | |||||
* | prometheus: backup the data directory | Franck Cuny | 2022-03-07 | 1 | -0/+14 |
| | |||||
* | unifi: backup the data to the local reo | Franck Cuny | 2022-03-07 | 1 | -0/+14 |
| | |||||
* | prometheus: scrap unifi poller on the correct IP | Franck Cuny | 2022-03-06 | 1 | -1/+1 |
| | |||||
* | prometheus: scrape from unifi-poller | Franck Cuny | 2022-03-06 | 1 | -31/+40 |
| | |||||
* | unifi: set the correct name for the poller's unit | Franck Cuny | 2022-03-06 | 1 | -2/+2 |
| | |||||
* | traefik: proper configuration for unifi | Franck Cuny | 2022-03-06 | 1 | -0/+14 |
| | |||||
* | unifi: configure the poller | Franck Cuny | 2022-03-06 | 1 | -5/+18 |
| | |||||
* | unifi: add unifi on the NAS | Franck Cuny | 2022-03-06 | 2 | -0/+54 |
| | |||||
* | transmission: disable the rpc allowlist | Franck Cuny | 2022-03-06 | 1 | -2/+1 |
| | | | | This is not working as I think, will follow up later. | ||||
* | traefik: add transmission (bt.fcuny.xyz) | Franck Cuny | 2022-03-06 | 1 | -2/+4 |
| | |||||
* | nas: install transmission | Franck Cuny | 2022-03-06 | 2 | -0/+36 |
| | | | | | Create a user and group 'nas' so we can run tranmission in it. This will also help us to enable some specific permissions on some directories. | ||||
* | grafana: rename the instance for the router | Franck Cuny | 2022-03-06 | 1 | -16/+16 |
| | |||||
* | grafana: add a few more dashboards | Franck Cuny | 2022-03-06 | 3 | -0/+10539 |
| | |||||
* | traefik: getting a working configuration | Franck Cuny | 2022-03-06 | 1 | -22/+21 |
| | |||||
* | traefik: second attempt, simple | Franck Cuny | 2022-03-06 | 2 | -52/+35 |
| | |||||
* | traefik: initial configuration | Franck Cuny | 2022-03-06 | 2 | -0/+87 |
| | | | | | | | | | I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age. | ||||
* | backups: unit to run maintenance on my backups | Franck Cuny | 2022-03-05 | 2 | -0/+26 |
| | | | | | This will be run via a timer once a day, to perform maintenance on my backups on the nas. | ||||
* | prometheus: scrape nodeexporter for the rtr | Franck Cuny | 2022-03-05 | 1 | -15/+24 |
| | |||||
* | samba: fix path for music, add videos | Franck Cuny | 2022-03-05 | 1 | -1/+7 |
| | |||||
* | aptos: remove mem_sleep_default | Franck Cuny | 2022-03-05 | 1 | -1/+0 |
| | | | | The laptop was rebooting when I'd open the lid. | ||||
* | tailscale: add tailscale to the laptop (aptos) | Franck Cuny | 2022-03-05 | 1 | -0/+6 |
| | |||||
* | grafana: disable analytics correctly | Franck Cuny | 2022-03-02 | 1 | -1/+2 |
| | |||||
* | prometheus: relabel some machines | Franck Cuny | 2022-03-02 | 1 | -12/+20 |
| | | | | | Don't use the IP from wireguard as the name of the host, let's map to the actual hostname. | ||||
* | users: remove rsa key | Franck Cuny | 2022-03-02 | 1 | -1/+0 |
| | |||||
* | grafana: disable analytics | Franck Cuny | 2022-03-02 | 1 | -0/+1 |
| | |||||
* | grafana: provision dashboards | Franck Cuny | 2022-02-28 | 2 | -0/+14120 |
| | | | | Start with node-exporter-full dashboard. | ||||
* | grafana: setup provisioning correctly | Franck Cuny | 2022-02-28 | 1 | -6/+9 |
| | |||||
* | grafana: fix | Franck Cuny | 2022-02-28 | 1 | -1/+1 |
| | |||||
* | grafana: configure admin user and data sources | Franck Cuny | 2022-02-28 | 1 | -1/+9 |
| | |||||
* | grafana: initial configuration | Franck Cuny | 2022-02-28 | 2 | -0/+10 |
| | |||||
* | prometheus: initial configuration for the server | Franck Cuny | 2022-02-28 | 2 | -0/+30 |
| | | | | | | | Run prometheus via systemd, and configure to pull node-exporter's metrics from two hosts. The retention is set for 3 years. | ||||
* | users: change my ssh key for the laptop | Franck Cuny | 2022-02-27 | 1 | -1/+2 |
| | |||||
* | hosts: ensure we have bash and zsh | Franck Cuny | 2022-02-27 | 1 | -0/+3 |
| | |||||
* | nas: consume everything from the server profile | Franck Cuny | 2022-02-27 | 1 | -0/+1 |
| | |||||
* | server: create a new profile | Franck Cuny | 2022-02-27 | 2 | -0/+19 |
| | | | | | This is a profile for servers related stuff. We start with monitoring for now. | ||||
* | samba: fix configuration | Franck Cuny | 2022-02-27 | 1 | -3/+3 |
| | | | | | Some settings were missing, others incorrect, and the name of the share was also incorrect. | ||||
* | NAS: initial configuration | Franck Cuny | 2022-02-27 | 2 | -0/+34 |
| | | | | For now we only want samba on it. | ||||
* | hardware: enable btrfs scrubber and fstrimmer | Franck Cuny | 2022-02-27 | 1 | -0/+3 |
| | |||||
* | software: drop nautilus, add a few more things | Franck Cuny | 2022-02-27 | 1 | -4/+0 |
| | | | | | | | | | Replace nautilus with pcmanfm, which is more than enough for my needs (I still can't open correctly images / PDF with nautilus, I don't care why). Add a few more packages (seahorse, easyeffects) to improve usability of the desktop. | ||||
* | pam: drop GDM configuration | Franck Cuny | 2022-02-27 | 1 | -2/+0 |
| | | | | I don't use GDM anymore. | ||||
* | hardware: start capturing hardware related stuff | Franck Cuny | 2022-02-27 | 2 | -0/+10 |
| | | | | | Create a new module for hardware related things, in order to configure correctly the various machines. | ||||
* | gnome: add more gnome settings | Franck Cuny | 2022-02-24 | 1 | -1/+14 |
| | | | | | | | Without these settings a few things are not working correctly (nautilus can't browse ssh servers for example). This module needs to be renamed too. | ||||
* | xserver: drop it completely | Franck Cuny | 2022-02-24 | 1 | -14/+0 |
| | | | | | | | | | | | | | Let's remove this, I was only using it to get GDM running, but that's causing a bunch of issues so far: - not all environment variables are loaded correctly - some units are not loaded in time When trying to use xorg and i3, I have way too many tears and I can't figure out a proper configuration. To make it easier, I'm going to keep sway and start `sway` from `tty1` directly. | ||||
* | ssh: authenticate only using ssh key | Franck Cuny | 2022-02-21 | 1 | -0/+1 |
| | |||||
* | system: install a few more packages | Franck Cuny | 2022-02-21 | 1 | -1/+10 |
| | |||||
* | users: add ssh keys for aptos and carmel | Franck Cuny | 2022-02-21 | 1 | -2/+2 |
| | |||||
* | fonts: add font-awesome for i3status | Franck Cuny | 2022-02-21 | 1 | -0/+1 |
| | |||||
* | xserver: add at-spi2-core package | Franck Cuny | 2022-02-18 | 1 | -1/+5 |
| | | | | | See https://github.com/NixOS/nixpkgs/issues/16327 for details (this removes warnings in some services) | ||||
* | boot: fix the prefix | Franck Cuny | 2022-02-18 | 1 | -1/+1 |
| | |||||
* | xserver: natural scrolling is part of touchpad. | Franck Cuny | 2022-02-18 | 1 | -1/+1 |
| | |||||
* | fonts: rename some options | Franck Cuny | 2022-02-18 | 1 | -2/+1 |
| | | | | | `fontconfig.ultimate` does not exists anymore, and `enableFontDir` has been renamed to `fontDir.enable`. | ||||
* | system: add locale and security | Franck Cuny | 2022-02-18 | 3 | -2/+19 |
| | |||||
* | desktop: enable natural scrolling | Franck Cuny | 2022-02-18 | 1 | -2/+4 |
| | |||||
* | boot: reorganize and add comments | Franck Cuny | 2022-02-18 | 1 | -0/+8 |
| | | | | Most of the options for booting are common to all hosts. | ||||
* | fonts: add more fonts for the system | Franck Cuny | 2022-02-18 | 1 | -1/+8 |
| | |||||
* | sway: configure correctly dbus / keyring | Franck Cuny | 2022-02-17 | 1 | -8/+16 |
| | |||||
* | sway: install all the required packages | Franck Cuny | 2022-02-16 | 1 | -1/+15 |
| | |||||
* | home-manager: move activate logic in users' config | Franck Cuny | 2022-02-16 | 1 | -4/+1 |
| | |||||
* | hosts: enable rtkit with audio module | Franck Cuny | 2022-02-14 | 1 | -0/+2 |
| | |||||
* | hosts: unlock disks remotely on boot | Franck Cuny | 2022-02-13 | 2 | -3/+24 |
| | | | | | Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot. | ||||
* | desktop: ensure we're installing sway | Franck Cuny | 2022-02-13 | 1 | -1/+7 |
| | |||||
* | motd: drop, there's no need for that | Franck Cuny | 2022-02-13 | 2 | -13/+0 |
| | |||||
* | sway: first attempt at configuring sway | Franck Cuny | 2022-02-13 | 1 | -11/+3 |
| | | | | | Let's switch right away to sway instead, now that there's an emacs package to support wayland. | ||||
* | hosts: install linux perf tools for the host | Franck Cuny | 2022-02-13 | 1 | -1/+8 |
| | |||||
* | hosts: decrypt root disk via ssh on boot | Franck Cuny | 2022-02-13 | 2 | -0/+6 |
| | |||||
* | desktop: gnome related things | Franck Cuny | 2022-02-13 | 1 | -1/+10 |
| | |||||
* | hosts: enable avahi on desktop | Franck Cuny | 2022-02-13 | 1 | -0/+5 |
| | | | | This is going to be needed to print (for example). | ||||
* | hosts: load services at the host level | Franck Cuny | 2022-02-12 | 1 | -0/+15 |
| | | | | | | These services are not configured at the user level, but at the host level. We might need a better separation in the future, in case I don't use xserver for example. | ||||
* | hosts: rename commons to common | Franck Cuny | 2022-02-12 | 13 | -0/+212 |