| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Add a new network interface on the host (10Gb).
|
| |
|
|
|
| |
Add a nginx virtualhost for loki too, so that we can use a valid SSL
certificate.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
It creates the user, ensure sftp is configured correctly, and rsync the
backups to rsync.net once a day.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Get rid of configuration that was duplicated (a lot of things are
already handled by the upstream module).
|
| |
|
|
|
|
| |
Both tahoe and carmel are using nginx, and we can simplify the
configuration by moving common parts to the profile and have these hosts
import it.
|
| |
|
|
| |
The hosts should be explicit about what to import.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add the API key for gandi to the secrest, create a profile for acme with
my defaults.
The profile is loaded by tahoe since that's where our services are
running on.
Update all the servers in nginx to listen on their wireguard interface.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The NAS and the router are "servers", and we create a base profile for
them.
We add a default profile that will set things that are common to all my
hosts, and we start with the locales.
Update tahoe/carmel to use the server profile.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The dedicated account for backup should be named 'backup', as it's more
generic.
While it's a system account, I still need to be able to log in the host
remotely with sftp, so we give it a UID (991).
The account needs to be able to sftp to tahoe in order to store the
backups from remote hosts. However we don't want this user to get a
shell and be able to browse the host, so we configure sshd to chroot the
user to where the backups are stored.
|
| |
|
|
|
|
| |
This is the user I'll be using to do my backups. This is a system user,
and there's only one public key added to it. This key is only used for
backups and will be managed in this repository.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When rebuilding the host (through `nixos-rebuild switch --flake`) I
don't want to rebuild also my home-manager configuration. I want these
to be two different steps.
I rebuild the home-manager configuration more frequently and it's a
waste of time and CPU to rebuild the world every time.
This is a pretty large refactoring:
- move checks back into the flake: if I modify a check, the
configuration for `pre-commits` is not regenerated, as the file with the
checks is not monitored with `direnv` (I could probably configure it for
it, but not now)
- remove `home.nix` from the host level configuration
- introduce a `mkHomeManagerConfiguration` function to manage the
different user@host
- fix a warning with the rust overlay
|
| |
|
|
|
|
|
|
|
|
|
| |
The pre-commit hook for new lines reported and correct a number of
issues, so let's commit them now and after that we ca enable the hook
for the repository.
Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740
Reviewed-on: https://cl.fcuny.net/c/world/+/592
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
| |
|
|
| |
So we can unlock the disks remotely.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
All the modules that are needed for home-manager should be under
`home/`, and each host will have a `host.nix` where the modules are
enabled as needed. Later on we can create some profiles to make it
easier to consume the configuration.
I apply this only to tahoe for now, as the amount of packages needed for
my user are pretty limited.
|
| |
|
|
|
|
|
|
|
| |
We don't need the previous `hosts/common/system` configs anymore, as
everything has been moved out.
We keep some boot configuration for carmel in the host configuration for
now, but I need to check why I don't have similar settings for
tahoe (since I also need to unlock the host remotely).
|
| |
|
|
| |
Move the networking configuration for the hosts to its own file.
|
| |
|
|
| |
This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
|
| |
|
|
| |
Apply the role to tahoe.
|
| |
|
|
| |
Profiles contain a collection of modules.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Ensure at least /data/media/music is created with the proper ownership.
|
| | |
|
| |
|
