about summary refs log tree commit diff
path: root/hosts/tahoe (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ref(home/shell): make it easier to share common things between shellsFranck Cuny2022-06-201-2/+2
| | | | | | | | | | | | | | | | | | | | I'm considering trying again fish, and there are a number of things that should be common between zsh and fish (aliases, environment variables, ...). Instead of duplicating these settings multiple time, I'm consolidating the shell configurations under `home/shell`, and I can set the shell I want to use with `my.home.shell.name`. The first step is to move the modules for fish and zsh under `home/shell`, add an interface to pick which one I want to use, and modify the `host/home.nix` configuration to keep using zsh with the new interface. Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf Reviewed-on: https://cl.fcuny.net/c/world/+/455 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove all modules and configurationsFranck Cuny2022-06-112-5/+0
| | | | | | | | | I do not use drone anymore, no need to keep this around. Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e Reviewed-on: https://cl.fcuny.net/c/world/+/411 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-102-2/+4
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): buildKite agents can read gerrit secretsFranck Cuny2022-06-091-0/+4
| | | | | | | | | We need to ensure the agents can read the secrets / tokens to vote after a build. Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084 Reviewed-on: https://cl.fcuny.net/c/world/+/341 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home): structure and add commentsFranck Cuny2022-06-091-2/+11
| | | | | | Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff Reviewed-on: https://cl.fcuny.net/c/world/+/295 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit-hook): update the configuration with correct URLFranck Cuny2022-06-041-10/+12
| | | | | | Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9 Reviewed-on: https://cl.fcuny.net/c/world/+/283 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): set the owner for buildkite agent secretsFranck Cuny2022-06-041-0/+1
| | | | | | | | | There's one user per agent. If we don't set an owner for that file, it will be owned by root. Let's set the ownership to the first builder. Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081 Reviewed-on: https://cl.fcuny.net/c/world/+/281 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove secret and CLI for droneFranck Cuny2022-06-041-5/+0
| | | | | | | | | I'm not using drone anymore. I don't need the CLI and the secret to be installed. Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714 Reviewed-on: https://cl.fcuny.net/c/world/+/261 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): add secret for gerrit-hookFranck Cuny2022-06-042-0/+16
| | | | | | | | | | | The secret is the configuration for the gerrit-hook tool. It contains the URL to our gerrit instance, the username/password for the gerrit user used by the tool, the API token for buildKite and the name of the organization in buildKite. Change-Id: I58233e085c92d4c5db5635eb9942a5e87ee9e55d Reviewed-on: https://cl.fcuny.net/c/world/+/204 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): enable buildkite agentFranck Cuny2022-05-301-0/+1
| | | | | | Change-Id: I12cc741bdfb074f7d2a006547860362176afe372 Reviewed-on: https://cl.fcuny.net/c/world/+/169 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): add the auth tokenFranck Cuny2022-05-302-0/+7
| | | | | | Change-Id: I652a3326caf8f949e9734849d1492f7b9764a766 Reviewed-on: https://cl.fcuny.net/c/world/+/167 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(tahoe): remove droneFranck Cuny2022-05-291-9/+1
| | | | | | | | | I will not be using drone anymore, and will likely replace it with buildkite. Change-Id: I45d91c43090aaba119855158e071dae377c1897f Reviewed-on: https://cl.fcuny.net/c/world/+/162 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): replace gitea by cgitFranck Cuny2022-05-271-2/+1
| | | | | | Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2 Reviewed-on: https://cl.fcuny.net/c/world/+/62 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* feat(tahoe): enable gerritFranck Cuny2022-05-261-0/+4
|
* feat(tahoe): enable sourcegraphFranck Cuny2022-05-221-0/+4
|
* zsh: switch to zsh as the default shellFranck Cuny2022-05-151-1/+1
| | | | | | | | | | `zsh' is available everywhere and is compatible with bash. When using `fish' I need to remember how to do things. While the completion style is nicer, I don't care about the rest. I prefer to have a consistent experience in the shell, no matter where am I. This is an initial configuration, I might need to make a few changes as I go.
* tahoe: enable exec runner for droneFranck Cuny2022-05-021-1/+1
|
* backups: do backups for the laptopFranck Cuny2022-04-241-1/+2
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* syncthing: don't run from homeFranck Cuny2022-04-211-1/+0
|
* syncthing: configure the keys for tahoeFranck Cuny2022-04-213-0/+20
|
* syncthing: enable on tahoeFranck Cuny2022-04-211-0/+1
|
* syncthing: let's run it from home-managerFranck Cuny2022-04-211-0/+1
|
* drone: configuration fixesFranck Cuny2022-04-131-1/+1
|
* drone: initial attempt at configuring itFranck Cuny2022-04-134-0/+16
|
* modules: make the vhost be configurableFranck Cuny2022-04-131-3/+9
|
* grafana: correct domain name ...Franck Cuny2022-04-131-1/+1
|
* grafana: the vhost is configurableFranck Cuny2022-04-131-1/+4
|
* tahoe: set owner for secret related to ACMEFranck Cuny2022-04-131-1/+4
|
* secrets: re-key all secrets for tahoeFranck Cuny2022-04-138-30/+27
|
* grafana: try to configure the domain with acme+dnsFranck Cuny2022-04-133-1/+9
|
* nginx: get a simple solution to work firstFranck Cuny2022-04-131-13/+1
|
* nginx: add nginx as a reverse proxyFranck Cuny2022-04-131-1/+14
| | | | This will ultimately replace traefik.
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-137-0/+39
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* tahoe: fix backup configurationFranck Cuny2022-04-111-2/+3
|
* secrets: move all the secrets under module/Franck Cuny2022-04-101-3/+3
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* add a module for backup with resticFranck Cuny2022-04-101-10/+4
| | | | Do a single backup for the host, instead of running multiple ones.
* tahoe: enable network with early bootFranck Cuny2022-04-092-11/+19
| | | | So we can unlock the disks remotely.
* hosts: rename hardware-configuration to hardwareFranck Cuny2022-04-082-1/+1
|
* hosts: add services to tahoeFranck Cuny2022-04-082-1/+45
|
* initial attempt to reconfigure home-managerFranck Cuny2022-04-072-0/+18
| | | | | | | | | | All the modules that are needed for home-manager should be under `home/`, and each host will have a `host.nix` where the modules are enabled as needed. Later on we can create some profiles to make it easier to consume the configuration. I apply this only to tahoe for now, as the amount of packages needed for my user are pretty limited.
* enable AMD module correctlyFranck Cuny2022-04-061-1/+1
|
* refactor boot configuration to a moduleFranck Cuny2022-04-061-1/+4
| | | | | | | | | We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
* refactor configuration for AMDFranck Cuny2022-04-061-38/+39
|
* refactor network configurationFranck Cuny2022-04-051-3/+19
|
* network: move tailscale in modulesFranck Cuny2022-04-052-20/+23
| | | | Move the networking configuration for the hosts to its own file.
* Revert "create a new role for navidrome"Franck Cuny2022-04-031-4/+2
| | | | This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
* create a new role for navidromeFranck Cuny2022-04-031-2/+4
| | | | Apply the role to tahoe.
* hosts: add profilesFranck Cuny2022-03-121-1/+1
| | | | Profiles contain a collection of modules.
* tahoe: enable tailscaleFranck Cuny2022-03-061-0/+1
|
* tahoe: remove creation of some directoriesFranck Cuny2022-03-051-29/+9
|
* tahoe: new hardware configuratioFranck Cuny2022-03-051-21/+13
|
* tahoe: enable wireguardFranck Cuny2022-03-021-0/+1
|
* tahoe: create some directoriesFranck Cuny2022-02-271-0/+15
| | | | Ensure at least /data/media/music is created with the proper ownership.
* tahoe: include NAS profileFranck Cuny2022-02-271-0/+1
|
* hosts: add tahoe, the new NASFranck Cuny2022-02-272-0/+111