about summary refs log tree commit diff
path: root/hosts (follow)
Commit message (Collapse)AuthorAgeFilesLines
* feat(modules/gerrit): manage secure configuration with nixFranck Cuny2022-07-182-0/+6
| | | | | | | | | | | | Currently the secure configuration for gerrit is not managed by nix. This is likely going to break in the future and I'll hate myself for that. Let's move it into nix and encrypt it with age, like we do for other secrets. Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982 Reviewed-on: https://cl.fcuny.net/c/world/+/622 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(tahoe/backups): don't backup some directoriesFranck Cuny2022-07-081-0/+1
| | | | | | | | | I don't need to backup these directories in my home. Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b Reviewed-on: https://cl.fcuny.net/c/world/+/620 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(new-lines): add or remove new lines where neededFranck Cuny2022-07-023-3/+0
| | | | | | | | | | | The pre-commit hook for new lines reported and correct a number of issues, so let's commit them now and after that we ca enable the hook for the repository. Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740 Reviewed-on: https://cl.fcuny.net/c/world/+/592 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/home): use fish as my default shell everywhereFranck Cuny2022-06-232-2/+2
| | | | | | | Change-Id: I75df9d3ba133e3f7380a518e1b8c70a564f60482 Reviewed-on: https://cl.fcuny.net/c/world/+/481 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home/shell): switch default shell to fishFranck Cuny2022-06-201-1/+1
| | | | | | | Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7 Reviewed-on: https://cl.fcuny.net/c/world/+/457 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* ref(home/shell): make it easier to share common things between shellsFranck Cuny2022-06-203-4/+4
| | | | | | | | | | | | | | | | | | | | I'm considering trying again fish, and there are a number of things that should be common between zsh and fish (aliases, environment variables, ...). Instead of duplicating these settings multiple time, I'm consolidating the shell configurations under `home/shell`, and I can set the shell I want to use with `my.home.shell.name`. The first step is to move the modules for fish and zsh under `home/shell`, add an interface to pick which one I want to use, and modify the `host/home.nix` configuration to keep using zsh with the new interface. Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf Reviewed-on: https://cl.fcuny.net/c/world/+/455 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove all modules and configurationsFranck Cuny2022-06-112-5/+0
| | | | | | | | | I do not use drone anymore, no need to keep this around. Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e Reviewed-on: https://cl.fcuny.net/c/world/+/411 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-105-5/+10
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): buildKite agents can read gerrit secretsFranck Cuny2022-06-091-0/+4
| | | | | | | | | We need to ensure the agents can read the secrets / tokens to vote after a build. Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084 Reviewed-on: https://cl.fcuny.net/c/world/+/341 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(profiles): get rid of all the profilesFranck Cuny2022-06-096-11/+30
| | | | | | | | | | | | | | All the modules that are setup by the profiles are now managed at the host level. This simplify some configuration, and will make it easier to adjust things at the host instead of trying to squeeze everything into profiles. This will also help the refactoring later, when I'll split nixos and home-manager configuration. Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5 Reviewed-on: https://cl.fcuny.net/c/world/+/297 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(GTK): remove the profile for GTKFranck Cuny2022-06-094-0/+8
| | | | | | | | All the configuration is done at the host level. Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693 Reviewed-on: https://cl.fcuny.net/c/world/+/296 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home): structure and add commentsFranck Cuny2022-06-093-36/+75
| | | | | | Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff Reviewed-on: https://cl.fcuny.net/c/world/+/295 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(desktop): move all the modules for home-manager to host levelFranck Cuny2022-06-092-0/+18
| | | | | | Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0 Reviewed-on: https://cl.fcuny.net/c/world/+/294 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(trusted): consume modules within host's configurationFranck Cuny2022-06-094-4/+23
| | | | | | | | | Remove the trusted profiles, the modules are installed directly within the host configuration. Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078 Reviewed-on: https://cl.fcuny.net/c/world/+/293 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(multimedia): move multimedia modules to hostsFranck Cuny2022-06-093-4/+9
| | | | | | | | | Consume the modules related to multimedia applications at the host level, instead of having a level of indirection with a profile. Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002 Reviewed-on: https://cl.fcuny.net/c/world/+/292 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(sane): move sane's configuration to correct placeFranck Cuny2022-06-092-3/+3
| | | | | | Change-Id: Ibb55ee455423c101fb6d3e62a2e9e4593682cf16 Reviewed-on: https://cl.fcuny.net/c/world/+/291 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(laptop): move services related to laptop to host's configurationFranck Cuny2022-06-092-2/+6
| | | | | | | | | | As for the bluetooth configuration, we don't need that level of indirection. The laptop can consume these services directly, and we can drop the profile for laptop. Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e Reviewed-on: https://cl.fcuny.net/c/world/+/290 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(bluetooth): remove the profileFranck Cuny2022-06-092-1/+2
| | | | | | | | | | | I don't need a profile for this, the module can be consumed directly from the host's hardware configuration. It removes one level of indirection and helps us toward the goal of completely removing all the profiles. Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114 Reviewed-on: https://cl.fcuny.net/c/world/+/289 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit-hook): update the configuration with correct URLFranck Cuny2022-06-041-10/+12
| | | | | | Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9 Reviewed-on: https://cl.fcuny.net/c/world/+/283 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): set the owner for buildkite agent secretsFranck Cuny2022-06-041-0/+1
| | | | | | | | | There's one user per agent. If we don't set an owner for that file, it will be owned by root. Let's set the ownership to the first builder. Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081 Reviewed-on: https://cl.fcuny.net/c/world/+/281 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove secret and CLI for droneFranck Cuny2022-06-041-5/+0
| | | | | | | | | I'm not using drone anymore. I don't need the CLI and the secret to be installed. Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714 Reviewed-on: https://cl.fcuny.net/c/world/+/261 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): add secret for gerrit-hookFranck Cuny2022-06-042-0/+16
| | | | | | | | | | | The secret is the configuration for the gerrit-hook tool. It contains the URL to our gerrit instance, the username/password for the gerrit user used by the tool, the API token for buildKite and the name of the organization in buildKite. Change-Id: I58233e085c92d4c5db5635eb9942a5e87ee9e55d Reviewed-on: https://cl.fcuny.net/c/world/+/204 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): enable buildkite agentFranck Cuny2022-05-301-0/+1
| | | | | | Change-Id: I12cc741bdfb074f7d2a006547860362176afe372 Reviewed-on: https://cl.fcuny.net/c/world/+/169 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): add the auth tokenFranck Cuny2022-05-302-0/+7
| | | | | | Change-Id: I652a3326caf8f949e9734849d1492f7b9764a766 Reviewed-on: https://cl.fcuny.net/c/world/+/167 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(tahoe): remove droneFranck Cuny2022-05-291-9/+1
| | | | | | | | | I will not be using drone anymore, and will likely replace it with buildkite. Change-Id: I45d91c43090aaba119855158e071dae377c1897f Reviewed-on: https://cl.fcuny.net/c/world/+/162 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): replace gitea by cgitFranck Cuny2022-05-271-2/+1
| | | | | | Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2 Reviewed-on: https://cl.fcuny.net/c/world/+/62 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* feat(tahoe): enable gerritFranck Cuny2022-05-261-0/+4
|
* feat(tahoe): enable sourcegraphFranck Cuny2022-05-221-0/+4
|
* bluetooh: enable on aptosFranck Cuny2022-05-161-0/+1
|
* zsh: switch to zsh as the default shellFranck Cuny2022-05-153-3/+3
| | | | | | | | | | `zsh' is available everywhere and is compatible with bash. When using `fish' I need to remember how to do things. While the completion style is nicer, I don't care about the rest. I prefer to have a consistent experience in the shell, no matter where am I. This is an initial configuration, I might need to make a few changes as I go.
* aptos: enable bluetoothFranck Cuny2022-05-121-0/+1
|
* secrets: add a new secrets for gcloud (aptos only)Franck Cuny2022-05-072-0/+5
| | | | | This is the configuration needed to interact with GCP from this repository. We only want it on aptos for now.
* tahoe: enable exec runner for droneFranck Cuny2022-05-021-1/+1
|
* backups: do backups for the laptopFranck Cuny2022-04-245-1/+36
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* scanner: install tools on the laptopFranck Cuny2022-04-241-0/+4
|
* syncthing: enable on trusted machinesFranck Cuny2022-04-214-2/+16
| | | | Add the cert and key for aptos.
* syncthing: don't run from homeFranck Cuny2022-04-211-1/+0
|
* syncthing: configure the keys for tahoeFranck Cuny2022-04-213-0/+20
|
* syncthing: enable on tahoeFranck Cuny2022-04-211-0/+1
|
* syncthing: let's run it from home-managerFranck Cuny2022-04-211-0/+1
|
* drone: configuration fixesFranck Cuny2022-04-131-1/+1
|
* drone: initial attempt at configuring itFranck Cuny2022-04-134-0/+16
|
* modules: make the vhost be configurableFranck Cuny2022-04-131-3/+9
|
* grafana: correct domain name ...Franck Cuny2022-04-131-1/+1
|
* grafana: the vhost is configurableFranck Cuny2022-04-131-1/+4
|
* tahoe: set owner for secret related to ACMEFranck Cuny2022-04-131-1/+4
|
* secrets: re-key all secrets for tahoeFranck Cuny2022-04-138-30/+27
|
* grafana: try to configure the domain with acme+dnsFranck Cuny2022-04-133-1/+9
|
* nginx: get a simple solution to work firstFranck Cuny2022-04-131-13/+1
|
* nginx: add nginx as a reverse proxyFranck Cuny2022-04-131-1/+14
| | | | This will ultimately replace traefik.
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-139-0/+43
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* tahoe: fix backup configurationFranck Cuny2022-04-111-2/+3
|
* secrets: move all the secrets under module/Franck Cuny2022-04-101-3/+3
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* add a module for backup with resticFranck Cuny2022-04-101-10/+4
| | | | Do a single backup for the host, instead of running multiple ones.
* tahoe: enable network with early bootFranck Cuny2022-04-092-11/+19
| | | | So we can unlock the disks remotely.
* small fixesFranck Cuny2022-04-091-1/+1
|
* add a few more modules to home/ and delete stuffFranck Cuny2022-04-092-0/+3
|
* carmel: configure the desktop properlyFranck Cuny2022-04-083-1/+22
|
* hosts: rename hardware-configuration to hardwareFranck Cuny2022-04-086-3/+3
|
* hosts: add services to tahoeFranck Cuny2022-04-083-11/+10
|
* delete unneeded modulesFranck Cuny2022-04-083-96/+0
|
* delete unused moduleFranck Cuny2022-04-081-25/+0
|
* aptos: consume the new profilesFranck Cuny2022-04-083-3/+21
| | | | aptos is now using the new home-manager setup.
* initial attempt to reconfigure home-managerFranck Cuny2022-04-072-0/+18
| | | | | | | | | | All the modules that are needed for home-manager should be under `home/`, and each host will have a `host.nix` where the modules are enabled as needed. Later on we can create some profiles to make it easier to consume the configuration. I apply this only to tahoe for now, as the amount of packages needed for my user are pretty limited.
* refactor transmission and metrics-exporterFranck Cuny2022-04-064-50/+2
|
* refactor traefikFranck Cuny2022-04-062-97/+1
|
* refactor rclone to a moduleFranck Cuny2022-04-062-33/+1
|
* refactor gitea as a moduleFranck Cuny2022-04-062-42/+4
|
* refactor grafana as a moduleFranck Cuny2022-04-067-26433/+1
|
* refactor prometheus as a moduleFranck Cuny2022-04-062-180/+1
|
* refactor unifi to a moduleFranck Cuny2022-04-062-82/+1
|
* refactor navidrome to a moduleFranck Cuny2022-04-062-28/+9
|
* enable AMD module correctlyFranck Cuny2022-04-062-2/+2
|
* refactor samba to a proper moduleFranck Cuny2022-04-062-34/+5
| | | | The list of public share is configurable too.
* refactor boot configuration to a moduleFranck Cuny2022-04-068-62/+19
| | | | | | | | | We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
* refactor configuration for AMDFranck Cuny2022-04-062-66/+65
|
* refactor intel related configurationFranck Cuny2022-04-054-37/+26
|
* refactor modules for btrfs, ssd, and fwupdFranck Cuny2022-04-052-9/+1
|
* refactor network configurationFranck Cuny2022-04-056-28/+58
|
* refactor security to a moduleFranck Cuny2022-04-052-6/+1
|
* refactor users to a moduleFranck Cuny2022-04-052-33/+1
|
* refactor default packages to a moduleFranck Cuny2022-04-052-58/+2
|
* move locale configuration to a moduleFranck Cuny2022-04-052-13/+0
|
* console configuration is moved to a moduleFranck Cuny2022-04-051-5/+0
|
* create a profile for laptopFranck Cuny2022-04-051-1/+1
|
* carmel: enable the soundFranck Cuny2022-04-051-0/+1
|
* network: move tailscale in modulesFranck Cuny2022-04-057-62/+64
| | | | Move the networking configuration for the hosts to its own file.
* ssh: refactor to a moduleFranck Cuny2022-04-052-7/+0
| | | | Also install mosh and ensure the firewall opens the correct ports.
* nix: refactor to a moduleFranck Cuny2022-04-052-19/+0
|
* sound: add a new moduleFranck Cuny2022-04-056-42/+16
| | | | | | | | | | This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop.
* dashboard: remove ping metricsFranck Cuny2022-04-041-96/+3
| | | | We're using the ones from the prober
* prometheus: fix configurationFranck Cuny2022-04-041-3/+1
|
* prometheus: we need to specify the IP protocolFranck Cuny2022-04-041-1/+5
| | | | | | | | If we don't, by default we try over ipv6, and this is not going to work well for us (yet): ``` ts=2022-04-05T01:39:13.830414184Z caller=main.go:130 module=https_2xx target=https://notes.fcuny.net level=error msg="Error for HTTP request" err="Get \"https://[2a09:8280:1::a:2aed]\": dial tcp [2a09:8280:1::a:2aed]:443: connect: network is unreachable" ```
* prometheus: I'll get this right this timeFranck Cuny2022-04-041-5/+3
|
* prometheus: set the scheme for the URLsFranck Cuny2022-04-041-5/+5
|
* prometheus: add scraper for HTTPFranck Cuny2022-04-041-0/+28
|
* prometheus: configure correctly the blackboxFranck Cuny2022-04-041-10/+23
|
* prometheus: attempt to configure blackbox exporterFranck Cuny2022-04-041-0/+34
|
* dashboard: more update for traefikFranck Cuny2022-04-041-452/+1478
|
* dashboards: more updates for traefikFranck Cuny2022-04-041-1/+2
|
* grafana: try to configure the data sourceFranck Cuny2022-04-041-9/+28
|
* grafana: add dashboard for traefikFranck Cuny2022-04-041-0/+783
|
* grafana: show last 6 hours for node exporterFranck Cuny2022-04-031-2/+2
|
* users: ensure I'm in the docker groupFranck Cuny2022-04-031-1/+1
|
* Revert "create a new role for navidrome"Franck Cuny2022-04-033-35/+26
| | | | This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
* create a new role for navidromeFranck Cuny2022-04-033-26/+35
| | | | Apply the role to tahoe.
* nas: add videos to the backupsFranck Cuny2022-04-021-7/+2
| | | | | We also don't need the music-organizer anymore since we're switching to beets.
* nas: backup navidrome data and add music subdomainFranck Cuny2022-03-282-0/+14
|
* nas: bind navidrome to all interfacesFranck Cuny2022-03-281-1/+4
|
* nas: initial setup for navidromeFranck Cuny2022-03-282-0/+9
|
* nas: install music-organizer from the main branchFranck Cuny2022-03-271-0/+1
|
* nas: install correctly music-organizerFranck Cuny2022-03-271-1/+1
|
* nas: install music-organizerFranck Cuny2022-03-271-3/+5
|
* prometheus: stop scraping the NASFranck Cuny2022-03-261-4/+2
| | | | we're shutting it down!
* common: ensure zsh is installedFranck Cuny2022-03-251-0/+1
|
* gitea: remove invalid configurationFranck Cuny2022-03-251-1/+0
|
* shell: switch from zsh to fishFranck Cuny2022-03-252-3/+3
| | | | why not ?
* rclone: correct path for the backupsFranck Cuny2022-03-151-2/+2
|
* rclone: fix the pathFranck Cuny2022-03-141-1/+1
|
* prometheus: scrape gitea metricsFranck Cuny2022-03-131-0/+6
|
* gitea: enable metrics endpointFranck Cuny2022-03-131-0/+1
|
* server: typoFranck Cuny2022-03-131-4/+2
|
* rclone: rewrite the service unitFranck Cuny2022-03-131-5/+6
|
* default: install ethtool everywhereFranck Cuny2022-03-121-0/+1
|
* prometheus: collect more stuffFranck Cuny2022-03-121-1/+1
|
* hosts: add profilesFranck Cuny2022-03-124-17/+18
| | | | Profiles contain a collection of modules.
* users: add another ssh keyFranck Cuny2022-03-121-2/+8
|
* containers: enable dockerd and containerd on aptosFranck Cuny2022-03-121-0/+11
|
* rclone: add users backupFranck Cuny2022-03-111-11/+12
|
* nas: enable rclone configurationFranck Cuny2022-03-111-0/+1
|
* prometheus: scrap more endpointsFranck Cuny2022-03-111-0/+30
|
* rclone: synchronize restic repo to GCSFranck Cuny2022-03-111-0/+29
| | | | | | Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day.
* traefik: typoFranck Cuny2022-03-091-1/+1
|
* traefik: make the rules as specific as possibleFranck Cuny2022-03-091-2/+4
| | | | Otherwise, `git` will conflict, since it exists on both domains.
* traefik: typoFranck Cuny2022-03-091-5/+5
|
* gitea: typoFranck Cuny2022-03-091-1/+1
|
* traefik: handle fcuny.net and fcuny.xyzFranck Cuny2022-03-091-7/+15
| | | | | | | | | | | | | fcuny.net is for public facing domains, while fcuny.xyz are for domains on the tailscale network. I need to support configuration in traefik for both. The main difference, for traefik, is the domain name and which let's encrypt challenge to use (DNS for TS, HTTP for public). Refactor the function `mkServiceConfig` to accept the domain and LE challenge as argument, and add new entries for git.fcuny.net and git.fcuny.xyz.
* gitea: do a backup with resticFranck Cuny2022-03-091-0/+12
|
* gitea: we need to specify the user for the DBFranck Cuny2022-03-091-1/+4
|
* system: install sqliteFranck Cuny2022-03-091-3/+3
| | | | It's always useful to have it around.
* gitea: initial configurationFranck Cuny2022-03-082-0/+28
|
* nas: backup photos and musicFranck Cuny2022-03-081-0/+12
| | | | | | | Instead of rsync-ing these folders to a GCS bucket, I should instead do a backup. If I screw up something, the content will be sync-ed, and I won't be able to restore it. It's better (maybe more expensive, but that's OK) to keep snapshots and be able to restore.
* backups: spread them so they don't clashFranck Cuny2022-03-073-0/+3
| | | | | If they start running at the same time, they won't be able to succeed since there's a global lock on the repository.
* grafana: backup the data directoryFranck Cuny2022-03-071-0/+14
|
* prometheus: backup the data directoryFranck Cuny2022-03-071-0/+14
|
* unifi: backup the data to the local reoFranck Cuny2022-03-071-0/+14
|
* prometheus: scrap unifi poller on the correct IPFranck Cuny2022-03-061-1/+1
|
* prometheus: scrape from unifi-pollerFranck Cuny2022-03-061-31/+40
|
* unifi: set the correct name for the poller's unitFranck Cuny2022-03-061-2/+2
|
* traefik: proper configuration for unifiFranck Cuny2022-03-061-0/+14
|
* unifi: configure the pollerFranck Cuny2022-03-061-5/+18
|
* unifi: add unifi on the NASFranck Cuny2022-03-062-0/+54
|
* transmission: disable the rpc allowlistFranck Cuny2022-03-061-2/+1
| | | | This is not working as I think, will follow up later.
* traefik: add transmission (bt.fcuny.xyz)Franck Cuny2022-03-061-2/+4
|
* nas: install transmissionFranck Cuny2022-03-062-0/+36
| | | | | Create a user and group 'nas' so we can run tranmission in it. This will also help us to enable some specific permissions on some directories.
* grafana: rename the instance for the routerFranck Cuny2022-03-061-16/+16
|
* grafana: add a few more dashboardsFranck Cuny2022-03-063-0/+10539
|
* tahoe: enable tailscaleFranck Cuny2022-03-061-0/+1
|
* traefik: getting a working configurationFranck Cuny2022-03-061-22/+21
|
* traefik: second attempt, simpleFranck Cuny2022-03-062-52/+35
|
* traefik: initial configurationFranck Cuny2022-03-062-0/+87
| | | | | | | | | I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age.
* backups: unit to run maintenance on my backupsFranck Cuny2022-03-052-0/+26
| | | | | This will be run via a timer once a day, to perform maintenance on my backups on the nas.
* prometheus: scrape nodeexporter for the rtrFranck Cuny2022-03-051-15/+24
|
* samba: fix path for music, add videosFranck Cuny2022-03-051-1/+7
|
* tahoe: remove creation of some directoriesFranck Cuny2022-03-051-29/+9
|
* tahoe: new hardware configuratioFranck Cuny2022-03-051-21/+13
|
* aptos: remove mem_sleep_defaultFranck Cuny2022-03-051-1/+0
| | | | The laptop was rebooting when I'd open the lid.
* tailscale: add tailscale to the laptop (aptos)Franck Cuny2022-03-052-0/+7
|
* aptos: nixfmtFranck Cuny2022-03-041-17/+10
|
* tahoe: enable wireguardFranck Cuny2022-03-021-0/+1
|
* grafana: disable analytics correctlyFranck Cuny2022-03-021-1/+2
|
* wireguard: drop configuration for aptosFranck Cuny2022-03-021-7/+0
| | | | This is done in the module itself.
* prometheus: relabel some machinesFranck Cuny2022-03-021-12/+20
| | | | | Don't use the IP from wireguard as the name of the host, let's map to the actual hostname.
* users: remove rsa keyFranck Cuny2022-03-021-1/+0
|
* grafana: disable analyticsFranck Cuny2022-03-021-0/+1
|
* grafana: provision dashboardsFranck Cuny2022-02-282-0/+14120
| | | | Start with node-exporter-full dashboard.
* grafana: setup provisioning correctlyFranck Cuny2022-02-281-6/+9
|
* grafana: fixFranck Cuny2022-02-281-1/+1
|
* grafana: configure admin user and data sourcesFranck Cuny2022-02-281-1/+9
|
* grafana: initial configurationFranck Cuny2022-02-282-0/+10
|
* prometheus: initial configuration for the serverFranck Cuny2022-02-282-0/+30
| | | | | | | Run prometheus via systemd, and configure to pull node-exporter's metrics from two hosts. The retention is set for 3 years.
* users: change my ssh key for the laptopFranck Cuny2022-02-271-1/+2
|
* hosts: ensure we have bash and zshFranck Cuny2022-02-271-0/+3
|
* nas: consume everything from the server profileFranck Cuny2022-02-271-0/+1
|
* server: create a new profileFranck Cuny2022-02-272-0/+19
| | | | | This is a profile for servers related stuff. We start with monitoring for now.
* tahoe: create some directoriesFranck Cuny2022-02-271-0/+15
| | | | Ensure at least /data/media/music is created with the proper ownership.
* samba: fix configurationFranck Cuny2022-02-271-3/+3
| | | | | Some settings were missing, others incorrect, and the name of the share was also incorrect.
* tahoe: include NAS profileFranck Cuny2022-02-271-0/+1
|
* NAS: initial configurationFranck Cuny2022-02-272-0/+34
| | | | For now we only want samba on it.
* hardware: enable btrfs scrubber and fstrimmerFranck Cuny2022-02-271-0/+3
|
* software: drop nautilus, add a few more thingsFranck Cuny2022-02-271-4/+0
| | | | | | | | | Replace nautilus with pcmanfm, which is more than enough for my needs (I still can't open correctly images / PDF with nautilus, I don't care why). Add a few more packages (seahorse, easyeffects) to improve usability of the desktop.
* pam: drop GDM configurationFranck Cuny2022-02-271-2/+0
| | | | I don't use GDM anymore.
* aptos: use the hardware module for xps9300Franck Cuny2022-02-272-1/+1
|
* hardware: start capturing hardware related stuffFranck Cuny2022-02-272-0/+10
| | | | | Create a new module for hardware related things, in order to configure correctly the various machines.
* hosts: add tahoe, the new NASFranck Cuny2022-02-272-0/+111
|
* agenix: store wireguard key in persistent storageFranck Cuny2022-02-241-0/+7
| | | | | | The key was created under /run/agenix, which is wiped out after a reboot. The key being absent prevents the wireguard interface to come up. Store the key somewhere persistent to prevent this to happen.
* gnome: add more gnome settingsFranck Cuny2022-02-241-1/+14
| | | | | | | Without these settings a few things are not working correctly (nautilus can't browse ssh servers for example). This module needs to be renamed too.
* xserver: drop it completelyFranck Cuny2022-02-241-14/+0
| | | | | | | | | | | | | Let's remove this, I was only using it to get GDM running, but that's causing a bunch of issues so far: - not all environment variables are loaded correctly - some units are not loaded in time When trying to use xorg and i3, I have way too many tears and I can't figure out a proper configuration. To make it easier, I'm going to keep sway and start `sway` from `tty1` directly.
* ssh: authenticate only using ssh keyFranck Cuny2022-02-211-0/+1
|
* wireguard: module and peers configurationsFranck Cuny2022-02-211-0/+1
| | | | | | | | | Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
* system: install a few more packagesFranck Cuny2022-02-211-1/+10
|
* users: add ssh keys for aptos and carmelFranck Cuny2022-02-211-2/+2
|
* fonts: add font-awesome for i3statusFranck Cuny2022-02-211-0/+1
|
* aptos: switch to iwd and enable thermaldFranck Cuny2022-02-211-3/+5
| | | | | | | Replace wpa_supplicant with iwd (I prefer that daemon and the associated tool, iwctl). Enable thermald for managing power.
* hosts: add aptosFranck Cuny2022-02-212-0/+91
| | | | | aptos is my laptop (dell xps 13'). This adds the initial configuration for it.
* xserver: add at-spi2-core packageFranck Cuny2022-02-181-1/+5
| | | | | See https://github.com/NixOS/nixpkgs/issues/16327 for details (this removes warnings in some services)
* boot: fix the prefixFranck Cuny2022-02-181-1/+1
|
* xserver: natural scrolling is part of touchpad.Franck Cuny2022-02-181-1/+1
|
* fonts: rename some optionsFranck Cuny2022-02-181-2/+1
| | | | | `fontconfig.ultimate` does not exists anymore, and `enableFontDir` has been renamed to `fontDir.enable`.
* system: add locale and securityFranck Cuny2022-02-183-2/+19
|
* desktop: enable natural scrollingFranck Cuny2022-02-181-2/+4
|
* boot: reorganize and add commentsFranck Cuny2022-02-182-11/+16
| | | | Most of the options for booting are common to all hosts.
* fonts: add more fonts for the systemFranck Cuny2022-02-181-1/+8
|
* sway: configure correctly dbus / keyringFranck Cuny2022-02-171-8/+16
|
* sway: install all the required packagesFranck Cuny2022-02-161-1/+15
|
* home-manager: move activate logic in users' configFranck Cuny2022-02-161-4/+1
|
* hosts: remove btrfs subvolume 'media'Franck Cuny2022-02-161-6/+0
| | | | | The host would not boot successfully with that, I'm doing something wrong.
* hosts: add a new subvolumes to carmelFranck Cuny2022-02-141-0/+6
| | | | | Create a subvolume named 'media' that we will mount under /home/fcuny/media so we can snapshots /home/fcuny without the medias.
* hosts: enable rtkit with audio moduleFranck Cuny2022-02-141-0/+2
|
* hosts: load igb kernel module for initrdFranck Cuny2022-02-131-0/+1
| | | | We need to load the driver for the NIC.
* hosts: unlock disks remotely on bootFranck Cuny2022-02-133-19/+28
| | | | | Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot.
* desktop: ensure we're installing swayFranck Cuny2022-02-131-1/+7
|
* hosts: remove configuration for ssh keys in initrdFranck Cuny2022-02-131-1/+0
| | | | This is not working yet, we will figure this out later.
* motd: drop, there's no need for thatFranck Cuny2022-02-132-13/+0
|
* sway: first attempt at configuring swayFranck Cuny2022-02-131-11/+3
| | | | | Let's switch right away to sway instead, now that there's an emacs package to support wayland.
* hosts: install linux perf tools for the hostFranck Cuny2022-02-131-1/+8
|
* hosts: decrypt root disk via ssh on bootFranck Cuny2022-02-133-0/+27
|
* desktop: gnome related thingsFranck Cuny2022-02-131-1/+10
|
* hosts: enable avahi on desktopFranck Cuny2022-02-131-0/+5
| | | | This is going to be needed to print (for example).
* hosts: load services at the host levelFranck Cuny2022-02-121-0/+15
| | | | | | These services are not configured at the user level, but at the host level. We might need a better separation in the future, in case I don't use xserver for example.
* hosts: rename commons to commonFranck Cuny2022-02-1213-0/+0
|
* hosts: import common modulesFranck Cuny2022-02-121-2/+1
| | | | | | Update the `mkSystem` function to include the proper common module, and fix the path to import the common configuration for a desktop into `carmel`.
* move configurations and modules aroundFranck Cuny2022-02-1213-10/+187
| | | | Sorry, this is a mess, hopefully the last one.
* hosts: more typoFranck Cuny2022-02-121-1/+1
|
* hosts: typoFranck Cuny2022-02-121-1/+2
|
* hosts: centralize network configurationFranck Cuny2022-02-123-10/+37
|
* hosts: set hostname from configurationFranck Cuny2022-02-101-6/+2
|
* fix a few errorsFranck Cuny2022-02-101-0/+1
|
* hosts: common configuration across all hostsFranck Cuny2022-02-101-0/+12
|
* nix: fix a bunch of stuffFranck Cuny2022-02-101-1/+0
|
* hosts: use systemd-resolved on carmelFranck Cuny2022-02-091-0/+6
|
* hosts: remove usersFranck Cuny2022-02-091-1/+0
|
* hosts: remove / clean codeFranck Cuny2022-02-091-44/+5
| | | | | | There's a lot of commented stuff I don't need, and move things that are configured in the host into modules, which will improve re-usability and readability of this configuration.
* home-manager: simplify the configurationFranck Cuny2022-02-091-0/+3
| | | | | | | | | | | | | I'm still struggling with documentation, and I'd rather have something simple that works rather than smart and does not work. The configuration for the host imports the modules that are relevant to that host (in the case of carmel, desktop and systems). For the home-manager, I create a profile "desktop" that contains stuff related to a desktop (i3, etc), and it includes the module "common" that contains stuff that I want on any machines (so that in the future, for a machine that is a server, the home manager will only import "common").
* hosts: remove unneeded commentsFranck Cuny2022-02-081-6/+0
|
* systems: move some packages out of host configFranck Cuny2022-02-081-5/+0
|
* carmel: use DHCP on the wireless interfaceFranck Cuny2022-02-081-1/+2
|
* xserver: initial configurationFranck Cuny2022-02-081-8/+0
| | | | Enable it for the desktop.
* systems: default configuration for all systemsFranck Cuny2022-02-081-3/+0
|
* carmel: initial host configurationFranck Cuny2022-02-072-0/+144
Initial configuration for the desktop (carmel).
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 05:36:35 +0000