about summary refs log tree commit diff
path: root/modules (follow)
Commit message (Collapse)AuthorAgeFilesLines
* modules/cgit: get rid of double quotesFranck Cuny2023-03-191-2/+2
|
* hosts: it's time to switch to schedutilFranck Cuny2023-03-151-2/+2
|
* modules/fonts: add more fontsFranck Cuny2023-03-141-3/+14
|
* home/shell: switch the default shell back to zshFranck Cuny2023-03-111-1/+1
| | | | | | | | I keep running into issues when using fish: I'm not familiar with the syntax and I don't use it enough that it sticks. I also need to google stuff regularly to figure out how things are supposed to work. This is annoying enough that the supposed benefits of fish are not worth it for me.
* home/gnome: no more keyringFranck Cuny2023-03-101-1/+1
| | | | | | I used the keyring only to start the GPG agent and unlock the ssh keys. But since I'm storing the ssh keys on yubikeys and I don't use GPG, I can remove it.
* modules/secrets: use age keys for agenix' identityFranck Cuny2023-03-101-2/+5
| | | | | | I'll re-key all my secrets with age keys instead of using ssh keys. This change is to specify the path for the identities when agenix decrypts the secrets.
* feat(hosts/tahoe): install gitolite and cgitFranck Cuny2023-03-023-0/+139
| | | | | | | | Replace gitea with gitolite + cgit. I don't need a whole git forge for myself, especially since I don't use most of the features. The main thing I'm losing with this change is CI (via drone), but this is not really a big loss for now.
* ref(modules/users): move ssh keys to a separate fileFranck Cuny2023-02-201-5/+7
| | | | | Each key is associated to a variable, which let me be more specific about which key to use depending on the context.
* feat(modules/pcscd): install the pcscd daemonFranck Cuny2023-02-202-0/+12
| | | | This is to use the yubikeys correctly
* ref(hosts/tahoe): exclude more paths from backupsFranck Cuny2023-01-191-1/+4
|
* ref(tahoe/backups): backup fewer thingsFranck Cuny2023-01-161-3/+2
| | | | | I don't need to backup videos, and the cache of my home directory. I also don't need to keep that many snapshots around.
* ref(modules/prometheus): don't backup the dataFranck Cuny2023-01-151-2/+0
| | | | | I don't care if I lose this data, and it's creating a lot of churn in the backups and consuming a lot of space.
* feat(modules/backup): enable max compressionFranck Cuny2023-01-151-1/+1
|
* fix(modules/gitea): correctly set the variable for log levelFranck Cuny2023-01-121-1/+1
|
* fix(modules/gitea): what a messFranck Cuny2023-01-101-3/+6
|
* ref(modules/nix): update a number of settings for nixFranck Cuny2023-01-101-4/+15
| | | | Inspired by https://jackson.dev/post/nix-reasonable-defaults/
* fix(services/unifi): remove prometheus.exporters.unpollerFranck Cuny2023-01-101-12/+0
| | | | | This does not exist in 22.11, only 23.05. Will figure out the proper way to monitor it later.
* fix(modules/gitea): restore settings for nix 22.11Franck Cuny2023-01-101-7/+3
|
* fix(modules/unifi): pin the package for mongodbFranck Cuny2023-01-091-0/+1
| | | | Similar to 6c0211b.
* fix(modules/unifi): proper monitoring and latest versionFranck Cuny2023-01-081-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | They've recently removed from nixpkgs the version of mongodb that was used by unifi. I updated to the latest version (7) and did the migration of the DB manually (see https://github.com/NixOS/nixpkgs/pull/207382): ``` nix-shell -p mongodb-3_4 mongodb-tools mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --repair mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork mongodump --out=/root/mongodump pkill mongod exit nix-shell -p mongodb-4_2 mongodb-tools mv /var/lib/unifi/data/db /var/lib/unifi/data/db_bak mkdir /var/lib/unifi/data/db mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork mongorestore /root/mongodump pkill mongod ``` Once this was done, the exporter was also broken, has it has been renamed. There are two different services for it in nixpkgs: `services.unpoller` and `services.prometheus.exporters.unpoller`. Only the last one works. From what I can tell, everything is working now.
* fix(modules/gitea): the linter corrupted the file ...Franck Cuny2023-01-071-15/+0
|
* fix(modules/sendsms): run it as root for nowFranck Cuny2023-01-071-2/+0
| | | | | | I need to figure a way to make it run as a dynamic user, while still having access to the credentials for twilio, while not changing the permissions to the file.
* fix(modules/unifi): remove the pollerFranck Cuny2023-01-071-32/+0
| | | | | | | | The poller refuses to start, as the name of the binary has been updated, and the upstream module is not reflecting that change. The service has also been renamed from `unifi-poller` to `unpoller`, but this is not working for now. Let's get rid of it as a temporary fix while looking at the correct solution.
* fix(modules/grafana): a number of options have been renamedFranck Cuny2023-01-072-8/+11
|
* fix(modules/gitea): a number of options have been renamedFranck Cuny2023-01-071-8/+35
|
* feat: update to nix 22.11Franck Cuny2023-01-031-11/+12
|
* feat(modules/nix): add binary cachesFranck Cuny2022-11-301-0/+10
|
* feat(modules/sensdms): a module to send an SMSFranck Cuny2022-11-302-0/+64
| | | | | | A new module `sendsms` is added to send SMS when the host reboots. It's triggered by systemd when the host boots and once the network is available.
* ref(fonts): switch back to source code proFranck Cuny2022-11-211-12/+0
| | | | I find Source Code Pro to be more readable than iosevka.
* fix(modules/gitea): next time I'll learn to read the documentationFranck Cuny2022-11-151-2/+1
|
* fix(modules/gitea): add a few more settingsFranck Cuny2022-11-151-0/+4
|
* feat(fonts): add iosevka to the list of fontsFranck Cuny2022-11-151-2/+14
| | | | | Replace the use of Source Code Pro with Iosevka in a few applications (sway, waybar, alacritty).
* fix(services/gitea): disable registration correctlyFranck Cuny2022-11-071-1/+1
|
* fix(services/gitea): disable heatmap and registrationsFranck Cuny2022-11-071-0/+2
|
* ref(gerrit): delete modules/docs/configs for gerrit/buildkiteFranck Cuny2022-11-074-348/+0
|
* feat(services/gitea): add robots.txtFranck Cuny2022-11-071-1/+7
| | | | Configure the policy for the crawlers.
* ref(services/unifi): reduce the poller's verbosityFranck Cuny2022-11-071-0/+3
|
* fix(services/drone): enable droneFranck Cuny2022-11-062-8/+6
| | | | | The URL for drone changed to https://ci.fcuny.net. The secrets also changed (and we remove the unencrypted file with secrets).
* Revert "ref(drone): remove all modules and configurations"Franck Cuny2022-11-055-0/+188
| | | | This reverts commit 614fc2fcce0e9ae0bcfdc6e08d3c4bac846d02a8.
* Revert "ref(gitea): remove all modules for gitea"Franck Cuny2022-11-053-0/+1241
| | | | | | This reverts commit f4f83c7e83272234571d9580f5a897676de3d0dc. I'm planning to switch back to gitea to host my projects.
* ref(home/packages): don't install opensslFranck Cuny2022-11-041-3/+0
| | | | | It's usually needed for developing some rust projects, but this should be setup by the flake of that project.
* ref(tools/perf-flamegraph): move to a proper shell scriptFranck Cuny2022-10-251-15/+3
| | | | | | | | I don't want to inline shell scripts inside nix configuration, as it prevents me to use `shellcheck` to validate them for example. The script is now moved into the tool directory, and is a tiny bit more flexible, so that I can run it as my own user.
* feat(system/fonts): add cascadiaFranck Cuny2022-10-241-0/+1
|
* fix(home/wm): unlock gnome-keyring when loggingFranck Cuny2022-09-241-6/+0
|
* fix(modules/home): delete the moduleFranck Cuny2022-09-242-36/+1
| | | | | The configuration for home-manager is set using `home-manager' directly, instead of applying updates all at once (OS and home-manager).
* fix(system/packages): install openssl-dev packageFranck Cuny2022-09-241-0/+1
| | | | | I don't think I should have to do this, it's also not solving the problem I have, but it should not hurt either ...
* feat(modules/packages): install pkg-configFranck Cuny2022-09-071-1/+1
| | | | Change-Id: Iaa041a70b386d25c581a3a3c2afe860b86740618
* ref(modules/backup): only keep 4 weeks worth of backupsFranck Cuny2022-08-151-1/+1
| | | | | | | Change-Id: I9aa813d57c80f431468d97dfc945d9a0439723f1 Reviewed-on: https://cl.fcuny.net/c/world/+/719 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(modules/sourcegraph): stop backing upFranck Cuny2022-08-151-15/+0
| | | | | | | | | | There's no need to make a backup for sourcegraph, all the things I might care about (at this stage at least) can be easily regenerated. Change-Id: I4b592c9007ce57b56b04a94b43ad2ab8759ce891 Reviewed-on: https://cl.fcuny.net/c/world/+/718 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/buildkite): rename a shell scriptFranck Cuny2022-08-061-1/+1
| | | | | | | Change-Id: I2b495c55191f3192b871cfb9d06445817c16e0de Reviewed-on: https://cl.fcuny.net/c/world/+/704 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/secrets): call correct function for groupFranck Cuny2022-08-061-2/+3
| | | | | | | | | | The function `groupExists` returns a boolean, what we want is `groupIfExists` which returns the actual name of the group. Change-Id: I7db50066e13932dd617ffccb9dae40ecb1d383a5 Reviewed-on: https://cl.fcuny.net/c/world/+/701 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/secrets): call correct function for group validationFranck Cuny2022-07-201-1/+1
| | | | | | | Change-Id: I84deb43c422668719157a5027e8dbea9a1ec92cf Reviewed-on: https://cl.fcuny.net/c/world/+/662 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/secrets): set correctly all possible attributesFranck Cuny2022-07-201-5/+10
| | | | | | | | | | | | | | | | Secrets can have multiple attributes: the owner, group, mode and path. So far, we were setting the file (path where it should be read from), the owner (if it exists), the group (if it exists) and the mode. The attribute 'path' was not propagated correctly. We now check for all these attributes (as optional) and if they exists we set them. We still validate that the user and group exist before setting them. Change-Id: Ifeccf2ee9d0acd17a3cd05de8d08968cea49550b Reviewed-on: https://cl.fcuny.net/c/world/+/641 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(modules/gerrit): manage secure configuration with nixFranck Cuny2022-07-181-0/+1
| | | | | | | | | | | | Currently the secure configuration for gerrit is not managed by nix. This is likely going to break in the future and I'll hate myself for that. Let's move it into nix and encrypt it with age, like we do for other secrets. Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982 Reviewed-on: https://cl.fcuny.net/c/world/+/622 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/backup): reduce verbosity for resticFranck Cuny2022-07-081-1/+1
| | | | | | | | | It's spamming journald, and I don't need that level of details. Change-Id: If6bd8338cf3ed5d7981500e0f3001a3dc4c14870 Reviewed-on: https://cl.fcuny.net/c/world/+/621 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(new-lines): add or remove new lines where neededFranck Cuny2022-07-021-1/+1
| | | | | | | | | | | The pre-commit hook for new lines reported and correct a number of issues, so let's commit them now and after that we ca enable the hook for the repository. Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740 Reviewed-on: https://cl.fcuny.net/c/world/+/592 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/cgit): don't log blackbox exporter requestsFranck Cuny2022-06-261-0/+3
| | | | | | | Change-Id: I60d1d552d028a4b2db2e0c62c1d2d580a4e58e1a Reviewed-on: https://cl.fcuny.net/c/world/+/562 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* fix(modules/cgit): correct alias configuration for robots.txtFranck Cuny2022-06-231-1/+3
| | | | | | | | | | | | | | | As noted in https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md > if you want to map a single file make sure the location starts with a > =, e.g =/i.gif instead of /i.gif Without a leading `=`, the configuration refuses to build. Change-Id: Ib49f68fbe26441ff6c3ee91efa1d12c3778a0248 Reviewed-on: https://cl.fcuny.net/c/world/+/489 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* fix(modules/cgit): exclude all web crawlersFranck Cuny2022-06-231-0/+6
| | | | | | | Change-Id: I96db1763dcc85d43ca5913a95d702cf96830c7b0 Reviewed-on: https://cl.fcuny.net/c/world/+/488 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/grafana): configure nginx to bind to tailscale IPFranck Cuny2022-06-231-0/+12
| | | | | | | | | | | | Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I83952484f60206df215e8c03017cfe7722d32697 Reviewed-on: https://cl.fcuny.net/c/world/+/487 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/sourcegraph): configure nginx to bind to tailscale IPFranck Cuny2022-06-231-0/+12
| | | | | | | | | | | | Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I684f2da60a128652fac2f7004bec22ce4bf959d0 Reviewed-on: https://cl.fcuny.net/c/world/+/486 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/unifi): configure nginx to bind to tailscale IPFranck Cuny2022-06-231-0/+12
| | | | | | | | | | | | Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I75978866eb978439df76cede5bf993762f7cd5ab Reviewed-on: https://cl.fcuny.net/c/world/+/485 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/navidrome): configure nginx to bind to tailscale IPFranck Cuny2022-06-231-0/+12
| | | | | | | | | | | | Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I8b497507b2c8548d824c2e2bb693b38768b355b9 Reviewed-on: https://cl.fcuny.net/c/world/+/484 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/transmission): configure nginx to bind on tailscale IPFranck Cuny2022-06-231-0/+12
| | | | | | | | | | | | Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP is currently hard coded, there has to be a better way. Change-Id: I21b6db5e94070024c1ff8d6cea852aafd6952b55 Reviewed-on: https://cl.fcuny.net/c/world/+/483 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/cgit): make cgit the default server for nginxFranck Cuny2022-06-231-0/+4
| | | | | | | | | | | | | | If a request goes through nginx without a Host header set, the default site we serve is cgit. Without this option, nginx will pick the first site defined in the configuration, which is not what I want. I want to be specific about what is the default. Change-Id: If131b80c1488510e79d60ef6de5bb9db4fa18d58 Reviewed-on: https://cl.fcuny.net/c/world/+/482 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/unifi): only backup the backup directoryFranck Cuny2022-06-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `/var/lib/unifi` is almost 1GB. The data directory contains a lot of files that are changing constantly, which creates a significant amount of data to backup everyday. Overall if I need to restore a backup for unifi, I don't care about metrics and other application data, I only need to restore a backup, which contains the network configuration. `/var/lib/unifi/data/backup` is smaller: ``` fcuny@tahoe ~> sudo du -sh /var/lib/unifi/data/backup 332M /var/lib/unifi/data/backup ``` and each backup is about 12MB: ``` fcuny@tahoe ~> sudo ls -ltrh /var/lib/unifi/data/backup/autobackup|tail -2 -rw------- 1 unifi unifi 12M Jun 22 18:15 autobackup_6.5.55_20220623_0115_1655946900001.unf -rw------- 1 unifi unifi 5.0K Jun 22 18:15 autobackup_meta.json ``` This will reduce the churn in our daily backup significantly. Change-Id: Ie39ffa9055605298a82ba6731acc34fd4e29309c Reviewed-on: https://cl.fcuny.net/c/world/+/471 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(home/shell): switch default shell to fishFranck Cuny2022-06-201-1/+1
| | | | | | | Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7 Reviewed-on: https://cl.fcuny.net/c/world/+/457 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* ref(gerrit): add the plugin to delete projectsFranck Cuny2022-06-181-0/+2
| | | | | | | | | | I need to remove some repositories I created by mistake, this will make it easier than messing up with the database. Change-Id: Ia9357226532fe943d15eaec43413502849e39d3d Reviewed-on: https://cl.fcuny.net/c/world/+/444 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(scripts): remove the module for scriptsFranck Cuny2022-06-161-1/+17
| | | | | | | | | | The scripts should be part of other modules. If there's no good place for them, they should be part of the packages module. Change-Id: Ic6c678fbe981444848a0ac7015c6c2e450f3b1c1 Reviewed-on: https://cl.fcuny.net/c/world/+/424 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(sourcegraph): exclude more directories from backupFranck Cuny2022-06-131-2/+6
| | | | | | | | | | | | | | I don't need to backup the observability data for sourcegraph. I also don't need to backup the cache. These files change a lot and are about ~300M of data every day, which creates a lot of churn for our backup. All I need if I restore a backup is the content of the database and the indexes. Change-Id: Ifaddda7626ecae32162503bc14aa8d1ffa716622 Reviewed-on: https://cl.fcuny.net/c/world/+/416 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(nginx): delete unused moduleFranck Cuny2022-06-121-81/+0
| | | | | | | Change-Id: Ie69e250c7a63e2f5bea360b5ac62fcd748f48735 Reviewed-on: https://cl.fcuny.net/c/world/+/415 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): update title and descriptionFranck Cuny2022-06-111-1/+2
| | | | | | | Change-Id: I0a8bbe976687a8408e1a931ecf2a90cbaa4926e2 Reviewed-on: https://cl.fcuny.net/c/world/+/414 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove all modules and configurationsFranck Cuny2022-06-115-188/+0
| | | | | | | | | I do not use drone anymore, no need to keep this around. Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e Reviewed-on: https://cl.fcuny.net/c/world/+/411 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(gitea): remove all modules for giteaFranck Cuny2022-06-113-1241/+0
| | | | | | | | | I do not use it anymore, I don't need to keep this around. Change-Id: I42af32eec4ee8ab4c2a8c60b5a8306a4eb418f51 Reviewed-on: https://cl.fcuny.net/c/world/+/410 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-1037-92/+137
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(bluetooth): write proper configuration for wireplumberFranck Cuny2022-06-101-1/+1
| | | | | | | | | | | | | | | The missing comma resulted in the following error: ``` Jun 10 08:57:09 aptos wireplumber[2303]: Failed to compile: [string "50-bluez-config.lua"]:4: '}' expected (to close '{' at line 1) near '[' ``` As a result, the service would not start, which prevented the sound to work (and overall videos were extremely slow). Change-Id: If6ff7a29a9cf294f9e8d3f6a44abf2423ecfb6e9 Reviewed-on: https://cl.fcuny.net/c/world/+/401 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(backups): exclude more files from the backupsFranck Cuny2022-06-102-1/+11
| | | | | | | | | We don't need to backup log files for grafana and sourcegraph. Change-Id: I8ed6f6ce1270a12233cad268bcd12e28ac2785cf Reviewed-on: https://cl.fcuny.net/c/world/+/383 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(unifi): configure correctly services.unifi for nixos 22.05Franck Cuny2022-06-101-1/+1
| | | | | | | Change-Id: Ide8e479bc88689e052a372825bc90b23b426a89a Reviewed-on: https://cl.fcuny.net/c/world/+/382 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(nginx): configure correctly security.acme for nixos 22.05Franck Cuny2022-06-101-1/+1
| | | | | | | Change-Id: I94cb29510cbb85c769947dc26c33f9d767e2f0c8 Reviewed-on: https://cl.fcuny.net/c/world/+/381 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): adjust configurationFranck Cuny2022-06-091-0/+9
| | | | | | | | | | | - list up to 150 repositories per page - limit stats to a year - snapshots are in tar.gz format Change-Id: Ifc52d47893737862d89d24b797ec28f32e5076e9 Reviewed-on: https://cl.fcuny.net/c/world/+/366 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(nix): update nix to version 22.05Franck Cuny2022-06-093-3/+4
| | | | | | | | | | | | | NixOS 22.05 was released last month. Bump the versions for both nixos and home-manager. I also need to make a few changes for this update work (packages were renamed, options were addded to tailscale, ...) Change-Id: I84ed9f21915b769c9f7b8e21988b2b021715c982 Reviewed-on: https://cl.fcuny.net/c/world/+/365 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(navidrome): don't backup the cache directoryFranck Cuny2022-06-091-1/+4
| | | | | | | Change-Id: I45a42543d7fb5071022a77382e925b55568e2c2d Reviewed-on: https://cl.fcuny.net/c/world/+/363 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(restic): actually exclude files from the backupFranck Cuny2022-06-091-2/+8
| | | | | | | | | | | The option `exclude' was defined but unused. Add a function to generate a text file containing all the paths that we want to exclude, and provide that file as an option when we call `restic'. Change-Id: I647db892a8a77c589cec1fc975808c5c9ad0b757 Reviewed-on: https://cl.fcuny.net/c/world/+/362 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): don't backup tmp,logs,cache directoriesFranck Cuny2022-06-091-1/+8
| | | | | | | Change-Id: I73087942ed86fd2ad3575a4776dba97fac693468 Reviewed-on: https://cl.fcuny.net/c/world/+/361 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): configure the post-command hookFranck Cuny2022-06-091-0/+12
| | | | | | Change-Id: I7b00987382ef05e032d88cf00e916cdc27511eb1 Reviewed-on: https://cl.fcuny.net/c/world/+/306 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): add plugin 'reviewnotes'Franck Cuny2022-06-091-1/+9
| | | | | | | | | This plugin stores review information for Gerrit changes in the `refs/notes/review' branch. Change-Id: I51c7fe1f8764617e0bff5455d3fe713b0e2f446e Reviewed-on: https://cl.fcuny.net/c/world/+/300 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): pass group and mode to agenixFranck Cuny2022-06-041-2/+8
| | | | | | | | | | | | | | | | | It took me a while to understand why the group and mode were not set correctly for the buildkite agent secrets. This module is an abstraction on top of agenix to modify the filename and ensure that the owner of the file is actually defined in the configuration. This was not passing the group and mode to agenix, which is why these values were never set. This change modify the library to check that the group exists (as we do for the user), and pass the mode down. Change-Id: I7f8545868986110ad92fa63ef8efe4cd3bbd9b0f Reviewed-on: https://cl.fcuny.net/c/world/+/282 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): install the gerrit hookFranck Cuny2022-06-041-0/+12
| | | | | | | | | Create a few scripts that are used to trigger the hook when a patchset is created. Change-Id: Ibcfdb76b3e0ca29b9adc4c2719a8f81170818788 Reviewed-on: https://cl.fcuny.net/c/world/+/172 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): configure the buildkite agentFranck Cuny2022-05-302-0/+47
| | | | | | Change-Id: Icee60f2372e17f6477a91e7f562c04507788c713 Reviewed-on: https://cl.fcuny.net/c/world/+/168 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): write the test correctlyFranck Cuny2022-05-291-1/+1
| | | | | | Change-Id: I1c57da26d315c847fc5cef134e75a34395764ac9 Reviewed-on: https://cl.fcuny.net/c/world/+/161 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): remove git suffix from project URLFranck Cuny2022-05-291-1/+1
| | | | | | | | This has been dropped in cgit. Change-Id: I255ea20b4f81d080207ac8eac6f6727cac2d54f5 Reviewed-on: https://cl.fcuny.net/c/world/+/126 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): update cgit configurationFranck Cuny2022-05-291-0/+9
| | | | | | | | | | - enable git configuration to read the section out of it - don't display the owner (it's git by default) - sort branches and repositories by age Change-Id: I3f21ec6eb25747d21c23a68b6f24f7cb8345fb02 Reviewed-on: https://cl.fcuny.net/c/world/+/125 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): exclude some repositoriesFranck Cuny2022-05-291-1/+8
| | | | | | | | | There are a few repositories that I want to have active in gerrit but I don't want to list in cgit. Change-Id: I341801cddba0909d5c32d2653c8cc5eb8aae94ed Reviewed-on: https://cl.fcuny.net/c/world/+/124 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): ensure permissions are set correctlyFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: I65efa49a904ab1885bd72566e450b6678be6aa21 Reviewed-on: https://cl.fcuny.net/c/world/+/123 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): define the list of repos prior to scan pathFranck Cuny2022-05-281-2/+2
| | | | | | | | | | | | From the documentation for `project-list`: A list of subdirectories inside of scan-path, relative to it, that should loaded as git repositories. This must be defined prior to scan-path Change-Id: Iab176a800e8ff0abd515a525d89ef524ba6ab097 Reviewed-on: https://cl.fcuny.net/c/world/+/122 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): generate a proper list of repositoriesFranck Cuny2022-05-281-1/+3
| | | | | | | | | | | The logic was previously incorrect. If a repository becomes hidden in gerrit, it will not be removed from the list. Instead, we create a temporary file which we use to dump the new list and then move it over the current list. Change-Id: I990588ac98ad4024ba144c4c76ad7e4ae27202bc Reviewed-on: https://cl.fcuny.net/c/world/+/121 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): link to cgitFranck Cuny2022-05-281-0/+14
| | | | | | | | Configure gitweb to link to our cgit instance Change-Id: I55cb96e7199bf2636a30689b277978008d6605eb Reviewed-on: https://cl.fcuny.net/c/world/+/88 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): generate the list of projects from gerritFranck Cuny2022-05-281-4/+35
| | | | | | | | | | Query the gerrit API to get the list of active projects, and generate the list of repositories from it. This run every 10 minutes as a systemd timer. Change-Id: I016a6d748597ff4d03af893e0a95b96830bdb3f7 Reviewed-on: https://cl.fcuny.net/c/world/+/87 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): set the clone URL to gerritFranck Cuny2022-05-281-0/+1
| | | | | | Change-Id: I2328abdbd369358e59747a220fe1e57edd8c5126 Reviewed-on: https://cl.fcuny.net/c/world/+/86 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): support org mode files for READMEFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: Ia0b3c7e5c2b1f399f7eaf5db2e926dc3a0859790 Reviewed-on: https://cl.fcuny.net/c/world/+/85 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): backup all relevant directoriesFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: I7d70a25f95cddedaba5e5186b6e7f83ddf9e7eb9 Reviewed-on: https://cl.fcuny.net/c/world/+/84 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): enable sending emailsFranck Cuny2022-05-271-1/+10
| | | | | | | | Configure gerrit to send emails using fastmail's SMTP servers. Change-Id: I658373a2c1e9b3c5dcbe214a02ebe8ca1be69580 Reviewed-on: https://cl.fcuny.net/c/world/+/81 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): set the OAUTH client IDFranck Cuny2022-05-271-0/+5
| | | | | | Change-Id: I2a5b554be29af9184ad504bcb8beca30c605e6c4 Reviewed-on: https://cl.fcuny.net/c/world/+/63 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* fix(gerrit): set the home directory for gitFranck Cuny2022-05-271-1/+1
| | | | | | Change-Id: Idba41215b58e8cd77d8d4efa354a3acf52c6bc6d Reviewed-on: https://cl.fcuny.net/c/world/+/61 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* feat(cgit): add a module for cgitFranck Cuny2022-05-272-0/+52
| | | | | | | | | cgit is a git web viewer, it will be hosted at git.fcuny.net to replace gitea. Change-Id: I16561776fa90a3561d6a13f8545bd2e8f67f409a Reviewed-on: https://cl.fcuny.net/c/world/+/46 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* ref(gerrit): ensure the git user is presentFranck Cuny2022-05-261-0/+9
| | | | Change-Id: Ie217a14a20474b626a2c66116663b785193978c2
* fix(gerrit): use a compatible JDKFranck Cuny2022-05-261-0/+3
| | | | Change-Id: I3fadf8a3a9a81c7966b4c048ace1ae259f0e3668
* fix(gerrit): install the plugin for oauthFranck Cuny2022-05-261-2/+8
| | | | Change-Id: I3e4a215b47a5a368210b268fa170aa2dddab721f
* fix(gerrit): settings where in wrong placeFranck Cuny2022-05-261-8/+8
| | | | Change-Id: I449f9032e32911fa33c26ec41faadb4f8acc8b1f
* feat(gerrit): use OAUTH for authenticationFranck Cuny2022-05-261-0/+10
|
* fix(gerrit): force gerrit to run as the git userFranck Cuny2022-05-261-0/+11
| | | | | | | The default configuration wants to run gerrit with a DynamicUser. However, this prevent the server to generate the ssh keys needed by gerrit. Instead, we can force the server to run with the 'git' user, which already exists.
* fix(gerrit): use localhost for the proxyFranck Cuny2022-05-261-1/+1
|
* fix(gerrit): remove extra '}' from stringFranck Cuny2022-05-261-1/+1
|
* fix(sourcegraph): remove extra '}' from stringFranck Cuny2022-05-261-1/+1
|
* fix(gerrit): apply a serverIdFranck Cuny2022-05-261-0/+1
| | | | | This identify the server (see https://github.com/NixOS/nixpkgs/blob/634141959076a8ab69ca2cca0f266852256d79ee/nixos/modules/services/web-apps/gerrit.nix#L141).
* feat(gerrit): add the gerrit serverFranck Cuny2022-05-262-0/+51
| | | | | | Gerrit is a tool for doing code review for git. It will be running at cl.fcuny.net and will be the main way to interact with my git repositories.
* feat(modules): create a module for sourcegraphFranck Cuny2022-05-222-0/+47
| | | | | | | Run sourcegraph ([0]) in a docker container. It's exposed as cs.fcuny.xyz, and we backup some of the directories. [0] https://docs.sourcegraph.com
* zsh: switch to zsh as the default shellFranck Cuny2022-05-151-1/+1
| | | | | | | | | | `zsh' is available everywhere and is compatible with bash. When using `fish' I need to remember how to do things. While the completion style is nicer, I don't care about the rest. I prefer to have a consistent experience in the shell, no matter where am I. This is an initial configuration, I might need to make a few changes as I go.
* modules: fix configuration for syncthingFranck Cuny2022-05-131-2/+2
| | | | The `documents` folder was not being synced.
* grafana: there was already something on port 3030 ...Franck Cuny2022-05-121-1/+1
|
* grafana: run on port 3030Franck Cuny2022-05-121-0/+1
| | | | There's already something on port 3000.
* add modules to manage bluetoothFranck Cuny2022-05-122-1/+65
|
* modules: add a few packagesFranck Cuny2022-05-061-0/+2
|
* modules: fix configuration for drone-runner-execFranck Cuny2022-05-021-1/+1
|
* gitea: add a dashboard for grafanaFranck Cuny2022-04-241-0/+1176
|
* gitea: enable metric endpointFranck Cuny2022-04-242-7/+13
| | | | Move configuration for the scraper into the gitea module itself.
* backups: do backups for the laptopFranck Cuny2022-04-241-1/+10
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* syncthing: add pixel (my phone) to known devicesFranck Cuny2022-04-211-1/+12
| | | | | Copy the pictures from the phone on all my machines. Don't sync the documents on the phone (at least for now).
* syncthing: configure devices and foldersFranck Cuny2022-04-211-0/+18
|
* syncthing: configure the keys for tahoeFranck Cuny2022-04-211-3/+7
|
* syncthing: enable on tahoeFranck Cuny2022-04-211-6/+12
|
* modules: add syncthing as a new moduleFranck Cuny2022-04-212-0/+12
|
* drone: backup the state directoryFranck Cuny2022-04-131-0/+2
|
* drone: configuration fixesFranck Cuny2022-04-132-2/+7
|
* drone: initial attempt at configuring itFranck Cuny2022-04-135-0/+178
|
* nginx: configure correctly the dashboardFranck Cuny2022-04-131-2/+2
|
* nginx: install the default dashboardFranck Cuny2022-04-131-0/+6
|
* traefik: remove the moduleFranck Cuny2022-04-134-1934/+0
|
* modules: make the vhost be configurableFranck Cuny2022-04-133-15/+25
|
* grafana: the vhost is configurableFranck Cuny2022-04-131-4/+11
|
* grafana: bind to localhostFranck Cuny2022-04-131-4/+0
|
* modules: set secretsFranck Cuny2022-04-132-2/+6
|
* unifi: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* transmission: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* navidrome: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* grafana: set proper port for reverse proxyFranck Cuny2022-04-131-1/+1
|
* secrets: we can specify which user owns itFranck Cuny2022-04-131-2/+7
|
* grafana: use proper certFranck Cuny2022-04-131-1/+1
|
* grafana: try to configure the domain with acme+dnsFranck Cuny2022-04-131-1/+17
|
* nginx: get a simple solution to work firstFranck Cuny2022-04-132-291/+12
|
* nginx: add nginx as a reverse proxyFranck Cuny2022-04-134-0/+412
| | | | This will ultimately replace traefik.
* secrets: delete duplicated filesFranck Cuny2022-04-137-52/+0
|
* rclone: fix the order of the paramsFranck Cuny2022-04-131-2/+2
|
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-132-11/+12
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* secrets: fix the path to the ssh keyFranck Cuny2022-04-131-4/+3
|
* secrets: load ssh key only if it existsFranck Cuny2022-04-131-1/+1
|
* users: add myself to the group 'nas'Franck Cuny2022-04-131-0/+1
|
* backups: rename system to hostFranck Cuny2022-04-111-1/+1
| | | | Since this is a host level backup.
* grafana: backup the whole directoryFranck Cuny2022-04-111-1/+1
|
* secrets: move all the secrets under module/Franck Cuny2022-04-1014-27/+92
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* add a module for backup with resticFranck Cuny2022-04-107-65/+89
| | | | Do a single backup for the host, instead of running multiple ones.
* install documentations (man)Franck Cuny2022-04-092-4/+19
|
* add pcmanfm and easyeffectsFranck Cuny2022-04-091-0/+1
|
* services: add avahiFranck Cuny2022-04-082-0/+15
|
* users: add myself to "cdrom" groupFranck Cuny2022-04-081-0/+1
| | | | Otherwise I can't run `abcde`.
* modules: add a few moreFranck Cuny2022-04-088-3/+100
|
* initial attempt to reconfigure home-managerFranck Cuny2022-04-072-1/+50
| | | | | | | | | | All the modules that are needed for home-manager should be under `home/`, and each host will have a `host.nix` where the modules are enabled as needed. Later on we can create some profiles to make it easier to consume the configuration. I apply this only to tahoe for now, as the amount of packages needed for my user are pretty limited.
* gitea: fix the moduleFranck Cuny2022-04-061-3/+3
| | | | | Quick fix for now, we will add these values as options to the module once we confirm everything is still working.
* modules: import packagesFranck Cuny2022-04-061-1/+2
|
* refactor transmission and metrics-exporterFranck Cuny2022-04-064-1/+54
|
* refactor traefikFranck Cuny2022-04-062-0/+104
|
* refactor rclone to a moduleFranck Cuny2022-04-062-0/+38
|
* refactor gitea as a moduleFranck Cuny2022-04-062-0/+54
|
* prometheus: proper name for the optionFranck Cuny2022-04-061-1/+1
|
* refactor grafana as a moduleFranck Cuny2022-04-066-0/+26438
|
* refactor prometheus as a moduleFranck Cuny2022-04-062-0/+189
|
* refactor unifi to a moduleFranck Cuny2022-04-062-2/+97
|
* import navidrome with other servicesFranck Cuny2022-04-061-1/+2
|
* refactor navidrome to a moduleFranck Cuny2022-04-061-0/+37
|
* refactor samba to a proper moduleFranck Cuny2022-04-062-1/+56
| | | | The list of public share is configurable too.
* refactor boot configuration to a moduleFranck Cuny2022-04-062-1/+49
| | | | | | | | | We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
* refactor configuration for AMDFranck Cuny2022-04-062-1/+14
|
* refactor intel related configurationFranck Cuny2022-04-052-1/+14
|
* refactor modules for btrfs, ssd, and fwupdFranck Cuny2022-04-056-3/+18
|
* refactor network configurationFranck Cuny2022-04-052-1/+12
|
* refactor security to a moduleFranck Cuny2022-04-052-1/+6
|
* refactor users to a moduleFranck Cuny2022-04-052-1/+38
|
* refactor default packages to a moduleFranck Cuny2022-04-051-0/+49
|
* move locale configuration to a moduleFranck Cuny2022-04-052-1/+8
|
* console configuration is moved to a moduleFranck Cuny2022-04-052-1/+7
|
* create a profile for laptopFranck Cuny2022-04-053-1/+35
|
* network: move tailscale in modulesFranck Cuny2022-04-052-1/+14
| | | | Move the networking configuration for the hosts to its own file.
* ssh: refactor to a moduleFranck Cuny2022-04-053-1/+19
| | | | Also install mosh and ensure the firewall opens the correct ports.
* nix: refactor to a moduleFranck Cuny2022-04-053-1/+18
|
* sound: add a new moduleFranck Cuny2022-04-053-0/+41
| | | | | | | | | | This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop.
* move configurations and modules aroundFranck Cuny2022-02-1210-190/+0
| | | | Sorry, this is a mess, hopefully the last one.
* nix: enable flakesFranck Cuny2022-02-101-9/+12
|
* systems: add a MoTDFranck Cuny2022-02-092-0/+13
|
* modules: swap capslock for controlFranck Cuny2022-02-091-1/+1
|
* modules: more softwareFranck Cuny2022-02-091-1/+2
|
* modules: set a few more options for nixFranck Cuny2022-02-091-0/+3
|
* users: move users configuration to systemsFranck Cuny2022-02-092-0/+26
|
* systems: typoFranck Cuny2022-02-091-0/+2
|
* systems: ensure latest kernel and tmp on tmpfsFranck Cuny2022-02-091-0/+3
|
* systems: more packagesFranck Cuny2022-02-091-1/+6
|
* hosts: remove / clean codeFranck Cuny2022-02-092-0/+16
| | | | | | There's a lot of commented stuff I don't need, and move things that are configured in the host into modules, which will improve re-usability and readability of this configuration.
* ssh: new module for managing sshFranck Cuny2022-02-091-0/+5
|
* Revert "desktop: new option to control desktop setup"Franck Cuny2022-02-092-30/+13
| | | | This reverts commit 343e89015a55b627400286a06937175facb1494d.
* Revert "desktop: install sound and xserver only when asked"Franck Cuny2022-02-092-44/+32
| | | | This reverts commit 3b1ac4f78d21802073c82df39ca7080ae70a67a9.
* desktop: install sound and xserver only when askedFranck Cuny2022-02-082-32/+44
|
* desktop: new option to control desktop setupFranck Cuny2022-02-082-13/+30
| | | | | We don't want to install a desktop on all hosts. We add a new option that we can set to true or false if we want a desktop to be installed.
* i3: remove extra packages and fix typoFranck Cuny2022-02-081-6/+0
|
* i3: separate configuration for xserver and i3Franck Cuny2022-02-082-0/+33
| | | | | Let's first configure the xserver in the desktop module, then we can have a configuration for i3 in the home-manager.
* i3: move configuration to home-managerFranck Cuny2022-02-083-39/+0
|
* desktop: configuration for i3Franck Cuny2022-02-082-4/+19
|
* systems: move some packages out of host configFranck Cuny2022-02-081-0/+1
|
* desktop: add soundFranck Cuny2022-02-082-0/+21
| | | | Let's use pipewire.
* systems: fix typoFranck Cuny2022-02-081-1/+1
|
* systems: install more packagesFranck Cuny2022-02-082-1/+24
|
* xserver: drop deprecated variableFranck Cuny2022-02-081-1/+0
| | | | | | | | | | ``` warning: The following options are deprecated: - services.xserver.windowManager.default Please use services.xserver.displayManager.defaultSession = "none+i3"; instead. ```
* desktop: import correct moduleFranck Cuny2022-02-081-1/+1
|
* xserver: initial configurationFranck Cuny2022-02-082-0/+25
| | | | Enable it for the desktop.
* systems: drop nix.settingsFranck Cuny2022-02-081-5/+0
| | | | This is not yet available with the current configuration.
* systems: default configuration for all systemsFranck Cuny2022-02-082-0/+22
|
* modules: start desktop configurationFranck Cuny2022-02-072-0/+24
We will create a module for desktop (which will also be used by the laptop). Start by configuring the fonts.