| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
I'm not using anymore sourcegraph drone and gitea.
|
| |
|
|
|
|
|
|
|
| |
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
|
|
|
|
|
| |
This will help to organize and structure monitoring modules a bit
better.
|
| |
|
| |
|
|
|
|
|
| |
This is now handled by
https://git.fcuny.net/monitoring/commit/?id=b4abbf2d86d06d243b639d06a576f542f3dd5824
|
|
|
|
| |
It's now managed in https://git.fcuny.net/monitoring/
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.
There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.
There are 2 VLANs to configure: one for IoT devices and one for guest.
|
|
|
|
|
|
|
|
|
|
| |
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.
Enable the service on tahoe.
Don't restart the unit when its definition has changed.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
I keep running into issues when using fish: I'm not familiar with the
syntax and I don't use it enough that it sticks. I also need to google
stuff regularly to figure out how things are supposed to work. This is
annoying enough that the supposed benefits of fish are not worth it for
me.
|
|
|
|
|
|
| |
I used the keyring only to start the GPG agent and unlock the ssh keys.
But since I'm storing the ssh keys on yubikeys and I don't use GPG, I
can remove it.
|
|
|
|
|
|
| |
I'll re-key all my secrets with age keys instead of using ssh keys. This
change is to specify the path for the identities when agenix decrypts
the secrets.
|
|
|
|
|
|
|
|
| |
Replace gitea with gitolite + cgit. I don't need a whole git forge for
myself, especially since I don't use most of the features.
The main thing I'm losing with this change is CI (via drone), but this
is not really a big loss for now.
|
|
|
|
|
| |
Each key is associated to a variable, which let me be more specific
about which key to use depending on the context.
|
|
|
|
| |
This is to use the yubikeys correctly
|
| |
|
|
|
|
|
| |
I don't need to backup videos, and the cache of my home directory. I
also don't need to keep that many snapshots around.
|
|
|
|
|
| |
I don't care if I lose this data, and it's creating a lot of churn in
the backups and consuming a lot of space.
|
| |
|
| |
|
| |
|
|
|
|
| |
Inspired by https://jackson.dev/post/nix-reasonable-defaults/
|
|
|
|
|
| |
This does not exist in 22.11, only 23.05. Will figure out the proper way
to monitor it later.
|
| |
|
|
|
|
| |
Similar to 6c0211b.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They've recently removed from nixpkgs the version of mongodb that was
used by unifi. I updated to the latest version (7) and did the migration
of the DB manually (see https://github.com/NixOS/nixpkgs/pull/207382):
```
nix-shell -p mongodb-3_4 mongodb-tools
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --repair
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongodump --out=/root/mongodump
pkill mongod
exit
nix-shell -p mongodb-4_2 mongodb-tools
mv /var/lib/unifi/data/db /var/lib/unifi/data/db_bak
mkdir /var/lib/unifi/data/db
mongod --dbpath /var/lib/unifi/data/db --logpath /var/log/unifi/repair.log --journal --fork
mongorestore /root/mongodump
pkill mongod
```
Once this was done, the exporter was also broken, has it has been
renamed. There are two different services for it in nixpkgs:
`services.unpoller` and `services.prometheus.exporters.unpoller`. Only
the last one works.
From what I can tell, everything is working now.
|
| |
|
|
|
|
|
|
| |
I need to figure a way to make it run as a dynamic user, while still
having access to the credentials for twilio, while not changing the
permissions to the file.
|
|
|
|
|
|
|
|
| |
The poller refuses to start, as the name of the binary has been updated,
and the upstream module is not reflecting that change. The service has
also been renamed from `unifi-poller` to `unpoller`, but this is not
working for now. Let's get rid of it as a temporary fix while looking at
the correct solution.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
A new module `sendsms` is added to send SMS when the host reboots. It's
triggered by systemd when the host boots and once the network is
available.
|
|
|
|
| |
I find Source Code Pro to be more readable than iosevka.
|
| |
|
| |
|
|
|
|
|
| |
Replace the use of Source Code Pro with Iosevka in a few
applications (sway, waybar, alacritty).
|
| |
|
| |
|
| |
|
|
|
|
| |
Configure the policy for the crawlers.
|
| |
|
|
|
|
|
| |
The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
|
|
|
|
| |
This reverts commit 614fc2fcce0e9ae0bcfdc6e08d3c4bac846d02a8.
|
|
|
|
|
|
| |
This reverts commit f4f83c7e83272234571d9580f5a897676de3d0dc.
I'm planning to switch back to gitea to host my projects.
|
|
|
|
|
| |
It's usually needed for developing some rust projects, but this should
be setup by the flake of that project.
|
|
|
|
|
|
|
|
| |
I don't want to inline shell scripts inside nix configuration, as it
prevents me to use `shellcheck` to validate them for example.
The script is now moved into the tool directory, and is a tiny bit more
flexible, so that I can run it as my own user.
|
| |
|
| |
|
|
|
|
|
| |
The configuration for home-manager is set using `home-manager' directly,
instead of applying updates all at once (OS and home-manager).
|
|
|
|
|
| |
I don't think I should have to do this, it's also not solving the
problem I have, but it should not hurt either ...
|
|
|
|
| |
Change-Id: Iaa041a70b386d25c581a3a3c2afe860b86740618
|
|
|
|
|
|
|
| |
Change-Id: I9aa813d57c80f431468d97dfc945d9a0439723f1
Reviewed-on: https://cl.fcuny.net/c/world/+/719
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
There's no need to make a backup for sourcegraph, all the things I might
care about (at this stage at least) can be easily regenerated.
Change-Id: I4b592c9007ce57b56b04a94b43ad2ab8759ce891
Reviewed-on: https://cl.fcuny.net/c/world/+/718
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I2b495c55191f3192b871cfb9d06445817c16e0de
Reviewed-on: https://cl.fcuny.net/c/world/+/704
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
The function `groupExists` returns a boolean, what we want is
`groupIfExists` which returns the actual name of the group.
Change-Id: I7db50066e13932dd617ffccb9dae40ecb1d383a5
Reviewed-on: https://cl.fcuny.net/c/world/+/701
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I84deb43c422668719157a5027e8dbea9a1ec92cf
Reviewed-on: https://cl.fcuny.net/c/world/+/662
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Secrets can have multiple attributes: the owner, group, mode and path.
So far, we were setting the file (path where it should be read from),
the owner (if it exists), the group (if it exists) and the mode. The
attribute 'path' was not propagated correctly.
We now check for all these attributes (as optional) and if they exists
we set them. We still validate that the user and group exist before
setting them.
Change-Id: Ifeccf2ee9d0acd17a3cd05de8d08968cea49550b
Reviewed-on: https://cl.fcuny.net/c/world/+/641
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the secure configuration for gerrit is not managed by nix.
This is likely going to break in the future and I'll hate myself for
that. Let's move it into nix and encrypt it with age, like we do for
other secrets.
Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982
Reviewed-on: https://cl.fcuny.net/c/world/+/622
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
It's spamming journald, and I don't need that level of details.
Change-Id: If6bd8338cf3ed5d7981500e0f3001a3dc4c14870
Reviewed-on: https://cl.fcuny.net/c/world/+/621
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The pre-commit hook for new lines reported and correct a number of
issues, so let's commit them now and after that we ca enable the hook
for the repository.
Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740
Reviewed-on: https://cl.fcuny.net/c/world/+/592
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I60d1d552d028a4b2db2e0c62c1d2d580a4e58e1a
Reviewed-on: https://cl.fcuny.net/c/world/+/562
Reviewed-by: Franck Cuny <franck@fcuny.net>
Tested-by: CI
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As noted in
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
> if you want to map a single file make sure the location starts with a
> =, e.g =/i.gif instead of /i.gif
Without a leading `=`, the configuration refuses to build.
Change-Id: Ib49f68fbe26441ff6c3ee91efa1d12c3778a0248
Reviewed-on: https://cl.fcuny.net/c/world/+/489
Reviewed-by: Franck Cuny <franck@fcuny.net>
Tested-by: CI
|
|
|
|
|
|
|
| |
Change-Id: I96db1763dcc85d43ca5913a95d702cf96830c7b0
Reviewed-on: https://cl.fcuny.net/c/world/+/488
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I83952484f60206df215e8c03017cfe7722d32697
Reviewed-on: https://cl.fcuny.net/c/world/+/487
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I684f2da60a128652fac2f7004bec22ce4bf959d0
Reviewed-on: https://cl.fcuny.net/c/world/+/486
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I75978866eb978439df76cede5bf993762f7cd5ab
Reviewed-on: https://cl.fcuny.net/c/world/+/485
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I8b497507b2c8548d824c2e2bb693b38768b355b9
Reviewed-on: https://cl.fcuny.net/c/world/+/484
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP is currently hard coded, there has to be a better way.
Change-Id: I21b6db5e94070024c1ff8d6cea852aafd6952b55
Reviewed-on: https://cl.fcuny.net/c/world/+/483
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a request goes through nginx without a Host header set, the default
site we serve is cgit.
Without this option, nginx will pick the first site defined in the
configuration, which is not what I want. I want to be specific about
what is the default.
Change-Id: If131b80c1488510e79d60ef6de5bb9db4fa18d58
Reviewed-on: https://cl.fcuny.net/c/world/+/482
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`/var/lib/unifi` is almost 1GB. The data directory contains a lot of
files that are changing constantly, which creates a significant amount
of data to backup everyday. Overall if I need to restore a backup for
unifi, I don't care about metrics and other application data, I only
need to restore a backup, which contains the network configuration.
`/var/lib/unifi/data/backup` is smaller:
```
fcuny@tahoe ~> sudo du -sh /var/lib/unifi/data/backup
332M /var/lib/unifi/data/backup
```
and each backup is about 12MB:
```
fcuny@tahoe ~> sudo ls -ltrh /var/lib/unifi/data/backup/autobackup|tail -2
-rw------- 1 unifi unifi 12M Jun 22 18:15 autobackup_6.5.55_20220623_0115_1655946900001.unf
-rw------- 1 unifi unifi 5.0K Jun 22 18:15 autobackup_meta.json
```
This will reduce the churn in our daily backup significantly.
Change-Id: Ie39ffa9055605298a82ba6731acc34fd4e29309c
Reviewed-on: https://cl.fcuny.net/c/world/+/471
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I905ce6eddc35e4c51a0ab27c8984e0da0fdee7a7
Reviewed-on: https://cl.fcuny.net/c/world/+/457
Reviewed-by: Franck Cuny <franck@fcuny.net>
Tested-by: CI
|
|
|
|
|
|
|
|
|
|
| |
I need to remove some repositories I created by mistake, this will make
it easier than messing up with the database.
Change-Id: Ia9357226532fe943d15eaec43413502849e39d3d
Reviewed-on: https://cl.fcuny.net/c/world/+/444
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
The scripts should be part of other modules. If there's no good place
for them, they should be part of the packages module.
Change-Id: Ic6c678fbe981444848a0ac7015c6c2e450f3b1c1
Reviewed-on: https://cl.fcuny.net/c/world/+/424
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't need to backup the observability data for sourcegraph. I also
don't need to backup the cache. These files change a lot and are about
~300M of data every day, which creates a lot of churn for our backup.
All I need if I restore a backup is the content of the database and the
indexes.
Change-Id: Ifaddda7626ecae32162503bc14aa8d1ffa716622
Reviewed-on: https://cl.fcuny.net/c/world/+/416
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: Ie69e250c7a63e2f5bea360b5ac62fcd748f48735
Reviewed-on: https://cl.fcuny.net/c/world/+/415
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I0a8bbe976687a8408e1a931ecf2a90cbaa4926e2
Reviewed-on: https://cl.fcuny.net/c/world/+/414
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I do not use drone anymore, no need to keep this around.
Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e
Reviewed-on: https://cl.fcuny.net/c/world/+/411
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I do not use it anymore, I don't need to keep this around.
Change-Id: I42af32eec4ee8ab4c2a8c60b5a8306a4eb418f51
Reviewed-on: https://cl.fcuny.net/c/world/+/410
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The missing comma resulted in the following error:
```
Jun 10 08:57:09 aptos wireplumber[2303]: Failed to compile: [string "50-bluez-config.lua"]:4: '}' expected (to close '{' at line 1) near '['
```
As a result, the service would not start, which prevented the sound to
work (and overall videos were extremely slow).
Change-Id: If6ff7a29a9cf294f9e8d3f6a44abf2423ecfb6e9
Reviewed-on: https://cl.fcuny.net/c/world/+/401
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
We don't need to backup log files for grafana and sourcegraph.
Change-Id: I8ed6f6ce1270a12233cad268bcd12e28ac2785cf
Reviewed-on: https://cl.fcuny.net/c/world/+/383
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: Ide8e479bc88689e052a372825bc90b23b426a89a
Reviewed-on: https://cl.fcuny.net/c/world/+/382
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I94cb29510cbb85c769947dc26c33f9d767e2f0c8
Reviewed-on: https://cl.fcuny.net/c/world/+/381
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
- list up to 150 repositories per page
- limit stats to a year
- snapshots are in tar.gz format
Change-Id: Ifc52d47893737862d89d24b797ec28f32e5076e9
Reviewed-on: https://cl.fcuny.net/c/world/+/366
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NixOS 22.05 was released last month. Bump the versions for both nixos
and home-manager.
I also need to make a few changes for this update work (packages were
renamed, options were addded to tailscale, ...)
Change-Id: I84ed9f21915b769c9f7b8e21988b2b021715c982
Reviewed-on: https://cl.fcuny.net/c/world/+/365
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I45a42543d7fb5071022a77382e925b55568e2c2d
Reviewed-on: https://cl.fcuny.net/c/world/+/363
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The option `exclude' was defined but unused. Add a function to generate
a text file containing all the paths that we want to exclude, and
provide that file as an option when we call `restic'.
Change-Id: I647db892a8a77c589cec1fc975808c5c9ad0b757
Reviewed-on: https://cl.fcuny.net/c/world/+/362
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I73087942ed86fd2ad3575a4776dba97fac693468
Reviewed-on: https://cl.fcuny.net/c/world/+/361
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I7b00987382ef05e032d88cf00e916cdc27511eb1
Reviewed-on: https://cl.fcuny.net/c/world/+/306
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This plugin stores review information for Gerrit changes in the
`refs/notes/review' branch.
Change-Id: I51c7fe1f8764617e0bff5455d3fe713b0e2f446e
Reviewed-on: https://cl.fcuny.net/c/world/+/300
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It took me a while to understand why the group and mode were not set
correctly for the buildkite agent secrets. This module is an abstraction
on top of agenix to modify the filename and ensure that the owner of the
file is actually defined in the configuration.
This was not passing the group and mode to agenix, which is why these
values were never set.
This change modify the library to check that the group exists (as we do
for the user), and pass the mode down.
Change-Id: I7f8545868986110ad92fa63ef8efe4cd3bbd9b0f
Reviewed-on: https://cl.fcuny.net/c/world/+/282
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
Create a few scripts that are used to trigger the hook when a patchset
is created.
Change-Id: Ibcfdb76b3e0ca29b9adc4c2719a8f81170818788
Reviewed-on: https://cl.fcuny.net/c/world/+/172
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Icee60f2372e17f6477a91e7f562c04507788c713
Reviewed-on: https://cl.fcuny.net/c/world/+/168
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I1c57da26d315c847fc5cef134e75a34395764ac9
Reviewed-on: https://cl.fcuny.net/c/world/+/161
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
| |
This has been dropped in cgit.
Change-Id: I255ea20b4f81d080207ac8eac6f6727cac2d54f5
Reviewed-on: https://cl.fcuny.net/c/world/+/126
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
- enable git configuration to read the section out of it
- don't display the owner (it's git by default)
- sort branches and repositories by age
Change-Id: I3f21ec6eb25747d21c23a68b6f24f7cb8345fb02
Reviewed-on: https://cl.fcuny.net/c/world/+/125
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
There are a few repositories that I want to have active in gerrit but I
don't want to list in cgit.
Change-Id: I341801cddba0909d5c32d2653c8cc5eb8aae94ed
Reviewed-on: https://cl.fcuny.net/c/world/+/124
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I65efa49a904ab1885bd72566e450b6678be6aa21
Reviewed-on: https://cl.fcuny.net/c/world/+/123
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the documentation for `project-list`:
A list of subdirectories inside of scan-path, relative to it, that
should loaded as git repositories. This must be defined prior to
scan-path
Change-Id: Iab176a800e8ff0abd515a525d89ef524ba6ab097
Reviewed-on: https://cl.fcuny.net/c/world/+/122
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The logic was previously incorrect. If a repository becomes hidden in
gerrit, it will not be removed from the list. Instead, we create a
temporary file which we use to dump the new list and then move it over
the current list.
Change-Id: I990588ac98ad4024ba144c4c76ad7e4ae27202bc
Reviewed-on: https://cl.fcuny.net/c/world/+/121
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
| |
Configure gitweb to link to our cgit instance
Change-Id: I55cb96e7199bf2636a30689b277978008d6605eb
Reviewed-on: https://cl.fcuny.net/c/world/+/88
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
| |
Query the gerrit API to get the list of active projects, and generate
the list of repositories from it. This run every 10 minutes as a systemd
timer.
Change-Id: I016a6d748597ff4d03af893e0a95b96830bdb3f7
Reviewed-on: https://cl.fcuny.net/c/world/+/87
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I2328abdbd369358e59747a220fe1e57edd8c5126
Reviewed-on: https://cl.fcuny.net/c/world/+/86
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Ia0b3c7e5c2b1f399f7eaf5db2e926dc3a0859790
Reviewed-on: https://cl.fcuny.net/c/world/+/85
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I7d70a25f95cddedaba5e5186b6e7f83ddf9e7eb9
Reviewed-on: https://cl.fcuny.net/c/world/+/84
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
| |
Configure gerrit to send emails using fastmail's SMTP servers.
Change-Id: I658373a2c1e9b3c5dcbe214a02ebe8ca1be69580
Reviewed-on: https://cl.fcuny.net/c/world/+/81
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I2a5b554be29af9184ad504bcb8beca30c605e6c4
Reviewed-on: https://cl.fcuny.net/c/world/+/63
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
|
|
|
|
|
| |
Change-Id: Idba41215b58e8cd77d8d4efa354a3acf52c6bc6d
Reviewed-on: https://cl.fcuny.net/c/world/+/61
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
|
|
|
|
|
|
|
|
| |
cgit is a git web viewer, it will be hosted at git.fcuny.net to replace
gitea.
Change-Id: I16561776fa90a3561d6a13f8545bd2e8f67f409a
Reviewed-on: https://cl.fcuny.net/c/world/+/46
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
|
|
|
| |
Change-Id: Ie217a14a20474b626a2c66116663b785193978c2
|
|
|
|
| |
Change-Id: I3fadf8a3a9a81c7966b4c048ace1ae259f0e3668
|
|
|
|
| |
Change-Id: I3e4a215b47a5a368210b268fa170aa2dddab721f
|
|
|
|
| |
Change-Id: I449f9032e32911fa33c26ec41faadb4f8acc8b1f
|
| |
|
|
|
|
|
|
|
| |
The default configuration wants to run gerrit with a DynamicUser.
However, this prevent the server to generate the ssh keys needed by
gerrit. Instead, we can force the server to run with the 'git' user,
which already exists.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This identify the server (see
https://github.com/NixOS/nixpkgs/blob/634141959076a8ab69ca2cca0f266852256d79ee/nixos/modules/services/web-apps/gerrit.nix#L141).
|
|
|
|
|
|
| |
Gerrit is a tool for doing code review for git. It will be running at
cl.fcuny.net and will be the main way to interact with my git
repositories.
|
|
|
|
|
|
|
| |
Run sourcegraph ([0]) in a docker container. It's exposed as
cs.fcuny.xyz, and we backup some of the directories.
[0] https://docs.sourcegraph.com
|
|
|
|
|
|
|
|
|
|
| |
`zsh' is available everywhere and is compatible with bash. When using
`fish' I need to remember how to do things. While the completion style
is nicer, I don't care about the rest. I prefer to have a consistent
experience in the shell, no matter where am I.
This is an initial configuration, I might need to make a few changes as
I go.
|
|
|
|
| |
The `documents` folder was not being synced.
|
| |
|
|
|
|
| |
There's already something on port 3000.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Move configuration for the scraper into the gitea module itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.
I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).
For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
|
|
|
|
|
| |
Copy the pictures from the phone on all my machines. Don't sync the
documents on the phone (at least for now).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This will ultimately replace traefik.
|
| |
|
| |
|
|
|
|
|
|
| |
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
|
| |
|
| |
|
| |
|
|
|
|
| |
Since this is a host level backup.
|
| |
|
|
|
|
|
| |
Refactor a bit the configuration, which should simplify the management
and usage of secrets from now on.
|
|
|
|
| |
Do a single backup for the host, instead of running multiple ones.
|
| |
|
| |
|
| |
|
|
|
|
| |
Otherwise I can't run `abcde`.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All the modules that are needed for home-manager should be under
`home/`, and each host will have a `host.nix` where the modules are
enabled as needed. Later on we can create some profiles to make it
easier to consume the configuration.
I apply this only to tahoe for now, as the amount of packages needed for
my user are pretty limited.
|
|
|
|
|
| |
Quick fix for now, we will add these values as options to the module
once we confirm everything is still working.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
The list of public share is configurable too.
|
|
|
|
|
|
|
|
|
| |
We don't need the previous `hosts/common/system` configs anymore, as
everything has been moved out.
We keep some boot configuration for carmel in the host configuration for
now, but I need to check why I don't have similar settings for
tahoe (since I also need to unlock the host remotely).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Move the networking configuration for the hosts to its own file.
|
|
|
|
| |
Also install mosh and ensure the firewall opens the correct ports.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the start of yet another refactoring of the configuration.
Sound configuration is moving to a module, and we enable it as needed at
the host level. It takes care of configuring pipewire and install the
packages needed too.
This module is applied to the laptop and the desktop.
|
|
|
|
| |
Sorry, this is a mess, hopefully the last one.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
There's a lot of commented stuff I don't need, and move things that are
configured in the host into modules, which will improve re-usability and
readability of this configuration.
|
| |
|
|
|
|
| |
This reverts commit 343e89015a55b627400286a06937175facb1494d.
|
|
|
|
| |
This reverts commit 3b1ac4f78d21802073c82df39ca7080ae70a67a9.
|
| |
|
|
|
|
|
| |
We don't want to install a desktop on all hosts. We add a new option
that we can set to true or false if we want a desktop to be installed.
|
| |
|
|
|
|
|
| |
Let's first configure the xserver in the desktop module, then we can
have a configuration for i3 in the home-manager.
|
| |
|
| |
|
| |
|
|
|
|
| |
Let's use pipewire.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
```
warning: The following options are deprecated:
- services.xserver.windowManager.default
Please use
services.xserver.displayManager.defaultSession = "none+i3";
instead.
```
|
| |
|
|
|
|
| |
Enable it for the desktop.
|
|
|
|
| |
This is not yet available with the current configuration.
|
| |
|
|
We will create a module for desktop (which will also be used by the
laptop). Start by configuring the fonts.
|