Antoine Martin
d7387374da
base: add gimp to base programs
2021-07-22 18:22:23 +02:00
Antoine Martin
7f4d76cd64
base: add zip/unzip to base programs
2021-07-22 18:20:43 +02:00
Antoine Martin
0b193d29b4
base: remove stow from base programs
...
no longer needed, as dotfiles are now handled by home-manager
2021-07-22 18:19:04 +02:00
Antoine Martin
f4f5cf3c3b
base: remove innernet from programs
2021-07-22 18:18:41 +02:00
Antoine Martin
d819b90559
flake.lock: Update
...
Flake input changes:
* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d' -> 'github:nix-community/emacs-overlay/40e6376f2d3fe4911122ae78569243aa929888b2'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1' -> 'github:NixOS/nixpkgs/63ee5cd99a2e193d5e4c879feb9683ddec23fa03'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba' -> 'github:NixOS/nixpkgs/314cf1949b181a1362b96c2e0421f9710a8fe607'
2021-07-22 15:26:13 +02:00
Antoine Martin
611308f120
services: paperless: backup correctly
2021-07-19 14:59:15 +02:00
Antoine Martin
fe82f34943
flake.lock: Update
...
Flake input changes:
* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611' -> 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f' -> 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530' -> 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba'
2021-07-19 13:39:38 +02:00
Antoine Martin
0f4ae45828
services: monitoring: set prometheus scrape interval
2021-07-15 10:27:10 +02:00
Antoine Martin
40bb8ff33b
base: add innernet to base programs
2021-07-14 23:33:42 +02:00
Antoine Martin
c7c87fcdb4
pkgs: fix grafanaDashboards access in flake
...
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin
cc825d1e53
pkgs: kaleidoscope: remove unneeded meta.platform
2021-07-14 19:44:28 +02:00
Antoine Martin
61a57d8a96
flake: expose packages
2021-07-14 19:40:35 +02:00
Antoine Martin
5ac71e96cd
flake: factorize home-manager config
2021-07-14 18:51:01 +02:00
Antoine Martin
ff673a0890
flake: merge shared overlay config
2021-07-14 18:21:01 +02:00
Antoine Martin
a79d27ff22
flake: group up nixosConfigurations
2021-07-14 18:05:36 +02:00
Antoine Martin
573a6ea0bc
flake: cleanup inputs
2021-07-14 17:53:31 +02:00
Antoine Martin
c5185394cc
boreal: install chrysalis in home
2021-07-14 17:41:52 +02:00
Antoine Martin
b4b30cba64
pkgs: package spot and install on boreal
2021-07-14 17:08:44 +02:00
Antoine Martin
27ae0552eb
services: paperless: fix backup paths
2021-07-14 03:00:36 +02:00
Antoine Martin
29a98d0c0d
flake: use fast python for synapse in poseidon overlay
2021-07-14 01:05:21 +02:00
Antoine Martin
829632e360
services: tailscale: make exit node optional
2021-07-14 00:08:40 +02:00
Antoine Martin
c16d8513d2
services: wireguard: removed unused module
...
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin
1d8750efed
services: tailscale: move to service
2021-07-13 23:49:45 +02:00
Antoine Martin
3862992b76
poseidon: trust tailscale0 interface in firewall
2021-07-13 23:40:42 +02:00
Antoine Martin
bd02870e9f
poseidon: enable ip forwarding in sysctl
2021-07-13 23:18:40 +02:00
Antoine Martin
880d44e570
poseidon: add procps to tailscale path
2021-07-13 23:13:13 +02:00
Antoine Martin
39477a85e7
services: paperless: backups
2021-07-13 22:20:21 +02:00
Antoine Martin
7d8b8c4cae
ci: only trigger on main
2021-07-13 18:15:25 +02:00
Antoine Martin
ff33a50911
pkgs: sddm-sugar-candy: space out file
2021-07-13 18:08:26 +02:00
Antoine Martin
2e15fbecb9
ci: add NUR update workflow
2021-07-13 18:06:22 +02:00
Antoine Martin
6cf2b5893e
pkgs: remove unused kaleidoscope file
2021-07-13 17:34:45 +02:00
Antoine Martin
786d884e3a
services: monitoring: package grafana dashboards
2021-07-13 17:34:36 +02:00
Antoine Martin
971dcbbc71
flake: use packages overlay for poseidon
2021-07-13 17:25:34 +02:00
Antoine Martin
0f8175519b
services: monitoring: update node exporter dash
2021-07-13 17:25:34 +02:00
Antoine Martin
0b983d1358
services: monitoring: add nginx dashboard
2021-07-13 17:25:34 +02:00
Antoine Martin
b6f712b817
services: nginx: enable prometheus exporter
2021-07-13 17:25:34 +02:00
Antoine Martin
2b59116b8d
services: monitoring: only listen on localhost
2021-07-13 17:25:34 +02:00
Antoine Martin
e7219ae988
services: matrix: enable SSL traffic only
...
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:
server {
server_name matrix.alarsyo.net ;
location /.well-known/acme-challenge {
root /var/lib/acme/acme-challenge;
auth_basic off;
}
location / {
return 301 https://$host$request_uri ;
}
}
Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin
c75458d8c9
services: bitwarden: only listen on local host
...
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin
d2835ceb77
services: paperless: drop external traffic to docker
2021-07-13 13:22:21 +02:00
Antoine Martin
8eb1fe5001
services: paperless: restrict to Tailscale
2021-07-13 01:31:55 +02:00
Antoine Martin
f0e5e90c10
services: use wildcard certificate
...
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin
64d479e2ce
services: prometheus: keep metrics for 2 years
2021-07-12 22:12:03 +02:00
Antoine Martin
95733f9e05
services: paperless: setup reverse proxy
2021-07-12 22:11:41 +02:00
Antoine Martin
df3cffadaf
poseidon: enable docker and docker-compose
2021-07-12 22:11:38 +02:00
Antoine Martin
72f52cd06a
base: disable garbage collection
...
Some heavy flake shells with texlive were getting wiped, I can do this
by hand from time to time
2021-07-12 14:41:57 +02:00
Antoine Martin
16297d492c
flake.lock: Update
...
Flake input changes:
* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582' -> 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808' -> 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e' -> 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530'
2021-07-12 11:10:10 +02:00
Antoine Martin
049bb7d5d2
poseidon: enable tailscale
2021-07-10 16:48:53 +02:00
Antoine Martin
721a7cefa2
boreal: enable tailscale
2021-07-10 16:47:48 +02:00
Antoine Martin
e7d18c63c3
flake.lock: Update
...
Flake input changes:
* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/9fbb5e43ed6ea3b5b704f13b2169f5404c24113b' -> 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/21b696caf392ad6fa513caf3327d0aa0430ffb72' -> 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883' -> 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e'
2021-07-07 14:18:41 +02:00