Commit graph

524 commits

Author SHA1 Message Date
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 3862992b76 poseidon: trust tailscale0 interface in firewall 2021-07-13 23:40:42 +02:00
Antoine Martin bd02870e9f poseidon: enable ip forwarding in sysctl 2021-07-13 23:18:40 +02:00
Antoine Martin 880d44e570 poseidon: add procps to tailscale path 2021-07-13 23:13:13 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 7d8b8c4cae ci: only trigger on main 2021-07-13 18:15:25 +02:00
Antoine Martin ff33a50911 pkgs: sddm-sugar-candy: space out file 2021-07-13 18:08:26 +02:00
Antoine Martin 2e15fbecb9 ci: add NUR update workflow 2021-07-13 18:06:22 +02:00
Antoine Martin 6cf2b5893e pkgs: remove unused kaleidoscope file 2021-07-13 17:34:45 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 971dcbbc71 flake: use packages overlay for poseidon 2021-07-13 17:25:34 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin df3cffadaf poseidon: enable docker and docker-compose 2021-07-12 22:11:38 +02:00
Antoine Martin 72f52cd06a base: disable garbage collection
Some heavy flake shells with texlive were getting wiped, I can do this
by hand from time to time
2021-07-12 14:41:57 +02:00
Antoine Martin 16297d492c flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582' -> 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808' -> 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e' -> 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530'
2021-07-12 11:10:10 +02:00
Antoine Martin 049bb7d5d2 poseidon: enable tailscale 2021-07-10 16:48:53 +02:00
Antoine Martin 721a7cefa2 boreal: enable tailscale 2021-07-10 16:47:48 +02:00
Antoine Martin e7d18c63c3 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/9fbb5e43ed6ea3b5b704f13b2169f5404c24113b' -> 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/21b696caf392ad6fa513caf3327d0aa0430ffb72' -> 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883' -> 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e'
2021-07-07 14:18:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 26ea717eaa boreal: don't power on bluetooth on boot
No longer needed now that I found my Logitech dongle
2021-07-05 12:30:19 +02:00
Antoine Martin bb17432079 home: i3: remove NVIDIA firefox perf workaround
Not needed anymore since switching to a recent RTX card
2021-07-05 11:58:50 +02:00
Antoine Martin af04fc4626 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/ab500b1977b48c2524d56fe1efcb5c7102319bf0' -> 'github:nix-community/emacs-overlay/9fbb5e43ed6ea3b5b704f13b2169f5404c24113b'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/f77036342e2b690c61c97202bf48f2ce13acc022' -> 'github:NixOS/nixpkgs/21b696caf392ad6fa513caf3327d0aa0430ffb72'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/920113a6e5e34e317c910b8477dd6cde88fcd202' -> 'github:NixOS/nixpkgs/a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883'
2021-07-05 11:29:01 +02:00
Antoine Martin 60b65f5037 boreal: switch network interface names 2021-07-01 22:19:51 +02:00
Antoine Martin ed8048c194 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/4690423c87e4a106639aaf9358f2951f11bb615e' -> 'github:nix-community/emacs-overlay/ab500b1977b48c2524d56fe1efcb5c7102319bf0'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4' -> 'github:NixOS/nixpkgs/f77036342e2b690c61c97202bf48f2ce13acc022'
2021-06-29 01:11:49 +02:00
Antoine Martin 3084fa24b1 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa' -> 'github:nix-community/emacs-overlay/4690423c87e4a106639aaf9358f2951f11bb615e'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/6613a30c5e3ee59753181512b4bedd4121569925' -> 'github:NixOS/nixpkgs/0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7c2d15627a3012c5e5af1d1664a53599687cf1d1' -> 'github:NixOS/nixpkgs/920113a6e5e34e317c910b8477dd6cde88fcd202'
2021-06-24 10:06:38 +02:00
Antoine Martin a00a9fab73 home: tmux: display CPU in status bar 2021-06-21 18:42:56 +02:00
Antoine Martin 63db8cce42 home: tmux: use cpu plugin 2021-06-21 17:44:19 +02:00
Antoine Martin 86d9a119cf home: tmux: use solarized plugin 2021-06-21 17:30:42 +02:00
Antoine Martin 997e82e10b home: use 24h clock for tmux 2021-06-21 17:17:29 +02:00
Antoine Martin cb3f46c75b flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/d9baacb691afe81a61b5b9f5fd42473710c59581' -> 'github:nix-community/emacs-overlay/d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa'
* Updated 'home-manager': 'github:nix-community/home-manager/148d85ee8303444fb0116943787aa0b1b25f94df' -> 'github:nix-community/home-manager/35a24648d155843a4d162de98c17b1afd5db51e4'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/1f91fd1040667e9265a760b0347f8bc416249da7' -> 'github:NixOS/nixpkgs/6613a30c5e3ee59753181512b4bedd4121569925'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6aa2bb6a818d12d4cf296f736263011611cf2610' -> 'github:NixOS/nixpkgs/7c2d15627a3012c5e5af1d1664a53599687cf1d1'
2021-06-21 11:04:38 +02:00
Antoine Martin bcf896224e pkgs: kaleidoscope-udev-rules: please ambroisie 2021-06-17 12:24:51 +02:00
Antoine Martin 0bea117289 boreal: don't backup nixpkgs repo 2021-06-17 10:58:24 +02:00
Antoine Martin 9a6b1c1095 boreal: don't backup rustc build artifacts 2021-06-17 02:47:34 +02:00
Antoine Martin 7f5c8519bf base: move clang and bintools to base 2021-06-16 18:30:15 +02:00
Antoine Martin f4ea038e70 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/ef23961671665991f36bb87d46b4b071e75ed6d5' -> 'github:nix-community/emacs-overlay/d9baacb691afe81a61b5b9f5fd42473710c59581'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/cedcf2565c6b982d703d67455199b09a3d905d86' -> 'github:NixOS/nixpkgs/1f91fd1040667e9265a760b0347f8bc416249da7'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6a1ca229f5d811fc3fce512206d1eeb2ba7182c4' -> 'github:NixOS/nixpkgs/6aa2bb6a818d12d4cf296f736263011611cf2610'
2021-06-13 22:19:57 +02:00
Antoine Martin 9f3c4858c1 home: i3: fix spotify for good?
Spotify doesn't always behave as expected, adding

--no-auto-back-and-forth

seems to help
2021-06-11 13:45:51 +02:00
Antoine Martin 9c50a5fa47 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/7a60fbc3fbcd1ac549af35db2b54c53b0b99da6e' -> 'github:nix-community/emacs-overlay/ef23961671665991f36bb87d46b4b071e75ed6d5'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/60cce7e5e1fdf62421ef6d4184ee399b46209366' -> 'github:NixOS/nixpkgs/cedcf2565c6b982d703d67455199b09a3d905d86'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3fcf9a6af852942cfb3319f7efc5cd11a9bae794' -> 'github:NixOS/nixpkgs/6a1ca229f5d811fc3fce512206d1eeb2ba7182c4'
2021-06-11 09:18:23 +02:00
Antoine Martin cb24c49bbf boreal: fix broken keyboard layout on linux 5.12
See keyboardio/Model01-Firmware#109 for details, enabling libinput
seems to solve the problem for now. Fingers crossed.
2021-06-10 04:40:45 +02:00