Commit graph

545 commits

Author SHA1 Message Date
Antoine Martin cbd98189e2 zephyrus: init host 2021-07-23 18:47:53 +02:00
Antoine Martin d7387374da base: add gimp to base programs 2021-07-22 18:22:23 +02:00
Antoine Martin 7f4d76cd64 base: add zip/unzip to base programs 2021-07-22 18:20:43 +02:00
Antoine Martin 0b193d29b4 base: remove stow from base programs
no longer needed, as dotfiles are now handled by home-manager
2021-07-22 18:19:04 +02:00
Antoine Martin f4f5cf3c3b base: remove innernet from programs 2021-07-22 18:18:41 +02:00
Antoine Martin d819b90559 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d' -> 'github:nix-community/emacs-overlay/40e6376f2d3fe4911122ae78569243aa929888b2'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1' -> 'github:NixOS/nixpkgs/63ee5cd99a2e193d5e4c879feb9683ddec23fa03'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba' -> 'github:NixOS/nixpkgs/314cf1949b181a1362b96c2e0421f9710a8fe607'
2021-07-22 15:26:13 +02:00
Antoine Martin 611308f120 services: paperless: backup correctly 2021-07-19 14:59:15 +02:00
Antoine Martin fe82f34943 flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611' -> 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f' -> 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530' -> 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba'
2021-07-19 13:39:38 +02:00
Antoine Martin 0f4ae45828 services: monitoring: set prometheus scrape interval 2021-07-15 10:27:10 +02:00
Antoine Martin 40bb8ff33b base: add innernet to base programs 2021-07-14 23:33:42 +02:00
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin cc825d1e53 pkgs: kaleidoscope: remove unneeded meta.platform 2021-07-14 19:44:28 +02:00
Antoine Martin 61a57d8a96 flake: expose packages 2021-07-14 19:40:35 +02:00
Antoine Martin 5ac71e96cd flake: factorize home-manager config 2021-07-14 18:51:01 +02:00
Antoine Martin ff673a0890 flake: merge shared overlay config 2021-07-14 18:21:01 +02:00
Antoine Martin a79d27ff22 flake: group up nixosConfigurations 2021-07-14 18:05:36 +02:00
Antoine Martin 573a6ea0bc flake: cleanup inputs 2021-07-14 17:53:31 +02:00
Antoine Martin c5185394cc boreal: install chrysalis in home 2021-07-14 17:41:52 +02:00
Antoine Martin b4b30cba64 pkgs: package spot and install on boreal 2021-07-14 17:08:44 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 29a98d0c0d flake: use fast python for synapse in poseidon overlay 2021-07-14 01:05:21 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 3862992b76 poseidon: trust tailscale0 interface in firewall 2021-07-13 23:40:42 +02:00
Antoine Martin bd02870e9f poseidon: enable ip forwarding in sysctl 2021-07-13 23:18:40 +02:00
Antoine Martin 880d44e570 poseidon: add procps to tailscale path 2021-07-13 23:13:13 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 7d8b8c4cae ci: only trigger on main 2021-07-13 18:15:25 +02:00
Antoine Martin ff33a50911 pkgs: sddm-sugar-candy: space out file 2021-07-13 18:08:26 +02:00
Antoine Martin 2e15fbecb9 ci: add NUR update workflow 2021-07-13 18:06:22 +02:00
Antoine Martin 6cf2b5893e pkgs: remove unused kaleidoscope file 2021-07-13 17:34:45 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 971dcbbc71 flake: use packages overlay for poseidon 2021-07-13 17:25:34 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin df3cffadaf poseidon: enable docker and docker-compose 2021-07-12 22:11:38 +02:00
Antoine Martin 72f52cd06a base: disable garbage collection
Some heavy flake shells with texlive were getting wiped, I can do this
by hand from time to time
2021-07-12 14:41:57 +02:00
Antoine Martin 16297d492c flake.lock: Update
Flake input changes:

* Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582' -> 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808' -> 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f'
* Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e' -> 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530'
2021-07-12 11:10:10 +02:00
Antoine Martin 049bb7d5d2 poseidon: enable tailscale 2021-07-10 16:48:53 +02:00
Antoine Martin 721a7cefa2 boreal: enable tailscale 2021-07-10 16:47:48 +02:00