Commit graph

201 commits

Author SHA1 Message Date
Bruno BELANYI 638f4a7774 modules: system: boot: rename 'tmp' options
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-17 21:25:15 +02:00
Bruno BELANYI 7cebaa3751 modules: secrets: move wireguard keys
This is a bit special, as some of the keys do not belong to NixOS hosts,
so store those in the module itself, and into host-specific directories
for the keys that are NixOS hosts.
2023-04-17 08:18:27 +00:00
Bruno BELANYI ed745602a1 modules: secrets: move non-existent key workaround
Since this configuration was only there to accommodate `aramis`, make it
be host-specific instead, and rely on the default value otherwise.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 6079485b50 modules: secrets: move host-specific secrets 2023-04-16 19:44:02 +01:00
Bruno BELANYI 57008bcb7c hosts: nixos: add host-specific secrets module
This is the same logic as the common module, but for secrets that don't
need to be shared to different hosts.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 34a3f9a0d6 modules: secrets: centralize agenix keys
If I intend on splitting the keys depending on which host needs to have
access to it, I should have a singular spot to manage the keys.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 68bf36c45c modules: secrets: wireguard: remove unused file
The peer definitions have been inlined into the Wireguard module a long
time ago.
2023-04-13 17:05:52 +00:00
Bruno BELANYI 54e9303319 modules: secrets: use diff-friendly formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:55:34 +00:00
Bruno BELANYI 04f23976ee modules: services: woodpecker: remove unused env
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:24:34 +00:00
Bruno BELANYI 94141d53b8 modules: services: woodpecker: remove 'TODO' 2023-04-13 15:17:16 +00:00
Bruno BELANYI f15b3aa23d modules: services: woodpecker: allow setuid
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I need it to be able to use `ssh-agent`, for some of my workflows.
2023-04-01 21:06:50 +02:00
Bruno BELANYI 7a5842f03a modules: services: matrix: remove obsolete comment
All checks were successful
continuous-integration/drone/push Build is passing
2023-04-01 15:56:48 +01:00
Bruno BELANYI d20e921e33 modules: secrets: fix 'matrix/secret' 2023-04-01 15:56:48 +01:00
Bruno BELANYI 7e06f75a5d modules: secrets: add woodpecker 2023-04-01 15:56:48 +01:00
Bruno BELANYI 020a32b9e8 modules: services: add woodpecker 2023-04-01 15:56:48 +01:00
Bruno BELANYI 5d9524dbdf modules: services: blog: better blog redirection 2023-04-01 13:05:47 +02:00
Bruno BELANYI a22fe4e636 modules: services: nextcloud: bump to 26 2023-04-01 13:05:47 +02:00
Bruno BELANYI b909f43269 modules: services: nginx: sort settings
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI cae174b0f7 modules: services: nginx: all recommended settings 2023-03-28 15:31:05 +00:00
Bruno BELANYI 642e58fc22 modules: hardware: bluetooth: use 'wireplumber'
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI ad0c99c6f0 modules: services: paperless: fix postgres order
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-23 12:16:40 +00:00
Bruno BELANYI 1751704ab3 modules: system: podman: remove unused arguments
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-22 10:46:10 +00:00
Bruno BELANYI e799318a36 modules: hardware: firmware: remove unused 'pkgs' 2023-03-22 10:45:13 +00:00
Bruno BELANYI 70e235dfcc modules: secrets: drone: modify gitea domain
Since I've changed the official subdomain for my forge, let's update it.
2023-03-16 21:40:06 +01:00
Bruno BELANYI e50b259a70 modules: services: gitea: change domain to 'git.*'
Because cool URLs don't change [1], setup a re-directed for it.

[1]: https://www.w3.org/Provider/Style/URI.html
2023-03-16 21:33:22 +01:00
Bruno BELANYI b3d90be8b1 modules: services: nginx: add 'redirect' option 2023-03-16 21:33:22 +01:00
Bruno BELANYI 20341a3129 refactor: 'with lib.my' -> 'with lib' 2023-03-16 16:42:55 +00:00
Bruno BELANYI fafbb93ea9 modules: home: use named 'nixosModules'
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-11 20:44:04 +00:00
Bruno BELANYI 8b9a01a0ef modules: system: nix: DRY inputs handling 2023-02-25 01:43:07 +00:00
Bruno BELANYI 54a6be70c8 modules: system: nix: simplify 'NIX_PATH'
Since we now have an explicit 'pkgs' link, we can just add the folder
with all linked inputs directly instead of adding them all manually.
2023-02-25 01:43:07 +00:00
Bruno BELANYI a99954b12a modules: system: nix: add explicit 'pkgs' link 2023-02-25 01:43:07 +00:00
Bruno BELANYI 6eb87c21b7 modules: system: nix: use stable 'NIX_PATH'
All checks were successful
continuous-integration/drone/push Build is passing
Since the links are updated on system switch, NIX_PATH will
automatically point to the actual system version of the inputs at all
times
2023-02-23 21:03:22 +00:00
Bruno BELANYI c1214547da modules: system: nix: add '/etc/nix/inputs' links 2023-02-23 20:58:05 +00:00
Bruno BELANYI 3505b4d7f0 modules: services: sabnzbd: add fail2ban jail
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-20 23:01:50 +01:00
Bruno BELANYI 2485a60d62 modules: services: calibre-web: add fail2ban jail
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-20 09:04:50 +00:00
Bruno BELANYI b9f6c5d534 modules: services: gitea: add fail2ban jail 2023-02-20 09:04:50 +00:00
Bruno BELANYI d647830911 modules: services: order imports 2023-02-20 09:04:50 +00:00
Bruno BELANYI 13aa8abfaf modules: services: add fail2ban 2023-02-20 09:04:50 +00:00
Bruno BELANYI 5bce2fafde modules: system: nix: override '<nixpkgs>'
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-11 11:04:10 +00:00
Bruno BELANYI 26bf4e3631 modules: system: nix: preprend to 'NIX_PATH'
Instead of appending to the default value.

This makes overriding some values that are defined as the default value easier.
2023-02-11 11:04:10 +00:00
Bruno BELANYI 6b4c01a242 modules: services: ssh-server: use 'settings' 2023-01-28 22:51:18 +01:00
Bruno BELANYI aeb3245327 modules: services: blog: GNU T.P. 2022-12-18 12:59:42 +01:00
Bruno BELANYI c961bdbfc4 modules: services: transmission: remove MemoryHigh
The service does not actively try to reduce its memory usage, so to make
sure we do reach `MemoryMax` let's remove the `MemoryHigh`
configuration.
2022-12-16 21:43:49 +01:00
Bruno BELANYI 1e10c6630b modules: services: nginx: fix SSL renewal
See this issue [1].

[1]: https://github.com/go-acme/lego/issues/1772.
2022-11-29 17:19:24 +01:00
Bruno BELANYI b85a98c377 modules: services: nextcloud: disable broken SSE
I don't use server-side encryption anyway.
2022-11-28 10:18:50 +01:00
Bruno BELANYI 1967c8ef79 modules: services: transmission: limit memory use 2022-11-20 13:15:58 +01:00
Bruno BELANYI f6a00ec838 modules: services: paperless: require postgres 2022-11-03 18:06:36 +01:00
Bruno BELANYI 05be340b7e modules: services: nextcloud: bump to 25 2022-11-03 16:59:19 +01:00
Bruno BELANYI 30ce88f42f flake: bump inputs
And migrate to the new RFC42 grafana options.
2022-11-03 16:58:47 +01:00
Bruno BELANYI 4c0c6a75b2 modules: system: packages: configure aliases
Disallow them by default, but make it configurable.
2022-09-30 08:59:27 +02:00