Bruno BELANYI
638f4a7774
modules: system: boot: rename 'tmp' options
ci/woodpecker/push/check Pipeline was successful
2023-04-17 21:25:15 +02:00
Bruno BELANYI
7cebaa3751
modules: secrets: move wireguard keys
...
This is a bit special, as some of the keys do not belong to NixOS hosts,
so store those in the module itself, and into host-specific directories
for the keys that are NixOS hosts.
2023-04-17 08:18:27 +00:00
Bruno BELANYI
ed745602a1
modules: secrets: move non-existent key workaround
...
Since this configuration was only there to accommodate `aramis`, make it
be host-specific instead, and rely on the default value otherwise.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
6079485b50
modules: secrets: move host-specific secrets
2023-04-16 19:44:02 +01:00
Bruno BELANYI
57008bcb7c
hosts: nixos: add host-specific secrets module
...
This is the same logic as the common module, but for secrets that don't
need to be shared to different hosts.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
34a3f9a0d6
modules: secrets: centralize agenix keys
...
If I intend on splitting the keys depending on which host needs to have
access to it, I should have a singular spot to manage the keys.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
68bf36c45c
modules: secrets: wireguard: remove unused file
...
The peer definitions have been inlined into the Wireguard module a long
time ago.
2023-04-13 17:05:52 +00:00
Bruno BELANYI
54e9303319
modules: secrets: use diff-friendly formatting
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:55:34 +00:00
Bruno BELANYI
04f23976ee
modules: services: woodpecker: remove unused env
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:24:34 +00:00
Bruno BELANYI
94141d53b8
modules: services: woodpecker: remove 'TODO'
2023-04-13 15:17:16 +00:00
Bruno BELANYI
f15b3aa23d
modules: services: woodpecker: allow setuid
...
ci/woodpecker/push/check Pipeline was successful
I need it to be able to use `ssh-agent`, for some of my workflows.
2023-04-01 21:06:50 +02:00
Bruno BELANYI
7a5842f03a
modules: services: matrix: remove obsolete comment
continuous-integration/drone/push Build is passing
2023-04-01 15:56:48 +01:00
Bruno BELANYI
d20e921e33
modules: secrets: fix 'matrix/secret'
2023-04-01 15:56:48 +01:00
Bruno BELANYI
7e06f75a5d
modules: secrets: add woodpecker
2023-04-01 15:56:48 +01:00
Bruno BELANYI
020a32b9e8
modules: services: add woodpecker
2023-04-01 15:56:48 +01:00
Bruno BELANYI
5d9524dbdf
modules: services: blog: better blog redirection
2023-04-01 13:05:47 +02:00
Bruno BELANYI
a22fe4e636
modules: services: nextcloud: bump to 26
2023-04-01 13:05:47 +02:00
Bruno BELANYI
b909f43269
modules: services: nginx: sort settings
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI
cae174b0f7
modules: services: nginx: all recommended settings
2023-03-28 15:31:05 +00:00
Bruno BELANYI
642e58fc22
modules: hardware: bluetooth: use 'wireplumber'
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI
ad0c99c6f0
modules: services: paperless: fix postgres order
continuous-integration/drone/push Build is passing
2023-03-23 12:16:40 +00:00
Bruno BELANYI
1751704ab3
modules: system: podman: remove unused arguments
continuous-integration/drone/push Build is passing
2023-03-22 10:46:10 +00:00
Bruno BELANYI
e799318a36
modules: hardware: firmware: remove unused 'pkgs'
2023-03-22 10:45:13 +00:00
Bruno BELANYI
70e235dfcc
modules: secrets: drone: modify gitea domain
...
Since I've changed the official subdomain for my forge, let's update it.
2023-03-16 21:40:06 +01:00
Bruno BELANYI
e50b259a70
modules: services: gitea: change domain to 'git.*'
...
Because cool URLs don't change [1], setup a re-directed for it.
[1]: https://www.w3.org/Provider/Style/URI.html
2023-03-16 21:33:22 +01:00
Bruno BELANYI
b3d90be8b1
modules: services: nginx: add 'redirect' option
2023-03-16 21:33:22 +01:00
Bruno BELANYI
20341a3129
refactor: 'with lib.my' -> 'with lib'
2023-03-16 16:42:55 +00:00
Bruno BELANYI
fafbb93ea9
modules: home: use named 'nixosModules'
continuous-integration/drone/push Build is passing
2023-03-11 20:44:04 +00:00
Bruno BELANYI
8b9a01a0ef
modules: system: nix: DRY inputs handling
2023-02-25 01:43:07 +00:00
Bruno BELANYI
54a6be70c8
modules: system: nix: simplify 'NIX_PATH'
...
Since we now have an explicit 'pkgs' link, we can just add the folder
with all linked inputs directly instead of adding them all manually.
2023-02-25 01:43:07 +00:00
Bruno BELANYI
a99954b12a
modules: system: nix: add explicit 'pkgs' link
2023-02-25 01:43:07 +00:00
Bruno BELANYI
6eb87c21b7
modules: system: nix: use stable 'NIX_PATH'
...
continuous-integration/drone/push Build is passing
Since the links are updated on system switch, NIX_PATH will
automatically point to the actual system version of the inputs at all
times
2023-02-23 21:03:22 +00:00
Bruno BELANYI
c1214547da
modules: system: nix: add '/etc/nix/inputs' links
2023-02-23 20:58:05 +00:00
Bruno BELANYI
3505b4d7f0
modules: services: sabnzbd: add fail2ban jail
continuous-integration/drone/push Build is passing
2023-02-20 23:01:50 +01:00
Bruno BELANYI
2485a60d62
modules: services: calibre-web: add fail2ban jail
continuous-integration/drone/push Build is passing
2023-02-20 09:04:50 +00:00
Bruno BELANYI
b9f6c5d534
modules: services: gitea: add fail2ban jail
2023-02-20 09:04:50 +00:00
Bruno BELANYI
d647830911
modules: services: order imports
2023-02-20 09:04:50 +00:00
Bruno BELANYI
13aa8abfaf
modules: services: add fail2ban
2023-02-20 09:04:50 +00:00
Bruno BELANYI
5bce2fafde
modules: system: nix: override '<nixpkgs>'
continuous-integration/drone/push Build is passing
2023-02-11 11:04:10 +00:00
Bruno BELANYI
26bf4e3631
modules: system: nix: preprend to 'NIX_PATH'
...
Instead of appending to the default value.
This makes overriding some values that are defined as the default value easier.
2023-02-11 11:04:10 +00:00
Bruno BELANYI
6b4c01a242
modules: services: ssh-server: use 'settings'
2023-01-28 22:51:18 +01:00
Bruno BELANYI
aeb3245327
modules: services: blog: GNU T.P.
2022-12-18 12:59:42 +01:00
Bruno BELANYI
c961bdbfc4
modules: services: transmission: remove MemoryHigh
...
The service does not actively try to reduce its memory usage, so to make
sure we do reach `MemoryMax` let's remove the `MemoryHigh`
configuration.
2022-12-16 21:43:49 +01:00
Bruno BELANYI
1e10c6630b
modules: services: nginx: fix SSL renewal
...
See this issue [1].
[1]: https://github.com/go-acme/lego/issues/1772 .
2022-11-29 17:19:24 +01:00
Bruno BELANYI
b85a98c377
modules: services: nextcloud: disable broken SSE
...
I don't use server-side encryption anyway.
2022-11-28 10:18:50 +01:00
Bruno BELANYI
1967c8ef79
modules: services: transmission: limit memory use
2022-11-20 13:15:58 +01:00
Bruno BELANYI
f6a00ec838
modules: services: paperless: require postgres
2022-11-03 18:06:36 +01:00
Bruno BELANYI
05be340b7e
modules: services: nextcloud: bump to 25
2022-11-03 16:59:19 +01:00
Bruno BELANYI
30ce88f42f
flake: bump inputs
...
And migrate to the new RFC42 grafana options.
2022-11-03 16:58:47 +01:00
Bruno BELANYI
4c0c6a75b2
modules: system: packages: configure aliases
...
Disallow them by default, but make it configurable.
2022-09-30 08:59:27 +02:00