aboutsummaryrefslogtreecommitdiff
path: root/hosts (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-05-22feat(tahoe): enable sourcegraphFranck Cuny1-0/+4
2022-05-16bluetooh: enable on aptosFranck Cuny1-0/+1
2022-05-15zsh: switch to zsh as the default shellFranck Cuny3-3/+3
`zsh' is available everywhere and is compatible with bash. When using `fish' I need to remember how to do things. While the completion style is nicer, I don't care about the rest. I prefer to have a consistent experience in the shell, no matter where am I. This is an initial configuration, I might need to make a few changes as I go.
2022-05-12aptos: enable bluetoothFranck Cuny1-0/+1
2022-05-07secrets: add a new secrets for gcloud (aptos only)Franck Cuny2-0/+5
This is the configuration needed to interact with GCP from this repository. We only want it on aptos for now.
2022-05-02tahoe: enable exec runner for droneFranck Cuny1-1/+1
2022-04-24backups: do backups for the laptopFranck Cuny5-1/+36
From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
2022-04-24scanner: install tools on the laptopFranck Cuny1-0/+4
2022-04-21syncthing: enable on trusted machinesFranck Cuny4-2/+16
Add the cert and key for aptos.
2022-04-21syncthing: don't run from homeFranck Cuny1-1/+0
2022-04-21syncthing: configure the keys for tahoeFranck Cuny3-0/+20
2022-04-21syncthing: enable on tahoeFranck Cuny1-0/+1
2022-04-21syncthing: let's run it from home-managerFranck Cuny1-0/+1
2022-04-13drone: configuration fixesFranck Cuny1-1/+1
2022-04-13drone: initial attempt at configuring itFranck Cuny4-0/+16
2022-04-13modules: make the vhost be configurableFranck Cuny1-3/+9
2022-04-13grafana: correct domain name ...Franck Cuny1-1/+1
2022-04-13grafana: the vhost is configurableFranck Cuny1-1/+4
2022-04-13tahoe: set owner for secret related to ACMEFranck Cuny1-1/+4
2022-04-13secrets: re-key all secrets for tahoeFranck Cuny8-30/+27
2022-04-13grafana: try to configure the domain with acme+dnsFranck Cuny3-1/+9
2022-04-13nginx: get a simple solution to work firstFranck Cuny1-13/+1
2022-04-13nginx: add nginx as a reverse proxyFranck Cuny1-1/+14
This will ultimately replace traefik.
2022-04-13secrets: move the actual secrets with hosts configFranck Cuny9-0/+43
Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
2022-04-11tahoe: fix backup configurationFranck Cuny1-2/+3
2022-04-10secrets: move all the secrets under module/Franck Cuny1-3/+3
Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
2022-04-10add a module for backup with resticFranck Cuny1-10/+4
Do a single backup for the host, instead of running multiple ones.
2022-04-09tahoe: enable network with early bootFranck Cuny2-11/+19
So we can unlock the disks remotely.
2022-04-09small fixesFranck Cuny1-1/+1
2022-04-09add a few more modules to home/ and delete stuffFranck Cuny2-0/+3
2022-04-08carmel: configure the desktop properlyFranck Cuny3-1/+22
2022-04-08hosts: rename hardware-configuration to hardwareFranck Cuny6-3/+3
2022-04-08hosts: add services to tahoeFranck Cuny3-11/+10
2022-04-08delete unneeded modulesFranck Cuny3-96/+0
2022-04-08delete unused moduleFranck Cuny1-25/+0
2022-04-08aptos: consume the new profilesFranck Cuny3-3/+21
aptos is now using the new home-manager setup.
2022-04-07initial attempt to reconfigure home-managerFranck Cuny2-0/+18
All the modules that are needed for home-manager should be under `home/`, and each host will have a `host.nix` where the modules are enabled as needed. Later on we can create some profiles to make it easier to consume the configuration. I apply this only to tahoe for now, as the amount of packages needed for my user are pretty limited.
2022-04-06refactor transmission and metrics-exporterFranck Cuny4-50/+2
2022-04-06refactor traefikFranck Cuny2-97/+1
2022-04-06refactor rclone to a moduleFranck Cuny2-33/+1
2022-04-06refactor gitea as a moduleFranck Cuny2-42/+4
2022-04-06refactor grafana as a moduleFranck Cuny7-26433/+1
2022-04-06refactor prometheus as a moduleFranck Cuny2-180/+1
2022-04-06refactor unifi to a moduleFranck Cuny2-82/+1
2022-04-06refactor navidrome to a moduleFranck Cuny2-28/+9
2022-04-06enable AMD module correctlyFranck Cuny2-2/+2
2022-04-06refactor samba to a proper moduleFranck Cuny2-34/+5
The list of public share is configurable too.
2022-04-06refactor boot configuration to a moduleFranck Cuny8-62/+19
We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
2022-04-06refactor configuration for AMDFranck Cuny2-66/+65
2022-04-05refactor intel related configurationFranck Cuny4-37/+26
2022-04-05refactor modules for btrfs, ssd, and fwupdFranck Cuny2-9/+1
2022-04-05refactor network configurationFranck Cuny6-28/+58
2022-04-05refactor security to a moduleFranck Cuny2-6/+1
2022-04-05refactor users to a moduleFranck Cuny2-33/+1
2022-04-05refactor default packages to a moduleFranck Cuny2-58/+2
2022-04-05move locale configuration to a moduleFranck Cuny2-13/+0
2022-04-05console configuration is moved to a moduleFranck Cuny1-5/+0
2022-04-05create a profile for laptopFranck Cuny1-1/+1
2022-04-05carmel: enable the soundFranck Cuny1-0/+1
2022-04-05network: move tailscale in modulesFranck Cuny7-62/+64
Move the networking configuration for the hosts to its own file.
2022-04-05ssh: refactor to a moduleFranck Cuny2-7/+0
Also install mosh and ensure the firewall opens the correct ports.
2022-04-05nix: refactor to a moduleFranck Cuny2-19/+0
2022-04-05sound: add a new moduleFranck Cuny6-42/+16
This is the start of yet another refactoring of the configuration. Sound configuration is moving to a module, and we enable it as needed at the host level. It takes care of configuring pipewire and install the packages needed too. This module is applied to the laptop and the desktop.
2022-04-04dashboard: remove ping metricsFranck Cuny1-96/+3
We're using the ones from the prober
2022-04-04prometheus: fix configurationFranck Cuny1-3/+1
2022-04-04prometheus: we need to specify the IP protocolFranck Cuny1-1/+5
If we don't, by default we try over ipv6, and this is not going to work well for us (yet): ``` ts=2022-04-05T01:39:13.830414184Z caller=main.go:130 module=https_2xx target=https://notes.fcuny.net level=error msg="Error for HTTP request" err="Get \"https://[2a09:8280:1::a:2aed]\": dial tcp [2a09:8280:1::a:2aed]:443: connect: network is unreachable" ```
2022-04-04prometheus: I'll get this right this timeFranck Cuny1-5/+3
2022-04-04prometheus: set the scheme for the URLsFranck Cuny1-5/+5
2022-04-04prometheus: add scraper for HTTPFranck Cuny1-0/+28
2022-04-04prometheus: configure correctly the blackboxFranck Cuny1-10/+23
2022-04-04prometheus: attempt to configure blackbox exporterFranck Cuny1-0/+34
2022-04-04dashboard: more update for traefikFranck Cuny1-452/+1478
2022-04-04dashboards: more updates for traefikFranck Cuny1-1/+2
2022-04-04grafana: try to configure the data sourceFranck Cuny1-9/+28
2022-04-04grafana: add dashboard for traefikFranck Cuny1-0/+783
2022-04-03grafana: show last 6 hours for node exporterFranck Cuny1-2/+2
2022-04-03users: ensure I'm in the docker groupFranck Cuny1-1/+1
2022-04-03Revert "create a new role for navidrome"Franck Cuny3-35/+26
This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
2022-04-03create a new role for navidromeFranck Cuny3-26/+35
Apply the role to tahoe.
2022-04-02nas: add videos to the backupsFranck Cuny1-7/+2
We also don't need the music-organizer anymore since we're switching to beets.
2022-03-28nas: backup navidrome data and add music subdomainFranck Cuny2-0/+14
2022-03-28nas: bind navidrome to all interfacesFranck Cuny1-1/+4
2022-03-28nas: initial setup for navidromeFranck Cuny2-0/+9
2022-03-27nas: install music-organizer from the main branchFranck Cuny1-0/+1
2022-03-27nas: install correctly music-organizerFranck Cuny1-1/+1
2022-03-27nas: install music-organizerFranck Cuny1-3/+5
2022-03-26prometheus: stop scraping the NASFranck Cuny1-4/+2
we're shutting it down!
2022-03-25common: ensure zsh is installedFranck Cuny1-0/+1
2022-03-25gitea: remove invalid configurationFranck Cuny1-1/+0
2022-03-25shell: switch from zsh to fishFranck Cuny2-3/+3
why not ?
2022-03-15rclone: correct path for the backupsFranck Cuny1-2/+2
2022-03-14rclone: fix the pathFranck Cuny1-1/+1
2022-03-13prometheus: scrape gitea metricsFranck Cuny1-0/+6
2022-03-13gitea: enable metrics endpointFranck Cuny1-0/+1
2022-03-13server: typoFranck Cuny1-4/+2
2022-03-13rclone: rewrite the service unitFranck Cuny1-5/+6
2022-03-12default: install ethtool everywhereFranck Cuny1-0/+1
2022-03-12prometheus: collect more stuffFranck Cuny1-1/+1
2022-03-12hosts: add profilesFranck Cuny4-17/+18
Profiles contain a collection of modules.
2022-03-12users: add another ssh keyFranck Cuny1-2/+8
2022-03-12containers: enable dockerd and containerd on aptosFranck Cuny1-0/+11
2022-03-11rclone: add users backupFranck Cuny1-11/+12
2022-03-11nas: enable rclone configurationFranck Cuny1-0/+1
2022-03-11prometheus: scrap more endpointsFranck Cuny1-0/+30
2022-03-11rclone: synchronize restic repo to GCSFranck Cuny1-0/+29
Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day.
2022-03-09traefik: typoFranck Cuny1-1/+1
2022-03-09traefik: make the rules as specific as possibleFranck Cuny1-2/+4
Otherwise, `git` will conflict, since it exists on both domains.
2022-03-09traefik: typoFranck Cuny1-5/+5
2022-03-09gitea: typoFranck Cuny1-1/+1
2022-03-09traefik: handle fcuny.net and fcuny.xyzFranck Cuny1-7/+15
fcuny.net is for public facing domains, while fcuny.xyz are for domains on the tailscale network. I need to support configuration in traefik for both. The main difference, for traefik, is the domain name and which let's encrypt challenge to use (DNS for TS, HTTP for public). Refactor the function `mkServiceConfig` to accept the domain and LE challenge as argument, and add new entries for git.fcuny.net and git.fcuny.xyz.
2022-03-09gitea: do a backup with resticFranck Cuny1-0/+12
2022-03-09gitea: we need to specify the user for the DBFranck Cuny1-1/+4
2022-03-09system: install sqliteFranck Cuny1-3/+3
It's always useful to have it around.
2022-03-08gitea: initial configurationFranck Cuny2-0/+28
2022-03-08nas: backup photos and musicFranck Cuny1-0/+12
Instead of rsync-ing these folders to a GCS bucket, I should instead do a backup. If I screw up something, the content will be sync-ed, and I won't be able to restore it. It's better (maybe more expensive, but that's OK) to keep snapshots and be able to restore.
2022-03-07backups: spread them so they don't clashFranck Cuny3-0/+3
If they start running at the same time, they won't be able to succeed since there's a global lock on the repository.
2022-03-07grafana: backup the data directoryFranck Cuny1-0/+14
2022-03-07prometheus: backup the data directoryFranck Cuny1-0/+14
2022-03-07unifi: backup the data to the local reoFranck Cuny1-0/+14
2022-03-06prometheus: scrap unifi poller on the correct IPFranck Cuny1-1/+1
2022-03-06prometheus: scrape from unifi-pollerFranck Cuny1-31/+40
2022-03-06unifi: set the correct name for the poller's unitFranck Cuny1-2/+2
2022-03-06traefik: proper configuration for unifiFranck Cuny1-0/+14
2022-03-06unifi: configure the pollerFranck Cuny1-5/+18
2022-03-06unifi: add unifi on the NASFranck Cuny2-0/+54
2022-03-06transmission: disable the rpc allowlistFranck Cuny1-2/+1
This is not working as I think, will follow up later.
2022-03-06traefik: add transmission (bt.fcuny.xyz)Franck Cuny1-2/+4
2022-03-06nas: install transmissionFranck Cuny2-0/+36
Create a user and group 'nas' so we can run tranmission in it. This will also help us to enable some specific permissions on some directories.
2022-03-06grafana: rename the instance for the routerFranck Cuny1-16/+16
2022-03-06grafana: add a few more dashboardsFranck Cuny3-0/+10539
2022-03-06tahoe: enable tailscaleFranck Cuny1-0/+1
2022-03-06traefik: getting a working configurationFranck Cuny1-22/+21
2022-03-06traefik: second attempt, simpleFranck Cuny2-52/+35
2022-03-06traefik: initial configurationFranck Cuny2-0/+87
I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age.
2022-03-05backups: unit to run maintenance on my backupsFranck Cuny2-0/+26
This will be run via a timer once a day, to perform maintenance on my backups on the nas.
2022-03-05prometheus: scrape nodeexporter for the rtrFranck Cuny1-15/+24
2022-03-05samba: fix path for music, add videosFranck Cuny1-1/+7
2022-03-05tahoe: remove creation of some directoriesFranck Cuny1-29/+9
2022-03-05tahoe: new hardware configuratioFranck Cuny1-21/+13
2022-03-05aptos: remove mem_sleep_defaultFranck Cuny1-1/+0
The laptop was rebooting when I'd open the lid.
2022-03-05tailscale: add tailscale to the laptop (aptos)Franck Cuny2-0/+7
2022-03-04aptos: nixfmtFranck Cuny1-17/+10
2022-03-02tahoe: enable wireguardFranck Cuny1-0/+1
2022-03-02grafana: disable analytics correctlyFranck Cuny1-1/+2
2022-03-02wireguard: drop configuration for aptosFranck Cuny1-7/+0
This is done in the module itself.
2022-03-02prometheus: relabel some machinesFranck Cuny1-12/+20
Don't use the IP from wireguard as the name of the host, let's map to the actual hostname.
2022-03-02users: remove rsa keyFranck Cuny1-1/+0
2022-03-02grafana: disable analyticsFranck Cuny1-0/+1
2022-02-28grafana: provision dashboardsFranck Cuny2-0/+14120
Start with node-exporter-full dashboard.
2022-02-28grafana: setup provisioning correctlyFranck Cuny1-6/+9
2022-02-28grafana: fixFranck Cuny1-1/+1
2022-02-28grafana: configure admin user and data sourcesFranck Cuny1-1/+9
2022-02-28grafana: initial configurationFranck Cuny2-0/+10
2022-02-28prometheus: initial configuration for the serverFranck Cuny2-0/+30
Run prometheus via systemd, and configure to pull node-exporter's metrics from two hosts. The retention is set for 3 years.
2022-02-27users: change my ssh key for the laptopFranck Cuny1-1/+2
2022-02-27hosts: ensure we have bash and zshFranck Cuny1-0/+3
2022-02-27nas: consume everything from the server profileFranck Cuny1-0/+1
2022-02-27server: create a new profileFranck Cuny2-0/+19
This is a profile for servers related stuff. We start with monitoring for now.
2022-02-27tahoe: create some directoriesFranck Cuny1-0/+15
Ensure at least /data/media/music is created with the proper ownership.
2022-02-27samba: fix configurationFranck Cuny1-3/+3
Some settings were missing, others incorrect, and the name of the share was also incorrect.
2022-02-27tahoe: include NAS profileFranck Cuny1-0/+1
2022-02-27NAS: initial configurationFranck Cuny2-0/+34
For now we only want samba on it.
2022-02-27hardware: enable btrfs scrubber and fstrimmerFranck Cuny1-0/+3
2022-02-27software: drop nautilus, add a few more thingsFranck Cuny1-4/+0
Replace nautilus with pcmanfm, which is more than enough for my needs (I still can't open correctly images / PDF with nautilus, I don't care why). Add a few more packages (seahorse, easyeffects) to improve usability of the desktop.
2022-02-27pam: drop GDM configurationFranck Cuny1-2/+0
I don't use GDM anymore.
2022-02-27aptos: use the hardware module for xps9300Franck Cuny2-1/+1
2022-02-27hardware: start capturing hardware related stuffFranck Cuny2-0/+10
Create a new module for hardware related things, in order to configure correctly the various machines.
2022-02-27hosts: add tahoe, the new NASFranck Cuny2-0/+111
2022-02-24agenix: store wireguard key in persistent storageFranck Cuny1-0/+7
The key was created under /run/agenix, which is wiped out after a reboot. The key being absent prevents the wireguard interface to come up. Store the key somewhere persistent to prevent this to happen.
2022-02-24gnome: add more gnome settingsFranck Cuny1-1/+14
Without these settings a few things are not working correctly (nautilus can't browse ssh servers for example). This module needs to be renamed too.
2022-02-24xserver: drop it completelyFranck Cuny1-14/+0
Let's remove this, I was only using it to get GDM running, but that's causing a bunch of issues so far: - not all environment variables are loaded correctly - some units are not loaded in time When trying to use xorg and i3, I have way too many tears and I can't figure out a proper configuration. To make it easier, I'm going to keep sway and start `sway` from `tty1` directly.
2022-02-21ssh: authenticate only using ssh keyFranck Cuny1-0/+1
2022-02-21wireguard: module and peers configurationsFranck Cuny1-0/+1
Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
2022-02-21system: install a few more packagesFranck Cuny1-1/+10
2022-02-21users: add ssh keys for aptos and carmelFranck Cuny1-2/+2
2022-02-21fonts: add font-awesome for i3statusFranck Cuny1-0/+1
2022-02-21aptos: switch to iwd and enable thermaldFranck Cuny1-3/+5
Replace wpa_supplicant with iwd (I prefer that daemon and the associated tool, iwctl). Enable thermald for managing power.
2022-02-21hosts: add aptosFranck Cuny2-0/+91
aptos is my laptop (dell xps 13'). This adds the initial configuration for it.
2022-02-18xserver: add at-spi2-core packageFranck Cuny1-1/+5
See https://github.com/NixOS/nixpkgs/issues/16327 for details (this removes warnings in some services)
2022-02-18boot: fix the prefixFranck Cuny1-1/+1
2022-02-18xserver: natural scrolling is part of touchpad.Franck Cuny1-1/+1
2022-02-18fonts: rename some optionsFranck Cuny1-2/+1
`fontconfig.ultimate` does not exists anymore, and `enableFontDir` has been renamed to `fontDir.enable`.
2022-02-18system: add locale and securityFranck Cuny3-2/+19
2022-02-18desktop: enable natural scrollingFranck Cuny1-2/+4
2022-02-18boot: reorganize and add commentsFranck Cuny2-11/+16
Most of the options for booting are common to all hosts.
2022-02-18fonts: add more fonts for the systemFranck Cuny1-1/+8
2022-02-17sway: configure correctly dbus / keyringFranck Cuny1-8/+16
2022-02-16sway: install all the required packagesFranck Cuny1-1/+15
2022-02-16home-manager: move activate logic in users' configFranck Cuny1-4/+1
2022-02-16hosts: remove btrfs subvolume 'media'Franck Cuny1-6/+0
The host would not boot successfully with that, I'm doing something wrong.
2022-02-14hosts: add a new subvolumes to carmelFranck Cuny1-0/+6
Create a subvolume named 'media' that we will mount under /home/fcuny/media so we can snapshots /home/fcuny without the medias.
2022-02-14hosts: enable rtkit with audio moduleFranck Cuny1-0/+2
2022-02-13hosts: load igb kernel module for initrdFranck Cuny1-0/+1
We need to load the driver for the NIC.
2022-02-13hosts: unlock disks remotely on bootFranck Cuny3-19/+28
Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot.
2022-02-13desktop: ensure we're installing swayFranck Cuny1-1/+7
2022-02-13hosts: remove configuration for ssh keys in initrdFranck Cuny1-1/+0
This is not working yet, we will figure this out later.
2022-02-13motd: drop, there's no need for thatFranck Cuny2-13/+0
2022-02-13sway: first attempt at configuring swayFranck Cuny1-11/+3
Let's switch right away to sway instead, now that there's an emacs package to support wayland.
2022-02-13hosts: install linux perf tools for the hostFranck Cuny1-1/+8
2022-02-13hosts: decrypt root disk via ssh on bootFranck Cuny3-0/+27
2022-02-13desktop: gnome related thingsFranck Cuny1-1/+10
2022-02-13hosts: enable avahi on desktopFranck Cuny1-0/+5
This is going to be needed to print (for example).
2022-02-12hosts: load services at the host levelFranck Cuny1-0/+15
These services are not configured at the user level, but at the host level. We might need a better separation in the future, in case I don't use xserver for example.
2022-02-12hosts: rename commons to commonFranck Cuny13-0/+0
2022-02-12hosts: import common modulesFranck Cuny1-2/+1
Update the `mkSystem` function to include the proper common module, and fix the path to import the common configuration for a desktop into `carmel`.
2022-02-12move configurations and modules aroundFranck Cuny13-10/+187
Sorry, this is a mess, hopefully the last one.
2022-02-12hosts: more typoFranck Cuny1-1/+1
2022-02-12hosts: typoFranck Cuny1-1/+2
2022-02-12hosts: centralize network configurationFranck Cuny3-10/+37
2022-02-10hosts: set hostname from configurationFranck Cuny1-6/+2
2022-02-10fix a few errorsFranck Cuny1-0/+1
2022-02-10hosts: common configuration across all hostsFranck Cuny1-0/+12
2022-02-10nix: fix a bunch of stuffFranck Cuny1-1/+0
2022-02-09hosts: use systemd-resolved on carmelFranck Cuny1-0/+6
2022-02-09hosts: remove usersFranck Cuny1-1/+0
2022-02-09hosts: remove / clean codeFranck Cuny1-44/+5
There's a lot of commented stuff I don't need, and move things that are configured in the host into modules, which will improve re-usability and readability of this configuration.
2022-02-09home-manager: simplify the configurationFranck Cuny1-0/+3
I'm still struggling with documentation, and I'd rather have something simple that works rather than smart and does not work. The configuration for the host imports the modules that are relevant to that host (in the case of carmel, desktop and systems). For the home-manager, I create a profile "desktop" that contains stuff related to a desktop (i3, etc), and it includes the module "common" that contains stuff that I want on any machines (so that in the future, for a machine that is a server, the home manager will only import "common").
2022-02-08hosts: remove unneeded commentsFranck Cuny1-6/+0
2022-02-08systems: move some packages out of host configFranck Cuny1-5/+0
2022-02-08carmel: use DHCP on the wireless interfaceFranck Cuny1-1/+2
2022-02-08xserver: initial configurationFranck Cuny1-8/+0
Enable it for the desktop.
2022-02-08systems: default configuration for all systemsFranck Cuny1-3/+0
2022-02-07carmel: initial host configurationFranck Cuny2-0/+144
Initial configuration for the desktop (carmel).
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-08 16:34:16 +0000