aboutsummaryrefslogtreecommitdiff
path: root/machines/nixos/x86_64-linux (unfollow)
Commit message (Collapse)AuthorFilesLines
17 hoursmove videos and music under /data/mediaHEADmainFranck Cuny1-2/+1
17 hoursbackup videos to NASFranck Cuny1-1/+2
4 daysbackup musicFranck Cuny1-1/+4
7 daysadd a module to remotely unlock machinesFranck Cuny1-0/+12
For machines with full disk encryption, we can remotely unlock them from bree. A systemd timer will run every 10 minutes and check if we need to unlock the host. If we need to, it will SSH and provide the passphrase to unlock the disk(s).
8 daysadd a profile for wireguard configurationFranck Cuny3-108/+5
8 daysthe VM on the synology was reinstalledFranck Cuny4-7/+23
All the secrets were re-keyed.
9 daysbackup to the synology nasFranck Cuny1-0/+3
In addition to do a local backup, we also backup to the synology nas. We don't configure what to backup in the profiles, but instead in the host configuration.
9 daysrename synology-vm to breeFranck Cuny2-41/+8
13 daysmove reverse proxy configuration to a profileFranck Cuny1-82/+1
13 daysconfigure miniflux and integrate with autheliaFranck Cuny2-0/+7
14 daysadding webfinger supportFranck Cuny1-0/+37
14 daysinitial setup for autheliaFranck Cuny2-1/+10
14 daysdelete do-rproxyFranck Cuny1-85/+0
This machine is replaced by argonath
14 daysconfigure the reverse proxy on argonathFranck Cuny1-0/+32
2025-11-21wireguard configuration for argonathFranck Cuny2-2/+36
2025-11-21add new host: argonathFranck Cuny1-0/+26
2025-11-20move acme configurations to a profileFranck Cuny1-29/+2
Clean up API keys for Cloudflare.
2025-11-16run my website from rivendellFranck Cuny3-117/+26
2025-11-15delete profiles for forgejo and keycloakFranck Cuny1-2/+0
2025-11-15simplify the backupsFranck Cuny2-21/+1
2025-11-10configure the reverse proxy for cgitFranck Cuny2-8/+2
2025-11-09re-use gitolite as a git serverFranck Cuny1-0/+1
2025-11-09remove tailscale configurationFranck Cuny1-15/+0
2025-11-02cleanup nixos related configurationsFranck Cuny3-58/+21
2025-11-02simplify configuration for darwinFranck Cuny3-0/+26
2025-10-24move remote-unlock as a profileFranck Cuny1-3/+3
2025-10-24configure rivendell to be an exit node for tailscaleFranck Cuny1-0/+14
2025-10-24simplify hosts managementFranck Cuny11-235/+109
2025-10-23move a few more things back as profilesFranck Cuny3-0/+9
2025-10-23enable tailscale on 2 machinesFranck Cuny1-0/+1
2025-10-23webfinger setup to support tailscaleFranck Cuny1-43/+94
Based on https://tailscale.com/kb/1240/sso-custom-oidc and https://github.com/randomnetcat/nix-configs/blob/f1963827395d6c82a7e64267fde9b0c82da02380/hosts/bear/auth/default.nix#L134
2025-10-18move keycloak and forgejo on rivendellFranck Cuny6-137/+7
I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
2025-10-18configure wireguard for rivendellFranck Cuny3-0/+41
2025-10-18move the disk configuration for rivendell as a profileFranck Cuny2-68/+1
2025-10-13introduce a module for baremetal machinesFranck Cuny1-5/+1
2025-10-13introduce a module for digital ocean dropletFranck Cuny2-71/+3
2025-10-13consistent home-manager configuration for all nixos hostsFranck Cuny6-44/+0
2025-10-12make the remote unlock bits a nix moduleFranck Cuny2-59/+24
Move all the hardware configuration for rivendell into the default.nix.
2025-10-12initial setup for the framework destkop (named rivendell)Franck Cuny5-0/+194
2025-10-09configure podman for all nixos machinesFranck Cuny2-4/+0
2025-10-09import home-manager.nix and user.nix by default on nixosFranck Cuny2-4/+0
2025-10-09automatically import home-manager.nix for all hostsFranck Cuny2-2/+0
2025-10-09more simplification of the configurationFranck Cuny2-5/+0
2025-10-09move common modules under modules/Franck Cuny2-2/+0
Simplify the import on the various hosts.
2025-10-06nix configuration is applied by default to nixos machinesFranck Cuny2-4/+0
2025-09-12start to refactor nixos modulesFranck Cuny2-2/+0
2025-09-08Revert "move droplet specific settings to its own module"Franck Cuny2-3/+61
This reverts commit 3b47113c28c5180d4d5d710e3c1fe74f95aa7226.
2025-09-08move droplet specific settings to its own moduleFranck Cuny2-61/+3
2025-09-07move deployment bits to colmena declarationFranck Cuny2-14/+0
2025-09-07the resume is in HTMLFranck Cuny1-2/+0
2025-09-06run my personal website on the dropletFranck Cuny1-1/+28
2025-09-01initial attempt at using colmena to deploy nixos configurationsFranck Cuny2-0/+14
Can be used that way: ``` colmena exec --impure -v --on do-rproxy -- 'systemctl status nginx' ``` or ``` colmena --impure apply dry-activate --on synology-vm ```
2025-08-30switch to nginxFranck Cuny4-75/+76
For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
2025-08-24run `goget` on `go.fcuny.net`Franck Cuny3-0/+22
2025-08-24open firewall ports for forgejo and keycloakFranck Cuny2-0/+4
2025-08-20initial configuration for fail2banFranck Cuny1-0/+1
We need to ensure the firewall is enabled and let's ensure that we open the port for SSH.
2025-08-17add a wrapper for forgejo admin commandsFranck Cuny1-1/+14
2025-08-17enable forgejo dumpFranck Cuny1-0/+3
2025-08-17create a new systemd slice for critical servicesFranck Cuny2-16/+2
2025-08-14add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny5-44/+105
2025-08-12initial setup for forgejo and caddyFranck Cuny7-6/+78
2025-08-12more simplificationsFranck Cuny2-53/+56
2025-08-12move secrets to their own files and delete unused profileFranck Cuny5-45/+62
2025-08-12move profile for home-manager under programsFranck Cuny2-2/+2
2025-08-12profiles for doc, fish, and remove unused profilesFranck Cuny2-2/+6
2025-08-12move git server profile closer to host configFranck Cuny2-1/+41
2025-08-12move hardware config closer to the host configFranck Cuny2-1/+24
2025-08-12add profiles for security, firewalls, and usersFranck Cuny2-0/+6
2025-08-12add a profile for bootFranck Cuny2-0/+2
2025-08-12use podman for containers on nixosFranck Cuny2-0/+2
2025-08-12add profile for motdFranck Cuny2-0/+2
2025-08-12create profiles for networkd and nix's GCFranck Cuny2-2/+4
2025-08-12move disks configuration to the host' directoryFranck Cuny4-2/+112
2025-08-12profile for toolsFranck Cuny2-0/+2
2025-08-12profile for sshdFranck Cuny2-0/+2
2025-08-12import localeFranck Cuny2-0/+2
2025-08-12move each machine configuration to a folderFranck Cuny2-0/+0
This will give me a bit more flexibility to configure things per machine in the future.
2025-08-12users -> homeFranck Cuny2-2/+2
2025-08-10setup wireguard tunnel between the VM and DO hostsFranck Cuny2-0/+31
2025-08-10manage a DigitalOcean virtual machine with nixosFranck Cuny2-14/+115
Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
2025-08-09add the SSH key for the remote builderFranck Cuny1-0/+3
All the secrets were rekeyed.
2025-08-03absolute path for loading minimal profileFranck Cuny1-1/+1
2025-08-03attempt at configuring the remote builder on the VMFranck Cuny1-0/+10
2025-07-25add a module for backupsFranck Cuny1-0/+9
Enable the module on the VM, and backup the git repositories both to the NAS and to a GCS bucket.
2025-07-25add a module for mounting CIFS volumesFranck Cuny1-0/+15
The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
2025-07-25enable cloudflared on the vmFranck Cuny1-0/+15
2025-07-21keep organizing into modules and profilesFranck Cuny1-26/+4
2025-07-21move all profiles, modules, and flakes to top-levelFranck Cuny1-4/+4
2025-07-21install minimal home-manager profile on the VMFranck Cuny1-1/+15
2025-07-21move machines definitions to top-levelFranck Cuny1-0/+53
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:37:25 +0000