aboutsummaryrefslogtreecommitdiff
path: root/machines (follow)
Commit message (Collapse)AuthorAgeFilesLines
* move videos and music under /data/mediaHEADmainFranck Cuny11 hours1-2/+1
|
* backup videos to NASFranck Cuny11 hours1-1/+2
|
* backup musicFranck Cuny4 days1-1/+4
|
* add a profile for passage and install hledgerFranck Cuny5 days1-0/+2
|
* add a module to remotely unlock machinesFranck Cuny7 days1-0/+12
| | | | | | | For machines with full disk encryption, we can remotely unlock them from bree. A systemd timer will run every 10 minutes and check if we need to unlock the host. If we need to, it will SSH and provide the passphrase to unlock the disk(s).
* add a profile for wireguard configurationFranck Cuny7 days3-108/+5
|
* the VM on the synology was reinstalledFranck Cuny7 days4-7/+23
| | | | All the secrets were re-keyed.
* backup to the synology nasFranck Cuny8 days1-0/+3
| | | | | | In addition to do a local backup, we also backup to the synology nas. We don't configure what to backup in the profiles, but instead in the host configuration.
* rename synology-vm to breeFranck Cuny8 days2-41/+8
|
* move reverse proxy configuration to a profileFranck Cuny12 days1-82/+1
|
* configure miniflux and integrate with autheliaFranck Cuny12 days2-0/+7
|
* adding webfinger supportFranck Cuny13 days1-0/+37
|
* initial setup for autheliaFranck Cuny13 days2-1/+10
|
* delete do-rproxyFranck Cuny13 days1-85/+0
| | | | This machine is replaced by argonath
* configure the reverse proxy on argonathFranck Cuny13 days1-0/+32
|
* wireguard configuration for argonathFranck Cuny2025-11-212-2/+36
|
* add new host: argonathFranck Cuny2025-11-211-0/+26
|
* move acme configurations to a profileFranck Cuny2025-11-201-29/+2
| | | | Clean up API keys for Cloudflare.
* run my website from rivendellFranck Cuny2025-11-163-117/+26
|
* delete profiles for forgejo and keycloakFranck Cuny2025-11-151-2/+0
|
* simplify the backupsFranck Cuny2025-11-152-21/+1
|
* configure the reverse proxy for cgitFranck Cuny2025-11-102-8/+2
|
* re-use gitolite as a git serverFranck Cuny2025-11-091-0/+1
|
* remove tailscale configurationFranck Cuny2025-11-092-17/+0
|
* simplify home profiles a bit moreFranck Cuny2025-11-032-2/+0
|
* fish shell setup for darwinFranck Cuny2025-11-032-8/+4
|
* add helpers to build remotely with nixosFranck Cuny2025-11-021-1/+1
|
* cleanup nixos related configurationsFranck Cuny2025-11-023-58/+21
|
* simplify configuration for darwinFranck Cuny2025-11-025-2/+43
|
* move remote-unlock as a profileFranck Cuny2025-10-241-3/+3
|
* configure rivendell to be an exit node for tailscaleFranck Cuny2025-10-241-0/+14
|
* simplify hosts managementFranck Cuny2025-10-2413-243/+117
|
* move a few more things back as profilesFranck Cuny2025-10-233-0/+9
|
* enable tailscale on 2 machinesFranck Cuny2025-10-232-0/+3
|
* webfinger setup to support tailscaleFranck Cuny2025-10-231-43/+94
| | | | | Based on https://tailscale.com/kb/1240/sso-custom-oidc and https://github.com/randomnetcat/nix-configs/blob/f1963827395d6c82a7e64267fde9b0c82da02380/hosts/bear/auth/default.nix#L134
* simplify darwin configurationFranck Cuny2025-10-235-62/+34
| | | | Remove a bunch of files and consolidate everything into the host's file.
* move keycloak and forgejo on rivendellFranck Cuny2025-10-186-137/+7
| | | | | I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
* configure wireguard for rivendellFranck Cuny2025-10-183-0/+41
|
* move the disk configuration for rivendell as a profileFranck Cuny2025-10-182-68/+1
|
* introduce a module for baremetal machinesFranck Cuny2025-10-131-5/+1
|
* introduce a module for digital ocean dropletFranck Cuny2025-10-132-71/+3
|
* consistent home-manager configuration for all nixos hostsFranck Cuny2025-10-136-44/+0
|
* make the remote unlock bits a nix moduleFranck Cuny2025-10-122-59/+24
| | | | Move all the hardware configuration for rivendell into the default.nix.
* initial setup for the framework destkop (named rivendell)Franck Cuny2025-10-125-0/+194
|
* configure podman for all nixos machinesFranck Cuny2025-10-092-4/+0
|
* import home-manager.nix and user.nix by default on nixosFranck Cuny2025-10-092-4/+0
|
* automatically import home-manager.nix for all hostsFranck Cuny2025-10-094-5/+0
|
* don't import fonts.nixFranck Cuny2025-10-091-1/+0
| | | | This has been merged in the desktop.nix module.
* more simplification of the configurationFranck Cuny2025-10-092-5/+0
|
* move common modules under modules/Franck Cuny2025-10-094-15/+0
| | | | Simplify the import on the various hosts.
* nix configuration is applied by default to nixos machinesFranck Cuny2025-10-062-4/+0
|
* start to refactor nixos modulesFranck Cuny2025-09-122-2/+0
|
* Revert "move droplet specific settings to its own module"Franck Cuny2025-09-082-3/+61
| | | | This reverts commit 3b47113c28c5180d4d5d710e3c1fe74f95aa7226.
* move droplet specific settings to its own moduleFranck Cuny2025-09-082-61/+3
|
* move deployment bits to colmena declarationFranck Cuny2025-09-072-14/+0
|
* the resume is in HTMLFranck Cuny2025-09-071-2/+0
|
* run my personal website on the dropletFranck Cuny2025-09-061-1/+28
|
* initial attempt at using colmena to deploy nixos configurationsFranck Cuny2025-09-012-0/+14
| | | | | | | | | | | | Can be used that way: ``` colmena exec --impure -v --on do-rproxy -- 'systemctl status nginx' ``` or ``` colmena --impure apply dry-activate --on synology-vm ```
* switch to nginxFranck Cuny2025-08-304-75/+76
| | | | | For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
* run `goget` on `go.fcuny.net`Franck Cuny2025-08-243-0/+22
|
* open firewall ports for forgejo and keycloakFranck Cuny2025-08-242-0/+4
|
* initial configuration for fail2banFranck Cuny2025-08-201-0/+1
| | | | | We need to ensure the firewall is enabled and let's ensure that we open the port for SSH.
* add a wrapper for forgejo admin commandsFranck Cuny2025-08-171-1/+14
|
* enable forgejo dumpFranck Cuny2025-08-171-0/+3
|
* create a new systemd slice for critical servicesFranck Cuny2025-08-172-16/+2
|
* add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny2025-08-145-44/+105
|
* initial setup for forgejo and caddyFranck Cuny2025-08-127-6/+78
|
* more simplificationsFranck Cuny2025-08-127-109/+111
|
* move secrets to their own files and delete unused profileFranck Cuny2025-08-125-45/+62
|
* move profile for home-manager under programsFranck Cuny2025-08-124-4/+4
|
* profiles for darwinFranck Cuny2025-08-122-2/+6
|
* profiles for doc, fish, and remove unused profilesFranck Cuny2025-08-122-2/+6
|
* add a profile for fontsFranck Cuny2025-08-122-8/+2
|
* move git server profile closer to host configFranck Cuny2025-08-122-1/+41
|
* move hardware config closer to the host configFranck Cuny2025-08-122-1/+24
|
* add profiles for darwin and remote builderFranck Cuny2025-08-122-1/+3
|
* add profiles for security, firewalls, and usersFranck Cuny2025-08-122-0/+6
|
* add a profile for bootFranck Cuny2025-08-122-0/+2
|
* use podman for containers on nixosFranck Cuny2025-08-122-0/+2
|
* add profile for motdFranck Cuny2025-08-122-0/+2
|
* create profiles for networkd and nix's GCFranck Cuny2025-08-122-2/+4
|
* move disks configuration to the host' directoryFranck Cuny2025-08-124-2/+112
|
* profile for toolsFranck Cuny2025-08-122-0/+2
|
* profile for sshdFranck Cuny2025-08-122-0/+2
|
* import localeFranck Cuny2025-08-122-0/+2
|
* move each machine configuration to a folderFranck Cuny2025-08-124-0/+0
| | | | | This will give me a bit more flexibility to configure things per machine in the future.
* users -> homeFranck Cuny2025-08-124-6/+6
|
* setup wireguard tunnel between the VM and DO hostsFranck Cuny2025-08-102-0/+31
|
* manage a DigitalOcean virtual machine with nixosFranck Cuny2025-08-102-14/+115
| | | | | | | Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
* add the SSH key for the remote builderFranck Cuny2025-08-092-0/+12
| | | | All the secrets were rekeyed.
* absolute path for loading minimal profileFranck Cuny2025-08-031-1/+1
|
* attempt at configuring the remote builder on the VMFranck Cuny2025-08-032-0/+11
|
* add a module for backupsFranck Cuny2025-07-251-0/+9
| | | | | Enable the module on the VM, and backup the git repositories both to the NAS and to a GCS bucket.
* add a module for mounting CIFS volumesFranck Cuny2025-07-251-0/+15
| | | | | | | | | | The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
* enable cloudflared on the vmFranck Cuny2025-07-251-0/+15
|
* fix configuration for work machineFranck Cuny2025-07-241-3/+0
| | | | | | The hostname is capitalized so let's also capitalize the filename! The overlays are not under `customPackages` anymore.
* keep organizing into modules and profilesFranck Cuny2025-07-213-29/+4
|
* move all profiles, modules, and flakes to top-levelFranck Cuny2025-07-213-10/+10
|
* move user configurations to top-levelFranck Cuny2025-07-212-4/+4
|
* install minimal home-manager profile on the VMFranck Cuny2025-07-211-1/+15
|
* move machines definitions to top-levelFranck Cuny2025-07-213-0/+179
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 03:49:46 +0000