aboutsummaryrefslogtreecommitdiff
path: root/profiles (follow)
Commit message (Collapse)AuthorAgeFilesLines
* re-use gitolite as a git serverFranck Cuny2025-11-091-0/+27
|
* remove tailscale configurationFranck Cuny2025-11-091-9/+0
|
* install kitty terminfo on serversFranck Cuny2025-11-091-0/+1
|
* add helpers to build remotely with nixosFranck Cuny2025-11-022-2/+3
|
* cleanup nixos related configurationsFranck Cuny2025-11-024-0/+153
|
* simplify configuration for darwinFranck Cuny2025-11-021-0/+36
|
* move remote-unlock as a profileFranck Cuny2025-10-241-0/+22
|
* simplify hosts managementFranck Cuny2025-10-241-0/+54
|
* move a few more things back as profilesFranck Cuny2025-10-233-0/+207
|
* add a profile for tailscaleFranck Cuny2025-10-231-0/+9
| | | | will be used by nixos machines.
* simplify darwin configurationFranck Cuny2025-10-231-0/+84
| | | | Remove a bunch of files and consolidate everything into the host's file.
* move keycloak and forgejo on rivendellFranck Cuny2025-10-182-0/+123
| | | | | I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
* move the disk configuration for rivendell as a profileFranck Cuny2025-10-181-0/+74
|
* configure podman for all nixos machinesFranck Cuny2025-10-091-13/+0
|
* import home-manager.nix and user.nix by default on nixosFranck Cuny2025-10-092-34/+0
|
* automatically import home-manager.nix for all hostsFranck Cuny2025-10-091-36/+0
|
* more simplification of the configurationFranck Cuny2025-10-093-44/+0
|
* move common modules under modules/Franck Cuny2025-10-097-101/+0
| | | | Simplify the import on the various hosts.
* fix DNS configurationFranck Cuny2025-10-061-3/+0
| | | | DNSOverTLS does not work by default. Will figure this out later.
* nix configuration is applied by default to nixos machinesFranck Cuny2025-10-062-35/+0
|
* getting fancy!Franck Cuny2025-10-061-2/+2
|
* start to refactor nixos modulesFranck Cuny2025-09-1210-178/+0
|
* split-up firefox configurationFranck Cuny2025-08-211-0/+1
| | | | | Ensure we install the bin package, so that we can use the 1password extension (we need a signed binary for that).
* initial configuration for fail2banFranck Cuny2025-08-203-1/+18
| | | | | We need to ensure the firewall is enabled and let's ensure that we open the port for SSH.
* add dysk on linux machinesFranck Cuny2025-08-171-0/+1
|
* a few more network related sysctlFranck Cuny2025-08-171-0/+2
|
* create a new systemd slice for critical servicesFranck Cuny2025-08-172-0/+89
|
* configure podmanFranck Cuny2025-08-141-0/+8
|
* more simplificationsFranck Cuny2025-08-121-0/+7
|
* remove unused variableFranck Cuny2025-08-121-1/+0
|
* move profile for home-manager under programsFranck Cuny2025-08-121-0/+0
|
* profiles for darwinFranck Cuny2025-08-124-93/+79
|
* profiles for doc, fish, and remove unused profilesFranck Cuny2025-08-125-17/+13
|
* add nameservers configuration to network profileFranck Cuny2025-08-122-6/+6
|
* add a profile for fontsFranck Cuny2025-08-121-0/+6
|
* move git server profile closer to host configFranck Cuny2025-08-121-40/+0
|
* move hardware config closer to the host configFranck Cuny2025-08-121-23/+0
|
* add profiles for darwin and remote builderFranck Cuny2025-08-123-3/+5
|
* add profiles for security, firewalls, and usersFranck Cuny2025-08-125-15/+18
|
* add a profile for bootFranck Cuny2025-08-122-8/+9
|
* use podman for containers on nixosFranck Cuny2025-08-123-4/+5
|
* add profile for motdFranck Cuny2025-08-122-2/+9
|
* create profiles for networkd and nix's GCFranck Cuny2025-08-124-16/+24
|
* move disks configuration to the host' directoryFranck Cuny2025-08-121-55/+0
|
* profile for toolsFranck Cuny2025-08-122-17/+19
|
* profile for sshdFranck Cuny2025-08-122-4/+19
|
* import localeFranck Cuny2025-08-122-7/+11
|
* users -> homeFranck Cuny2025-08-121-15/+14
|
* manage a DigitalOcean virtual machine with nixosFranck Cuny2025-08-103-18/+13
| | | | | | | Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
* add the SSH key for the remote builderFranck Cuny2025-08-091-8/+6
| | | | All the secrets were rekeyed.
* attempt at configuring the remote builder on the VMFranck Cuny2025-08-031-0/+34
|
* add a home-manager module for 1passwordFranck Cuny2025-07-291-0/+1
| | | | The module takes care of configuring the 1password SSH agent.
* add MOTD for serversFranck Cuny2025-07-271-0/+2
|
* add a module for backupsFranck Cuny2025-07-251-0/+15
| | | | | Enable the module on the VM, and backup the git repositories both to the NAS and to a GCS bucket.
* keep organizing into modules and profilesFranck Cuny2025-07-216-82/+160
|
* move all profiles, modules, and flakes to top-levelFranck Cuny2025-07-217-0/+317
|
* delete even more unused configurationsFranck Cuny2023-12-0924-1067/+0
|
* add fonts specificallyFranck Cuny2023-07-081-1/+5
| | | | | | For some reasons, while google-fonts install noto, emacs was unable to find it (but was able to find source code pro). List the fonts explicitly to make emacs happy.
* update settings for nixos 23.05Franck Cuny2023-07-061-2/+4
| | | | | | | | Fix the following error: ``` trace: warning: The option `services.openssh.permitRootLogin' defined in `/nix/store/l0n3297c7znfapx32a6av1c26yj042j4-source/profiles/server.nix' has been renamed to `services.openssh.settings.PermitRootLogin'. trace: warning: The option `services.openssh.passwordAuthentication' defined in `/nix/store/l0n3297c7znfapx32a6av1c26yj042j4-source/profiles/server.nix' has been renamed to `services.openssh.settings.PasswordAuthentication'. ```
* enable zsh for all profilesFranck Cuny2023-07-062-2/+1
|
* update nixos and home-manager to 23.05Franck Cuny2023-07-052-2/+6
|
* change monospace font back to source code proFranck Cuny2023-06-081-2/+1
|
* workstation: more tweaks for the UI and fontsFranck Cuny2023-05-291-2/+1
|
* profiles/default: fix the GC configurationFranck Cuny2023-05-281-1/+1
| | | | | | I got the settings wrong. The `weekly` applies to `nix.gc.dates`, which is for how often the GC should run. While `nix.gc.options` is to delete content in the store older than 14 days (in my case).
* font: switch to Roboto for system font and JetBrain for monospaceFranck Cuny2023-05-281-17/+11
|
* profiles/monitoring: a bunch of fixesFranck Cuny2023-05-123-3/+3
|
* profiles/nginx: set the default port to 8080Franck Cuny2023-05-121-1/+8
| | | | | | If we don't set a default port, with `statusPage` enabled, we can't start nginx on the router, since we also need to bind to port 80 for the stream.
* profiles/loki: fix a few configuration errorsFranck Cuny2023-05-122-5/+4
|
* profiles/monitoring: move loki to a profileFranck Cuny2023-05-122-1/+104
| | | | | Add a nginx virtualhost for loki too, so that we can use a valid SSL certificate.
* profiles/monitoring: move promtail to a profileFranck Cuny2023-05-121-0/+54
|
* profiles/monitoring: move node exporter to a profileFranck Cuny2023-05-121-0/+7
|
* home/carmel: move router's configuration to a profileFranck Cuny2023-05-121-0/+87
|
* profiles/default: list installed packages in /etc/installed-packagesFranck Cuny2023-05-121-1/+10
|
* profiles/backup: fix path to the ssh keysFranck Cuny2023-05-121-2/+2
|
* profiles/backup: configure the backup serverFranck Cuny2023-05-121-0/+49
| | | | | It creates the user, ensure sftp is configured correctly, and rsync the backups to rsync.net once a day.
* profiles/syncthing: move the old moduleFranck Cuny2023-05-101-0/+44
|
* profiles/seedbox: move transmission to itFranck Cuny2023-05-101-0/+49
| | | | | Note that this is not used by anything yet, as a password needs to be set first.
* profiles/samba: fix variableFranck Cuny2023-05-101-1/+1
|
* profiles/samba: convert the old module as a profileFranck Cuny2023-05-101-0/+33
|
* profiles/git-server: fix path for the backupFranck Cuny2023-05-101-1/+1
|
* profiles/git-server: move gitolite and cgitFranck Cuny2023-05-101-0/+129
|
* profiles/music-server: fix backup configurationFranck Cuny2023-05-101-2/+2
|
* profiles/music-server: moved navidromeFranck Cuny2023-05-101-0/+40
|
* profiles/unifi: fix variableFranck Cuny2023-05-101-1/+1
|
* profiles/unifi: move the module to a profileFranck Cuny2023-05-101-0/+38
| | | | | Get rid of configuration that was duplicated (a lot of things are already handled by the upstream module).
* profiles/nginx: move common configuration to a profileFranck Cuny2023-05-091-0/+23
| | | | | | Both tahoe and carmel are using nginx, and we can simplify the configuration by moving common parts to the profile and have these hosts import it.
* profiles: clean up the importsFranck Cuny2023-05-082-3/+0
| | | | The hosts should be explicit about what to import.
* profile/acme: default DNS provider is gandiFranck Cuny2023-05-082-1/+19
| | | | | | | | | | Add the API key for gandi to the secrest, create a profile for acme with my defaults. The profile is loaded by tahoe since that's where our services are running on. Update all the servers in nginx to listen on their wireguard interface.
* profiles/laptop: more tweaksFranck Cuny2023-05-071-1/+2
|
* profiles/xps9300: add more settingsFranck Cuny2023-05-063-2/+29
| | | | Coming from https://github.com/NixOS/nixos-hardware/blob/51559e691f1493a26f94f1df1aaf516bb507e78b/dell/xps/13-9300/default.nix
* profiles/workstation: move sway to the workstation profileFranck Cuny2023-05-061-0/+23
|
* profiles/laptop: set correct governor for tlpFranck Cuny2023-05-061-2/+3
| | | | | | | | | I was getting: ``` Error in configuration at CPU_SCALING_GOVERNOR_ON_AC="schedutil": governor not available. Skipped. ``` Restore to the previous configuration.
* profiles/default: larger font on the console for all hostsFranck Cuny2023-05-062-10/+10
| | | | Easier on my eyes.
* profiles/default: users are immutableFranck Cuny2023-05-021-0/+3
|
* profiles/server: move boot loader configurationFranck Cuny2023-05-021-0/+3
|
* profiles: consolidates common networking bitsFranck Cuny2023-05-025-0/+26
| | | | This remove ssh on workstations. I also drop mosh since I don't use it.
* profiles/default: move stuff related to bootFranck Cuny2023-05-021-0/+16
|
* profiles: move things around for btrfsFranck Cuny2023-05-025-0/+25
|
* profiles/hardware: create a few profiles related to hardwareFranck Cuny2023-05-024-0/+25
|
* profiles/default: move default packages thereFranck Cuny2023-05-021-0/+45
|
* profiles/default: more consolidationFranck Cuny2023-05-024-0/+76
|
* profiles/workstation: add font configurationsFranck Cuny2023-05-021-0/+31
|
* profiles: create default and serverFranck Cuny2023-05-023-0/+17
| | | | | | | | | | The NAS and the router are "servers", and we create a base profile for them. We add a default profile that will set things that are common to all my hosts, and we start with the locales. Update tahoe/carmel to use the server profile.
* profiles/workstation: consolidate sound related configurationsFranck Cuny2023-05-021-0/+24
|
* profiles/workstation: moved more things aroundFranck Cuny2023-05-011-0/+18
|
* profiles/laptop: consolidate services related to laptopFranck Cuny2023-05-011-0/+13
|
* profiles/workstation: reduce the number of moving partsFranck Cuny2023-05-011-0/+6
| | | | | | | | There's too many moving parts and layers of abstractions, for no benefits: I only have to manage 3-4 machines. Going to create profiles, move things there, and stop with the `enable` pattern.
* ref(profiles): get rid of all the profilesFranck Cuny2022-06-093-38/+0
| | | | | | | | | | | | | | All the modules that are setup by the profiles are now managed at the host level. This simplify some configuration, and will make it easier to adjust things at the host instead of trying to squeeze everything into profiles. This will also help the refactoring later, when I'll split nixos and home-manager configuration. Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5 Reviewed-on: https://cl.fcuny.net/c/world/+/297 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(GTK): remove the profile for GTKFranck Cuny2022-06-093-18/+2
| | | | | | | | All the configuration is done at the host level. Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693 Reviewed-on: https://cl.fcuny.net/c/world/+/296 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(desktop): move all the modules for home-manager to host levelFranck Cuny2022-06-091-11/+0
| | | | | | Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0 Reviewed-on: https://cl.fcuny.net/c/world/+/294 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(trusted): consume modules within host's configurationFranck Cuny2022-06-092-23/+1
| | | | | | | | | Remove the trusted profiles, the modules are installed directly within the host configuration. Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078 Reviewed-on: https://cl.fcuny.net/c/world/+/293 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(multimedia): move multimedia modules to hostsFranck Cuny2022-06-092-13/+1
| | | | | | | | | Consume the modules related to multimedia applications at the host level, instead of having a level of indirection with a profile. Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002 Reviewed-on: https://cl.fcuny.net/c/world/+/292 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(laptop): move services related to laptop to host's configurationFranck Cuny2022-06-092-16/+1
| | | | | | | | | | As for the bluetooth configuration, we don't need that level of indirection. The laptop can consume these services directly, and we can drop the profile for laptop. Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e Reviewed-on: https://cl.fcuny.net/c/world/+/290 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(bluetooth): remove the profileFranck Cuny2022-06-092-13/+1
| | | | | | | | | | | I don't need a profile for this, the module can be consumed directly from the host's hardware configuration. It removes one level of indirection and helps us toward the goal of completely removing all the profiles. Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114 Reviewed-on: https://cl.fcuny.net/c/world/+/289 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove secret and CLI for droneFranck Cuny2022-06-041-1/+0
| | | | | | | | | I'm not using drone anymore. I don't need the CLI and the secret to be installed. Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714 Reviewed-on: https://cl.fcuny.net/c/world/+/261 Reviewed-by: Franck Cuny <franck@fcuny.net>
* add modules to manage bluetoothFranck Cuny2022-05-122-1/+13
|
* home: install the drone CLIFranck Cuny2022-05-021-0/+1
|
* home: add a module for direnvFranck Cuny2022-05-011-0/+1
|
* scanner: install tools on the laptopFranck Cuny2022-04-241-1/+5
|
* gcloud: add google-cloud-sdk on trusted hostsFranck Cuny2022-04-241-0/+1
|
* syncthing: enable on trusted machinesFranck Cuny2022-04-211-0/+1
| | | | Add the cert and key for aptos.
* home: enable ssh config on trusted hostsFranck Cuny2022-04-101-0/+1
|
* add a few more packages for home/Franck Cuny2022-04-092-1/+7
|
* add pcmanfm and easyeffectsFranck Cuny2022-04-091-0/+1
|
* add a few more modules to home/ and delete stuffFranck Cuny2022-04-093-11/+28
|
* profiles: create a few new profilesFranck Cuny2022-04-085-1/+67
|
* create a profile for laptopFranck Cuny2022-04-052-0/+16
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 05:11:03 +0000