3b79f3e256
hosts/ni: prepend preferred timeservers
2023-10-28 12:23:24 +08:00
142c2ef378
hosts/bootstrap: set system version and disable cache splitting
...
The user modules are apparently not compatible with the default way of
building the documentation so we'll have to. This should fix being able
to unable to be built due to the missing files which most likely came
from the cache.
2023-10-19 00:12:55 +08:00
e6c4a20b83
hosts/plover: update miscellaneous parts of the services
2023-10-17 18:32:23 +08:00
23e32b45ac
hosts/plover: add Bind to be managed by nginx
2023-10-14 14:06:43 +08:00
1775a0febc
hosts/plover: update Bind systemd service config
2023-10-14 14:05:14 +08:00
680ec43428
hosts/plover: fix Vouch proxy settings
2023-10-14 14:04:38 +08:00
3e8987d26e
hosts/plover: update Wezterm mux server config with nginx
2023-10-14 14:04:27 +08:00
0b253e0553
hosts/plover: update Vouch proxy settings and secrets permissions
2023-10-14 11:26:33 +08:00
ac134281f8
hosts/plover: add back the custom Gitea logos
2023-10-14 11:25:26 +08:00
1ad6e7e8c5
hosts/plover: fix Grafana provider strings in settings
2023-10-14 11:14:44 +08:00
107241f553
hosts/plover: fix duplicate nginx shared memory zone
2023-10-14 11:14:09 +08:00
9527896251
hosts/plover: update Grafana and PostgreSQL integration
2023-10-14 11:01:57 +08:00
7430d992f2
hosts/plover: fix nginx code for Grafana server
2023-10-13 16:55:39 +08:00
2632b75bf2
hosts/plover: properly add nginx upstreams
...
Even though this is unlikely to be scaled further, we're just being good
sysadmins (or at least roleplaying as one).
2023-10-13 16:48:02 +08:00
025a3b5db4
hosts/plover: update secrets
2023-10-13 14:24:23 +08:00
4587a4165f
config: migrate from Terraform CLI to OpenTofu CLI
2023-10-13 14:24:10 +08:00
90210fde9c
hosts/plover: add Grafana secrets
2023-10-11 23:17:45 +08:00
8fbdc73478
hosts/plover: update Grafana settings
2023-10-11 13:06:41 +08:00
3ee04bb812
chore: reformat codebase
2023-10-09 20:48:01 +08:00
2dbb3ed68c
services/vouch-proxy: restructure for multiple instances
...
This resolves some cases where the admin does not have all of their
users within the protected domain and some in others.
2023-10-09 20:43:13 +08:00
4c6a19b3a7
hosts/plover: add secrets for Vouch proxy
2023-10-09 20:26:33 +08:00
46e38d0c96
hosts/plover: update Vouch proxy config
2023-10-09 20:26:11 +08:00
2397656b7f
hosts/bootstrap: downgrade Linux kernel to 6.1
...
This is mainly to support zfs which is a likely future for me once I got
my hands on a mini-PC server.
2023-10-09 22:30:25 +08:00
cd93122b07
hosts/plover: enable Kanidm LDAP server
2023-10-09 22:09:33 +08:00
2af2326b16
hosts/plover: update Grafana nginx and secrets config
2023-10-09 22:09:15 +08:00
0830ff0458
hosts/plover: update foodogsquared.one DNS zone
2023-10-08 14:40:57 +08:00
a6fcc6eec6
hosts/plover: update Wezterm mux server config
...
It's not fully working but we'll get there.
2023-10-08 03:29:06 +08:00
97916aaa05
hosts/plover: init Prometheus monitoring daemon
2023-10-08 03:28:35 +08:00
6ec18948b5
hosts/plover: init Vouch proxy server
2023-10-08 03:28:14 +08:00
0eadf55fd5
hosts/plover: init Grafana server
2023-10-08 03:27:47 +08:00
f489c50aa9
hosts/plover: refactor Gitea config
2023-10-08 03:26:53 +08:00
c35b72352e
hosts/plover: update Bind config generation
2023-10-08 03:26:07 +08:00
fc5eb2b0e2
hosts/plover: update Wezterm mux server config
2023-10-05 12:27:59 +08:00
61f8457584
hosts/plover: update nginx configuration
2023-10-04 15:53:43 +08:00
ccb05b35ae
hosts/plover: remove unused bindings
2023-10-04 13:29:29 +08:00
24b70bf04a
hosts/plover: change backup schedule to daily
2023-10-04 13:28:43 +08:00
5f5dc2a14e
hosts/plover: add kTLS for various services
2023-10-03 15:52:42 +08:00
4c71c61768
hosts/plover: add nginx content caching for select services
2023-10-03 15:50:46 +08:00
c410ece05a
treewide: remove options attribute for modules
2023-10-02 14:26:11 +08:00
d7cc9f412c
hosts/ni: remove Firefox and thermald
2023-09-30 14:02:40 +08:00
56c0e245ca
hosts/plover: remove Portunus as LDAP server
...
It is also replaced with Kanidm (though read-only from its user store).
2023-09-28 18:48:17 +08:00
3d9351a99b
hosts/plover: delete Keycloak service entirely
...
It is now completely replaced with Kanidm.
2023-09-28 18:46:31 +08:00
8e91973c70
config: add comments
2023-09-28 18:33:00 +08:00
013f751ea4
hosts/plover: update DNS zone
2023-09-28 18:32:31 +08:00
862fd5a07a
hosts/plover: replace Keycloak with Kanidm as SSO application
2023-09-28 18:29:09 +08:00
bdeccc3c08
hosts/ni: add Blender configuration
2023-09-27 14:22:39 +08:00
d03fc4637d
hosts/ni: update nixpkgs configuration
2023-09-24 19:20:05 +08:00
4adc573fcf
hosts/plover: fix string interpolation for integer
2023-09-21 21:26:13 +08:00
b31cc58adc
hosts/plover: refactor bindings
2023-09-21 12:53:18 +08:00
c3ff202b84
hosts/plover: fix credentials permission for Bind service
2023-09-21 12:52:53 +08:00
7368027cdb
hosts/plover: add DH parameters for nginx
2023-09-21 11:37:09 +08:00
0eb19acc40
hosts/plover: enable DNS-over-HTTPS for Bind server
2023-09-21 11:36:43 +08:00
eed4160b85
hosts/plover: reduce service capability
2023-09-20 11:04:45 +08:00
fbce914870
hosts/plover: cleanup Bind configuration
2023-09-19 23:45:30 +08:00
05895e11fa
hosts/plover: consolidate Bind config into configFile
2023-09-19 23:45:08 +08:00
84f27bece9
hosts/ni: update and reformat config
2023-09-17 13:58:59 +08:00
cef3b32df8
hosts/ni: remove Pop launcher configuration
...
Don't really use these anymore for a long time. It's only there for
testing the custom Pop launcher NixOS module.
2023-09-17 13:58:07 +08:00
448576577f
hosts/ni: enable Steam Remote Play
2023-09-17 13:57:44 +08:00
ea4ec0d71d
hosts/ni: remove auto-upgrade
...
It is more conflicting in the past few weeks than helpful plus the NixOS
configuration in the remote repo is having its flake update automated so
it is more unnecessary now than ever.
2023-09-17 13:55:00 +08:00
c6a5f32882
hosts/ni: enable browser NixOS profiles
2023-09-17 13:54:45 +08:00
6a1178f969
config: add comments
2023-09-11 10:14:39 +08:00
7dacbe6963
chore: reformat codebase
2023-08-31 09:59:56 +08:00
1a74104845
hosts/plover: update Gitea files
2023-08-03 19:39:19 +08:00
3fc2d6dbc3
hosts: update system state version to 23.11
2023-08-03 13:29:00 +08:00
101f3771a1
hosts/plover: update Wezterm mux server configuration
2023-07-28 08:53:32 +08:00
eef1ff0b32
hosts/plover: update Bind service settings
2023-07-27 22:20:50 +08:00
0ae9b2033e
hosts/plover: update Gitea tmpfiles configuration
2023-07-27 13:36:19 +08:00
187b32e7bb
hosts/plover: update Wezterm mux server config
...
This should also fix the ACME certificate self-signed permissions error
since there is no `wezterm` group (or user). We're just using systemd's
dynamic user feature in our service.
2023-07-27 13:36:05 +08:00
92bb5b916c
hosts/plover: update foodogsquared.one DNS zone
2023-07-27 11:14:32 +08:00
760e1a3233
hosts/plover: fix Keycloak pre-start script
2023-07-27 10:25:32 +08:00
9c2e3ee1bf
hosts/plover: fix Bind9 pre-start script
2023-07-27 10:25:06 +08:00
9a47f44c4e
hosts/ni: add filesystem setup
2023-07-24 15:24:49 +08:00
87de61fba8
hosts/plover: add Keybase verification key
2023-07-22 10:39:23 +08:00
a2ab1f09a8
hosts/plover: fix Vaultwarden hardened service
2023-07-20 10:42:43 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
...
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
bc3d03ce9e
hosts/graphical-installer: reduce the config with the nixos-generators NixOS module
2023-07-16 18:17:35 +08:00
7a1bf68a34
hosts/bootstrap: reduce the config with nixos-generators NixOS module
2023-07-16 18:17:05 +08:00
2cc6d2bcb6
hosts/graphical-installer: update config
...
It should result in an overall smaller closure size.
2023-07-14 19:59:39 +08:00
5a57c1886b
hosts/bootstrap: update config
...
A little update which should result in a smaller closure size.
2023-07-14 19:59:21 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service
2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
66317b18bc
hosts/bootstrap: explicitly configure SSH daemon
2023-07-05 16:39:58 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
5fbd39adfc
hosts/ni: modularize Wireguard
...
I also added a conditional configuration for systemd-networkd and a
condition for the default which should be enabled when NetworkManager is
enabled. Ideally this should be the default when systemd-networkd is not
enabled but since they are the only network manager, we'll let it slide.
2023-07-05 11:40:40 +08:00
ba3af47cb5
hosts/ni: create system-wide nixpkgs config
2023-07-05 11:39:44 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
6bd59ccfd4
docs: update notes on Plover
2023-07-02 20:21:49 +08:00
c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
da24dd1214
hosts/ni: add fstrim service
2023-07-02 19:24:56 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
35ef89a312
hosts/plover: update Borg SSH key
2023-06-30 22:31:14 +08:00
f799b6dc1e
hosts/ni: remove doas
...
I'll just learn more about how to configure sudo properly then.
2023-06-30 14:30:59 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
9af237e242
hosts/ni: add disko device config
2023-06-30 13:38:22 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
