about summary refs log tree commit diff
path: root/machines
Commit message (Collapse)AuthorAgeFilesLines
* machines/shiki: move the notify-send invocation outProfpatsch2019-05-311-1/+7
|
* machines/shiki: give up, just add "docker" group to userProfpatsch2019-05-311-1/+1
|
* machines/haku: set up as VPN server with wireguardProfpatsch2019-05-311-5/+54
| | | | | | | | | | | | Generates a wireguard configuration based on https://nixos.wiki/wiki/Wireguard and sets up the iptables firewall in a way that only enables forwarding between `eth0` and the `wg` interfaces. The standard NixOS firewall configuration allows `FORWARD` between all interfaces, and `networking.nat.enable` enables the `ip_forward` rule in the kernel, meaning packages can suddenly hop interfaces without a firewall that `DROP`s forwards by default.
* machines/haku: open less ports in firewallProfpatsch2019-05-161-3/+2
|
* machines/profpatsch: move more stuff into base-workstationProfpatsch2019-05-162-4/+7
|
* machines/profpatsch: move stuff into base-workstationProfpatsch2019-05-162-73/+85
|
* machines/{eris,titan}: Remove cruft in xrdbdevhell2019-05-032-8/+0
| | | | | | | | I've had these packages in here disabled in case I'd ever have to get back to them. I've not had to for, what feels like, an eternity. Additionally to slimming the config down, removing them will also somewhat slim down closure size since Nix will build them anyway even though they're not actively used.
* machines/{eris,titan}: Fix 'light' inclusiondevhell2019-04-192-3/+4
| | | | | | The previous commit was wrong in that it was not the correct way to include the 'light' package. According to the manual, this is the correct way.
* machines/{eris,titan}: Add 'light' packagedevhell2019-04-192-2/+3
| | | | | | Since the 'modesetting' driver does not work with 'xbacklight' we have the choice of either 'light' or 'backlightctl'. For now we'll choose 'light' and see how it goes.
* machines/{eris,titan}: Switch to modesettingdevhell2019-04-192-2/+2
| | | | | The release notes for NixOS 19.03 state that the 'intel' driver has been superseded by the 'modesetting' driver.
* machines/titan: Enable glx and vsync for comptondevhell2019-04-031-0/+2
|
* machines/profpatsch: katara -> shiki (hostname)Profpatsch2019-03-251-3/+3
|
* machines/profpatsch: katara -> shiki (file rename)Profpatsch2019-03-252-1/+1
|
* machines/katara: miscProfpatsch2019-03-252-12/+15
|
* machines/katara: nix optionsProfpatsch2019-03-251-0/+4
|
* machines: Remove kzerzaaszlig2019-03-202-70/+0
| | | | | | | | This machine was used for controlling the LED lighting bars at Rockfabrik. I no longer work there and the machine has subsequently been replaced by something else, so I don't need kzerza anymore. Signed-off-by: aszlig <aszlig@nix.build>
* machines/katara: add tweag builderProfpatsch2019-03-031-0/+9
|
* machines/dnyarri: Stop bcache during sleep/scrubaszlig2019-02-091-1/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | I did have a major outage this week, because I was using bcache with writeback mode on a RAID10 backing storage. Fortunately, I was able to recover 99.9% of the data (only the most recent stuff wasn't recoverable), but I certainly don't want this to happen again in the future. While I did use bcache with hibernate and writeback, the interesting part is that the caching device went bonkers after a "normal" shutdown rather than a suspend/hibernate, with "normal" being "with a bunch of kernel warnings about zswap". Also, this happened around a btrfs scrub, so the inconsistency was all over the place. So first of all, I'm now going with writaround mode rather than writeback mode for the time being. Although it's slower than writeback, the chances that I need to do such a recovery again is close to 0% with writethrough and writearound because all writes are synchronous. Second, this very change makes sure that whenever the machine goes to sleep or a scrub is started, the caching is disabled and afterwards it's re-enabled. That way we shouldn't have lots of trash on the caching device. Signed-off-by: aszlig <aszlig@nix.build>
* machines/dnyarri: Enable btrfs auto-scrubaszlig2019-02-091-0/+2
| | | | | | | | I had this in my local configuration.nix since a while and while it might be annoying when this runs every month, I think it's better to do it regularily rather than having a dying disk go unnoticed. Signed-off-by: aszlig <aszlig@nix.build>
* Revert "machines/titan: Switch to iwd"devhell2019-01-031-1/+1
| | | | | | | This reverts commit 292099429d0bab51f0cb634c6bc5c9745c4c1383. Well, looks like iwd ist still not ready for primetime with my university's eduroam implementation.
* machines/profpatsch: disable sshd for workstationsProfpatsch2018-12-301-1/+1
|
* machines/haku: add wireguard kernel moduleProfpatsch2018-12-301-0/+3
|
* machines/haku: add Thomas’s ssh pubkey to vorstandProfpatsch2018-12-301-0/+1
|
* machines/titan: Switch to iwddevhell2018-12-271-1/+1
| | | | | | Now, it's not yet clear if iwd will work with my uni's eduroam service at all. Either way though, this is in preparation for the switch and test once I'm near an eduroam access point.
* machines/dnyarri: Remove vault deviceaszlig2018-12-241-14/+1
| | | | | | | | Since quite a while, NixOS re-uses the passphrases from earlier devices, so there is no need anymore for such a device in order to unlock multiple containers with the same passphrase. Signed-off-by: aszlig <aszlig@nix.build>
* machines/dnyarri: Use close instead of luksCloseaszlig2018-12-241-1/+1
| | | | | | | The "luksClose" subcommand for cryptsetup has been deprecated for a while, so let's move over to "close". Signed-off-by: aszlig <aszlig@nix.build>
* machines/dnyarri: Enable bcache kernel moduleaszlig2018-12-241-0/+5
| | | | | | | | | | | | | | | Since I got a new SSD for the machine (thanks @cvdnext), I also had the opportunity to re-create my LUKS containers to LUKS2 with Argon2 key derivation alongside creating bcache backing devices. The change in order to support bcache is just a matter of adding "bcache" to availableKernelModules and we're done. However, as the storage configuration is not a very common one, I decided to add a test specific to that to make sure future NixOS updates won't prevent the machine from booting. Signed-off-by: aszlig <aszlig@nix.build>
* machines/profpatsch: clean up configsProfpatsch2018-12-224-105/+25
| | | | Remove unused packages and commented out stuff.
* machines/profpatsch/base: add find* aliasesProfpatsch2018-12-221-1/+8
|
* machines/profpatsch/workstation: Accept the TruthProfpatsch2018-12-221-1/+1
|
* machines/profpatsch/workstation: disable fcitx for nowProfpatsch2018-12-221-4/+5
|
* machines/profpatsch/workstation: enable firewallProfpatsch2018-12-221-1/+7
|
* machines/katara: add aarch nixos community builderProfpatsch2018-12-221-0/+13
|
* machines/katara: disabled hyperthreadingProfpatsch2018-12-221-1/+1
|
* machines/katara: wireguard supportProfpatsch2018-12-221-0/+4
|
* machines/katara: Use "alot" from python3Packagesaszlig2018-12-141-1/+1
| | | | | | | | | Since alot version 0.8, Python 2.x is no longer supported and subsequently trying to use it from pythonPackages will result in an evaluation error. Signed-off-by: aszlig <aszlig@nix.build> Cc: @Profpatsch
* tishtushi: Remove mount for /nix/storeaszlig2018-12-121-10/+0
| | | | | | | | | | | | The internal SSD of the machine just died, so I reconstructed the Nix store on the spinning rust from the machine configuration and we're now left without the SSD. Maybe it makes sense to still use the SSD with bcache, depending on how failure-resilient it is, but for now, let's just remove it so we at least have a working system. Signed-off-by: aszlig <aszlig@nix.build>
* machines/devhell/{eris,titan}: Remove pkgsdevhell2018-12-092-24/+0
| | | | These packages are unnecessary currently.
* machines: deactivate schaf & fliewatuetsternenseemann2018-11-091-2/+0
| | | | both don't exist anymore
* machines/devhell: Remove powerManagementdevhell2018-11-031-5/+0
| | | | TLP is running, so this won't work.
* machines/{eris,titan}: Unify configsdevhell2018-11-032-16/+57
| | | | | | I've become increasingly aware that my configurations drift, and while this is still not amazing in terms of DRY and whatnot, it's all I can do for now.
* dnyarri: Drop override for podcastparseraszlig2018-10-251-17/+1
| | | | | | | | | | | The upstream version 0.6.4 was released 2 months ago and it recently hit nixpkgs[1], so we can finally drop the override as the new version now contains the fix[2] for the problem that affected me. [1]: https://github.com/NixOS/nixpkgs/commit/5e2590ba6fd352bc65b4cd7fd82 [2]: https://github.com/gpodder/podcastparser/pull/17 Signed-off-by: aszlig <aszlig@nix.build>
* machines/haku: serve lojbanistan.de faviconProfpatsch2018-10-201-1/+15
|
* machines/eris: Remove thunderbirddevhell2018-10-021-1/+0
| | | | Everything is on neomutt now so there is no need for thunderbird.
* machines/katara: add local unbound DNS resolverProfpatsch2018-09-211-0/+2
|
* machines/titan: Replace gutenprint/hplip with foo2zjsdevhell2018-08-161-1/+1
| | | | | | | I've set up a RPi to act as a print server, but the printers are configured as RAW, so the burden of having the correct drivers installed lies with the client, which is fine considering the current network setup.
* machines/brawndo: Add Firefox to systemPackagesaszlig2018-07-251-1/+2
| | | | | | | | User is likely to switch, so let's add Firefox alongside to Chromium and eventually remove Chromium at some day. Signed-off-by: aszlig <aszlig@nix.build> Cc: @dwenola
* machines/brawndo: Add Python 3 to system pathaszlig2018-07-221-1/+1
| | | | | Signed-off-by: aszlig <aszlig@nix.build> Cc: @dwenola
* machines/katara: fix execlineb wrapperProfpatsch2018-07-201-1/+1
|
* fix typoProfpatsch2018-07-201-1/+1
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 01:44:14 +0000