This runs a headscale server on sanduny which lets users join their
machines to the TVL tailscale network.
This would theoretically let people communicate with each other on the
internal network, but also more notably joined servers can advertise
exit node capability so that we can have our own "VPN network", for
starters with endpoints in Germany, UK and Russia (whitby, sanduny and
koptevo respectively).
This setup isn't fully stable yet, notably:
* The IP range used by tailscale is just the default one right now,
I'm not sure if that should be changed or what.
* The system is stateful (on sanduny), but the state is not (yet)
backed up anywhere. Use with caution.
* Machine joining is a manual process requiring SSH & root access to
sanduny.
The process is to log in to sanduny, then get a headscale shell with
`sudo -u headscale bash`, and to use the `headscale` CLI within
there to administrate access.
I've opted to create a user account `tvl` for TVL-owned machines,
and a personal account for myself and my machines.
Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
This machine is now being decomissioned.
Change-Id: Ib7f016c7de84dab2cdf3c071445cf830d2eccf5f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8838
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
The main instance is still running on polyanka, but things are moving
in this direction.
Change-Id: Idfa9e508023c05148003ac4621ae01dceb284c66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8827
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is the "new polyanka" (eventually), as I'm decommissioning that
host slowly.
Change-Id: Ia0fe664f3bf64513d8177434c6c0fface857cd99
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8783
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
* //ops/modules/depot-inbox: Adapt to upstream option type declaration.
See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076.
* //ops/machines/sanduny, //users/tazjin/polyanka:
Remove boot.loader.grub.version options (no longer has any effect).
* //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk
* //3p/overlays: update tdlib to match emacs-overlay
* //3p/overlays: give EXWM from depot a separate name
* //users/grfn/system/home: disable Slack support in ntfy
Change-Id: I03bde088bc70e05b23925f244899807210cb7b20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Tailscale just works better out of the box than Zerotier, and its
clients aren't unfree.
Change-Id: Ie35ef1adde0edbe923992b02e6b636269a96a81e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8482
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
* Satisfy new assert that the corresponding shell needs to be enabled
via programs.* if it is as the login shell of at least one user.
* //users/tazjin: “Address” removal of hardware.video.hidpi option.
* //3p/gerrit: update fetch sha256
Change-Id: Id0988a0ea7f393d6b7848a7104fc3526ee1177f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8407
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
One normal chromium is enough. google-chrome is not needed because
Chromecasts usually don't work anymore anyways.
Change-Id: I48bed05c56bd6f450be393cf727930eaad5cd6b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8231
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
This seems to have been turned on in ~November/December 2022, and is
wreaking havoc on my system usability as it keeps killing my X session
as soon as any kind of load happens on the system.
This can be as little as accidentally playing two YouTube videos (as
each YouTube tab can take 3-5GiB of RAM), or trying to process a
dataset locally.
I'm not sure if this is the culprit, but it sure seems like it.
Change-Id: Id742b4506262cc362c9fd3f2575aea23e5c092a7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7858
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
This is currently hosted by the company, and I'm assigning my
copyright to the company, which also runs an ad placement on the page.
Note that the NixOS module for hosting it has not been moved yet.
Change-Id: Iba9e1cab9370faa79e43c3344fbfbbbabead50b3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7857
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Quassel sometimes thinks it's a reasonable thing to do to start
firefox instead of my default browser. Why? I've got no clue.
But since I don't use Firefox anyways unless there's a special
situation going on, lets just delete it.
Change-Id: Ib7ad4cc53c44ac47f3a0c3922600c3915f90219c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7646
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
I don't currently need these for any client work but they're constant
battery drains.
Change-Id: Id45d4dacfd59cb3d18d79311fa29450d14a33e6e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7454
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
it annoys me and I've been turning it off manually, which is also annoying
Change-Id: Ia3b79d11068757c0bb9ee5543a376effb98506df
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7441
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
It's impossible to log into many public wifi networks otherwise when
the login depends on DNS hijacking.
Change-Id: I09f8b504810eebeb788997d2100a6db4777a8725
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7307
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
The DNS server on the network of this boat refuses to deliver *any*
results to my laptop, only to my phone, so I had to do some trickery
to figure out the address of the WiFi login portal.
Change-Id: I7934c570be79d6191feb999e6860428623cfd88f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7168
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
otherwise the files end up clashing with each other, causing annoying
errors on activation
Change-Id: Iaa4df8c50aa183f4a12749c66ee1b7a746d785da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5949
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
this has weird side effects on the AMD thinkpad (of course), but since
that is stationary in my office anyways the power-saving stuff doesn't
matter so much there.
Change-Id: Ie43e3a86b2da885c25eb5c3eb36683adb14edd1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5948
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
otherwise passing through USB devices is not possible
Change-Id: I3ab52aaae2567f39e483717b74023316fc3d033a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5941
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
sometimes I need a GUI mail client for stuff
Change-Id: I956e804b7167571e535556ad02a50637621b01bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5923
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
It only sometimes works and that's not enough times.
Change-Id: I11c1bc6e5c2eec4706bd935352188ffa83057c8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5869
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Maybe this will lead to me being able to log in to this machine again
eventually.
Change-Id: I348d6ea3b8d4cc6b8083766669ba1371b3d1216b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5866
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
I still have the issue where after reboots I can't log in to my
machines without going through a horrible dance with booting a NixOS
installer and so on.
I suspect this has somethign to do with this initial hashed password
set here, but I was unable to verify what password I've actually set
up there, so I'm resetting it to a known string to verify my theory.
Change-Id: Ic9d495255ca48110920cf2df371946ac146dcd72
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5865
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
