Commit graph

277 commits

Author SHA1 Message Date
Vincent Ambo
64894062a9 feat(ops/nixos/camden): Disable camden firewall
The local network is considered trusted and ingress from the outside
world is now handled by the Edgerouter.
2020-04-26 14:58:42 +01:00
Vincent Ambo
6644d0031d feat(fun/idual && nixos/camden): Add light alarm systemd units
Adds a systemd unit to run the idual light alarm using a transient
timer created by systemd-run.
2020-04-26 00:28:19 +01:00
Vincent Ambo
eac683f69c chore(ops/nixos/nugget): Remove camden from /etc/hosts
The new router can actually deal with this sensibly.
2020-04-25 21:46:27 +01:00
Vincent Ambo
8465a5435b fix(ops/nixos/camden): Introduce brute-force nginx issue fix
This adds a timer running every minute that fixes the nginx
permissions that were broken in NixOS 20.03
2020-04-22 12:04:05 +01:00
Vincent Ambo
a488bd3702 feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden 2020-04-21 22:56:37 +01:00
Vincent Ambo
2ca4287cf0 feat(ops/nixos/camden): Use my cachix cache on camden
This cache is populated by sourcehut builds.
2020-04-21 22:55:32 +01:00
Vincent Ambo
6a2beb5a6a feat(ops/nixos/camden): Add vhost for TVL homepage 2020-04-21 03:17:30 +01:00
Vincent Ambo
1229621d7b feat(ops/nixos/camden): Provision certificate for tvl.fyi 2020-04-21 03:05:03 +01:00
Vincent Ambo
d6f5ca7caf feat(ops/nixos/camden): Add static IPv6 address to camden 2020-04-20 17:06:19 +01:00
Vincent Ambo
0f0f1a547f feat(ops/nixos/camden): Configure honk service 2020-04-19 22:58:41 +00:00
Vincent Ambo
688175c1f7 feat(ops/nixos/camden): Install honk 2020-04-19 23:30:19 +01:00
Vincent Ambo
066d34b50e feat(ops/nixos/nugget): Add chromium with VAAPI patches
These patches enable hardware-accelerated video decoding, which is
useful for Stadia.

The main issue with this is that Hydra doesn't currently cache
Chromium with these patches, which means that it is built from scratch
which takes in the order of 5 hours on an otherwise unused nugget.
2020-04-17 12:43:25 +01:00
Vincent Ambo
b4bf0b37b0 chore(ops/nixos/nugget): Install steam again 2020-04-11 13:31:17 +01:00
Vincent Ambo
e90e3153f8 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in 2020-04-04 21:49:03 +01:00
Vincent Ambo
f43294cd90 chore(ops/nixos/camden): Use upstream tailscale module 2020-04-04 13:17:18 +01:00
Vincent Ambo
de81e087d4 chore(ops/nixos/nugget): Use upstream tailscale module 2020-04-04 13:16:39 +01:00
Vincent Ambo
0f3d11f541 chore(third_party): Remove Tailscale derivation
This is now part of nixpkgs itself.
2020-04-04 13:02:57 +01:00
Vincent Ambo
9caf09a244 feat(ops/nixos/camden): Enable RTMP support in nginx
This makes it possible to live-stream various things at rtmp://tazj.in/tvl
2020-04-04 01:39:37 +00:00
Vincent Ambo
c3de37f54d fix(ops/nixos/nugget): Point camden host at new internal IP
This changed due to the router replacement.
2020-04-04 02:36:20 +01:00
Vincent Ambo
a89d22eb75 chore(ops/nixos/nugget): Install ffmpeg (including libnpp support) 2020-04-04 02:36:20 +01:00
Vincent Ambo
d2d7385833 feat(ops/nixos/nugget): Add module for v4l2loopback support
This kernel module creates a fake video input device to which I can
stream various things, such as screen grabs or qyliss' video stream
for TVL.
2020-04-04 02:36:20 +01:00
Vincent Ambo
9b606e2c4e feat(ops/nixos/nugget): Install clang & friends system-wide 2020-04-04 02:36:20 +01:00
Vincent Ambo
576f190972 fix(ops/nixos/nugget): Ensure that 'nuggetEmacs' is used for EXWM 2020-03-12 23:49:39 +00:00
Vincent Ambo
080c3591ca chore(ops/nixos/nugget): Disable DHCP for Remarkable USB conn
This otherwise holds up the boot process if the device is not
connected, which is annoying.
2020-03-12 23:27:12 +00:00
Vincent Ambo
de362fd278 feat(ops/nixos/nugget): Install google-c-style in Emacs 2020-03-12 23:27:12 +00:00
Vincent Ambo
814729bd04 fix(ops/nixos/camden): Add required options for ACME updates
The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578
2020-03-01 01:11:28 +00:00
Vincent Ambo
1f5d2d424c chore(third_party): Remove guile 3.0 override
I don't actually use guile at all, this was just for experimentation.
2020-03-01 01:07:48 +00:00
Vincent Ambo
d38995385b chore(ops/nixos/nugget): Use DHCP for Remarkable USB connection 2020-03-01 00:50:16 +00:00
Vincent Ambo
68d1d87a9b fix(ops/nixos/camden): Add missing quote in nginx config 2020-02-21 16:12:48 +00:00
Vincent Ambo
25d8e7ce25 feat(ops/nixos/camden): Modify nginx log format
This log format contains more structured and correctly typed
information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 16:10:08 +00:00
Vincent Ambo
1e51a2135d fix(ops/nixos/camden): Configure nginx to not log hostnames
Hostname prefixes break JSON serialisation, leading to useless
Stackdriver Logging entries.
2020-02-21 16:01:54 +00:00
Vincent Ambo
703aebe6a9 feat(ops/nixos/camden): Install jq 2020-02-21 15:43:07 +00:00
Vincent Ambo
6e4df43f62 feat(ops/nixos/camden): Forward logs to Stackdriver Logging
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.

The service account key for camden has been placed on the machine
manually.
2020-02-21 15:35:51 +00:00
Vincent Ambo
7290a18cb1 chore(ops/nixos/nugget): Remove input-fonts package
My default font is now Jetbrains Mono everywhere.
2020-02-21 13:54:53 +00:00
Vincent Ambo
4bbbb58cb5 chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
Vincent Ambo
0e54b3eb6a Merge branch 'fix/camden-trusted-users' 2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7 fix(ops/nixos/camden): Add myself to trusted Nix users 2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b fix(ops/nixos/camden): Use pounce from //third_party 2020-02-17 00:52:07 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
1d7b1334fd feat(ops/nixos/nugget): Install i3lock 2020-02-08 13:32:25 +00:00
Vincent Ambo
ba20ee65f6 feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools 2020-02-07 12:14:37 +00:00
Vincent Ambo
76f7ace273 feat(ops/nixos/nugget): Enable U2F hardware support 2020-02-04 23:41:52 +00:00
Vincent Ambo
264a55e2e0 feat(ops/nixos/nugget): Install unzip 2020-01-25 20:39:54 +00:00
Vincent Ambo
e50c669310 feat(ops/nixos/nugget): Enable Keybase "service" 2020-01-20 22:31:29 +00:00
Vincent Ambo
1f68644dc9 feat(third_party/guile): Override guile to version 3.0.0
Lets try this thing out!
2020-01-19 19:34:39 +00:00
Vincent Ambo
0a3613996f feat(ops/nixos/nugget): Install miller 2020-01-19 18:56:44 +00:00
Vincent Ambo
7b011de1b8 chore(ops/nixos/nugget): Aimlessly tweak font configuration
These settings seem to be very mildly better than what I had before,
but I'm not entirely sure.
2020-01-19 16:38:32 +00:00
Vincent Ambo
89b0a43786 feat(ops/nixos/nugget): Connect to wifi & install Google Chrome
This adds configuration which, sometimes, when the stars align just
right, makes it possible to cast to the Chromecast from nugget.
2020-01-19 01:44:40 +00:00
Vincent Ambo
a52c0c4198 feat(nixos/nugget): Install cachix binary 2020-01-18 11:29:18 +00:00
Vincent Ambo
31f66491a9 feat(ops/nixos/nugget): Install SBCL in system packages 2020-01-07 22:26:01 +00:00
Vincent Ambo
d66c7a8942 feat(ops/nixos/nugget): Install msmtp & lieer timers 2020-01-05 16:59:52 +00:00
Vincent Ambo
e5608cf079 chore(ops/nixos/nugget): Install various needed packages 2020-01-05 16:59:52 +00:00
Vincent Ambo
85ee07457c feat(ops/nixos): Add 'rebuilder' helper script
This script rebuilds & activates system configuration based on the
hostname.

Currently since there is only one host this isn't particularly
interesting.
2020-01-04 22:50:34 +00:00
Vincent Ambo
63dc41bcf3 feat(ops/nixos): Check in updated system configuration for 'nugget'
This is the rebrand of the desktop machine, now running a config
straight out of the depot.
2020-01-04 22:50:34 +00:00
Vincent Ambo
496648f237 chore(ops/nixos): Remove deprecated NixOS config files 2020-01-04 22:50:34 +00:00
Vincent Ambo
1d687c5303 chore(ops/nixos): Move NixOS configuration one level up 2020-01-04 22:50:19 +00:00