fa61c1523b
boot: Enable resolved/DNS-over-TLS
2025-06-25 01:14:54 +01:00
45831f553b
ssh: Read host keys from data file; rename from openssh
2025-06-09 18:02:02 +01:00
dbb7af7846
tailscale: Supply SSH known_hosts
2025-06-09 16:45:38 +01:00
909f820af5
tailscale, headscale: Use internal DNS
2025-06-09 16:22:48 +01:00
55c622408b
qenya/plasma: Move into kilgharrah's host config
2025-05-29 09:44:51 +01:00
a630607350
treewide: Update deprecated options for NixOS 25.05
2025-05-28 15:50:52 +01:00
d2ec22d8fb
nix: Remove redundant manual $NIX_PATH value
2025-05-22 15:16:15 +01:00
b64d34e9c4
tailscale: Autoconect to headscale on boot
2025-05-22 01:42:42 +01:00
a98fd9ba83
tailscale, headscale: init
2025-05-21 19:28:07 +01:00
b35fefbf98
kalessin: Add randomcat to wheel
2025-05-21 19:27:41 +01:00
c22c1e3768
steam: Open ports for game sideloading on LAN
2025-04-28 13:06:33 +01:00
1216b34206
steam: Run with PipeWire support by default
2025-04-28 13:06:20 +01:00
9c39440238
nix: Remove insecure package exception for electron 31
...
Feishin has updated: https://github.com/jeffvli/feishin/issues/879
2025-04-27 13:30:37 +01:00
dc7fdfb7ea
gpg: init
2025-03-19 17:17:51 +00:00
d8e85815bd
users: custom property to define users with root
2025-03-17 02:57:15 +00:00
2d42894fa7
nix: add @wheel to trusted-users everywhere
2025-02-04 17:20:19 +00:00
19561f0e69
nix: permit "insecure" electron-31
2025-01-21 19:55:15 +00:00
eb557507d0
misc: garbage-collect nixos profiles older than 30 days
2025-01-05 14:27:55 +00:00
6a47840cd7
packages: rename from environment, install smartmontools
2025-01-04 19:26:36 +00:00
6168cd0f30
nginx, yevaud/birdsong-dns: use monitoring email
...
Closes #1
2024-12-27 14:09:14 +00:00
39edcc3801
qenya/firefox: get firefox addons direct from rycee instead of NUR
2024-12-27 13:51:25 +00:00
345bf13b0d
treewide: snapshot important datasets with sanoid
2024-12-24 17:47:34 +00:00
efa2ce3940
nix: use same nixpkgs flake for imperative commands as for build
2024-12-04 14:34:01 +00:00
98b43911f0
users: add gaelan
2024-11-25 18:56:00 +00:00
c573da7c34
misc: tone down aggression on nix garbage collector
2024-11-24 15:36:30 +00:00
d69e1dcc16
users: enable users per-host
2024-11-14 13:42:36 +00:00
9b63a5e56f
audiobookshelf: fix websockets and CSP
2024-11-09 01:05:55 +00:00
9cfe6e2c4c
treewide: migrate networking to systemd-networkd
2024-11-05 18:31:39 +00:00
ee33352462
base-graphical: enable avahi for printer autodiscovery
2024-11-03 09:48:48 +00:00
84fb7727da
qenya/packages: rename from cli, include common graphical packages
2024-10-08 10:46:05 +01:00
5c7d371ea5
misc: init with fstrim and nix store optimisation
2024-10-07 21:29:25 +01:00
5e1cfc3997
boot: fix attempt to install memtest86+ on non-x86 hardware
2024-10-01 19:30:21 +01:00
cd84be16be
treewide: refactor bootloader config to common file
2024-10-01 19:20:34 +01:00
56bdf36abd
keys: add kalessin, shaw; update trungle
2024-09-28 07:42:07 +01:00
7ce034f2d0
flake.nix: only expose self to nixos modules, not all inputs
2024-09-26 12:36:09 +01:00
59bbcc165e
nginx: expand default CSP
...
this is required to run wasm and web workers
2024-09-26 12:15:49 +01:00
8d2d55e4c4
openssh: disable fail2ban
...
We've always had password authentication disabled, so it's not really
doing much except periodically locking us out of our own servers when we
misconfigure something
2024-09-24 18:41:17 +01:00
3195af88ef
nginx: improve hardening, tweak headers
...
Still not quite where I want it to be but it's better
2024-09-24 05:31:17 +01:00
26900a5973
steam: lightly refactor
2024-09-24 05:29:21 +01:00
58109130e6
base-graphical/desktop: refactor
2024-09-19 23:23:46 +01:00
8cbfb51930
move deployment config
2024-09-19 23:06:08 +01:00
e713fe3b2c
nix, home-manager: move common config out of flake.nix
2024-09-18 19:38:20 +01:00
9f6d0fbaf8
treewide: move all deployment keys to flake.nix
2024-09-18 03:06:48 +01:00
a6359fdd36
export home-manager config from homeManagerModules
2024-09-17 18:40:15 +01:00
4a9e6b5f3c
move tooling to dev environment
2024-09-12 13:35:35 +01:00
a0a94b86ff
home-manager: rearrange config
2024-09-12 12:56:30 +01:00
b18e50fd4a
add plasma-manager for plasma config
2024-09-12 11:42:31 +01:00
c5261caa21
base-graphical: include settings for fonts, libinput, printing
2024-09-11 15:06:41 +01:00
9e638c009f
base-graphical: add desktop manager config
2024-09-11 06:36:21 +01:00
aeab801602
base-graphical: init with pipewire config
2024-09-11 05:43:35 +01:00
