9af157b294
moby: enable the client role
2023-01-20 11:37:43 +00:00
c36fed8547
Revert "flake update: nixpkgs-stable: 2023-01-15 -> 2023-01-17"
...
This reverts commit 35e28041cdhttps://github.com/NixOS/nixpkgs/issues/211758 >
2023-01-20 11:31:19 +00:00
a653311f04
wg-home: enable dynamicEndpointRefreshSeconds to be robust against intermittent failure
2023-01-20 10:34:30 +00:00
f4d6ecb1cf
wg-home: use the DNS endpoint for connecting to my home VPN
2023-01-20 10:34:04 +00:00
c2e5a0a2fc
wg-home: when acting as client, allow server to relay all other clients' messages
2023-01-20 10:20:33 +00:00
c316e51344
desko: enable wg-home
2023-01-20 07:59:11 +00:00
f4f0c1bdd6
servo: fix broken config/typo
2023-01-20 07:45:54 +00:00
6a2374e046
wg-home: unify server and client config
2023-01-20 07:42:31 +00:00
708cb841fe
wg-home: auto-generate peer list from hosts.nix config
2023-01-20 07:22:34 +00:00
094b7223c7
servo: wireguard secret is auto-generated
2023-01-20 07:11:37 +00:00
f6dfc9cf29
hosts: migrate IP addresses into hosts/modules
2023-01-20 07:07:45 +00:00
7c2ab92302
wg-home: derive wireguard key from ssh privkey
2023-01-20 06:57:49 +00:00
7c18d77046
wg-home: make wireguard pubkeys configurable; we'll want one per host
2023-01-20 06:09:57 +00:00
02f316f7f8
tweak wg-home to where i can get a p2p connection between lappy and servo
2023-01-20 05:38:14 +00:00
df848b3262
wg-home: use separate host key than client key
2023-01-20 05:10:51 +00:00
a3a7b6c563
hosts: split wifi and bluetooth pairings into the "client" role
2023-01-20 04:25:08 +00:00
038a9034d7
hosts: remove the is-target attribute and opt into roles via the config system instead
2023-01-20 00:13:13 +00:00
5a232eb832
servo: fix secrets path
2023-01-19 23:57:40 +00:00
9301b95dbb
wg-home: move to shared module so that host and client config can be adjacent
2023-01-19 23:55:56 +00:00
d13bcc49ab
refactor hosts directory, and move ssh keys out of modules/data
...
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).
also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
2023-01-19 23:23:43 +00:00
35e28041cd
flake update: nixpkgs-stable: 2023-01-15 -> 2023-01-17
...
```
• Updated input 'nixpkgs-stable':
'github:nixos/nixpkgs/2f9fd351ec37f5d479556cd48be4ca340da59b8f' (2023-01-15)
→ 'github:nixos/nixpkgs/b83e7f5a04a3acc8e92228b0c4bae68933d504eb' (2023-01-17)
```
2023-01-19 10:52:15 +00:00
58a5a8b56d
wg_home_privkey: move secret to common file
2023-01-19 09:47:44 +00:00
e6d4ff3c6a
experimental wg-home VPN shared across my devices
2023-01-19 09:45:03 +00:00
be29ad8bd8
servo: rename wg0 interface -> wg-ovpns
2023-01-19 09:35:07 +00:00
0fb8e2c867
persist ~/.cache/nix-index
2023-01-19 04:03:23 +00:00
580c1b74cb
pkgs: bootpart-tow-boot-rpi-aarch64: fix build
2023-01-19 03:57:32 +00:00
f8595f1ed6
splatmoji: account for source paths sometimes having duplicate slashes
2023-01-18 11:53:14 +00:00
1deda148bb
splatmoji: use upstream build.sh to build the package
2023-01-18 11:24:40 +00:00
5bbef18130
packages: remove mesa-demos
2023-01-18 09:16:48 +00:00
6967c331e2
matrix: fix synapse/signal permissions
2023-01-18 01:50:28 +00:00
9202345beb
Merge branch 'staging/nixpkgs-2023-01-15'
2023-01-18 00:56:07 +00:00
17a8cabc09
remove trust-dns: it's been upstreamed
2023-01-17 11:22:10 +00:00
bc190f90bd
flake update: nixpkgs 2023-01-13 -> 2023-01-15
...
```
• Updated input 'nixpkgs-stable':
'github:nixos/nixpkgs/a83ed85c14fcf242653df6f4b0974b7e1c73c6c6' (2023-01-14)
→ 'github:nixos/nixpkgs/2f9fd351ec37f5d479556cd48be4ca340da59b8f' (2023-01-15)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/befc83905c965adfd33e5cae49acb0351f6e0404' (2023-01-13)
→ 'github:nixos/nixpkgs/6dccdc458512abce8d19f74195bb20fdb067df50' (2023-01-15)
```
2023-01-17 10:50:00 +00:00
bb983a5328
servo: ship with signaldctl
2023-01-17 10:31:21 +00:00
0e8fc29b01
use signaldctl via nixpkgs patch which i hope to upstream later
2023-01-17 10:28:43 +00:00
4e14f063fc
Merge branch 'wip/signal'
2023-01-17 10:14:53 +00:00
10d69fb0a4
mautrix-signal: configure correct permissions so that i can use the bridge
2023-01-17 07:57:24 +00:00
7aac965e32
bootpart-tow-boot-rpi-aarch64: fix syntax error
2023-01-16 12:14:22 +00:00
98ae1a8513
matrix: persist the mautrix-signal directory
2023-01-16 11:58:21 +00:00
72a2ab78f3
matrix: allow mautrix-signal to communicate with signald
2023-01-16 11:54:32 +00:00
18c98feb34
fs: fix /var/lib/private to have expected mode (0700)
2023-01-16 11:44:07 +00:00
487af9b492
fs: fix /var/lib/private to have expected mode (0700)
2023-01-16 11:43:43 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
9eafacad12
mautrix-signal: get a *little* closer to working
...
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from
its config file -- which we place in the nix store. as such, we have no
easy way of getting the token from registration.yaml over to
mautrix-signal. this is presumably what the environmentFile stuff is
meant for, but it doesn't *really* help much.
i think it makes sense to pursue coffeetables' nix-matrix-appservices
module, which has good-looking AS_TOKEN support:
<https://gitlab.com/coffeetables/nix-matrix-appservices >
2023-01-16 10:22:44 +00:00
0eb46a3179
add mautrix-signal (experimental)
2023-01-16 09:03:56 +00:00
ddb184b5ff
(nixos) mx-puppet-discord: move to matrix category
2023-01-16 07:31:12 +00:00
194a6b6cf4
nixpatches: remove unused fakeHash input (just omit the hash when you need to)
2023-01-16 06:47:44 +00:00
016384aa2b
nixpatches: move the list to the nixpatches flake instead of injecting it
2023-01-16 06:46:59 +00:00
b4e19c037e
ejabberd: TODO: fix acme/nginx group membership
2023-01-16 05:59:52 +00:00
bd504f6c83
pin nheko package
2023-01-15 07:52:21 +00:00
