colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
1,681 Commits 125 Branches 1 Tag 12 MiB
wip/packages
Commit Graph

1681 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
colin
0557a2b700 document how to use the lappy-gpt target 2022-05-22 01:23:54 -07:00
colin
1e4c648e90 lappy: add btrfs-progs 
somehow this already exists on my system, but not on a fresh build.
suspicious.
 2022-05-22 00:04:30 -07:00
colin
b36983c348 boot: add explicit support for btrfs on boot 
nix calculates this dynamically, looking at the fileSystem declarations.
this would fail if one converts a file system after generating the
image. so let's be explicit in what we want to support.
 2022-05-22 00:01:56 -07:00
colin
ea75c315bd enable microcode updates for intel (desktop) 2022-05-21 23:31:38 -07:00
colin
06b23e92f9 lappy-gpt: inline nixos-generate logic for better boot consistency 
this image boots!
 2022-05-21 22:00:38 -07:00
colin
bd3bf6d108 add a #lappy-gpt target which builds a flat, flashable image. 
the root part is ext4 instead of btrfs. nixos-generators doesn't support
btrfs. the underlying machinery does though, so we can remove the
middleman in a future patch to achieve that.
 2022-05-21 18:05:32 -07:00
colin
fc3b40d434 factor out a decl-machine helper 2022-05-21 00:40:56 -07:00
colin
f5d313c0ea factor out the uninsane machine a bit better 2022-05-21 00:30:29 -07:00
colin
298e7bc8ec lift pkg patching out of the toplevel machine definitions 2022-05-21 00:23:29 -07:00
colin
e252f8623c lappy: lift the x86_64-linux wrangling out of the modules 2022-05-21 00:18:17 -07:00
colin
b31972444e lappy: move more stuff to the toplevel lappy/default.nix 2022-05-21 00:15:33 -07:00
colin
13b957dbfa document some mobile-pkgs commits 2022-05-20 23:53:44 -07:00
colin
0877570947 add (experimental) pinephone/pda target 
this requires cross compilation (particularly of the kernel), which is a bit too slow on this machine
to test since it uses qemu.

i can maybe switch to an older nixpkgs for the pda build which has the
kernel cached... or migrate my desktop to nixos and build the pinephone
image there :-)
 2022-05-20 21:18:04 -07:00
colin
0457ae40fe migrate my nixos laptop to this flake 2022-05-20 21:14:19 -07:00
Colin
e0f710b8a3 update readme to explain how to handle secrets with git 2022-05-21 02:08:49 +00:00
Colin
55b3b6ad46 port to a flake 
built and switched. will try reboot.
 2022-05-21 01:59:51 +00:00
Colin
8ec94691fa experimental flake support 2022-05-21 00:07:49 +00:00
Colin
9889ee0937 users: add vulnix package for vulnerability scanning 2022-05-18 22:10:01 +00:00
Colin
e1b388f2c5 enable daily postgresql backups 2022-05-18 10:42:47 +00:00
Colin
e68ca3d600 toy around with explicitly spinning down the hard drive during shutdown 
abandon the concept. it requires a systemd rebuild, and therefore
almost all of userspace. not worth it yet. maybe buy a powered hub.
 2022-05-18 10:40:28 +00:00
Colin
32e00dac9d postgres: document some useful admin commands 1980-01-01 00:54:42 +00:00
Colin
72c2aed6d9 enable swap 1980-01-01 00:53:55 +00:00
Colin
f8a8ae8999 switch to pi-specific 5.10 kernel 
this includes the pi-400 dtb, so no more manual patching.

might be worth removing the explicit kernel modules packaged into the initrd (if possible?)
 2022-05-17 21:19:54 +00:00
Colin
b74b590b6e configuration: document the nix eval command. 2022-05-17 09:29:56 +00:00
Colin
6a8e49b00c uboot: decrease loglevel from 8 (debug full details) => 7 (debug) 
it doesn't actually make a notable difference. boot is still spammy.
i think i either get:
- debug messages compiled in and shown by default, or
- debug messages not compiled in

i'll settle for the former.
 2022-05-17 09:28:02 +00:00
Colin
61ff0eae4b uboot: split the patches apart and disable the verbose logging 
logging still has *some* verbosity. i may turn it down further.
 2022-05-17 09:10:26 +00:00
Colin
09cb37dee2 net: update ovpn config 2022-05-17 07:45:31 +00:00
Colin
b5ce0f9fea Pleroma: restart on failure (fixes slow DB startups) 2022-05-17 07:24:26 +00:00
Colin
a4f8a3042d document useful nix CLI tools 2022-05-17 06:44:40 +00:00
Colin
23a4633514 include fatresize in the env. 
it's useful for resizing the /boot partition
 2022-05-17 06:44:21 +00:00
Colin
a39564118f net: disable wlan0 2022-05-17 06:44:02 +00:00
Colin
3bc0a13ad1 cfg/hardware: include the contents of the scan/not-detected.nix file 2022-05-17 06:43:24 +00:00
Colin
e42256fa7f move boot config into cfg/hardware.nix 2022-05-17 05:47:43 +00:00
Colin
5ca049dcbe cfg/users: document how to create ssh keys 2022-05-17 02:11:52 +00:00
Colin
1064867194 migrate the nix install to an external USB drive. 
this requires a patch to uboot:
- uboot thinks the drive has a capacity of 0 (i.e. 'unknown'). unclear precisely why. could be noncompliant drive firmware, or a timeout somewhere.

and a patch to the rpi bootloader:
- in order to trampoline into the rpi-4 uboot.

and custom kernel modules in the initrd:
- in order to detect the USB hub (rpi fw).

additionally, i'm MANUALLY placing `bcm2711-rpi-400.dtb` into `/boot/nixos/..-linux-5.10.111-dtbs/broadcom`.
i'll want to do this automatically over time.

i hope to simplify much of this over time: this is just the first thing which works after a couple days of hacking at it.
 2022-05-17 01:58:12 +00:00
Colin
aeb8319154 services: add duplicity b2 backup cron job 2022-05-11 23:04:26 +00:00
Colin
0a63e53512 matrix: screen registrations by redirecting the activation emails 2022-05-11 06:41:34 +00:00
Colin
a1bbd16b94 gitea: achieve manual account approval via email intercepting 
flow: user signs up, with email. their activation email is redirected to me.
if they look good, i forward that email.
 2022-05-10 23:15:01 +00:00
Colin
44ce66b7ec gitea: enable registration behind captcha + manual approval 
unfortunately gitea doesn't notify me of user applications.
so new users will want to contact me out-of-band.
 2022-05-10 07:34:49 +00:00
Colin
d6a37e6398 matrix: document how to add a new user 2022-05-10 01:18:07 +00:00
Colin
4db73019ee nginx: enable matrix web client at web.matrix.uninsane.org 2022-05-10 00:45:38 +00:00
Colin
b804fd338e update pleroma 2.4.51 -> 2.4.52 (tip/4605efe272016a5ba8ba6e96a9bec9a6e40c1591) 2022-05-09 22:48:43 +00:00
Colin
151f8b0824 Pleroma: enable emoji 
or maybe they were enabled by manually placing them in the right
directory :-)

either way, i should consider moving those out of the Pleroma state dir.
they really are more of a config option (alongside theming).
 2022-05-09 21:22:15 +00:00
Colin
c7f4d9ad1f Pleroma: enable registration and try to sync follower counts 2022-05-09 07:55:43 +00:00
Colin
c95ffcb9d5 Pleroma: switch back to log-level warn 
oops
 2022-05-09 00:39:13 +00:00
Colin
3352711dc0 pleroma: enable email services (e.g. password reset) 2022-05-09 00:37:49 +00:00
Colin
b5dd04e127 rename config/ -> cfg/ 
notably, this avoids the problem where `co<tab>` can't auto-complete the trailing slash.
`cf<tab>` autocompletes to `cfg/` in the same number of keystrokes :-)
 2022-05-08 22:01:22 +00:00
Colin
879b7f12fe move the config import details into the config subdir 2022-05-08 21:59:07 +00:00
Colin
fd26b200e9 matrix: irc: rizon: enable SASL 
with this (and a registered username), i'm able to connect to
channels which require auth.

i haven't actually received any messages yet, but i can view the user list
so it's working better than before :-)
 2022-05-08 08:44:31 +00:00
Colin
56f93cfb53 matrix: irc: rizon: configure a better bridge username 
also, the connectivity issue is resolved simply by restarting matrix-synapse.
it was reading an outdated matrix-appservice-irc resource file.
 2022-05-08 06:30:22 +00:00