6befc40700
feeds: migrate Decoder
2023-01-11 15:51:41 +00:00
29db2d8dc5
feeds: switch to working 60 minutes feed
2023-01-11 15:46:34 +00:00
36d8052982
feeds: disable 60 minutes
2023-01-11 15:41:25 +00:00
48115231a3
feeds: port acquired, FT
2023-01-11 15:32:42 +00:00
c1457f5bfb
feeds: port 99% Invisible
2023-01-11 15:25:32 +00:00
7dfaf77a71
feeds: port Sam Harris / Waking Up
2023-01-11 15:15:03 +00:00
72dc7029e6
feeds: port Dan Carlin
2023-01-11 15:06:18 +00:00
95f3215b00
feeds: port darknet diaries and radiolab
2023-01-11 15:03:24 +00:00
baac8df8c2
feeds: fix Econtalk; port Doctorow, 80000hrs, deconstructed, intercepted, Post, The Portal
2023-01-11 14:51:17 +00:00
dc6a08a12b
convert some of my feeds to db entries
2023-01-11 13:16:26 +00:00
2413e2eb5f
feeds: update ACX feed to its non-forwarded origin
2023-01-11 10:59:35 +00:00
bd5209c655
move cross compilation out of the flake and into the host definitions
2023-01-11 08:56:06 +00:00
33967554a5
servo: fix missing "lib" in nginx file
2023-01-09 13:25:56 +00:00
dbb78088f4
refactor: cleanup instances where we map to attrs to be more resilient against duplicate names
2023-01-09 03:48:07 +00:00
f17ae1ca7b
refactor: avoid using // where we know the sets should be disjoint
2023-01-09 03:11:14 +00:00
b2774a4004
move pubkeys out a modules/data/ directory
2023-01-09 02:40:25 +00:00
a457fc1416
ssh: move sys config out of hosts/common
2023-01-08 08:43:23 +00:00
2c0b0f6947
ssh: explain why we specify host_keys the way we do instead of through sane.persist
2023-01-08 08:41:48 +00:00
fb57e9aa5b
cleanup the 'every user/group has an id' enforcement
2023-01-08 06:46:07 +00:00
af77417531
feeds: add Perry Bible Fellowship comic
2023-01-08 05:30:36 +00:00
eea80b575d
feeds: disable dilbert (it doesn't embed well)
2023-01-08 05:28:15 +00:00
6a209d27fd
freshrss: only show text and image feeds
2023-01-08 05:27:45 +00:00
e8f778fecd
feeds: convert to module
2023-01-08 05:24:56 +00:00
488036beb3
ssh: add git.uninsane.org host key back
2023-01-08 03:22:05 +00:00
00b681eca5
ssh: manager ourself instead of using home-manager
2023-01-08 03:14:47 +00:00
72d589cb2d
ssh: port to modules system
2023-01-08 03:07:57 +00:00
ea5552daa7
bluetooth: accept that LinkKeys are device/host-specific and stop trying to share them across machines
2023-01-07 11:31:35 +00:00
85a2fbc38a
bluetooth: dont persist /var/lib/bluetooth
2023-01-07 08:08:29 +00:00
c063ecd047
bluetooth keys: use sane.fs instead of activationScripts
...
also auto-determines the device ID, which was previously broken
2023-01-07 03:43:31 +00:00
cc9e2d8e15
net: simplify the iwd psk setup
2023-01-07 03:10:39 +00:00
bb41fb95fe
iwd: populate net config with systemd service, not activationScript
2023-01-07 03:03:19 +00:00
d852adf806
move keyring to private store
2023-01-07 02:04:28 +00:00
53edf4e6af
firefox: handle config files manually, instead of leveraging home-manager
2023-01-06 16:11:06 +00:00
0a48d79174
fs: introduce some helpers to make writing symlinks easier
2023-01-06 15:38:29 +00:00
493d317bb1
moby: override browser-cache persistence more cleanly
2023-01-06 13:28:18 +00:00
fe816e9110
persist: lift sane.persist.dirs.{home,sys} up one level
2023-01-06 11:29:13 +00:00
8217b22c86
rename impermanence -> persist
2023-01-06 10:04:51 +00:00
0977721af5
moby: fix to preserve browser cache across boots
2023-01-04 13:27:20 +00:00
cd5f8054c0
fs: rename "mountpt" -> "origin" to reflect that it doesnt have to be a device
2023-01-04 12:19:32 +00:00
3db388b105
servo: relocate ext
device to /mnt/impermanence/ext and fixup deps
2023-01-04 12:12:30 +00:00
2ba6116f10
fs/impermanence: more precisely control unit dependencies/ordering
2023-01-04 11:22:26 +00:00
abced7dd0d
navidrome: don't try to chown to an invalid user
2023-01-04 08:00:04 +00:00
247ad326b2
freshrss: be conservative and use explicit octal mode bits
2023-01-04 07:14:54 +00:00
170008f345
home.files symlinks: port to sane.fs
2023-01-04 07:14:38 +00:00
7b02477486
servo: define /etc/persist via sane impermanence module
2023-01-04 02:15:43 +00:00
a9ee26388c
guest account: make home-dir writable by other users
2023-01-04 01:09:23 +00:00
933063115b
moby: fix home-dirs for newer impermanence module
2023-01-04 00:47:48 +00:00
2d7b3750cd
impermanence: split the /home/colin perms fix into more appropriate places
2023-01-03 08:25:43 +00:00
5a2bbcce3b
move plaintext home-dirs out of home-manager module into users module
2023-01-03 07:35:42 +00:00
327e6b536f
impermanence: large refactor, and experimental bind mounting of things from ~/private
2023-01-03 07:22:37 +00:00
9e32211c12
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument
...
in the future it can support ~/private as a backing store
2023-01-03 03:04:19 +00:00
be222c1d70
trust-dns: allow shorthand assignment of record lists
2023-01-02 13:23:52 +00:00
875e923197
declare ~/private in fileSystems and reuse for pamMount
2023-01-02 11:34:02 +00:00
3c726f148b
remove some stale references to mobile-nixos
2023-01-02 10:00:20 +00:00
5a273213f6
sops: remove sops.age.sshKeyPaths override: sops gets this from openssh config already
2022-12-30 03:49:31 +00:00
0a6d88dfc1
impermanence: simplify /etc/ssh/host_keys setup
2022-12-30 03:34:59 +00:00
50dfd482cf
document plans for better handling of /etc/ssh
2022-12-29 19:19:51 +00:00
9743aee79d
ssh keys: document the issues i'm seeing
2022-12-29 18:42:59 +00:00
aa1c1f40cb
WIP: impermanence rework (gut 3rd-party lib)
2022-12-29 16:38:58 +00:00
760f2ac66d
move ~/.cache into encrypted private dir
2022-12-29 01:17:40 +00:00
8e5ca11259
cleanup gocryptfs mounting
...
there's possibly some latent issues. i think my changes to the gocryptfs
package *might* not be necessary: if you work via the fuse front-door,
it's a lot harder to get it into these weird places.
2022-12-29 01:17:40 +00:00
121936620a
impermanence: add support for encrypted clear-on-boot storage
...
this is useful for when we need to store files to disk purely due to
their size, but don't actually want them to be persisted.
2022-12-29 01:17:40 +00:00
f5b49e014c
net: add parent's wifi
2022-12-29 00:57:36 +00:00
4bdb34775d
consolidate filesystems./ across devices
2022-12-28 01:36:22 +00:00
a0ac7fa98d
snippets: add secret snippets
2022-12-26 09:29:04 +00:00
b03043e513
add sane-bt-search script to search jackett/torrents
2022-12-26 09:05:26 +00:00
0713e3bad1
secrets: move bluetooth/vpn secret defn to toplevel nix file
2022-12-26 08:28:44 +00:00
d3a3f39756
move universal secrets out of net.nix -> secrets.nix
2022-12-26 08:09:58 +00:00
9b75d8705b
ejabberd: enable push notifications (verified working on iOS/Modal IM)
2022-12-22 14:12:15 +00:00
217ecec250
ejabberd: enable xmpps-{client,server} SRV records
2022-12-22 13:13:09 +00:00
1f99d44288
/home/colin: fix perms to 0700
2022-12-22 11:33:13 +00:00
0c35e2b3c1
servo: enable nsncd
2022-12-22 10:34:47 +00:00
c745612cfd
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-21 08:51:12 +00:00
278cc98c6d
minor ejabberd config changes, simplify DNS %NATIVE% updating
2022-12-21 08:50:41 +00:00
09c524a5b1
Merge remote-tracking branch 'origin/staging/nixpkgs-2022-12-18'
2022-12-21 07:47:55 +00:00
0db7f0857a
moby: reduce the number of configurations we keep in /boot
2022-12-21 06:33:50 +00:00
55e09c2dbf
ejabberd: port to dns-dns; add experimental STUN/TURN support
...
during startup it says:
```
Ignoring TLS-enabled STUN/TURN listener
```
and later
```
Invalid certificate in /var/lib/acme/uninsane.org/fullchain.pem: at line 61: certificate is signed by unknown CA
```
the invalid cert thing has always been here. it's for the root cert. idk
if i need to tell ejabberd that one's self-signed, or what.
2022-12-20 03:26:08 +00:00
d60e5264f3
don't bind-mount /etc/ssh/host_keys: symlink them instead
2022-12-20 00:04:09 +00:00
97044bf70e
trust-dns: port to dyn-dns for determining WAN IP
...
although the systemd wantedBy directive is working,
`before` seems to be ignored when the unit fails. so on first run,
dyn-dns runs, fails (poor net connectivity), then trust-dns starts
(fails), then they both restart 10s later.
it's not great, but good enough. also, wan IP is persisted, so this
likely won't happen much in practice.
2022-12-19 13:12:23 +00:00
0b2faef989
/etc/ssh/host_keys: fix endlessly stacked mounts
...
i believe this was mounting a new /etc/ssh/host_keys on every
activation, resulting in literally thousands of mounts and slowing down
later activations
2022-12-19 11:18:08 +00:00
8acd6ca4f1
create sane.services.dyn-dns
to manage dynamic DNS stuff
...
not yet integrated into servo
2022-12-19 11:16:30 +00:00
8169f7c6b2
ddns-trust-dns: use ddns from router rather than ipinfo.io
2022-12-19 08:24:11 +00:00
567c08460a
add sane-ip-check-router-wan to query WAN with a more trustworthy source
2022-12-19 05:59:44 +00:00
9b66aecf1b
trust-dns: port the remaining records to a structured format
...
SRV and MX _could_ have more structure (priority, etc).
not sure the best path there (option submodule, i guess).
2022-12-19 04:38:43 +00:00
16cb3b83a2
trust-dns: more idiomatic way to define SOA records
2022-12-19 04:00:27 +00:00
970438be8a
trust-dns: rename records
option -> extraConfig
...
i'll be adding special options for records
2022-12-19 03:12:32 +00:00
8a745a9b8a
ejabberd: enable STUN (with partial discovery support)
...
discovery is probably not working:
```
Won't auto-announce STUN/TURN service on port 3478 (udp) without public IP address, please specify 'turn_ipv4_address' and optionally 'turn_ipv6_address'
Won't auto-announce STUN/TURN service on port 3478 (tcp) without public IP address, please specify 'turn_ipv4_address' and optionally 'turn_ipv6_address'
```
no messages for the TLS implementation, so maybe that's working?
2022-12-19 01:22:20 +00:00
3505f3b9f3
ejabberd: provision cert for conference.xmpp.uninsane.org
...
i guess the cert already had that because of legacy prosody setup (?),
but we weren't setup so that new requests would work, i expect.
either that or all of these nginx entries aren't necessary?
2022-12-19 01:22:20 +00:00
444595e847
disable HE and afraid DDNS
2022-12-19 01:22:20 +00:00
22e46d52c2
trust-dns: distribute records across service files
2022-12-17 01:29:12 +00:00
1e0c213adf
split webconfig into each service file
2022-12-17 00:52:48 +00:00
3e1340ed61
enable i2p in firefox
2022-12-16 22:15:19 +00:00
a8a4b8e739
kiwix: serve the full english Wikipedia
2022-12-16 05:58:51 +00:00
2550601179
serve w.uninsane.org through kiwix-serve
2022-12-16 02:25:57 +00:00
8fe304d6c1
trust-dns: split the service into a generic config interface
2022-12-15 11:17:50 +00:00
700fef7df3
servo: mediawiki: remove dead commented-out code
2022-12-15 11:17:50 +00:00
01db7e1f23
servo: install mediawiki
2022-12-15 11:17:50 +00:00
58ad87df8e
vpns: add us-mi[ami]
2022-12-13 04:26:00 +00:00
5fc894cda9
vpn: fix us-atlanta -> us-atl to match interface length limit
2022-12-13 04:13:01 +00:00
005a79e680
vpn: factor out more helpers
2022-12-13 03:55:18 +00:00