038a9034d7
hosts: remove the is-target attribute and opt into roles via the config system instead
2023-01-20 00:13:13 +00:00
5a232eb832
servo: fix secrets path
2023-01-19 23:57:40 +00:00
9301b95dbb
wg-home: move to shared module so that host and client config can be adjacent
2023-01-19 23:55:56 +00:00
d13bcc49ab
refactor hosts directory, and move ssh keys out of modules/data
...
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).
also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
2023-01-19 23:23:43 +00:00
35e28041cd
flake update: nixpkgs-stable: 2023-01-15 -> 2023-01-17
...
```
• Updated input 'nixpkgs-stable':
'github:nixos/nixpkgs/2f9fd351ec37f5d479556cd48be4ca340da59b8f' (2023-01-15)
→ 'github:nixos/nixpkgs/b83e7f5a04a3acc8e92228b0c4bae68933d504eb' (2023-01-17)
```
2023-01-19 10:52:15 +00:00
58a5a8b56d
wg_home_privkey: move secret to common file
2023-01-19 09:47:44 +00:00
e6d4ff3c6a
experimental wg-home VPN shared across my devices
2023-01-19 09:45:03 +00:00
be29ad8bd8
servo: rename wg0 interface -> wg-ovpns
2023-01-19 09:35:07 +00:00
6967c331e2
matrix: fix synapse/signal permissions
2023-01-18 01:50:28 +00:00
bb983a5328
servo: ship with signaldctl
2023-01-17 10:31:21 +00:00
10d69fb0a4
mautrix-signal: configure correct permissions so that i can use the bridge
2023-01-17 07:57:24 +00:00
98ae1a8513
matrix: persist the mautrix-signal directory
2023-01-16 11:58:21 +00:00
72a2ab78f3
matrix: allow mautrix-signal to communicate with signald
2023-01-16 11:54:32 +00:00
487af9b492
fs: fix /var/lib/private to have expected mode (0700)
2023-01-16 11:43:43 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
9eafacad12
mautrix-signal: get a *little* closer to working
...
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from
its config file -- which we place in the nix store. as such, we have no
easy way of getting the token from registration.yaml over to
mautrix-signal. this is presumably what the environmentFile stuff is
meant for, but it doesn't *really* help much.
i think it makes sense to pursue coffeetables' nix-matrix-appservices
module, which has good-looking AS_TOKEN support:
<https://gitlab.com/coffeetables/nix-matrix-appservices >
2023-01-16 10:22:44 +00:00
0eb46a3179
add mautrix-signal (experimental)
2023-01-16 09:03:56 +00:00
b4e19c037e
ejabberd: TODO: fix acme/nginx group membership
2023-01-16 05:59:52 +00:00
926decbea5
persist ~/.cache/nix
2023-01-14 23:21:15 +00:00
fd7acc8fc8
let host nix (i.e. nix-shell, nix-locate) know about our patched nixpkgs and overlays
2023-01-13 09:41:05 +00:00
0f25cba331
moby kernel: disable config option that would break build
2023-01-13 04:40:34 +00:00
39959e912d
cross: fix cross compilation by setting both local AND crossSystem
2023-01-13 04:40:34 +00:00
b1741a18e1
feeds: include "title" in the output OPML -- when it exists
2023-01-13 04:13:44 +00:00
110ab1a794
feeds: fix snowden to not be a podcast
2023-01-11 16:20:53 +00:00
7d5a81e542
feeds: port Civboot
2023-01-11 16:11:46 +00:00
1af2a3f329
feeds: port Michael Malice
2023-01-11 16:05:25 +00:00
3fa9e910a9
feeds: port Matrix Live
2023-01-11 16:03:00 +00:00
6befc40700
feeds: migrate Decoder
2023-01-11 15:51:41 +00:00
29db2d8dc5
feeds: switch to working 60 minutes feed
2023-01-11 15:46:34 +00:00
36d8052982
feeds: disable 60 minutes
2023-01-11 15:41:25 +00:00
48115231a3
feeds: port acquired, FT
2023-01-11 15:32:42 +00:00
c1457f5bfb
feeds: port 99% Invisible
2023-01-11 15:25:32 +00:00
7dfaf77a71
feeds: port Sam Harris / Waking Up
2023-01-11 15:15:03 +00:00
72dc7029e6
feeds: port Dan Carlin
2023-01-11 15:06:18 +00:00
95f3215b00
feeds: port darknet diaries and radiolab
2023-01-11 15:03:24 +00:00
baac8df8c2
feeds: fix Econtalk; port Doctorow, 80000hrs, deconstructed, intercepted, Post, The Portal
2023-01-11 14:51:17 +00:00
dc6a08a12b
convert some of my feeds to db entries
2023-01-11 13:16:26 +00:00
2413e2eb5f
feeds: update ACX feed to its non-forwarded origin
2023-01-11 10:59:35 +00:00
bd5209c655
move cross compilation out of the flake and into the host definitions
2023-01-11 08:56:06 +00:00
33967554a5
servo: fix missing "lib" in nginx file
2023-01-09 13:25:56 +00:00
dbb78088f4
refactor: cleanup instances where we map to attrs to be more resilient against duplicate names
2023-01-09 03:48:07 +00:00
f17ae1ca7b
refactor: avoid using // where we know the sets should be disjoint
2023-01-09 03:11:14 +00:00
b2774a4004
move pubkeys out a modules/data/ directory
2023-01-09 02:40:25 +00:00
a457fc1416
ssh: move sys config out of hosts/common
2023-01-08 08:43:23 +00:00
2c0b0f6947
ssh: explain why we specify host_keys the way we do instead of through sane.persist
2023-01-08 08:41:48 +00:00
fb57e9aa5b
cleanup the 'every user/group has an id' enforcement
2023-01-08 06:46:07 +00:00
af77417531
feeds: add Perry Bible Fellowship comic
2023-01-08 05:30:36 +00:00
eea80b575d
feeds: disable dilbert (it doesn't embed well)
2023-01-08 05:28:15 +00:00
6a209d27fd
freshrss: only show text and image feeds
2023-01-08 05:27:45 +00:00
e8f778fecd
feeds: convert to module
2023-01-08 05:24:56 +00:00
