41b385b6ca
moby: refactor the kernel config into the actual kernel package and do less of that in the module system
...
this makes it easier to swap Kconfigs verbatim from other distros, e.g.
2024-05-21 22:47:12 +00:00
c21ddca1fd
servo: doof tunnel: enable IPv6 and forward-DNS records
2024-05-20 05:47:04 +00:00
47da8e55f3
servo: disable jackett/slskd/transmission temporarily
2024-05-20 05:08:58 +00:00
3b99bb497b
servo: bridge to doof.net
2024-05-20 05:08:32 +00:00
9873353d00
refactor: replace --replace substitutions with --replace-fail where applicable
2024-05-19 23:31:54 +00:00
26e347f38c
moby: ship with way higher CMA by default
2024-05-19 10:40:15 +00:00
3361f2bbe7
zsh: port to sane.programs
2024-05-18 08:10:34 +00:00
afb9d273ab
servo: re-enable slskd
2024-05-17 22:00:46 +00:00
5924d092f4
coturn: expand documentation
2024-05-16 09:41:53 +00:00
a5f6aae6f5
desko: use stock systemd resolver
...
i need a backup system to use when things are broken, and this helps with debugging as well
2024-05-16 03:12:30 +00:00
fd94422982
distcc: purge
2024-05-16 02:51:38 +00:00
d258d4ddd5
desko: re-enable firewall
2024-05-16 02:49:03 +00:00
9d725a0974
servo: disable unused nixcache.uninsane.org
2024-05-16 02:46:23 +00:00
df4ef0ce5a
desko: disable nix-serve
2024-05-16 02:35:27 +00:00
d5e8974a4a
refactor: trust-dns: listenAddrs -> listenAddrsIpv4
2024-05-14 23:22:50 +00:00
e040a5b0c5
servo: trust-dns: remove hn-resolver
...
my hosts run their own recursive DNS resolvers now, so there's no need for the wireguard VPN to provide them with that
2024-05-14 23:20:19 +00:00
f3cf9e0bed
trust-dns: set it to NOT be the system resolver for servo
...
trust-dns recursor is too beta for servo
2024-05-14 09:03:10 +00:00
889b332ade
trust-dns: split the parts which are generalizable into their own file
...
i can try to build this into a recursive resolver for *all* my hosts
2024-04-30 14:35:56 +00:00
1f2bbd4aec
refactor: split modemmanager stuff into own file
2024-04-27 08:32:15 +00:00
19115dfb65
eg25-control: port to s6 (hopefully)
2024-04-26 21:44:13 +00:00
34842c00fe
moby: make the modem powerable by the user, without root
...
this should allow migrating eg25-control to a user service
2024-04-26 17:19:38 +00:00
6129fbf2b3
lemmy: upstream the proxy headers
2024-04-26 16:44:43 +00:00
f3d2dee470
lemmy: fix federation (broke due to invalid HTTP signatures)
2024-04-26 10:31:47 +00:00
3d207ab7bb
coturn: allocate 256 ports instead of 16
2024-04-26 08:47:52 +00:00
95447eb765
goaccess: fix missing state dir
2024-04-26 08:47:09 +00:00
593268f620
coturn: run inside ovpns namespace
2024-04-26 08:01:34 +00:00
d0de6a9254
sftpgo: reduce the passive port range
...
hopefully this eases the load on the upstream firewall's UPNP service
2024-04-22 12:08:23 +00:00
12f2798140
servo: sftpgo: move to own directory
2024-04-22 12:05:16 +00:00
a7b8eb179b
pipewire: move the clock quantum config into sane.programs proper
...
this ensures it's available in the sandbox
2024-04-20 09:09:05 +00:00
f10bb6c86c
sftpgo: adjust file mode to be compatible with Kodi
2024-04-20 08:07:00 +00:00
317996b609
clightning-sane: document the status command more
2024-04-19 07:29:20 +00:00
135f63480b
clightning-sane: add a help message
2024-04-19 07:29:20 +00:00
f59f13588f
jackett/transmission/slskd: validate public IP address before starting
2024-04-18 20:05:59 +00:00
a36ff517e7
servo: slskd: disable
2024-04-18 06:55:56 +00:00
60c370df3f
sftpgo: fix domain name in banner
2024-04-18 05:01:57 +00:00
d80852c6c1
sftpgo: re-enable password login
2024-04-18 04:58:59 +00:00
62b3047fff
sftpgo: support FTPS
2024-04-18 04:34:41 +00:00
9a9ffcbea9
transmission: fix faulty "find" expression (thanks shellcheck!)
2024-04-17 23:32:00 +00:00
733efcfaf7
servo: nginx: forceSSL for anything media related
2024-04-17 22:49:24 +00:00
b34d984572
servo: transmission: remove noisy files upon torrent completion
2024-04-17 20:47:00 +00:00
e2b58e1b77
servo: transmission: be extra strict about requiring VPN
2024-04-17 19:52:11 +00:00
b7e5bc5972
servo: sftpgo: disable external access
2024-04-17 19:41:57 +00:00
13c1f01a6b
servo: pleroma: migrate port 4000 -> 4040
...
port 4000 is used by NFS
2024-04-16 18:57:54 +00:00
5f281f57de
servo: transmission: inline nested torrent directories
2024-04-16 18:25:41 +00:00
089e434e3f
servo: transmission: fix group permissions of media when copying them to public dir
2024-04-16 16:31:10 +00:00
feb36d19ac
programs: ship cups
2024-04-14 03:33:55 +00:00
fce3436c88
servo: expose Milkbags to the internet :)
2024-04-08 06:55:09 +00:00
f7e4504764
pict-rs: remove no-transcoding patch (it doesnt apply anymore)
2024-04-04 19:09:12 +00:00
7ab148ea58
servo: migrate /var/media to be 100% on zfs pool
2024-04-04 06:20:50 +00:00
410097480f
docs: servo: fs: fix setfacl typo
2024-04-03 09:48:10 +00:00
f5fadbe4cf
transmission: place torrents in a separate directory, and copy them to the main media directory on completion
2024-04-03 09:48:10 +00:00
d3ad661970
servo: zfs: enable reflink support
2024-03-31 03:48:34 +00:00
eff37765ae
sane.image: fix so imgs.moby includes a working bootloader
2024-03-31 03:24:33 +00:00
5ed29ceb47
servo: /var/media: fixup permissions so everything is r/w by "media" group, including sftpgo
2024-03-28 23:14:40 +00:00
725ab13628
servo: nfs: allow UDP NFSv3 connections
2024-03-27 00:54:58 +00:00
c6a1f310a0
servo: net: actually assert that ovpns exists if we fail to add it
2024-03-26 11:13:10 +00:00
1d494513a9
slskd: document common errors/flakiness
2024-03-26 11:04:21 +00:00
3cf42db7dc
slskd: fix for more recent nixpkgs
2024-03-26 10:47:20 +00:00
098cd2051e
sftpgo: expose to the WAN
2024-03-14 13:11:44 +00:00
691a7d7ff7
sftpgo: configure for credential-gated r/w access
2024-03-14 13:11:44 +00:00
c7c2785ad8
sftpgo_external_auth_hook: refactor
2024-03-14 13:11:44 +00:00
4c1a7fc910
sftpgo: port auth program to python
2024-03-14 13:11:44 +00:00
f44a4c84ee
moby: don't ship fcitx5 (doesn't cross compile)
2024-03-11 07:54:49 +00:00
f44c3f2e1f
moby: auto-screenoff: bump timeout from 150s -> 300s
2024-03-07 23:14:03 +00:00
bb300a4eb5
swayidle: dont enable screenoff action by default
2024-03-07 11:18:34 +00:00
fd4842ab5b
swayidle: auto screenoff
2024-03-07 10:59:44 +00:00
1cdc3b8bda
moby: enable schlock screen locker
2024-03-07 10:37:18 +00:00
bd27f3a015
swayidle: enable; pair with swaylock
2024-03-06 20:55:01 +00:00
471339d237
hosts (all): remove sxmo-related polyfills
2024-03-06 05:07:30 +00:00
18c7fc17fd
alacritty: configure font size per-host
2024-03-06 05:07:30 +00:00
41a141dba6
servo: disable navidrome
2024-03-05 18:48:25 +00:00
4d6d79cc81
servo: /var/lib/uninsane/media -> /var/media
2024-03-05 18:44:30 +00:00
53d76920e4
servo: persist more specifically the /var/lib/uninsane/media directory
2024-03-05 18:39:23 +00:00
d43cc6c61c
alsa-ucm-conf: fold the Pinephone patches into sane.programs.alsa-ucm-conf & distribute to all hosts
2024-03-05 00:28:07 +00:00
6b45589e54
wireplumber: ensure ALSA_UCM_CONF2 env var is on PATH
...
this is critical for pipewire/wireplumber to work on moby
2024-03-03 04:43:11 +00:00
0aaa3eaaeb
mpv: remove legacy vo=wlshim hack
2024-03-02 23:46:52 +00:00
6ec3126321
moby: fix display driver reload check to run before unl0kr
...
this should fix the no-graphics-on-boot bug i'm seeing. it was previously fixed for lightdm and greetd: just not unl0kr
2024-03-02 19:50:50 +00:00
b6daeddfa2
waybar: show different modules for moby v.s. others
2024-03-01 15:25:42 +00:00
2e737c2ab1
moby: sxmo -> sway
...
still several things need to be improved, but the groundwork is there
2024-03-01 07:26:26 +00:00
b02ae7ef74
moby: polyfill an OK sway layout
2024-03-01 05:20:28 +00:00
37ddb2ae17
waybar: fix font size to be more usable on moby
2024-03-01 04:46:06 +00:00
81e02e2885
sway: moby: fix layout/scale preferences
2024-03-01 04:38:26 +00:00
c380f61bea
fix "rescue" host to eval again
2024-02-28 14:19:45 +00:00
d0d7994c2f
sxmo: remove 'greeter' option
2024-02-26 07:27:33 +00:00
d5643a6a5d
assorted static-nix-shell packages: use srcRoot
2024-02-25 17:37:38 +00:00
c6ebcfe66e
servo: port legacy /var/lib users over to "method = bind" persistence
...
i may wittle these down in the future
2024-02-23 15:49:54 +00:00
bd7ca20361
desko: fs: remove dead code
2024-02-23 14:45:57 +00:00
f5ef1e96ca
lappy: fs: remove dead code
2024-02-23 14:44:49 +00:00
c23e4dc9c7
servo: note why i use file.text instead of symlink.text here
2024-02-23 08:14:27 +00:00
478747a96e
modules/persist: change default mounting method to symlink
...
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
that's causing problems with sandboxing, particularly ~/private.
that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
if `realpath` doesn't evaluate to `/nix/persist`, then it's not
persisted.
2024-02-23 07:06:29 +00:00
386651044e
sway: port to sane.programs API
2024-02-21 23:18:57 +00:00
5ff1d014b8
servo: transmission: fix user agent
2024-02-17 01:35:40 +00:00
4002a57e03
servo: transmission: advertise as 3.00 to deal with old trackers
2024-02-16 12:58:08 +00:00
74a0b0d125
gitea: serve phone-case-cq/ build files as proper html/js content type
2024-02-16 12:07:28 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
d3eaa69261
lappy/desko: auto-start signal-desktop
2024-02-02 14:22:08 +00:00
25707eb79e
servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts
2024-02-01 15:47:56 +00:00
09923b60ea
moby: disable desko as nixcache
2024-02-01 15:41:43 +00:00
a0f00313a7
moby: disable signal-desktop autostart
2024-01-31 20:09:03 +00:00
