56d84dea4d
hosts: remove unused (defaulted) option: boot.loader.efi.canTouchEfiVariables
2024-06-07 07:27:34 +00:00
8105e00b39
refactor: make system.stateVersion
common across all hosts.
...
otherwise it's hairy to share nixos configs/modules between them
note that this alters the stateVersion for desko/lappy/rescue, but unlikely to matter
2024-06-04 15:58:53 +00:00
b159240b7f
servo: import ovpn privkey
2024-05-26 14:37:33 +00:00
3361f2bbe7
zsh: port to sane.programs
2024-05-18 08:10:34 +00:00
9d725a0974
servo: disable unused nixcache.uninsane.org
2024-05-16 02:46:23 +00:00
df4ef0ce5a
desko: disable nix-serve
2024-05-16 02:35:27 +00:00
f3cf9e0bed
trust-dns: set it to NOT be the system resolver for servo
...
trust-dns recursor is too beta for servo
2024-05-14 09:03:10 +00:00
2f31100c3f
servo: ship go2tv
2024-01-04 16:25:50 +00:00
1a6ce11b07
disable binfmt emulation on my build machines
2023-12-07 13:49:07 +00:00
a9ba9b77ad
enable servo as a remote builder
2023-11-23 02:21:01 +00:00
77a0a36bb8
enable remote-building for lappy/moby
2023-11-23 01:59:37 +00:00
0893c90c51
refactor how i decide which programs go on which machine (leverage "roles" like pc and handheld)
2023-11-18 22:56:53 +00:00
c1d62bdbc2
wg-quick: allow clients to contact the internet
2023-09-19 12:36:57 +00:00
9d1ebd38ce
wg-home: don't infer role from ip address, but set it explicitly
2023-09-19 11:38:51 +00:00
44059b34c7
don't ship unused sane-scripts
2023-08-02 21:09:16 +00:00
5cd05d8762
programs: split consoleUtils into separate normal/desktop sets
2023-07-30 11:59:38 +00:00
e5cca42717
servo: fix sane.nixcache path
2023-07-15 00:40:31 +00:00
2f5c33b2b4
nixcache: tidy up substituter config
2023-07-14 22:33:33 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
2e9eb51893
i2p/yggdrasil: factor out and only enable for desko/servo
...
especially this means i no longer run them on moby, improving battery life & such
2023-05-17 01:53:17 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
8fc57c4249
make it so servo doesn't do binfmt emulation, nor fetch cache from desko
2023-03-11 13:45:45 +00:00
dc1cd7a9a5
sane.persist: make it default-true for my hosts
2023-03-11 08:36:14 +00:00
f3151320a3
servo: shutup sane-deadlines warning
2023-03-11 07:58:56 +00:00
d725dfb7f1
refactor: group build-machine-related config into one "role" file
2023-03-05 01:05:17 +00:00
afb006f6ec
programs: port last users & remove the old packages.nix
2023-02-03 05:26:57 +00:00
4da19a6d34
servo: remove users.nix; move autologinUser -> default.nix
2023-01-20 22:16:47 +00:00
f4f0c1bdd6
servo: fix broken config/typo
2023-01-20 07:45:54 +00:00
6a2374e046
wg-home: unify server and client config
2023-01-20 07:42:31 +00:00
038a9034d7
hosts: remove the is-target attribute and opt into roles via the config system instead
2023-01-20 00:13:13 +00:00
d13bcc49ab
refactor hosts directory, and move ssh keys out of modules/data
...
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).
also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
2023-01-19 23:23:43 +00:00