Commit graph

80 commits

Author SHA1 Message Date
Benjamin Yule Bädorf e127ae6062
core/networking: harden all the things 2024-03-30 15:35:32 +01:00
Benjamin Yule Bädorf d5ce7067e1
pie/dns: fix b12f.io DNS 2024-02-16 11:18:35 +01:00
Benjamin Yule Bädorf 1169873bac
networking: remove pie from hosts file, add droppie-initrd 2024-02-08 23:29:44 +01:00
Benjamin Yule Bädorf 3e0f8438c1
initrd/networking: manually set networking 2024-02-04 01:05:28 +01:00
Benjamin Bädorf ce1e00d5b0
pie/networking: fix dns resolver collision 2024-02-01 22:37:47 +01:00
Benjamin Bädorf 39b340f825
core: use latest linux kernel by default 2024-01-29 23:04:30 +01:00
Benjamin Bädorf 28786af37b
feat: use systemd-resolved so VPN & WG DNS works 2024-01-24 21:02:10 +01:00
Benjamin Bädorf 29e183b0c7
feat: use ACME and nginx instead of caddy 2023-11-14 18:44:46 +01:00
Benjamin Bädorf 282691cd64
fix: use lib.mkDefault for timezone 2023-11-06 23:30:40 +01:00
Benjamin Bädorf 2fbaa24cb5
feat: update droppie shutdown, default to UTC 2023-11-06 21:50:28 +01:00
Benjamin Bädorf 540736c3ba
chore: directly connect clients to pie for lower latency dns 2023-11-06 21:43:48 +01:00
Benjamin Bädorf 544f323b0c
fix: wireguard networking and https on services 2023-11-01 16:27:29 +01:00
Benjamin Bädorf 615ef9a856
fix: passwordless sudo only for yule 2023-10-26 14:09:43 +02:00
Benjamin Bädorf cec9562e15
feat: frikandel as wireguard hub 2023-10-24 17:56:14 +02:00
Benjamin Bädorf ece9705f67
feat: update passwords 2023-10-10 11:56:36 +02:00
Benjamin Bädorf 6f6140f660
feat: add backups for firefly and paperless 2023-10-09 22:52:28 +02:00
Benjamin Bädorf 6fabfdc431
fix: fixes to networking and pie services 2023-10-09 10:43:53 +02:00
Benjamin Bädorf 747481c4ea
fix: get networking on pie working properly 2023-10-08 19:32:00 +02:00
Benjamin Bädorf fe8ebd083f
feat: add ISOs, limit core config size 2023-10-07 21:11:08 +02:00
Benjamin Bädorf 93bcf469ab
refactor: move fully away from modules & profiles distinction 2023-10-07 16:45:42 +02:00
Benjamin Bädorf 078e738a31
refactor: more printing to pie 2023-10-07 14:06:28 +02:00
Benjamin Bädorf 13ad9a26f3
refactor: Remove digga 2023-10-03 13:13:52 +02:00
Benjamin Bädorf a99c0f0336
fix: Fix cups, caddy, and paperless copy script 2023-09-01 19:11:01 +02:00
Benjamin Bädorf e7d686feb7
Merge branch 'main' into b12f 2023-07-18 12:44:47 +02:00
teutat3s a6bec82fb7
core: use linux 6.1 2023-06-13 15:05:53 +02:00
teutat3s 97239d1fbb
inputs: switch to nixos-23.05 2023-06-13 14:24:52 +02:00
Benjamin Bädorf b90170a587
Update to NixOS 23.05 2023-06-11 22:54:11 +02:00
Benjamin Bädorf 260eb077d0
Merge branch 'main' into b12f 2023-06-01 18:39:23 +02:00
Akshay Mankar 91353938af
modules/networking: Use mkDefault for caddy config 2023-04-17 20:05:42 +02:00
teutat3s 029be00eab
Merge pull request 'cachix: remove unused binary caches' (#209) from cachix/remove-unused-caches into main
Reviewed-on: pub-solar/os#209
Reviewed-by: hensoko <hensoko@gssws.de>
2023-04-15 19:03:51 +02:00
Benjamin Bädorf dcb77f9056
Merge branch 'main' into b12f 2023-04-03 11:46:57 +02:00
teutat3s 52c2ca9f13
nix.conf: add back required experimental features 2023-03-27 18:54:29 +02:00
teutat3s 972e3f1569
cachix: default binary cache is nixos.org, no need
to specify it explicitly (results in double entry in nix.conf)

Also force our nix.extraOptions because digga tries real hard to put
their binary caches there:
0595ae70cd/modules/nix-config.nix (L19-L23)
2023-03-27 18:09:46 +02:00
teutat3s d0470d5aaf
flake: pull in changes from digga upstream
See:
54ede8e591...0595ae70cd?diff=unified
2023-03-27 13:48:39 +02:00
Hendrik Sokolowski 25126fd8ca
Make resumeDevice optional 2023-02-26 21:51:25 +01:00
Hendrik Sokolowski 858fd257a4
define settings as defaults 2023-02-26 21:51:13 +01:00
Benjamin Bädorf 892aa2e4fa
Update paperless module 2023-02-07 15:56:19 +01:00
Benjamin Bädorf 9b53a8c982
Merge branch 'main' into b12f 2023-01-28 22:27:52 +01:00
teutat3s 00677fb11f
Merge branch 'main' into feature/alejandra-treefmt 2023-01-28 21:40:44 +01:00
teutat3s ea6d2caa9d
networking: don't wait for network-online
It failed upon deployment with deploy-rs and caused it to rollback
2023-01-28 15:22:10 +01:00
Benjamin Bädorf 12ebe35ece
Update paperless 2022-11-28 11:39:28 +01:00
teutat3s f97cf1d0e9
nix: use new nix.settings syntax 2022-11-26 04:40:22 +01:00
teutat3s 73bf158392
Run treefmt command 2022-11-20 23:28:23 +01:00
teutat3s 24b8b9f060
Switch to alejandra for formatting
Use treefmt

For context, see upstream PR: https://github.com/divnix/digga/pull/491
2022-11-20 23:23:28 +01:00
Benjamin Bädorf 490f064940
Merge branch 'main' into b12f 2022-10-26 15:59:58 +02:00
Hendrik Sokolowski eece344083
Make resume_offset optional 2022-10-23 18:33:52 +02:00
Benjamin Bädorf d7bbd78486
Merge branch 'main' into b12f 2022-10-17 16:01:09 +02:00
teutat3s d43bd80580
core: disable SSH passwordAuthentication by default 2022-10-05 11:58:26 +02:00
Benjamin Bädorf 5da560ef56
Open up SSH by default 2022-10-03 04:55:14 +02:00
Benjamin Bädorf 8529a15177
Be more paranoid
The paranoia mode now also enables the firewall and closes down a couple
of small openSSH holes. `noexec` on the whole FS is left out as it will
make every existing PubSolarOS installation panic.
2022-10-03 04:03:09 +02:00