zimbatm
e3dd501d2b
flake: extend test converage
...
Hit all the files that we have
2022-12-31 16:59:49 +01:00
zimbatm
b839938cd7
add hetzner-cloud hardware
2022-12-31 16:53:56 +01:00
zimbatm
204026c56f
add generic amazon hardware config
2022-12-31 16:53:56 +01:00
zimbatm
a47c24539a
add cloud-init profile
2022-12-31 16:31:09 +01:00
Jonas Chevalier
89c1beb1c4
expose modules list ( #18 )
...
Make the modules list available outside of flakes and prefix them.
2022-12-31 16:26:51 +01:00
Jörg Thalheim
aa181529b0
Merge pull request #12 from numtide/flake-profile
...
add flake profile
2022-12-31 08:23:20 +00:00
Jörg Thalheim
3f5410b95a
add flake profile
...
Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com>
2022-12-31 09:22:26 +01:00
zimbatm
0b3a8aa5d6
avoid with keyword
2022-12-29 22:22:46 +01:00
zimbatm
bb5204525c
split the common profile
...
Make it easier to pick and choose
2022-12-29 19:20:43 +01:00
zimbatm
2204eb5169
nixpkgs-fmt
2022-12-29 17:37:05 +01:00
Jonas Chevalier
25daf1b08d
use systemd-networkd everywhere ( #8 )
...
* use systemd-networkd everywhere
* Update profiles/common.nix
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2022-12-29 14:45:12 +01:00
Jörg Thalheim
630d40561f
don't force authorizedKeysFiles if git server are enabled ( #16 )
2022-12-29 14:32:48 +01:00
Jonas Chevalier
db45a08ad2
use systemd-boot everywhere ( #7 )
...
* introduce EFI profile
For machines that can boot on EFI
* common: use systemd in the initrd as well
Replace the pile of shell scripts with systemd in the initrd
* Update profiles/common.nix
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
* Update profiles/common.nix
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2022-12-28 14:38:11 +01:00
Jörg Thalheim
819332c9da
improve defaults for serial console ( #9 )
2022-12-28 14:35:52 +01:00
Jörg Thalheim
0ef3c32aee
add desktop profile ( #14 )
...
* add desktop profile
* flake: also test server and desktop profile
Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com>
2022-12-28 14:35:15 +01:00
Jörg Thalheim
ed4bb0740a
server: set tcp BBR as default congestion control ( #15 )
...
This is default on GCP for example and in Google’s internal backbone
networks and google.com and YouTube Web servers throughput increased by
4 percent on average globally – and by more than 14 percent in some
countries.
2022-12-28 14:28:36 +01:00
Jörg Thalheim
fc4e7483cd
add nginx role ( #10 )
2022-12-28 14:27:23 +01:00
Jörg Thalheim
fa5b42f0fd
drop udisks2 from server profile ( #13 )
...
As far as I can see only desktop environments are enabling this option.
This is a rather low-level service, which seems unlikely to get enabled
by accident.
However setting this option to false will break `xrdp` in combination
with a desktop environment usage which is something you may need every
once in a while even in a server context.
2022-12-28 13:38:51 +01:00
zimbatm
6423849123
split common and server profiles
2022-12-21 17:39:25 +01:00
Jörg Thalheim
dcd08ecab2
Merge pull request #5 from numtide/telegraf
...
add telegraf configuration
2022-12-19 20:45:43 +00:00
Jörg Thalheim
d38aea1853
add telegraf configuration
2022-12-19 21:44:31 +01:00
Jörg Thalheim
754b897b4c
README: fix typo
2022-12-19 16:13:24 +01:00
Jörg Thalheim
bbed98e507
Merge pull request #4 from numtide/ci
...
Add installation guide and code from nix-community
2022-12-19 15:10:55 +00:00
Jörg Thalheim
54b32ddf08
expose github-actions-runner in flake
2022-12-19 16:09:46 +01:00
Jörg Thalheim
d25b67bd69
add some example configuration
2022-12-19 16:08:40 +01:00
Jörg Thalheim
85085d532d
sshd: unbind local sockets for gnupg
2022-12-19 15:47:32 +01:00
Jörg Thalheim
207e856347
well-known-hosts: add also ed25519 key of github
2022-12-19 15:42:01 +01:00
Jörg Thalheim
d84989675d
add zfs module
2022-12-19 15:38:47 +01:00
Jörg Thalheim
8b974cf4b9
make it easier to override max-free/min-free/log-lines
2022-12-19 15:38:47 +01:00
Jörg Thalheim
4ff11b0d39
README: add installation guide
2022-12-19 15:00:06 +01:00
Jonas Chevalier
8a04ec335a
Merge pull request #2 from numtide/kuutamo-fixes
...
Kuutamo fixes
2022-12-14 11:27:12 +01:00
Jean-François Roche
612041c787
Disable systemd-network wait online service using new option
...
refs https://github.com/NixOS/nixpkgs/pull/202956
2022-12-09 12:49:43 +01:00
Jörg Thalheim
e6fd2f278c
expose as a flake
2022-12-08 18:59:07 +01:00
Jörg Thalheim
8c464032ab
cloud-init: don't enable
...
In environments where the network is not 100% trusted this can open up a
remote code execution. This should be only enabled in certain cloud
enviroments where there is actual support (i.e. there could be a cloud
profile spinoff)
2022-12-08 18:35:31 +01:00
Jörg Thalheim
338c3cb9a2
drop numtide cache
...
For machines that are not internal to numtide this binary cache is not
very useful.
2022-12-08 18:34:29 +01:00
Jonas Chevalier
e9cb55e9ed
Merge pull request #1 from numtide/systemd-config
...
Disable emergency mode and enable the systemd watchdogs.
2022-12-05 23:22:52 +01:00
zimbatm
357cb2bccb
replace nscd with nsncd
...
This is a better version that doesn't have all the problems that the old
version has.
2022-12-05 16:59:25 +01:00
R-VdP
6bd88873aa
Disable emergency mode and enable the systemd watchdogs.
2022-12-05 16:12:02 +02:00
zimbatm
3c80bfc5fa
add more nix defaults
2022-12-05 12:05:39 +01:00
zimbatm
bd6e2e7983
roles/github-actions-runner: enable nix-ld
...
Work around binary compatibility issues and the strictness of NixOS.
2022-12-02 14:47:54 +01:00
zimbatm
b304bd11a1
enable cloud-init on all servers
...
This opens the road to re-using the same NixOS system closure for
different deployments.
Have a static system configuration, and then cloud-init complete it with
the surrounding environment.
2022-12-02 11:31:46 +01:00
zimbatm
2e33e01537
extend the server profile
2022-12-02 00:12:28 +01:00
zimbatm
47519a2f24
clean
2022-12-01 23:57:59 +01:00
zimbatm
05ec2584b6
snapshot!
2022-12-01 17:32:37 +01:00