about summary refs log tree commit diff
path: root/ops/nixos
AgeCommit message (Collapse)AuthorFilesLines
2020-04-22 r/669 fix(ops/nixos/camden): Introduce brute-force nginx issue fixVincent Ambo1-0/+19
This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03
2020-04-21 feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camdenVincent Ambo1-0/+2
2020-04-21 feat(ops/nixos/camden): Use my cachix cache on camdenVincent Ambo1-0/+8
This cache is populated by sourcehut builds.
2020-04-21 r/650 feat(ops/nixos/camden): Add vhost for TVL homepageVincent Ambo1-0/+15
2020-04-21 r/648 feat(ops/nixos/camden): Provision certificate for tvl.fyiVincent Ambo1-0/+7
2020-04-20 r/640 feat(ops/nixos/camden): Add static IPv6 address to camdenVincent Ambo1-0/+7
2020-04-19 r/639 feat(ops/nixos/camden): Configure honk serviceVincent Ambo1-0/+18
2020-04-19 r/637 feat(ops/nixos/camden): Install honkVincent Ambo1-0/+1
2020-04-17 r/630 feat(ops/nixos/nugget): Add chromium with VAAPI patchesVincent Ambo1-2/+2
These patches enable hardware-accelerated video decoding, which is useful for Stadia. The main issue with this is that Hydra doesn't currently cache Chromium with these patches, which means that it is built from scratch which takes in the order of 5 hours on an otherwise unused nugget.
2020-04-11 r/629 chore(ops/nixos/nugget): Install steam againVincent Ambo1-0/+1
2020-04-04 r/626 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.inVincent Ambo1-0/+2
2020-04-04 r/623 chore(ops/nixos/camden): Use upstream tailscale moduleVincent Ambo1-18/+1
2020-04-04 r/622 chore(ops/nixos/nugget): Use upstream tailscale moduleVincent Ambo1-8/+1
2020-04-04 r/621 chore(third_party): Remove Tailscale derivationVincent Ambo1-77/+0
This is now part of nixpkgs itself.
2020-04-04 r/618 feat(ops/nixos/camden): Enable RTMP support in nginxVincent Ambo1-1/+25
This makes it possible to live-stream various things at rtmp://tazj.in/tvl
2020-04-04 r/617 fix(ops/nixos/nugget): Point camden host at new internal IPVincent Ambo1-4/+1
This changed due to the router replacement.
2020-04-04 r/616 chore(ops/nixos/nugget): Install ffmpeg (including libnpp support)Vincent Ambo1-0/+1
2020-04-04 r/615 feat(ops/nixos/nugget): Add module for v4l2loopback supportVincent Ambo2-0/+13
This kernel module creates a fake video input device to which I can stream various things, such as screen grabs or qyliss' video stream for TVL.
2020-04-04 r/611 feat(ops/nixos/nugget): Install clang & friends system-wideVincent Ambo1-0/+3
2020-03-12 r/602 fix(ops/nixos/nugget): Ensure that 'nuggetEmacs' is used for EXWMVincent Ambo1-7/+8
2020-03-12 r/601 chore(ops/nixos/nugget): Disable DHCP for Remarkable USB connVincent Ambo1-1/+0
This otherwise holds up the boot process if the device is not connected, which is annoying.
2020-03-12 r/600 feat(ops/nixos/nugget): Install google-c-style in EmacsVincent Ambo1-1/+6
2020-03-01 r/589 fix(ops/nixos/camden): Add required options for ACME updatesVincent Ambo1-12/+17
The implementation for provisioning ACME certificates has changed in nixos-unstable[0] and now requires a few extra options to be set. [0]: https://github.com/NixOS/nixpkgs/pull/77578
2020-03-01 r/588 chore(third_party): Remove guile 3.0 overrideVincent Ambo1-1/+1
I don't actually use guile at all, this was just for experimentation.
2020-03-01 r/586 chore(ops/nixos/nugget): Use DHCP for Remarkable USB connectionVincent Ambo1-0/+1
2020-02-21 r/567 fix(ops/nixos/camden): Add missing quote in nginx configVincent Ambo1-1/+1
2020-02-21 r/566 feat(ops/nixos/camden): Modify nginx log formatVincent Ambo1-8/+8
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 r/565 fix(ops/nixos/camden): Configure nginx to not log hostnamesVincent Ambo1-1/+1
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries.
2020-02-21 r/564 feat(ops/nixos/camden): Install jqVincent Ambo1-0/+1
2020-02-21 r/563 feat(ops/nixos/camden): Forward logs to Stackdriver LoggingVincent Ambo1-0/+8
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually.
2020-02-21 r/562 chore(ops/nixos/nugget): Remove input-fonts packageVincent Ambo1-1/+0
My default font is now Jetbrains Mono everywhere.
2020-02-21 r/559 chore: Rename pkgs->depot in all Nix file headersVincent Ambo3-31/+27
2020-02-17 r/557 Merge branch 'fix/camden-trusted-users'Vincent Ambo1-0/+2
2020-02-17 fix(ops/nixos/camden): Add myself to trusted Nix usersVincent Ambo1-0/+2
2020-02-17 r/556 fix(ops/nixos/camden): Use pounce from //third_partyVincent Ambo1-1/+1
2020-02-17 r/553 feat(ops/nixos/camden): Install pounce on camdenVincent Ambo1-1/+8
2020-02-17 r/552 feat(ops/nixos/camden): Enable support for moshVincent Ambo1-0/+2
2020-02-17 r/551 Merge branch 'feat/camden-migration'Vincent Ambo1-1/+1
2020-02-17 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnamesVincent Ambo1-1/+1
2020-02-14 r/550 refactor(ops/nixos/camden): Merge ACME certificate blocksVincent Ambo1-11/+7
2020-02-14 r/549 feat(camden): Move to actual tazj.in hostnamesVincent Ambo1-4/+15
2020-02-12 r/548 feat(ops/nixos/nugget): Add camden to /etc/hostsVincent Ambo1-0/+7
At the moment there is no other way for requests from nugget to camden to resolve correctly, as the Hyperoptic router is eating this traffic on the LAN.
2020-02-12 r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camdenVincent Ambo1-0/+21
2020-02-12 r/546 feat(ops/nixos/camden): Move ACME configuration out of nginxVincent Ambo1-4/+13
This makes it possible to re-use the same provisioning mechanism for multiple related domains.
2020-02-12 r/545 feat(ops/nixos/camden): Set up cgit serviceVincent Ambo1-5/+27
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport.
2020-02-11 r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config typeVincent Ambo1-8/+10
2020-02-11 r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobsVincent Ambo1-1/+5
This directory is writeable by me and is intended to make it easy to serve random blobs.
2020-02-11 r/541 feat(ops/nixos/camden): Enable haveged entropy "generator"Vincent Ambo1-3/+4
2020-02-11 r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blogVincent Ambo1-0/+53
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later.
2020-02-11 r/538 fix(ops/nixos/camden): Use package set from depot pinVincent Ambo1-2/+9
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-02T03·59+0000