|
6b3f073b5b
|
secrets for fwminex
|
2023-09-15 13:28:15 +03:00 |
|
|
d57b2e5a1b
|
enable pcscd
|
2023-09-15 13:27:12 +03:00 |
|
|
e3c5f37b43
|
add some packages
|
2023-09-15 13:05:56 +03:00 |
|
|
b1e57c93f1
|
install parallel everywhere
|
2023-09-15 12:51:10 +03:00 |
|
|
d7888b000b
|
fix gp
|
2023-09-15 12:48:14 +03:00 |
|
|
c5191372e8
|
install gpg
|
2023-09-15 12:46:10 +03:00 |
|
|
211f580539
|
gpg-agent: move to per-user
|
2023-09-15 12:35:59 +03:00 |
|
|
3b005f06cc
|
add firefox
|
2023-09-15 12:33:09 +03:00 |
|
|
831bce0813
|
move to non-small
I'd rather not compile firefox.
|
2023-09-15 12:32:47 +03:00 |
|
|
93b95af851
|
borgstor: allow motiejus to read borg backups
|
2023-09-15 11:17:40 +03:00 |
|
|
7ee6a0de71
|
zfsborg: remove the ${mountpoint}/.snapshot-latest prefix
The path in the filesystem is quite clear from the archive name.
|
2023-09-15 11:05:05 +03:00 |
|
|
331ffa9450
|
vno3-rp3b: add borgbackup app
|
2023-09-15 10:49:27 +03:00 |
|
|
30426ad89e
|
zfsborg: mount the tmpfs on all units
|
2023-09-15 10:10:54 +03:00 |
|
|
317141fefb
|
flake.lock: Update
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/d8c973fd228949736dedf61b7f8cc1ece3236792' (2023-07-24)
→ 'github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919' (2023-09-14)
|
2023-09-14 23:30:50 +00:00 |
|
|
7aa458e77b
|
nixos-hardware: remove non-existing override
|
2023-09-14 22:12:17 +03:00 |
|
|
c80b1a996a
|
switch to lightdm/xfce4 + sound
|
2023-09-14 21:58:06 +03:00 |
|
|
09f1b62cc8
|
add a desktop profile
|
2023-09-14 21:53:59 +03:00 |
|
|
9688e4147b
|
fwminex: follow nixos-hardware
|
2023-09-14 21:46:01 +03:00 |
|
|
0389fa709a
|
vno1-rp3b: enable zfs misc
|
2023-09-14 21:38:29 +03:00 |
|
|
350c9a8d49
|
disable zfs-mount
|
2023-09-14 15:26:16 +03:00 |
|
|
8b0573409d
|
fwminex: enable firewall
|
2023-09-14 15:25:08 +03:00 |
|
|
b38c4013e7
|
cosmetics: quoting
it's fine, there is overrides.conf
|
2023-09-14 15:15:27 +03:00 |
|
|
b73f671bc0
|
silenceLogs is not picked up
Result:
$ cat result/etc/systemd/system/tailscaled.service
[Unit]
Description=Tailscale node agent
Documentation=https://tailscale.com/kb/
Wants=network-pre.target
After=network-pre.target NetworkManager.service systemd-resolved.service
[Service]
ExecStartPre=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
ExecStart=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=
ExecStopPost=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
Restart=on-failure
RuntimeDirectory=tailscale
RuntimeDirectoryMode=0755
StateDirectory=tailscale
StateDirectoryMode=0700
CacheDirectory=tailscale
CacheDirectoryMode=0750
Type=notify
[Install]
WantedBy=multi-user.target
|
2023-09-14 15:10:18 +03:00 |
|
|
76c07129f3
|
re-add ()
|
2023-09-14 14:51:36 +03:00 |
|
|
fb3c39d7dc
|
re-enable tailscale, oops
|
2023-09-14 14:48:54 +03:00 |
|
|
9eb8147660
|
tailscale: silence logs on some machines
|
2023-09-14 14:37:55 +03:00 |
|
|
aad4502030
|
rename vno1-rp3b to vno3-rp3b
ready for deployment
|
2023-09-14 13:27:05 +03:00 |
|
|
45a9b7475b
|
vno1-rp3b: dhcp
|
2023-09-14 13:24:40 +03:00 |
|
|
553cda8fc7
|
vno1-rp3b: enable vno3
|
2023-09-14 13:23:04 +03:00 |
|
|
b1b046d78a
|
sudo: fix extraGroups of motiejus
this misses 'wheel'
|
2023-09-14 13:07:39 +03:00 |
|
|
4a5893ae73
|
fwminex: some hardware updates
|
2023-09-14 09:42:14 +00:00 |
|
|
8e32a16f01
|
add iwlwifi to early-ish boot
|
2023-09-14 11:35:29 +03:00 |
|
|
e341092306
|
fwminex: enable redistributable firmware, remove docker volume
|
2023-09-14 11:31:53 +03:00 |
|
|
a7a6148d0f
|
fwminex: allow nonfree
|
2023-09-14 10:53:01 +03:00 |
|
|
280b8cf3ad
|
fwminex: fix mountpoint to /var/lib/docker
|
2023-09-14 10:40:23 +03:00 |
|
|
1430bf9d6d
|
fwminex: swap
|
2023-09-14 07:43:18 +03:00 |
|
|
90be8b6e5f
|
fwminex: fix typo
|
2023-09-14 06:42:44 +03:00 |
|
|
62e00f3bc7
|
fwminex: firewall and swap devices
|
2023-09-14 06:41:37 +03:00 |
|
|
85917635fd
|
sshguard is now optional
|
2023-09-14 06:41:16 +03:00 |
|
|
f34af96bc4
|
flake.lock: Update
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/36bee398beca22e2428074e0a2e068d87f801718' (2023-09-12)
→ 'github:NixOS/nixpkgs/e27ca312d56522b907b998c2ff99169bf12639f2' (2023-09-13)
|
2023-09-13 23:30:50 +00:00 |
|
|
182a87b0b9
|
another fix for swap devices
|
2023-09-13 15:18:25 +03:00 |
|
|
e617dbf55f
|
fwminex: fix swap and docker
|
2023-09-13 15:13:44 +03:00 |
|
|
2220be3c81
|
fwminex: set hostid
|
2023-09-13 14:46:58 +03:00 |
|
|
b5a3e29e6f
|
force no legacy grub (now)
|
2023-09-13 14:14:25 +03:00 |
|
|
7775c760fa
|
fwminex: update partition scheme
|
2023-09-13 13:54:22 +03:00 |
|
|
8a01703bb1
|
fwminex: disable postfix temporarily
|
2023-09-13 13:30:16 +03:00 |
|
|
234933dee1
|
install smartmontools
|
2023-09-13 13:29:06 +03:00 |
|
|
e38f446793
|
add fwminex
|
2023-09-13 13:04:40 +03:00 |
|
|
e12e139128
|
samba: make file/dir masks a bit more restrictive
|
2023-09-13 09:00:28 +03:00 |
|
|
00a6a27b92
|
zfsborg: use TemporaryFileSystem for temp snapshots
Otherwise:
Sep 13 00:01:05 vno1-oh2 systemd[1]: Started BorgBackup job -var-lib-1.
Sep 13 00:01:06 vno1-oh2 borgbackup-job--var-lib-1-start[329228]: filesystem 'rpool/nixos/var/lib@autosnap_2023-09-12_21:00:06_hourly' is already mounted
Sep 13 00:01:06 vno1-oh2 borgbackup-job--var-lib-1-start[329209]: umount: /var/lib/.snapshot-latest: not mounted.
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Main process exited, code=exited, status=32/n/a
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Failed with result 'exit-code'.
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Triggering OnFailure= dependencies.
|
2023-09-13 08:37:35 +03:00 |
|