Commit Graph

46 Commits

Author SHA1 Message Date
b38bdf3e0a
nix(loki): use variable for hostname in prometheus 2023-12-09 21:47:29 +01:00
6f4a415650
nix(t14): experiment with amdgpu.backlight=0 2023-12-09 21:45:18 +01:00
0b780ea269
nix: update the dnscrypt-proxy module 2023-12-09 21:44:46 +01:00
10243fe4eb
nix: add t14 system configuration
meaning reencrypt shared secrets to the new key...
also, make use of nixos-hardware's module for t14
2023-12-04 20:19:11 +01:00
54b6e38852
nix(loki): add nextcloud container module 2023-12-03 22:40:55 +01:00
a09d7632a5
nix(loki): enable podman 2023-12-03 22:40:10 +01:00
2477d1ffbe
nix(loki): decrease subuid count 2023-12-03 18:12:14 +01:00
02dd6dcfd7
nix(loki): disable nix-serve 2023-12-02 21:46:21 +01:00
acc9d912b0
nix: add bottom pkg 2023-12-02 21:41:23 +01:00
86fca470fe
coredns: point cloud,grocy records to loki 2023-12-02 21:34:29 +01:00
1ddd61642d
coredns: fix NS records 2023-12-02 21:33:52 +01:00
84518224e2
nix: add monoceros system configuration 2023-12-02 19:15:45 +01:00
588b0b5a5c
nix(coredns): force user, force restart always...
... and set MemoryDenyWriteExecute = true.
2023-11-24 16:27:07 +01:00
ca699f1dbe
nix(loki): add wol pkg 2023-11-21 22:14:33 +01:00
c90bd1553e
nix: use vars some more 2023-11-21 22:14:04 +01:00
d125d70562
nix: extract {net,coredns} stuff into a module
* set up global secrets (sops)
* import common network (lan/tailscale) settings in pertinent places
* use common coredns module for both nixpi and loki
2023-11-17 22:15:11 +01:00
fc20cc832b
nix(coredns): properly declare nameservers + other 2023-11-13 22:47:06 +01:00
50d1e4ad99
nix: add nixpi system configuration 2023-11-05 00:17:44 +01:00
04b877ddb1
nix: add loki system configuration 2023-10-15 22:16:06 +02:00
253c68f590
tf: add tailscale configuration 2023-08-03 22:37:07 +02:00
b3673f9a2f
role(sshconfigdmachine): update machines file 2023-08-03 11:08:44 +02:00
4a212bde39
role(headscale): set firewall+add handler 2023-08-02 20:43:50 +02:00
202f2e2e29
tf: bump nbgw to g6-standard-2 2023-08-02 18:04:55 +02:00
062c26644d
add sshconfigdmachines role+use on surtur 2023-08-02 13:52:09 +02:00
5189696bea
surtur: use sshconfig role 2023-08-02 13:51:21 +02:00
66d0701a57
add sshconfig role 2023-08-02 13:49:47 +02:00
90ced67557
surtur,nebula: rm unneeded vars_files blocks 2023-08-02 13:14:59 +02:00
35d2ca23d7
add vela, enable firewalld 2023-08-02 13:14:09 +02:00
139cf06bcf
mv surtur's vault to idiomatic location+symlink 2023-08-02 13:05:28 +02:00
ed4bdb0987
role(headscale): restart containers conditionally 2023-08-02 12:44:34 +02:00
eb0da91152
enable firewalld for all 2023-08-02 12:34:32 +02:00
994f475e11
add firewalld role 2023-08-02 12:32:43 +02:00
e7ac3d67c2
chore: split off fedora pkgs + rm default nano 2023-08-01 22:37:05 +02:00
152e88bc77
add tags to roles in playbooks; scope vaults 2023-08-01 22:34:57 +02:00
782755b4a3
fix inventory 2023-08-01 22:17:18 +02:00
48d38048ce
add + use gitea role 2023-07-31 21:29:47 +02:00
b44be9b599
inventory: remove autonamed group 2023-07-31 20:04:54 +02:00
1cf050cd23
add user role + use it in the new nebula playbook 2023-07-31 20:02:30 +02:00
5e3ce51caa
add + use headscale role 2023-07-30 00:24:19 +02:00
58344d560e
add + enable tailscale role 2023-07-29 23:41:16 +02:00
0d03bdaf7a
add + use flathub role 2023-07-29 23:40:50 +02:00
a6b05962e5
add pkg role and use it with nbgw, add pkgs 2023-07-29 21:25:28 +02:00
98c8bcd181
ansible: don't install pkgs using loop 2023-07-27 16:33:18 +02:00
657b4bf8bb
tf: add a hint on how to re-init backend conf 2023-07-24 17:19:50 +02:00
d89101b437
chore: add changes
- mv common vault to group_vars/all/vault_common.yml
- conclude timesyncing setup
- enable cronie/chrony for systems
- set up dnscrypt properly, including replacing /etc/resolv.conf and
  validating the config
- fix privileges (become)
2023-07-24 17:16:33 +02:00
af0dd90352
initial commit 2023-07-03 14:01:38 +02:00