sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Commit graph

  • 8c9fb505f8
         feat: add basic auth for loki oddlama 2023-06-05 20:55:18 +02:00
  • 1e6927a434
         chore: remove old nginx and oauth2-proxy config for sentinel oddlama 2023-06-05 01:54:40 +02:00
  • 9e4f8dcf0d
         feat: convert sentinel to caddy oddlama 2023-06-05 01:53:38 +02:00
  • 6f84594c87
         feat: add customizable caddy package (with plugin support) oddlama 2023-06-05 01:14:46 +02:00
  • c5a863ce51
         wip: prepare testing caddy over nginx with oauth2-proxy oddlama 2023-06-04 21:42:28 +02:00
  • 7f2f93b640
         feat: loki working oddlama 2023-06-04 02:27:40 +02:00
  • 70203d485a
         feat(microvms): use systemd in stage1 oddlama 2023-06-03 20:17:38 +02:00
  • 0cc126fb5f
         feat: wip: test loki oddlama 2023-06-03 17:52:48 +02:00
  • b0e9978ead
         chore: add separate /state directory for reboot-persistent non-backuped state oddlama 2023-06-03 17:50:54 +02:00
  • ba1932d2ef
         fix: let kea wait on the macvtap self interface oddlama 2023-06-03 17:47:50 +02:00
  • d2b2f4021a
         chore: add new wireguard secrets for loki vm oddlama 2023-06-03 17:47:05 +02:00
  • bd803c5976
         feat(microvm): remove VM ids in favor of automatically assigned MACs oddlama 2023-06-03 14:47:59 +02:00
  • 135528e082
         feat: add grafana test setup with oauth2 oddlama 2023-06-02 01:28:35 +02:00
  • a7c1fb016b
         fix(microvms): fix ensure chmod failure oddlama 2023-06-01 17:01:18 +02:00
  • df2657bb1c
         feat(ward): open kanidm port only for sentinel oddlama 2023-06-01 01:33:13 +02:00
  • c1fe238c75
         fix: move PersistentKeepalive from server to client in case the ip address changes oddlama 2023-06-01 01:24:03 +02:00
  • 836dfa9fea
         fix: add interface naming rules in stage1 udev oddlama 2023-06-01 01:07:54 +02:00
  • 7ddb0ee23f
         fix: add server endpoint to wireguard via clients oddlama 2023-06-01 01:07:24 +02:00
  • 6cedaa53e6
         chore: bind kanidm to proxy oddlama 2023-05-31 18:07:07 +02:00
  • ef03fd0594
         feat: activate acme on sentinel oddlama 2023-05-31 18:06:53 +02:00
  • 4fd369f034
         fix: missing concatMap in wireguard allowed address calculation oddlama 2023-05-31 18:06:25 +02:00
  • dc450f4b54
         chore: updated microvm.nix flake doesn't need manually specifying microvm.microvm anymore oddlama 2023-05-31 18:05:51 +02:00
  • 6672846d59
         feat: modularize hetzner-cloud and odroid-n2plus hardware oddlama 2023-05-31 16:34:13 +02:00
  • 61d582f033
         feat: add ability to copy installer scripts to existing live systems oddlama 2023-05-30 02:46:29 +02:00
  • ece9554e76
         chore: remove initrd host key generation script, this is a simple oneliner anyways oddlama 2023-05-30 02:45:39 +02:00
  • 04305e5968
         chore: only generate installers for real systems, not vms. oddlama 2023-05-30 02:43:43 +02:00
  • ca7bbeec72
         chore: add secrets for sentinel oddlama 2023-05-29 21:51:23 +02:00
  • 8c4b0933b9
         chore: update flake inputs (nixpkgs override is for instanced-systemd-services activation restart fix) oddlama 2023-05-29 16:20:56 +02:00
  • 2d618a28ad
         fix: only generate mdns zone if necessary oddlama 2023-05-29 16:20:36 +02:00
  • 97cb4e0ac5
         feat: add new machine "sentinel", a Hetzner Cloud server oddlama 2023-05-29 16:19:49 +02:00
  • d18e86f981
         chore: use auto-ip for microvms, change ipv6 address scheme oddlama 2023-05-29 02:13:35 +02:00
  • c789e2de36
         feat(wireguard): add ability to automatically assign addresses oddlama 2023-05-29 00:07:56 +02:00
  • 4e8103af47
         wip: prepare for autogenerated wireguard ips; prepare for sentinel server oddlama 2023-05-28 01:05:23 +02:00
  • 05813fafb4
         chore: refactor assignIps as cidr library function that returns ips oddlama 2023-05-28 00:17:55 +02:00
  • 1a0225336f
         feat: add assignIps function that generates semi-stable ips for a list of hostnames by (ab-)using hashes with linear probing. Useful for automatic ip assignments in wireguard. oddlama 2023-05-27 23:28:50 +02:00
  • 21e88619b7
         fix: need attrset in config.lib, fix typo in nftables rule oddlama 2023-05-27 02:28:20 +02:00
  • 41df399bb6
         feat: automatically generate allowedTCPPorts for mdns enabled interfaces; simplify nftables rules by adding a general untrusted zone oddlama 2023-05-27 01:59:28 +02:00
  • e37601b486
         feat: switch to DHCP based networking for microvms using mDNS for resolution oddlama 2023-05-26 00:38:05 +02:00
  • 0e3d881887
         feat: experiment with kanidm and acme dns-01. add common conditional locations to impermanence oddlama 2023-05-25 01:57:16 +02:00
  • 668f9fdaf4
         fix: it's beneficial to use commonImports instead of just defining it :) oddlama 2023-05-24 00:21:32 +02:00
  • cc2397669d
         feat: allow microvms to override configPath oddlama 2023-05-23 01:09:37 +02:00
  • f65b217a92
         feat: change passwords and hide new hashes oddlama 2023-05-22 23:53:45 +02:00
  • aaa1d88d46
         docs: update README oddlama 2023-05-21 23:58:25 +02:00
  • ec3b34a368
         fix: mount vm datasets under /vms to avoid accidental shadowing on creation oddlama 2023-05-21 23:39:53 +02:00
  • bd8a14deb0
         feat: ensure vms come online after deployment even with missing wireguard keys oddlama 2023-05-21 23:26:51 +02:00
  • f3ed1248af
         feat: properly ensure vm zfs dataset exists oddlama 2023-05-21 22:57:40 +02:00
  • a0d22b8be1
         feat: allow specifying host pubkey as string oddlama 2023-05-21 16:01:49 +02:00
  • cbcd3c943b
         refactor: centralize definition of MicroVM node names oddlama 2023-05-21 15:08:27 +02:00
  • d7f69c5baa
         refactor: properly modularize repo secret management oddlama 2023-05-21 14:40:42 +02:00
  • 88f1ac54b8
         fix: remove faulty agenix directory early and only if necessary chore: change default microvm naming scheme to <host>-<name> oddlama 2023-05-21 01:29:54 +02:00
  • 43b2bd1982
         fix: route the whole wireguard network when we are a client. oddlama 2023-05-20 20:58:37 +02:00
  • f95bc0eb30
         feat: allow reservation of addresses in wireguard network oddlama 2023-05-20 20:47:09 +02:00
  • 0221a24225
         fix: ajust firewall rule names and wireguard link name to match oddlama 2023-05-20 19:35:17 +02:00
  • 3862bd6b14
         feat: remove the need to specify cidrs in wireguard addresses and properly derive allowed ips oddlama 2023-05-20 18:24:30 +02:00
  • 4057ee9051
         feat: implement cidr coersion to automatically determine wireguard network size from participants oddlama 2023-05-20 15:57:19 +02:00
  • 6d8f8ab2e3
         feat: add static microvm networking; allow cidrv4 and cidrv6 to be specified explicitly on wireguard networks to allow for simple access by other modules. oddlama 2023-05-20 00:55:48 +02:00
  • 78cdcd3c69
         feat: refactor and integrate wireguard module into microvm module oddlama 2023-05-19 21:10:16 +02:00
  • e5f3ffd288
         fix: reference extra-builtins.nix with access to relative files oddlama 2023-05-18 11:48:09 +02:00
  • 02f27c85f4
         chore: enforce disko use for microvm hosts oddlama 2023-05-16 17:54:43 +02:00
  • c03d1a1c8f
         chore: fix toplevel microvm attrset merging oddlama 2023-05-14 01:48:13 +02:00
  • 70f7ef3023
         feat: add automatic zfs persistent dataset management to microvms oddlama 2023-05-14 00:27:29 +02:00
  • 2b4449569f
         chore: add writable store overlay in microvms oddlama 2023-05-12 01:45:00 +02:00
  • a543394fa8
         feat: enable ipv6 RA oddlama 2023-05-11 18:18:52 +02:00
  • cdd35390fb
         chore: switch to zfs on luks oddlama 2023-05-11 12:53:52 +02:00
  • 14ef8ef877
         feat: modularize link renaming oddlama 2023-05-11 01:28:31 +02:00
  • e8f50ab906
         fix: prevent path -> string conversion in hostPubkey definition, which caused repeated unnecessary rekeying oddlama 2023-05-10 18:24:24 +02:00
  • 24655ece76
         feat: add macvtap networking to microvms oddlama 2023-05-10 02:07:09 +02:00
  • 8cb904c44c
         chore: update hostapd module from PR oddlama 2023-05-09 01:32:20 +02:00
  • e2ba02234a
         feat: restructure user common files, allow selecting "minimal" set of options for vms oddlama 2023-05-08 18:03:29 +02:00
  • d842d25eb9
         feat: add microvm module to simplify setup oddlama 2023-05-08 17:13:40 +02:00
  • 72a34cac01
         fix: fix parenthesis precedence oddlama 2023-05-08 15:03:41 +02:00
  • 7ecbb69ff8
         chore: remove last uses of with lib oddlama 2023-05-08 14:49:28 +02:00
  • 1b9d9fc58a
         feat: add declarative microvms oddlama 2023-05-08 14:48:59 +02:00
  • 1a7472207a
         chore: update ward hostkey after resetup oddlama 2023-05-01 15:32:14 +02:00
  • 5d8a60b4d8
         fix: properly inherit stateVersion on home-manager configs oddlama 2023-05-01 15:27:56 +02:00
  • de19b23d3d
         refactor: split hardware related and system related common configuration oddlama 2023-05-01 15:27:28 +02:00
  • f55c83c1b8
         fix(impermanence): give agenix early access to ssh keys oddlama 2023-05-01 15:00:02 +02:00
  • e2e2c2a757
         chore: auto optimize biweekly; delete generations older than 90d; use single-definition for stateVersion oddlama 2023-05-01 14:42:36 +02:00
  • 4cee692eff
         feat: enable impermanence oddlama 2023-05-01 11:49:37 +02:00
  • 30cfdaf860
         refactor: remove meta.nix in favor of direct declaration in flake.nix oddlama 2023-04-30 14:06:25 +02:00
  • 08290e5052
         feat: move common disko functionality into lib oddlama 2023-04-30 13:41:09 +02:00
  • f62b01f206
         chore: switch to upstream disko again, PR is merged oddlama 2023-04-29 23:03:43 +02:00
  • a90a8ee678
         feat: finish system bootstrapping with iso oddlama 2023-04-29 22:34:42 +02:00
  • c3141bf563
         fix: generate initrd hostkey if necessary when system is bootstrapped; fix disko partition types oddlama 2023-04-29 00:53:06 +02:00
  • 5c98df767b
         chore: change iso image name, add ssh key oddlama 2023-04-28 00:51:38 +02:00
  • 3e810b1711
         feat: add generation of installer image for each host oddlama 2023-04-26 23:52:25 +02:00
  • 05ce0e6f5c
         feat: enable initrd ssh unlock for all machines oddlama 2023-04-24 18:41:05 +02:00
  • c26b5d3c89
         feat: use stage1 systemd (and enable initrd sshd on ward) oddlama 2023-04-24 18:38:03 +02:00
  • 20adc139f8
         chore: enable ip forwarding on ward oddlama 2023-04-21 17:32:46 +02:00
  • deab5b335e
         feat: add zoned nftables firewall oddlama 2023-04-21 01:27:43 +02:00
  • 703056a530
         chore: add lib-net; use upstreamed esphome module :) oddlama 2023-04-19 18:12:02 +02:00
  • af9ffb0b8f
         chore: hide hostid oddlama 2023-04-19 14:55:42 +02:00
  • 4898c48c25
         fix(home-assistant): remove unnecessary python3Packages oddlama 2023-04-17 17:06:33 +02:00
  • 3730ae7cf7
         chore: automatically get (impure) current system for rekeying. oddlama 2023-04-17 17:04:47 +02:00
  • 12d840c7bf
         feat(core): add nixos-nftables-firewall; and move some things from core/default.nix to more approriate locations oddlama 2023-04-16 00:34:35 +02:00
  • 2e45d3f423
         feat(wireguard): support printing multiple configs at once oddlama 2023-04-15 16:55:50 +02:00
  • 1630e37afd
         feat(wireguard): qr generation finished oddlama 2023-04-15 16:29:37 +02:00
  • d5f2880457
         feat(wireguard): generate psks only if needed; add most of the qr code generator oddlama 2023-04-15 01:51:33 +02:00
  • 925d3856e0
         feat(wireguard): associate external peers to the specific defining node oddlama 2023-04-14 16:24:41 +02:00
  • d522a46f1d
         refactor(wireguard): extract cross-host aggregation functions into extraLib oddlama 2023-04-14 14:32:17 +02:00