felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
1145 commits 1 branch 0 tags 1.5 MiB
Commit graph

99 commits

Author SHA1 Message Date
Felix Schröter fdc8002a0d
fix: make autoUpgrade update flake inputs again 2025-01-16 14:09:55 +01:00
Felix Schröter 29b693c1c7
fix: fix system.autoUpgrade 2024-12-14 23:19:59 +01:00
Felix Schröter 1043b12ec9
fix(vpn): disable --accept-routes on home-server 
This caused some issues for me when trying to access home-server
services from other devices in my LAN that aren't in the Tailnet.
 2024-12-08 21:32:57 +01:00
Felix Schröter 3764a85757
chore: upgrade to NixOS 24.11 2024-12-08 16:09:48 +01:00
Felix Schröter 1c5d83d81e
style: reformat with nixfmt-rfc-style 2024-05-26 17:37:08 +02:00
Felix Schröter f5d872329b
refactor: remove with lib in some places 2024-05-26 13:04:30 +02:00
Felix Schröter a377290326
chore: upgrade to NixOS 24.05 2024-05-26 13:04:30 +02:00
Felix Schröter 0da0f61068
fix(vpn): fix nginx chown 2024-04-30 23:15:04 +02:00
Felix Schröter f1cfbee8e7
chore(vpn): switch exit node 2024-04-30 23:13:50 +02:00
Felix Schröter b19dc7ac7a
feat: switch to tailscale from nixpkgs-unstable 2024-03-07 20:07:03 +01:00
Felix Schröter fe49304110
feat: switch from dnscrypt-proxy to nextdns 2024-03-07 20:05:56 +01:00
Felix Schröter e29a9da526
fix(vpn): fix autoconnect service 2024-01-25 02:18:09 +01:00
Felix Schröter 7bb4b02d52
fix: allow incoming traffic to web server to bypass tailscale 2024-01-25 02:15:35 +01:00
Felix Schröter 41a222bc8f
fix(vpn): generate certificate & configure nginx for tailnet 2024-01-21 21:41:21 +01:00
Felix Schröter d0bccd67bd
fix(vpn): fix autoconnect issues 2024-01-21 21:40:27 +01:00
Felix Schröter 096f641fa5
fix(networking): disable IPv6 preference again 
By default the system will already prefer IPv6 if possible without
causing issues e.g. with NAT.

I did indeed experience some issues with IPv6 requrests having a huge
delay using Tailscale.

The following article contains a detailed explanation about this issue:
https://www.ietf.org/archive/id/draft-buraglio-6man-rfc6724-update-03.html
 2024-01-12 21:51:13 +01:00
Felix Schröter dba8a2064b
fix(vpn): fix tailscale config 2024-01-12 20:46:13 +01:00
Felix Schröter 626709dfe6
fix(vpn): remove incorrect LAN access config 2024-01-06 04:14:46 +01:00
Felix Schröter 4c32137982
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:22:52 +01:00
Felix Schröter 6ca1656297
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00
Felix Schröter 8679912bfb
fix(vpn): exclude tailscale from Mullvad VPN routing 2023-12-27 15:50:17 +01:00
Felix Schröter f76a0f494e
feat(vpn): add tailscale 2023-12-27 04:32:40 +01:00
Felix Schröter 531a407c08
chore: upgrade to NixOS 23.11 2023-11-28 00:54:03 +01:00
Felix Schröter fa83f78e5d
feat(vpn): disable all DNS blocking 2023-11-27 23:01:26 +01:00
Felix Schröter a8c6987854
feat(networking): enable system-resolved 
This seems to be more robust than my previous resolv.conf setup that
I've run into some issues with Mullvad VPN & dnscrypt-proxy with.
 2023-11-19 00:51:54 +01:00
Felix Schröter cc49a5c4e7
feat(networking): switch back to non-blocking DNS servers 
I already handle blocking in Mullvad VPN and in cases where I want to
temporarily disable the VPN I usually also want to disable blocking.
 2023-11-19 00:48:49 +01:00
Felix Schröter be3bde5c33
feat(vpn): enable quantum-resistant wireguard tunnel 2023-09-30 17:43:36 +02:00
Felix Schröter 10c0834daa
refactor(flake): optimize structure 
- get rid of some `rec`s
- move lib & overlays into flake modules
 2023-09-30 16:40:05 +02:00
Felix Schröter 4f22b0857d
feat(flake): add nix-community cachix to nix substituters 
Also sets substituters on flake.nix's `nixConfig` in addition to
`nixosConfiguration`s `nix.settings`.
 2023-09-13 16:01:57 +02:00
Felix Schröter f3c9ed76f5
fix(printing): switch from ipp everywhere to maintained brlaser fork 2023-08-12 19:29:58 +02:00
Felix Schröter 14c98ea552
feat(nix): change system.autoUpgrade.dates to 03:00 2023-08-12 19:01:56 +02:00
Felix Schröter cf4c1973aa
feat(nix): add wurzelpfropf.cachix.org for ragenix 2023-08-12 19:01:23 +02:00
Felix Schröter 59d27f4367
feat: add rage to common system packages 2023-08-10 11:45:14 +02:00
Felix Schröter b4a9a4023f
chore: remove unused nix sibstituters 2023-08-10 11:38:33 +02:00
Felix Schröter f0d09a9d28
feat(gaming): restructure configuration 2023-07-22 15:08:17 +02:00
Felix Schröter a637a93bc0
feat(vpn): switch to Berlin servers 2023-06-12 15:32:59 +02:00
Felix Schröter 06996377f6
feat(system): add home printer config 2023-06-07 12:54:56 +02:00
Felix Schröter e77fc1fe1d
chore: upgrade to NixOS 23.05 2023-05-31 19:03:54 +02:00
Felix Schröter c79c125e4c
refactor: update hardened.nix 2023-05-31 17:02:01 +02:00
Felix Schröter 386b3f6616
feat(hardware): improve firmware config 2023-05-03 12:11:23 +02:00
Felix Schröter c90efc40f8
feat(system): enable Mullvad VPN for server 
Configure it to exclude incoming traffic for web server.
 2023-04-29 21:32:24 +02:00
Felix Schröter 6c1963a647
feat(gaming): increase vm.max_map_count further 
It's now using the same default value as SteamOS.
Fedora will likely use this by default in the future as well.
 2023-04-25 15:18:01 +02:00
Felix Schröter 316dce6c59
feat(system): switch to wireplumber config 2023-04-19 13:33:38 +02:00
Felix Schröter bc2c479485
feat(hardware): update hardened config 2023-04-17 12:42:15 +02:00
Felix Schröter 83acc14467
feat(system): improve hardened.nix 
Import  from nixpkgs as basis and override settings that cause problems.
 2023-04-15 00:47:18 +02:00
Felix Schröter b8b6127367
feat(system): reset swappiness to default again 2023-04-11 18:00:32 +02:00
Felix Schröter 3bef9b9f4e
feat(system): make zram swap options overridable 2023-04-11 17:43:38 +02:00
Felix Schröter 730683518c
feat(system): add zram swap 2023-04-11 17:12:53 +02:00
Felix Schröter 080e04e716
feat(vpn): improve postStart script 2023-03-14 13:53:12 +01:00
Felix Schröter 01ed691523
feat: improve printing config 
Should now discover printers via IPP Everywhere automatically.
 2023-03-06 16:46:25 +01:00