09554029fe
feat(services): add adguardhome
2025-05-10 17:37:55 +02:00
43cb9890c9
feat(networking): enable systemd-networkd
2025-05-10 17:37:01 +02:00
3e52c2b922
fix(vpn): disable IPv6 for nginx
...
Tailscale Mullvad exit nodes currently don't support IPv6 and this is
causing issues with nginx (proxy pass) requests timing out and high CPU load.
Until Mullvad exit nodes support IPv6, we'll just disable IPv6 for nginx.
2025-02-14 00:21:30 +01:00
3d537fcde0
chore(vpn): switch default exit node
2025-02-13 23:27:34 +01:00
66cdd164ac
fix(sound): restrict bluetooth codecs for better performance with Sonos Ace
2025-02-13 23:27:07 +01:00
00dbb637e7
fix: fix git permissions for system.autoUpgrade
2025-01-19 12:36:37 +01:00
933d7b6994
feat(home-server): add forgejo admin user
2025-01-17 15:25:05 +01:00
fdc8002a0d
fix: make autoUpgrade update flake inputs again
2025-01-16 14:09:55 +01:00
29b693c1c7
fix: fix system.autoUpgrade
2024-12-14 23:19:59 +01:00
1043b12ec9
fix(vpn): disable --accept-routes on home-server
...
This caused some issues for me when trying to access home-server
services from other devices in my LAN that aren't in the Tailnet.
2024-12-08 21:32:57 +01:00
3764a85757
chore: upgrade to NixOS 24.11
2024-12-08 16:09:48 +01:00
1c5d83d81e
style: reformat with nixfmt-rfc-style
2024-05-26 17:37:08 +02:00
f5d872329b
refactor: remove with lib in some places
2024-05-26 13:04:30 +02:00
a377290326
chore: upgrade to NixOS 24.05
2024-05-26 13:04:30 +02:00
0da0f61068
fix(vpn): fix nginx chown
2024-04-30 23:15:04 +02:00
f1cfbee8e7
chore(vpn): switch exit node
2024-04-30 23:13:50 +02:00
b19dc7ac7a
feat: switch to tailscale from nixpkgs-unstable
2024-03-07 20:07:03 +01:00
fe49304110
feat: switch from dnscrypt-proxy to nextdns
2024-03-07 20:05:56 +01:00
e29a9da526
fix(vpn): fix autoconnect service
2024-01-25 02:18:09 +01:00
7bb4b02d52
fix: allow incoming traffic to web server to bypass tailscale
2024-01-25 02:15:35 +01:00
41a222bc8f
fix(vpn): generate certificate & configure nginx for tailnet
2024-01-21 21:41:21 +01:00
d0bccd67bd
fix(vpn): fix autoconnect issues
2024-01-21 21:40:27 +01:00
096f641fa5
fix(networking): disable IPv6 preference again
...
By default the system will already prefer IPv6 if possible without
causing issues e.g. with NAT.
I did indeed experience some issues with IPv6 requrests having a huge
delay using Tailscale.
The following article contains a detailed explanation about this issue:
https://www.ietf.org/archive/id/draft-buraglio-6man-rfc6724-update-03.html
2024-01-12 21:51:13 +01:00
dba8a2064b
fix(vpn): fix tailscale config
2024-01-12 20:46:13 +01:00
626709dfe6
fix(vpn): remove incorrect LAN access config
2024-01-06 04:14:46 +01:00
4c32137982
feat(vpn): fully replace Mullvad VPN with Tailscale
2024-01-06 03:22:52 +01:00
6ca1656297
feat(vpn): improve tailscale config
2023-12-27 18:03:57 +01:00
8679912bfb
fix(vpn): exclude tailscale from Mullvad VPN routing
2023-12-27 15:50:17 +01:00
f76a0f494e
feat(vpn): add tailscale
2023-12-27 04:32:40 +01:00
531a407c08
chore: upgrade to NixOS 23.11
2023-11-28 00:54:03 +01:00
fa83f78e5d
feat(vpn): disable all DNS blocking
2023-11-27 23:01:26 +01:00
a8c6987854
feat(networking): enable system-resolved
...
This seems to be more robust than my previous resolv.conf setup that
I've run into some issues with Mullvad VPN & dnscrypt-proxy with.
2023-11-19 00:51:54 +01:00
cc49a5c4e7
feat(networking): switch back to non-blocking DNS servers
...
I already handle blocking in Mullvad VPN and in cases where I want to
temporarily disable the VPN I usually also want to disable blocking.
2023-11-19 00:48:49 +01:00
be3bde5c33
feat(vpn): enable quantum-resistant wireguard tunnel
2023-09-30 17:43:36 +02:00
10c0834daa
refactor(flake): optimize structure
...
- get rid of some `rec`s
- move lib & overlays into flake modules
2023-09-30 16:40:05 +02:00
4f22b0857d
feat(flake): add nix-community cachix to nix substituters
...
Also sets substituters on flake.nix's `nixConfig` in addition to
`nixosConfiguration`s `nix.settings`.
2023-09-13 16:01:57 +02:00
f3c9ed76f5
fix(printing): switch from ipp everywhere to maintained brlaser fork
2023-08-12 19:29:58 +02:00
14c98ea552
feat(nix): change system.autoUpgrade.dates to 03:00
2023-08-12 19:01:56 +02:00
cf4c1973aa
feat(nix): add wurzelpfropf.cachix.org for ragenix
2023-08-12 19:01:23 +02:00
59d27f4367
feat: add rage to common system packages
2023-08-10 11:45:14 +02:00
b4a9a4023f
chore: remove unused nix sibstituters
2023-08-10 11:38:33 +02:00
f0d09a9d28
feat(gaming): restructure configuration
2023-07-22 15:08:17 +02:00
a637a93bc0
feat(vpn): switch to Berlin servers
2023-06-12 15:32:59 +02:00
06996377f6
feat(system): add home printer config
2023-06-07 12:54:56 +02:00
e77fc1fe1d
chore: upgrade to NixOS 23.05
2023-05-31 19:03:54 +02:00
c79c125e4c
refactor: update hardened.nix
2023-05-31 17:02:01 +02:00
386b3f6616
feat(hardware): improve firmware config
2023-05-03 12:11:23 +02:00
c90efc40f8
feat(system): enable Mullvad VPN for server
...
Configure it to exclude incoming traffic for web server.
2023-04-29 21:32:24 +02:00
6c1963a647
feat(gaming): increase vm.max_map_count further
...
It's now using the same default value as SteamOS.
Fedora will likely use this by default in the future as well.
2023-04-25 15:18:01 +02:00
316dce6c59
feat(system): switch to wireplumber config
2023-04-19 13:33:38 +02:00
