* move existing firefox setup from thonkpad to a home module
* move firefox-specific environment variable to the home module
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* add mailserver module based on simple-nixos-mailserver
* add smolboye server running on Hetzner Cloud
* add support for grub, make systemd-boot an optional default
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses
legacy BIOS boot for its instances.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* KbdInteractiveAuthentication: disable keyboard interactive-auth, since
we solely rely on the SSH key for connection.
* PermitEmptyPasswords: disable empty passwords for SSH connection, again,
since we use SSH keys.
* Protocol: Explicitly set the SSH protocol to 2, even though it is the
default value.
* MaxAuthTries: Set auth tries to 3. This is to allow up to 3 keys to try
connection.
* ChallengeResponseAuthentication: We do not require a challenge-response
setup.
* AllowTcpForwarding: Allows access to locally-running ports without having
to expose them. Since all auth methods are disabled, we can enable this.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* create new module for nginx
* setup cloudflare real_ip_header forwarding for fail2ban setup
* add hsts, improve qualys score
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* replace per-app postgresql configuration with a single, global postgres
setup
* add backup configuration to backup using restic
* add cluster upgrade script based on the NixOS Manual:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* lanzaboote is needed to evaluate nix configuration, even if it's not used
in the system.
* removed nixpkgs-immich since nixpkgs now has immich service
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Setting it to 10 does not play well with srvos, since it uses lib.mkDefault
to set it to 10 as well. And anyways, we don't need 10 generations to show
up during the boot menu.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* system76-scheduler was unused. Or it did not really make much of a difference
over the default scheduler.
* added `iommu=soft` to kernel param to make the ssd work fine after suspend.
This might be related to the pcie_aspm policy we had set before. I need to test
if removing the aspm policy has fixed this issue.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Umm, this is a hard one as to why it was added in the first place. I think
someone had told me about it, but it seems like it's not really required, and
not recommended to be run on systems that do not support it by default.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
New netbird version requires go-1.23, and the patch to make
buildGoModules default to 1.23 is not yet in unstable
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* add gnome and hyprland base setup
* remove unused intel-ocl from graphics
* move xdg-portal configuration to desktop environments
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>