zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
762 Commits 5 Branches 0 Tags
pia-vpn-v2
Commit Graph

762 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
zuckerberg 3b71f4b1fd dedupe
Check Flake / check-flake (push) Successful in 6m4s
Details
2026-02-26 19:42:38 -08:00
zuckerberg dc3c2194ab use port 8080 instead
Check Flake / check-flake (push) Successful in 3m21s
Details
2026-02-26 00:26:49 -08:00
zuckerberg 39009cbc18 use container hostname alias for script
Check Flake / check-flake (push) Successful in 3m17s
Details
2026-02-26 00:17:47 -08:00
zuckerberg 3365a1652c restore port option 2026-02-26 00:16:39 -08:00
zuckerberg 6466406975 fix transmission port forwarding
Check Flake / check-flake (push) Successful in 3m25s
Details
2026-02-26 00:08:40 -08:00
zuckerberg 4eb0401263 disable services which don't work in nixos containers
Check Flake / check-flake (push) Successful in 3m17s
Details
2026-02-25 23:37:26 -08:00
zuckerberg f4a4edf478 fix networking online target + ntfy notifications
Check Flake / check-flake (push) Successful in 3m36s
Details
2026-02-25 23:24:23 -08:00
zuckerberg 1ac3f05e3e define vpn container hosts within containers too 2026-02-25 23:23:49 -08:00
zuckerberg c1030c1dfe remove debugging messages
Check Flake / check-flake (push) Successful in 3m28s
Details
2026-02-25 00:31:31 -08:00
zuckerberg 52469693e3 maybe fix
Check Flake / check-flake (push) Successful in 3m17s
Details
2026-02-25 00:25:15 -08:00
zuckerberg ffce43b8d0 debug
Check Flake / check-flake (push) Has been cancelled
Details
2026-02-25 00:22:07 -08:00
zuckerberg 96a6007693 debug 2026-02-25 00:14:19 -08:00
zuckerberg 32cb438db9 networking fixes
Check Flake / check-flake (push) Successful in 3m20s
Details
2026-02-25 00:10:49 -08:00
zuckerberg 0368661e24 networking fixes
Check Flake / check-flake (push) Has been cancelled
Details
2026-02-25 00:08:27 -08:00
zuckerberg 12209b69b8 networking fixes
Check Flake / check-flake (push) Successful in 3m21s
Details
2026-02-24 23:55:02 -08:00
zuckerberg 3bc41dfdb3 networking fixes
Check Flake / check-flake (push) Failing after 1m7s
Details
2026-02-24 23:53:50 -08:00
zuckerberg 1cbbe64707 networking fixes
Check Flake / check-flake (push) Successful in 3m18s
Details
2026-02-24 23:46:51 -08:00
zuckerberg 6191e4060f networking fixes
Check Flake / check-flake (push) Successful in 3m18s
Details
2026-02-24 23:37:15 -08:00
zuckerberg a0fcacdcf9 Rewrite PIA VPN as multi-container bridge architecture
Check Flake / check-flake (push) Successful in 4m44s
Details 
Replace the single VPN container (veth pair, host-side auth scripts) with a
multi-container setup on a shared bridge network:

- Dedicated VPN container handles all PIA auth, WireGuard config, NAT, and
  optional port forwarding DNAT
- Service containers default-route through VPN container (leak-proof by topology)
- Host runs tinyproxy on bridge for PIA API bootstrap before WG is up
- WG interface is still created in host netns and moved into VPN container
  namespace
- Monthly renewal to ensure that connection stays up (PIA allows connections to
  last up to 2 months)
- Drop OpenVPN support entirely
 2026-02-24 23:11:46 -08:00
zuckerberg 684851d641 Prevent containers from running non-container services
Check Flake / check-flake (push) Successful in 2m21s
Details
Auto Update Flake / auto-update (push) Successful in 3m29s
Details
2026-02-22 18:18:05 -08:00
zuckerberg 4cf50b5fb1 Restart atticd whenever PostgreSQL restarts
Check Flake / check-flake (push) Successful in 3m7s
Details
2026-02-22 17:53:46 -08:00
zuckerberg 288a2841aa Replace Uptime Kuma with Gatus for declarative uptime monitoring
Check Flake / check-flake (push) Successful in 2m4s
Details 
Gatus is configured entirely via YAML (mapped from Nix attrsets),
making nix-config the single source of truth for all monitoring
config instead of Uptime Kuma's web UI/SQLite database.
 2026-02-22 17:30:03 -08:00
zuckerberg 0589ca5748 Add attic binary cache to sandboxed workspaces 
Update the attic cache URL from s0.koi-bebop.ts.net to s0.neet.dev
and configure sandboxed workspaces to inherit the host's binary cache
settings (substituters, trusted keys, netrc auth via agenix).
 2026-02-22 17:22:44 -08:00
zuckerberg a4c5cb589a Claude workspaces 2026-02-22 17:19:48 -08:00
zuckerberg a697ea10ad Add daily ZFS health check with ntfy alerts and introduce ntfy role 
Add a zfs-alerts module that runs a daily health check on ZFS machines,
sending detailed ntfy notifications for degraded pools, data errors, or
drive errors. Introduce an "ntfy" system role to decouple ntfy alerting
from the server/personal roles, and assign it to all machines.
 2026-02-22 17:17:40 -08:00
zuckerberg 200d5a5d22 Add ntfy failure alerts for all systemd services
Check Flake / check-flake (push) Successful in 3m18s
Details
2026-02-22 16:19:43 -08:00
zuckerberg 339eac52c6 Add uptime kuma
Check Flake / check-flake (push) Successful in 9m15s
Details
2026-02-22 15:49:26 -08:00
zuckerberg bab4b3ff8e Skip build and push when flake.lock has no changes
Check Flake / check-flake (push) Successful in 2m0s
Details
2026-02-22 15:12:45 -08:00
zuckerberg 54ab576914 Fix push auth with PAT, correct run link, and add ntfy to check-flake 2026-02-22 15:12:45 -08:00
zuckerberg c84c0716ce Fix push auth with PAT and use correct run_number in ntfy link 2026-02-22 15:12:45 -08:00
zuckerberg a921f40644 Fix git identity and ntfy URL in auto-update workflow 2026-02-22 15:12:45 -08:00
gitea-runner a6c17164fa flake.lock: Update
Check Flake / check-flake (push) Successful in 2m1s
Details 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/c6ed3eab64d23520bcbb858aa53fe2b533725d4a?narHash=sha256-WxAEkAbo8dP7qiyPM6VN4ZGAxfuBVlNBNPkrqkrXVEc%3D' (2026-02-21)
  → 'github:nix-community/home-manager/5bd3589390b431a63072868a90c0f24771ff4cbb?narHash=sha256-Tl2I0YXdhSTufGqAaD1ySh8x%2BcvVsEI1mJyJg12lxhI%3D' (2026-02-22)
• Updated input 'microvm':
    'github:astro/microvm.nix/789c90b164b55b4379e7a94af8b9c01489024c18?narHash=sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4%3D' (2026-02-17)
  → 'github:astro/microvm.nix/a3abc020a3d8e624e145f4144ed40702f788ea32?narHash=sha256-Pf4CaRoOLQV02m2POPA%2B0EWvb3gVdpaiS0hNNVZhO3c%3D' (2026-02-21)
• Updated input 'nix-index-database':
    'github:Mic92/nix-index-database/efec7aaad8d43f8e5194df46a007456093c40f88?narHash=sha256-UIKOwG0D9XVIJfNWg6%2BgENAvQP%2B7LO46eO0Jpe%2BItJ0%3D' (2026-02-15)
  → 'github:Mic92/nix-index-database/8f590b832326ab9699444f3a48240595954a4b10?narHash=sha256-/phvMgr1yutyAMjKnZlxkVplzxHiz60i4rc%2BgKzpwhg%3D' (2026-02-22)
 2026-02-22 15:04:48 -08:00
zuckerberg 9df8390f1f Add daily auto-update workflow with shared build script
Check Flake / check-flake (push) Successful in 2m7s
Details
2026-02-21 23:29:41 -08:00
zuckerberg 156f0183bd Add ntfy push notification server on ponyo 2026-02-21 23:29:36 -08:00
zuckerberg 8b92e51ef7 Remove phil machine and aarch64 ISO/kexec 2026-02-21 21:43:12 -08:00
zuckerberg 7798872bbf Disable SMB3 directory leases to fix stale listings from local file changes 2026-02-21 21:43:12 -08:00
zuckerberg cf41285cb8 Update inputs + move to nixos-unstable 2026-02-21 21:43:12 -08:00
zuckerberg 5a0a525f64 Add Attic binary cache and containerize gitea runner 
Replace nix-serve-only setup with Attic for managed binary caching with
upstream filtering and GC. Move gitea actions runner from host into an
isolated NixOS container with private networking. nix-serve kept alongside
Attic during migration.
 2026-02-21 21:43:08 -08:00
zuckerberg 9154595910 Ad Incus sandbox on fry I've already been using for a while now
Check Flake / check-flake (push) Successful in 3m35s
Details
2026-02-17 21:35:23 -08:00
zuckerberg 1b92363b08 Fix rust analyzer in vscode 2026-02-17 21:28:50 -08:00
zuckerberg 136f024cf0 Fix tailscale networking when incus is on 2026-02-17 21:28:28 -08:00
zuckerberg 3d08a3e9bc Improve nix settings for sandboxed workspaces
Check Flake / check-flake (push) Successful in 1m15s
Details
2026-02-14 11:29:02 -08:00
zuckerberg 99ef62d31a Fix unused vars
Check Flake / check-flake (push) Successful in 1m21s
Details
2026-02-11 23:12:00 -08:00
zuckerberg 298f473ceb Remove unused vscode-server module 2026-02-11 23:00:48 -08:00
zuckerberg 546bd08f83 Fix CI build. Ephemeral targets should not be in nixosConfigurations
Check Flake / check-flake (push) Successful in 17m45s
Details
2026-02-11 22:49:11 -08:00
zuckerberg 10f3e3a7bf Remove old stale/unused configuration 2026-02-11 22:47:38 -08:00
zuckerberg d44bd12e17 Update README.md 2026-02-11 21:58:38 -08:00
zuckerberg 60e89dfc90 Clean up CLAUDE.md and make the claude skill correctly this time
Check Flake / check-flake (push) Failing after 6s
Details
2026-02-10 21:08:13 -08:00
zuckerberg 869b6af7f7 Block sandbox access to local network 
Add nftables forward rules to prevent sandboxed workspaces from
reaching RFC1918 private addresses while allowing public internet
and the host gateway (for DNS/NAT).
 2026-02-09 20:16:02 -08:00
zuckerberg d6a0e8ec49 Disable tailscaleAuth for now because it doesn't work with tailscale's ACL tagged group
Check Flake / check-flake (push) Failing after 35s
Details
2026-02-09 19:57:20 -08:00