eeab5de886
fix mq-deadline for hdds
2026-03-30 13:21:33 -04:00
9392749e66
mollysocket: init
...
Add mollysocket so we can use ntfy for molly (signal)
2026-03-30 13:05:22 -04:00
834f28f898
secureboot: cleanup script permissions
2026-03-28 04:15:26 -07:00
2409d1b01b
zfs: tune hdds pool
2026-03-28 01:21:48 -07:00
fd3df23a76
firefox-syncserver: init
2026-03-21 10:26:28 -04:00
3b23aea374
monero+p2pool: move to ssds
...
I tried running these on my hdd array because I have more storage there
but it is WAY too slow. So I need to have it on the ssds instead, as much
as it pains me to use my valuable ssd space.
2026-03-20 14:04:15 -04:00
c008fd2b18
zfs: don't specify zfs arc cache
...
Turns out, zfs is smart!
ZFS already has sane defaults, no sense in limiting the size of the cache.
2026-03-06 14:11:14 -05:00
3ccce88040
zfs: remove unneeded options
2026-03-06 13:47:06 -05:00
ad4d2d41fb
zfs: tweak arc settings
2026-03-06 13:44:55 -05:00
f784f26848
monero: changes
2026-03-04 18:56:55 -05:00
b5be21ff8c
secrets: cleanup activation scripts
2026-03-04 17:35:49 -05:00
d4b679d1a5
cleanup
2026-03-03 19:39:10 -05:00
cdccab855d
zfs: zfs_txg_timeout 30 -> 120
2026-03-03 15:06:13 -05:00
ce4d1c0ef2
zfs: tuning
2026-03-03 14:31:42 -05:00
b977b578e0
arr-init: extract to standalone flake repo
2026-03-03 14:31:39 -05:00
dc9d58a543
ntfy-alerts: suppress notifications for sanoid
2026-03-03 14:31:38 -05:00
39a76a3265
zfs: fix sanoid dataset name for jellyfin cache
2026-03-03 14:31:37 -05:00
294cb6453e
ntfy-alerts: init
2026-03-03 14:31:36 -05:00
745d0ea4c2
arr-init: add module for API-based configuration
2026-03-03 14:31:28 -05:00
fb305cc9f4
fmt
2026-03-03 14:31:20 -05:00
a9e8ce09d1
fix(no-rgb): handle transient hardware unavailability during deploy
2026-03-03 14:31:19 -05:00
0d1205210d
feat(tmpfiles): defer per-service file permissions to reduce boot time
2026-03-03 14:31:18 -05:00
1db214aee5
impermanence: fix /etc permissions after re-deploy
2026-03-03 14:31:17 -05:00
12b681c8f2
cleanup
2026-03-03 14:31:05 -05:00
bd0c7cde6d
tests: fix all fail2ban NixOS VM tests
...
- Add explicit iptables banaction in security.nix for test compatibility
- Force IPv4 in all curl requests to prevent IPv4/IPv6 mismatch issues
- Fix caddy test: use basic_auth directive (not basicauth)
- Override service ports in tests to match direct connections (not via Caddy)
- Vaultwarden: override ROCKET_ADDRESS and ROCKET_LOG for external access
- Immich: increase VM memory to 4GB for stability
- Jellyfin: create placeholder log file and reload fail2ban after startup
- Add tests.nix entries for all 6 fail2ban tests
All tests now pass: ssh, caddy, gitea, vaultwarden, immich, jellyfin
2026-03-03 14:30:59 -05:00
0e1aa6fe0e
nit: move fail2ban to security module
2026-03-03 14:30:56 -05:00
3db2728dbe
security things
2026-03-03 14:30:54 -05:00
5fe233e05e
impermanence: fix /etc/zfs cache
2026-03-03 14:30:51 -05:00
65b49488d1
impermanence: fix persistant ssh host keys
2026-03-03 14:30:51 -05:00
165532bae3
nit: cleanup imports
2026-03-03 14:30:47 -05:00
d7a8e25811
impermanence: fix home directory declaration
2026-03-03 14:30:46 -05:00
7159e90186
organize
2026-03-03 14:30:43 -05:00
