Go to file

Alexander Heldt 67134682d9 pinwheel: Disable resolved.dnssec

As it breaks tailscale <-> openvpn

> At the time of September 2023, systemd upstream advise to disable DNSSEC
> by default as the current code is not robust enough to deal with
> “in the wild” non-compliant servers, which will usually give you a
> broken bad experience in addition of insecure.

2025-10-19 14:39:05 +02:00

config-manager

config-manager: Fix --update

2024-11-28 18:25:55 +01:00

hosts

pinwheel: Disable resolved.dnssec

2025-10-19 14:39:05 +02:00

nix-wrapper

nix-wrapper: Use $EDITOR when creating/editing flake.nix files

2023-11-12 14:34:32 +01:00

secrets

manatee: Add secrets for syncthing cert/key

2025-05-18 17:09:38 +02:00

shared-modules

syncthing: Update phone ID

2025-07-10 16:21:03 +02:00

.envrc

Add dev shell with nixfmt

2024-09-02 21:07:34 +02:00

.gitignore

Add dev shell with nixfmt

2024-09-02 21:07:34 +02:00

flake.lock

Update flake inputs

2025-10-19 11:50:06 +02:00

flake.nix

manatee: Add host manatee

2025-05-02 12:07:28 +02:00

README.md

Update README with documentation about the test-vm

2024-12-20 13:05:45 +01:00

README.md

`config-manager`

./config-manager is a module that contains a script to make usage of this flake easier.

To install it

first add the module to the nixOS system connfiguration
set config-manager.flakePath = <path to this flake>
run nixos-rebuild switch --flake .#<configuration> after that cm will be available on $PATH.

Secrets

Secrets are managed by agenix (https://github.com/ryantm/agenix).

Creating new secrets

Update secrets/secrets.nix with the new secret.
When inside ./secrets:

EDITOR=vim agenix -e "some-secret.age"

This will create a new secret. To view its content one can do:

EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel

Or use some other SSH key that is has been used to key the secret.

Test VM

Build the test VM with the command:

cm  --build-test-vm

and test it with:

cm  --run-test-vm