kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
247 Commits 1 Branch 0 Tags
796cde1d2fefff9f80bc54864fb87da4a859a811
Commit Graph

247 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kyle Isom
796cde1d2f don't gc if rebuild fails 2026-03-25 21:36:34 -07:00
Kyle Isom
a53eb42316 protobuffing 2026-03-25 21:32:21 -07:00
Kyle Isom
146393e881 update sgard 2026-03-25 21:30:30 -07:00
Kyle Isom
f8a53f6f63 protoc 2026-03-25 21:27:15 -07:00
Kyle Isom
71702dfb06 Add metacircular control programs to rift, orion, and vade 
Install mciasctl, mciasgrpcctl, mcrctl, and mcproxyctl via new
configs/mcpkg.nix module. Adds flake inputs for mcias, mcr, and
mc-proxy from git.wntrmute.dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 21:11:25 -07:00
Kyle Isom
9680c31a7b adding cert flake 2026-03-25 20:22:59 -07:00
Kyle Isom
ea335dbe57 add cert 2026-03-25 20:21:24 -07:00
Kyle Isom
a09dd925ac rift: open firewall for mc-proxy (443, 8443, 9443) and exod (8080, 9090) 
Remove implicit reliance on temp iptables rules. All externally
accessible ports are now declared in NixOS config.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:51:38 -07:00
Kyle Isom
87be4e34d3 Add WNTRMUTE issuing CA to system trust store 
All NixOS machines now trust the Metacircular platform CA. This
allows curl, browsers, and Go services to verify TLS certificates
issued by Metacrypt without --insecure or custom CA flags.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:30:24 -07:00
Kyle Isom
73be02eaae vade: route mcp.metacircular.net zone to rift via resolved 
Link-level DNS from DHCP and Tailscale takes priority over global
nameservers in systemd-resolved. Use domain routing (~mcp.metacircular.net)
so resolved sends only internal zone queries to rift's CoreDNS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:22:35 -07:00
Kyle Isom
0268a0c721 Disable exo flake input (broken flake.nix upstream) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:20:59 -07:00
Kyle Isom
eecb3973b1 rift: allow port 53 for CoreDNS, vade: use rift as DNS 
rift: sysctl to allow rootless containers to bind port 53, open
firewall for DNS queries from LAN clients.

vade: point nameservers at rift (LAN + Tailscale) for internal
service resolution via CoreDNS (MCNS precursor). Falls back to
1.1.1.1/8.8.8.8 via systemd-resolved.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:19:02 -07:00
Kyle Isom
b49b7ca2e3 let's get exo working 2026-03-25 17:07:09 -07:00
Kyle Isom
998a1d9aaf fix stylus support 2026-03-25 16:29:04 -07:00
Kyle Isom
27ce85ebda update lector 2026-03-25 15:44:17 -07:00
Kyle Isom
55a93d3aac update sgard 2026-03-25 14:09:49 -07:00
Kyle Isom
8d34ac5dc3 update sgard 2026-03-25 11:30:34 -07:00
Kyle Isom
8ac8e389c0 add xclip 2026-03-25 11:07:03 -07:00
Kyle Isom
38d782cdf8 add poppler-utils 2026-03-25 10:41:44 -07:00
Kyle Isom
7684c673f2 update lector, kte 2026-03-25 10:39:48 -07:00
Kyle Isom
76f1f534d0 add poppler 2026-03-25 10:39:02 -07:00
Kyle Isom
59fd091632 enable FIDO2/U2F PAM authentication 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 00:04:51 -07:00
Kyle Isom
d1aee2f30e vade: prefer FIDO2 over passphrase for LUKS unlock 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 23:56:40 -07:00
Kyle Isom
6db72017e0 kte update 2026-03-24 23:27:42 -07:00
Kyle Isom
efe0252473 flake updates and systemd initrd 2026-03-24 23:23:15 -07:00
Kyle Isom
5796f737cf update lector, sgard 2026-03-24 16:27:35 -07:00
Kyle Isom
8d36fcc960 ghostscript 2026-03-24 12:13:01 -07:00
Kyle Isom
806c92dc78 zathura and nh clean when rebuilding. 2026-03-24 12:02:03 -07:00
Kyle Isom
86b4309360 update lector 2026-03-24 11:16:05 -07:00
Kyle Isom
fe8618e620 jpg2pdf for mini-essays 2026-03-24 11:12:11 -07:00
Kyle Isom
e6b77c5445 Add arca. 2026-03-24 09:28:42 -07:00
Kyle Isom
2c5a7510a0 arca update 2026-03-24 09:25:21 -07:00
Kyle Isom
ab5c2be404 scrub images tooling 2026-03-24 09:01:57 -07:00
Kyle Isom
cbd300d7f7 flake update 2026-03-24 08:57:27 -07:00
Kyle Isom
3a14eee43c add arca 2026-03-24 08:13:39 -07:00
Kyle Isom
1dbcfb409e mat2 2026-03-24 08:11:14 -07:00
Kyle Isom
ccac624f0f add mutt and signal 2026-03-24 07:47:34 -07:00
Kyle Isom
055fd26e36 update lector, sgard 2026-03-24 07:36:55 -07:00
Kyle Isom
15a2d99993 update lector 2026-03-24 00:27:15 -07:00
Kyle Isom
d7a3ecdc8f add sgard, update lector. 2026-03-23 22:40:48 -07:00
Kyle Isom
4aec63b408 lector v1.0.2 2026-03-23 20:29:08 -07:00
Kyle Isom
a4e8701b6e lector updates 2026-03-23 20:00:10 -07:00
Kyle Isom
2e83f21dcf Update flake.lock 2026-03-23 19:16:54 -07:00
Kyle Isom
024b09fea8 lector 2026-03-23 19:16:23 -07:00
Kyle Isom
784991633e add libGL 2026-03-23 10:27:23 -07:00
Kyle Isom
7ce38a2e0f sensors 2026-03-23 08:03:36 -07:00
Kyle Isom
34ce33ed10 i3blocks 2026-03-23 07:56:54 -07:00
Kyle Isom
d1992fd406 mesa 2026-03-22 15:01:35 -07:00
Kyle Isom
62c58ab08e adding yk tooling 2026-03-21 11:53:45 -07:00
Kyle Isom
4b2344e9f1 typo 2026-03-21 11:52:44 -07:00