kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
308 Commits 1 Branch 0 Tags
c9e061d319c362cd27c98e7e7246bdd2697d94d4
Commit Graph

308 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kyle Isom
170c4ab67d orion: route mcp.metacircular.net zone to rift via resolved 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 09:04:37 -07:00
Kyle Isom
0d1fe5536f Enable fido2 luks on orion/rift. 2026-03-26 08:56:02 -07:00
Kyle Isom
7be8a4c5e6 orion/rift -> systemd initrd 
Allows for FIDO2 LUKS unlock.
 2026-03-26 08:48:53 -07:00
Kyle Isom
45293e60ed update mcdeploy 2026-03-26 00:58:46 -07:00
Kyle Isom
fa0c7b1510 Add mcdeploy to flake inputs and system packages 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 00:33:36 -07:00
Kyle Isom
4b0067641d iw 2026-03-25 23:27:04 -07:00
Kyle Isom
56621710dd update rift dns resolver 2026-03-25 22:51:34 -07:00
Kyle Isom
4163d2525a flake updates 2026-03-25 22:04:53 -07:00
Kyle Isom
693875b10e compute 2026-03-25 21:59:30 -07:00
Kyle Isom
79c6fea4ae update sgard 2026-03-25 21:55:20 -07:00
Kyle Isom
112036889e nix flake update 2026-03-25 21:38:06 -07:00
Kyle Isom
796cde1d2f don't gc if rebuild fails 2026-03-25 21:36:34 -07:00
Kyle Isom
a53eb42316 protobuffing 2026-03-25 21:32:21 -07:00
Kyle Isom
146393e881 update sgard 2026-03-25 21:30:30 -07:00
Kyle Isom
f8a53f6f63 protoc 2026-03-25 21:27:15 -07:00
Kyle Isom
71702dfb06 Add metacircular control programs to rift, orion, and vade 
Install mciasctl, mciasgrpcctl, mcrctl, and mcproxyctl via new
configs/mcpkg.nix module. Adds flake inputs for mcias, mcr, and
mc-proxy from git.wntrmute.dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 21:11:25 -07:00
Kyle Isom
9680c31a7b adding cert flake 2026-03-25 20:22:59 -07:00
Kyle Isom
ea335dbe57 add cert 2026-03-25 20:21:24 -07:00
Kyle Isom
a09dd925ac rift: open firewall for mc-proxy (443, 8443, 9443) and exod (8080, 9090) 
Remove implicit reliance on temp iptables rules. All externally
accessible ports are now declared in NixOS config.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:51:38 -07:00
Kyle Isom
87be4e34d3 Add WNTRMUTE issuing CA to system trust store 
All NixOS machines now trust the Metacircular platform CA. This
allows curl, browsers, and Go services to verify TLS certificates
issued by Metacrypt without --insecure or custom CA flags.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:30:24 -07:00
Kyle Isom
73be02eaae vade: route mcp.metacircular.net zone to rift via resolved 
Link-level DNS from DHCP and Tailscale takes priority over global
nameservers in systemd-resolved. Use domain routing (~mcp.metacircular.net)
so resolved sends only internal zone queries to rift's CoreDNS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:22:35 -07:00
Kyle Isom
0268a0c721 Disable exo flake input (broken flake.nix upstream) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:20:59 -07:00
Kyle Isom
eecb3973b1 rift: allow port 53 for CoreDNS, vade: use rift as DNS 
rift: sysctl to allow rootless containers to bind port 53, open
firewall for DNS queries from LAN clients.

vade: point nameservers at rift (LAN + Tailscale) for internal
service resolution via CoreDNS (MCNS precursor). Falls back to
1.1.1.1/8.8.8.8 via systemd-resolved.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:19:02 -07:00
Kyle Isom
b49b7ca2e3 let's get exo working 2026-03-25 17:07:09 -07:00
Kyle Isom
998a1d9aaf fix stylus support 2026-03-25 16:29:04 -07:00
Kyle Isom
27ce85ebda update lector 2026-03-25 15:44:17 -07:00
Kyle Isom
55a93d3aac update sgard 2026-03-25 14:09:49 -07:00
Kyle Isom
8d34ac5dc3 update sgard 2026-03-25 11:30:34 -07:00
Kyle Isom
8ac8e389c0 add xclip 2026-03-25 11:07:03 -07:00
Kyle Isom
38d782cdf8 add poppler-utils 2026-03-25 10:41:44 -07:00
Kyle Isom
7684c673f2 update lector, kte 2026-03-25 10:39:48 -07:00
Kyle Isom
76f1f534d0 add poppler 2026-03-25 10:39:02 -07:00
Kyle Isom
59fd091632 enable FIDO2/U2F PAM authentication 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 00:04:51 -07:00
Kyle Isom
d1aee2f30e vade: prefer FIDO2 over passphrase for LUKS unlock 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 23:56:40 -07:00
Kyle Isom
6db72017e0 kte update 2026-03-24 23:27:42 -07:00
Kyle Isom
efe0252473 flake updates and systemd initrd 2026-03-24 23:23:15 -07:00
Kyle Isom
5796f737cf update lector, sgard 2026-03-24 16:27:35 -07:00
Kyle Isom
8d36fcc960 ghostscript 2026-03-24 12:13:01 -07:00
Kyle Isom
806c92dc78 zathura and nh clean when rebuilding. 2026-03-24 12:02:03 -07:00
Kyle Isom
86b4309360 update lector 2026-03-24 11:16:05 -07:00
Kyle Isom
fe8618e620 jpg2pdf for mini-essays 2026-03-24 11:12:11 -07:00
Kyle Isom
e6b77c5445 Add arca. 2026-03-24 09:28:42 -07:00
Kyle Isom
2c5a7510a0 arca update 2026-03-24 09:25:21 -07:00
Kyle Isom
ab5c2be404 scrub images tooling 2026-03-24 09:01:57 -07:00
Kyle Isom
cbd300d7f7 flake update 2026-03-24 08:57:27 -07:00
Kyle Isom
3a14eee43c add arca 2026-03-24 08:13:39 -07:00
Kyle Isom
1dbcfb409e mat2 2026-03-24 08:11:14 -07:00
Kyle Isom
ccac624f0f add mutt and signal 2026-03-24 07:47:34 -07:00
Kyle Isom
055fd26e36 update lector, sgard 2026-03-24 07:36:55 -07:00
Kyle Isom
15a2d99993 update lector 2026-03-24 00:27:15 -07:00