Commit graph

175 commits

Author SHA1 Message Date
Antoine Martin 4cc2f41066 secrets: move nextcloud secrets to agenix 2022-03-11 18:42:51 +01:00
Antoine Martin 165b30ef9c secrets: move transmission secret to agenix 2022-03-11 18:16:04 +01:00
Antoine Martin 540968627c secrets: move matrix to agenix 2022-03-11 17:47:12 +01:00
Antoine Martin dad068ed6b secrets: move lohr to agenix 2022-03-11 17:26:54 +01:00
Antoine Martin 3b99096af9 services: borg-backup: no longer needed 2022-03-11 17:20:52 +01:00
Antoine Martin 238294b7bf secrets: move gandi api key to agenix 2022-03-11 17:10:44 +01:00
Antoine Martin aa72401909 services: matrix-synapse: migrate to new config format 2022-03-11 16:45:29 +01:00
Antoine Martin 3edac96be2 services: pipewire: switch to wireplumber
audio didn't work after flake.lock bump!
2022-03-11 15:49:12 +01:00
Antoine Martin 4210e37496 services: pipewire: disable wireplumber for now
It got enabled by default, but it conflicts with media-session (which is
now deprecated). Need to test wireplumber properly before switching to
it though, I need my bluetooth codecs.
2022-03-04 18:39:37 +01:00
Antoine Martin 3e3d7153f9 services: nginx: fix acme option warning 2022-02-07 17:24:33 +01:00
Antoine Martin e5d6210912 zephyrus: don't depend on git-crypt secrets at all 2022-01-18 11:20:25 +01:00
Antoine Martin 1d0fd8d461 services: restic: allow configuring timer 2022-01-18 09:05:22 +01:00
Antoine Martin a0ead30194 services: restic: support custom secret filepaths 2022-01-17 21:57:00 +01:00
Antoine Martin 912073bee6 nix: exorcise all with <expr>; uses 2022-01-11 16:38:33 +01:00
Antoine Martin 5371f0eeb5 services: paperless: make sure redis is started 2021-12-27 14:52:44 +01:00
Antoine Martin 196a9b97b7 services: paperless: set ocr mode to noarchive 2021-12-22 22:54:00 +01:00
Antoine Martin 42a9f0def3 services: paperless: fix redis server warning 2021-12-22 20:13:37 +01:00
Antoine Martin 516cbd4ae7 services: paperless: switch from docker to nixos 2021-12-22 19:18:06 +01:00
Antoine Martin ed7cacb3b4 services: nextcloud: upgrade to nextcloud 23 2021-12-22 18:07:14 +01:00
Antoine Martin fb1a53e73d services: fava: workaround file not found bug 2021-11-17 02:29:06 +01:00
Antoine Martin f558b4b680 poseidon: upgrade deprecated options 2021-11-17 00:58:54 +01:00
Antoine Martin 63af1a317e services: remove prololo beta testing service 2021-09-24 16:16:27 +02:00
Antoine Martin 7bf83aaac3 services: prololo: bump flake 2021-09-24 14:27:51 +02:00
Antoine Martin c80a5e9a87 services: setup prololo test service 2021-09-12 22:26:28 +02:00
Antoine Martin 6afcd36d8e services: lohr: bump flake
I should clean that up anyway
2021-09-04 18:21:10 +02:00
Antoine Martin af0428fe45 services: gitea: upgrade to v1.15.0 2021-08-26 13:58:10 +02:00
Antoine Martin c94356e24f services: navidrome: setup restic backups 2021-08-22 17:51:23 +02:00
Antoine Martin 901556f805 services: navidrome: make music folder configurable 2021-08-22 17:24:52 +02:00
Antoine Martin 7ce48f7164 services: add navidrome 2021-08-22 16:43:27 +02:00
Antoine Martin d8c3f5c987 services: nextcloud: upgrade to nextcloud 22 2021-08-20 01:52:45 +02:00
Antoine Martin 2c7abf829a services: adapt bitwarden to vaultwarden rename 2021-08-20 01:44:44 +02:00
Antoine Martin bdd0748620 flake: switch back entire config to unstable
Mixing stable and unstable brought me weird problems, so I'm switching
back to unstable entirely until it breaks hard enough to convince me to
go back to stable. :)
2021-08-19 23:34:41 +02:00
Antoine Martin 12c60e9d2e services: postgresql: upgraded to v13 2021-08-19 21:30:09 +02:00
Antoine Martin 1b7c4d40c6 services: nextcloud: ignore heavy files 2021-08-10 00:33:19 +02:00
Antoine Martin e8ea4c8b5f services: nextcloud: regex don't work with restic 2021-08-09 21:13:55 +02:00
Antoine Martin b00faf77bb services: move to restic for everything 2021-08-09 20:19:27 +02:00
Antoine Martin e9c0d157f1 services: restic: make it verbose 2021-08-09 20:14:09 +02:00
Antoine Martin 0c538fbf86 services: backup postgres to restic 2021-08-09 20:11:00 +02:00
Antoine Martin a763e0549f services: setup restic backups service 2021-08-09 20:11:00 +02:00
Antoine Martin bd5aa2cef5 services: setup fava service 2021-08-07 15:40:01 +02:00
Antoine Martin 611308f120 services: paperless: backup correctly 2021-07-19 14:59:15 +02:00
Antoine Martin 0f4ae45828 services: monitoring: set prometheus scrape interval 2021-07-15 10:27:10 +02:00
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 4ddee48800 services: lohr: latest commit 2021-06-04 17:40:56 +02:00
Antoine Martin 46df5d0642 services: transmission: use openFirewall setting 2021-06-03 00:33:52 +02:00
Antoine Martin 2dc8502fb8 services: nginx: don't enable everywhere 2021-06-01 14:28:42 +02:00
Antoine Martin 393c803167 services: pipewire: fix broken 20.09 config 2021-05-27 23:01:52 +02:00
Antoine Martin b1dc709e3f services: pipewire: ship pactl with pipewire 2021-05-26 01:13:10 +02:00
Antoine Martin 4d091d5aa6 services: add pipewire service 2021-05-26 00:33:15 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin e2c77ed4e2 services: gitea: update home template to SVG
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00
Antoine Martin af0388b907 borg-backup: save space when pruning 2021-05-04 01:46:19 +02:00
Antoine Martin 71c4871af0 boreal: prune backups older than a month 2021-05-04 01:32:37 +02:00
Antoine Martin 2fdc188973 gitea: use main as default branch 2021-04-09 20:31:58 +02:00
Antoine Martin b2ab13242c gitea: enable push to create 2021-04-09 19:43:51 +02:00
Antoine Martin 64d28f9436 gitea: remove useless conditional on backup 2021-04-09 18:14:08 +02:00
Antoine Martin d2fc16978c gitea: silence logging 2021-04-09 18:01:01 +02:00
Antoine Martin 798a496709 gitea: use custom home template 2021-04-09 17:30:00 +02:00
Antoine Martin df463c02fb lohr: mention systemd specific issue 2021-04-08 03:44:52 +02:00
Antoine Martin ba0e0e993e lohr: setup real service 2021-04-08 03:20:58 +02:00
Antoine Martin 9d2073011b lohr: setup dev service 2021-03-28 22:18:18 +02:00
Antoine Martin 8629db70e6 borg-backup: init repo if doesn't exist 2021-03-24 20:50:47 +01:00
Antoine Martin 4115c3d8d7 nextcloud: don't backup image previews 2021-03-24 19:42:15 +01:00
Antoine Martin c47d72a376 matrix: don't backup cached media 2021-03-24 19:06:03 +01:00
Antoine Martin 8b5e107aea matrix: add FIXME 2021-03-24 01:26:25 +01:00
Antoine Martin 0a4fb2e7f7 borg-backup: display info during pruning 2021-03-24 00:55:08 +01:00
Antoine Martin 844b940493 nextcloud: ignore in-progress uploads in backups 2021-03-24 00:41:18 +01:00
Antoine Martin 40d4f07df3 borg-backup: display info during backup 2021-03-24 00:32:46 +01:00
Antoine Martin e6b1f1381a nextcloud: require postgresql for service setup 2021-03-24 00:14:43 +01:00
Antoine Martin 0cf16198a8 postgresql: set package version globally 2021-03-23 22:37:55 +01:00
Antoine Martin 6174bcd165 services: remove unneeded conditional 2021-03-23 22:24:12 +01:00
Antoine Martin b04d9e51a1 nextcloud: create service 2021-03-23 20:03:23 +01:00
Antoine Martin 48c87a4d8a borg-backup: switch to zstd compression 2021-03-23 12:14:14 +01:00
Antoine Martin bb477b36a6 tgv: new service 2021-03-16 17:46:25 +01:00
Antoine Martin 968c334c1b borg: prune files when backing up 2021-03-15 23:52:07 +01:00
Antoine Martin 80942f7eb3 wireguard: setup VPN 2021-02-22 19:42:11 +01:00
Antoine Martin a1065eb8ab fail2ban: increase default ban time 2021-02-22 16:18:14 +01:00