Commit graph

197 commits

Author SHA1 Message Date
Antoine Martin 7ce48f7164 services: add navidrome 2021-08-22 16:43:27 +02:00
Antoine Martin d8c3f5c987 services: nextcloud: upgrade to nextcloud 22 2021-08-20 01:52:45 +02:00
Antoine Martin 2c7abf829a services: adapt bitwarden to vaultwarden rename 2021-08-20 01:44:44 +02:00
Antoine Martin bdd0748620 flake: switch back entire config to unstable
Mixing stable and unstable brought me weird problems, so I'm switching
back to unstable entirely until it breaks hard enough to convince me to
go back to stable. :)
2021-08-19 23:34:41 +02:00
Antoine Martin 12c60e9d2e services: postgresql: upgraded to v13 2021-08-19 21:30:09 +02:00
Antoine Martin 1b7c4d40c6 services: nextcloud: ignore heavy files 2021-08-10 00:33:19 +02:00
Antoine Martin e8ea4c8b5f services: nextcloud: regex don't work with restic 2021-08-09 21:13:55 +02:00
Antoine Martin b00faf77bb services: move to restic for everything 2021-08-09 20:19:27 +02:00
Antoine Martin e9c0d157f1 services: restic: make it verbose 2021-08-09 20:14:09 +02:00
Antoine Martin 0c538fbf86 services: backup postgres to restic 2021-08-09 20:11:00 +02:00
Antoine Martin a763e0549f services: setup restic backups service 2021-08-09 20:11:00 +02:00
Antoine Martin bd5aa2cef5 services: setup fava service 2021-08-07 15:40:01 +02:00
Antoine Martin 611308f120 services: paperless: backup correctly 2021-07-19 14:59:15 +02:00
Antoine Martin 0f4ae45828 services: monitoring: set prometheus scrape interval 2021-07-15 10:27:10 +02:00
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 4ddee48800 services: lohr: latest commit 2021-06-04 17:40:56 +02:00
Antoine Martin 46df5d0642 services: transmission: use openFirewall setting 2021-06-03 00:33:52 +02:00
Antoine Martin 2dc8502fb8 services: nginx: don't enable everywhere 2021-06-01 14:28:42 +02:00
Antoine Martin 393c803167 services: pipewire: fix broken 20.09 config 2021-05-27 23:01:52 +02:00
Antoine Martin b1dc709e3f services: pipewire: ship pactl with pipewire 2021-05-26 01:13:10 +02:00
Antoine Martin 4d091d5aa6 services: add pipewire service 2021-05-26 00:33:15 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin e2c77ed4e2 services: gitea: update home template to SVG
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00
Antoine Martin af0388b907 borg-backup: save space when pruning 2021-05-04 01:46:19 +02:00
Antoine Martin 71c4871af0 boreal: prune backups older than a month 2021-05-04 01:32:37 +02:00
Antoine Martin 2fdc188973 gitea: use main as default branch 2021-04-09 20:31:58 +02:00
Antoine Martin b2ab13242c gitea: enable push to create 2021-04-09 19:43:51 +02:00
Antoine Martin 64d28f9436 gitea: remove useless conditional on backup 2021-04-09 18:14:08 +02:00
Antoine Martin d2fc16978c gitea: silence logging 2021-04-09 18:01:01 +02:00
Antoine Martin 798a496709 gitea: use custom home template 2021-04-09 17:30:00 +02:00
Antoine Martin df463c02fb lohr: mention systemd specific issue 2021-04-08 03:44:52 +02:00
Antoine Martin ba0e0e993e lohr: setup real service 2021-04-08 03:20:58 +02:00
Antoine Martin 9d2073011b lohr: setup dev service 2021-03-28 22:18:18 +02:00
Antoine Martin 8629db70e6 borg-backup: init repo if doesn't exist 2021-03-24 20:50:47 +01:00
Antoine Martin 4115c3d8d7 nextcloud: don't backup image previews 2021-03-24 19:42:15 +01:00
Antoine Martin c47d72a376 matrix: don't backup cached media 2021-03-24 19:06:03 +01:00
Antoine Martin 8b5e107aea matrix: add FIXME 2021-03-24 01:26:25 +01:00
Antoine Martin 0a4fb2e7f7 borg-backup: display info during pruning 2021-03-24 00:55:08 +01:00
Antoine Martin 844b940493 nextcloud: ignore in-progress uploads in backups 2021-03-24 00:41:18 +01:00
Antoine Martin 40d4f07df3 borg-backup: display info during backup 2021-03-24 00:32:46 +01:00
Antoine Martin e6b1f1381a nextcloud: require postgresql for service setup 2021-03-24 00:14:43 +01:00
Antoine Martin 0cf16198a8 postgresql: set package version globally 2021-03-23 22:37:55 +01:00
Antoine Martin 6174bcd165 services: remove unneeded conditional 2021-03-23 22:24:12 +01:00
Antoine Martin b04d9e51a1 nextcloud: create service 2021-03-23 20:03:23 +01:00
Antoine Martin 48c87a4d8a borg-backup: switch to zstd compression 2021-03-23 12:14:14 +01:00
Antoine Martin bb477b36a6 tgv: new service 2021-03-16 17:46:25 +01:00
Antoine Martin 968c334c1b borg: prune files when backing up 2021-03-15 23:52:07 +01:00
Antoine Martin 80942f7eb3 wireguard: setup VPN 2021-02-22 19:42:11 +01:00
Antoine Martin a1065eb8ab fail2ban: increase default ban time 2021-02-22 16:18:14 +01:00
Antoine Martin 92e2e19bbf bitwarden_rs: remove random config 2021-02-22 16:11:59 +01:00
Antoine Martin 80384b2afe bitwarden_rs: setup fail2ban 2021-02-22 16:07:26 +01:00
Antoine Martin 25f45ec6f6 fail2ban: setup service 2021-02-22 15:07:29 +01:00
Antoine Martin 49a261e5ee jellyfin: proxy websockets traffic 2021-02-22 11:58:54 +01:00
Antoine Martin cdf8695794 transmission: setup service 2021-02-19 22:29:04 +01:00
Antoine Martin 2b5ef6b145 jellyfin: setup service 2021-02-19 21:28:12 +01:00
Antoine Martin e3440b61ab nginx: centralize configuration 2021-02-14 12:07:07 +01:00
Antoine Martin bb3532eb8a miniflux: don't remove old entries from feeds 2021-02-05 22:01:41 +01:00
Antoine Martin 3c0732cedd s/types.int/types.port 2021-02-02 18:24:28 +01:00
Antoine Martin fca8f6cb4c gitea: use own backup solution 2021-02-02 18:09:10 +01:00
Antoine Martin 039fa5a930 gitea: specify backup time 2021-02-02 17:34:22 +01:00
Antoine Martin 5bd4a23909 gitea: setup service 2021-02-02 17:01:40 +01:00
Antoine Martin 288e89502a matrix: proxy calls to /_synapse/client correctly 2021-02-02 02:13:33 +01:00
Antoine Martin d5eb537b5e matrix: use shared secret 2021-02-02 01:24:03 +01:00
Antoine Martin 48bb7a8841 borg-backup: fix exclude config 2021-01-31 13:11:31 +01:00
Antoine Martin 41769615f0 borg-backup: setup paths in respective services 2021-01-31 13:03:28 +01:00
Antoine Martin 8ed0f14f74 bitwarden: setup service 2021-01-31 03:50:10 +01:00
Antoine Martin 253530ea6f postgresql-backup: move to own services
This way the `startAt` setting is only set once.
2021-01-30 22:32:12 +01:00
Antoine Martin 297eb0a6f9 miniflux: setup service 2021-01-30 21:53:05 +01:00
Antoine Martin 8b037b16a4 postgres: create daily backups 2021-01-30 19:35:21 +01:00
Antoine Martin 91eaa2f008 borg-backup: setup service 2021-01-30 19:35:21 +01:00
Antoine Martin 84fff7a6f2 matrix: add hosted Element web setup 2021-01-29 14:33:37 +01:00
Antoine Martin 79aa31f07f matrix: improve configuration 2021-01-29 14:04:53 +01:00
Antoine Martin 4d89de4841 matrix: migrate server and setup federation
It works, but looks and feels hacky. Needs cleanups
2021-01-28 02:54:33 +01:00
Antoine Martin 13b3baa805 monitoring: refacto, extract from main config 2021-01-27 21:55:32 +01:00