Commit graph

201 commits

Author SHA1 Message Date
Antoine Martin ab3573ce2a services: photoprism: remove wireguard 2022-10-13 13:29:27 +02:00
Antoine Martin a4db741ed4 services: photoprism: add fail2ban rules 2022-10-13 13:19:53 +02:00
Antoine Martin a116894bba services: photoprism: log access in specific file 2022-10-13 12:54:16 +02:00
Antoine Martin 9612efeb21 services: photoprism: bump max body size 2022-10-12 02:19:02 +02:00
Antoine Martin f536901847 services: photoprism: don't backup storage folder 2022-10-12 00:34:07 +02:00
Antoine Martin 6e8585d68e services: photoprism: increase nginx timeout 2022-10-11 22:36:05 +02:00
Antoine Martin 7205d180ec services: photoprism: init 2022-10-11 22:06:19 +02:00
Antoine Martin 6b82bc4e37 services: gitea: fix renamed options 2022-08-29 13:33:19 +02:00
Antoine Martin 77b5936a0b poseidon: remove nuage service
Didn't renew the domain name
2022-08-29 13:23:25 +02:00
Antoine Martin 1b200779b2 services: postgresql-backup: enable with postgres 2022-06-14 19:36:18 +02:00
Antoine Martin 42e681bb81 services: gitea: factorize gitea user 2022-06-14 19:28:06 +02:00
Antoine Martin fe66278f25 services: gitea: note about ensureDatabases 2022-06-14 19:07:36 +02:00
Antoine Martin 1f8c38eebe services: matrix: make sure db and role exist 2022-06-12 21:06:01 +02:00
Antoine Martin 9593e8b460 services: matrix: remove unneeded mkIf 2022-06-12 21:00:19 +02:00
Antoine Martin 990c035c3b services: use subdomain for ACME cert
Avoids conflicts now that I have multiple servers sharing the config
2022-06-12 18:03:36 +02:00
Antoine Martin cdd6068aeb services: nextcloud: bump to 24 2022-05-23 15:36:53 +02:00
Antoine Martin a4d3e6b6f8 services: tailscale: loosen firewall policy
See https://github.com/tailscale/tailscale/issues/4432
2022-05-15 21:35:38 +02:00
Antoine Martin b373a92335 services: tgv: remove service 2022-05-08 00:02:46 +02:00
Antoine Martin d61c80cec4 services: lohr: add ssh to path
SSH binary path is no longer hard coded in the git binary, see
cae8d1a2ed
2022-05-02 14:43:57 +02:00
Antoine Martin e4a533363d services: paperless: fix service name 2022-04-26 16:24:20 +02:00
Antoine Martin 3569a4c3b8 services: paperless: fix service name 2022-04-15 16:17:14 +02:00
Antoine Martin 4f0d45e4d5 format all code with alejandra 2022-04-10 11:54:58 +02:00
Antoine Martin 2644c71aa8 services: transmission: only expose over Wireguard 2022-03-20 23:12:38 +01:00
Antoine Martin 8c21d60d8c services: paperless: redis changes are upstreamed 2022-03-18 11:25:10 +01:00
Antoine Martin f984ba51e6 services: matrix: re-enable presence 2022-03-12 13:52:29 +01:00
Antoine Martin 2c3032c642 secrets: move paperless secrets to agenix 2022-03-11 18:55:56 +01:00
Antoine Martin 4cc2f41066 secrets: move nextcloud secrets to agenix 2022-03-11 18:42:51 +01:00
Antoine Martin 165b30ef9c secrets: move transmission secret to agenix 2022-03-11 18:16:04 +01:00
Antoine Martin 540968627c secrets: move matrix to agenix 2022-03-11 17:47:12 +01:00
Antoine Martin dad068ed6b secrets: move lohr to agenix 2022-03-11 17:26:54 +01:00
Antoine Martin 3b99096af9 services: borg-backup: no longer needed 2022-03-11 17:20:52 +01:00
Antoine Martin 238294b7bf secrets: move gandi api key to agenix 2022-03-11 17:10:44 +01:00
Antoine Martin aa72401909 services: matrix-synapse: migrate to new config format 2022-03-11 16:45:29 +01:00
Antoine Martin 3edac96be2 services: pipewire: switch to wireplumber
audio didn't work after flake.lock bump!
2022-03-11 15:49:12 +01:00
Antoine Martin 4210e37496 services: pipewire: disable wireplumber for now
It got enabled by default, but it conflicts with media-session (which is
now deprecated). Need to test wireplumber properly before switching to
it though, I need my bluetooth codecs.
2022-03-04 18:39:37 +01:00
Antoine Martin 3e3d7153f9 services: nginx: fix acme option warning 2022-02-07 17:24:33 +01:00
Antoine Martin e5d6210912 zephyrus: don't depend on git-crypt secrets at all 2022-01-18 11:20:25 +01:00
Antoine Martin 1d0fd8d461 services: restic: allow configuring timer 2022-01-18 09:05:22 +01:00
Antoine Martin a0ead30194 services: restic: support custom secret filepaths 2022-01-17 21:57:00 +01:00
Antoine Martin 912073bee6 nix: exorcise all with <expr>; uses 2022-01-11 16:38:33 +01:00
Antoine Martin 5371f0eeb5 services: paperless: make sure redis is started 2021-12-27 14:52:44 +01:00
Antoine Martin 196a9b97b7 services: paperless: set ocr mode to noarchive 2021-12-22 22:54:00 +01:00
Antoine Martin 42a9f0def3 services: paperless: fix redis server warning 2021-12-22 20:13:37 +01:00
Antoine Martin 516cbd4ae7 services: paperless: switch from docker to nixos 2021-12-22 19:18:06 +01:00
Antoine Martin ed7cacb3b4 services: nextcloud: upgrade to nextcloud 23 2021-12-22 18:07:14 +01:00
Antoine Martin fb1a53e73d services: fava: workaround file not found bug 2021-11-17 02:29:06 +01:00
Antoine Martin f558b4b680 poseidon: upgrade deprecated options 2021-11-17 00:58:54 +01:00
Antoine Martin 63af1a317e services: remove prololo beta testing service 2021-09-24 16:16:27 +02:00
Antoine Martin 7bf83aaac3 services: prololo: bump flake 2021-09-24 14:27:51 +02:00
Antoine Martin c80a5e9a87 services: setup prololo test service 2021-09-12 22:26:28 +02:00
Antoine Martin 6afcd36d8e services: lohr: bump flake
I should clean that up anyway
2021-09-04 18:21:10 +02:00
Antoine Martin af0428fe45 services: gitea: upgrade to v1.15.0 2021-08-26 13:58:10 +02:00
Antoine Martin c94356e24f services: navidrome: setup restic backups 2021-08-22 17:51:23 +02:00
Antoine Martin 901556f805 services: navidrome: make music folder configurable 2021-08-22 17:24:52 +02:00
Antoine Martin 7ce48f7164 services: add navidrome 2021-08-22 16:43:27 +02:00
Antoine Martin d8c3f5c987 services: nextcloud: upgrade to nextcloud 22 2021-08-20 01:52:45 +02:00
Antoine Martin 2c7abf829a services: adapt bitwarden to vaultwarden rename 2021-08-20 01:44:44 +02:00
Antoine Martin bdd0748620 flake: switch back entire config to unstable
Mixing stable and unstable brought me weird problems, so I'm switching
back to unstable entirely until it breaks hard enough to convince me to
go back to stable. :)
2021-08-19 23:34:41 +02:00
Antoine Martin 12c60e9d2e services: postgresql: upgraded to v13 2021-08-19 21:30:09 +02:00
Antoine Martin 1b7c4d40c6 services: nextcloud: ignore heavy files 2021-08-10 00:33:19 +02:00
Antoine Martin e8ea4c8b5f services: nextcloud: regex don't work with restic 2021-08-09 21:13:55 +02:00
Antoine Martin b00faf77bb services: move to restic for everything 2021-08-09 20:19:27 +02:00
Antoine Martin e9c0d157f1 services: restic: make it verbose 2021-08-09 20:14:09 +02:00
Antoine Martin 0c538fbf86 services: backup postgres to restic 2021-08-09 20:11:00 +02:00
Antoine Martin a763e0549f services: setup restic backups service 2021-08-09 20:11:00 +02:00
Antoine Martin bd5aa2cef5 services: setup fava service 2021-08-07 15:40:01 +02:00
Antoine Martin 611308f120 services: paperless: backup correctly 2021-07-19 14:59:15 +02:00
Antoine Martin 0f4ae45828 services: monitoring: set prometheus scrape interval 2021-07-15 10:27:10 +02:00
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 4ddee48800 services: lohr: latest commit 2021-06-04 17:40:56 +02:00
Antoine Martin 46df5d0642 services: transmission: use openFirewall setting 2021-06-03 00:33:52 +02:00
Antoine Martin 2dc8502fb8 services: nginx: don't enable everywhere 2021-06-01 14:28:42 +02:00
Antoine Martin 393c803167 services: pipewire: fix broken 20.09 config 2021-05-27 23:01:52 +02:00
Antoine Martin b1dc709e3f services: pipewire: ship pactl with pipewire 2021-05-26 01:13:10 +02:00
Antoine Martin 4d091d5aa6 services: add pipewire service 2021-05-26 00:33:15 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin e2c77ed4e2 services: gitea: update home template to SVG
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00