Antoine Martin
ab3573ce2a
services: photoprism: remove wireguard
2022-10-13 13:29:27 +02:00
Antoine Martin
a4db741ed4
services: photoprism: add fail2ban rules
2022-10-13 13:19:53 +02:00
Antoine Martin
a116894bba
services: photoprism: log access in specific file
2022-10-13 12:54:16 +02:00
Antoine Martin
9612efeb21
services: photoprism: bump max body size
2022-10-12 02:19:02 +02:00
Antoine Martin
f536901847
services: photoprism: don't backup storage folder
2022-10-12 00:34:07 +02:00
Antoine Martin
6e8585d68e
services: photoprism: increase nginx timeout
2022-10-11 22:36:05 +02:00
Antoine Martin
7205d180ec
services: photoprism: init
2022-10-11 22:06:19 +02:00
Antoine Martin
6b82bc4e37
services: gitea: fix renamed options
2022-08-29 13:33:19 +02:00
Antoine Martin
77b5936a0b
poseidon: remove nuage service
...
Didn't renew the domain name
2022-08-29 13:23:25 +02:00
Antoine Martin
1b200779b2
services: postgresql-backup: enable with postgres
2022-06-14 19:36:18 +02:00
Antoine Martin
42e681bb81
services: gitea: factorize gitea user
2022-06-14 19:28:06 +02:00
Antoine Martin
fe66278f25
services: gitea: note about ensureDatabases
2022-06-14 19:07:36 +02:00
Antoine Martin
1f8c38eebe
services: matrix: make sure db and role exist
2022-06-12 21:06:01 +02:00
Antoine Martin
9593e8b460
services: matrix: remove unneeded mkIf
2022-06-12 21:00:19 +02:00
Antoine Martin
990c035c3b
services: use subdomain for ACME cert
...
Avoids conflicts now that I have multiple servers sharing the config
2022-06-12 18:03:36 +02:00
Antoine Martin
cdd6068aeb
services: nextcloud: bump to 24
2022-05-23 15:36:53 +02:00
Antoine Martin
a4d3e6b6f8
services: tailscale: loosen firewall policy
...
See https://github.com/tailscale/tailscale/issues/4432
2022-05-15 21:35:38 +02:00
Antoine Martin
b373a92335
services: tgv: remove service
2022-05-08 00:02:46 +02:00
Antoine Martin
d61c80cec4
services: lohr: add ssh to path
...
SSH binary path is no longer hard coded in the git binary, see
cae8d1a2ed
2022-05-02 14:43:57 +02:00
Antoine Martin
e4a533363d
services: paperless: fix service name
2022-04-26 16:24:20 +02:00
Antoine Martin
3569a4c3b8
services: paperless: fix service name
2022-04-15 16:17:14 +02:00
Antoine Martin
4f0d45e4d5
format all code with alejandra
2022-04-10 11:54:58 +02:00
Antoine Martin
2644c71aa8
services: transmission: only expose over Wireguard
2022-03-20 23:12:38 +01:00
Antoine Martin
8c21d60d8c
services: paperless: redis changes are upstreamed
2022-03-18 11:25:10 +01:00
Antoine Martin
f984ba51e6
services: matrix: re-enable presence
2022-03-12 13:52:29 +01:00
Antoine Martin
2c3032c642
secrets: move paperless secrets to agenix
2022-03-11 18:55:56 +01:00
Antoine Martin
4cc2f41066
secrets: move nextcloud secrets to agenix
2022-03-11 18:42:51 +01:00
Antoine Martin
165b30ef9c
secrets: move transmission secret to agenix
2022-03-11 18:16:04 +01:00
Antoine Martin
540968627c
secrets: move matrix to agenix
2022-03-11 17:47:12 +01:00
Antoine Martin
dad068ed6b
secrets: move lohr to agenix
2022-03-11 17:26:54 +01:00
Antoine Martin
3b99096af9
services: borg-backup: no longer needed
2022-03-11 17:20:52 +01:00
Antoine Martin
238294b7bf
secrets: move gandi api key to agenix
2022-03-11 17:10:44 +01:00
Antoine Martin
aa72401909
services: matrix-synapse: migrate to new config format
2022-03-11 16:45:29 +01:00
Antoine Martin
3edac96be2
services: pipewire: switch to wireplumber
...
audio didn't work after flake.lock bump!
2022-03-11 15:49:12 +01:00
Antoine Martin
4210e37496
services: pipewire: disable wireplumber for now
...
It got enabled by default, but it conflicts with media-session (which is
now deprecated). Need to test wireplumber properly before switching to
it though, I need my bluetooth codecs.
2022-03-04 18:39:37 +01:00
Antoine Martin
3e3d7153f9
services: nginx: fix acme option warning
2022-02-07 17:24:33 +01:00
Antoine Martin
e5d6210912
zephyrus: don't depend on git-crypt secrets at all
2022-01-18 11:20:25 +01:00
Antoine Martin
1d0fd8d461
services: restic: allow configuring timer
2022-01-18 09:05:22 +01:00
Antoine Martin
a0ead30194
services: restic: support custom secret filepaths
2022-01-17 21:57:00 +01:00
Antoine Martin
912073bee6
nix: exorcise all with <expr>;
uses
2022-01-11 16:38:33 +01:00
Antoine Martin
5371f0eeb5
services: paperless: make sure redis is started
2021-12-27 14:52:44 +01:00
Antoine Martin
196a9b97b7
services: paperless: set ocr mode to noarchive
2021-12-22 22:54:00 +01:00
Antoine Martin
42a9f0def3
services: paperless: fix redis server warning
2021-12-22 20:13:37 +01:00
Antoine Martin
516cbd4ae7
services: paperless: switch from docker to nixos
2021-12-22 19:18:06 +01:00
Antoine Martin
ed7cacb3b4
services: nextcloud: upgrade to nextcloud 23
2021-12-22 18:07:14 +01:00
Antoine Martin
fb1a53e73d
services: fava: workaround file not found bug
2021-11-17 02:29:06 +01:00
Antoine Martin
f558b4b680
poseidon: upgrade deprecated options
2021-11-17 00:58:54 +01:00
Antoine Martin
63af1a317e
services: remove prololo beta testing service
2021-09-24 16:16:27 +02:00
Antoine Martin
7bf83aaac3
services: prololo: bump flake
2021-09-24 14:27:51 +02:00
Antoine Martin
c80a5e9a87
services: setup prololo test service
2021-09-12 22:26:28 +02:00
Antoine Martin
6afcd36d8e
services: lohr: bump flake
...
I should clean that up anyway
2021-09-04 18:21:10 +02:00
Antoine Martin
af0428fe45
services: gitea: upgrade to v1.15.0
2021-08-26 13:58:10 +02:00
Antoine Martin
c94356e24f
services: navidrome: setup restic backups
2021-08-22 17:51:23 +02:00
Antoine Martin
901556f805
services: navidrome: make music folder configurable
2021-08-22 17:24:52 +02:00
Antoine Martin
7ce48f7164
services: add navidrome
2021-08-22 16:43:27 +02:00
Antoine Martin
d8c3f5c987
services: nextcloud: upgrade to nextcloud 22
2021-08-20 01:52:45 +02:00
Antoine Martin
2c7abf829a
services: adapt bitwarden to vaultwarden rename
2021-08-20 01:44:44 +02:00
Antoine Martin
bdd0748620
flake: switch back entire config to unstable
...
Mixing stable and unstable brought me weird problems, so I'm switching
back to unstable entirely until it breaks hard enough to convince me to
go back to stable. :)
2021-08-19 23:34:41 +02:00
Antoine Martin
12c60e9d2e
services: postgresql: upgraded to v13
2021-08-19 21:30:09 +02:00
Antoine Martin
1b7c4d40c6
services: nextcloud: ignore heavy files
2021-08-10 00:33:19 +02:00
Antoine Martin
e8ea4c8b5f
services: nextcloud: regex don't work with restic
2021-08-09 21:13:55 +02:00
Antoine Martin
b00faf77bb
services: move to restic for everything
2021-08-09 20:19:27 +02:00
Antoine Martin
e9c0d157f1
services: restic: make it verbose
2021-08-09 20:14:09 +02:00
Antoine Martin
0c538fbf86
services: backup postgres to restic
2021-08-09 20:11:00 +02:00
Antoine Martin
a763e0549f
services: setup restic backups service
2021-08-09 20:11:00 +02:00
Antoine Martin
bd5aa2cef5
services: setup fava service
2021-08-07 15:40:01 +02:00
Antoine Martin
611308f120
services: paperless: backup correctly
2021-07-19 14:59:15 +02:00
Antoine Martin
0f4ae45828
services: monitoring: set prometheus scrape interval
2021-07-15 10:27:10 +02:00
Antoine Martin
c7c87fcdb4
pkgs: fix grafanaDashboards access in flake
...
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin
27ae0552eb
services: paperless: fix backup paths
2021-07-14 03:00:36 +02:00
Antoine Martin
829632e360
services: tailscale: make exit node optional
2021-07-14 00:08:40 +02:00
Antoine Martin
c16d8513d2
services: wireguard: removed unused module
...
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin
1d8750efed
services: tailscale: move to service
2021-07-13 23:49:45 +02:00
Antoine Martin
39477a85e7
services: paperless: backups
2021-07-13 22:20:21 +02:00
Antoine Martin
786d884e3a
services: monitoring: package grafana dashboards
2021-07-13 17:34:36 +02:00
Antoine Martin
0f8175519b
services: monitoring: update node exporter dash
2021-07-13 17:25:34 +02:00
Antoine Martin
0b983d1358
services: monitoring: add nginx dashboard
2021-07-13 17:25:34 +02:00
Antoine Martin
b6f712b817
services: nginx: enable prometheus exporter
2021-07-13 17:25:34 +02:00
Antoine Martin
2b59116b8d
services: monitoring: only listen on localhost
2021-07-13 17:25:34 +02:00
Antoine Martin
e7219ae988
services: matrix: enable SSL traffic only
...
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:
server {
server_name matrix.alarsyo.net ;
location /.well-known/acme-challenge {
root /var/lib/acme/acme-challenge;
auth_basic off;
}
location / {
return 301 https://$host$request_uri ;
}
}
Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin
c75458d8c9
services: bitwarden: only listen on local host
...
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin
d2835ceb77
services: paperless: drop external traffic to docker
2021-07-13 13:22:21 +02:00
Antoine Martin
8eb1fe5001
services: paperless: restrict to Tailscale
2021-07-13 01:31:55 +02:00
Antoine Martin
f0e5e90c10
services: use wildcard certificate
...
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin
64d479e2ce
services: prometheus: keep metrics for 2 years
2021-07-12 22:12:03 +02:00
Antoine Martin
95733f9e05
services: paperless: setup reverse proxy
2021-07-12 22:11:41 +02:00
Antoine Martin
7c8017af03
services: init nuage
2021-07-06 18:22:57 +02:00
Antoine Martin
568cd2ccd4
services: matrix: add SMS verification support
2021-06-09 15:37:35 +02:00
Antoine Martin
6c17c2d82c
services: matrix: move smtp port note out of secret
2021-06-09 14:57:51 +02:00
Antoine Martin
1b6258e363
services: matrix: add smtp server
2021-06-09 14:53:11 +02:00
Antoine Martin
4ddee48800
services: lohr: latest commit
2021-06-04 17:40:56 +02:00
Antoine Martin
46df5d0642
services: transmission: use openFirewall setting
2021-06-03 00:33:52 +02:00
Antoine Martin
2dc8502fb8
services: nginx: don't enable everywhere
2021-06-01 14:28:42 +02:00
Antoine Martin
393c803167
services: pipewire: fix broken 20.09 config
2021-05-27 23:01:52 +02:00
Antoine Martin
b1dc709e3f
services: pipewire: ship pactl with pipewire
2021-05-26 01:13:10 +02:00
Antoine Martin
4d091d5aa6
services: add pipewire service
2021-05-26 00:33:15 +02:00
Antoine Martin
2f794cfe3a
matrix: disable presence
2021-05-21 11:45:27 +02:00
Antoine Martin
6e9e4388ae
matrix: log level warn
2021-05-21 10:10:15 +02:00
Antoine Martin
09059273c2
matrix: enable spaces beta
2021-05-21 10:05:20 +02:00
Antoine Martin
e2c77ed4e2
services: gitea: update home template to SVG
...
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00