Commit graph

89 commits

Author SHA1 Message Date
Antoine Martin e9c0d157f1 services: restic: make it verbose 2021-08-09 20:14:09 +02:00
Antoine Martin 0c538fbf86 services: backup postgres to restic 2021-08-09 20:11:00 +02:00
Antoine Martin a763e0549f services: setup restic backups service 2021-08-09 20:11:00 +02:00
Antoine Martin bd5aa2cef5 services: setup fava service 2021-08-07 15:40:01 +02:00
Antoine Martin 611308f120 services: paperless: backup correctly 2021-07-19 14:59:15 +02:00
Antoine Martin 0f4ae45828 services: monitoring: set prometheus scrape interval 2021-07-15 10:27:10 +02:00
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 4ddee48800 services: lohr: latest commit 2021-06-04 17:40:56 +02:00
Antoine Martin 46df5d0642 services: transmission: use openFirewall setting 2021-06-03 00:33:52 +02:00
Antoine Martin 2dc8502fb8 services: nginx: don't enable everywhere 2021-06-01 14:28:42 +02:00
Antoine Martin 393c803167 services: pipewire: fix broken 20.09 config 2021-05-27 23:01:52 +02:00
Antoine Martin b1dc709e3f services: pipewire: ship pactl with pipewire 2021-05-26 01:13:10 +02:00
Antoine Martin 4d091d5aa6 services: add pipewire service 2021-05-26 00:33:15 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin e2c77ed4e2 services: gitea: update home template to SVG
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00
Antoine Martin af0388b907 borg-backup: save space when pruning 2021-05-04 01:46:19 +02:00
Antoine Martin 71c4871af0 boreal: prune backups older than a month 2021-05-04 01:32:37 +02:00
Antoine Martin 2fdc188973 gitea: use main as default branch 2021-04-09 20:31:58 +02:00
Antoine Martin b2ab13242c gitea: enable push to create 2021-04-09 19:43:51 +02:00
Antoine Martin 64d28f9436 gitea: remove useless conditional on backup 2021-04-09 18:14:08 +02:00
Antoine Martin d2fc16978c gitea: silence logging 2021-04-09 18:01:01 +02:00
Antoine Martin 798a496709 gitea: use custom home template 2021-04-09 17:30:00 +02:00
Antoine Martin df463c02fb lohr: mention systemd specific issue 2021-04-08 03:44:52 +02:00
Antoine Martin ba0e0e993e lohr: setup real service 2021-04-08 03:20:58 +02:00
Antoine Martin 9d2073011b lohr: setup dev service 2021-03-28 22:18:18 +02:00
Antoine Martin 8629db70e6 borg-backup: init repo if doesn't exist 2021-03-24 20:50:47 +01:00
Antoine Martin 4115c3d8d7 nextcloud: don't backup image previews 2021-03-24 19:42:15 +01:00