Commit graph

133 commits

Author SHA1 Message Date
Antoine Martin c7c87fcdb4 pkgs: fix grafanaDashboards access in flake
The `packages` output from the flake needs flake-utils' `flattenTree` to
be valid (because it doesn't support nested sets), but that only works
if I use `recurseIntoAttrs`.
2021-07-14 21:13:38 +02:00
Antoine Martin 27ae0552eb services: paperless: fix backup paths 2021-07-14 03:00:36 +02:00
Antoine Martin 829632e360 services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
Antoine Martin c16d8513d2 services: wireguard: removed unused module
replaced by tailscale
2021-07-13 23:51:17 +02:00
Antoine Martin 1d8750efed services: tailscale: move to service 2021-07-13 23:49:45 +02:00
Antoine Martin 39477a85e7 services: paperless: backups 2021-07-13 22:20:21 +02:00
Antoine Martin 786d884e3a services: monitoring: package grafana dashboards 2021-07-13 17:34:36 +02:00
Antoine Martin 0f8175519b services: monitoring: update node exporter dash 2021-07-13 17:25:34 +02:00
Antoine Martin 0b983d1358 services: monitoring: add nginx dashboard 2021-07-13 17:25:34 +02:00
Antoine Martin b6f712b817 services: nginx: enable prometheus exporter 2021-07-13 17:25:34 +02:00
Antoine Martin 2b59116b8d services: monitoring: only listen on localhost 2021-07-13 17:25:34 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin c75458d8c9 services: bitwarden: only listen on local host
This was never a problem because the firewall did its job, but better
safe than sorry.
2021-07-13 13:34:26 +02:00
Antoine Martin d2835ceb77 services: paperless: drop external traffic to docker 2021-07-13 13:22:21 +02:00
Antoine Martin 8eb1fe5001 services: paperless: restrict to Tailscale 2021-07-13 01:31:55 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 64d479e2ce services: prometheus: keep metrics for 2 years 2021-07-12 22:12:03 +02:00
Antoine Martin 95733f9e05 services: paperless: setup reverse proxy 2021-07-12 22:11:41 +02:00
Antoine Martin 7c8017af03 services: init nuage 2021-07-06 18:22:57 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 4ddee48800 services: lohr: latest commit 2021-06-04 17:40:56 +02:00
Antoine Martin 46df5d0642 services: transmission: use openFirewall setting 2021-06-03 00:33:52 +02:00
Antoine Martin 2dc8502fb8 services: nginx: don't enable everywhere 2021-06-01 14:28:42 +02:00
Antoine Martin 393c803167 services: pipewire: fix broken 20.09 config 2021-05-27 23:01:52 +02:00
Antoine Martin b1dc709e3f services: pipewire: ship pactl with pipewire 2021-05-26 01:13:10 +02:00
Antoine Martin 4d091d5aa6 services: add pipewire service 2021-05-26 00:33:15 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin e2c77ed4e2 services: gitea: update home template to SVG
v1.14 switched from a PNG to a SVG logo
2021-05-13 18:20:21 +02:00
Antoine Martin af0388b907 borg-backup: save space when pruning 2021-05-04 01:46:19 +02:00
Antoine Martin 71c4871af0 boreal: prune backups older than a month 2021-05-04 01:32:37 +02:00
Antoine Martin 2fdc188973 gitea: use main as default branch 2021-04-09 20:31:58 +02:00
Antoine Martin b2ab13242c gitea: enable push to create 2021-04-09 19:43:51 +02:00
Antoine Martin 64d28f9436 gitea: remove useless conditional on backup 2021-04-09 18:14:08 +02:00
Antoine Martin d2fc16978c gitea: silence logging 2021-04-09 18:01:01 +02:00
Antoine Martin 798a496709 gitea: use custom home template 2021-04-09 17:30:00 +02:00
Antoine Martin df463c02fb lohr: mention systemd specific issue 2021-04-08 03:44:52 +02:00
Antoine Martin ba0e0e993e lohr: setup real service 2021-04-08 03:20:58 +02:00
Antoine Martin 9d2073011b lohr: setup dev service 2021-03-28 22:18:18 +02:00
Antoine Martin 8629db70e6 borg-backup: init repo if doesn't exist 2021-03-24 20:50:47 +01:00
Antoine Martin 4115c3d8d7 nextcloud: don't backup image previews 2021-03-24 19:42:15 +01:00
Antoine Martin c47d72a376 matrix: don't backup cached media 2021-03-24 19:06:03 +01:00
Antoine Martin 8b5e107aea matrix: add FIXME 2021-03-24 01:26:25 +01:00
Antoine Martin 0a4fb2e7f7 borg-backup: display info during pruning 2021-03-24 00:55:08 +01:00
Antoine Martin 844b940493 nextcloud: ignore in-progress uploads in backups 2021-03-24 00:41:18 +01:00
Antoine Martin 40d4f07df3 borg-backup: display info during backup 2021-03-24 00:32:46 +01:00
Antoine Martin e6b1f1381a nextcloud: require postgresql for service setup 2021-03-24 00:14:43 +01:00
Antoine Martin 0cf16198a8 postgresql: set package version globally 2021-03-23 22:37:55 +01:00
Antoine Martin 6174bcd165 services: remove unneeded conditional 2021-03-23 22:24:12 +01:00
Antoine Martin b04d9e51a1 nextcloud: create service 2021-03-23 20:03:23 +01:00
Antoine Martin 48c87a4d8a borg-backup: switch to zstd compression 2021-03-23 12:14:14 +01:00
Antoine Martin bb477b36a6 tgv: new service 2021-03-16 17:46:25 +01:00
Antoine Martin 968c334c1b borg: prune files when backing up 2021-03-15 23:52:07 +01:00
Antoine Martin 80942f7eb3 wireguard: setup VPN 2021-02-22 19:42:11 +01:00
Antoine Martin a1065eb8ab fail2ban: increase default ban time 2021-02-22 16:18:14 +01:00
Antoine Martin 92e2e19bbf bitwarden_rs: remove random config 2021-02-22 16:11:59 +01:00
Antoine Martin 80384b2afe bitwarden_rs: setup fail2ban 2021-02-22 16:07:26 +01:00
Antoine Martin 25f45ec6f6 fail2ban: setup service 2021-02-22 15:07:29 +01:00
Antoine Martin 49a261e5ee jellyfin: proxy websockets traffic 2021-02-22 11:58:54 +01:00
Antoine Martin cdf8695794 transmission: setup service 2021-02-19 22:29:04 +01:00
Antoine Martin 2b5ef6b145 jellyfin: setup service 2021-02-19 21:28:12 +01:00
Antoine Martin e3440b61ab nginx: centralize configuration 2021-02-14 12:07:07 +01:00
Antoine Martin bb3532eb8a miniflux: don't remove old entries from feeds 2021-02-05 22:01:41 +01:00
Antoine Martin 3c0732cedd s/types.int/types.port 2021-02-02 18:24:28 +01:00
Antoine Martin fca8f6cb4c gitea: use own backup solution 2021-02-02 18:09:10 +01:00
Antoine Martin 039fa5a930 gitea: specify backup time 2021-02-02 17:34:22 +01:00
Antoine Martin 5bd4a23909 gitea: setup service 2021-02-02 17:01:40 +01:00
Antoine Martin 288e89502a matrix: proxy calls to /_synapse/client correctly 2021-02-02 02:13:33 +01:00
Antoine Martin d5eb537b5e matrix: use shared secret 2021-02-02 01:24:03 +01:00
Antoine Martin 48bb7a8841 borg-backup: fix exclude config 2021-01-31 13:11:31 +01:00
Antoine Martin 41769615f0 borg-backup: setup paths in respective services 2021-01-31 13:03:28 +01:00
Antoine Martin 8ed0f14f74 bitwarden: setup service 2021-01-31 03:50:10 +01:00
Antoine Martin 253530ea6f postgresql-backup: move to own services
This way the `startAt` setting is only set once.
2021-01-30 22:32:12 +01:00
Antoine Martin 297eb0a6f9 miniflux: setup service 2021-01-30 21:53:05 +01:00
Antoine Martin 8b037b16a4 postgres: create daily backups 2021-01-30 19:35:21 +01:00
Antoine Martin 91eaa2f008 borg-backup: setup service 2021-01-30 19:35:21 +01:00
Antoine Martin 84fff7a6f2 matrix: add hosted Element web setup 2021-01-29 14:33:37 +01:00
Antoine Martin 79aa31f07f matrix: improve configuration 2021-01-29 14:04:53 +01:00
Antoine Martin 4d89de4841 matrix: migrate server and setup federation
It works, but looks and feels hacky. Needs cleanups
2021-01-28 02:54:33 +01:00
Antoine Martin 13b3baa805 monitoring: refacto, extract from main config 2021-01-27 21:55:32 +01:00