Commit graph

33 commits

Author SHA1 Message Date
Antoine Martin 78c16d6802 services: remove usage of ensurePermissions
Deprecated in favor of ensureDBOwnership
2023-12-05 16:00:25 +01:00
Antoine Martin 82eb87a388 services: matrix: expose healthcheck 2022-12-19 01:25:05 +01:00
Antoine Martin 1f8c38eebe services: matrix: make sure db and role exist 2022-06-12 21:06:01 +02:00
Antoine Martin 9593e8b460 services: matrix: remove unneeded mkIf 2022-06-12 21:00:19 +02:00
Antoine Martin 990c035c3b services: use subdomain for ACME cert
Avoids conflicts now that I have multiple servers sharing the config
2022-06-12 18:03:36 +02:00
Antoine Martin 4f0d45e4d5 format all code with alejandra 2022-04-10 11:54:58 +02:00
Antoine Martin f984ba51e6 services: matrix: re-enable presence 2022-03-12 13:52:29 +01:00
Antoine Martin 165b30ef9c secrets: move transmission secret to agenix 2022-03-11 18:16:04 +01:00
Antoine Martin 540968627c secrets: move matrix to agenix 2022-03-11 17:47:12 +01:00
Antoine Martin aa72401909 services: matrix-synapse: migrate to new config format 2022-03-11 16:45:29 +01:00
Antoine Martin 912073bee6 nix: exorcise all with <expr>; uses 2022-01-11 16:38:33 +01:00
Antoine Martin b00faf77bb services: move to restic for everything 2021-08-09 20:19:27 +02:00
Antoine Martin e7219ae988 services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
2021-07-13 13:54:18 +02:00
Antoine Martin f0e5e90c10 services: use wildcard certificate
Should have done this a long time ago
2021-07-13 01:08:01 +02:00
Antoine Martin 568cd2ccd4 services: matrix: add SMS verification support 2021-06-09 15:37:35 +02:00
Antoine Martin 6c17c2d82c services: matrix: move smtp port note out of secret 2021-06-09 14:57:51 +02:00
Antoine Martin 1b6258e363 services: matrix: add smtp server 2021-06-09 14:53:11 +02:00
Antoine Martin 2f794cfe3a matrix: disable presence 2021-05-21 11:45:27 +02:00
Antoine Martin 6e9e4388ae matrix: log level warn 2021-05-21 10:10:15 +02:00
Antoine Martin 09059273c2 matrix: enable spaces beta 2021-05-21 10:05:20 +02:00
Antoine Martin c47d72a376 matrix: don't backup cached media 2021-03-24 19:06:03 +01:00
Antoine Martin 8b5e107aea matrix: add FIXME 2021-03-24 01:26:25 +01:00
Antoine Martin 0cf16198a8 postgresql: set package version globally 2021-03-23 22:37:55 +01:00
Antoine Martin 6174bcd165 services: remove unneeded conditional 2021-03-23 22:24:12 +01:00
Antoine Martin e3440b61ab nginx: centralize configuration 2021-02-14 12:07:07 +01:00
Antoine Martin 288e89502a matrix: proxy calls to /_synapse/client correctly 2021-02-02 02:13:33 +01:00
Antoine Martin d5eb537b5e matrix: use shared secret 2021-02-02 01:24:03 +01:00
Antoine Martin 41769615f0 borg-backup: setup paths in respective services 2021-01-31 13:03:28 +01:00
Antoine Martin 253530ea6f postgresql-backup: move to own services
This way the `startAt` setting is only set once.
2021-01-30 22:32:12 +01:00
Antoine Martin 8b037b16a4 postgres: create daily backups 2021-01-30 19:35:21 +01:00
Antoine Martin 84fff7a6f2 matrix: add hosted Element web setup 2021-01-29 14:33:37 +01:00
Antoine Martin 79aa31f07f matrix: improve configuration 2021-01-29 14:04:53 +01:00
Antoine Martin 4d89de4841 matrix: migrate server and setup federation
It works, but looks and feels hacky. Needs cleanups
2021-01-28 02:54:33 +01:00