This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.
A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.
This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
I have separated the modules into host-specific settings, and generic
settings that ought to be shared by every host.
I only have the 'porthos' host for now, but intend to also add my laptop
'aramis' at some point to this repository.
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.
This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
I want the ssh addresses to use 'git' as a user, so the service must be
set up with this user as well.
I also want the port to be configurable in case I need to change it.
Its configuration isn't declarative :-(.
Notably, the port needs to be changed from '8080' to '9090' in its
configuration file (at '/var/lib/sabnzbd/').
This service makes use of the default webui. I really like combustion
more, but am willing to use that one instead given the few amount of
time I actually spend looking at it
Bruno BELANYI