Bruno BELANYI
58b22b7354
home: firefox: tridactyl: remove 'Nitter' rule
...
ci/woodpecker/push/check Pipeline was successful
Turns out it's very annoying when the Nitter instance has been rate
limited.
This reverts commit e514389a3d
.
2024-01-27 15:33:40 +00:00
Bruno BELANYI
e2091e9e2e
nixos: services: nextcloud: use HTTPS
...
ci/woodpecker/push/check Pipeline was successful
This should fix my issue with the sliding sync server.
2024-01-26 23:36:05 +01:00
Bruno BELANYI
b33938e825
nixos: services: paperless: rename settings option
ci/woodpecker/push/check Pipeline was successful
2024-01-22 16:57:18 +00:00
Bruno BELANYI
13f20a28eb
home: vim: add gn ftplugin
2024-01-22 16:55:57 +00:00
Bruno BELANYI
dca6a9018b
home: vim: ftdetect: add gn
2024-01-22 16:55:57 +00:00
Bruno BELANYI
629ec539c9
nixos: services: nextcloud: fix typo
2024-01-22 16:55:57 +00:00
Bruno BELANYI
136bd342ff
nixos: services: matrix: fix deprecated option
2024-01-22 16:55:57 +00:00
Bruno BELANYI
10a3055136
nixos: services: nextcloud: fix deprecated option
2024-01-05 19:19:00 +01:00
Bruno BELANYI
e4f8214cb2
modules: services: nextcloud: bump to 28
2024-01-05 19:19:00 +01:00
Bruno BELANYI
b8b64bed8e
home: vim: ftdetect: add glsl
ci/woodpecker/push/check Pipeline was successful
2024-01-05 10:59:58 +00:00
Bruno BELANYI
9546c00124
home: vim: ftdetect: fix obsolete comment
2024-01-05 10:59:45 +00:00
Bruno BELANYI
932717b754
nixos: services: jellyfin: loosen umask
...
ci/woodpecker/push/check Pipeline was successful
I just noticed that all the metadata files Jellyfin stores have very
restrictive ACLs.
The whole point of the `media` group is to make my HTPC eco-system work
together. In particular this should allow Sonarr and friends to delete
folders without manual intervention.
2023-12-26 15:17:05 +01:00
Bruno BELANYI
71ee178510
nixos: services: nginx: fix SSO subdomain
ci/woodpecker/push/check Pipeline was successful
2023-12-25 20:23:55 +01:00
Bruno BELANYI
6948424b81
nixos: services: remove redundant subdomains
...
See previous commit for the defaults.
2023-12-25 20:23:55 +01:00
Bruno BELANYI
b7a4bc063f
nixos: services: nginx: add default subdomain
...
In almost all cases, the subdomain should be the same as the attribute
name...
2023-12-25 20:23:55 +01:00
Bruno BELANYI
faa87743e5
nixos: services: nginx: use attrset for vhosts
...
Attribute sets compose better than lists, it was a mistake to use a list
in the first place...
2023-12-25 20:23:55 +01:00
Bruno BELANYI
26950332c7
home: keyboard: extract from X module
...
ci/woodpecker/push/check Pipeline was successful
This deserves to be its own standalone module, as I would want to use it
in both X and Wayland, etc...
2023-12-23 14:56:55 +01:00
Bruno BELANYI
a657a7742e
home: wm: i3bar: fix 'net' block when disconnected
...
ci/woodpecker/push/check Pipeline is pending
I still sometimes get the error message about not being able to format
the block, this should fix it.
2023-12-18 09:41:35 +00:00
Bruno BELANYI
066a33587d
home: mpv: add uosc script
ci/woodpecker/push/check Pipeline is pending
2023-12-16 20:24:38 +00:00
Bruno BELANYI
864e0a5ae6
home: firefox: tridactyl: fix Google mapping
ci/woodpecker/push/check Pipeline was successful
2023-12-16 16:23:18 +00:00
Bruno BELANYI
104bc05871
home: wm: use upstream 'vimix-cursors'
2023-12-14 14:26:18 +00:00
Bruno BELANYI
e97f295470
home: firefox: use upstream 'ff2mpv-go'
2023-12-14 14:26:18 +00:00
Bruno BELANYI
373545ee38
nixos: system: printing: migrate deprecated option
...
It's recommended to only enable the IPv4 option, as most mDNS responders
only register IPv4 addresses (therefore enabling IPv6 would lead to long
timeouts when checking for those addresses first).
2023-12-14 14:26:18 +00:00
Bruno BELANYI
3a2f02f001
home: wm: i3bar: add VPN blocks
2023-12-14 14:25:48 +00:00
Bruno BELANYI
33b94a7f9d
home: wm: i3bar: add 'flatten' call
...
This makes it easier to declare multiple blocks at once, as will be done
in the next commit.
2023-12-14 11:41:27 +00:00
Bruno BELANYI
1faa8d9acf
nixos: services: wireguard: add 'simpleManagement'
...
ci/woodpecker/push/check Pipeline was successful
This makes it easier to manage the VPN services, as they don't require a
password prompt to be brought up/down.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
9ddd59eac8
nixos: system: add polkit
...
One nice thing is that it enables the prompts when using `systemctl`,
instead of requiring `sudo`.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
f23e6251ce
nixos: services: wireguard: add VPN conflicts
...
It's now easier to do the right thing when starting a VPN service,
whether the other one is running or not.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
16fade92b4
home: packages: add 'allowAliases', 'allowUnfree'
...
ci/woodpecker/push/check Pipeline was successful
With [1], this should now be taken into account properly.
[1]: https://github.com/nix-community/home-manager/pull/4304
2023-12-08 11:50:44 +00:00
Bruno BELANYI
22fa05ca0c
home: packages: refactor config format
2023-12-08 11:49:52 +00:00
Bruno BELANYI
afda437f49
home: git: allow overriding default package
2023-12-07 14:39:38 +00:00
Bruno BELANYI
0164d12087
home: ssh: move 'mosh' configuration
2023-12-07 14:39:38 +00:00
Bruno BELANYI
0b9c2309da
home: ssh: use 'mkMerge'
...
This will make it easier to add new options (e.g: for `mosh`).
2023-12-07 14:39:38 +00:00
Bruno BELANYI
e41bacc2fc
home: wm: i3: make 'rofi-bluetooth' ignore case
...
ci/woodpecker/push/check Pipeline was successful
The options given to the script are piped straight to `rofi -dmenu`,
which apparently needs the `-i` switch to be case insensitive.
2023-12-04 13:44:06 +00:00
Bruno BELANYI
55362b1db8
home: vim: add remove deprecated option
...
ci/woodpecker/push/check Pipeline was successful
The plug-in now configures itself automatically.
I could also set `vim.g.skip_ts_context_commentstring_module = true`,
but that should be removed soon enough anyway, and I would forget to
remove it...
2023-12-01 19:20:52 +00:00
Bruno BELANYI
15ca07bc64
home: wm: i3bar: remove redundant buttons
...
Turns out they're not needed, or at least not anymore?
2023-12-01 19:20:52 +00:00
Bruno BELANYI
f4cc63c711
home: direnv: remove 'ANDROID_SDK_HOME'
...
ci/woodpecker/push/check Pipeline was successful
Turns out this is supposed to be used for configuration, and it makes
some tools error out due to a sanity check...
I'm not pleased about this, but whatever.
2023-11-29 10:56:16 +00:00
Bruno BELANYI
ec79be2a45
home: xdg: set 'ANDROID_USER_HOME'
2023-11-29 10:56:16 +00:00
Bruno BELANYI
302cb907ef
home: wm: i3: make blueman device manager floating
ci/woodpecker/push/check Pipeline was successful
2023-11-28 20:28:12 +00:00
Bruno BELANYI
3fb8734c56
home: direnv: fix 'use_android'
...
ci/woodpecker/push/check Pipeline was successful
Don't rely on `ANDROID_SDK_HOME` if it hasn't yet been defined.
2023-11-27 11:18:29 +00:00
Bruno BELANYI
b48d81451d
nixos: services: migrate to 'ensureDBOwnership'
...
ci/woodpecker/push/check Pipeline was successful
`ensurePermissions` is deprecated, and doesn't work on PostgreSQL 15.
2023-11-21 00:22:44 +01:00
Bruno BELANYI
60d941b40b
flake: bump inputs
...
My tandoor-recipes fix was merged upstream, so remove the overlay.
And because of the recent postgres bump for 23.11, `ensureDBOwnership`
is the new way of dealing with DB permissions [1]. This means I had to
fix manually migrate my `gitea` DB and make it match the DB user.
[1]: https://github.com/NixOS/nixpkgs/pull/266270
2023-11-21 00:20:28 +01:00
Bruno BELANYI
11c8d4623c
home: direnv: add 'android' library file
ci/woodpecker/push/check Pipeline was successful
2023-11-17 16:21:28 +00:00
Bruno BELANYI
570349e80f
nixos: profiles: move from top-level
...
ci/woodpecker/push/check Pipeline was successful
My profiles are actually just "special" NixOS modules in that they
orchestrate settings that usually span the NixOS/home-manager boundary,
or otherwise set up configurations from multiple modules at once.
2023-11-11 18:12:05 +00:00
Bruno BELANYI
65a8f7c481
home: create 'modules/home' folder
...
Consolidating all modules under the same path, to clear out the
top-level directory.
2023-11-11 18:12:05 +00:00
Bruno BELANYI
c856933803
nixos: create 'modules/nixos' folder
...
Let's consolidate all modules under one path, so that NixOS,
home-manager, and nix-darwin (if I ever end up using it down the line)
would go under the same folder.
2023-11-11 18:11:52 +00:00
Bruno BELANYI
b52e56ed08
modules: home: use 'self'-relative import
2023-11-11 18:07:31 +00:00
Bruno BELANYI
27564cad42
modules: system: printing: move from 'profiles'
...
ci/woodpecker/push/check Pipeline was successful
This isn't really a cross-cutting module, it should be a module rather
than a profile.
2023-11-11 17:59:49 +00:00
Bruno BELANYI
cc331b73c7
treewide: fix postgres service dependencies
...
ci/woodpecker/push/check Pipeline was successful
Some were missing a `requires` even though they had `after`, and
woodpecker was missing it entirely.
2023-11-06 20:55:53 +00:00
Bruno BELANYI
830e7bb865
modules: services: woodpecker: fix interpolation
2023-11-06 20:54:42 +00:00
Bruno BELANYI
6a8f93df1f
modules: services: nginx: fix obsolete doc
...
ci/woodpecker/push/check Pipeline was successful
It's annoying to keep it in sync when adding a new incompatible option.
2023-10-28 12:14:45 +01:00
Bruno BELANYI
0795a3d29b
flake: bump inputs
...
And fix a removed nextcloud option.
2023-10-26 13:44:43 +00:00
Bruno BELANYI
b4c2cc581b
modules: services: matrix: add sliding sync
2023-10-26 12:27:00 +00:00
Bruno BELANYI
b4b9b54f75
modules: services: matrix: register dummy vhosts
...
This is simply to make use of my infrastructure for port collision
detection.
2023-10-26 12:27:00 +00:00
Bruno BELANYI
1425c42489
modules: services: matrix: refactor vhost
2023-10-26 12:27:00 +00:00
Bruno BELANYI
fcdb5ba593
modules: services: woodpecker: remove DNS hack
...
ci/woodpecker/push/check Pipeline is running
I'm not sure what changed, but it looks like I don't need it anymore.
Initially I wanted to apply the same DNS fix as [1].
[1]: https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/
2023-10-18 21:38:22 +02:00
Bruno BELANYI
3b3e7093be
modules: services: pirate: make more fine-grained
2023-10-18 21:38:22 +02:00
Bruno BELANYI
dae1a434d5
modules: services: transmission: bump to 4
...
Not sure why exactly this isn't the default, I'll have to watch out for
when upstream catches up.
2023-10-18 21:38:22 +02:00
Bruno BELANYI
24d41e829e
modules: system: users: fix deprecated option name
ci/woodpecker/push/check Pipeline was successful
2023-09-28 15:57:14 +00:00
Bruno BELANYI
7b56c342ad
modules: services: paperless: beef-up workers
...
ci/woodpecker/push/check Pipeline was successful
This should parallelize the number of documents ingested at once
(workers), as well as the speed of the ingestion per document (threads).
2023-09-18 13:43:37 +00:00
Bruno BELANYI
e979589174
modules: services: woodpecker: use 'path' option
...
ci/woodpecker/push/check Pipeline was successful
One less thing to modify in the systemd service.
2023-09-13 12:40:19 +00:00
Bruno BELANYI
6ba7a63b25
modules: services: fail2ban: fix comment
ci/woodpecker/push/check Pipeline was successful
2023-09-03 12:53:24 +02:00
Bruno BELANYI
fc8ccb8b99
modules: services: pirate: add fail2ban jails
ci/woodpecker/push/check Pipeline was successful
2023-09-03 12:43:46 +02:00
Bruno BELANYI
14bf03e5fd
modules: services: pirate: refactor
...
This will make adding fail2ban jails easier.
2023-09-03 12:42:29 +02:00
Bruno BELANYI
adc4ce9d8a
modules: services: indexers: add prowlarr fail2ban
2023-09-03 12:21:35 +02:00
Bruno BELANYI
6d9d835e1c
modules: services: nix-cache: use harmonia
2023-08-19 14:41:10 +02:00
Bruno BELANYI
ab59054518
modules: services: rename 'nix-cache'
...
I'm about to modify the module to use a different cache implementation,
so this name is more appropriate.
2023-08-19 14:41:10 +02:00
Bruno BELANYI
424bb2e7b9
modules: services: woodpecker: simplify path
...
I'm not sure why it was written that way to begin with.
2023-08-06 20:13:08 +02:00
Bruno BELANYI
7b6779f2b5
modules: services: woodpecker: default packages
...
Now that v1.0.0 is on nixpkgs, no need for my custom packages.
2023-08-06 20:13:08 +02:00
Bruno BELANYI
45c3b82606
modules: services: nginx-sso: use writeShellScript
2023-08-06 20:13:08 +02:00
Bruno BELANYI
58a94bdf1b
pkgs: remove woodpecker-plugin-git
...
I have now upstreamed the package, so let's remove it.
2023-08-06 20:13:08 +02:00
Bruno BELANYI
9f7472222c
treewide: use 'lib.getExe' when possible
...
Don't use it in wireguard to keep it consistent, as only half the
commands could use it.
2023-08-06 20:13:08 +02:00
Bruno BELANYI
ae8d8d75fd
flake: bump inputs
...
Update `fail2ban` to accomodate for RFC-42 migration.
2023-08-06 20:13:08 +02:00
Bruno BELANYI
47533f119e
modules: services: monitoring: add 'secretKeyFile'
ci/woodpecker/push/check Pipeline was successful
2023-07-17 10:59:58 +00:00
Bruno BELANYI
4bb1387376
modules: services: add tandoor-recipes
ci/woodpecker/push/check Pipeline was successful
2023-07-15 15:46:04 +02:00
Bruno BELANYI
5741421604
modules: services: nextcloud: enable 'notify_push'
2023-07-15 15:46:04 +02:00
Bruno BELANYI
c037d3844a
modules: services: nextcloud: configure redis
...
ci/woodpecker/push/check Pipeline was successful
I keep having some file-locking issues, and heard that using redis might
help alleviate those errant locks.
It's also necessary to use the `notify_push` app.
2023-07-15 14:01:14 +01:00
Bruno BELANYI
3e5fbfeb7a
modules: services: nextcloud: bump to 27
ci/woodpecker/push/check Pipeline was successful
2023-06-23 12:03:13 +02:00
Bruno BELANYI
2f03d92dd9
modules: services: woodpecker: use docker module
ci/woodpecker/push/check Pipeline was successful
2023-06-11 16:25:23 +01:00
Bruno BELANYI
e44dd4c6ea
modules: services: drone: use docker module
2023-06-11 16:25:23 +01:00
Bruno BELANYI
df9b060947
modules: system: podman: check for docker conflict
2023-06-11 16:23:31 +01:00
Bruno BELANYI
73fdd4622b
modules: system: add docker
2023-06-11 16:17:42 +01:00
Bruno BELANYI
5aa136f796
modules: system: podman: fix removed option
ci/woodpecker/push/check Pipeline was successful
2023-06-08 15:43:46 +00:00
Bruno BELANYI
18c9458cfa
modules: system: users: add 'docker' group
2023-06-08 15:43:46 +00:00
Bruno BELANYI
c0995929c4
modules: system: podman: add weekly purge
2023-06-08 15:43:46 +00:00
Bruno BELANYI
5d570dbf1e
modules: programs: steam: use writeShellScriptBin
ci/woodpecker/push/check Pipeline was successful
2023-06-03 13:40:44 +01:00
Bruno BELANYI
4f6f483851
modules: programs: steam: simplify wrapper
2023-06-03 13:40:44 +01:00
Bruno BELANYI
175a8acde2
modules: services: add vikunja
2023-05-13 21:18:57 +02:00
Bruno BELANYI
685c571018
modules: services: nginx: add 'socket' option
2023-05-13 21:18:57 +02:00
Bruno BELANYI
574634b64e
modules: services: blog: use 302 redirection
...
ci/woodpecker/push/check Pipeline was successful
That way the browser doesn't cache it, in case I do end up using that
domain after all.
2023-05-07 15:20:14 +01:00
Bruno BELANYI
a1dd0bb792
modules: services: matrix: remove 'with lib'
ci/woodpecker/push/check Pipeline was successful
2023-05-04 12:19:31 +00:00
Bruno BELANYI
c19baeb19d
modules: system: podman: remove unused 'options'
2023-05-04 09:27:19 +00:00
Bruno BELANYI
62d9359eb7
modules: services: matrix: clean-up formatting
2023-05-04 09:27:19 +00:00
Bruno BELANYI
2f3989bba1
modules: services: wireguard: simplify
2023-05-03 15:15:31 +00:00
Bruno BELANYI
49b2cb9781
modules: secrets: remove unused 'options'
2023-05-03 15:15:31 +00:00
Bruno BELANYI
fadb8e96fc
modules: system: nix: add 'cache.selfHosted'
2023-05-03 15:02:44 +00:00
Bruno BELANYI
20d19ed128
modules: system: nix: rename 'inputs' options
2023-05-03 15:02:44 +00:00
Bruno BELANYI
455a4e5431
modules: services: add nix-serve
2023-05-03 15:02:44 +00:00
Bruno BELANYI
d9e115a876
modules: services: woodpecker: adapt gitea URL
2023-05-03 15:02:44 +00:00
Bruno BELANYI
d8c841333b
modules: services: gitea: migrate settings
...
Most of the settings are now RFC-42 compliant.
2023-05-03 15:02:44 +00:00
Bruno BELANYI
638f4a7774
modules: system: boot: rename 'tmp' options
ci/woodpecker/push/check Pipeline was successful
2023-04-17 21:25:15 +02:00
Bruno BELANYI
7cebaa3751
modules: secrets: move wireguard keys
...
This is a bit special, as some of the keys do not belong to NixOS hosts,
so store those in the module itself, and into host-specific directories
for the keys that are NixOS hosts.
2023-04-17 08:18:27 +00:00
Bruno BELANYI
ed745602a1
modules: secrets: move non-existent key workaround
...
Since this configuration was only there to accommodate `aramis`, make it
be host-specific instead, and rely on the default value otherwise.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
6079485b50
modules: secrets: move host-specific secrets
2023-04-16 19:44:02 +01:00
Bruno BELANYI
57008bcb7c
hosts: nixos: add host-specific secrets module
...
This is the same logic as the common module, but for secrets that don't
need to be shared to different hosts.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
34a3f9a0d6
modules: secrets: centralize agenix keys
...
If I intend on splitting the keys depending on which host needs to have
access to it, I should have a singular spot to manage the keys.
2023-04-16 19:44:02 +01:00
Bruno BELANYI
68bf36c45c
modules: secrets: wireguard: remove unused file
...
The peer definitions have been inlined into the Wireguard module a long
time ago.
2023-04-13 17:05:52 +00:00
Bruno BELANYI
54e9303319
modules: secrets: use diff-friendly formatting
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:55:34 +00:00
Bruno BELANYI
04f23976ee
modules: services: woodpecker: remove unused env
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:24:34 +00:00
Bruno BELANYI
94141d53b8
modules: services: woodpecker: remove 'TODO'
2023-04-13 15:17:16 +00:00
Bruno BELANYI
f15b3aa23d
modules: services: woodpecker: allow setuid
...
ci/woodpecker/push/check Pipeline was successful
I need it to be able to use `ssh-agent`, for some of my workflows.
2023-04-01 21:06:50 +02:00
Bruno BELANYI
7a5842f03a
modules: services: matrix: remove obsolete comment
continuous-integration/drone/push Build is passing
2023-04-01 15:56:48 +01:00
Bruno BELANYI
d20e921e33
modules: secrets: fix 'matrix/secret'
2023-04-01 15:56:48 +01:00
Bruno BELANYI
7e06f75a5d
modules: secrets: add woodpecker
2023-04-01 15:56:48 +01:00
Bruno BELANYI
020a32b9e8
modules: services: add woodpecker
2023-04-01 15:56:48 +01:00
Bruno BELANYI
5d9524dbdf
modules: services: blog: better blog redirection
2023-04-01 13:05:47 +02:00
Bruno BELANYI
a22fe4e636
modules: services: nextcloud: bump to 26
2023-04-01 13:05:47 +02:00
Bruno BELANYI
b909f43269
modules: services: nginx: sort settings
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI
cae174b0f7
modules: services: nginx: all recommended settings
2023-03-28 15:31:05 +00:00
Bruno BELANYI
642e58fc22
modules: hardware: bluetooth: use 'wireplumber'
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI
ad0c99c6f0
modules: services: paperless: fix postgres order
continuous-integration/drone/push Build is passing
2023-03-23 12:16:40 +00:00
Bruno BELANYI
1751704ab3
modules: system: podman: remove unused arguments
continuous-integration/drone/push Build is passing
2023-03-22 10:46:10 +00:00
Bruno BELANYI
e799318a36
modules: hardware: firmware: remove unused 'pkgs'
2023-03-22 10:45:13 +00:00
Bruno BELANYI
70e235dfcc
modules: secrets: drone: modify gitea domain
...
Since I've changed the official subdomain for my forge, let's update it.
2023-03-16 21:40:06 +01:00
Bruno BELANYI
e50b259a70
modules: services: gitea: change domain to 'git.*'
...
Because cool URLs don't change [1], setup a re-directed for it.
[1]: https://www.w3.org/Provider/Style/URI.html
2023-03-16 21:33:22 +01:00
Bruno BELANYI
b3d90be8b1
modules: services: nginx: add 'redirect' option
2023-03-16 21:33:22 +01:00
Bruno BELANYI
20341a3129
refactor: 'with lib.my' -> 'with lib'
2023-03-16 16:42:55 +00:00
Bruno BELANYI
fafbb93ea9
modules: home: use named 'nixosModules'
continuous-integration/drone/push Build is passing
2023-03-11 20:44:04 +00:00
Bruno BELANYI
8b9a01a0ef
modules: system: nix: DRY inputs handling
2023-02-25 01:43:07 +00:00
Bruno BELANYI
54a6be70c8
modules: system: nix: simplify 'NIX_PATH'
...
Since we now have an explicit 'pkgs' link, we can just add the folder
with all linked inputs directly instead of adding them all manually.
2023-02-25 01:43:07 +00:00
Bruno BELANYI
a99954b12a
modules: system: nix: add explicit 'pkgs' link
2023-02-25 01:43:07 +00:00
Bruno BELANYI
6eb87c21b7
modules: system: nix: use stable 'NIX_PATH'
...
continuous-integration/drone/push Build is passing
Since the links are updated on system switch, NIX_PATH will
automatically point to the actual system version of the inputs at all
times
2023-02-23 21:03:22 +00:00
Bruno BELANYI
c1214547da
modules: system: nix: add '/etc/nix/inputs' links
2023-02-23 20:58:05 +00:00
Bruno BELANYI
3505b4d7f0
modules: services: sabnzbd: add fail2ban jail
continuous-integration/drone/push Build is passing
2023-02-20 23:01:50 +01:00
Bruno BELANYI
2485a60d62
modules: services: calibre-web: add fail2ban jail
continuous-integration/drone/push Build is passing
2023-02-20 09:04:50 +00:00
Bruno BELANYI
b9f6c5d534
modules: services: gitea: add fail2ban jail
2023-02-20 09:04:50 +00:00
Bruno BELANYI
d647830911
modules: services: order imports
2023-02-20 09:04:50 +00:00
Bruno BELANYI
13aa8abfaf
modules: services: add fail2ban
2023-02-20 09:04:50 +00:00
Bruno BELANYI
5bce2fafde
modules: system: nix: override '<nixpkgs>'
continuous-integration/drone/push Build is passing
2023-02-11 11:04:10 +00:00
Bruno BELANYI
26bf4e3631
modules: system: nix: preprend to 'NIX_PATH'
...
Instead of appending to the default value.
This makes overriding some values that are defined as the default value easier.
2023-02-11 11:04:10 +00:00
Bruno BELANYI
6b4c01a242
modules: services: ssh-server: use 'settings'
2023-01-28 22:51:18 +01:00
Bruno BELANYI
aeb3245327
modules: services: blog: GNU T.P.
2022-12-18 12:59:42 +01:00
Bruno BELANYI
c961bdbfc4
modules: services: transmission: remove MemoryHigh
...
The service does not actively try to reduce its memory usage, so to make
sure we do reach `MemoryMax` let's remove the `MemoryHigh`
configuration.
2022-12-16 21:43:49 +01:00
Bruno BELANYI
1e10c6630b
modules: services: nginx: fix SSL renewal
...
See this issue [1].
[1]: https://github.com/go-acme/lego/issues/1772 .
2022-11-29 17:19:24 +01:00
Bruno BELANYI
b85a98c377
modules: services: nextcloud: disable broken SSE
...
I don't use server-side encryption anyway.
2022-11-28 10:18:50 +01:00
Bruno BELANYI
1967c8ef79
modules: services: transmission: limit memory use
2022-11-20 13:15:58 +01:00
Bruno BELANYI
f6a00ec838
modules: services: paperless: require postgres
2022-11-03 18:06:36 +01:00
Bruno BELANYI
05be340b7e
modules: services: nextcloud: bump to 25
2022-11-03 16:59:19 +01:00
Bruno BELANYI
30ce88f42f
flake: bump inputs
...
And migrate to the new RFC42 grafana options.
2022-11-03 16:58:47 +01:00
Bruno BELANYI
4c0c6a75b2
modules: system: packages: configure aliases
...
Disallow them by default, but make it configurable.
2022-09-30 08:59:27 +02:00
Bruno BELANYI
5e021e6436
all: remove package aliases
2022-09-30 08:59:27 +02:00
Bruno BELANYI
c05fafefe8
modules: services: gitea: migrate to 'settings'
2022-08-31 17:19:58 +02:00
Bruno BELANYI
48495851ba
modules: services: grocy: fix SSL configuration
2022-07-28 18:29:10 +02:00
Bruno BELANYI
2ba9c63f2e
modules: services: add grocy
2022-07-28 18:29:10 +02:00
Bruno BELANYI
914b064f72
modules: services: paperless: fix DB dependency
2022-07-28 17:54:02 +02:00
Bruno BELANYI
37d272fcfb
modules: services: lohr: add 'openssh'
...
The git binary is not wrapped to add it in PATH anymore.
2022-05-31 13:54:34 +02:00
Bruno BELANYI
052d5a3df7
modules: services: nextcloud: bump to 24
2022-05-23 15:49:22 +02:00
Bruno BELANYI
46affd5057
modules: hardware: bluetooth: remove wireplumber
...
This configuration file completely breaks my sound setup.
Will investigate more at a later time, in the mean time, since this is
basically the default options, I will just remove the configuration
file.
This reverts commit c987206bc5
.
2022-05-02 11:18:23 +02:00
Bruno BELANYI
43cb3ae582
modules: hardware: add firmware
2022-04-27 14:03:18 +02:00
Bruno BELANYI
cb84b49438
modules: hardware: bluetooth: add wireplumber conf
...
Now that `media-session` is deprecated, I should at least replicate this
configuration for `wireplumber`.
2022-04-27 14:03:10 +02:00
Bruno BELANYI
0caa78af10
flake: bump inputs
...
And ensure that the renamed `paperless` services are configured
correctly.
2022-04-27 14:02:17 +02:00
Bruno BELANYI
a9e004f7c1
modules: secrets: gitea: add 'mail-password'
2022-04-08 21:34:44 +02:00
Bruno BELANYI
94143f9d33
modules: services: gitea: add 'mail' configuration
2022-04-08 21:34:44 +02:00
Bruno BELANYI
0db2c0a13c
modules: services: matrix: use 'settings'
...
The unstructured attributes are hard-deprecated.
2022-03-08 11:56:32 +01:00
Bruno BELANYI
cc91b88b28
flake: bump inputs
...
And do not use 'pipewire-media-session' which is deprecated.
2022-03-02 12:13:13 +01:00
Bruno BELANYI
39431c2656
modules: system: nix: use structural 'settings'
...
Instead of a stringly-typed `extraOptions`.
2022-02-08 14:32:00 +01:00
Bruno BELANYI
ba5782e748
modules: system: packages: remove some packages
...
They either belong in a nix shell or are taken care of by other
configurations.
2022-01-14 15:06:55 +01:00
Bruno BELANYI
8151b28527
modules: services: nginx: use 'acme.default.email'
...
The option `security.acme.email` has been deprecated.
2022-01-14 13:30:22 +01:00
Bruno BELANYI
e6fe5e57c9
modules: system: add podman
2022-01-14 13:24:09 +01:00
Bruno BELANYI
5c7ef3232e
modules: system: nix: add inputs to NIX_PATH
2022-01-07 08:55:58 +01:00
Bruno BELANYI
4d5d662913
modules: services: nextcloud: upgrade version
2021-12-07 19:11:32 +01:00
Bruno BELANYI
070a929f88
flake: bump inputs
...
And use renamed option for agenix identities.
2021-12-07 19:11:32 +01:00
Bruno BELANYI
d86ff6192c
modules: system: nix: don't change daemon niceness
...
This option doesn't really work the way it should anyway [1].
This reverts commit cbf6ea9ac9
.
[1]: https://github.com/NixOS/nixpkgs/pull/138741
2021-11-23 18:53:11 +01:00
Bruno BELANYI
d490a7de78
modules: services: nginx-sso: always rewrite conf
2021-11-06 15:43:00 +01:00
Bruno BELANYI
a36eae4e66
modules: services: paperless: backup 'dataDir'
2021-11-05 17:03:52 +01:00
Bruno BELANYI
dd0c110f71
modules: services: calibre-web: use 'dataDir'
2021-11-05 17:03:52 +01:00
Bruno BELANYI
e2638728e3
modules: services: pirate: sort 'ports' values
2021-11-05 17:03:52 +01:00
Bruno BELANYI
62e62c70e1
modules: services: lohr: declarative ssh key
2021-11-05 16:59:11 +01:00
Bruno BELANYI
b5b8f83e71
modules: secrets: lohr: add 'ssh-key'
2021-11-05 15:31:59 +01:00
Bruno BELANYI
5fdc390411
modules: services: nginx: remove unused argument
2021-11-05 14:58:58 +01:00
Bruno BELANYI
67ea6d9f95
modules: services: drone: remove unused arguments
2021-11-05 14:58:58 +01:00
Bruno BELANYI
450ab4b07b
modules: services: backup: remove deprecated name
2021-11-03 17:16:40 +01:00
Bruno BELANYI
9b184f94ac
modules: home: forward inputs to home-manager
...
This will be useful if and when I end up adding inputs with home-manager
modules defined.
2021-10-22 13:06:53 +02:00
Bruno BELANYI
7ca32d8b05
modules: services: indexers: add prowlarr
2021-10-18 19:48:50 +02:00
Bruno BELANYI
af5103803b
modules: services: indexers: refactor
...
This is cleaner and more correct.
2021-10-18 19:48:50 +02:00
Bruno BELANYI
f5e26526da
modules: services: indexers: fix typo
2021-10-18 19:48:50 +02:00
Bruno BELANYI
69d7fd5d7c
modules: system: nix: change nix build niceness
...
19 is the lowest priority.
2021-10-18 18:49:03 +02:00
Bruno BELANYI
dd48089a82
modules: services: nginx: use 'mkMailAccount'
2021-10-13 15:36:28 +02:00
Bruno BELANYI
2cd56e133f
modules: services: wireguard: add 'milady'
2021-10-10 17:16:29 +02:00
Bruno BELANYI
d43831cbf1
modules: secrets: wireguard: add 'milady'
2021-10-10 17:16:29 +02:00
Bruno BELANYI
55541abd17
modules: secrets: fix permission for grafana
2021-09-26 23:09:33 +02:00
Bruno BELANYI
b9786398a7
modules: secrets: fix permission of 'matrix/mail'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
5fd82472bf
modules: secrets: add 'owner' logic
2021-09-26 23:09:33 +02:00
Bruno BELANYI
8968e30e62
modules: secrets: remove 'with lib;'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
0b580b61e7
secrets: move into 'modules'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
414c27ee63
modules: services: nginx: sso: use runtime secrets
2021-09-26 23:09:33 +02:00
Bruno BELANYI
c7766afe90
modules: services: nginx: allow sso secret files
...
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
b46b918295
modules: services: drone: split into files
...
This is cleaner to read.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
ac90c5b11a
modules: services: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
836b54b8eb
modules: hardware: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
7bec7ae0f9
modules: system: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
d5b09c48ef
modules: programs: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
c88fa91671
modules: home: put into folder
2021-09-26 23:09:32 +02:00
Bruno BELANYI
33d539ed4f
modules: system: users: use agenix secrets
2021-09-26 23:09:32 +02:00
Bruno BELANYI
91abacd0f6
modules: services: wireguard: use agenix secrets
2021-09-26 23:09:32 +02:00
Bruno BELANYI
16d3cd9f81
modules: services: nginx: use 'credentialsFile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
7d37701811
modules: services: matrix: use 'mailConfigFile'
...
In preparation of the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
4643690b43
modules: services: paperless: use 'secretKeyFile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
5579baecfb
modules: services: nextcloud: use 'credentialsfile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
9d8da4d2b2
modules: services: miniflux: use 'credentialsFiles'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
da63787874
modules: services: transmission: secrets w/ file
...
In preparation for the migration to using agenix.
2021-09-26 23:09:31 +02:00
Bruno BELANYI
313b0c23a9
modules: remove unused arguments
2021-09-24 01:21:57 +02:00
Bruno BELANYI
8852699c9a
modules: services: nginx: use 'recursiveMerge'
2021-09-23 22:11:25 +02:00
Bruno BELANYI
c13e57f584
modules: system: users: use 'initialHashedPassword'
...
This is the better option to use in case I want to have a stateless
system.
2021-09-23 21:30:24 +02:00
Bruno BELANYI
2f9d3417d4
modules: system: users: use 'ambroisie' password
...
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00
Bruno BELANYI
27040532bd
modules: programs: steam: respect XDG conventions
...
Steam wants to pollute HOME with `.steam*` files and folders, which are
useless and annoying.
We want to make sure the wrappers are preferred when installing, so use
`lib.hiPrio` to ensure they get chosen.
2021-09-15 19:23:24 +02:00
Bruno BELANYI
24b540d948
modules: programs: add steam
2021-09-15 19:23:24 +02:00
Bruno BELANYI
91489d5b71
modules: add 'programs' directory
2021-09-15 16:48:10 +02:00
Bruno BELANYI
4ccf549e58
modules: system: remove 'media'
...
It was not the idiomatic way to do this.
2021-09-15 16:10:06 +02:00
Bruno BELANYI
bf6af94bec
modules: services: paperless: proxy websockets
2021-08-31 13:52:11 +02:00
Bruno BELANYI
23484989a6
modules: services: paperless: add admin password
...
This is a fallback in case SSO stops working...
2021-08-31 13:52:11 +02:00
Bruno BELANYI
da4595cd39
modules: services: add paperless
2021-08-31 13:52:11 +02:00
Bruno BELANYI
8319f0ea5c
modules: services: nginx: nginx-sso verbose logs
...
For some reason it still doesn't appear in the systemd log...
2021-08-30 17:38:25 +02:00
Bruno BELANYI
fd898df590
modules: services: nginx: add SSO
2021-08-30 17:36:39 +02:00
Bruno BELANYI
52079bf1e7
modules: services: nginx: enable explicitly
2021-08-30 17:36:39 +02:00
Bruno BELANYI
77cf3430ae
modules: services: use new nginx wrapper
...
And when not possible, document why.
Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
2021-08-26 15:54:13 +02:00
Bruno BELANYI
a8514dcdf1
modules: services: nginx: overhaul modularity
...
This should be all that's needed for almost all my services.
2021-08-26 15:54:13 +02:00
Bruno BELANYI
087794433e
modules: services: nextcloud: exclude previews
2021-08-19 14:27:40 +02:00
Bruno BELANYI
98c2f16eb2
modules: services: backup: make it verbose
2021-08-19 14:27:40 +02:00
Bruno BELANYI
c228916072
modules: services: add navidrome
2021-08-19 12:23:06 +02:00
Bruno BELANYI
7d09677792
modules: services: backup: fix exclude files
...
I was using the wrong option... Somehow it didn't error out.
2021-08-09 20:08:43 +02:00
Bruno BELANYI
6c3662dbb3
modules: services: tlp: add power scaling
2021-07-31 16:56:20 +02:00
Bruno BELANYI
19c5cd0e13
modules: services: nextcloud: upgrade version
2021-07-29 13:42:28 +02:00
Bruno BELANYI
522d1f49df
flake: bump inputs
...
And update package names for grafana dashboards to avoid breaking the
config.
2021-07-29 13:42:28 +02:00
Bruno BELANYI
3459067cd4
modules: services: postgres: upgrade version
2021-07-29 13:03:10 +02:00
Bruno BELANYI
5d21cecee7
modules: services: postgres: add migration script
...
The process to upgrade is:
* Make sure the version number of the script is one major version over
the service version.
* Activate the script, rebuild configuration.
* Run `upgrade-pg-cluster` as `root`. One can give arguments like
`--link` or `--jobs 4` to speedup the process. See documentation for
some details.
* Change package to new version once the upgrade is finished, rebuild
configuration.
* Optionally, `ANALYZE` the new database.
2021-07-29 13:02:49 +02:00
Bruno BELANYI
99c33cd7ad
modules: services: add postgresql
...
Enable the service itself in other modules when needed, but pin the
package in a single place.
2021-07-29 12:43:28 +02:00
Bruno BELANYI
eba977b582
modules: services: monitoring: add scrape interval
2021-07-15 18:54:07 +02:00
Bruno BELANYI
24028669f4
modules: services: add monitoring dashboard
2021-07-13 19:17:33 +02:00
Bruno BELANYI
c910b643da
modules: services: add monitoring
...
This includes a dashboard to monitor system ressources, using
Prometheus.
2021-07-13 19:17:33 +02:00
Bruno BELANYI
5fcc96ab77
modules: services: matrix: SSL only for server
...
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:
```nginx
server {
server_name matrix.belanyi.fr ;
location /.well-known/acme-challenge {
root /var/lib/acme/acme-challenge;
auth_basic off;
}
location / {
return 301 https://$host$request_uri ;
}
}
```
2021-07-13 17:43:31 +02:00
Bruno BELANYI
4b6f6423db
modules: hardware: sound: refactor options
...
Do not enable ALSA when using pipewire. Ensure that both pulseaudio and
pipewire are not configured at the same time.
2021-06-27 01:59:07 +02:00
Bruno BELANYI
85ff634331
modules: move home configuration from flake
2021-06-25 20:46:36 +02:00
Bruno BELANYI
76cac9af51
modules: change username configuration option
...
It makes more sense to have a `my.user` option.
2021-06-25 20:45:36 +02:00
Bruno BELANYI
9bb09ee8f4
modules: services: indexers: limit Jackett memory
2021-06-15 21:25:56 +02:00
Bruno BELANYI
e4d3d8a949
modules: system: add boot
...
And enable mounting `/tmp` as tmpfs by default.
2021-06-14 16:41:28 +02:00
Bruno BELANYI
902539ea6d
modules: system: documentation: include POSIX man
2021-06-12 13:23:09 +02:00
Bruno BELANYI
23e5ddd7f3
modules: services: matrix: add mail configuration
2021-06-09 19:14:09 +02:00
Bruno BELANYI
4c4c8ea4e5
modules: services: matrix: enable spaces
2021-06-09 18:33:54 +02:00
Bruno BELANYI
ce8138eb07
modules: services: matrix: add SMS verification
2021-06-09 18:32:59 +02:00