Bruno BELANYI
196f9a3e34
services: wireguard: fix server routing
...
I had made a mistake, hard-coding the server as being `1` for its client
number, instead of using the one configured from its peer configuration.
2021-04-25 12:39:17 +00:00
Bruno BELANYI
26eac86de0
services: wireguard: clean up logic
...
This module has a complicated logic, and I found the code quite ugly.
making use of `mkMerge` makes it easier to read and think through.
2021-04-25 12:39:17 +00:00
Bruno BELANYI
84b61b25b3
services: wireguard: allow disabling service
...
Only the server *needs* to have wireguard up at all times. However a
laptop or desktop probably doesn't need it up at all times.
2021-04-25 12:39:17 +00:00
Bruno BELANYI
f79fcd020b
services: wireguard: set up DNS server on clients
...
This makes use of my newly written adblocking DNS service, it does
assume that the server would have both wireguard and DNS enabled.
I would also like to move to using my ip-related library functions,
however it does not support IPv6 and is unlikely to be easily added...
But I am not sure that I *need* IPv6 support for my use-case.
Finally, I find this module a bit too heavy, it could be improved by
having specific 'server' and 'client' roles, instead of implicit roles
depending on whether an external IP exists.
2021-04-25 12:39:17 +00:00
Bruno BELANYI
3696471201
services: adblock: restrict to wireguard interface
2021-04-25 12:39:17 +00:00
Bruno BELANYI
5b0d12ad40
services: add adblock
...
This is a self-hosted DNS server with hosts-based adblocking.
I should probably have it update the hosts file more often than I will
probably end up doing myself with a package... We'll see if it ends up
being necessary.
2021-04-25 12:39:17 +00:00
Bruno BELANYI
67faf8fa43
services: lohr: update log environment variable
2021-04-25 12:39:17 +00:00
Bruno BELANYI
e6d46b3c59
pkgs: extract lohr from 'services/lohr'
2021-04-25 12:39:17 +00:00
Bruno BELANYI
b06f265291
pkgs: extract podgrab from 'services/podgrab'
2021-04-25 12:39:17 +00:00
Bruno BELANYI
15f0f95538
services: lohr: update to 'v0.4.0'
2021-04-25 12:39:17 +00:00
Bruno BELANYI
ee1b31954a
services: calibre-web: use upstream service
continuous-integration/drone/push Build encountered an error
2021-04-15 16:24:41 +00:00
Bruno BELANYI
558c09cfdf
services: add podgrab
2021-04-15 16:24:41 +00:00
Bruno BELANYI
3402146298
services: add lohr
2021-04-01 22:48:38 +00:00
Bruno BELANYI
cf76586585
services: drone: fix docker socket dependency
continuous-integration/drone/push Build is passing
2021-03-31 17:56:36 +00:00
Bruno BELANYI
7e70b57132
services: transmission: remove trailing slash
...
Otherwise it messes with the UI: Another '/' is inserted
2021-03-31 17:56:36 +00:00
Bruno BELANYI
61fcfec4cb
services: drone: use runners from nixpkgs
2021-03-31 17:56:36 +00:00
Bruno BELANYI
7fc3a74329
services: use explicit loopback address w/ vhosts
...
Otherwise it can result in failure to proxy requests sometimes...
2021-03-31 17:56:36 +00:00
Bruno BELANYI
29f3367668
services: nextcloud: bump package version
continuous-integration/drone/push Build encountered an error
2021-03-20 00:25:35 +00:00
Bruno BELANYI
f0c3e71b22
services: drone: fix postgresql service dependency
continuous-integration/drone/push Build is passing
2021-03-11 20:58:44 +00:00
Bruno BELANYI
e09da8505e
services: move 'media' to 'modules' instead
...
Its not actually a service, but more of a configuration needed by some
services. Therefore it belongs in modules.
2021-03-07 18:39:42 +00:00
Bruno BELANYI
aa0a3bf6c9
services: transmission: more configurable settings
continuous-integration/drone/push Build is passing
2021-03-07 16:04:45 +00:00
Bruno BELANYI
1810d44587
services: transmission: ensure correct permissions
2021-03-07 16:01:48 +00:00
Bruno BELANYI
cbc94aae50
services: transmission: remove umask configuration
2021-03-07 15:58:01 +00:00
Bruno BELANYI
2914aedc9b
services: miniflux: fix documentation error
continuous-integration/drone/push Build is passing
2021-03-03 17:02:49 +00:00
Bruno BELANYI
0e86a8c2f1
services: gitea: do not interpolate lone variable
2021-03-03 17:02:49 +00:00
Bruno BELANYI
d23423b92c
services: s/= "${domain}"/= domain
2021-03-03 17:02:49 +00:00
Bruno BELANYI
aa558745f9
services: jellyfin: proxy websockets
2021-03-03 17:02:49 +00:00
Bruno BELANYI
5e8aac2a5e
services: drone: start after DB
2021-03-03 17:02:48 +00:00
Bruno BELANYI
0114e7b668
services: calibre-web: backup library
2021-03-03 17:02:48 +00:00
Bruno BELANYI
798f75db12
services: add Calibre-web
2021-03-03 17:02:48 +00:00
Bruno BELANYI
51491b99a9
services: media: refactor logic
...
This makes it more DRY.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
b3aa8d94cb
services: gitea: change default port
...
3000 interferes with the Drone runners, which leads to a race condition
at startup regarding who gets the port.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
53b0e0a1c8
services: wireguard: do not hard-code 'eth0'
...
Instead make use of the newly introduce `networking.externalInterface`
option.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
ecded82986
services: wireguard: use 'wg-quick'
...
Turns out the `wireguard` service isn't meant to be used for VPN-like
workflows (see [1]). and I'll probably have less trouble by using
`wg-quick` instead.
Nice bonus is that instead of having awfully named services running for
each peer, I only need the one service for `wg-quick` itself.
[1]: https://github.com/NixOS/nixpkgs/issues/51258
2021-02-25 15:29:06 +00:00
Bruno BELANYI
c912c03668
services: add Wireguard
...
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
8b069ab820
services: pirate: add Lidarr
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7e5f661914
services: drone: mount 'resolv'-related files
...
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI
0482833ee8
services: drone: do not bind '/var/lib/drone'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7cb208e1ea
services: quassel: trust its pgsql connection
2021-02-25 15:29:06 +00:00
Bruno BELANYI
a8f9dd9a02
services: quassel: create storage DB
2021-02-25 15:29:06 +00:00
Bruno BELANYI
2199c1b10c
services: add Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
f5d0118fab
services: transmission: add permissive umask
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c49cb11109
services: matrix: explicitly disable registration
2021-02-25 15:29:05 +00:00
Bruno BELANYI
b8f4bc5b68
services: drone: enable Jsonnet & Starlark
2021-02-25 15:29:05 +00:00
Bruno BELANYI
03f7cc8551
services: drone: add 'docker' runner
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8b3dac169e
services: add drone CI
...
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.
A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9177ea0946
services: gitea: do not use wizard
...
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8bb2e096f6
services: blog: make main site default host
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c8e9dd8535
services: add blog
2021-02-25 15:29:04 +00:00
Bruno BELANYI
5fc1b7ae74
services: gitea: add state to backup
...
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.
This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00