Commit graph

76 commits

Author SHA1 Message Date
Bruno BELANYI 196f9a3e34 services: wireguard: fix server routing
I had made a mistake, hard-coding the server as being `1` for its client
number, instead of using the one configured from its peer configuration.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 26eac86de0 services: wireguard: clean up logic
This module has a complicated logic, and I found the code quite ugly.
making use of `mkMerge` makes it easier to read and think through.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 84b61b25b3 services: wireguard: allow disabling service
Only the server *needs* to have wireguard up at all times. However a
laptop or desktop probably doesn't need it up at all times.
2021-04-25 12:39:17 +00:00
Bruno BELANYI f79fcd020b services: wireguard: set up DNS server on clients
This makes use of my newly written adblocking DNS service, it does
assume that the server would have both wireguard and DNS enabled.

I would also like to move to using my ip-related library functions,
however it does not support IPv6 and is unlikely to be easily added...
But I am not sure that I *need* IPv6 support for my use-case.

Finally, I find this module a bit too heavy, it could be improved by
having specific 'server' and 'client' roles, instead of implicit roles
depending on whether an external IP exists.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 3696471201 services: adblock: restrict to wireguard interface 2021-04-25 12:39:17 +00:00
Bruno BELANYI 5b0d12ad40 services: add adblock
This is a self-hosted DNS server with hosts-based adblocking.

I should probably have it update the hosts file more often than I will
probably end up doing myself with a package... We'll see if it ends up
being necessary.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 67faf8fa43 services: lohr: update log environment variable 2021-04-25 12:39:17 +00:00
Bruno BELANYI e6d46b3c59 pkgs: extract lohr from 'services/lohr' 2021-04-25 12:39:17 +00:00
Bruno BELANYI b06f265291 pkgs: extract podgrab from 'services/podgrab' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 15f0f95538 services: lohr: update to 'v0.4.0' 2021-04-25 12:39:17 +00:00
Bruno BELANYI ee1b31954a services: calibre-web: use upstream service
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2021-04-15 16:24:41 +00:00
Bruno BELANYI 558c09cfdf services: add podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI 3402146298 services: add lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI cf76586585 services: drone: fix docker socket dependency
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-31 17:56:36 +00:00
Bruno BELANYI 7e70b57132 services: transmission: remove trailing slash
Otherwise it messes with the UI: Another '/' is inserted
2021-03-31 17:56:36 +00:00
Bruno BELANYI 61fcfec4cb services: drone: use runners from nixpkgs 2021-03-31 17:56:36 +00:00
Bruno BELANYI 7fc3a74329 services: use explicit loopback address w/ vhosts
Otherwise it can result in failure to proxy requests sometimes...
2021-03-31 17:56:36 +00:00
Bruno BELANYI 29f3367668 services: nextcloud: bump package version
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2021-03-20 00:25:35 +00:00
Bruno BELANYI f0c3e71b22 services: drone: fix postgresql service dependency
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-11 20:58:44 +00:00
Bruno BELANYI e09da8505e services: move 'media' to 'modules' instead
Its not actually a service, but more of a configuration needed by some
services. Therefore it belongs in modules.
2021-03-07 18:39:42 +00:00
Bruno BELANYI aa0a3bf6c9 services: transmission: more configurable settings
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-07 16:04:45 +00:00
Bruno BELANYI 1810d44587 services: transmission: ensure correct permissions 2021-03-07 16:01:48 +00:00
Bruno BELANYI cbc94aae50 services: transmission: remove umask configuration 2021-03-07 15:58:01 +00:00
Bruno BELANYI 2914aedc9b services: miniflux: fix documentation error
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-03 17:02:49 +00:00
Bruno BELANYI 0e86a8c2f1 services: gitea: do not interpolate lone variable 2021-03-03 17:02:49 +00:00
Bruno BELANYI d23423b92c services: s/= "${domain}"/= domain 2021-03-03 17:02:49 +00:00
Bruno BELANYI aa558745f9 services: jellyfin: proxy websockets 2021-03-03 17:02:49 +00:00
Bruno BELANYI 5e8aac2a5e services: drone: start after DB 2021-03-03 17:02:48 +00:00
Bruno BELANYI 0114e7b668 services: calibre-web: backup library 2021-03-03 17:02:48 +00:00
Bruno BELANYI 798f75db12 services: add Calibre-web 2021-03-03 17:02:48 +00:00
Bruno BELANYI 51491b99a9 services: media: refactor logic
This makes it more DRY.
2021-02-25 15:29:07 +00:00
Bruno BELANYI b3aa8d94cb services: gitea: change default port
3000 interferes with the Drone runners, which leads to a race condition
at startup regarding who gets the port.
2021-02-25 15:29:07 +00:00
Bruno BELANYI 53b0e0a1c8 services: wireguard: do not hard-code 'eth0'
Instead make use of the newly introduce `networking.externalInterface`
option.
2021-02-25 15:29:07 +00:00
Bruno BELANYI ecded82986 services: wireguard: use 'wg-quick'
Turns out the `wireguard` service isn't meant to be used for VPN-like
workflows (see [1]). and I'll probably have less trouble by using
`wg-quick` instead.

Nice bonus is that instead of having awfully named services running for
each peer, I only need the one service for `wg-quick` itself.

[1]: https://github.com/NixOS/nixpkgs/issues/51258
2021-02-25 15:29:06 +00:00
Bruno BELANYI c912c03668 services: add Wireguard
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI 8b069ab820 services: pirate: add Lidarr 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7e5f661914 services: drone: mount 'resolv'-related files
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI 0482833ee8 services: drone: do not bind '/var/lib/drone' 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7cb208e1ea services: quassel: trust its pgsql connection 2021-02-25 15:29:06 +00:00
Bruno BELANYI a8f9dd9a02 services: quassel: create storage DB 2021-02-25 15:29:06 +00:00
Bruno BELANYI 2199c1b10c services: add Miniflux 2021-02-25 15:29:06 +00:00
Bruno BELANYI f5d0118fab services: transmission: add permissive umask 2021-02-25 15:29:05 +00:00
Bruno BELANYI c49cb11109 services: matrix: explicitly disable registration 2021-02-25 15:29:05 +00:00
Bruno BELANYI b8f4bc5b68 services: drone: enable Jsonnet & Starlark 2021-02-25 15:29:05 +00:00
Bruno BELANYI 03f7cc8551 services: drone: add 'docker' runner 2021-02-25 15:29:05 +00:00
Bruno BELANYI 8b3dac169e services: add drone CI
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.

A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 9177ea0946 services: gitea: do not use wizard
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 8bb2e096f6 services: blog: make main site default host 2021-02-25 15:29:05 +00:00
Bruno BELANYI c8e9dd8535 services: add blog 2021-02-25 15:29:04 +00:00
Bruno BELANYI 5fc1b7ae74 services: gitea: add state to backup
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.

This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00