Commit graph

175 commits

Author SHA1 Message Date
Bruno BELANYI e2638728e3 modules: services: pirate: sort 'ports' values 2021-11-05 17:03:52 +01:00
Bruno BELANYI 62e62c70e1 modules: services: lohr: declarative ssh key 2021-11-05 16:59:11 +01:00
Bruno BELANYI b5b8f83e71 modules: secrets: lohr: add 'ssh-key' 2021-11-05 15:31:59 +01:00
Bruno BELANYI 5fdc390411 modules: services: nginx: remove unused argument 2021-11-05 14:58:58 +01:00
Bruno BELANYI 67ea6d9f95 modules: services: drone: remove unused arguments 2021-11-05 14:58:58 +01:00
Bruno BELANYI 450ab4b07b modules: services: backup: remove deprecated name 2021-11-03 17:16:40 +01:00
Bruno BELANYI 9b184f94ac modules: home: forward inputs to home-manager
This will be useful if and when I end up adding inputs with home-manager
modules defined.
2021-10-22 13:06:53 +02:00
Bruno BELANYI 7ca32d8b05 modules: services: indexers: add prowlarr 2021-10-18 19:48:50 +02:00
Bruno BELANYI af5103803b modules: services: indexers: refactor
This is cleaner and more correct.
2021-10-18 19:48:50 +02:00
Bruno BELANYI f5e26526da modules: services: indexers: fix typo 2021-10-18 19:48:50 +02:00
Bruno BELANYI 69d7fd5d7c modules: system: nix: change nix build niceness
19 is the lowest priority.
2021-10-18 18:49:03 +02:00
Bruno BELANYI dd48089a82 modules: services: nginx: use 'mkMailAccount' 2021-10-13 15:36:28 +02:00
Bruno BELANYI 2cd56e133f modules: services: wireguard: add 'milady' 2021-10-10 17:16:29 +02:00
Bruno BELANYI d43831cbf1 modules: secrets: wireguard: add 'milady' 2021-10-10 17:16:29 +02:00
Bruno BELANYI 55541abd17 modules: secrets: fix permission for grafana 2021-09-26 23:09:33 +02:00
Bruno BELANYI b9786398a7 modules: secrets: fix permission of 'matrix/mail' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 5fd82472bf modules: secrets: add 'owner' logic 2021-09-26 23:09:33 +02:00
Bruno BELANYI 8968e30e62 modules: secrets: remove 'with lib;' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 0b580b61e7 secrets: move into 'modules' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 414c27ee63 modules: services: nginx: sso: use runtime secrets 2021-09-26 23:09:33 +02:00
Bruno BELANYI c7766afe90 modules: services: nginx: allow sso secret files
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
2021-09-26 23:09:32 +02:00
Bruno BELANYI b46b918295 modules: services: drone: split into files
This is cleaner to read.
2021-09-26 23:09:32 +02:00
Bruno BELANYI ac90c5b11a modules: services: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 836b54b8eb modules: hardware: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 7bec7ae0f9 modules: system: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI d5b09c48ef modules: programs: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI c88fa91671 modules: home: put into folder 2021-09-26 23:09:32 +02:00
Bruno BELANYI 33d539ed4f modules: system: users: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 91abacd0f6 modules: services: wireguard: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 16d3cd9f81 modules: services: nginx: use 'credentialsFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 7d37701811 modules: services: matrix: use 'mailConfigFile'
In preparation of the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 4643690b43 modules: services: paperless: use 'secretKeyFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 5579baecfb modules: services: nextcloud: use 'credentialsfile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 9d8da4d2b2 modules: services: miniflux: use 'credentialsFiles'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI da63787874 modules: services: transmission: secrets w/ file
In preparation for the migration to using agenix.
2021-09-26 23:09:31 +02:00
Bruno BELANYI 313b0c23a9 modules: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI 8852699c9a modules: services: nginx: use 'recursiveMerge' 2021-09-23 22:11:25 +02:00
Bruno BELANYI c13e57f584 modules: system: users: use 'initialHashedPassword'
This is the better option to use in case I want to have a stateless
system.
2021-09-23 21:30:24 +02:00
Bruno BELANYI 2f9d3417d4 modules: system: users: use 'ambroisie' password
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00
Bruno BELANYI 27040532bd modules: programs: steam: respect XDG conventions
Steam wants to pollute HOME with `.steam*` files and folders, which are
useless and annoying.

We want to make sure the wrappers are preferred when installing, so use
`lib.hiPrio` to ensure they get chosen.
2021-09-15 19:23:24 +02:00
Bruno BELANYI 24b540d948 modules: programs: add steam 2021-09-15 19:23:24 +02:00
Bruno BELANYI 91489d5b71 modules: add 'programs' directory 2021-09-15 16:48:10 +02:00
Bruno BELANYI 4ccf549e58 modules: system: remove 'media'
It was not the idiomatic way to do this.
2021-09-15 16:10:06 +02:00
Bruno BELANYI bf6af94bec modules: services: paperless: proxy websockets 2021-08-31 13:52:11 +02:00
Bruno BELANYI 23484989a6 modules: services: paperless: add admin password
This is a fallback in case SSO stops working...
2021-08-31 13:52:11 +02:00
Bruno BELANYI da4595cd39 modules: services: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 8319f0ea5c modules: services: nginx: nginx-sso verbose logs
For some reason it still doesn't appear in the systemd log...
2021-08-30 17:38:25 +02:00
Bruno BELANYI fd898df590 modules: services: nginx: add SSO 2021-08-30 17:36:39 +02:00
Bruno BELANYI 52079bf1e7 modules: services: nginx: enable explicitly 2021-08-30 17:36:39 +02:00
Bruno BELANYI 77cf3430ae modules: services: use new nginx wrapper
And when not possible, document why.

Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
2021-08-26 15:54:13 +02:00
Bruno BELANYI a8514dcdf1 modules: services: nginx: overhaul modularity
This should be all that's needed for almost all my services.
2021-08-26 15:54:13 +02:00
Bruno BELANYI 087794433e modules: services: nextcloud: exclude previews 2021-08-19 14:27:40 +02:00
Bruno BELANYI 98c2f16eb2 modules: services: backup: make it verbose 2021-08-19 14:27:40 +02:00
Bruno BELANYI c228916072 modules: services: add navidrome 2021-08-19 12:23:06 +02:00
Bruno BELANYI 7d09677792 modules: services: backup: fix exclude files
I was using the wrong option... Somehow it didn't error out.
2021-08-09 20:08:43 +02:00
Bruno BELANYI 6c3662dbb3 modules: services: tlp: add power scaling 2021-07-31 16:56:20 +02:00
Bruno BELANYI 19c5cd0e13 modules: services: nextcloud: upgrade version 2021-07-29 13:42:28 +02:00
Bruno BELANYI 522d1f49df flake: bump inputs
And update package names for grafana dashboards to avoid breaking the
config.
2021-07-29 13:42:28 +02:00
Bruno BELANYI 3459067cd4 modules: services: postgres: upgrade version 2021-07-29 13:03:10 +02:00
Bruno BELANYI 5d21cecee7 modules: services: postgres: add migration script
The process to upgrade is:

* Make sure the version number of the script is one major version over
  the service version.

* Activate the script, rebuild configuration.

* Run `upgrade-pg-cluster` as `root`. One can give arguments like
  `--link` or `--jobs 4` to speedup the process. See documentation for
  some details.

* Change package to new version once the upgrade is finished, rebuild
  configuration.

* Optionally, `ANALYZE` the new database.
2021-07-29 13:02:49 +02:00
Bruno BELANYI 99c33cd7ad modules: services: add postgresql
Enable the service itself in other modules when needed, but pin the
package in a single place.
2021-07-29 12:43:28 +02:00
Bruno BELANYI eba977b582 modules: services: monitoring: add scrape interval 2021-07-15 18:54:07 +02:00
Bruno BELANYI 24028669f4 modules: services: add monitoring dashboard 2021-07-13 19:17:33 +02:00
Bruno BELANYI c910b643da modules: services: add monitoring
This includes a dashboard to monitor system ressources, using
Prometheus.
2021-07-13 19:17:33 +02:00
Bruno BELANYI 5fcc96ab77 modules: services: matrix: SSL only for server
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

```nginx
server {
        server_name matrix.belanyi.fr ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
```
2021-07-13 17:43:31 +02:00
Bruno BELANYI 4b6f6423db modules: hardware: sound: refactor options
Do not enable ALSA when using pipewire. Ensure that both pulseaudio and
pipewire are not configured at the same time.
2021-06-27 01:59:07 +02:00
Bruno BELANYI 85ff634331 modules: move home configuration from flake 2021-06-25 20:46:36 +02:00
Bruno BELANYI 76cac9af51 modules: change username configuration option
It makes more sense to have a `my.user` option.
2021-06-25 20:45:36 +02:00
Bruno BELANYI 9bb09ee8f4 modules: services: indexers: limit Jackett memory 2021-06-15 21:25:56 +02:00
Bruno BELANYI e4d3d8a949 modules: system: add boot
And enable mounting `/tmp` as tmpfs by default.
2021-06-14 16:41:28 +02:00
Bruno BELANYI 902539ea6d modules: system: documentation: include POSIX man 2021-06-12 13:23:09 +02:00
Bruno BELANYI 23e5ddd7f3 modules: services: matrix: add mail configuration 2021-06-09 19:14:09 +02:00
Bruno BELANYI 4c4c8ea4e5 modules: services: matrix: enable spaces 2021-06-09 18:33:54 +02:00
Bruno BELANYI ce8138eb07 modules: services: matrix: add SMS verification 2021-06-09 18:32:59 +02:00
Bruno BELANYI a5d63dcf65 modules: hardware: add mx-ergo
This adds the ability to scroll using the ball, which is way better.
2021-06-07 17:56:46 +02:00
Bruno BELANYI 9d96899065 modules: home: use 'username' config value 2021-05-30 01:31:05 +02:00
Bruno BELANYI 22a01eeadf modules: system: users: make it configurable
Notably, make use of my global 'username' option.
2021-05-30 00:46:09 +02:00
Bruno BELANYI 558f9b3919 modules: add option to specify username
Given that I use it in plenty of places, it makes sense to place it
there for reference in other modules.
2021-05-30 00:46:09 +02:00
Bruno BELANYI c23d89dcb2 modules: system: packages: make it configurable 2021-05-30 00:46:09 +02:00
Bruno BELANYI 7916a26a58 modules: system: nix: make it configurable 2021-05-30 00:46:09 +02:00
Bruno BELANYI 565d40fefb modules: system: language: make it configurable 2021-05-30 00:46:09 +02:00
Bruno BELANYI a3eaa6d97e modules: system: move 'packages' 2021-05-29 16:58:44 +02:00
Bruno BELANYI 130e04a152 modules: system: move 'nix' 2021-05-29 16:58:44 +02:00
Bruno BELANYI 43ef533ae1 modules: system: move 'documentation' 2021-05-29 16:58:44 +02:00
Bruno BELANYI 377c97ea9f modules: system: move 'language' 2021-05-29 16:58:44 +02:00
Bruno BELANYI 7f285ab9cf modules: system: move 'users' 2021-05-29 16:58:44 +02:00
Bruno BELANYI 50a5347802 modules: system: move 'media' 2021-05-29 16:56:15 +02:00
Bruno BELANYI 3ff50b1c22 modules: add 'system' directory 2021-05-29 16:56:15 +02:00
Bruno BELANYI 9b568beb9a modules: move 'services' into subfolder 2021-05-29 16:56:15 +02:00
Bruno BELANYI 274b909971 modules: hardware: move 'upower' 2021-05-29 16:56:15 +02:00
Bruno BELANYI dd19b9dd92 modules: hardware: move 'sound' 2021-05-29 16:56:15 +02:00
Bruno BELANYI 5f0c1f6a79 modules: hardware: move 'networking' 2021-05-29 16:56:15 +02:00
Bruno BELANYI abbe1bb203 modules: hardware: move 'ergodox' 2021-05-29 16:56:15 +02:00
Bruno BELANYI ec1bc63de7 modules: hardware: move 'bluetooth' 2021-05-29 16:56:15 +02:00
Bruno BELANYI 66cd746e53 modules: add 'hardware' directory 2021-05-29 16:56:15 +02:00
Bruno BELANYI 36344fe924 modules: ergodox: remove useless group clause
The `zsa` module already add the group itself.
2021-05-29 16:15:20 +02:00
Bruno BELANYI da6c160baf modules: bluetooth: add pipewire codecs 2021-05-25 23:13:35 +02:00
Bruno BELANYI 10434bdbfc modules: sound: add pipewire configuration 2021-05-25 18:19:52 +02:00
Bruno BELANYI 20513ab3a2 modules: add sound
I will probably want to share this configuration between multiple
machines in the future.
2021-05-25 18:19:52 +02:00
Bruno BELANYI 1647ab4ac7 modules: nix: expose pinned nixpkgs as 'pkgs'
That way if I do want to use that latest version, I can still use
`nixpkgs#<whatever>`.
2021-05-22 23:49:57 +02:00