Bruno BELANYI
340906d6b2
porthos: users: add 'ambroisie' to 'media'
...
This only done when the groups exists.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
866225393b
porthos: move files into 'machines' directory
...
But keep 'porthos.nix' at the root of the repository. I feel like it is
cleaner to keep device specific files at the root.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
f5d0118fab
services: transmission: add permissive umask
2021-02-25 15:29:05 +00:00
Bruno BELANYI
69519c45a6
ci: add Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c49cb11109
services: matrix: explicitly disable registration
2021-02-25 15:29:05 +00:00
Bruno BELANYI
b8f4bc5b68
services: drone: enable Jsonnet & Starlark
2021-02-25 15:29:05 +00:00
Bruno BELANYI
35486cd2e7
porthos: services: drone: switch to 'docker'
2021-02-25 15:29:05 +00:00
Bruno BELANYI
03f7cc8551
services: drone: add 'docker' runner
2021-02-25 15:29:05 +00:00
Bruno BELANYI
819521eef9
porthos: users: blog: do not change perimissions
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9a0720f934
porthos: services: enable Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8b3dac169e
services: add drone CI
...
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.
A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9177ea0946
services: gitea: do not use wizard
...
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8e90c4f864
porthos: networking: use production domain
...
I am done with my experimentation, I feel like I can fully commit to
using NixOS now :-)
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8bb2e096f6
services: blog: make main site default host
2021-02-25 15:29:05 +00:00
Bruno BELANYI
ed0381de32
porthos: add 'blog' user
2021-02-25 15:29:05 +00:00
Bruno BELANYI
926f4a144f
secrets: drone: add ssh keys
2021-02-25 15:29:05 +00:00
Bruno BELANYI
3233687568
porthos: services: enable blog hosting
2021-02-25 15:29:04 +00:00
Bruno BELANYI
c8e9dd8535
services: add blog
2021-02-25 15:29:04 +00:00
Bruno BELANYI
5fc1b7ae74
services: gitea: add state to backup
...
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.
This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00
Bruno BELANYI
2db7189f50
services: matrix: ensure 'dataDir' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
8cdef69b3e
services: nextcloud: ensure 'home' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
a0cdd38848
porthos: services: configure backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
471ecd87cc
services: postgresql-backup: explicitly backup all
2021-02-08 10:49:59 +00:00
Bruno BELANYI
a8a8b5fc22
services: nextcloud: add state to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
8fa9e1ce1a
services: postgresql-backup: add current to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
7a3588e17f
services: matrix: add state to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
61cd897d1f
services: add backup
...
This is using `restic` and Backblaze B2 buckets
2021-02-08 10:49:59 +00:00
Bruno BELANYI
4ceb0f7552
porthos: networking: clean-up style
2021-02-08 10:49:59 +00:00
Bruno BELANYI
5e06025d67
porthos: hardware: clean-up style
2021-02-08 10:49:59 +00:00
Bruno BELANYI
4f0a66c80e
porthos: boot: clean-up style
2021-02-08 10:49:59 +00:00
Bruno BELANYI
21747212dd
porthos: services: extract ssh-server
2021-02-08 10:49:59 +00:00
Bruno BELANYI
3b148ad684
porthos: split into modules
...
I have separated the modules into host-specific settings, and generic
settings that ought to be shared by every host.
I only have the 'porthos' host for now, but intend to also add my laptop
'aramis' at some point to this repository.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
d1d33fd1d1
secrets: modularise
...
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.
This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
0871f3e6b4
project: readme: add quassel to manual steps
2021-02-08 10:49:59 +00:00
Bruno BELANYI
47396fbab0
services: add Quassel
...
Unfortunately this service is stateful, you need to connect to it to set
up the first user.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
41c777d2e2
services: add RSS-Bridge
2021-02-08 10:49:59 +00:00
Bruno BELANYI
04dd1bc671
project: add simple README
2021-02-08 10:49:59 +00:00
Bruno BELANYI
e29adcda03
services: add indexers
...
Includes both Jackett and NZBHydra2.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
4d68a706a3
flake: add NUR overlay
2021-02-08 10:49:59 +00:00
Bruno BELANYI
49779cac21
flake: switch to unstable nixpkgs
2021-02-08 10:49:59 +00:00
Bruno BELANYI
34548c28ec
flake: init configuration
2021-02-08 10:49:59 +00:00
Bruno BELANYI
d79538e1ab
configuration: nix: enable nix flakes
2021-02-08 10:49:58 +00:00
Bruno BELANYI
bfba8c005c
services: add postgres-backup
2021-02-08 10:49:58 +00:00
Bruno BELANYI
f766d093e2
configuration: users: disallow mutable users
2021-02-08 10:49:58 +00:00
Bruno BELANYI
7ca077adf7
configuration: users: use hashedPassword
2021-02-08 10:49:58 +00:00
Bruno BELANYI
34ff469b6d
services: add nextcloud
...
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
2021-02-08 10:49:58 +00:00
Bruno BELANYI
adfc2eb832
services: matrix: remove postgreSQL backup
...
This really deserves to be its own service instead.
2021-02-08 10:49:58 +00:00
Bruno BELANYI
442c691933
matrix: proxy calls to '/_synapse/client'
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6bfa421112
services: matrix: use shared registration secret
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6b1de02ea3
services: matrix: configure DB on launch
2021-02-08 10:49:58 +00:00