ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
600 commits 9 branches 0 tags 4.5 MiB
Commit graph

41 commits

Author SHA1 Message Date
Bruno BELANYI e962d4c574 modules: services: nginx: sso: use runtime secrets 2021-09-26 23:09:33 +02:00
Bruno BELANYI 3bf3980e45 modules: services: nginx: allow sso secret files 
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI fb6e2afe89 modules: services: drone: split into files 
This is cleaner to read.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI 51067582e0 modules: services: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI b6af754199 modules: services: wireguard: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI ca5e5a53cd modules: services: nginx: use 'credentialsFile' 
In preparation for the migration to agenix.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI ba10af0644 modules: services: matrix: use 'mailConfigFile' 
In preparation of the migration to agenix.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI 0f2c20e51d modules: services: paperless: use 'secretKeyFile' 
In preparation for the migration to agenix.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI ca218730ff modules: services: nextcloud: use 'credentialsfile' 
In preparation for the migration to agenix.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI ac5fd7f472 modules: services: miniflux: use 'credentialsFiles' 
In preparation for the migration to agenix.
 2021-09-26 23:09:32 +02:00
Bruno BELANYI db37cea907 modules: services: transmission: secrets w/ file 
In preparation for the migration to using agenix.
 2021-09-26 23:09:31 +02:00
Bruno BELANYI 75312c747b modules: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI 2d26b36e31 modules: services: nginx: use 'recursiveMerge'
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-09-23 22:11:25 +02:00
Bruno BELANYI ed456c999d modules: system: remove 'media'
All checks were successful
continuous-integration/drone/push Build is passing
Details 
It was not the idiomatic way to do this.
 2021-09-15 16:10:06 +02:00
Bruno BELANYI 808058d576 modules: services: paperless: proxy websockets 2021-08-31 13:52:11 +02:00
Bruno BELANYI 52706ab4c4 modules: services: paperless: add admin password 
This is a fallback in case SSO stops working...
 2021-08-31 13:52:11 +02:00
Bruno BELANYI 87613a9163 modules: services: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 78064bb2a1 modules: services: nginx: nginx-sso verbose logs
All checks were successful
continuous-integration/drone/push Build is passing
Details 
For some reason it still doesn't appear in the systemd log...
 2021-08-30 17:38:25 +02:00
Bruno BELANYI 70af0ba99a modules: services: nginx: add SSO 2021-08-30 17:36:39 +02:00
Bruno BELANYI dc2a3610a6 modules: services: nginx: enable explicitly 2021-08-30 17:36:39 +02:00
Bruno BELANYI 7032ddef37 modules: services: use new nginx wrapper
All checks were successful
continuous-integration/drone/push Build is passing
Details 
And when not possible, document why.

Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
 2021-08-26 15:54:13 +02:00
Bruno BELANYI 81e12969eb modules: services: nginx: overhaul modularity 
This should be all that's needed for almost all my services.
 2021-08-26 15:54:13 +02:00
Bruno BELANYI 30fc01b5ae modules: services: nextcloud: exclude previews
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-08-19 14:27:40 +02:00
Bruno BELANYI 13684ecdc4 modules: services: backup: make it verbose 2021-08-19 14:27:40 +02:00
Bruno BELANYI ec6b31f4a6 modules: services: add navidrome 2021-08-19 12:23:06 +02:00
Bruno BELANYI 2cc1925346 modules: services: backup: fix exclude files
All checks were successful
continuous-integration/drone/push Build is passing
Details 
I was using the wrong option... Somehow it didn't error out.
 2021-08-09 20:08:43 +02:00
Bruno BELANYI 1783c2838b modules: services: tlp: add power scaling 2021-07-31 16:56:20 +02:00
Bruno BELANYI e215f7aa1d modules: services: nextcloud: upgrade version
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-29 13:42:28 +02:00
Bruno BELANYI afb683f1cf flake: bump inputs 
And update package names for grafana dashboards to avoid breaking the
config.
 2021-07-29 13:42:28 +02:00
Bruno BELANYI c320387746 modules: services: postgres: upgrade version 2021-07-29 13:03:10 +02:00
Bruno BELANYI bbb1231ad3 modules: services: postgres: add migration script 
The process to upgrade is:

* Make sure the version number of the script is one major version over
  the service version.

* Activate the script, rebuild configuration.

* Run `upgrade-pg-cluster` as `root`. One can give arguments like
  `--link` or `--jobs 4` to speedup the process. See documentation for
  some details.

* Change package to new version once the upgrade is finished, rebuild
  configuration.

* Optionally, `ANALYZE` the new database.
 2021-07-29 13:02:49 +02:00
Bruno BELANYI 9f00d8a38e modules: services: add postgresql 
Enable the service itself in other modules when needed, but pin the
package in a single place.
 2021-07-29 12:43:28 +02:00
Bruno BELANYI 820b52314f modules: services: monitoring: add scrape interval
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-15 18:54:07 +02:00
Bruno BELANYI e060476f32 modules: services: add monitoring dashboard 2021-07-13 19:17:33 +02:00
Bruno BELANYI 2458ddf59d modules: services: add monitoring 
This includes a dashboard to monitor system ressources, using
Prometheus.
 2021-07-13 19:17:33 +02:00
Bruno BELANYI 971b610cd5 modules: services: matrix: SSL only for server 
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

```nginx
server {
        server_name matrix.belanyi.fr ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
```
 2021-07-13 17:43:31 +02:00
Bruno BELANYI daa69a54fa modules: services: indexers: limit Jackett memory
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-15 21:25:56 +02:00
Bruno BELANYI ee21de5b94 modules: services: matrix: add mail configuration
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-09 19:14:09 +02:00
Bruno BELANYI 06c53620f8 modules: services: matrix: enable spaces 2021-06-09 18:33:54 +02:00
Bruno BELANYI d43045c6d6 modules: services: matrix: add SMS verification 2021-06-09 18:32:59 +02:00
Bruno BELANYI d2704b17fe modules: move 'services' into subfolder 2021-05-29 16:56:15 +02:00