Commit graph

47 commits

Author SHA1 Message Date
Bruno BELANYI 798f75db12 services: add Calibre-web 2021-03-03 17:02:48 +00:00
Bruno BELANYI 51491b99a9 services: media: refactor logic
This makes it more DRY.
2021-02-25 15:29:07 +00:00
Bruno BELANYI b3aa8d94cb services: gitea: change default port
3000 interferes with the Drone runners, which leads to a race condition
at startup regarding who gets the port.
2021-02-25 15:29:07 +00:00
Bruno BELANYI 53b0e0a1c8 services: wireguard: do not hard-code 'eth0'
Instead make use of the newly introduce `networking.externalInterface`
option.
2021-02-25 15:29:07 +00:00
Bruno BELANYI ecded82986 services: wireguard: use 'wg-quick'
Turns out the `wireguard` service isn't meant to be used for VPN-like
workflows (see [1]). and I'll probably have less trouble by using
`wg-quick` instead.

Nice bonus is that instead of having awfully named services running for
each peer, I only need the one service for `wg-quick` itself.

[1]: https://github.com/NixOS/nixpkgs/issues/51258
2021-02-25 15:29:06 +00:00
Bruno BELANYI c912c03668 services: add Wireguard
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI 8b069ab820 services: pirate: add Lidarr 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7e5f661914 services: drone: mount 'resolv'-related files
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI 0482833ee8 services: drone: do not bind '/var/lib/drone' 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7cb208e1ea services: quassel: trust its pgsql connection 2021-02-25 15:29:06 +00:00
Bruno BELANYI a8f9dd9a02 services: quassel: create storage DB 2021-02-25 15:29:06 +00:00
Bruno BELANYI 2199c1b10c services: add Miniflux 2021-02-25 15:29:06 +00:00
Bruno BELANYI f5d0118fab services: transmission: add permissive umask 2021-02-25 15:29:05 +00:00
Bruno BELANYI c49cb11109 services: matrix: explicitly disable registration 2021-02-25 15:29:05 +00:00
Bruno BELANYI b8f4bc5b68 services: drone: enable Jsonnet & Starlark 2021-02-25 15:29:05 +00:00
Bruno BELANYI 03f7cc8551 services: drone: add 'docker' runner 2021-02-25 15:29:05 +00:00
Bruno BELANYI 8b3dac169e services: add drone CI
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.

A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 9177ea0946 services: gitea: do not use wizard
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 8bb2e096f6 services: blog: make main site default host 2021-02-25 15:29:05 +00:00
Bruno BELANYI c8e9dd8535 services: add blog 2021-02-25 15:29:04 +00:00
Bruno BELANYI 5fc1b7ae74 services: gitea: add state to backup
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.

This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00
Bruno BELANYI 2db7189f50 services: matrix: ensure 'dataDir' exists 2021-02-08 10:49:59 +00:00
Bruno BELANYI 8cdef69b3e services: nextcloud: ensure 'home' exists 2021-02-08 10:49:59 +00:00
Bruno BELANYI 471ecd87cc services: postgresql-backup: explicitly backup all 2021-02-08 10:49:59 +00:00
Bruno BELANYI a8a8b5fc22 services: nextcloud: add state to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 8fa9e1ce1a services: postgresql-backup: add current to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 7a3588e17f services: matrix: add state to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 61cd897d1f services: add backup
This is using `restic` and Backblaze B2 buckets
2021-02-08 10:49:59 +00:00
Bruno BELANYI 21747212dd porthos: services: extract ssh-server 2021-02-08 10:49:59 +00:00
Bruno BELANYI d1d33fd1d1 secrets: modularise
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.

This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI 47396fbab0 services: add Quassel
Unfortunately this service is stateful, you need to connect to it to set
up the first user.
2021-02-08 10:49:59 +00:00
Bruno BELANYI 41c777d2e2 services: add RSS-Bridge 2021-02-08 10:49:59 +00:00
Bruno BELANYI e29adcda03 services: add indexers
Includes both Jackett and NZBHydra2.
2021-02-08 10:49:59 +00:00
Bruno BELANYI bfba8c005c services: add postgres-backup 2021-02-08 10:49:58 +00:00
Bruno BELANYI 34ff469b6d services: add nextcloud
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
2021-02-08 10:49:58 +00:00
Bruno BELANYI adfc2eb832 services: matrix: remove postgreSQL backup
This really deserves to be its own service instead.
2021-02-08 10:49:58 +00:00
Bruno BELANYI 442c691933 matrix: proxy calls to '/_synapse/client' 2021-02-08 10:49:58 +00:00
Bruno BELANYI 6bfa421112 services: matrix: use shared registration secret 2021-02-08 10:49:58 +00:00
Bruno BELANYI 6b1de02ea3 services: matrix: configure DB on launch 2021-02-08 10:49:58 +00:00
Bruno BELANYI 303da60e0b services: gitea: clean up configuration
I want the ssh addresses to use 'git' as a user, so the service must be
set up with this user as well.

I also want the port to be configurable in case I need to change it.
2021-02-08 10:49:58 +00:00
Bruno BELANYI 6038d0df60 services: add sabnzbd
Its configuration isn't declarative :-(.

Notably, the port needs to be changed from '8080' to '9090' in its
configuration file (at '/var/lib/sabnzbd/').
2021-02-03 20:38:54 +01:00
Bruno BELANYI 27d089afaa services: add transmission
This service makes use of the default webui. I really like combustion
more, but am willing to use that one instead given the few amount of
time I actually spend looking at it
2021-02-03 20:38:54 +01:00
Bruno BELANYI 680d82bc3b services: add pirate
The whole suite of *-arr media managers.
2021-02-03 20:38:54 +01:00
Bruno BELANYI 9446651944 services: add jellyfin
This makes use of the 'media' group, to allow using the same group for
any software that would either read or write to my media collection.
2021-02-03 20:38:54 +01:00
Bruno BELANYI b4b62b5bc6 services: add gitea 2021-02-03 20:38:54 +01:00
Bruno BELANYI 5d41f6206d services: add matrix 2021-02-03 12:12:41 +01:00
Bruno BELANYI 32444fe8ae services: add nginx and acme auto-configuration
This ensures that the recommened settings are turned on when using Nginx
in any service. It also provides for a SSL certificate using Let's
Encrypt.
2021-02-03 11:55:33 +01:00