Bruno BELANYI
e9d96138d5
nixos: services: nginx: add 'websocketsLocations'
...
This accounts for the overwhelming majority of my usage of
`extraConfig`.
2024-11-19 16:03:38 +00:00
Bruno BELANYI
138d4d2bd9
nixos: services: nextcloud: add collabora
...
This needs to be configured through the "Nextcloud Office" app,
specifically the WOPI setting is important for security (I put both the
external IP, as well as `::1` and `127.0.0.1`).
2024-11-19 15:58:48 +01:00
Bruno BELANYI
ab8a5daefe
hosts: porthos: secrets: acme: use OVH API
...
ci/woodpecker/push/check Pipeline was successful
I switched registrar, as OVH was ~4x cheaper.
This needs a small change to the module to both refer to OVH instead of
Gandi in the documentation, and make use of the correct API.
I also needed to disable the propagation check, as it looks like OVH is
slower than Gandi, and leads to spurious errors...
2024-11-14 22:19:35 +01:00
Bruno BELANYI
07552f3070
nixos: system: nix: configure GC
2024-10-30 10:33:50 +00:00
Bruno BELANYI
6d2ac0c473
modules: services: matrix: remove sliding sync
...
The functionality has been folded into `synapse` itself, and the module
has been removed from the unstable branch.
This reverts commit b4c2cc581b
.
2024-10-28 10:47:49 +00:00
Bruno BELANYI
a09cef76c5
nixos: services: nextcloud: bump to 30
ci/woodpecker/push/check Pipeline was successful
2024-10-17 15:26:17 +02:00
Bruno BELANYI
09f763bc16
nixos: services: add komga
ci/woodpecker/push/check Pipeline was successful
2024-09-30 22:10:38 +02:00
Bruno BELANYI
898523d079
treewide: fix typos
2024-09-27 13:49:29 +00:00
Bruno BELANYI
cbba752b54
nixos: services: nginx: remove 'literalExample'
...
Those examples do not use functions or any other "difficult to render"
expression.
2024-09-27 13:44:40 +00:00
Bruno BELANYI
3aab65d9ea
nixos: services: tandoor-recipes: add fail2ban note
ci/woodpecker/push/check Pipeline was successful
2024-09-24 13:13:15 +00:00
Bruno BELANYI
b6279108e0
nixos: services: vikunja: add fail2ban note
ci/woodpecker/push/check Pipeline was successful
2024-09-24 10:44:42 +00:00
Bruno BELANYI
0f3c5d1d63
nixos: services: transmission: add fail2ban note
2024-09-24 10:44:42 +00:00
Bruno BELANYI
1f40ac4a9f
nixos: services: grocy: add fail2ban note
2024-09-24 10:44:42 +00:00
Bruno BELANYI
2b64a00dc9
nixos: services: flood: add fail2ban note
2024-09-24 10:44:42 +00:00
Bruno BELANYI
1aa3385e13
nixos: services: navidrome: add fail2ban jail
ci/woodpecker/push/check Pipeline was successful
2024-09-22 02:12:48 +02:00
Bruno BELANYI
a059828a58
nixos: services: miniflux: add fail2ban jail
ci/woodpecker/push/check Pipeline was successful
2024-09-22 01:59:04 +02:00
Bruno BELANYI
96e1a54638
nixos: services: nextcloud: add fail2ban jail
2024-09-22 01:59:04 +02:00
Bruno BELANYI
f24cf2e16d
nixos: services: audiobookshelf: add fail2ban jail
2024-09-22 01:37:34 +02:00
Bruno BELANYI
cedac6bbf4
nixos: services: mealie: add fail2ban jail
2024-09-22 01:37:34 +02:00
Bruno BELANYI
c1eab0edee
nixos: services: jellyfin: add fail2ban jail
...
ci/woodpecker/push/check Pipeline was successful
The upstream documentation adds quotes around the IP, but I don't see
them in my logs. Let's split the difference by making them optional.
2024-09-20 14:39:53 +00:00
Bruno BELANYI
a713913eef
nixos: services: add pdf-edit
2024-09-05 18:10:00 +02:00
Bruno BELANYI
0d2b9c9699
nixos: services: rename 'servarr'
ci/woodpecker/push/check Pipeline was successful
2024-09-05 10:39:01 +00:00
Bruno BELANYI
52197a4f96
nixos: services: pirate: add readarr
2024-09-05 10:36:31 +00:00
Bruno BELANYI
fb4047b2b3
nixos: services: nginx: sso: align with upstream
...
This aligns with the PR I opened on nixpkgs [1].
[1]: https://github.com/NixOS/nixpkgs/pull/325838
2024-09-05 10:36:31 +00:00
Bruno BELANYI
445cb43cb4
nixos: services: nix-cache: fix deprecated config
ci/woodpecker/push/check Pipeline was successful
2024-09-04 10:35:10 +00:00
Bruno BELANYI
4de7886950
nixos: system: packages: fix deprecated config
2024-07-25 20:32:15 +01:00
Bruno BELANYI
b895265537
nixos: hardware: graphics: fix renamed option
ci/woodpecker/push/check Pipeline was successful
2024-06-28 18:10:59 +01:00
Bruno BELANYI
b73f6af5e0
nixos: services: flood: use upstream module
ci/woodpecker/push/check Pipeline was successful
2024-06-21 15:40:34 +00:00
Bruno BELANYI
9ab49e06f9
nixos: hardware: graphics: add 32bit Intel drivers
ci/woodpecker/push/check Pipeline was successful
2024-06-17 10:17:15 +00:00
Bruno BELANYI
7c61d6dffc
nixos: hardware: graphics: use AMDVLK options
2024-06-17 10:12:05 +00:00
Bruno BELANYI
6a9ac77b0c
nixos: hardware: bluetooth: remove pipewire conf
...
ci/woodpecker/push/check Pipeline was successful
Turns out the wireplumber configuration I was setting up is redundant
with the upstream default (which work better, becomes they use a quirks
database...).
It was also out-of-date due to the update to v0.5, which changed the
configuration format...
2024-06-14 21:19:07 +01:00
Bruno BELANYI
d37c767a2f
nixos: services: forgejo: fix deprecated config
ci/woodpecker/push/check Pipeline was successful
2024-06-12 21:29:19 +02:00
Bruno BELANYI
10a7111f1c
nixos: services: mealie: fix DB auth
...
Turns out the package update [1] was because someone couldn't make it
work on the previous version, and added a new setting to configure it
more easily :-).
[1]: https://github.com/NixOS/nixpkgs/pull/314294
2024-06-12 21:28:41 +02:00
Bruno BELANYI
f6c476a07f
nixos: services: postgres: add post-upgrade advice
ci/woodpecker/push/check Pipeline was successful
2024-05-07 11:40:11 +00:00
Bruno BELANYI
0745e450b9
nixos: services: postgres: remove unused container
2024-05-07 11:40:11 +00:00
Bruno BELANYI
48beb9f1fe
nixos: services: postgres: simplify update script
2024-05-07 11:21:28 +00:00
Bruno BELANYI
6162f4f4d5
modules: services: nextcloud: bump to 29
ci/woodpecker/push/check Pipeline was successful
2024-05-04 22:51:11 +02:00
Bruno BELANYI
8d2cf7f2c0
nixos: profiles: laptop: fix renamed option
2024-05-04 16:06:57 +02:00
Bruno BELANYI
2dedb41a47
nixos: services: add audiobookshelf
2024-04-22 21:00:00 +02:00
Bruno BELANYI
5df0574f41
nixos: services: podgrab: add 'dataDir'
2024-04-22 21:00:00 +02:00
Bruno BELANYI
c18054cad7
nixos: services: podgrab: use 'media' group
2024-04-22 20:59:09 +02:00
Bruno BELANYI
6efe2c12ba
nixos: services: woodpecker: exec: fix NodeJS
...
ci/woodpecker/push/check Pipeline was successful
I need it for Tree Sitter support...
2024-04-08 21:19:54 +02:00
Bruno BELANYI
6b51b4e2ab
nixos: services: rss-bridge: fix deprecated option
ci/woodpecker/push/check Pipeline was successful
2024-04-07 13:30:40 +02:00
Bruno BELANYI
8f120e2129
nixos: services: lohr: fix SSH key creation
...
ci/woodpecker/push/check Pipeline was successful
In the migration to `tmpfiles.d(5)`, I used the wrong type of file.
Using `f` would write the path to the file as its content, rather than
copy it. Unfortunately `C` and `C+` do not overwrite an existing file,
so using a symlink it the correct solution here.
This means the SSH key file must have `lohr` as an owner... Perhaps I
should make it so the service can read the file itself, rather than
rely on the filesystem location, so that I don't have to contort myself
quite so much to make it work.
2024-04-02 12:25:34 +02:00
Bruno BELANYI
607aa5351c
nixos: services: tandoor-recipes: fix bulk upload
ci/woodpecker/push/check Pipeline was successful
2024-03-22 22:03:53 +01:00
Bruno BELANYI
61fa35093c
nixos: services: mealie: fix bulk upload
2024-03-22 22:03:53 +01:00
Bruno BELANYI
b2dc051e6a
flake: bump inputs
...
And fix the breaking changes in Vikunja (which actually make my
configuration simpler).
2024-03-11 17:32:54 +01:00
Bruno BELANYI
6140e1c8f9
nixos: services: lohr: migrate to tmpfiles
...
This is better than a custom script.
2024-03-11 17:32:54 +01:00
Bruno BELANYI
5d3160fb0d
hosts: nixos: porthos: migrate to new host
...
OVH/Kimsufi are deprecating my current server by the end of the year. So
let's migrate to a new host.
This was more painful than initially planned, OVH introduced a change to
their rescue system which messes with the NixOS installation [1].
In the end I used a kexec image [2] to run the installation.
[1]: https://github.com/NixOS/nix/issues/7790
[2]: https://github.com/nix-community/nixos-images
2024-03-11 17:32:54 +01:00
Bruno BELANYI
0f33dbd5c2
hosts: nixos: porthos: switch to forgejo
...
This required a quick rename to migrate from one to the other.
2024-03-11 17:32:54 +01:00
Bruno BELANYI
f3207468f9
nixos: services: woodpecker: configurable forge
2024-03-11 17:32:54 +01:00
Bruno BELANYI
c1ffe09631
nixos: services: add forgejo
2024-03-11 17:32:54 +01:00
Bruno BELANYI
a4e742bf55
nixos: services: blog: fix catch-all redirection
...
Don't use a hard-coded address...
2024-03-11 16:03:53 +00:00
Bruno BELANYI
d423a03663
nixos: services: gitea: fix mail 'FROM' address
ci/woodpecker/push/check Pipeline was successful
2024-03-05 14:20:57 +00:00
Bruno BELANYI
40d1b39837
nixos: services: gitea: update mail configuration
ci/woodpecker/push/check Pipeline failed
2024-03-05 14:17:30 +00:00
Bruno BELANYI
ed15e62e1d
nixos: services: gitea: use 'git' group
ci/woodpecker/push/check Pipeline was successful
2024-03-05 12:53:32 +00:00
Bruno BELANYI
a3afafd9e0
nixos: services: add mealie
2024-03-05 12:43:22 +00:00
Bruno BELANYI
4d25609b26
nixos: system: nix: expand trusted users
2024-03-05 12:43:22 +00:00
Bruno BELANYI
b9b47fffd6
flake: bump inputs
...
ci/woodpecker/push/check Pipeline was successful
Fix the pyLoad user/group option that I added upstream [1].
Fix an evaluation error due to Pipewire changes [2].
[1]: https://github.com/NixOS/nixpkgs/pull/287304
[2]: https://github.com/NixOS/nixpkgs/pull/282377
2024-02-29 12:20:53 +00:00
Bruno BELANYI
c9969775da
nixos: services: backup: add essential files
ci/woodpecker/push/check Pipeline was successful
2024-02-12 14:21:17 +00:00
Bruno BELANYI
7948dc284b
nixos: hardware: rename 'trackball'
...
ci/woodpecker/push/check Pipeline was successful
Since I do intend on configuring every trackball I own to use this
scheme, not just the MX Ergo.
2024-02-06 15:08:19 +00:00
Bruno BELANYI
f54cee8f70
nixos: hardware: add graphics
...
I did not add an Nvidia knob to this module, as I do not foresee *ever*
using one of their graphics card.
2024-02-06 15:04:40 +00:00
Bruno BELANYI
03dac604e9
nixos: services: add pyload
2024-02-04 14:56:59 +01:00
Bruno BELANYI
cc029f7933
nixos: services: add aria
2024-01-30 15:51:48 +01:00
Bruno BELANYI
02412f2578
nixos: services: nextcloud: fix renamed option
2024-01-30 15:51:48 +01:00
Bruno BELANYI
e2ec4d3032
nixos: services: paperless: fix classifier hangs
...
This is an experimental fix to try and get around an issue with the
default BLAS/LAPACK implementation. See [1] for more details.
[1]: https://github.com/NixOS/nixpkgs/issues/240591
2024-01-30 15:51:48 +01:00
Bruno BELANYI
e2091e9e2e
nixos: services: nextcloud: use HTTPS
...
ci/woodpecker/push/check Pipeline was successful
This should fix my issue with the sliding sync server.
2024-01-26 23:36:05 +01:00
Bruno BELANYI
b33938e825
nixos: services: paperless: rename settings option
ci/woodpecker/push/check Pipeline was successful
2024-01-22 16:57:18 +00:00
Bruno BELANYI
629ec539c9
nixos: services: nextcloud: fix typo
2024-01-22 16:55:57 +00:00
Bruno BELANYI
136bd342ff
nixos: services: matrix: fix deprecated option
2024-01-22 16:55:57 +00:00
Bruno BELANYI
10a3055136
nixos: services: nextcloud: fix deprecated option
2024-01-05 19:19:00 +01:00
Bruno BELANYI
e4f8214cb2
modules: services: nextcloud: bump to 28
2024-01-05 19:19:00 +01:00
Bruno BELANYI
932717b754
nixos: services: jellyfin: loosen umask
...
ci/woodpecker/push/check Pipeline was successful
I just noticed that all the metadata files Jellyfin stores have very
restrictive ACLs.
The whole point of the `media` group is to make my HTPC eco-system work
together. In particular this should allow Sonarr and friends to delete
folders without manual intervention.
2023-12-26 15:17:05 +01:00
Bruno BELANYI
71ee178510
nixos: services: nginx: fix SSO subdomain
ci/woodpecker/push/check Pipeline was successful
2023-12-25 20:23:55 +01:00
Bruno BELANYI
6948424b81
nixos: services: remove redundant subdomains
...
See previous commit for the defaults.
2023-12-25 20:23:55 +01:00
Bruno BELANYI
b7a4bc063f
nixos: services: nginx: add default subdomain
...
In almost all cases, the subdomain should be the same as the attribute
name...
2023-12-25 20:23:55 +01:00
Bruno BELANYI
faa87743e5
nixos: services: nginx: use attrset for vhosts
...
Attribute sets compose better than lists, it was a mistake to use a list
in the first place...
2023-12-25 20:23:55 +01:00
Bruno BELANYI
373545ee38
nixos: system: printing: migrate deprecated option
...
It's recommended to only enable the IPv4 option, as most mDNS responders
only register IPv4 addresses (therefore enabling IPv6 would lead to long
timeouts when checking for those addresses first).
2023-12-14 14:26:18 +00:00
Bruno BELANYI
1faa8d9acf
nixos: services: wireguard: add 'simpleManagement'
...
ci/woodpecker/push/check Pipeline was successful
This makes it easier to manage the VPN services, as they don't require a
password prompt to be brought up/down.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
9ddd59eac8
nixos: system: add polkit
...
One nice thing is that it enables the prompts when using `systemctl`,
instead of requiring `sudo`.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
f23e6251ce
nixos: services: wireguard: add VPN conflicts
...
It's now easier to do the right thing when starting a VPN service,
whether the other one is running or not.
2023-12-14 11:23:28 +00:00
Bruno BELANYI
b48d81451d
nixos: services: migrate to 'ensureDBOwnership'
...
ci/woodpecker/push/check Pipeline was successful
`ensurePermissions` is deprecated, and doesn't work on PostgreSQL 15.
2023-11-21 00:22:44 +01:00
Bruno BELANYI
60d941b40b
flake: bump inputs
...
My tandoor-recipes fix was merged upstream, so remove the overlay.
And because of the recent postgres bump for 23.11, `ensureDBOwnership`
is the new way of dealing with DB permissions [1]. This means I had to
fix manually migrate my `gitea` DB and make it match the DB user.
[1]: https://github.com/NixOS/nixpkgs/pull/266270
2023-11-21 00:20:28 +01:00
Bruno BELANYI
570349e80f
nixos: profiles: move from top-level
...
ci/woodpecker/push/check Pipeline was successful
My profiles are actually just "special" NixOS modules in that they
orchestrate settings that usually span the NixOS/home-manager boundary,
or otherwise set up configurations from multiple modules at once.
2023-11-11 18:12:05 +00:00
Bruno BELANYI
65a8f7c481
home: create 'modules/home' folder
...
Consolidating all modules under the same path, to clear out the
top-level directory.
2023-11-11 18:12:05 +00:00
Bruno BELANYI
c856933803
nixos: create 'modules/nixos' folder
...
Let's consolidate all modules under one path, so that NixOS,
home-manager, and nix-darwin (if I ever end up using it down the line)
would go under the same folder.
2023-11-11 18:11:52 +00:00