Commit graph

1479 commits

Author SHA1 Message Date
Bruno BELANYI a4da864981 machines: porthos: enable Wireguard 2021-02-25 15:29:06 +00:00
Bruno BELANYI c912c03668 services: add Wireguard
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI 2523b764bd secrets: add wireguard peers 2021-02-25 15:29:06 +00:00
Bruno BELANYI 8b069ab820 services: pirate: add Lidarr 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7e5f661914 services: drone: mount 'resolv'-related files
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI 0482833ee8 services: drone: do not bind '/var/lib/drone' 2021-02-25 15:29:06 +00:00
Bruno BELANYI b972c0bef3 porthos: services: enable 'exec' Drone runner 2021-02-25 15:29:06 +00:00
Bruno BELANYI b0d3cb0e8e modules: move ssh keys into subdirectory 2021-02-25 15:29:06 +00:00
Bruno BELANYI 9992914ea6 project: readme: mention manual Jellyfin config 2021-02-25 15:29:06 +00:00
Bruno BELANYI 7cb208e1ea services: quassel: trust its pgsql connection 2021-02-25 15:29:06 +00:00
Bruno BELANYI a8f9dd9a02 services: quassel: create storage DB 2021-02-25 15:29:06 +00:00
Bruno BELANYI 91be5ad978 porthos: services: enable Miniflux 2021-02-25 15:29:06 +00:00
Bruno BELANYI 2199c1b10c services: add Miniflux 2021-02-25 15:29:06 +00:00
Bruno BELANYI 4423478019 secrets: do not encrypt 'default.nix' 2021-02-25 15:29:06 +00:00
Bruno BELANYI 0732b3a0bd modules: packages: make 'vim' default editor 2021-02-25 15:29:06 +00:00
Bruno BELANYI 340906d6b2 porthos: users: add 'ambroisie' to 'media'
This only done when the groups exists.
2021-02-25 15:29:06 +00:00
Bruno BELANYI 866225393b porthos: move files into 'machines' directory
But keep 'porthos.nix' at the root of the repository. I feel like it is
cleaner to keep device specific files at the root.
2021-02-25 15:29:06 +00:00
Bruno BELANYI f5d0118fab services: transmission: add permissive umask 2021-02-25 15:29:05 +00:00
Bruno BELANYI 69519c45a6 ci: add Drone CI 2021-02-25 15:29:05 +00:00
Bruno BELANYI c49cb11109 services: matrix: explicitly disable registration 2021-02-25 15:29:05 +00:00
Bruno BELANYI b8f4bc5b68 services: drone: enable Jsonnet & Starlark 2021-02-25 15:29:05 +00:00
Bruno BELANYI 35486cd2e7 porthos: services: drone: switch to 'docker' 2021-02-25 15:29:05 +00:00
Bruno BELANYI 03f7cc8551 services: drone: add 'docker' runner 2021-02-25 15:29:05 +00:00
Bruno BELANYI 819521eef9 porthos: users: blog: do not change perimissions 2021-02-25 15:29:05 +00:00
Bruno BELANYI 9a0720f934 porthos: services: enable Drone CI 2021-02-25 15:29:05 +00:00
Bruno BELANYI 8b3dac169e services: add drone CI
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.

A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 9177ea0946 services: gitea: do not use wizard
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI 8e90c4f864 porthos: networking: use production domain
I am done with my experimentation, I feel like I can fully commit to
using NixOS now :-)
2021-02-25 15:29:05 +00:00
Bruno BELANYI 8bb2e096f6 services: blog: make main site default host 2021-02-25 15:29:05 +00:00
Bruno BELANYI ed0381de32 porthos: add 'blog' user 2021-02-25 15:29:05 +00:00
Bruno BELANYI 926f4a144f secrets: drone: add ssh keys 2021-02-25 15:29:05 +00:00
Bruno BELANYI 3233687568 porthos: services: enable blog hosting 2021-02-25 15:29:04 +00:00
Bruno BELANYI c8e9dd8535 services: add blog 2021-02-25 15:29:04 +00:00
Bruno BELANYI 5fc1b7ae74 services: gitea: add state to backup
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.

This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00
Bruno BELANYI 2db7189f50 services: matrix: ensure 'dataDir' exists 2021-02-08 10:49:59 +00:00
Bruno BELANYI 8cdef69b3e services: nextcloud: ensure 'home' exists 2021-02-08 10:49:59 +00:00
Bruno BELANYI a0cdd38848 porthos: services: configure backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 471ecd87cc services: postgresql-backup: explicitly backup all 2021-02-08 10:49:59 +00:00
Bruno BELANYI a8a8b5fc22 services: nextcloud: add state to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 8fa9e1ce1a services: postgresql-backup: add current to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 7a3588e17f services: matrix: add state to backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI 61cd897d1f services: add backup
This is using `restic` and Backblaze B2 buckets
2021-02-08 10:49:59 +00:00
Bruno BELANYI 4ceb0f7552 porthos: networking: clean-up style 2021-02-08 10:49:59 +00:00
Bruno BELANYI 5e06025d67 porthos: hardware: clean-up style 2021-02-08 10:49:59 +00:00
Bruno BELANYI 4f0a66c80e porthos: boot: clean-up style 2021-02-08 10:49:59 +00:00
Bruno BELANYI 21747212dd porthos: services: extract ssh-server 2021-02-08 10:49:59 +00:00
Bruno BELANYI 3b148ad684 porthos: split into modules
I have separated the modules into host-specific settings, and generic
settings that ought to be shared by every host.

I only have the 'porthos' host for now, but intend to also add my laptop
'aramis' at some point to this repository.
2021-02-08 10:49:59 +00:00
Bruno BELANYI d1d33fd1d1 secrets: modularise
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.

This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI 0871f3e6b4 project: readme: add quassel to manual steps 2021-02-08 10:49:59 +00:00
Bruno BELANYI 47396fbab0 services: add Quassel
Unfortunately this service is stateful, you need to connect to it to set
up the first user.
2021-02-08 10:49:59 +00:00