Commit graph

312 commits

Author SHA1 Message Date
Bruno BELANYI 574634b64e modules: services: blog: use 302 redirection
All checks were successful
ci/woodpecker/push/check Pipeline was successful
That way the browser doesn't cache it, in case I do end up using that
domain after all.
2023-05-07 15:20:14 +01:00
Bruno BELANYI a1dd0bb792 modules: services: matrix: remove 'with lib'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-05-04 12:19:31 +00:00
Bruno BELANYI c19baeb19d modules: system: podman: remove unused 'options' 2023-05-04 09:27:19 +00:00
Bruno BELANYI 62d9359eb7 modules: services: matrix: clean-up formatting 2023-05-04 09:27:19 +00:00
Bruno BELANYI 2f3989bba1 modules: services: wireguard: simplify 2023-05-03 15:15:31 +00:00
Bruno BELANYI 49b2cb9781 modules: secrets: remove unused 'options' 2023-05-03 15:15:31 +00:00
Bruno BELANYI fadb8e96fc modules: system: nix: add 'cache.selfHosted' 2023-05-03 15:02:44 +00:00
Bruno BELANYI 20d19ed128 modules: system: nix: rename 'inputs' options 2023-05-03 15:02:44 +00:00
Bruno BELANYI 455a4e5431 modules: services: add nix-serve 2023-05-03 15:02:44 +00:00
Bruno BELANYI d9e115a876 modules: services: woodpecker: adapt gitea URL 2023-05-03 15:02:44 +00:00
Bruno BELANYI d8c841333b modules: services: gitea: migrate settings
Most of the settings are now RFC-42 compliant.
2023-05-03 15:02:44 +00:00
Bruno BELANYI 638f4a7774 modules: system: boot: rename 'tmp' options
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-17 21:25:15 +02:00
Bruno BELANYI 7cebaa3751 modules: secrets: move wireguard keys
This is a bit special, as some of the keys do not belong to NixOS hosts,
so store those in the module itself, and into host-specific directories
for the keys that are NixOS hosts.
2023-04-17 08:18:27 +00:00
Bruno BELANYI ed745602a1 modules: secrets: move non-existent key workaround
Since this configuration was only there to accommodate `aramis`, make it
be host-specific instead, and rely on the default value otherwise.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 6079485b50 modules: secrets: move host-specific secrets 2023-04-16 19:44:02 +01:00
Bruno BELANYI 57008bcb7c hosts: nixos: add host-specific secrets module
This is the same logic as the common module, but for secrets that don't
need to be shared to different hosts.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 34a3f9a0d6 modules: secrets: centralize agenix keys
If I intend on splitting the keys depending on which host needs to have
access to it, I should have a singular spot to manage the keys.
2023-04-16 19:44:02 +01:00
Bruno BELANYI 68bf36c45c modules: secrets: wireguard: remove unused file
The peer definitions have been inlined into the Wireguard module a long
time ago.
2023-04-13 17:05:52 +00:00
Bruno BELANYI 54e9303319 modules: secrets: use diff-friendly formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:55:34 +00:00
Bruno BELANYI 04f23976ee modules: services: woodpecker: remove unused env
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2023-04-13 15:24:34 +00:00
Bruno BELANYI 94141d53b8 modules: services: woodpecker: remove 'TODO' 2023-04-13 15:17:16 +00:00
Bruno BELANYI f15b3aa23d modules: services: woodpecker: allow setuid
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I need it to be able to use `ssh-agent`, for some of my workflows.
2023-04-01 21:06:50 +02:00
Bruno BELANYI 7a5842f03a modules: services: matrix: remove obsolete comment
All checks were successful
continuous-integration/drone/push Build is passing
2023-04-01 15:56:48 +01:00
Bruno BELANYI d20e921e33 modules: secrets: fix 'matrix/secret' 2023-04-01 15:56:48 +01:00
Bruno BELANYI 7e06f75a5d modules: secrets: add woodpecker 2023-04-01 15:56:48 +01:00
Bruno BELANYI 020a32b9e8 modules: services: add woodpecker 2023-04-01 15:56:48 +01:00
Bruno BELANYI 5d9524dbdf modules: services: blog: better blog redirection 2023-04-01 13:05:47 +02:00
Bruno BELANYI a22fe4e636 modules: services: nextcloud: bump to 26 2023-04-01 13:05:47 +02:00
Bruno BELANYI b909f43269 modules: services: nginx: sort settings
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI cae174b0f7 modules: services: nginx: all recommended settings 2023-03-28 15:31:05 +00:00
Bruno BELANYI 642e58fc22 modules: hardware: bluetooth: use 'wireplumber'
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-28 15:31:05 +00:00
Bruno BELANYI ad0c99c6f0 modules: services: paperless: fix postgres order
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-23 12:16:40 +00:00
Bruno BELANYI 1751704ab3 modules: system: podman: remove unused arguments
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-22 10:46:10 +00:00
Bruno BELANYI e799318a36 modules: hardware: firmware: remove unused 'pkgs' 2023-03-22 10:45:13 +00:00
Bruno BELANYI 70e235dfcc modules: secrets: drone: modify gitea domain
Since I've changed the official subdomain for my forge, let's update it.
2023-03-16 21:40:06 +01:00
Bruno BELANYI e50b259a70 modules: services: gitea: change domain to 'git.*'
Because cool URLs don't change [1], setup a re-directed for it.

[1]: https://www.w3.org/Provider/Style/URI.html
2023-03-16 21:33:22 +01:00
Bruno BELANYI b3d90be8b1 modules: services: nginx: add 'redirect' option 2023-03-16 21:33:22 +01:00
Bruno BELANYI 20341a3129 refactor: 'with lib.my' -> 'with lib' 2023-03-16 16:42:55 +00:00
Bruno BELANYI fafbb93ea9 modules: home: use named 'nixosModules'
All checks were successful
continuous-integration/drone/push Build is passing
2023-03-11 20:44:04 +00:00
Bruno BELANYI 8b9a01a0ef modules: system: nix: DRY inputs handling 2023-02-25 01:43:07 +00:00
Bruno BELANYI 54a6be70c8 modules: system: nix: simplify 'NIX_PATH'
Since we now have an explicit 'pkgs' link, we can just add the folder
with all linked inputs directly instead of adding them all manually.
2023-02-25 01:43:07 +00:00
Bruno BELANYI a99954b12a modules: system: nix: add explicit 'pkgs' link 2023-02-25 01:43:07 +00:00
Bruno BELANYI 6eb87c21b7 modules: system: nix: use stable 'NIX_PATH'
All checks were successful
continuous-integration/drone/push Build is passing
Since the links are updated on system switch, NIX_PATH will
automatically point to the actual system version of the inputs at all
times
2023-02-23 21:03:22 +00:00
Bruno BELANYI c1214547da modules: system: nix: add '/etc/nix/inputs' links 2023-02-23 20:58:05 +00:00
Bruno BELANYI 3505b4d7f0 modules: services: sabnzbd: add fail2ban jail
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-20 23:01:50 +01:00
Bruno BELANYI 2485a60d62 modules: services: calibre-web: add fail2ban jail
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-20 09:04:50 +00:00
Bruno BELANYI b9f6c5d534 modules: services: gitea: add fail2ban jail 2023-02-20 09:04:50 +00:00
Bruno BELANYI d647830911 modules: services: order imports 2023-02-20 09:04:50 +00:00
Bruno BELANYI 13aa8abfaf modules: services: add fail2ban 2023-02-20 09:04:50 +00:00
Bruno BELANYI 5bce2fafde modules: system: nix: override '<nixpkgs>'
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-11 11:04:10 +00:00
Bruno BELANYI 26bf4e3631 modules: system: nix: preprend to 'NIX_PATH'
Instead of appending to the default value.

This makes overriding some values that are defined as the default value easier.
2023-02-11 11:04:10 +00:00
Bruno BELANYI 6b4c01a242 modules: services: ssh-server: use 'settings' 2023-01-28 22:51:18 +01:00
Bruno BELANYI aeb3245327 modules: services: blog: GNU T.P. 2022-12-18 12:59:42 +01:00
Bruno BELANYI c961bdbfc4 modules: services: transmission: remove MemoryHigh
The service does not actively try to reduce its memory usage, so to make
sure we do reach `MemoryMax` let's remove the `MemoryHigh`
configuration.
2022-12-16 21:43:49 +01:00
Bruno BELANYI 1e10c6630b modules: services: nginx: fix SSL renewal
See this issue [1].

[1]: https://github.com/go-acme/lego/issues/1772.
2022-11-29 17:19:24 +01:00
Bruno BELANYI b85a98c377 modules: services: nextcloud: disable broken SSE
I don't use server-side encryption anyway.
2022-11-28 10:18:50 +01:00
Bruno BELANYI 1967c8ef79 modules: services: transmission: limit memory use 2022-11-20 13:15:58 +01:00
Bruno BELANYI f6a00ec838 modules: services: paperless: require postgres 2022-11-03 18:06:36 +01:00
Bruno BELANYI 05be340b7e modules: services: nextcloud: bump to 25 2022-11-03 16:59:19 +01:00
Bruno BELANYI 30ce88f42f flake: bump inputs
And migrate to the new RFC42 grafana options.
2022-11-03 16:58:47 +01:00
Bruno BELANYI 4c0c6a75b2 modules: system: packages: configure aliases
Disallow them by default, but make it configurable.
2022-09-30 08:59:27 +02:00
Bruno BELANYI 5e021e6436 all: remove package aliases 2022-09-30 08:59:27 +02:00
Bruno BELANYI c05fafefe8 modules: services: gitea: migrate to 'settings' 2022-08-31 17:19:58 +02:00
Bruno BELANYI 48495851ba modules: services: grocy: fix SSL configuration 2022-07-28 18:29:10 +02:00
Bruno BELANYI 2ba9c63f2e modules: services: add grocy 2022-07-28 18:29:10 +02:00
Bruno BELANYI 914b064f72 modules: services: paperless: fix DB dependency 2022-07-28 17:54:02 +02:00
Bruno BELANYI 37d272fcfb modules: services: lohr: add 'openssh'
The git binary is not wrapped to add it in PATH anymore.
2022-05-31 13:54:34 +02:00
Bruno BELANYI 052d5a3df7 modules: services: nextcloud: bump to 24 2022-05-23 15:49:22 +02:00
Bruno BELANYI 46affd5057 modules: hardware: bluetooth: remove wireplumber
This configuration file completely breaks my sound setup.

Will investigate more at a later time, in the mean time, since this is
basically the default options, I will just remove the configuration
file.

This reverts commit c987206bc5.
2022-05-02 11:18:23 +02:00
Bruno BELANYI 43cb3ae582 modules: hardware: add firmware 2022-04-27 14:03:18 +02:00
Bruno BELANYI cb84b49438 modules: hardware: bluetooth: add wireplumber conf
Now that `media-session` is deprecated, I should at least replicate this
configuration for `wireplumber`.
2022-04-27 14:03:10 +02:00
Bruno BELANYI 0caa78af10 flake: bump inputs
And ensure that the renamed `paperless` services are configured
correctly.
2022-04-27 14:02:17 +02:00
Bruno BELANYI a9e004f7c1 modules: secrets: gitea: add 'mail-password' 2022-04-08 21:34:44 +02:00
Bruno BELANYI 94143f9d33 modules: services: gitea: add 'mail' configuration 2022-04-08 21:34:44 +02:00
Bruno BELANYI 0db2c0a13c modules: services: matrix: use 'settings'
The unstructured attributes are hard-deprecated.
2022-03-08 11:56:32 +01:00
Bruno BELANYI cc91b88b28 flake: bump inputs
And do not use 'pipewire-media-session' which is deprecated.
2022-03-02 12:13:13 +01:00
Bruno BELANYI 39431c2656 modules: system: nix: use structural 'settings'
Instead of a stringly-typed `extraOptions`.
2022-02-08 14:32:00 +01:00
Bruno BELANYI ba5782e748 modules: system: packages: remove some packages
They either belong in a nix shell or are taken care of by other
configurations.
2022-01-14 15:06:55 +01:00
Bruno BELANYI 8151b28527 modules: services: nginx: use 'acme.default.email'
The option `security.acme.email` has been deprecated.
2022-01-14 13:30:22 +01:00
Bruno BELANYI e6fe5e57c9 modules: system: add podman 2022-01-14 13:24:09 +01:00
Bruno BELANYI 5c7ef3232e modules: system: nix: add inputs to NIX_PATH 2022-01-07 08:55:58 +01:00
Bruno BELANYI 4d5d662913 modules: services: nextcloud: upgrade version 2021-12-07 19:11:32 +01:00
Bruno BELANYI 070a929f88 flake: bump inputs
And use renamed option for agenix identities.
2021-12-07 19:11:32 +01:00
Bruno BELANYI d86ff6192c modules: system: nix: don't change daemon niceness
This option doesn't really work the way it should anyway [1].

This reverts commit cbf6ea9ac9.

[1]: https://github.com/NixOS/nixpkgs/pull/138741
2021-11-23 18:53:11 +01:00
Bruno BELANYI d490a7de78 modules: services: nginx-sso: always rewrite conf 2021-11-06 15:43:00 +01:00
Bruno BELANYI a36eae4e66 modules: services: paperless: backup 'dataDir' 2021-11-05 17:03:52 +01:00
Bruno BELANYI dd0c110f71 modules: services: calibre-web: use 'dataDir' 2021-11-05 17:03:52 +01:00
Bruno BELANYI e2638728e3 modules: services: pirate: sort 'ports' values 2021-11-05 17:03:52 +01:00
Bruno BELANYI 62e62c70e1 modules: services: lohr: declarative ssh key 2021-11-05 16:59:11 +01:00
Bruno BELANYI b5b8f83e71 modules: secrets: lohr: add 'ssh-key' 2021-11-05 15:31:59 +01:00
Bruno BELANYI 5fdc390411 modules: services: nginx: remove unused argument 2021-11-05 14:58:58 +01:00
Bruno BELANYI 67ea6d9f95 modules: services: drone: remove unused arguments 2021-11-05 14:58:58 +01:00
Bruno BELANYI 450ab4b07b modules: services: backup: remove deprecated name 2021-11-03 17:16:40 +01:00
Bruno BELANYI 9b184f94ac modules: home: forward inputs to home-manager
This will be useful if and when I end up adding inputs with home-manager
modules defined.
2021-10-22 13:06:53 +02:00
Bruno BELANYI 7ca32d8b05 modules: services: indexers: add prowlarr 2021-10-18 19:48:50 +02:00
Bruno BELANYI af5103803b modules: services: indexers: refactor
This is cleaner and more correct.
2021-10-18 19:48:50 +02:00
Bruno BELANYI f5e26526da modules: services: indexers: fix typo 2021-10-18 19:48:50 +02:00
Bruno BELANYI 69d7fd5d7c modules: system: nix: change nix build niceness
19 is the lowest priority.
2021-10-18 18:49:03 +02:00
Bruno BELANYI dd48089a82 modules: services: nginx: use 'mkMailAccount' 2021-10-13 15:36:28 +02:00
Bruno BELANYI 2cd56e133f modules: services: wireguard: add 'milady' 2021-10-10 17:16:29 +02:00
Bruno BELANYI d43831cbf1 modules: secrets: wireguard: add 'milady' 2021-10-10 17:16:29 +02:00
Bruno BELANYI 55541abd17 modules: secrets: fix permission for grafana 2021-09-26 23:09:33 +02:00
Bruno BELANYI b9786398a7 modules: secrets: fix permission of 'matrix/mail' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 5fd82472bf modules: secrets: add 'owner' logic 2021-09-26 23:09:33 +02:00
Bruno BELANYI 8968e30e62 modules: secrets: remove 'with lib;' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 0b580b61e7 secrets: move into 'modules' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 414c27ee63 modules: services: nginx: sso: use runtime secrets 2021-09-26 23:09:33 +02:00
Bruno BELANYI c7766afe90 modules: services: nginx: allow sso secret files
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
2021-09-26 23:09:32 +02:00
Bruno BELANYI b46b918295 modules: services: drone: split into files
This is cleaner to read.
2021-09-26 23:09:32 +02:00
Bruno BELANYI ac90c5b11a modules: services: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 836b54b8eb modules: hardware: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 7bec7ae0f9 modules: system: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI d5b09c48ef modules: programs: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI c88fa91671 modules: home: put into folder 2021-09-26 23:09:32 +02:00
Bruno BELANYI 33d539ed4f modules: system: users: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 91abacd0f6 modules: services: wireguard: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 16d3cd9f81 modules: services: nginx: use 'credentialsFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 7d37701811 modules: services: matrix: use 'mailConfigFile'
In preparation of the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 4643690b43 modules: services: paperless: use 'secretKeyFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 5579baecfb modules: services: nextcloud: use 'credentialsfile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 9d8da4d2b2 modules: services: miniflux: use 'credentialsFiles'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI da63787874 modules: services: transmission: secrets w/ file
In preparation for the migration to using agenix.
2021-09-26 23:09:31 +02:00
Bruno BELANYI 313b0c23a9 modules: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI 8852699c9a modules: services: nginx: use 'recursiveMerge' 2021-09-23 22:11:25 +02:00
Bruno BELANYI c13e57f584 modules: system: users: use 'initialHashedPassword'
This is the better option to use in case I want to have a stateless
system.
2021-09-23 21:30:24 +02:00
Bruno BELANYI 2f9d3417d4 modules: system: users: use 'ambroisie' password
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00
Bruno BELANYI 27040532bd modules: programs: steam: respect XDG conventions
Steam wants to pollute HOME with `.steam*` files and folders, which are
useless and annoying.

We want to make sure the wrappers are preferred when installing, so use
`lib.hiPrio` to ensure they get chosen.
2021-09-15 19:23:24 +02:00
Bruno BELANYI 24b540d948 modules: programs: add steam 2021-09-15 19:23:24 +02:00
Bruno BELANYI 91489d5b71 modules: add 'programs' directory 2021-09-15 16:48:10 +02:00
Bruno BELANYI 4ccf549e58 modules: system: remove 'media'
It was not the idiomatic way to do this.
2021-09-15 16:10:06 +02:00
Bruno BELANYI bf6af94bec modules: services: paperless: proxy websockets 2021-08-31 13:52:11 +02:00
Bruno BELANYI 23484989a6 modules: services: paperless: add admin password
This is a fallback in case SSO stops working...
2021-08-31 13:52:11 +02:00
Bruno BELANYI da4595cd39 modules: services: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 8319f0ea5c modules: services: nginx: nginx-sso verbose logs
For some reason it still doesn't appear in the systemd log...
2021-08-30 17:38:25 +02:00
Bruno BELANYI fd898df590 modules: services: nginx: add SSO 2021-08-30 17:36:39 +02:00
Bruno BELANYI 52079bf1e7 modules: services: nginx: enable explicitly 2021-08-30 17:36:39 +02:00
Bruno BELANYI 77cf3430ae modules: services: use new nginx wrapper
And when not possible, document why.

Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
2021-08-26 15:54:13 +02:00
Bruno BELANYI a8514dcdf1 modules: services: nginx: overhaul modularity
This should be all that's needed for almost all my services.
2021-08-26 15:54:13 +02:00
Bruno BELANYI 087794433e modules: services: nextcloud: exclude previews 2021-08-19 14:27:40 +02:00
Bruno BELANYI 98c2f16eb2 modules: services: backup: make it verbose 2021-08-19 14:27:40 +02:00
Bruno BELANYI c228916072 modules: services: add navidrome 2021-08-19 12:23:06 +02:00
Bruno BELANYI 7d09677792 modules: services: backup: fix exclude files
I was using the wrong option... Somehow it didn't error out.
2021-08-09 20:08:43 +02:00
Bruno BELANYI 6c3662dbb3 modules: services: tlp: add power scaling 2021-07-31 16:56:20 +02:00
Bruno BELANYI 19c5cd0e13 modules: services: nextcloud: upgrade version 2021-07-29 13:42:28 +02:00
Bruno BELANYI 522d1f49df flake: bump inputs
And update package names for grafana dashboards to avoid breaking the
config.
2021-07-29 13:42:28 +02:00
Bruno BELANYI 3459067cd4 modules: services: postgres: upgrade version 2021-07-29 13:03:10 +02:00
Bruno BELANYI 5d21cecee7 modules: services: postgres: add migration script
The process to upgrade is:

* Make sure the version number of the script is one major version over
  the service version.

* Activate the script, rebuild configuration.

* Run `upgrade-pg-cluster` as `root`. One can give arguments like
  `--link` or `--jobs 4` to speedup the process. See documentation for
  some details.

* Change package to new version once the upgrade is finished, rebuild
  configuration.

* Optionally, `ANALYZE` the new database.
2021-07-29 13:02:49 +02:00
Bruno BELANYI 99c33cd7ad modules: services: add postgresql
Enable the service itself in other modules when needed, but pin the
package in a single place.
2021-07-29 12:43:28 +02:00
Bruno BELANYI eba977b582 modules: services: monitoring: add scrape interval 2021-07-15 18:54:07 +02:00
Bruno BELANYI 24028669f4 modules: services: add monitoring dashboard 2021-07-13 19:17:33 +02:00