Bruno BELANYI
aa0a3bf6c9
services: transmission: more configurable settings
continuous-integration/drone/push Build is passing
2021-03-07 16:04:45 +00:00
Bruno BELANYI
1810d44587
services: transmission: ensure correct permissions
2021-03-07 16:01:48 +00:00
Bruno BELANYI
cbc94aae50
services: transmission: remove umask configuration
2021-03-07 15:58:01 +00:00
Bruno BELANYI
2914aedc9b
services: miniflux: fix documentation error
continuous-integration/drone/push Build is passing
2021-03-03 17:02:49 +00:00
Bruno BELANYI
0e86a8c2f1
services: gitea: do not interpolate lone variable
2021-03-03 17:02:49 +00:00
Bruno BELANYI
d23423b92c
services: s/= "${domain}"/= domain
2021-03-03 17:02:49 +00:00
Bruno BELANYI
aa558745f9
services: jellyfin: proxy websockets
2021-03-03 17:02:49 +00:00
Bruno BELANYI
5e8aac2a5e
services: drone: start after DB
2021-03-03 17:02:48 +00:00
Bruno BELANYI
0114e7b668
services: calibre-web: backup library
2021-03-03 17:02:48 +00:00
Bruno BELANYI
798f75db12
services: add Calibre-web
2021-03-03 17:02:48 +00:00
Bruno BELANYI
51491b99a9
services: media: refactor logic
...
This makes it more DRY.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
b3aa8d94cb
services: gitea: change default port
...
3000 interferes with the Drone runners, which leads to a race condition
at startup regarding who gets the port.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
53b0e0a1c8
services: wireguard: do not hard-code 'eth0'
...
Instead make use of the newly introduce `networking.externalInterface`
option.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
ecded82986
services: wireguard: use 'wg-quick'
...
Turns out the `wireguard` service isn't meant to be used for VPN-like
workflows (see [1]). and I'll probably have less trouble by using
`wg-quick` instead.
Nice bonus is that instead of having awfully named services running for
each peer, I only need the one service for `wg-quick` itself.
[1]: https://github.com/NixOS/nixpkgs/issues/51258
2021-02-25 15:29:06 +00:00
Bruno BELANYI
c912c03668
services: add Wireguard
...
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
8b069ab820
services: pirate: add Lidarr
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7e5f661914
services: drone: mount 'resolv'-related files
...
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI
0482833ee8
services: drone: do not bind '/var/lib/drone'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7cb208e1ea
services: quassel: trust its pgsql connection
2021-02-25 15:29:06 +00:00
Bruno BELANYI
a8f9dd9a02
services: quassel: create storage DB
2021-02-25 15:29:06 +00:00
Bruno BELANYI
2199c1b10c
services: add Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
f5d0118fab
services: transmission: add permissive umask
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c49cb11109
services: matrix: explicitly disable registration
2021-02-25 15:29:05 +00:00
Bruno BELANYI
b8f4bc5b68
services: drone: enable Jsonnet & Starlark
2021-02-25 15:29:05 +00:00
Bruno BELANYI
03f7cc8551
services: drone: add 'docker' runner
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8b3dac169e
services: add drone CI
...
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.
A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9177ea0946
services: gitea: do not use wizard
...
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8bb2e096f6
services: blog: make main site default host
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c8e9dd8535
services: add blog
2021-02-25 15:29:04 +00:00
Bruno BELANYI
5fc1b7ae74
services: gitea: add state to backup
...
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.
This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00
Bruno BELANYI
2db7189f50
services: matrix: ensure 'dataDir' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
8cdef69b3e
services: nextcloud: ensure 'home' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
471ecd87cc
services: postgresql-backup: explicitly backup all
2021-02-08 10:49:59 +00:00
Bruno BELANYI
a8a8b5fc22
services: nextcloud: add state to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
8fa9e1ce1a
services: postgresql-backup: add current to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
7a3588e17f
services: matrix: add state to backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
61cd897d1f
services: add backup
...
This is using `restic` and Backblaze B2 buckets
2021-02-08 10:49:59 +00:00
Bruno BELANYI
21747212dd
porthos: services: extract ssh-server
2021-02-08 10:49:59 +00:00
Bruno BELANYI
d1d33fd1d1
secrets: modularise
...
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.
This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
47396fbab0
services: add Quassel
...
Unfortunately this service is stateful, you need to connect to it to set
up the first user.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
41c777d2e2
services: add RSS-Bridge
2021-02-08 10:49:59 +00:00
Bruno BELANYI
e29adcda03
services: add indexers
...
Includes both Jackett and NZBHydra2.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
bfba8c005c
services: add postgres-backup
2021-02-08 10:49:58 +00:00
Bruno BELANYI
34ff469b6d
services: add nextcloud
...
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
2021-02-08 10:49:58 +00:00
Bruno BELANYI
adfc2eb832
services: matrix: remove postgreSQL backup
...
This really deserves to be its own service instead.
2021-02-08 10:49:58 +00:00
Bruno BELANYI
442c691933
matrix: proxy calls to '/_synapse/client'
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6bfa421112
services: matrix: use shared registration secret
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6b1de02ea3
services: matrix: configure DB on launch
2021-02-08 10:49:58 +00:00
Bruno BELANYI
303da60e0b
services: gitea: clean up configuration
...
I want the ssh addresses to use 'git' as a user, so the service must be
set up with this user as well.
I also want the port to be configurable in case I need to change it.
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6038d0df60
services: add sabnzbd
...
Its configuration isn't declarative :-(.
Notably, the port needs to be changed from '8080' to '9090' in its
configuration file (at '/var/lib/sabnzbd/').
2021-02-03 20:38:54 +01:00