Bruno BELANYI
55541abd17
modules: secrets: fix permission for grafana
2021-09-26 23:09:33 +02:00
Bruno BELANYI
b9786398a7
modules: secrets: fix permission of 'matrix/mail'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
5fd82472bf
modules: secrets: add 'owner' logic
2021-09-26 23:09:33 +02:00
Bruno BELANYI
8968e30e62
modules: secrets: remove 'with lib;'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
0b580b61e7
secrets: move into 'modules'
2021-09-26 23:09:33 +02:00
Bruno BELANYI
414c27ee63
modules: services: nginx: sso: use runtime secrets
2021-09-26 23:09:33 +02:00
Bruno BELANYI
c7766afe90
modules: services: nginx: allow sso secret files
...
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
b46b918295
modules: services: drone: split into files
...
This is cleaner to read.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
ac90c5b11a
modules: services: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
836b54b8eb
modules: hardware: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
7bec7ae0f9
modules: system: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
d5b09c48ef
modules: programs: put modules into folders
2021-09-26 23:09:32 +02:00
Bruno BELANYI
c88fa91671
modules: home: put into folder
2021-09-26 23:09:32 +02:00
Bruno BELANYI
33d539ed4f
modules: system: users: use agenix secrets
2021-09-26 23:09:32 +02:00
Bruno BELANYI
91abacd0f6
modules: services: wireguard: use agenix secrets
2021-09-26 23:09:32 +02:00
Bruno BELANYI
16d3cd9f81
modules: services: nginx: use 'credentialsFile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
7d37701811
modules: services: matrix: use 'mailConfigFile'
...
In preparation of the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
4643690b43
modules: services: paperless: use 'secretKeyFile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
5579baecfb
modules: services: nextcloud: use 'credentialsfile'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
9d8da4d2b2
modules: services: miniflux: use 'credentialsFiles'
...
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI
da63787874
modules: services: transmission: secrets w/ file
...
In preparation for the migration to using agenix.
2021-09-26 23:09:31 +02:00
Bruno BELANYI
313b0c23a9
modules: remove unused arguments
2021-09-24 01:21:57 +02:00
Bruno BELANYI
8852699c9a
modules: services: nginx: use 'recursiveMerge'
2021-09-23 22:11:25 +02:00
Bruno BELANYI
c13e57f584
modules: system: users: use 'initialHashedPassword'
...
This is the better option to use in case I want to have a stateless
system.
2021-09-23 21:30:24 +02:00
Bruno BELANYI
2f9d3417d4
modules: system: users: use 'ambroisie' password
...
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00
Bruno BELANYI
27040532bd
modules: programs: steam: respect XDG conventions
...
Steam wants to pollute HOME with `.steam*` files and folders, which are
useless and annoying.
We want to make sure the wrappers are preferred when installing, so use
`lib.hiPrio` to ensure they get chosen.
2021-09-15 19:23:24 +02:00
Bruno BELANYI
24b540d948
modules: programs: add steam
2021-09-15 19:23:24 +02:00
Bruno BELANYI
91489d5b71
modules: add 'programs' directory
2021-09-15 16:48:10 +02:00
Bruno BELANYI
4ccf549e58
modules: system: remove 'media'
...
It was not the idiomatic way to do this.
2021-09-15 16:10:06 +02:00
Bruno BELANYI
bf6af94bec
modules: services: paperless: proxy websockets
2021-08-31 13:52:11 +02:00
Bruno BELANYI
23484989a6
modules: services: paperless: add admin password
...
This is a fallback in case SSO stops working...
2021-08-31 13:52:11 +02:00
Bruno BELANYI
da4595cd39
modules: services: add paperless
2021-08-31 13:52:11 +02:00
Bruno BELANYI
8319f0ea5c
modules: services: nginx: nginx-sso verbose logs
...
For some reason it still doesn't appear in the systemd log...
2021-08-30 17:38:25 +02:00
Bruno BELANYI
fd898df590
modules: services: nginx: add SSO
2021-08-30 17:36:39 +02:00
Bruno BELANYI
52079bf1e7
modules: services: nginx: enable explicitly
2021-08-30 17:36:39 +02:00
Bruno BELANYI
77cf3430ae
modules: services: use new nginx wrapper
...
And when not possible, document why.
Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
2021-08-26 15:54:13 +02:00
Bruno BELANYI
a8514dcdf1
modules: services: nginx: overhaul modularity
...
This should be all that's needed for almost all my services.
2021-08-26 15:54:13 +02:00
Bruno BELANYI
087794433e
modules: services: nextcloud: exclude previews
2021-08-19 14:27:40 +02:00
Bruno BELANYI
98c2f16eb2
modules: services: backup: make it verbose
2021-08-19 14:27:40 +02:00
Bruno BELANYI
c228916072
modules: services: add navidrome
2021-08-19 12:23:06 +02:00
Bruno BELANYI
7d09677792
modules: services: backup: fix exclude files
...
I was using the wrong option... Somehow it didn't error out.
2021-08-09 20:08:43 +02:00
Bruno BELANYI
6c3662dbb3
modules: services: tlp: add power scaling
2021-07-31 16:56:20 +02:00
Bruno BELANYI
19c5cd0e13
modules: services: nextcloud: upgrade version
2021-07-29 13:42:28 +02:00
Bruno BELANYI
522d1f49df
flake: bump inputs
...
And update package names for grafana dashboards to avoid breaking the
config.
2021-07-29 13:42:28 +02:00
Bruno BELANYI
3459067cd4
modules: services: postgres: upgrade version
2021-07-29 13:03:10 +02:00
Bruno BELANYI
5d21cecee7
modules: services: postgres: add migration script
...
The process to upgrade is:
* Make sure the version number of the script is one major version over
the service version.
* Activate the script, rebuild configuration.
* Run `upgrade-pg-cluster` as `root`. One can give arguments like
`--link` or `--jobs 4` to speedup the process. See documentation for
some details.
* Change package to new version once the upgrade is finished, rebuild
configuration.
* Optionally, `ANALYZE` the new database.
2021-07-29 13:02:49 +02:00
Bruno BELANYI
99c33cd7ad
modules: services: add postgresql
...
Enable the service itself in other modules when needed, but pin the
package in a single place.
2021-07-29 12:43:28 +02:00
Bruno BELANYI
eba977b582
modules: services: monitoring: add scrape interval
2021-07-15 18:54:07 +02:00
Bruno BELANYI
24028669f4
modules: services: add monitoring dashboard
2021-07-13 19:17:33 +02:00
Bruno BELANYI
c910b643da
modules: services: add monitoring
...
This includes a dashboard to monitor system ressources, using
Prometheus.
2021-07-13 19:17:33 +02:00