Bruno BELANYI
5e8aac2a5e
services: drone: start after DB
2021-03-03 17:02:48 +00:00
Bruno BELANYI
b135646c28
machine: porthos: hardware: use disks by label
2021-03-03 17:02:48 +00:00
Bruno BELANYI
8d3d3521f3
flake: refactor host configuration
2021-03-03 17:02:48 +00:00
Bruno BELANYI
0114e7b668
services: calibre-web: backup library
2021-03-03 17:02:48 +00:00
Bruno BELANYI
4e073b8d02
machines: porthos: services: enable Calibre-web
2021-03-03 17:02:48 +00:00
Bruno BELANYI
798f75db12
services: add Calibre-web
2021-03-03 17:02:48 +00:00
Bruno BELANYI
51491b99a9
services: media: refactor logic
...
This makes it more DRY.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
b3aa8d94cb
services: gitea: change default port
...
3000 interferes with the Drone runners, which leads to a race condition
at startup regarding who gets the port.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
53b0e0a1c8
services: wireguard: do not hard-code 'eth0'
...
Instead make use of the newly introduce `networking.externalInterface`
option.
2021-02-25 15:29:07 +00:00
Bruno BELANYI
e74e46a0e6
machines: porthos: networking: set externalInterface
2021-02-25 15:29:06 +00:00
Bruno BELANYI
9e9ef7b598
modules: add 'networking.externalInterface' option
2021-02-25 15:29:06 +00:00
Bruno BELANYI
ecded82986
services: wireguard: use 'wg-quick'
...
Turns out the `wireguard` service isn't meant to be used for VPN-like
workflows (see [1]). and I'll probably have less trouble by using
`wg-quick` instead.
Nice bonus is that instead of having awfully named services running for
each peer, I only need the one service for `wg-quick` itself.
[1]: https://github.com/NixOS/nixpkgs/issues/51258
2021-02-25 15:29:06 +00:00
Bruno BELANYI
a4da864981
machines: porthos: enable Wireguard
2021-02-25 15:29:06 +00:00
Bruno BELANYI
c912c03668
services: add Wireguard
...
This allows connecting devices in a mesh as if they were all on the same
private local network.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
2523b764bd
secrets: add wireguard peers
2021-02-25 15:29:06 +00:00
Bruno BELANYI
8b069ab820
services: pirate: add Lidarr
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7e5f661914
services: drone: mount 'resolv'-related files
...
Otherwise the pipelines will have a difficult time resolving
hostnames...
2021-02-25 15:29:06 +00:00
Bruno BELANYI
0482833ee8
services: drone: do not bind '/var/lib/drone'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
b972c0bef3
porthos: services: enable 'exec' Drone runner
2021-02-25 15:29:06 +00:00
Bruno BELANYI
b0d3cb0e8e
modules: move ssh keys into subdirectory
2021-02-25 15:29:06 +00:00
Bruno BELANYI
9992914ea6
project: readme: mention manual Jellyfin config
2021-02-25 15:29:06 +00:00
Bruno BELANYI
7cb208e1ea
services: quassel: trust its pgsql connection
2021-02-25 15:29:06 +00:00
Bruno BELANYI
a8f9dd9a02
services: quassel: create storage DB
2021-02-25 15:29:06 +00:00
Bruno BELANYI
91be5ad978
porthos: services: enable Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
2199c1b10c
services: add Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
4423478019
secrets: do not encrypt 'default.nix'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
0732b3a0bd
modules: packages: make 'vim' default editor
2021-02-25 15:29:06 +00:00
Bruno BELANYI
340906d6b2
porthos: users: add 'ambroisie' to 'media'
...
This only done when the groups exists.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
866225393b
porthos: move files into 'machines' directory
...
But keep 'porthos.nix' at the root of the repository. I feel like it is
cleaner to keep device specific files at the root.
2021-02-25 15:29:06 +00:00
Bruno BELANYI
f5d0118fab
services: transmission: add permissive umask
2021-02-25 15:29:05 +00:00
Bruno BELANYI
69519c45a6
ci: add Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
c49cb11109
services: matrix: explicitly disable registration
2021-02-25 15:29:05 +00:00
Bruno BELANYI
b8f4bc5b68
services: drone: enable Jsonnet & Starlark
2021-02-25 15:29:05 +00:00
Bruno BELANYI
35486cd2e7
porthos: services: drone: switch to 'docker'
2021-02-25 15:29:05 +00:00
Bruno BELANYI
03f7cc8551
services: drone: add 'docker' runner
2021-02-25 15:29:05 +00:00
Bruno BELANYI
819521eef9
porthos: users: blog: do not change perimissions
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9a0720f934
porthos: services: enable Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8b3dac169e
services: add drone CI
...
This makes use of the 'exec' runner instead of my usual setup using the
'docker' runner.
A future improvement would be packaging, and then using, the 'docker'
runner too/instead.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
9177ea0946
services: gitea: do not use wizard
...
Instead you should temporarily enable registrations, and then disable
them right afterwards.
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8e90c4f864
porthos: networking: use production domain
...
I am done with my experimentation, I feel like I can fully commit to
using NixOS now :-)
2021-02-25 15:29:05 +00:00
Bruno BELANYI
8bb2e096f6
services: blog: make main site default host
2021-02-25 15:29:05 +00:00
Bruno BELANYI
ed0381de32
porthos: add 'blog' user
2021-02-25 15:29:05 +00:00
Bruno BELANYI
926f4a144f
secrets: drone: add ssh keys
2021-02-25 15:29:05 +00:00
Bruno BELANYI
3233687568
porthos: services: enable blog hosting
2021-02-25 15:29:04 +00:00
Bruno BELANYI
c8e9dd8535
services: add blog
2021-02-25 15:29:04 +00:00
Bruno BELANYI
5fc1b7ae74
services: gitea: add state to backup
...
Because I think `restic` will not deal with the compressed format of
`gitea`'s native `dump` command, I set up a manual backup.
This could lead to potentially corrupted data if I happen to backup at
the exact same time as a push to a repository. However given the
frequency of backups planned, I assume that most of them will be fine.
2021-02-25 15:29:04 +00:00
Bruno BELANYI
2db7189f50
services: matrix: ensure 'dataDir' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
8cdef69b3e
services: nextcloud: ensure 'home' exists
2021-02-08 10:49:59 +00:00
Bruno BELANYI
a0cdd38848
porthos: services: configure backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
471ecd87cc
services: postgresql-backup: explicitly backup all
2021-02-08 10:49:59 +00:00