Commit graph

78 commits

Author SHA1 Message Date
Bruno BELANYI ad1cfbd6f0 flake: bump inputs
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: https://github.com/NixOS/nixpkgs/issues/360592
2024-12-08 10:44:26 -05:00
Bruno BELANYI e39fef275c nixos: services: paperless: use 'environmentFile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
That way I don't have to configure all services to make use of it.

Someday I'll find the will to add the `postgresql.service` dependency
upstream, truly removing the need to configure any service at all.
2024-11-27 12:05:41 +00:00
Bruno BELANYI 6a5c4a627a nixos: services: pyload: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-20 21:06:17 +01:00
Bruno BELANYI 7f0cd6612e nixos: services: paperless: remove MKL work-around
Instead, rely on the upstream service's work-around [1].

This will reduce the amount of package builds I need to do when updating
my server...

[1]: https://github.com/NixOS/nixpkgs/pull/299008

This reverts commit e2ec4d3032.
2024-11-20 21:06:17 +01:00
Bruno BELANYI 60050113bc nixos: services: nginx: modify example
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Now that `websocketLocations` exists, it makes little sense to use
`proxyWebsockets` in an example, so use a different one.
2024-11-19 16:03:38 +00:00
Bruno BELANYI 6a1a35a384 nixos: services: migrate to 'websocketsLocations' 2024-11-19 16:03:38 +00:00
Bruno BELANYI e9d96138d5 nixos: services: nginx: add 'websocketsLocations'
This accounts for the overwhelming majority of my usage of
`extraConfig`.
2024-11-19 16:03:38 +00:00
Bruno BELANYI 138d4d2bd9 nixos: services: nextcloud: add collabora
This needs to be configured through the "Nextcloud Office" app,
specifically the WOPI setting is important for security (I put both the
external IP, as well as `::1` and `127.0.0.1`).
2024-11-19 15:58:48 +01:00
Bruno BELANYI ab8a5daefe hosts: porthos: secrets: acme: use OVH API
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I switched registrar, as OVH was ~4x cheaper.

This needs a small change to the module to both refer to OVH instead of
Gandi in the documentation, and make use of the correct API.

I also needed to disable the propagation check, as it looks like OVH is
slower than Gandi, and leads to spurious errors...
2024-11-14 22:19:35 +01:00
Bruno BELANYI 6d2ac0c473 modules: services: matrix: remove sliding sync
The functionality has been folded into `synapse` itself, and the module
has been removed from the unstable branch.

This reverts commit b4c2cc581b.
2024-10-28 10:47:49 +00:00
Bruno BELANYI a09cef76c5 nixos: services: nextcloud: bump to 30
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-10-17 15:26:17 +02:00
Bruno BELANYI 09f763bc16 nixos: services: add komga
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-30 22:10:38 +02:00
Bruno BELANYI 898523d079 treewide: fix typos 2024-09-27 13:49:29 +00:00
Bruno BELANYI cbba752b54 nixos: services: nginx: remove 'literalExample'
Those examples do not use functions or any other "difficult to render"
expression.
2024-09-27 13:44:40 +00:00
Bruno BELANYI 3aab65d9ea nixos: services: tandoor-recipes: add fail2ban note
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-24 13:13:15 +00:00
Bruno BELANYI b6279108e0 nixos: services: vikunja: add fail2ban note
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-24 10:44:42 +00:00
Bruno BELANYI 0f3c5d1d63 nixos: services: transmission: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 1f40ac4a9f nixos: services: grocy: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 2b64a00dc9 nixos: services: flood: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 1aa3385e13 nixos: services: navidrome: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-22 02:12:48 +02:00
Bruno BELANYI a059828a58 nixos: services: miniflux: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-22 01:59:04 +02:00
Bruno BELANYI 96e1a54638 nixos: services: nextcloud: add fail2ban jail 2024-09-22 01:59:04 +02:00
Bruno BELANYI f24cf2e16d nixos: services: audiobookshelf: add fail2ban jail 2024-09-22 01:37:34 +02:00
Bruno BELANYI cedac6bbf4 nixos: services: mealie: add fail2ban jail 2024-09-22 01:37:34 +02:00
Bruno BELANYI c1eab0edee nixos: services: jellyfin: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
The upstream documentation adds quotes around the IP, but I don't see
them in my logs. Let's split the difference by making them optional.
2024-09-20 14:39:53 +00:00
Bruno BELANYI a713913eef nixos: services: add pdf-edit 2024-09-05 18:10:00 +02:00
Bruno BELANYI 0d2b9c9699 nixos: services: rename 'servarr'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-05 10:39:01 +00:00
Bruno BELANYI 52197a4f96 nixos: services: pirate: add readarr 2024-09-05 10:36:31 +00:00
Bruno BELANYI fb4047b2b3 nixos: services: nginx: sso: align with upstream
This aligns with the PR I opened on nixpkgs [1].

[1]: https://github.com/NixOS/nixpkgs/pull/325838
2024-09-05 10:36:31 +00:00
Bruno BELANYI 445cb43cb4 nixos: services: nix-cache: fix deprecated config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-04 10:35:10 +00:00
Bruno BELANYI b73f6af5e0 nixos: services: flood: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-21 15:40:34 +00:00
Bruno BELANYI d37c767a2f nixos: services: forgejo: fix deprecated config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-12 21:29:19 +02:00
Bruno BELANYI 10a7111f1c nixos: services: mealie: fix DB auth
Turns out the package update [1] was because someone couldn't make it
work on the previous version, and added a new setting to configure it
more easily :-).

[1]: https://github.com/NixOS/nixpkgs/pull/314294
2024-06-12 21:28:41 +02:00
Bruno BELANYI f6c476a07f nixos: services: postgres: add post-upgrade advice
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-07 11:40:11 +00:00
Bruno BELANYI 0745e450b9 nixos: services: postgres: remove unused container 2024-05-07 11:40:11 +00:00
Bruno BELANYI 48beb9f1fe nixos: services: postgres: simplify update script 2024-05-07 11:21:28 +00:00
Bruno BELANYI 6162f4f4d5 modules: services: nextcloud: bump to 29
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-04 22:51:11 +02:00
Bruno BELANYI 2dedb41a47 nixos: services: add audiobookshelf 2024-04-22 21:00:00 +02:00
Bruno BELANYI 5df0574f41 nixos: services: podgrab: add 'dataDir' 2024-04-22 21:00:00 +02:00
Bruno BELANYI c18054cad7 nixos: services: podgrab: use 'media' group 2024-04-22 20:59:09 +02:00
Bruno BELANYI 6efe2c12ba nixos: services: woodpecker: exec: fix NodeJS
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I need it for Tree Sitter support...
2024-04-08 21:19:54 +02:00
Bruno BELANYI 6b51b4e2ab nixos: services: rss-bridge: fix deprecated option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-07 13:30:40 +02:00
Bruno BELANYI 8f120e2129 nixos: services: lohr: fix SSH key creation
All checks were successful
ci/woodpecker/push/check Pipeline was successful
In the migration to `tmpfiles.d(5)`, I used the wrong type of file.

Using `f` would write the path to the file as its content, rather than
copy it. Unfortunately `C` and `C+` do not overwrite an existing file,
so using a symlink it the correct solution here.

This means the SSH key file must have `lohr` as an owner... Perhaps I
should make it so the service can read the file itself, rather than
rely on the filesystem location, so that I don't have to contort myself
quite so much to make it work.
2024-04-02 12:25:34 +02:00
Bruno BELANYI 607aa5351c nixos: services: tandoor-recipes: fix bulk upload
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-03-22 22:03:53 +01:00
Bruno BELANYI 61fa35093c nixos: services: mealie: fix bulk upload 2024-03-22 22:03:53 +01:00
Bruno BELANYI b2dc051e6a flake: bump inputs
And fix the breaking changes in Vikunja (which actually make my
configuration simpler).
2024-03-11 17:32:54 +01:00
Bruno BELANYI 6140e1c8f9 nixos: services: lohr: migrate to tmpfiles
This is better than a custom script.
2024-03-11 17:32:54 +01:00
Bruno BELANYI 5d3160fb0d hosts: nixos: porthos: migrate to new host
OVH/Kimsufi are deprecating my current server by the end of the year. So
let's migrate to a new host.

This was more painful than initially planned, OVH introduced a change to
their rescue system which messes with the NixOS installation [1].

In the end I used a kexec image [2] to run the installation.

[1]: https://github.com/NixOS/nix/issues/7790
[2]: https://github.com/nix-community/nixos-images
2024-03-11 17:32:54 +01:00
Bruno BELANYI 0f33dbd5c2 hosts: nixos: porthos: switch to forgejo
This required a quick rename to migrate from one to the other.
2024-03-11 17:32:54 +01:00
Bruno BELANYI f3207468f9 nixos: services: woodpecker: configurable forge 2024-03-11 17:32:54 +01:00