aboutsummaryrefslogtreecommitdiff
path: root/hosts/tahoe/services.nix (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-12-08delete configuration for old machinesFranck Cuny1-21/+0
These machines are gone, no need to keep the configuration around.
2023-08-20remove `sendsms` from tahoeFranck Cuny1-2/+0
2023-05-12profiles/monitoring: move loki to a profileFranck Cuny1-4/+0
Add a nginx virtualhost for loki too, so that we can use a valid SSL certificate.
2023-05-12profiles/monitoring: move promtail to a profileFranck Cuny1-1/+0
2023-05-12profiles/monitoring: move node exporter to a profileFranck Cuny1-1/+0
2023-05-12hosts: move around backup configurationFranck Cuny1-15/+1
2023-05-12profiles/backup: configure the backup serverFranck Cuny1-16/+0
It creates the user, ensure sftp is configured correctly, and rsync the backups to rsync.net once a day.
2023-05-10profiles/syncthing: move the old moduleFranck Cuny1-1/+0
2023-05-10profiles/samba: convert the old module as a profileFranck Cuny1-4/+0
2023-05-10profiles/git-server: move gitolite and cgitFranck Cuny1-8/+0
2023-05-10profiles/music-server: moved navidromeFranck Cuny1-5/+0
2023-05-10profiles/unifi: move the module to a profileFranck Cuny1-5/+0
Get rid of configuration that was duplicated (a lot of things are already handled by the upstream module).
2023-05-09hosts/tahoe: don't load transmissionFranck Cuny1-4/+0
I need to set a password.
2023-05-09profiles/nginx: move common configuration to a profileFranck Cuny1-1/+0
Both tahoe and carmel are using nginx, and we can simplify the configuration by moving common parts to the profile and have these hosts import it.
2023-05-08profile/acme: default DNS provider is gandiFranck Cuny1-5/+4
Add the API key for gandi to the secrest, create a profile for acme with my defaults. The profile is loaded by tahoe since that's where our services are running on. Update all the servers in nginx to listen on their wireguard interface.
2023-04-30hosts/tahoe: enable rsync-ing backups to rsync.netFranck Cuny1-0/+7
2023-04-29hosts/tahoe: disable rcloneFranck Cuny1-1/+0
Backups are not synchronized with rclone to gcloud, but instead with rsync to rsync.net.
2023-04-29hosts/tahoe: update settings related to resticFranck Cuny1-14/+5
The path to the restic repository has changed, and we are a bit more specific about the paths we want to backup.
2023-04-29hosts/tahoe: rename account for backup and enable sftp for itFranck Cuny1-0/+8
The dedicated account for backup should be named 'backup', as it's more generic. While it's a system account, I still need to be able to log in the host remotely with sftp, so we give it a UID (991). The account needs to be able to sftp to tahoe in order to store the backups from remote hosts. However we don't want this user to get a shell and be able to browse the host, so we configure sshd to chroot the user to where the backups are stored.
2023-04-23hosts/tahoe: loki and prometheus listen only on the wg0 interfaceFranck Cuny1-4/+7
I don't want to have to deal with authentication and TLS certificates for these endpoints. If they are only listening on the wireguard interface I can trust that only authorized hosts are sending traffic to these endpoints. I trust what's running on these machines.
2023-04-23modules/monitoring: consolidate all monitoring services togetherFranck Cuny1-10/+12
This will help to organize and structure monitoring modules a bit better.
2023-04-23modules/services: add loki and promtailFranck Cuny1-0/+7
2023-03-27modules/sendsms: gate the unit with a fileFranck Cuny1-0/+2
To prevent the unit to be triggered multiple times if the host has already rebooted, we create a gate file when we're done running, and before running, we check if the file exists. Enable the service on tahoe. Don't restart the unit when its definition has changed.
2023-03-02ref(hosts/tahoe): don't install sendsmsFranck Cuny1-1/+0
It's not working as I want, let's fix it first then we can enable it again later.
2023-03-02feat(hosts/tahoe): install gitolite and cgitFranck Cuny1-9/+6
Replace gitea with gitolite + cgit. I don't need a whole git forge for myself, especially since I don't use most of the features. The main thing I'm losing with this change is CI (via drone), but this is not really a big loss for now.
2023-01-19ref(hosts/tahoe): exclude more paths from backupsFranck Cuny1-0/+7
2023-01-16ref(tahoe/backups): backup fewer thingsFranck Cuny1-2/+10
I don't need to backup videos, and the cache of my home directory. I also don't need to keep that many snapshots around.
2023-01-09fix(hosts/tahoe): mask mdmonitorFranck Cuny1-0/+5
This is a broken unit and I don't need it (see https://github.com/nixos/nixpkgs/issues/72394).
2022-11-30feat(hosts/tahoe): enable `sendsms` moduleFranck Cuny1-0/+1
2022-11-06fix(services/drone): enable droneFranck Cuny1-0/+6
The URL for drone changed to https://ci.fcuny.net. The secrets also changed (and we remove the unencrypted file with secrets).
2022-11-05feat(hosts/tahoe): enable gitea againFranck Cuny1-0/+4
2022-10-29ref(hosts/tahoe): disable cgit/gerrit/buildkite/sourcegraphFranck Cuny1-10/+0
Since I'm moving everything back to GitHub I don't need to run these services anymore.
2022-07-08fix(tahoe/backups): don't backup some directoriesFranck Cuny1-0/+1
I don't need to backup these directories in my home. Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b Reviewed-on: https://cl.fcuny.net/c/world/+/620 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-10fix(fmt): correct formatting for all nix filesFranck Cuny1-1/+2
This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-05-30feat(hosts/tahoe): enable buildkite agentFranck Cuny1-0/+1
Change-Id: I12cc741bdfb074f7d2a006547860362176afe372 Reviewed-on: https://cl.fcuny.net/c/world/+/169 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-05-29ref(tahoe): remove droneFranck Cuny1-9/+1
I will not be using drone anymore, and will likely replace it with buildkite. Change-Id: I45d91c43090aaba119855158e071dae377c1897f Reviewed-on: https://cl.fcuny.net/c/world/+/162 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-05-27feat(hosts/tahoe): replace gitea by cgitFranck Cuny1-2/+1
Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2 Reviewed-on: https://cl.fcuny.net/c/world/+/62 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
2022-05-26feat(tahoe): enable gerritFranck Cuny1-0/+4
2022-05-22feat(tahoe): enable sourcegraphFranck Cuny1-0/+4
2022-05-02tahoe: enable exec runner for droneFranck Cuny1-1/+1
2022-04-24backups: do backups for the laptopFranck Cuny1-1/+2
From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
2022-04-21syncthing: enable on tahoeFranck Cuny1-0/+1
2022-04-13drone: configuration fixesFranck Cuny1-1/+1
2022-04-13drone: initial attempt at configuring itFranck Cuny1-0/+6
2022-04-13modules: make the vhost be configurableFranck Cuny1-3/+9
2022-04-13grafana: correct domain name ...Franck Cuny1-1/+1
2022-04-13grafana: the vhost is configurableFranck Cuny1-1/+4
2022-04-13nginx: get a simple solution to work firstFranck Cuny1-13/+1
2022-04-13nginx: add nginx as a reverse proxyFranck Cuny1-1/+14
This will ultimately replace traefik.
2022-04-11tahoe: fix backup configurationFranck Cuny1-2/+3
2022-04-10secrets: move all the secrets under module/Franck Cuny1-3/+3
Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
2022-04-10add a module for backup with resticFranck Cuny1-10/+4
Do a single backup for the host, instead of running multiple ones.
2022-04-08hosts: add services to tahoeFranck Cuny1-7/+2
2022-04-06refactor transmission and metrics-exporterFranck Cuny1-6/+2
2022-04-06refactor traefikFranck Cuny1-1/+1
2022-04-06refactor rclone to a moduleFranck Cuny1-2/+1
2022-04-06refactor gitea as a moduleFranck Cuny1-0/+4
2022-04-06refactor grafana as a moduleFranck Cuny1-1/+1
2022-04-06refactor prometheus as a moduleFranck Cuny1-1/+1
2022-04-06refactor unifi to a moduleFranck Cuny1-1/+1
2022-04-06refactor navidrome to a moduleFranck Cuny1-4/+9
2022-04-06refactor samba to a proper moduleFranck Cuny1-1/+5
The list of public share is configurable too.
2022-04-02nas: add videos to the backupsFranck Cuny1-7/+2
We also don't need the music-organizer anymore since we're switching to beets.
2022-03-28nas: initial setup for navidromeFranck Cuny1-0/+1
2022-03-27nas: install music-organizer from the main branchFranck Cuny1-0/+1
2022-03-27nas: install correctly music-organizerFranck Cuny1-1/+1
2022-03-27nas: install music-organizerFranck Cuny1-3/+5
2022-03-12hosts: add profilesFranck Cuny1-9/+10
Profiles contain a collection of modules.
2022-03-11nas: enable rclone configurationFranck Cuny1-0/+1
2022-03-08gitea: initial configurationFranck Cuny1-0/+1
2022-03-08nas: backup photos and musicFranck Cuny1-0/+12
Instead of rsync-ing these folders to a GCS bucket, I should instead do a backup. If I screw up something, the content will be sync-ed, and I won't be able to restore it. It's better (maybe more expensive, but that's OK) to keep snapshots and be able to restore.
2022-03-06unifi: add unifi on the NASFranck Cuny1-0/+1
2022-03-06nas: install transmissionFranck Cuny1-0/+8
Create a user and group 'nas' so we can run tranmission in it. This will also help us to enable some specific permissions on some directories.
2022-03-06traefik: second attempt, simpleFranck Cuny1-12/+0
2022-03-06traefik: initial configurationFranck Cuny1-0/+12
I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age.
2022-03-05backups: unit to run maintenance on my backupsFranck Cuny1-0/+1
This will be run via a timer once a day, to perform maintenance on my backups on the nas.
2022-02-28grafana: initial configurationFranck Cuny1-0/+1
2022-02-28prometheus: initial configuration for the serverFranck Cuny1-0/+1
Run prometheus via systemd, and configure to pull node-exporter's metrics from two hosts. The retention is set for 3 years.
2022-02-27nas: consume everything from the server profileFranck Cuny1-0/+1
2022-02-27NAS: initial configurationFranck Cuny1-0/+7
For now we only want samba on it.
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-08 12:52:12 +0000