about summary refs log tree commit diff
path: root/hosts/tahoe/services.nix (follow)
Commit message (Collapse)AuthorAgeFilesLines
* hosts/tahoe: enable rsync-ing backups to rsync.netFranck Cuny2023-04-301-0/+7
|
* hosts/tahoe: disable rcloneFranck Cuny2023-04-291-1/+0
| | | | | Backups are not synchronized with rclone to gcloud, but instead with rsync to rsync.net.
* hosts/tahoe: update settings related to resticFranck Cuny2023-04-291-14/+5
| | | | | The path to the restic repository has changed, and we are a bit more specific about the paths we want to backup.
* hosts/tahoe: rename account for backup and enable sftp for itFranck Cuny2023-04-291-0/+8
| | | | | | | | | | | | | The dedicated account for backup should be named 'backup', as it's more generic. While it's a system account, I still need to be able to log in the host remotely with sftp, so we give it a UID (991). The account needs to be able to sftp to tahoe in order to store the backups from remote hosts. However we don't want this user to get a shell and be able to browse the host, so we configure sshd to chroot the user to where the backups are stored.
* hosts/tahoe: loki and prometheus listen only on the wg0 interfaceFranck Cuny2023-04-231-4/+7
| | | | | | | I don't want to have to deal with authentication and TLS certificates for these endpoints. If they are only listening on the wireguard interface I can trust that only authorized hosts are sending traffic to these endpoints. I trust what's running on these machines.
* modules/monitoring: consolidate all monitoring services togetherFranck Cuny2023-04-231-10/+12
| | | | | This will help to organize and structure monitoring modules a bit better.
* modules/services: add loki and promtailFranck Cuny2023-04-231-0/+7
|
* modules/sendsms: gate the unit with a fileFranck Cuny2023-03-271-0/+2
| | | | | | | | | | To prevent the unit to be triggered multiple times if the host has already rebooted, we create a gate file when we're done running, and before running, we check if the file exists. Enable the service on tahoe. Don't restart the unit when its definition has changed.
* ref(hosts/tahoe): don't install sendsmsFranck Cuny2023-03-021-1/+0
| | | | | It's not working as I want, let's fix it first then we can enable it again later.
* feat(hosts/tahoe): install gitolite and cgitFranck Cuny2023-03-021-9/+6
| | | | | | | | Replace gitea with gitolite + cgit. I don't need a whole git forge for myself, especially since I don't use most of the features. The main thing I'm losing with this change is CI (via drone), but this is not really a big loss for now.
* ref(hosts/tahoe): exclude more paths from backupsFranck Cuny2023-01-191-0/+7
|
* ref(tahoe/backups): backup fewer thingsFranck Cuny2023-01-161-2/+10
| | | | | I don't need to backup videos, and the cache of my home directory. I also don't need to keep that many snapshots around.
* fix(hosts/tahoe): mask mdmonitorFranck Cuny2023-01-091-0/+5
| | | | | This is a broken unit and I don't need it (see https://github.com/nixos/nixpkgs/issues/72394).
* feat(hosts/tahoe): enable `sendsms` moduleFranck Cuny2022-11-301-0/+1
|
* fix(services/drone): enable droneFranck Cuny2022-11-061-0/+6
| | | | | The URL for drone changed to https://ci.fcuny.net. The secrets also changed (and we remove the unencrypted file with secrets).
* feat(hosts/tahoe): enable gitea againFranck Cuny2022-11-051-0/+4
|
* ref(hosts/tahoe): disable cgit/gerrit/buildkite/sourcegraphFranck Cuny2022-10-291-10/+0
| | | | | Since I'm moving everything back to GitHub I don't need to run these services anymore.
* fix(tahoe/backups): don't backup some directoriesFranck Cuny2022-07-081-0/+1
| | | | | | | | | I don't need to backup these directories in my home. Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b Reviewed-on: https://cl.fcuny.net/c/world/+/620 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-101-1/+2
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): enable buildkite agentFranck Cuny2022-05-301-0/+1
| | | | | | Change-Id: I12cc741bdfb074f7d2a006547860362176afe372 Reviewed-on: https://cl.fcuny.net/c/world/+/169 Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(tahoe): remove droneFranck Cuny2022-05-291-9/+1
| | | | | | | | | I will not be using drone anymore, and will likely replace it with buildkite. Change-Id: I45d91c43090aaba119855158e071dae377c1897f Reviewed-on: https://cl.fcuny.net/c/world/+/162 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(hosts/tahoe): replace gitea by cgitFranck Cuny2022-05-271-2/+1
| | | | | | Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2 Reviewed-on: https://cl.fcuny.net/c/world/+/62 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* feat(tahoe): enable gerritFranck Cuny2022-05-261-0/+4
|
* feat(tahoe): enable sourcegraphFranck Cuny2022-05-221-0/+4
|
* tahoe: enable exec runner for droneFranck Cuny2022-05-021-1/+1
|
* backups: do backups for the laptopFranck Cuny2022-04-241-1/+2
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* syncthing: enable on tahoeFranck Cuny2022-04-211-0/+1
|
* drone: configuration fixesFranck Cuny2022-04-131-1/+1
|
* drone: initial attempt at configuring itFranck Cuny2022-04-131-0/+6
|
* modules: make the vhost be configurableFranck Cuny2022-04-131-3/+9
|
* grafana: correct domain name ...Franck Cuny2022-04-131-1/+1
|
* grafana: the vhost is configurableFranck Cuny2022-04-131-1/+4
|
* nginx: get a simple solution to work firstFranck Cuny2022-04-131-13/+1
|
* nginx: add nginx as a reverse proxyFranck Cuny2022-04-131-1/+14
| | | | This will ultimately replace traefik.
* tahoe: fix backup configurationFranck Cuny2022-04-111-2/+3
|
* secrets: move all the secrets under module/Franck Cuny2022-04-101-3/+3
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* add a module for backup with resticFranck Cuny2022-04-101-10/+4
| | | | Do a single backup for the host, instead of running multiple ones.
* hosts: add services to tahoeFranck Cuny2022-04-081-0/+37