about summary refs log tree commit diff
path: root/modules/services (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix(modules/unifi): only backup the backup directoryFranck Cuny2022-06-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `/var/lib/unifi` is almost 1GB. The data directory contains a lot of files that are changing constantly, which creates a significant amount of data to backup everyday. Overall if I need to restore a backup for unifi, I don't care about metrics and other application data, I only need to restore a backup, which contains the network configuration. `/var/lib/unifi/data/backup` is smaller: ``` fcuny@tahoe ~> sudo du -sh /var/lib/unifi/data/backup 332M /var/lib/unifi/data/backup ``` and each backup is about 12MB: ``` fcuny@tahoe ~> sudo ls -ltrh /var/lib/unifi/data/backup/autobackup|tail -2 -rw------- 1 unifi unifi 12M Jun 22 18:15 autobackup_6.5.55_20220623_0115_1655946900001.unf -rw------- 1 unifi unifi 5.0K Jun 22 18:15 autobackup_meta.json ``` This will reduce the churn in our daily backup significantly. Change-Id: Ie39ffa9055605298a82ba6731acc34fd4e29309c Reviewed-on: https://cl.fcuny.net/c/world/+/471 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(gerrit): add the plugin to delete projectsFranck Cuny2022-06-181-0/+2
| | | | | | | | | | I need to remove some repositories I created by mistake, this will make it easier than messing up with the database. Change-Id: Ia9357226532fe943d15eaec43413502849e39d3d Reviewed-on: https://cl.fcuny.net/c/world/+/444 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(sourcegraph): exclude more directories from backupFranck Cuny2022-06-131-2/+6
| | | | | | | | | | | | | | I don't need to backup the observability data for sourcegraph. I also don't need to backup the cache. These files change a lot and are about ~300M of data every day, which creates a lot of churn for our backup. All I need if I restore a backup is the content of the database and the indexes. Change-Id: Ifaddda7626ecae32162503bc14aa8d1ffa716622 Reviewed-on: https://cl.fcuny.net/c/world/+/416 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(nginx): delete unused moduleFranck Cuny2022-06-121-81/+0
| | | | | | | Change-Id: Ie69e250c7a63e2f5bea360b5ac62fcd748f48735 Reviewed-on: https://cl.fcuny.net/c/world/+/415 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): update title and descriptionFranck Cuny2022-06-111-1/+2
| | | | | | | Change-Id: I0a8bbe976687a8408e1a931ecf2a90cbaa4926e2 Reviewed-on: https://cl.fcuny.net/c/world/+/414 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(drone): remove all modules and configurationsFranck Cuny2022-06-115-188/+0
| | | | | | | | | I do not use drone anymore, no need to keep this around. Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e Reviewed-on: https://cl.fcuny.net/c/world/+/411 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(gitea): remove all modules for giteaFranck Cuny2022-06-113-1241/+0
| | | | | | | | | I do not use it anymore, I don't need to keep this around. Change-Id: I42af32eec4ee8ab4c2a8c60b5a8306a4eb418f51 Reviewed-on: https://cl.fcuny.net/c/world/+/410 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-1025-61/+92
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(backups): exclude more files from the backupsFranck Cuny2022-06-102-1/+11
| | | | | | | | | We don't need to backup log files for grafana and sourcegraph. Change-Id: I8ed6f6ce1270a12233cad268bcd12e28ac2785cf Reviewed-on: https://cl.fcuny.net/c/world/+/383 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(unifi): configure correctly services.unifi for nixos 22.05Franck Cuny2022-06-101-1/+1
| | | | | | | Change-Id: Ide8e479bc88689e052a372825bc90b23b426a89a Reviewed-on: https://cl.fcuny.net/c/world/+/382 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(nginx): configure correctly security.acme for nixos 22.05Franck Cuny2022-06-101-1/+1
| | | | | | | Change-Id: I94cb29510cbb85c769947dc26c33f9d767e2f0c8 Reviewed-on: https://cl.fcuny.net/c/world/+/381 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): adjust configurationFranck Cuny2022-06-091-0/+9
| | | | | | | | | | | - list up to 150 repositories per page - limit stats to a year - snapshots are in tar.gz format Change-Id: Ifc52d47893737862d89d24b797ec28f32e5076e9 Reviewed-on: https://cl.fcuny.net/c/world/+/366 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(nix): update nix to version 22.05Franck Cuny2022-06-092-1/+2
| | | | | | | | | | | | | NixOS 22.05 was released last month. Bump the versions for both nixos and home-manager. I also need to make a few changes for this update work (packages were renamed, options were addded to tailscale, ...) Change-Id: I84ed9f21915b769c9f7b8e21988b2b021715c982 Reviewed-on: https://cl.fcuny.net/c/world/+/365 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(navidrome): don't backup the cache directoryFranck Cuny2022-06-091-1/+4
| | | | | | | Change-Id: I45a42543d7fb5071022a77382e925b55568e2c2d Reviewed-on: https://cl.fcuny.net/c/world/+/363 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(restic): actually exclude files from the backupFranck Cuny2022-06-091-2/+8
| | | | | | | | | | | The option `exclude' was defined but unused. Add a function to generate a text file containing all the paths that we want to exclude, and provide that file as an option when we call `restic'. Change-Id: I647db892a8a77c589cec1fc975808c5c9ad0b757 Reviewed-on: https://cl.fcuny.net/c/world/+/362 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): don't backup tmp,logs,cache directoriesFranck Cuny2022-06-091-1/+8
| | | | | | | Change-Id: I73087942ed86fd2ad3575a4776dba97fac693468 Reviewed-on: https://cl.fcuny.net/c/world/+/361 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): configure the post-command hookFranck Cuny2022-06-091-0/+12
| | | | | | Change-Id: I7b00987382ef05e032d88cf00e916cdc27511eb1 Reviewed-on: https://cl.fcuny.net/c/world/+/306 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): add plugin 'reviewnotes'Franck Cuny2022-06-091-1/+9
| | | | | | | | | This plugin stores review information for Gerrit changes in the `refs/notes/review' branch. Change-Id: I51c7fe1f8764617e0bff5455d3fe713b0e2f446e Reviewed-on: https://cl.fcuny.net/c/world/+/300 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): install the gerrit hookFranck Cuny2022-06-041-0/+12
| | | | | | | | | Create a few scripts that are used to trigger the hook when a patchset is created. Change-Id: Ibcfdb76b3e0ca29b9adc4c2719a8f81170818788 Reviewed-on: https://cl.fcuny.net/c/world/+/172 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(buildkite): configure the buildkite agentFranck Cuny2022-05-302-0/+47
| | | | | | Change-Id: Icee60f2372e17f6477a91e7f562c04507788c713 Reviewed-on: https://cl.fcuny.net/c/world/+/168 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): write the test correctlyFranck Cuny2022-05-291-1/+1
| | | | | | Change-Id: I1c57da26d315c847fc5cef134e75a34395764ac9 Reviewed-on: https://cl.fcuny.net/c/world/+/161 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): remove git suffix from project URLFranck Cuny2022-05-291-1/+1
| | | | | | | | This has been dropped in cgit. Change-Id: I255ea20b4f81d080207ac8eac6f6727cac2d54f5 Reviewed-on: https://cl.fcuny.net/c/world/+/126 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): update cgit configurationFranck Cuny2022-05-291-0/+9
| | | | | | | | | | - enable git configuration to read the section out of it - don't display the owner (it's git by default) - sort branches and repositories by age Change-Id: I3f21ec6eb25747d21c23a68b6f24f7cb8345fb02 Reviewed-on: https://cl.fcuny.net/c/world/+/125 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): exclude some repositoriesFranck Cuny2022-05-291-1/+8
| | | | | | | | | There are a few repositories that I want to have active in gerrit but I don't want to list in cgit. Change-Id: I341801cddba0909d5c32d2653c8cc5eb8aae94ed Reviewed-on: https://cl.fcuny.net/c/world/+/124 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): ensure permissions are set correctlyFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: I65efa49a904ab1885bd72566e450b6678be6aa21 Reviewed-on: https://cl.fcuny.net/c/world/+/123 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): define the list of repos prior to scan pathFranck Cuny2022-05-281-2/+2
| | | | | | | | | | | | From the documentation for `project-list`: A list of subdirectories inside of scan-path, relative to it, that should loaded as git repositories. This must be defined prior to scan-path Change-Id: Iab176a800e8ff0abd515a525d89ef524ba6ab097 Reviewed-on: https://cl.fcuny.net/c/world/+/122 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(cgit): generate a proper list of repositoriesFranck Cuny2022-05-281-1/+3
| | | | | | | | | | | The logic was previously incorrect. If a repository becomes hidden in gerrit, it will not be removed from the list. Instead, we create a temporary file which we use to dump the new list and then move it over the current list. Change-Id: I990588ac98ad4024ba144c4c76ad7e4ae27202bc Reviewed-on: https://cl.fcuny.net/c/world/+/121 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): link to cgitFranck Cuny2022-05-281-0/+14
| | | | | | | | Configure gitweb to link to our cgit instance Change-Id: I55cb96e7199bf2636a30689b277978008d6605eb Reviewed-on: https://cl.fcuny.net/c/world/+/88 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): generate the list of projects from gerritFranck Cuny2022-05-281-4/+35
| | | | | | | | | | Query the gerrit API to get the list of active projects, and generate the list of repositories from it. This run every 10 minutes as a systemd timer. Change-Id: I016a6d748597ff4d03af893e0a95b96830bdb3f7 Reviewed-on: https://cl.fcuny.net/c/world/+/87 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): set the clone URL to gerritFranck Cuny2022-05-281-0/+1
| | | | | | Change-Id: I2328abdbd369358e59747a220fe1e57edd8c5126 Reviewed-on: https://cl.fcuny.net/c/world/+/86 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(cgit): support org mode files for READMEFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: Ia0b3c7e5c2b1f399f7eaf5db2e926dc3a0859790 Reviewed-on: https://cl.fcuny.net/c/world/+/85 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): backup all relevant directoriesFranck Cuny2022-05-281-0/+2
| | | | | | Change-Id: I7d70a25f95cddedaba5e5186b6e7f83ddf9e7eb9 Reviewed-on: https://cl.fcuny.net/c/world/+/84 Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(gerrit): enable sending emailsFranck Cuny2022-05-271-1/+10
| | | | | | | | Configure gerrit to send emails using fastmail's SMTP servers. Change-Id: I658373a2c1e9b3c5dcbe214a02ebe8ca1be69580 Reviewed-on: https://cl.fcuny.net/c/world/+/81 Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(gerrit): set the OAUTH client IDFranck Cuny2022-05-271-0/+5
| | | | | | Change-Id: I2a5b554be29af9184ad504bcb8beca30c605e6c4 Reviewed-on: https://cl.fcuny.net/c/world/+/63 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* fix(gerrit): set the home directory for gitFranck Cuny2022-05-271-1/+1
| | | | | | Change-Id: Idba41215b58e8cd77d8d4efa354a3acf52c6bc6d Reviewed-on: https://cl.fcuny.net/c/world/+/61 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* feat(cgit): add a module for cgitFranck Cuny2022-05-272-0/+52
| | | | | | | | | cgit is a git web viewer, it will be hosted at git.fcuny.net to replace gitea. Change-Id: I16561776fa90a3561d6a13f8545bd2e8f67f409a Reviewed-on: https://cl.fcuny.net/c/world/+/46 Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
* ref(gerrit): ensure the git user is presentFranck Cuny2022-05-261-0/+9
| | | | Change-Id: Ie217a14a20474b626a2c66116663b785193978c2
* fix(gerrit): use a compatible JDKFranck Cuny2022-05-261-0/+3
| | | | Change-Id: I3fadf8a3a9a81c7966b4c048ace1ae259f0e3668
* fix(gerrit): install the plugin for oauthFranck Cuny2022-05-261-2/+8
| | | | Change-Id: I3e4a215b47a5a368210b268fa170aa2dddab721f
* fix(gerrit): settings where in wrong placeFranck Cuny2022-05-261-8/+8
| | | | Change-Id: I449f9032e32911fa33c26ec41faadb4f8acc8b1f
* feat(gerrit): use OAUTH for authenticationFranck Cuny2022-05-261-0/+10
|
* fix(gerrit): force gerrit to run as the git userFranck Cuny2022-05-261-0/+11
| | | | | | | The default configuration wants to run gerrit with a DynamicUser. However, this prevent the server to generate the ssh keys needed by gerrit. Instead, we can force the server to run with the 'git' user, which already exists.
* fix(gerrit): use localhost for the proxyFranck Cuny2022-05-261-1/+1
|
* fix(gerrit): remove extra '}' from stringFranck Cuny2022-05-261-1/+1
|
* fix(sourcegraph): remove extra '}' from stringFranck Cuny2022-05-261-1/+1
|
* fix(gerrit): apply a serverIdFranck Cuny2022-05-261-0/+1
| | | | | This identify the server (see https://github.com/NixOS/nixpkgs/blob/634141959076a8ab69ca2cca0f266852256d79ee/nixos/modules/services/web-apps/gerrit.nix#L141).
* feat(gerrit): add the gerrit serverFranck Cuny2022-05-262-0/+51
| | | | | | Gerrit is a tool for doing code review for git. It will be running at cl.fcuny.net and will be the main way to interact with my git repositories.
* feat(modules): create a module for sourcegraphFranck Cuny2022-05-222-0/+47
| | | | | | | Run sourcegraph ([0]) in a docker container. It's exposed as cs.fcuny.xyz, and we backup some of the directories. [0] https://docs.sourcegraph.com
* modules: fix configuration for syncthingFranck Cuny2022-05-131-2/+2
| | | | The `documents` folder was not being synced.
* grafana: there was already something on port 3030 ...Franck Cuny2022-05-121-1/+1
|
* grafana: run on port 3030Franck Cuny2022-05-121-0/+1
| | | | There's already something on port 3000.
* modules: fix configuration for drone-runner-execFranck Cuny2022-05-021-1/+1
|
* gitea: add a dashboard for grafanaFranck Cuny2022-04-241-0/+1176
|
* gitea: enable metric endpointFranck Cuny2022-04-242-7/+13
| | | | Move configuration for the scraper into the gitea module itself.
* backups: do backups for the laptopFranck Cuny2022-04-241-1/+10
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* syncthing: add pixel (my phone) to known devicesFranck Cuny2022-04-211-1/+12
| | | | | Copy the pictures from the phone on all my machines. Don't sync the documents on the phone (at least for now).
* syncthing: configure devices and foldersFranck Cuny2022-04-211-0/+18
|
* syncthing: configure the keys for tahoeFranck Cuny2022-04-211-3/+7
|
* syncthing: enable on tahoeFranck Cuny2022-04-211-6/+12
|
* modules: add syncthing as a new moduleFranck Cuny2022-04-212-0/+12
|
* drone: backup the state directoryFranck Cuny2022-04-131-0/+2
|
* drone: configuration fixesFranck Cuny2022-04-132-2/+7
|
* drone: initial attempt at configuring itFranck Cuny2022-04-135-0/+178
|
* nginx: configure correctly the dashboardFranck Cuny2022-04-131-2/+2
|
* nginx: install the default dashboardFranck Cuny2022-04-131-0/+6
|
* traefik: remove the moduleFranck Cuny2022-04-134-1934/+0
|
* modules: make the vhost be configurableFranck Cuny2022-04-133-15/+25
|
* grafana: the vhost is configurableFranck Cuny2022-04-131-4/+11
|
* grafana: bind to localhostFranck Cuny2022-04-131-4/+0
|
* modules: set secretsFranck Cuny2022-04-132-2/+6
|
* unifi: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* transmission: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* navidrome: use nginx for reverse proxyFranck Cuny2022-04-131-0/+14
|
* grafana: set proper port for reverse proxyFranck Cuny2022-04-131-1/+1
|
* grafana: use proper certFranck Cuny2022-04-131-1/+1
|
* grafana: try to configure the domain with acme+dnsFranck Cuny2022-04-131-1/+17
|
* nginx: get a simple solution to work firstFranck Cuny2022-04-132-291/+12
|
* nginx: add nginx as a reverse proxyFranck Cuny2022-04-134-0/+412
| | | | This will ultimately replace traefik.
* rclone: fix the order of the paramsFranck Cuny2022-04-131-2/+2
|
* backups: rename system to hostFranck Cuny2022-04-111-1/+1
| | | | Since this is a host level backup.
* grafana: backup the whole directoryFranck Cuny2022-04-111-1/+1
|
* secrets: move all the secrets under module/Franck Cuny2022-04-104-26/+15
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* add a module for backup with resticFranck Cuny2022-04-107-65/+89
| | | | Do a single backup for the host, instead of running multiple ones.
* services: add avahiFranck Cuny2022-04-082-0/+15
|
* modules: add a few moreFranck Cuny2022-04-082-0/+28
|
* gitea: fix the moduleFranck Cuny2022-04-061-3/+3
| | | | | Quick fix for now, we will add these values as options to the module once we confirm everything is still working.
* refactor transmission and metrics-exporterFranck Cuny2022-04-064-1/+54
|
* refactor traefikFranck Cuny2022-04-062-0/+104
|
* refactor rclone to a moduleFranck Cuny2022-04-062-0/+38
|
* refactor gitea as a moduleFranck Cuny2022-04-062-0/+54
|
* prometheus: proper name for the optionFranck Cuny2022-04-061-1/+1
|
* refactor grafana as a moduleFranck Cuny2022-04-066-0/+26438
|
* refactor prometheus as a moduleFranck Cuny2022-04-062-0/+189
|
* refactor unifi to a moduleFranck Cuny2022-04-062-2/+97
|
* import navidrome with other servicesFranck Cuny2022-04-061-1/+2
|
* refactor navidrome to a moduleFranck Cuny2022-04-061-0/+37
|
* refactor samba to a proper moduleFranck Cuny2022-04-062-1/+56
| | | | The list of public share is configurable too.
* refactor modules for btrfs, ssd, and fwupdFranck Cuny2022-04-052-1/+6
|
* create a profile for laptopFranck Cuny2022-04-053-1/+35
|
* network: move tailscale in modulesFranck Cuny2022-04-052-1/+14
| | | | Move the networking configuration for the hosts to its own file.
* ssh: refactor to a moduleFranck Cuny2022-04-052-0/+18
Also install mosh and ensure the firewall opens the correct ports.