Commit Graph

76 Commits

Author SHA1 Message Date
Oystein Kristoffer Tveit c98a1a0541
tsuki/jupyter: harden security with sops and systemd 2023-07-28 22:00:07 +02:00
Oystein Kristoffer Tveit 1f5832074b
tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior 2023-07-12 23:42:07 +02:00
Oystein Kristoffer Tveit 6c2bd3f2d5
tsuki/invidious: remove redundant code, add comments 2023-07-12 23:38:41 +02:00
Oystein Kristoffer Tveit 394a932988
tsuki/nginx: misc:
- Move temporary website into its own file
- Collect all http uris into upstreams
- Convert some upstreams to UNIX sockets, as changed in the last few
  commits
2023-07-12 23:36:57 +02:00
Oystein Kristoffer Tveit 24a02d386c
tsuki/hedgedoc: misc:
- Experiment with reducing the number of options in the module
- Use UNIX socket behind nginx
- "Upstream" systemd hardening to module
2023-07-12 23:34:23 +02:00
Oystein Kristoffer Tveit 5ea58f1b98
tsuki/gitea: use UNIX socket behind gitea 2023-07-12 23:30:39 +02:00
Oystein Kristoffer Tveit fd052eea5a
tsuki/grafana: use UNIX socket behind nginx 2023-07-12 23:27:10 +02:00
Oystein Kristoffer Tveit 1f3b5addd3
tsuki/hedgedoc: misc:
- configure oauth2 (this requires a custom module for now,
    will be resolved in 23.11)
- harden systemd service
- add systemd requires list
- use socket postgres uri
2023-07-12 02:30:00 +02:00
Oystein Kristoffer Tveit cf42debf37
tsuki/invidious: misc:
- bind to 127.0.0.1
- depend on postgresql systemd unit
2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit c8db83b925
tsuki/plex: harden systemd unit 2023-07-12 02:06:41 +02:00
Oystein Kristoffer Tveit 20de3c260f
tsuki/postgres: misc:
- add postgresql backup service
- harden systemd unit
- increase max_connections
2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit 82ea6e9f5a
tsuki: add timed nhk easy news scraper 2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit dddc92877c
tsuki/matrix/matrix-appservice-irc: enable lainchan irc bouncer 2023-07-12 02:06:40 +02:00
Oystein Kristoffer Tveit 68b181fc05
tsuki/matrix/mx-puppet-discord: disable temporarily
This still uses an old version of node that is disabled
in nixpkgs 23.05, disabling for now
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 98745298c7
tsuki/matrix/mautrix-facebook: disable
Got banned one too many times, disabling for now.
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 8a42e97014
tsuki/monitoring: misc:
- Secure grafana better, it had secrets in the nix store
- Set up prometheus exporters for nginx and php-fpm
- Add urls for dashboards
- Disable automatic updates
2023-07-12 02:06:39 +02:00
Oystein Kristoffer Tveit 25b6f0f3e9
tsuki/vaultwarden: add vaultwarden, password manager 2023-07-12 02:06:38 +02:00
Oystein Kristoffer Tveit 40e95ce030
tsuki/borg: set up borgbackup 2023-07-12 02:06:37 +02:00
Oystein Kristoffer Tveit 0e3a4c35d2
tsuki/atuin: set up atuin server 2023-07-12 02:06:16 +02:00
Oystein Kristoffer Tveit fc0e4f6c52
tsuki/nginx/www: real website dead, add temporary website 2023-07-12 02:04:57 +02:00
Oystein Kristoffer Tveit 949f228c97
tsuki/hydra: put all services below `system-hydra.slice` 2023-07-12 02:04:56 +02:00
Oystein Kristoffer Tveit 7f8d60057d
tsuki/headscale: fix oauth2, and set up tailscale 2023-07-12 02:04:53 +02:00
Oystein Kristoffer Tveit 3267e5f687
tsuki/headscale: start working on oidc login 2023-05-08 02:36:17 +02:00
Oystein Kristoffer Tveit 58061df4ab
tsuki: set up nextcloud, without enabling it 2023-05-08 02:36:14 +02:00
Oystein Kristoffer Tveit 32885239c3
tsuki/pgadmin: misc
- The pgadmin config has grown, and as a result, it has been split from
    the postgres file.
- Setup OAuth
- Setup uWSGI and forward to nginx via socket
  (This last part is still a little borked, and the service is not
  functioning entirely just yet)
2023-05-08 02:36:13 +02:00
Oystein Kristoffer Tveit 53dbedef2b
tsuki/hedgedoc: small auth url improvement 2023-05-08 02:36:12 +02:00
Oystein Kristoffer Tveit 7cdf122c58
tsuki: set up invidious 2023-05-08 02:36:10 +02:00
Oystein Kristoffer Tveit df3aa7c10e
tsuki: setup oauth2 for pgadmin
This commit also changes the pgadmin package from `22.11` to `unstable`
2023-03-17 01:28:33 +01:00
Oystein Kristoffer Tveit 5e2a5a939b
tsuki: move gitea postgres password to sops 2023-03-08 15:59:50 +01:00
Oystein Kristoffer Tveit 7a0fcf7805
tsuki: configure wildcard certs for nginx 2023-03-08 14:54:43 +01:00
Oystein Kristoffer Tveit ebd854a0ae
gitea: set up oauth2 2023-03-08 14:54:42 +01:00
Oystein Kristoffer Tveit dd6c99226e
tsuki: set up hedgedoc
the dynmap subdomain was also renamed from "dyn" to "map" in this commit
2023-03-08 14:54:40 +01:00
Oystein Kristoffer Tveit 2ad7b7b2c3
tsuki: remove keycloak 2023-03-07 23:15:20 +01:00
Oystein Kristoffer Tveit 0df70d6c72
tsuki: add well-known autoconfig for thunderbird mail 2023-03-07 23:15:19 +01:00
Oystein Kristoffer Tveit d5ae85092c
tsuki: set up kanidm 2023-03-07 23:15:18 +01:00
Oystein Kristoffer Tveit 7c3c830d6e
tsuki: add recommended minecraft jvm flags 2023-02-25 21:15:35 +01:00
Oystein Kristoffer Tveit 5b0dd71b4a
tsuki: add some systemd constraints
Add some systemd constraints to some fix boottime service failures
2023-02-25 21:12:38 +01:00
Oystein Kristoffer Tveit a08f6ce28e
tsuki: add `.well-known/matrix/client` 2023-02-25 21:10:39 +01:00
Oystein Kristoffer Tveit 1eefc118bf
tsuki: add postgres to environment 2023-02-25 20:01:57 +01:00
Oystein Kristoffer Tveit 45497aea2b
tsuki: set up proper grafana infrastructure
- Set up a bunch of exporters
- Download matching dashboard declarations
- Remove influxdb
2023-01-20 19:55:52 +01:00
Oystein Kristoffer Tveit e840a95ebe
tsuki: use matrix-synapse-next module with workers 2023-01-20 19:52:04 +01:00
Oystein Kristoffer Tveit 47d8aa7899
tsuki: add headscale 2023-01-16 17:16:42 +01:00
Oystein Kristoffer Tveit b5030a7c06
tsuki: move grafana config into nondeprecated attrset 2023-01-16 17:16:40 +01:00
Oystein Kristoffer Tveit 3820be9ef9
tsuki: update matrix stickers 2023-01-16 17:16:39 +01:00
Oystein Kristoffer Tveit ef4f5d4dd4
tsuki: reduce amount of gitea backups, and move state dir 2023-01-16 16:11:28 +01:00
Oystein Kristoffer Tveit eaa2e9bd1d
tsuki: update matrix stickers 2023-01-16 16:10:12 +01:00
Oystein Kristoffer Tveit 1b0ed26f15
tsuki: set up minecraft server 2023-01-16 16:06:34 +01:00
Oystein Kristoffer Tveit c78b2a2c26
tsuki: add osuchan service 2023-01-04 14:32:11 +01:00
Oystein Kristoffer Tveit 47f8183490
tsuki: move all datafiles/drives to TrueNAS NFS 2023-01-03 23:01:08 +01:00
Oystein Kristoffer Tveit aea736c2df
tsuki: remove a lot of unused services
Removed:
- dokuwiki (this was never properly set up)
- libvirt (this is already a virtual machine, double virtualization bad)
- openldap (this will become the responsibility of keycloak)
- openvpn (this will become the responsibility of head/tailscale)
- samba (this is now the responsibility of TrueNAS)
- searx (I never used this)
- gitlab (this has become the responsibility of gitea and hydra)
- syncthing (this was never properly set up)

The nix cache nginx entry is also paused, as it wasn't functional.

In this commit and the previous commit, the nginx config for the
minecraft server was also taken down, as the whole host is deleted.
The plan is to set it up again, this time using tsuki.
2023-01-03 22:52:24 +01:00