Commit graph

152 commits

Author SHA1 Message Date
61d3008bc3
nextcloud: Fetch apps using nvfetcher 2022-10-17 11:00:02 +01:00
c4fa991b62
treewide: Add fail2ban 2022-10-14 06:27:11 +01:00
1ddf23bd01
nextcloud: Update nextcloud version 2022-10-14 05:58:18 +01:00
78ecfd63a1
starbound: Fix post-update issues 2022-10-14 05:58:15 +01:00
e8b16459d9
treewide: Refactor in order to clean up flake.nix 2022-10-14 05:58:13 +01:00
068e6d5d77
webserver: Use a hardened systemd unit instead of a container 2022-10-14 05:58:11 +01:00
b6594cea54
gitea: Use a hardened systemd unit instead of a container 2022-10-14 05:58:08 +01:00
3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container 2022-10-14 05:58:05 +01:00
6a81ce4c1d
sops: Improve secrets provisioning to split out staging 2022-10-12 23:22:50 +01:00
ab3aa19481
treewide: Perform another nitpicking sweep 2022-10-12 23:22:42 +01:00
7095ab2631
treewide: Remove minecraft server
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.

Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
046a88905d
treewide: Reformat project with alejandra 2022-10-10 13:03:18 +01:00
58e52dd119
ssh: Allow proxy connections with gatewayPorts 2022-10-10 13:01:26 +01:00
ed74cfa576
starbound: Fix permissions for a syscall steamcmd needs 2022-04-23 09:31:21 +01:00
cd92ec64c2
Add starbound server 2022-04-23 08:47:13 +01:00
e7102adec1
Add sops-nix 2022-04-23 08:47:07 +01:00
c019187b37
postgres: Upgrade to version 14 2022-01-18 18:54:37 +00:00
b6f39969cc
Fix podman hostnames
It seems that with the newest version of podman container names are no
longer added as hostnames, meaning that any attempt to resolve
hostnames with the current config will fail. `localhost` is probably
more robust anyway, so we switch to that.

The bug manifests as broken services because nextcloud/gitea cannot
resolve their databases and nextcloud fails to resolve the php
server. To fix this a running system, the gitea and nextcloud database
configurations will need to be hand-edited, since those values are
only set on initialization, and not updated when changed later.
2022-01-08 02:19:04 +00:00
bd7e4a3193
Fix service uid/gids 2022-01-08 00:33:01 +00:00
90926e2eee
nextcloud: Give nginx access to the nextcloud root 2021-10-13 15:29:12 +01:00
20cda44040
nextcloud: Update nginx config 2021-10-13 14:53:05 +01:00
b16ea49c44
nextcloud: Set TRUSTED_PROXIES
Part of #47
2021-10-13 13:27:27 +01:00
3bdbe66fe4
nginx: Enable HSTS 2021-10-12 13:53:08 +01:00
a66eac3b17
minecraft: Add automatic restart scheduling
This starts/stops the server at 2 pm and 4 am respectively. This
should hopefully fix some of the issues caused by shoddy programming.
2021-08-27 18:10:19 +01:00
6bc37ebdae
minecraft: Limit to a single core instead of limiting the quota
Minecraft is anyway supposed to be single-threaded, so if it goes
beyond one core something is very wrong.
2021-08-27 18:09:43 +01:00
4fe3b8b22b
minecraft: Fix ridiculous CPU usage
Tapes over https://bugs.mojang.com/browse/MC-183518, which schedules
things completely stupidly on Linux starting with 1.14.
2021-08-25 20:06:05 +01:00
6b85b9523c
minecraft: Enable command blocks to fix ice and fire ores 2021-08-21 00:20:20 +01:00
b17ac84693
Add new minecraft mod configuration files 2021-08-20 23:45:51 +01:00
544036d4e4
Update miscellaneous minecraft configs
Largely sensible changes, no complete rewrites without taking user
configuration into account like ice and fire.
2021-08-20 23:45:35 +01:00
196ad863c4
Update supplementaries config 2021-08-20 23:45:15 +01:00
cd55c50224
Update ice and fire config
Yes, they completely changed the config format and didn't take into
account the user's changes.

I guess I shouldn't be expecting much from minecraft mod authors, but
damn.
2021-08-20 23:45:12 +01:00
4c94932490
webserver: Use SIGKILL instead of SIGTERM 2021-05-17 00:18:51 +01:00
343c7fcc36
nginx: Don't override extra options in the host helper 2021-05-17 00:13:58 +01:00
5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost 2021-05-17 00:13:38 +01:00
b8bf3bd3a2
minecraft: Clean up use of pkgs.lib 2021-05-17 00:13:28 +01:00
458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.

This can result in connection issues, especially with containers that
don't support IPv6.
2021-05-16 01:34:03 +01:00
517f4f0080
postgres: Get rid of password authentication
Podman pods make this obsolete; though we need to explicitly set
slirp4netns, otherwise podman will not create private network
namespaces for the pods.
2021-05-16 00:40:09 +01:00
2ccaadd557
minecraft: Add supplementaries mod 2021-05-11 22:13:31 +01:00
9e06fcf917
gitea: Use a defined service UID
The default of 1000 mapped to my admin user, which was both a bit
concerning and a bit of an annoyance.
2021-04-28 23:18:30 +01:00
939c768280
nix: Add the wheel group to trusted users to allow remote builds 2021-04-28 00:22:21 +01:00
71d783ec11
forge-server: Fix potential duplicate definition of config 2021-04-25 21:05:47 +01:00
70e5b6206e
Tweak voor-kia modpack config
In a nutshell:

- Apotheosis
  - Don't clutter the world with super tall reed
  - Don't ruin spawners - it's nice to build buildings in more
    locations
- Ice and fire
  - *Really* tone down the griefing and amount of spawns
- Iron furnaces
  - *Hopefully* disable the annoying update chat messages
- Quark
  - Disable matrix enchanting so that apotheosis works
2021-04-25 06:23:17 +01:00
7ad729f2ca
Add voor-kia modpack with default configuration 2021-04-25 06:23:15 +01:00
ad110fbbea
Add voor-kia minecraft modpack 2021-04-25 06:23:10 +01:00
b474f7e97c
Add forge minecraft service 2021-04-25 04:44:07 +01:00
a3b72d11bd
Set limited permissions for the webserver container 2021-04-19 02:03:18 +01:00
04c00b9877
Fix NixOS profile imports 2021-04-18 02:58:49 +01:00
df76dcbf11
Rename the postgres named volumes 2021-04-17 22:14:21 +01:00
40002ac76e
Add webserver service 2021-04-12 01:58:11 +01:00
98cf95a922
Add nextcloud service 2021-04-12 01:58:09 +01:00