913944cff3
feat(immich): Add immich service
2025-05-24 05:30:06 +08:00
63b3cbe00b
style(treewide): Apply linter suggestions
2025-05-20 20:48:47 +08:00
c939b935bf
feat(conduit): Refactor matrix appservices and add matrix-hookshot
2025-02-11 05:01:37 +08:00
40187d4b2d
feat: Add crowdsec to replace fail2ban
2025-02-01 00:08:31 +08:00
22981fdcdd
feat: Remove fail2ban
2025-02-01 00:08:29 +08:00
b3be7bd88f
bump: Update to NixOS 24.11
2025-01-19 17:40:30 +08:00
34f88ee8d5
chore: Remove afvalcalendar
2025-01-19 17:40:29 +08:00
04f7a7ef1d
treewide: Use nixfmt for formatting
2024-08-18 20:41:20 +02:00
222829d82a
starbound: Don't build service for now
...
This includes the really huge steam-run closure, which is just a PITA
to keep up with if we're never using it.
2024-07-01 19:24:03 +02:00
fd138d45e6
treewide: Start using nixpkgs-fmt formatting
2024-06-28 20:12:55 +02:00
501c3466bc
Update to NixOS 24.05
2024-06-14 00:49:12 +02:00
8f178f776e
afvalcalendar: Host enschede afvalcalendar
2024-04-15 03:14:46 +02:00
119db5e1d3
sonnenshift: Init
2024-04-08 20:02:53 +02:00
14785afa14
vm: Set up proper bridge networking
2024-03-27 01:51:15 +01:00
fa73574dba
nginx: Factor nginx configuration into a separate module
2024-03-12 06:07:24 +01:00
1c6e7ec106
acme: Don't attempt to get certs if the domain is wrong
2024-03-11 03:42:29 +01:00
ddda6f534b
hetzner: Add new server config
2024-03-11 03:42:28 +01:00
95b5d4b3bd
nginx: Reduce number of rotated logs kept around
2023-12-15 17:04:42 +01:00
55a4aaf48b
metrics: Add metrics with victoriametrics + grafana
2023-10-12 20:41:04 +02:00
87dd9daa4f
backups: Add atomic backups with restic
2023-10-12 20:27:34 +02:00
828d3f3878
services: Update outdated options
2023-07-28 11:23:56 +02:00
acd7cc802b
networking: Set up static IP address
2023-05-11 22:09:32 +01:00
bb397841ee
refactoring: Use flake-inputs instead of awkwardly passing through
2023-02-26 05:59:09 +00:00
b7726af1c4
config: Make changes suggested post 22.11 update
2023-01-11 02:38:56 +00:00
957ab110c5
firewall: Open Minecraft ports for port forwarding
2023-01-11 02:38:53 +00:00
Tristan Daniël Maat
a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate
2022-11-05 22:26:52 +00:00
Tristan Daniël Maat
997707021b
config: Enable authorization through ssh agent
...
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.
*And* seems more secure and convenient at the same time.
2022-11-05 18:01:07 +00:00
Tristan Daniël Maat
0528f73187
nginx: Remove mitigation for openssl CVE
...
This has been fixed, instead we just update to the latest openssl.
2022-11-05 17:33:28 +00:00
Tristan Daniël Maat
2304711359
config: Mitigate upcoming SSL CVE
...
See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
As 1.1 is unaffected, this override should be sufficient to evade this
problem.
2022-10-31 16:07:41 +00:00
Tristan Daniël Maat
b3e8b0e85c
default.nix: Turn on minimal profile
2022-10-30 18:26:45 +00:00
Tristan Daniël Maat
c72953e1ef
matrix: Add coturn support for calls
2022-10-29 01:39:09 +01:00
c56de6cf7e
conduit: Add new conduit service
2022-10-22 21:22:55 +01:00
61d3008bc3
nextcloud: Fetch apps using nvfetcher
2022-10-17 11:00:02 +01:00
c4fa991b62
treewide: Add fail2ban
2022-10-14 06:27:11 +01:00
78ecfd63a1
starbound: Fix post-update issues
2022-10-14 05:58:15 +01:00
e8b16459d9
treewide: Refactor in order to clean up flake.nix
2022-10-14 05:58:13 +01:00
068e6d5d77
webserver: Use a hardened systemd unit instead of a container
2022-10-14 05:58:11 +01:00
b6594cea54
gitea: Use a hardened systemd unit instead of a container
2022-10-14 05:58:08 +01:00
3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container
2022-10-14 05:58:05 +01:00
6a81ce4c1d
sops: Improve secrets provisioning to split out staging
2022-10-12 23:22:50 +01:00
ab3aa19481
treewide: Perform another nitpicking sweep
2022-10-12 23:22:42 +01:00
7095ab2631
treewide: Remove minecraft server
...
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
046a88905d
treewide: Reformat project with alejandra
2022-10-10 13:03:18 +01:00
58e52dd119
ssh: Allow proxy connections with gatewayPorts
2022-10-10 13:01:26 +01:00
cd92ec64c2
Add starbound server
2022-04-23 08:47:13 +01:00
e7102adec1
Add sops-nix
2022-04-23 08:47:07 +01:00
3bdbe66fe4
nginx: Enable HSTS
2021-10-12 13:53:08 +01:00
4fe3b8b22b
minecraft: Fix ridiculous CPU usage
...
Tapes over https://bugs.mojang.com/browse/MC-183518 , which schedules
things completely stupidly on Linux starting with 1.14.
2021-08-25 20:06:05 +01:00
343c7fcc36
nginx: Don't override extra options in the host helper
2021-05-17 00:13:58 +01:00
5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost
2021-05-17 00:13:38 +01:00
