Tristan Daniël Maat
bf1d10f12a
webserver: Use a hardened systemd unit instead of a container
2022-10-12 19:59:26 +01:00
Tristan Daniël Maat
f2fd9cd121
gitea: Use a hardened systemd unit instead of a container
2022-10-12 19:52:31 +01:00
Tristan Daniël Maat
5c1e1feffe
nextcloud: Use a hardened systemd unit instead of a container
2022-10-12 19:45:10 +01:00
Tristan Daniël Maat
d5157e612f
sops: Improve secrets provisioning to split out staging
2022-10-12 17:52:11 +01:00
Tristan Daniël Maat
1ccc919215
treewide: Perform another nitpicking sweep
2022-10-12 13:16:49 +01:00
Tristan Daniël Maat
7095ab2631
treewide: Remove minecraft server
...
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
Tristan Daniël Maat
046a88905d
treewide: Reformat project with alejandra
2022-10-10 13:03:18 +01:00
Tristan Daniël Maat
58e52dd119
ssh: Allow proxy connections with gatewayPorts
2022-10-10 13:01:26 +01:00
Tristan Daniël Maat
cd92ec64c2
Add starbound server
2022-04-23 08:47:13 +01:00
Tristan Daniël Maat
e7102adec1
Add sops-nix
2022-04-23 08:47:07 +01:00
Tristan Daniël Maat
3bdbe66fe4
nginx: Enable HSTS
2021-10-12 13:53:08 +01:00
Tristan Daniël Maat
4fe3b8b22b
minecraft: Fix ridiculous CPU usage
...
Tapes over https://bugs.mojang.com/browse/MC-183518 , which schedules
things completely stupidly on Linux starting with 1.14.
2021-08-25 20:06:05 +01:00
Tristan Daniël Maat
343c7fcc36
nginx: Don't override extra options in the host helper
2021-05-17 00:13:58 +01:00
Tristan Daniël Maat
5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost
2021-05-17 00:13:38 +01:00
Tristan Daniël Maat
458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution
...
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.
This can result in connection issues, especially with containers that
don't support IPv6.
2021-05-16 01:34:03 +01:00
Tristan Daniël Maat
939c768280
nix: Add the wheel group to trusted users to allow remote builds
2021-04-28 00:22:21 +01:00
Tristan Daniël Maat
b474f7e97c
Add forge minecraft service
2021-04-25 04:44:07 +01:00
Tristan Daniël Maat
a3b72d11bd
Set limited permissions for the webserver container
2021-04-19 02:03:18 +01:00
Tristan Daniël Maat
40002ac76e
Add webserver service
2021-04-12 01:58:11 +01:00
Tristan Daniël Maat
98cf95a922
Add nextcloud service
2021-04-12 01:58:09 +01:00
Tristan Daniël Maat
4689a153b9
Add gitea service
2021-04-12 01:58:07 +01:00
Tristan Daniël Maat
5e87a5ec0c
Start reworking the server for nix flakes
...
This removes all existing services as well, in preparation of moving
them to `podman`. These are easier to update to
virtualisation.oci-containers while retaining the "networks" through
pods.
2021-04-12 01:58:03 +01:00