Commit graph

22 commits

Author SHA1 Message Date
Tristan Daniël Maat d63edbecc7
postgres: Set auth method to "reject"
This will reject connections from anywhere except 127.0.0.1, i.e., the
pod's network namespace.

This makes password authentication properly obsolete, instead of just
hiding the password (but still never authenticating with it), but
required a change upstream:
https://github.com/docker-library/postgres/pull/859
2021-06-11 01:48:54 +01:00
Tristan Daniël Maat 4c94932490
webserver: Use SIGKILL instead of SIGTERM 2021-05-17 00:18:51 +01:00
Tristan Daniël Maat 343c7fcc36
nginx: Don't override extra options in the host helper 2021-05-17 00:13:58 +01:00
Tristan Daniël Maat 5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost 2021-05-17 00:13:38 +01:00
Tristan Daniël Maat b8bf3bd3a2
minecraft: Clean up use of pkgs.lib 2021-05-17 00:13:28 +01:00
Tristan Daniël Maat 458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.

This can result in connection issues, especially with containers that
don't support IPv6.
2021-05-16 01:34:03 +01:00
Tristan Daniël Maat 517f4f0080
postgres: Get rid of password authentication
Podman pods make this obsolete; though we need to explicitly set
slirp4netns, otherwise podman will not create private network
namespaces for the pods.
2021-05-16 00:40:09 +01:00
Tristan Daniël Maat 2ccaadd557
minecraft: Add supplementaries mod 2021-05-11 22:13:31 +01:00
Tristan Daniël Maat 9e06fcf917
gitea: Use a defined service UID
The default of 1000 mapped to my admin user, which was both a bit
concerning and a bit of an annoyance.
2021-04-28 23:18:30 +01:00
Tristan Daniël Maat 939c768280
nix: Add the wheel group to trusted users to allow remote builds 2021-04-28 00:22:21 +01:00
Tristan Daniël Maat 71d783ec11
forge-server: Fix potential duplicate definition of config 2021-04-25 21:05:47 +01:00
Tristan Daniël Maat 70e5b6206e
Tweak voor-kia modpack config
In a nutshell:

- Apotheosis
  - Don't clutter the world with super tall reed
  - Don't ruin spawners - it's nice to build buildings in more
    locations
- Ice and fire
  - *Really* tone down the griefing and amount of spawns
- Iron furnaces
  - *Hopefully* disable the annoying update chat messages
- Quark
  - Disable matrix enchanting so that apotheosis works
2021-04-25 06:23:17 +01:00
Tristan Daniël Maat 7ad729f2ca
Add voor-kia modpack with default configuration 2021-04-25 06:23:15 +01:00
Tristan Daniël Maat ad110fbbea
Add voor-kia minecraft modpack 2021-04-25 06:23:10 +01:00
Tristan Daniël Maat b474f7e97c
Add forge minecraft service 2021-04-25 04:44:07 +01:00
Tristan Daniël Maat a3b72d11bd
Set limited permissions for the webserver container 2021-04-19 02:03:18 +01:00
Tristan Daniël Maat 04c00b9877
Fix NixOS profile imports 2021-04-18 02:58:49 +01:00
Tristan Daniël Maat df76dcbf11
Rename the postgres named volumes 2021-04-17 22:14:21 +01:00
Tristan Daniël Maat 40002ac76e
Add webserver service 2021-04-12 01:58:11 +01:00
Tristan Daniël Maat 98cf95a922
Add nextcloud service 2021-04-12 01:58:09 +01:00
Tristan Daniël Maat 4689a153b9
Add gitea service 2021-04-12 01:58:07 +01:00
Tristan Daniël Maat 5e87a5ec0c
Start reworking the server for nix flakes
This removes all existing services as well, in preparation of moving
them to `podman`. These are easier to update to
virtualisation.oci-containers while retaining the "networks" through
pods.
2021-04-12 01:58:03 +01:00