Commit graph

60 commits

Author SHA1 Message Date
Tristan Daniël Maat d99b19d84e
fail2ban: Add metrics 2023-10-03 02:37:12 +02:00
Tristan Daniël Maat 39d9884ff0
nginx: Add metrics 2023-10-03 02:37:05 +02:00
Tristan Daniël Maat afcc959bf9
Add metrics 2023-10-02 22:52:23 +02:00
Tristan Daniël Maat 2007c9ce76
WIP: Add atomic backups with restic 2023-09-23 21:07:17 +02:00
Tristan Daniël Maat ab5e088016
conduit: Add Element X support 2023-09-18 04:17:16 +02:00
Tristan Daniël Maat bb3ffbbd90
nextcloud: Configure redis caching 2023-07-29 18:17:39 +02:00
Tristan Daniël Maat 0c5755d2f0
nextcloud: Upgrade to version 27 2023-07-29 18:17:24 +02:00
Tristan Daniël Maat 88d96f198b
nextcloud: Apply recommended PHP setting 2023-07-28 12:19:00 +02:00
Tristan Daniël Maat 828d3f3878
services: Update outdated options 2023-07-28 11:23:56 +02:00
Tristan Daniël Maat a3e2d2931c
services: Add FoundryVTT service 2023-05-11 22:22:30 +01:00
Tristan Daniël Maat 14d29fa49d
services: Add wireguard service 2023-05-11 22:09:39 +01:00
Tristan Daniël Maat 74f38614a0
matrix: Add heisenbridge 2023-02-28 04:26:55 +00:00
Tristan Daniël Maat 33ec32a8da
conduit: Update to 0.5.0 2023-02-26 05:59:54 +00:00
Tristan Daniël Maat f6e39e09a5
gitea: Update configuration for 22.11 2023-01-11 02:38:50 +00:00
Tristan Daniël Maat b798efb2c0
nextcloud: Update the service and apps for 22.11 2023-01-11 02:38:42 +00:00
Tristan Daniël Maat a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate 2022-11-05 22:26:52 +00:00
Tristan Daniël Maat 598c439002
conduit: Disable turns, remove the user limits and add all relay IPs 2022-11-05 17:10:39 +00:00
Tristan Daniël Maat b3e8b0e85c
default.nix: Turn on minimal profile 2022-10-30 18:26:45 +00:00
Tristan Daniël Maat c72953e1ef
matrix: Add coturn support for calls 2022-10-29 01:39:09 +01:00
Tristan Daniël Maat c56de6cf7e
conduit: Add new conduit service 2022-10-22 21:22:55 +01:00
Tristan Daniël Maat 61d3008bc3
nextcloud: Fetch apps using nvfetcher 2022-10-17 11:00:02 +01:00
Tristan Daniël Maat c4fa991b62
treewide: Add fail2ban 2022-10-14 06:27:11 +01:00
Tristan Daniël Maat 1ddf23bd01
nextcloud: Update nextcloud version 2022-10-14 05:58:18 +01:00
Tristan Daniël Maat 068e6d5d77
webserver: Use a hardened systemd unit instead of a container 2022-10-14 05:58:11 +01:00
Tristan Daniël Maat b6594cea54
gitea: Use a hardened systemd unit instead of a container 2022-10-14 05:58:08 +01:00
Tristan Daniël Maat 3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container 2022-10-14 05:58:05 +01:00
Tristan Daniël Maat 6a81ce4c1d
sops: Improve secrets provisioning to split out staging 2022-10-12 23:22:50 +01:00
Tristan Daniël Maat 7095ab2631
treewide: Remove minecraft server
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.

Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
Tristan Daniël Maat 046a88905d
treewide: Reformat project with alejandra 2022-10-10 13:03:18 +01:00
Tristan Daniël Maat ed74cfa576
starbound: Fix permissions for a syscall steamcmd needs 2022-04-23 09:31:21 +01:00
Tristan Daniël Maat cd92ec64c2
Add starbound server 2022-04-23 08:47:13 +01:00
Tristan Daniël Maat c019187b37
postgres: Upgrade to version 14 2022-01-18 18:54:37 +00:00
Tristan Daniël Maat b6f39969cc
Fix podman hostnames
It seems that with the newest version of podman container names are no
longer added as hostnames, meaning that any attempt to resolve
hostnames with the current config will fail. `localhost` is probably
more robust anyway, so we switch to that.

The bug manifests as broken services because nextcloud/gitea cannot
resolve their databases and nextcloud fails to resolve the php
server. To fix this a running system, the gitea and nextcloud database
configurations will need to be hand-edited, since those values are
only set on initialization, and not updated when changed later.
2022-01-08 02:19:04 +00:00
Tristan Daniël Maat bd7e4a3193
Fix service uid/gids 2022-01-08 00:33:01 +00:00
Tristan Daniël Maat 90926e2eee
nextcloud: Give nginx access to the nextcloud root 2021-10-13 15:29:12 +01:00
Tristan Daniël Maat 20cda44040
nextcloud: Update nginx config 2021-10-13 14:53:05 +01:00
Tristan Daniël Maat b16ea49c44
nextcloud: Set TRUSTED_PROXIES
Part of #47
2021-10-13 13:27:27 +01:00
Tristan Daniël Maat a66eac3b17
minecraft: Add automatic restart scheduling
This starts/stops the server at 2 pm and 4 am respectively. This
should hopefully fix some of the issues caused by shoddy programming.
2021-08-27 18:10:19 +01:00
Tristan Daniël Maat 6bc37ebdae
minecraft: Limit to a single core instead of limiting the quota
Minecraft is anyway supposed to be single-threaded, so if it goes
beyond one core something is very wrong.
2021-08-27 18:09:43 +01:00
Tristan Daniël Maat 4fe3b8b22b
minecraft: Fix ridiculous CPU usage
Tapes over https://bugs.mojang.com/browse/MC-183518, which schedules
things completely stupidly on Linux starting with 1.14.
2021-08-25 20:06:05 +01:00
Tristan Daniël Maat 6b85b9523c
minecraft: Enable command blocks to fix ice and fire ores 2021-08-21 00:20:20 +01:00
Tristan Daniël Maat b17ac84693
Add new minecraft mod configuration files 2021-08-20 23:45:51 +01:00
Tristan Daniël Maat 544036d4e4
Update miscellaneous minecraft configs
Largely sensible changes, no complete rewrites without taking user
configuration into account like ice and fire.
2021-08-20 23:45:35 +01:00
Tristan Daniël Maat 196ad863c4
Update supplementaries config 2021-08-20 23:45:15 +01:00
Tristan Daniël Maat cd55c50224
Update ice and fire config
Yes, they completely changed the config format and didn't take into
account the user's changes.

I guess I shouldn't be expecting much from minecraft mod authors, but
damn.
2021-08-20 23:45:12 +01:00
Tristan Daniël Maat 4c94932490
webserver: Use SIGKILL instead of SIGTERM 2021-05-17 00:18:51 +01:00
Tristan Daniël Maat b8bf3bd3a2
minecraft: Clean up use of pkgs.lib 2021-05-17 00:13:28 +01:00
Tristan Daniël Maat 517f4f0080
postgres: Get rid of password authentication
Podman pods make this obsolete; though we need to explicitly set
slirp4netns, otherwise podman will not create private network
namespaces for the pods.
2021-05-16 00:40:09 +01:00
Tristan Daniël Maat 2ccaadd557
minecraft: Add supplementaries mod 2021-05-11 22:13:31 +01:00
Tristan Daniël Maat 9e06fcf917
gitea: Use a defined service UID
The default of 1000 mapped to my admin user, which was both a bit
concerning and a bit of an annoyance.
2021-04-28 23:18:30 +01:00