hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity
576 commits 1 branch 1 tag 4.3 MiB
Commit graph

240 commits

Author SHA1 Message Date
ibizaman
97285e1833 add vm test for vaultwarden 2024-05-27 17:13:05 -07:00
ibizaman
8ebb3af1f0 rename autheliaProtect to vhosts 2024-05-27 17:13:05 -07:00
ibizaman
7020786c41 add default dummy oidc authelia client to satisfy authelia 2024-05-27 17:13:05 -07:00
ibizaman
8ec12338fd make config with secrets correctly generated 2024-05-27 17:13:05 -07:00
Pierre Penninckx
dc46ec8eda
Fix prometheus exporter not accessing nvme hard drives (#238) 2024-05-13 09:00:38 -07:00
Pierre Penninckx
222dfa755c
Revert to loki v2 (#230) 
This is needed because v3 requires manual intervention to upgrade
otherwise Loki refuses to start. So until there's a fix, reverting is
the easiest fix.
 2024-04-21 23:07:32 -07:00
Pierre Penninckx
425e511792
flake.lock: Update (#226) 
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.

```
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b06025f1533a1e07b6db3e75151caa155d1c7eb3?narHash=sha256-qrxvLS888pNJFwJdK%2Bhf1wpRCSQcqA6W5%2BOx202NDa0%3D' (2024-03-19)
  → 'github:nixos/nixpkgs/5672bc9dbf9d88246ddab5ac454e82318d094bb8?narHash=sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U%2BISA%3D' (2024-04-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/83b68a0e8c94b72cdd0a6e547a14ca7eb1c03616?narHash=sha256-RquCuzxfy4Nr8DPbdp3D/AsbYep21JgQzG8aMH9jJ4A%3D' (2024-03-17)
  → 'github:Mic92/sops-nix/cc535d07cbcdd562bcca418e475c7b1959cefa4b?narHash=sha256-APoDs2GtzVrsE%2BZ9w72qpHzEtEDfuinWcNTN7zhwLxg%3D' (2024-04-15)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212?narHash=sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI%3D' (2024-03-15)
  → 'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9?narHash=sha256-icE1IJE9fHcbDfJ0%2BqWoDdcBXUoZCcIJxME4lMHwvSM%3D' (2024-04-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3?narHash=sha256-y%2Bl3eH53UlENaYa1lmnCBHusZb1kxBEFd2/c7lDsGpw%3D' (2024-03-16)
  → 'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e?narHash=sha256-RifMwYuKu5v6x6O65msKDTqKkQ9crGwOB7yr20qMEuE%3D' (2024-04-13)
```

### Running GitHub Actions on this PR

GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.

To run GitHub Actions workflows on this PR, run:

```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2024-04-17 16:06:29 -07:00
Pierre Penninckx
ab1bd23b51
fix hledger options (#228) 2024-04-17 09:03:29 -07:00
Pierre Penninckx
43f19a871a
add contract documentation (#225) 2024-04-14 15:21:20 -07:00
Pierre Penninckx
26f406db5f
fix arr setup (#224) 2024-04-10 23:52:24 -07:00
Pierre Penninckx
b9db764a8b
Disable auth in arr suite if SSO is enabled (#221) 2024-04-09 07:16:50 -07:00
Pierre Penninckx
5179f7fc90
Add external storage app to Nextcloud (#222) 2024-04-08 22:41:52 -07:00
Pierre Penninckx
c488bb5bda
Add scripts to update postgresql (#219) 2024-04-02 22:17:29 -07:00
Pierre Penninckx
482b187621
Fix user in vaulwarden module (#218) 2024-04-02 21:04:10 -07:00
Pierre Penninckx
c75daa23c0
move CI to garnix (#210) 2024-03-19 22:50:41 -07:00
Pierre Penninckx
589e2c936f
add tests for arr services and some more options (#205) 2024-03-13 05:40:32 +00:00
Sivert Sliper
64f9c051b9
Grocy service (#195) 
PR to add grocy as a service.

I think LDAP should be [relatively
simple](https://www.reddit.com/r/grocy/comments/18avtb7/sso_tutorial/)
to add, but couldn't find good information on SSO.

Will test this out for a while to make sure it really works before this
can be merged.

---------

Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
 2024-03-04 01:25:26 +00:00
Sivert Sliper
ee68e27f15
Audiobookshelf service (#123) 
Hi,

I tried adding [Audiobookshelf](https://www.audiobookshelf.org/) as a
new service to SHB.

Not sure whether you want this service in SHB at all, but thought I'd
create a PR just in case.

The service runs, but seemingly fails to add an entry to the nginx
config, so it is not reachable. I created the service by basically just
copying deluge and then adapting. Any idea why the nginx subdomain isn't
being created?

The config I used to add this to my SHB server is:

```nix
shb.audiobookshelf = {
  enable = true;
  domain = "sliper.xyz";
  subdomain = "abs";
  dataDir = "audiobookshelf"; #turns out this is actually the working dir of the service (/var/lib/<dataDir>)
  authEndpoint = "https://auth.sliper.xyz";
};
 // ... in shb.authelia.oidcClients
redirect_uris = [ "https://deluge.sliper.xyz" "https://abs.sliper.xyz" ];
```

ps. I also need to fix tabs->spaces. Forgot to set up nvim.

---------

Co-authored-by: sivert <nei@nei.nei>
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
 2024-03-04 01:01:00 +00:00
ibizaman
e80cc0d3aa add vm tests for jellyfin and regroup ldap and sso options 2024-03-02 23:03:49 -08:00
ibizaman
046ae67083 optionally make nextcloud systemd services depend on mount point 2024-02-29 22:16:01 -08:00
ibizaman
8c2373430d fix jellyfin and nextcloud-server after changes to lib 2024-02-29 22:13:30 -08:00
ibizaman
937902a7f0 add section about nextcloud appdata folder 2024-02-29 21:00:55 -08:00
ibizaman
d0d94e61c8 use better defaults for nextcloud preview app 2024-02-29 21:00:55 -08:00
ibizaman
fa206d0e15 move templating code to lib file 2024-02-29 20:30:47 -08:00
ibizaman
5288d5f825 fix link 2024-02-11 20:04:42 -08:00
ibizaman
059bfea86a move template function into lib 2024-02-09 21:20:13 -08:00
ibizaman
0500096b45 remove dependency of jellyfin.nix on sops-nix 
part of #24
 2024-02-07 23:37:47 -08:00
ibizaman
228f7e8b46 remove dependency of deluge.nix on sops-nix 
part of #24
 2024-02-07 23:13:47 -08:00
ibizaman
f56f997307 remove dependency of vpn.nix on sops-nix 
part of #24
 2024-02-07 22:57:58 -08:00
ibizaman
7d0276e9f2 fix some deprecated options 2024-02-07 22:33:25 -08:00
ibizaman
a2921edcbd allow to pick nextcloud package version 
refs #131
 2024-01-30 22:51:34 -08:00
ibizaman
bccd6a1181 add more info for nextcloud 2024-01-28 22:37:30 -08:00
ibizaman
e00a41b086 add group and reloadServices options to ssl block 2024-01-24 22:45:51 -08:00
ibizaman
0bfa15fd3c add extraDomains options for cert generation 
fixes #133
 2024-01-24 18:46:42 -08:00
ibizaman
43beb92ed2 do not create unrelated groups when login in to nextcloud 2024-01-23 22:07:18 -08:00
ibizaman
56dece4190 fix nextcloud openssl path 
I don't remember why I hardcoded this, but the default works fine.
 2024-01-22 23:17:08 -08:00
ibizaman
1cf6d264e4 add declarative sso integration for nextcloud 2024-01-22 16:44:10 -08:00
sivert
8a5f4e3bf2 Combine authelia client YAML's into one YAML file 
- Fixes #126
  - Generate a single oidc_clients.yaml to define all clients
  - `public` property of OIDC clients is now a bool (as it should be), not a string.
  - sed pattern changed to allow multiple replacements
 2024-01-22 13:50:11 -08:00
ibizaman
7e2f76e7f9 improve ssl block 2024-01-20 20:19:44 -08:00
ibizaman
adc09acc49 use contract for ssl block 2024-01-19 10:48:10 -08:00
ibizaman
a5e9af27b5 make home-assistant service work without ldap integration 2024-01-08 00:35:06 -08:00
ibizaman
0a34140e34 add nextcloud integration with ldap to the manual and nextcloud demo. 
refs #17
 2024-01-06 09:48:12 -08:00
ibizaman
4a7e42abaa add declarative configuration of LDAP in Nextcloud 
refs #17
 2024-01-06 00:12:48 -08:00
ibizaman
db6d8f7f38 fix nextcloud apps config 2024-01-05 16:24:43 -08:00
ibizaman
8bd2e047b0 add default for nextcloud apps config 2024-01-05 16:24:43 -08:00
ibizaman
6f28a72035 talk about extraApps in manual 2024-01-05 16:24:43 -08:00
ibizaman
1581f054aa add declarative configuration of nextcloud preview generator app 
fixes #65
 2024-01-05 16:24:43 -08:00
ibizaman
3f83285759 rewrite nextcloud server module manual 2024-01-05 16:24:43 -08:00
ibizaman
021c465fd6 make onlyoffice config a bit nicer 2024-01-05 16:24:43 -08:00
ibizaman
bbe18df58f make onlyoffice app through nix 2024-01-05 16:24:43 -08:00
ibizaman
99f0f51406 move onlyoffice to new apps section 2024-01-05 16:24:43 -08:00
ibizaman
4a1291c075 allow extra apps in Nextcloud 2024-01-05 16:24:43 -08:00
ibizaman
52f8b35252 fix warning in nextcloud 2024-01-04 21:52:29 -08:00
ibizaman
0e635e1a76 add nextcloud vm test 2023-12-30 10:01:41 -08:00
ibizaman
7c9b585b81 fix downloading big files for nextcloud 2023-12-30 00:59:10 -08:00
ibizaman
db405d6b7e expose some deluge settings 2023-12-27 08:09:13 -08:00
ibizaman
d7411a79b7 only enable autheliaProtect in deluge if enabled 2023-12-26 23:14:47 -08:00
ibizaman
7a62b5b89c add usage chapter in the manual 2023-12-25 23:26:50 -08:00
ibizaman
d908ae31c5 add nextcloud manual 2023-12-25 00:51:44 -08:00
ibizaman
40f0f233c2 remove sops file dependency in nextcloud and ssl requirement 
refs #24
 2023-12-24 02:06:25 -08:00
ibizaman
9bcf7650e7 update screenshots 2023-12-17 23:31:33 -08:00
ibizaman
6f71d64257 switch to netdata to pull most of the metrics 2023-12-17 23:31:33 -08:00
ibizaman
036d2b92a5 fix grafana not being able to load dashboards 2023-12-17 23:31:33 -08:00
ibizaman
533d95851b use not hardcoded OIDC secret in jellyfin 2023-12-17 23:22:25 -08:00
ibizaman
77e21eaceb add more options to avoid hardcoding in nextcloud 2023-12-17 23:12:45 -08:00
ibizaman
0bdbb975af split tracing from verbose logging options for nextcloud 2023-12-17 23:09:18 -08:00
ibizaman
318c54e7d3 do not enable onlyoffice for nextcloud by default 2023-12-17 22:55:58 -08:00
ibizaman
e2292de44d can avoid hardcoding secret now 2023-12-11 12:38:06 -08:00
ibizaman
9a5a10a824 add test for authelia 2023-12-11 00:28:30 -08:00
ibizaman
0829792df0 fix deluge backup permissions by adding backup user to media group 2023-12-10 21:32:35 -08:00
ibizaman
da2e1ff0e1 fix storage creation in homeassistant on first run 2023-12-09 10:34:21 -08:00
ibizaman
ca2f7039cc add some sections to block backup chapter 2023-12-08 22:48:06 -08:00
ibizaman
11ab7c5ab5 fix missing headers 2023-12-08 11:52:00 -08:00
ibizaman
49913ca4b6 add manual page for configuring backups 2023-12-08 11:52:00 -08:00
ibizaman
3c9f71da0e allow to stagger backup jobs 2023-12-08 11:13:37 -08:00
ibizaman
c2ac071c72 enable setting performance impact of backup jobs 2023-12-08 11:13:37 -08:00
ibizaman
207b2e44cb split backup configuration into smaller chunks 2023-12-08 11:13:37 -08:00
ibizaman
f417372fdc move monitoring docs close to source 2023-12-08 10:41:15 -08:00
Pierre Penninckx
a63b0a6e2e
switch to nixos-render-docs (#34) 
fixes #33
 2023-12-04 00:33:16 -08:00
ibizaman
0242ae26c4 fix ensure clauses in postgresql 
fixes #35
 2023-12-04 00:29:40 -08:00
Pierre Penninckx
0014e5c2f7
avoid some impossible states in authelia and nginx 2023-11-30 22:49:34 -08:00
Pierre Penninckx
76e27ae7eb
add nixos test for ldap 2023-11-30 22:08:38 -08:00
Pierre Penninckx
0ae7220c06
rename oidcEndpoint option to authEndpoint 2023-11-30 12:48:57 -08:00
Pierre Penninckx
54ce26efce
some docs revamps 2023-11-30 12:06:41 -08:00
Pierre Penninckx
4a8a7d686c
build docs and deploy to github pages 2023-11-30 10:38:35 -08:00
Pierre Penninckx
86e86dc787
remove usage of sops file in ssl.nix 2023-11-29 22:20:21 -08:00
Pierre Penninckx
7d9dedb845
provision grafana datasources and some dashboards (#23) 
fixes #22 

This commit introduces:
- A few more optional options for the monitoring module, in particular
an SMTP option to setup sending alerts with an STMP server.
- 2 required options for adding a secure key for signing and for an
initial admin password. The latter is nice because at least you can
choose securely the initial admin password instead of it being just
"admin", adding a bit more security to the install process.
- Provisioning Grafana with dashboards, datasources, alerts, contact
points and notification policies.
- Documentation for monitoring in
[docs/blocks/monitoring.md](docs/blocks/monitoring.md).
- A NixOS test that makes sure provisioning did go well as expected.
 2023-11-26 09:56:08 -08:00
ibizaman
881af5f111 add more collectors to prometheus node exporter 2023-11-24 20:18:12 -08:00
ibizaman
845017103f automatically cleanup idle connections 
This is to fix a nextcloud bug that leaves idle connections open which eats into the available
postgres connection pool.
 2023-11-24 02:16:49 -08:00
ibizaman
4da060986a fix nextcloud to properly disable debug 2023-11-24 02:16:36 -08:00
Pierre Penninckx
52b9233a6c
add postgresql vm test that runs in CI (#19) 
Fixes #14 

The tests actually showed a flaw in the implementation, we needed
"password" and not "trust" in the auth file.

Also, having the port defined at the same time as enabling listening for
TCP/IP connection made no sense.
 2023-11-23 01:03:33 -08:00
Pierre Penninckx
48eb64043b
enhance nextcloud options a bit 2023-11-20 22:29:00 -08:00
Pierre Penninckx
eae5eade56
distinguish building blocks and provided services 
I want to show how composable this project is. For example, you could
just use the Authelia module to add SSO to any service, not just those
provided here.
 2023-11-20 22:20:19 -08:00
ibizaman
052a805679 skip part of home assistant onboarding because we use LDAP 2023-11-17 23:50:38 -08:00
ibizaman
8728df8732 make local network ip range optional for LDAP 2023-11-17 23:50:38 -08:00
ibizaman
50798a0f91 add allowed tcp ports for nginx 2023-11-17 23:50:38 -08:00
ibizaman
8d08c5b7c0 force ssl for home assistant only if ssl is enabled 2023-11-17 23:50:38 -08:00
ibizaman
39c2c943a1 fix backupCfg option for arr module 2023-11-16 23:55:38 -08:00
ibizaman
7e5a447257 fix tests 2023-11-16 23:55:38 -08:00
ibizaman
9675d69969 use shb nginx module for hledger 2023-11-16 22:46:57 -08:00