1
0
Fork 0
Commit graph

218 commits

Author SHA1 Message Date
ibizaman
11ab7c5ab5 fix missing headers 2023-12-08 11:52:00 -08:00
ibizaman
49913ca4b6 add manual page for configuring backups 2023-12-08 11:52:00 -08:00
ibizaman
3c9f71da0e allow to stagger backup jobs 2023-12-08 11:13:37 -08:00
ibizaman
c2ac071c72 enable setting performance impact of backup jobs 2023-12-08 11:13:37 -08:00
ibizaman
207b2e44cb split backup configuration into smaller chunks 2023-12-08 11:13:37 -08:00
ibizaman
f417372fdc move monitoring docs close to source 2023-12-08 10:41:15 -08:00
Pierre Penninckx
a63b0a6e2e
switch to nixos-render-docs (#34)
fixes #33
2023-12-04 00:33:16 -08:00
ibizaman
0242ae26c4 fix ensure clauses in postgresql
fixes #35
2023-12-04 00:29:40 -08:00
Pierre Penninckx
0014e5c2f7
avoid some impossible states in authelia and nginx 2023-11-30 22:49:34 -08:00
Pierre Penninckx
76e27ae7eb
add nixos test for ldap 2023-11-30 22:08:38 -08:00
Pierre Penninckx
0ae7220c06
rename oidcEndpoint option to authEndpoint 2023-11-30 12:48:57 -08:00
Pierre Penninckx
54ce26efce
some docs revamps 2023-11-30 12:06:41 -08:00
Pierre Penninckx
4a8a7d686c
build docs and deploy to github pages 2023-11-30 10:38:35 -08:00
Pierre Penninckx
86e86dc787
remove usage of sops file in ssl.nix 2023-11-29 22:20:21 -08:00
Pierre Penninckx
7d9dedb845
provision grafana datasources and some dashboards (#23)
fixes #22 

This commit introduces:
- A few more optional options for the monitoring module, in particular
an SMTP option to setup sending alerts with an STMP server.
- 2 required options for adding a secure key for signing and for an
initial admin password. The latter is nice because at least you can
choose securely the initial admin password instead of it being just
"admin", adding a bit more security to the install process.
- Provisioning Grafana with dashboards, datasources, alerts, contact
points and notification policies.
- Documentation for monitoring in
[docs/blocks/monitoring.md](docs/blocks/monitoring.md).
- A NixOS test that makes sure provisioning did go well as expected.
2023-11-26 09:56:08 -08:00
ibizaman
881af5f111 add more collectors to prometheus node exporter 2023-11-24 20:18:12 -08:00
ibizaman
845017103f automatically cleanup idle connections
This is to fix a nextcloud bug that leaves idle connections open which eats into the available
postgres connection pool.
2023-11-24 02:16:49 -08:00
ibizaman
4da060986a fix nextcloud to properly disable debug 2023-11-24 02:16:36 -08:00
Pierre Penninckx
52b9233a6c
add postgresql vm test that runs in CI (#19)
Fixes #14 

The tests actually showed a flaw in the implementation, we needed
"password" and not "trust" in the auth file.

Also, having the port defined at the same time as enabling listening for
TCP/IP connection made no sense.
2023-11-23 01:03:33 -08:00
Pierre Penninckx
48eb64043b
enhance nextcloud options a bit 2023-11-20 22:29:00 -08:00
Pierre Penninckx
eae5eade56
distinguish building blocks and provided services
I want to show how composable this project is. For example, you could
just use the Authelia module to add SSO to any service, not just those
provided here.
2023-11-20 22:20:19 -08:00
ibizaman
052a805679 skip part of home assistant onboarding because we use LDAP 2023-11-17 23:50:38 -08:00
ibizaman
8728df8732 make local network ip range optional for LDAP 2023-11-17 23:50:38 -08:00
ibizaman
50798a0f91 add allowed tcp ports for nginx 2023-11-17 23:50:38 -08:00
ibizaman
8d08c5b7c0 force ssl for home assistant only if ssl is enabled 2023-11-17 23:50:38 -08:00
ibizaman
39c2c943a1 fix backupCfg option for arr module 2023-11-16 23:55:38 -08:00
ibizaman
7e5a447257 fix tests 2023-11-16 23:55:38 -08:00
ibizaman
9675d69969 use shb nginx module for hledger 2023-11-16 22:46:57 -08:00
ibizaman
d5f53c4604 fix nginx group 2023-11-16 20:43:44 -08:00
ibizaman
890dec78ec add more examples to the readme 2023-11-16 20:43:36 -08:00
ibizaman
f471db4e3a fix deluge additional plugins to take a list of paths to eggs 2023-11-16 12:03:11 -08:00
ibizaman
f4b8be76b6 enable deluge Label plugin if any arr service is enabled 2023-11-16 11:58:45 -08:00
ibizaman
e5110cace6 add xml config generator for radarr
This is cool but also needed because we now must set the authentication method to "External" for
radarr to be happy with our SSO integration.
2023-11-15 12:46:46 -08:00
ibizaman
0c399bb835 add debug option for postgresql 2023-11-14 00:16:29 -08:00
ibizaman
62872a1fc1 update tinyproxy options prefix after nixpkgs update 2023-11-14 00:15:43 -08:00
ibizaman
d160d16cc9 really fix vaultwarden authelia config I think 2023-11-08 13:53:32 -08:00
ibizaman
b3cc253fd5 backup data folder for vaultwarden 2023-11-08 13:05:20 -08:00
ibizaman
d45d4a5fb6 do not protect vaultwarden web app 2023-11-08 12:28:34 -08:00
ibizaman
d35b4b4f38 fix webdav field 2023-11-08 12:28:15 -08:00
ibizaman
af71513dcf add more tests to be able to import shb with default config 2023-11-08 12:27:47 -08:00
ibizaman
853a79d9b2 do not rely on sops explicitly for authelia 2023-11-07 00:35:27 -08:00
ibizaman
d0221b53a6 add vaultwarden service 2023-11-06 19:47:31 -08:00
ibizaman
d71e94b0bc allow local peer connections to postgresql 2023-11-06 19:43:00 -08:00
ibizaman
0916d7dcd1 use new postgresql module for authelia 2023-11-05 16:37:50 -08:00
ibizaman
df03ba57e2 use new postgresql module for grafana 2023-11-05 16:34:42 -08:00
ibizaman
77e16c0f76 fix conflicting options in postgresql service 2023-11-05 15:47:13 -08:00
ibizaman
685133ba47 fix postgresql password script when multiple users 2023-11-05 15:42:59 -08:00
ibizaman
a05f9d6942 use correct postgresql option 2023-11-05 04:48:39 -08:00
ibizaman
40522c8540 allow no password for postgresql 2023-11-05 04:44:56 -08:00
ibizaman
cc57b1ced7 add postgresql module with tests 2023-11-05 04:44:56 -08:00
ibizaman
7a30f6bde8 add enable option for backup modules 2023-10-28 13:47:06 -07:00
ibizaman
cb7fb66ee2 add dependencies to nextcloud-cron service 2023-10-28 00:10:50 -07:00
ibizaman
4f74564cb4 add davfs module 2023-10-21 21:41:49 -07:00
ibizaman
8daafad9b7 add loki and promtail for monitoring logs 2023-10-21 13:13:20 -07:00
ibizaman
a21e3f0943 add outgoing interface to deluge 2023-10-18 19:52:35 -07:00
ibizaman
8e7321f6ea fix deluge permissions 2023-10-18 19:52:24 -07:00
ibizaman
ca9882e39c fix wrong spelling 2023-10-17 13:41:33 -07:00
ibizaman
20c2f32d4e use options for ldap ports 2023-10-14 21:17:59 -07:00
ibizaman
ada91bc0aa add loglevel to deluge 2023-10-13 22:39:38 -07:00
ibizaman
ef4bacdf58 allow to download with jackett 2023-10-12 22:49:04 -07:00
ibizaman
5d5cb5c664 add enabled plugins to deluge 2023-10-12 22:34:00 -07:00
ibizaman
d53dba45ea add jackett 2023-10-12 22:23:58 -07:00
ibizaman
c369defef6 fix having multiple vpns by using unique routing table numbers 2023-10-12 13:37:52 -07:00
ibizaman
2a87816161 delay restart for tinyproxy otherwise it fails on openvpn restarts 2023-10-12 13:37:09 -07:00
ibizaman
d62702f092 add more settings to deluge 2023-10-12 13:36:44 -07:00
ibizaman
e5d7240ca1 use variable for acme secret location 2023-09-30 16:47:06 -07:00
ibizaman
3055451ac9 add nodejs as dependency for nextcloud app 2023-09-30 15:51:26 -07:00
ibizaman
237c7c6e82 fix arr backup 2023-09-29 23:19:39 -07:00
ibizaman
82225c63fc tentatively tune postgres 2023-09-27 13:36:29 -07:00
ibizaman
1163204d5c add ffmpeg in path for nextcloud apps 2023-09-27 13:28:10 -07:00
ibizaman
868f28ca68 switch to nextcloud27 2023-09-26 23:34:24 -07:00
ibizaman
e2b69a36f7 fix backup and authelia rules for arr suite 2023-09-26 20:13:08 -07:00
ibizaman
fda0daf6d3 fix arr config 2023-09-25 23:15:36 -07:00
ibizaman
ad6809fc5d export openvpn status for prometheus 2023-09-25 22:56:00 -07:00
ibizaman
d0e3e2a035 add smartctl prometheus exporter 2023-09-25 22:55:41 -07:00
ibizaman
bf0c92a32a fix borgmatic backups 2023-09-25 20:27:35 -07:00
ibizaman
dc712c08fe add arr suite 2023-09-24 13:31:21 -07:00
ibizaman
71610a5415 move authelia nginx protection to nginx module 2023-09-24 11:04:59 -07:00
ibizaman
a9c7e3c3db add deluge and vpn with tinyproxy 2023-09-22 15:41:24 -07:00
ibizaman
1541ccef80 allow to debug nextcloud 2023-09-18 22:41:54 -07:00
ibizaman
455b71237d remove commented line 2023-09-14 22:25:07 -07:00
ibizaman
a971124464 make ssl module more generic 2023-09-14 22:25:07 -07:00
ibizaman
44465c37c2 add sso with authelia for hledger 2023-09-02 15:05:33 -07:00
ibizaman
4e97e2afb6 add openoffice to nextcloud 2023-08-27 22:20:59 -07:00
ibizaman
d41b93df43 only use ldap for home-assistant login 2023-08-25 09:51:20 -07:00
ibizaman
be24e241d7 add scraping of prometheus' own metrics 2023-08-25 09:45:14 -07:00
ibizaman
4116aafcee add option to enable debug logging in grafana 2023-08-25 09:45:14 -07:00
ibizaman
bc8f7b51e2 restart phpfpm nextcloud unit when secret changes 2023-08-25 09:45:14 -07:00
ibizaman
da42bbaa7b remove extra header for grafana that is set later automatically
This prevented us to access grafana at all through nginx.
2023-08-13 16:11:23 -07:00
ibizaman
322934c19e make nginx output log in json format 2023-08-13 15:11:34 -07:00
ibizaman
8fbb18a9a2 add notes for nextcloud 2023-08-11 23:30:04 -07:00
ibizaman
253d673188 fix some hsts preload warnings for nextcloud 2023-08-11 21:35:51 -07:00
ibizaman
0244be7ad2 fix some content-security-policy errors in nextcloud 2023-08-11 21:35:27 -07:00
ibizaman
aaeba29a72 fix overwriteprotocol in nextcloud 2023-08-11 16:38:13 -07:00
ibizaman
f1af82968b force ssl everywhere instead of adding the option 2023-08-11 15:53:05 -07:00
ibizaman
831be9197c add options to log debug info in nginx 2023-08-09 20:47:10 -07:00
ibizaman
30a5e8b0e2 add comment about LDAP being manually configured for nextcloud 2023-08-09 20:43:14 -07:00
ibizaman
ec97a20082 add more proxy headers to authelia 2023-08-09 20:43:14 -07:00
ibizaman
56cc74c3ed add rules config to authelia module 2023-08-09 20:43:14 -07:00
ibizaman
5e9f4d1ea3 add SSO for home-assistant 2023-08-09 20:43:14 -07:00
ibizaman
ae6bf01a89 jellyfin SSO config declarative 2023-08-09 20:43:14 -07:00
ibizaman
ee1ea1c838 make jellyfin LDAP config declarative 2023-08-09 20:41:43 -07:00
ibizaman
d02755b47b add authelia as SSO provider 2023-08-09 20:41:33 -07:00
ibizaman
ae8c959bd0 restrict ldap UI to local network only 2023-07-30 17:44:50 -07:00
ibizaman
54a7bbabe8 add systemd node exporter 2023-07-29 22:14:38 -07:00
ibizaman
e78f57df66 tune nextcloud config 2023-07-29 22:13:09 -07:00
ibizaman
924ade019f do not assume location for nextcloud home 2023-07-29 22:12:15 -07:00
ibizaman
331e6eaca8 only backup twice a day 2023-07-22 19:12:15 -07:00
ibizaman
360d3a1159 fix home-assistant backup configuration 2023-07-22 19:11:22 -07:00
ibizaman
bc627afade exclude file from nextcloud backup 2023-07-22 10:37:30 -07:00
ibizaman
88c9fabcb9 add ldap support to home-assistant 2023-07-19 23:19:08 -07:00
ibizaman
4d56e9782a add ldap with web UI thanks to lldap 2023-07-18 22:12:40 -07:00
ibizaman
54d072dcd0 add scraper for jellyfin 2023-07-16 23:36:54 -07:00
ibizaman
d16ef8b82e replace haproxy with nginx as the main reverseproxy 2023-07-16 22:05:12 -07:00
ibizaman
15e2edb4d6 add external_url to home-assistant 2023-07-10 18:36:25 -07:00
ibizaman
97e02fc87c add monitoring 2023-07-10 18:36:25 -07:00
ibizaman
6b9752e04c enable reverseproxy on demand 2023-07-10 18:36:25 -07:00
ibizaman
8761dc2e9d add flake with some modules 2023-07-10 18:36:25 -07:00