1
0
Fork 0
Commit graph

51 commits

Author SHA1 Message Date
ibizaman
96cc83437b switch jellyfin to new secrets contract
This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
  for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
  when a secret file could not be read.
2024-10-13 23:30:21 +02:00
ibizaman
253ec980d9 add forgejo service 2024-09-12 13:10:20 -07:00
Pierre Penninckx
eb791b3019
flake.lock: Update (#244)
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.

```
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9ca3f649614213b2aaf5f1e16ec06952fe4c2632?narHash=sha256-7EXDb5WBw%2Bd004Agt%2BJHC/Oyh/KTUglOaQ4MNjBbo5w%3D' (2024-05-27)
  → 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2?narHash=sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w%3D' (2024-08-28)
```

### Running GitHub Actions on this PR

GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.

To run GitHub Actions workflows on this PR, run:

```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2024-08-31 07:57:21 +00:00
ibizaman
6aed5ee6a5 add backup contract 2024-08-20 00:33:26 -07:00
ibizaman
5d5cd6b87b remove dependency on sops-nix
fixes #24
2024-08-14 21:42:40 -07:00
ibizaman
56c06b4404 add mount contract implemented by zfs 2024-08-12 06:51:24 -07:00
ibizaman
9a2e4b7603 split tests between blocks and services 2024-07-16 11:23:21 +02:00
ibizaman
308db5fe6b export all torrent metrics 2024-06-10 22:43:37 -07:00
ibizaman
21ac10946a add documentation on how to get patched nixpkgs 2024-06-10 16:30:11 -07:00
ibizaman
7dfabe6f17 fix patch hash for deluge exporter 2024-06-10 08:37:45 -07:00
ibizaman
a4c4ee1670 add prometheus deluge exporter 2024-06-09 23:47:31 -07:00
ibizaman
848083dacc break authFile for deluge into user and password attrset 2024-06-09 23:43:46 -07:00
ibizaman
c18f3f77b0 pretty print test error 2024-05-27 17:13:05 -07:00
ibizaman
ebbd19c7fd add vm test for home-assistant 2024-05-27 17:13:05 -07:00
ibizaman
97285e1833 add vm test for vaultwarden 2024-05-27 17:13:05 -07:00
Pierre Penninckx
43f19a871a
add contract documentation (#225) 2024-04-14 15:21:20 -07:00
Pierre Penninckx
589e2c936f
add tests for arr services and some more options (#205) 2024-03-13 05:40:32 +00:00
Sivert Sliper
64f9c051b9
Grocy service (#195)
PR to add grocy as a service.

I think LDAP should be [relatively
simple](https://www.reddit.com/r/grocy/comments/18avtb7/sso_tutorial/)
to add, but couldn't find good information on SSO.

Will test this out for a while to make sure it really works before this
can be merged.

---------

Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
2024-03-04 01:25:26 +00:00
Sivert Sliper
ee68e27f15
Audiobookshelf service (#123)
Hi,

I tried adding [Audiobookshelf](https://www.audiobookshelf.org/) as a
new service to SHB.

Not sure whether you want this service in SHB at all, but thought I'd
create a PR just in case.

The service runs, but seemingly fails to add an entry to the nginx
config, so it is not reachable. I created the service by basically just
copying deluge and then adapting. Any idea why the nginx subdomain isn't
being created?

The config I used to add this to my SHB server is:

```nix
shb.audiobookshelf = {
  enable = true;
  domain = "sliper.xyz";
  subdomain = "abs";
  dataDir = "audiobookshelf"; #turns out this is actually the working dir of the service (/var/lib/<dataDir>)
  authEndpoint = "https://auth.sliper.xyz";
};
 // ... in shb.authelia.oidcClients
redirect_uris = [ "https://deluge.sliper.xyz" "https://abs.sliper.xyz" ];
```

ps. I also need to fix tabs->spaces. Forgot to set up nvim.

---------

Co-authored-by: sivert <nei@nei.nei>
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
2024-03-04 01:01:00 +00:00
ibizaman
e80cc0d3aa add vm tests for jellyfin and regroup ldap and sso options 2024-03-02 23:03:49 -08:00
ibizaman
fa206d0e15 move templating code to lib file 2024-02-29 20:30:47 -08:00
ibizaman
adc09acc49 use contract for ssl block 2024-01-19 10:48:10 -08:00
ibizaman
0e635e1a76 add nextcloud vm test 2023-12-30 10:01:41 -08:00
ibizaman
9a5a10a824 add test for authelia 2023-12-11 00:28:30 -08:00
ibizaman
750621e1ef use callpackage to simplify imports 2023-12-08 11:13:37 -08:00
ibizaman
25462c657e patch for media files not needed anymore after switching to chapters 2023-12-07 10:59:33 -08:00
Pierre Penninckx
a63b0a6e2e
switch to nixos-render-docs (#34)
fixes #33
2023-12-04 00:33:16 -08:00
Pierre Penninckx
0014e5c2f7
avoid some impossible states in authelia and nginx 2023-11-30 22:49:34 -08:00
Pierre Penninckx
76e27ae7eb
add nixos test for ldap 2023-11-30 22:08:38 -08:00
ibizaman
1b61aa6ebb switch to original nmd repo and fix declared by link 2023-11-30 13:14:01 -08:00
ibizaman
4960034d52 fix documentation links to source code 2023-11-30 12:53:16 -08:00
ibizaman
59df934222 make path name for docs all lower case 2023-11-30 10:40:11 -08:00
Pierre Penninckx
4a8a7d686c
build docs and deploy to github pages 2023-11-30 10:38:35 -08:00
Pierre Penninckx
7d9dedb845
provision grafana datasources and some dashboards (#23)
fixes #22 

This commit introduces:
- A few more optional options for the monitoring module, in particular
an SMTP option to setup sending alerts with an STMP server.
- 2 required options for adding a secure key for signing and for an
initial admin password. The latter is nice because at least you can
choose securely the initial admin password instead of it being just
"admin", adding a bit more security to the install process.
- Provisioning Grafana with dashboards, datasources, alerts, contact
points and notification policies.
- Documentation for monitoring in
[docs/blocks/monitoring.md](docs/blocks/monitoring.md).
- A NixOS test that makes sure provisioning did go well as expected.
2023-11-26 09:56:08 -08:00
Pierre Penninckx
52b9233a6c
add postgresql vm test that runs in CI (#19)
Fixes #14 

The tests actually showed a flaw in the implementation, we needed
"password" and not "trust" in the auth file.

Also, having the port defined at the same time as enabling listening for
TCP/IP connection made no sense.
2023-11-23 01:03:33 -08:00
Pierre Penninckx
4b9e0ad173
group tests by type 2023-11-21 22:18:48 -08:00
Pierre Penninckx
eae5eade56
distinguish building blocks and provided services
I want to show how composable this project is. For example, you could
just use the Authelia module to add SSO to any service, not just those
provided here.
2023-11-20 22:20:19 -08:00
ibizaman
af71513dcf add more tests to be able to import shb with default config 2023-11-08 12:27:47 -08:00
ibizaman
9a758fb86e remove need for intermediary file 2023-11-07 20:26:34 -08:00
ibizaman
d0221b53a6 add vaultwarden service 2023-11-06 19:47:31 -08:00
ibizaman
cc57b1ced7 add postgresql module with tests 2023-11-05 04:44:56 -08:00
ibizaman
4f74564cb4 add davfs module 2023-10-21 21:41:49 -07:00
ibizaman
dc712c08fe add arr suite 2023-09-24 13:31:21 -07:00
ibizaman
a9c7e3c3db add deluge and vpn with tinyproxy 2023-09-22 15:41:24 -07:00
ibizaman
d41b93df43 only use ldap for home-assistant login 2023-08-25 09:51:20 -07:00
ibizaman
831be9197c add options to log debug info in nginx 2023-08-09 20:47:10 -07:00
ibizaman
d02755b47b add authelia as SSO provider 2023-08-09 20:41:33 -07:00
ibizaman
4d56e9782a add ldap with web UI thanks to lldap 2023-07-18 22:12:40 -07:00
ibizaman
d16ef8b82e replace haproxy with nginx as the main reverseproxy 2023-07-16 22:05:12 -07:00
ibizaman
97e02fc87c add monitoring 2023-07-10 18:36:25 -07:00