Commit graph

145 commits

Author SHA1 Message Date
Simon Bruder 19d69ce682
fuuko: Bind exporters to vpn address 2022-03-25 22:11:28 +01:00
Simon Bruder a3784e51de
fuuko/secrets: Remove unused restic credentials
They are specified in the global secrets file.
2022-03-25 21:52:56 +01:00
Simon Bruder ebfa0ec16a
fuuko: Migrate matrix and monitoring to renge
Sadly, they are so interconnected, that it is not easily possible to
migrate it in smaller steps. It should be refactored to make them more
modularised and independent of each other.
2022-03-25 21:49:08 +01:00
Simon Bruder 68dadcf56c
fuuko/hedgedoc: Migrate to renge 2022-03-23 17:34:56 +01:00
Simon Bruder 954849f763
renge: Init 2022-03-23 17:34:56 +01:00
Simon Bruder 76fee5875a
Revert "fuuko/hedgedoc: Migrate to okarin"
This reverts commit bb6952cc09.

The performance on okarin is unbearably slow which makes hedgedoc time
out on most requests.
2022-03-22 19:02:45 +01:00
Simon Bruder b0a87e8c9e
fuuko/hydra: Drop
I don’t really use it and never got around to make it actually work.
2022-03-21 15:33:40 +01:00
Simon Bruder ea88259856
okarin/qbittorrent: Init 2022-03-19 10:35:09 +01:00
Simon Bruder a9b6a17818
fuuko/aria2: Replace with qbittorrent 2022-03-18 23:25:05 +01:00
Simon Bruder a0946951e8
fuuko/gitea: Migrate to okarin 2022-03-18 16:22:23 +01:00
Simon Bruder aa347b62a7
fuuko/ankisyncd: Migrate to okarin 2022-03-18 14:36:02 +01:00
Simon Bruder bb6952cc09
fuuko/hedgedoc: Migrate to okarin 2022-03-17 15:59:53 +01:00
Simon Bruder b46d3ba1ae
fuuko/factorio: Drop 2022-03-16 14:29:11 +01:00
Simon Bruder 7ed13269a7
okarin: Init 2022-03-03 10:51:19 +01:00
Simon Bruder 20b861a994
fuuko/torrent: Use AriaNg’s nixpkgs version
Otherwise node 10 will have to be built from source since it no longer
gets built by Hydra.
2022-01-23 11:58:37 +01:00
Simon Bruder 0de6be12f4
fuuko/gitea: Allow larger HTTP uploads
This is required to include larger files in Git LFS, which uses HTTP for
uploading the files.
2022-01-21 18:17:31 +01:00
Simon Bruder 8748cfdf11
fuuko: Remove drone
I don’t actually use it and it is somewhat of a risk to run
code-execution-as-a-service. Also, the confinement does not work
currently (tries to write to /var/empty), which prompted the removal,
because the low usage does not justify that amount of maintainance.
2022-01-14 17:20:52 +01:00
Simon Bruder ac22d1bc39
fuuko/go-neb: Use persistent system user
Using a dynamic user is unreliable as the pre-start script often starts
before the user and group are created.
2022-01-14 17:16:27 +01:00
Simon Bruder cc9fbf8d37
fuuko: Reinstall on different SSD
The old one is quite small and does not have a cache, which makes it
quite slow. The new SSD also has a much higher endurance rating.
2022-01-14 17:05:40 +01:00
Simon Bruder 76479d0b37
fuuko/torrent: Increase the open file limit of aria2
The previous attempt in 427361df65 did
increase the open file limit, but for the wrong service.
2021-12-21 18:28:02 +01:00
Simon Bruder 8d789fbba3
Rework mautrix-whatsapp config for 0.2
Many of the options are the default and some of them got renamed.
2021-12-01 19:15:32 +01:00
Simon Bruder 2c160661ec
Apply fixes for breaking module changes in 21.11 2021-12-01 19:15:31 +01:00
Simon Bruder cc8727fa80
Use nixFlakes instead of nixUnstable 2021-12-01 18:32:51 +01:00
Simon Bruder a9817baee9
Remove unneeded packages from unstable 2021-12-01 18:32:51 +01:00
Simon Bruder 427361df65
fuuko/torrent: Increase open file descriptor limit 2021-11-21 13:11:19 +01:00
Simon Bruder f4bf1ced57
yuzuru: Init 2021-11-01 10:10:40 +01:00
Simon Bruder f92ae65467
fuuko/factorio: 1.1.41 -> 1.1.42 2021-10-31 09:09:50 +01:00
Simon Bruder 718e44402f
fuuko: Add factorio 2021-10-15 15:54:48 +02:00
Simon Bruder d52084a79b
nunotaba: Remove 2021-10-10 11:40:20 +02:00
Simon Bruder 8bf63db6e5
mayushii: Init 2021-10-05 21:26:39 +02:00
Simon Bruder 59655fd1b0
vueko/coturn: Enable plain connections
(D)TLS connections are obviously better, but they stopped working some
time ago and I can’t figure out why.
2021-09-26 22:22:31 +02:00
Simon Bruder 2a4cbe6ffb
fuuko/matrix: Raise upload limit to 50M 2021-09-25 17:18:23 +02:00
Simon Bruder 1730681386
fuuko/torrent: Switch wireguard endpoints 2021-09-05 13:35:45 +02:00
Simon Bruder 0ca3062e69
dnsmasq: Add quad9 DNS servers
Thanks Sony Music for bringing this to my attention.
2021-08-31 09:55:51 +02:00
Simon Bruder 37bc221e0c
fuuko/dnsmasq: Increase cache size 2021-08-29 18:56:00 +02:00
Simon Bruder 9f4ffa5932
fuuko: Add hcloud_exporter 2021-08-28 13:53:38 +02:00
Simon Bruder 1aa325b1ec
fuuko/torrent: Use nixpkgs unstable’s aria2
It has a new release of aria2 that includes the patch that was
previously manually applied.
2021-08-24 22:06:30 +02:00
Simon Bruder a1facf530f
fuuko: Use plain DNS again
DNS over HTTPS often is unreliable in practice (did not empirically test
this).
2021-08-01 19:05:20 +02:00
Simon Bruder 71a5ea7a0d
Revert "fuuko/mautrix-whatsapp: Use unstable version from PR"
This reverts commit e1b59d57ff.
2021-06-19 16:02:04 +02:00
Simon Bruder e1b59d57ff
fuuko/mautrix-whatsapp: Use unstable version from PR
nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/126966
2021-06-15 19:20:25 +02:00
Simon Bruder 80f33f9095
Add contact page 2021-06-02 13:24:36 +02:00
Simon Bruder e0efa77520
fuuko/nar-serve: Use NixOS module
Since it does not provide a `package` option, it has to be overriden
with an overlay.
2021-06-01 10:16:15 +02:00
Simon Bruder 6f31ded457
fuuko/wordclock: Use 15 character long password
```cpp
    struct {
      char domain[32];
      char clientId[16];
      char user[16];
      char password[16];
    } mqtt;
```

(f637c2f39e/PersistentStorage.h)

This went unnoticed, because on NixOS, mosquitto does not validate
passwords by default.
2021-05-28 23:08:20 +02:00
Simon Bruder c918486622
fuuko/mqtt: Make compatible with Mosquitto 2
This now requires authenticating with a valid password, which it
apparently didn’t do before?
2021-05-28 23:05:22 +02:00
Simon Bruder de3f8f8909
restic: Make restic prune regularily on fuuko
Closes #41.
2021-05-28 15:01:06 +02:00
Simon Bruder 091f6b0e14
Update to 21.05
This still uses the relase-21.05 branch which should later be changed to
nixos-21.05.
2021-05-28 14:04:53 +02:00
Simon Bruder 531060668a
fuuko/hydra: Show logs after build is completed 2021-05-15 00:01:04 +02:00
Simon Bruder 9f70024257
fuuko/hydra: Make serving build artifacts work
hydra-server.service does not have access to the signing key.
2021-05-13 14:23:10 +02:00
Simon Bruder dc1698ffaa
fuuko: Add hydra 2021-05-13 13:07:17 +02:00
Simon Bruder 10ced7f2bb
fuuko/torrent: Make socat work after forced stop
This should improve behavour after e.g. a power outage.
2021-05-03 10:17:00 +02:00
Simon Bruder 440fc97f7f
AriaNg: Include as flake 2021-05-03 10:16:59 +02:00
Simon Bruder 51f814c70d
fuuko/go-neb: Use sops for secrets 2021-05-03 10:16:59 +02:00
Simon Bruder 84c72583fe
fuuko/drone-runner-exec: Use unstable nix
This also adds /etc/static as read-only path to the sandbox, since
otherwise /etc/nix/nix.conf can’t be read.
2021-05-01 18:31:05 +02:00
Simon Bruder 400b55a293
Convert to flake
Fixes #3.
2021-05-01 17:36:58 +02:00
Simon Bruder 08b8fce2d4
fuuko/gitea: Store session on disk 2021-04-19 14:35:42 +02:00
Simon Bruder cd30750fdc
fuuko/media-backup: Init
Fixes #49.
2021-04-16 17:13:46 +02:00
Simon Bruder ec09bbf6c6
fuuko/gitea: Remove version override
Version 1.14.0 has been released and is in nixpkgs.
2021-04-13 09:08:04 +02:00
Simon Bruder 602573cd34
fuuko/dnsmasq: Reliably work after reboot 2021-04-10 23:23:46 +02:00
Simon Bruder bb8c54065a
fuuko/drone/runner-exec: Remove port collision with grafana
Drone docs [1] say “Overriding this value is not recommended”, however I
do not see why I should not be able to change it.

[1] https://docs.drone.io/runner/exec/configuration/reference/drone-http-bind/
2021-04-10 23:21:46 +02:00
Simon Bruder 746581ceba
fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH 2021-04-10 20:16:08 +02:00
Simon Bruder 5dff1a426f
fuuko/binary-cache: Add nar-serve 2021-04-08 21:40:14 +02:00
Simon Bruder 8d9e3af211
Add binary cache hosted on fuuko
See machines/fuuko/services/binary-cache.nix for limitations.
2021-04-08 16:19:57 +02:00
Simon Bruder 68fbc9e185
fuuko/go-neb: Notify room if alert is firing 2021-04-08 10:04:30 +02:00
Simon Bruder 9dbd7f9c85
vueko/coturn: Manage shared secret with sops
This requires not using the NixOS module, since it does not support
loading it from a file.
2021-04-07 12:23:48 +02:00
Simon Bruder 4a8a7e0a4f
Use sops for secrets
Since I currently do not have access to sayuri, sayuri’s migration is
not done yet. The host keys and wg-home-private-key secret still have to
be added.
2021-04-06 14:05:48 +02:00
Simon Bruder 5c4284d68c
fuuko: Add dnsmasq prometheus exporter 2021-04-05 13:18:43 +02:00
Simon Bruder c26539e607
fuuko/prometheus: Actually show node name in alerts 2021-04-04 14:34:44 +02:00
Simon Bruder 1b08afd515
fuuko/gitea: Also use ed25519 ssh key 2021-04-04 11:18:34 +02:00
Simon Bruder 0212f2adbd
fuuko/drone: Init 2021-04-03 18:47:01 +02:00
Simon Bruder ac7e1c1123
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00
Simon Bruder ce7425d8c4
Remove issei from vpn and prometheus 2021-04-02 18:13:09 +02:00
Simon Bruder 94b2746018
fuuko/go-neb: Add alertmanager matrix receiver 2021-04-02 17:46:07 +02:00
Simon Bruder 2897451a65
fuuko/prometheus: Set external URLs 2021-04-02 16:44:17 +02:00
Simon Bruder 98a4f345eb
fuuko/matrix/mautrix-whatsapp: Init 2021-04-02 15:09:57 +02:00
Simon Bruder 0ae96653a5
fuuko/matrix/synapse: Init 2021-04-02 14:59:14 +02:00
Simon Bruder 2d74dac8c0
fuuko/hedgedoc: Start after postgresql 2021-03-30 16:13:20 +02:00
Simon Bruder 50f0968738
fuuko: Add gitea 2021-03-29 14:08:53 +02:00
Simon Bruder cb8a8f3c8d
fuuko/prometheus: Enable admin API 2021-03-28 11:04:48 +02:00
Simon Bruder 55099f1884
fuuko/prometheus: Raise retention time to 90d 2021-03-28 11:04:25 +02:00
Simon Bruder 57652d8a79
fuuko: Add hedgedoc 2021-03-10 15:42:21 +01:00
Simon Bruder 966667b87f
fuuko: Exclude scans from system backup 2021-03-10 11:27:56 +01:00
Simon Bruder db54dfaed1
fuuko/dnsmasq: Allow DNS queries over TCP
Sharepoint manages to return enormous responses when querying for an
AAAA record.

$ dig sitename.sharepoint.com AAAA
;; Truncated, retrying in TCP mode.
2021-03-10 09:13:37 +01:00
Simon Bruder d6bddf40c0
fuuko: Add ankisyncd 2021-03-09 21:22:19 +01:00
Simon Bruder 3a5568a136
fuuko: Enable full postgresql backup 2021-03-09 11:50:32 +01:00
Simon Bruder 515939677b
fuuko/torrent: Add resolv.conf to aria2 netns
Even though aria2 doesn’t respect it, it is useful for for debugging.
2021-03-08 19:38:26 +01:00
Simon Bruder 3da67f7576
fuuko: Enable system backups 2021-03-08 17:33:30 +01:00
Simon Bruder e8626ba27a
fuuko: Add wordclock-dimmer 2021-03-08 17:03:30 +01:00
Simon Bruder 0c081d9805
fuuko: Add dnsmasq 2021-03-08 16:19:49 +01:00
Simon Bruder 786edd1caf
fuuko: Add aria2 2021-03-08 15:55:24 +01:00
Simon Bruder 07f152cb20
fuuko: Add media file index 2021-03-08 15:40:41 +01:00
Simon Bruder 878bdd30d5
fuuko: Add ftp server and scan converter 2021-03-08 15:30:04 +01:00
Simon Bruder d1cf0f698f
fuuko: Add grafana 2021-03-08 15:10:15 +01:00
Simon Bruder 70ee44fbc5
fuuko: Add prometheus fritzbox exporter 2021-03-08 15:10:15 +01:00
Simon Bruder f388995ef6
fuuko: Add prometheus 2021-03-08 15:10:15 +01:00
Simon Bruder df303dcc2b
fuuko: Init 2021-03-08 15:10:15 +01:00