2be753489e
services/archivebox: escape extraArgs properly
2023-11-08 21:09:05 +08:00
ad710cdb9d
services/archivebox: harden services
2023-11-07 20:53:45 +08:00
8b812a34c9
services/archivebox: add dedicated service user and group
2023-11-07 20:53:15 +08:00
cee845a94b
services/archivebox: replace withDependencies option with extraPackages
...
We also added a package option for ArchiveBox alongside it.
2023-11-07 20:51:47 +08:00
edfc8f8cc3
services/archivebox: update module examples and descriptions
2023-11-07 20:50:37 +08:00
aeac081cd2
services/archivebox: update job service name generation
2023-11-07 20:47:22 +08:00
534a300768
services/archivebox: remove archivePath option
...
It is quite limiting to what workflow it allows. Though, this iteration
now enforces it to be in `/var/lib/archivebox`, setting an arbitrary
option is less desirable.
2023-11-07 20:38:00 +08:00
9ddddcf1e3
services/yt-dlp: remove persistent option
2023-10-27 13:25:08 +08:00
eab8631e9b
services/gallery-dl: remove persistent option
2023-10-27 13:24:21 +08:00
52871b4fa3
services/archivebox: refactor and remove persistent option
2023-10-27 13:23:37 +08:00
479166c78d
services/vouch-proxy: add wantedBy for systemd service
...
Forgot to add that which is why there's no enabled service.
2023-10-20 15:33:16 +08:00
8fb9770882
services/vouch-proxy: escape service names for systemd
2023-10-17 18:33:02 +08:00
ec0fe7dec8
services/vouch-proxy: fix permissions for generated secrets
2023-10-14 14:03:40 +08:00
5657a5e023
services/vouch-proxy: use system user for service
...
This enables integration with secrets such as sops-nix instead of the
previous service config of being a dynamic user.
2023-10-14 11:06:23 +08:00
d43708983a
services/wezterm-mux-server: update service hardening options
...
It should be less strict overall with the ProtectHome= settings.
2023-10-14 11:05:46 +08:00
6012556a3d
services/wezterm-mux-server: revert to system user for service
...
I don't know how to completely make it isolated AND working.
2023-10-14 11:05:17 +08:00
7daea6c427
services/vouch-proxy: update service config
2023-10-13 14:24:44 +08:00
3ee04bb812
chore: reformat codebase
2023-10-09 20:48:01 +08:00
7d55e45f70
services/vouch-proxy: add some more hardening options
2023-10-09 20:46:06 +08:00
2dbb3ed68c
services/vouch-proxy: restructure for multiple instances
...
This resolves some cases where the admin does not have all of their
users within the protected domain and some in others.
2023-10-09 20:43:13 +08:00
5152bae032
services/vouch-proxy: add more systemd directives
2023-10-09 22:31:27 +08:00
b4b64fa50b
services/vouch-proxy: improve conditional settings file option
2023-10-07 20:42:52 +08:00
069723d38a
services/wezterm-mux-server: hardcode user and group
...
With DynamicUser directive, it should be easy to make this usable.
2023-10-06 13:48:12 +08:00
86d8878fab
services/vouch-proxy: init
2023-10-07 20:41:14 +08:00
12bb71be20
services/wezterm-mux-server: improve code
2023-10-05 10:23:09 +08:00
c410ece05a
treewide: remove options attribute for modules
2023-10-02 14:26:11 +08:00
ac39b4cc58
services/wezterm-mux-server: add user and group option
...
The errors are most likely from wezterm-mux-server trying to start a
shell. This could be configured but it is better to treat this service
similarly to SSH servers.
2023-07-28 08:35:07 +08:00
f34d793bb6
services/wezterm-mux-server: update hardening settings
2023-07-27 22:21:30 +08:00
9d75a4101f
services/wezterm-mux-server: update service dependency
2023-07-27 13:35:38 +08:00
3c4aef00d4
modules: convert module description to RFC0072-style
2023-07-27 11:13:39 +08:00
44ccbea7e1
services/wezterm-mux-server: init module
2023-07-20 10:40:04 +08:00
Gabriel Arazas
3a7816a901
chore: reformat codebase
2022-11-19 11:32:29 +08:00
Gabriel Arazas
ae0cb8596a
config: refactor and update
2022-10-10 11:45:22 +08:00
Gabriel Arazas
d20b192c41
services: refactor
2022-09-12 17:36:22 +08:00
Gabriel Arazas
767bfddead
services/yt-dlp: update config to log to journal
...
Apparently, it doesn't really log the errors in the journal so it can
make the service failed for no reason. It can be configured to redirect
it to journal.
2022-08-31 14:37:58 +08:00
Gabriel Arazas
36909a281f
services/yt-dlp: refactor
2022-08-11 09:43:17 +08:00
Gabriel Arazas
631b14f8b5
services/archivebox: add job-specific service persistence
2022-08-06 14:04:21 +08:00
Gabriel Arazas
4dd2acfe7f
services/archivebox: change jobs.<name>.links to jobs.<name>.urls
2022-07-31 14:44:29 +08:00
Gabriel Arazas
8fdd60098f
services: fix correct module documentation
2022-07-30 16:22:24 +08:00
Gabriel Arazas
906ea48993
services: change dependency requirement
...
I didn't realize `network.target` is very ambiguous. The next best thing
for booting up the service after the system is up is `default.target`
but we're being explicit here for NixOS services just to make sure.
2022-07-22 15:02:30 +08:00
Gabriel Arazas
d9811b1d84
services/gallery-dl: add job persistence
2022-07-21 09:54:36 +08:00
Gabriel Arazas
e9c2c3d226
services/yt-dlp: add job persistence
2022-07-21 09:54:00 +08:00
Gabriel Arazas
37a1c4ee33
services/yt-dlp: escape extra arguments
...
Proper service scripting and all that.
2022-07-20 16:58:31 +08:00
Gabriel Arazas
dd9921fc7e
services/gallery-dl: add job-specific settings
...
The arguments are also arranged to let the resulting settings cascade
from service-wide to job-specific settings.
2022-07-20 16:56:44 +08:00
Gabriel Arazas
a916d78f09
profiles/services: remove path assertions
...
It was supposed to create the directory if it wasn't found which is
self-defeating. In any case, it will still fail if the directory is in
the way of an unmounted device.
2022-07-13 19:11:33 +08:00
Gabriel Arazas
ff6f652641
services/archivebox: create service
2022-07-06 07:46:40 +08:00
Gabriel Arazas
d111304d71
nixos/services: add path assertions
2022-07-06 07:38:21 +08:00
Gabriel Arazas
cffc206eb4
services/gallery-dl: update hardening options
2022-04-29 16:55:09 +08:00
Gabriel Arazas
c9d497c3fc
services/yt-dlp: update hardening options
2022-04-29 16:54:36 +08:00
Gabriel Arazas
b50b53238c
services/gallery-dl: fix script and options
2022-04-22 13:14:02 +08:00
