f2cdf732cb
hosts/plover: disable firewall service
...
It's not working well for now. I'll have to make some tests with simpler
configurations (even though it's already simple?).
2023-01-18 11:10:40 +08:00
effdc8d927
hosts/plover: refactor secrets owner
2023-01-17 21:34:54 +08:00
00f5c34a92
docs: update the READMEs
2023-01-17 21:34:54 +08:00
6bf2642ffc
hosts: add Wireguard services to related peers
...
Among other things, Plover now ignores certain IP for fail2ban. This is
for the VPN users that are placed in that range.
2023-01-17 21:34:54 +08:00
333adf0ce6
hosts/plover: update Gitea Asciidoctor markup to be embedded
2023-01-17 16:09:28 +08:00
002b65250c
hosts/plover: add default server to reverse proxy
2023-01-17 16:09:28 +08:00
6d9c43bafa
hosts/plover: initialize OpenVPN service
2023-01-17 16:09:28 +08:00
8e07223c97
hosts/plover: move into systemd-networkd for network setup
2023-01-17 16:09:28 +08:00
2e466e4561
hosts/plover: move hardware config to be hosting provider-specific
2023-01-15 14:39:44 +08:00
62d220eb2d
docs: add deploying firewall and networking on Plover README
2023-01-15 14:39:44 +08:00
5341024d96
hosts/plover: update comments and systemd journal matches for fail2ban
2023-01-15 14:39:44 +08:00
7de5c14ef5
hosts/plover: move hcloud-related files into a dedicated folder
2023-01-15 14:39:44 +08:00
6fe30acf2b
hosts/plover: fix formatting of files
2023-01-15 14:39:44 +08:00
02cfaaf362
hosts/plover: modularize PostgreSQL service
2023-01-15 14:39:44 +08:00
8bd05bf2a3
hosts/plover: modularize config
2023-01-12 22:37:52 +08:00
14a6a94d8f
docs: update README for Plover
2023-01-12 22:03:03 +08:00
f3b3666c67
hosts/plover: update gitea-dump pre-start script
2023-01-12 22:03:03 +08:00
98e452c047
hosts/plover: add Portunus seed
...
This is for defining users and groups. Pretty handy feature.
2023-01-12 22:03:03 +08:00
d9e4dbcb52
hosts/plover: update fail2ban configuration
2023-01-12 22:03:03 +08:00
10fe6c33af
hosts/plover: update Gitea home template
2023-01-10 12:13:51 +08:00
a8b66b67ea
hosts/plover: update Gitea logo
2023-01-09 13:12:32 +08:00
7dc523903c
hosts/plover: create separate passwords for different repos
2023-01-07 17:19:45 +08:00
d9908d2d8c
hosts/plover: fix the borg jobs function
2023-01-07 16:58:47 +08:00
4c34a87366
chore: reformat codebase
2023-01-07 16:06:34 +08:00
d9e7f7c67e
hosts/plover: add the dedicated borg SSH public key
2023-01-07 14:43:07 +08:00
c9182102be
hosts/plover: separate borg repos for different jobs
...
Makes it easier to manage them repos.
2023-01-07 11:39:20 +08:00
85e1914025
config: replace Borgbase with Hetzner storage box for Borg repos
2023-01-07 10:52:31 +08:00
e9aa875c6a
hosts/plover: fix hcloud user data
2023-01-07 10:52:30 +08:00
90177118b0
hosts/plover: use nftables as firewall
2023-01-07 10:52:30 +08:00
e90a719ca8
hosts/plover: update hardware config according to Hetzner Cloud defaults
2023-01-07 10:52:30 +08:00
533995eb09
docs: update various READMEs
2023-01-07 10:52:30 +08:00
4359c4d579
hosts/plover: enable firewall for Hetzner Cloud config
2023-01-05 19:48:54 +08:00
a046192bca
hosts/plover: add pre-service script for atuin service
2023-01-05 19:48:41 +08:00
affd08e3c1
hosts/plover: add Atuin sync server
2023-01-05 12:52:57 +08:00
5d02976d2c
hosts/plover: correct Keycloak virtual host location
2023-01-05 12:36:58 +08:00
451cb4e72d
hosts/plover: update hardware configuration
2023-01-05 11:08:51 +08:00
15ad934550
hosts/plover: set hardware config for Hetzner Cloud
2023-01-05 10:56:35 +08:00
de3ad5978b
hosts/plover: add documentation for deploying into Hetzner Cloud
2023-01-04 22:12:52 +08:00
bbc177a4b7
hosts/plover: remove the extra filesystem device
2023-01-04 19:54:21 +08:00
e4701a3e03
hosts/plover: add bootloader settings
2023-01-04 19:53:44 +08:00
dd5ee00ae8
hosts/plover: update LDAP server with Portunus
2023-01-01 15:47:06 +08:00
8c57eea6bb
hosts/plover: update OpenLDAP config
2022-12-29 10:26:31 +08:00
f789e85fcc
hosts/plover: add LDAP server to reverse proxy
2022-12-29 10:26:15 +08:00
bdf862cc91
hosts/plover: fix reverse proxy routes
2022-12-29 10:25:53 +08:00
aacfb1d091
hosts/plover: update README
2022-12-28 14:10:16 +08:00
14f190904f
hosts/plover: format code
2022-12-28 14:10:07 +08:00
fcd8bde8dc
hosts/plover: update Keycloak paths in reverse proxy
2022-12-28 14:09:33 +08:00
15722347eb
hosts/plover: add periodic cleanup to Gitea dumps
2022-12-28 14:09:33 +08:00
c92077380b
hosts/plover: refactor code
2022-12-28 14:09:33 +08:00
7b5c25bf18
hosts/plover: add LDAP server
2022-12-28 14:09:33 +08:00
85545ad810
hosts/plover: update Keycloak and Postgres config
2022-12-22 13:58:20 +08:00
7652bae7ed
hosts/plover: update Keycloak config
2022-12-19 20:31:01 +08:00
8c50ad93da
hosts/plover: refactor with subdomains
2022-12-19 20:30:30 +08:00
9f4d0e470c
hosts/plover: update Keycloak config
2022-12-17 22:23:36 +08:00
c008debd74
hosts/plover: disable PostgreSQL SSL mode
2022-12-17 22:23:11 +08:00
138fb25e8f
hosts/plover: update nginx config
2022-12-17 11:17:31 +08:00
59461cc416
config: refactor BorgBackup service
2022-12-17 11:17:31 +08:00
c54f8d7059
hosts/plover: refactor config
2022-12-17 11:17:31 +08:00
8021cb270e
hosts/plover: reformat code
2022-12-13 08:33:51 +08:00
6c02598f35
hosts/plover: add Keycloak service
2022-12-13 08:33:51 +08:00
502fd34ead
hosts/plover: enable SSL mode for PostgreSQL
2022-12-13 08:33:51 +08:00
61b36cd901
hosts/plover: refactor Borgbackup job function
2022-12-12 14:19:55 +08:00
4190b4a481
hosts/plover: update PostgreSQL initial script
...
We're doing the secure schema usage pattern as recommended from the
documentation. Since it is an initial script that will only run once, I
think it is OK to override steps such as creating roles ahead.
2022-12-12 14:17:57 +08:00
604cbbd48f
hosts/plover: update SSH keypair
2022-12-12 10:26:30 +08:00
5933e76e8e
hosts/plover: reformat the code
2022-12-12 10:26:30 +08:00
582393da5e
hosts/plover: add application data for backup
2022-12-12 10:26:30 +08:00
aedd3f7a15
hosts/plover: fix the erroneous attribute
2022-12-12 10:26:30 +08:00
74fa10f348
hosts/plover: enable PostgreSQL dump service
2022-12-12 10:26:30 +08:00
22bc41896c
hosts/plover: update Gitea configuration
2022-12-12 10:26:30 +08:00
Gabriel Arazas
8adcc0d512
hosts/plover: update config
...
In preparation of deploying it in a non-Google Compute Engine
environment, we'll update some of the settings.
2022-12-10 18:45:36 +08:00
Gabriel Arazas
cb11ceb3a9
hosts/plover: update config
2022-12-06 15:55:23 +08:00
Gabriel Arazas
e3e401f939
Revert "hosts/plover: add headless profile from nixpkgs"
...
This reverts commit 6300aa7275
2022-12-03 15:46:22 +08:00
Gabriel Arazas
6300aa7275
hosts/plover: add headless profile from nixpkgs
2022-12-03 15:24:22 +08:00
Gabriel Arazas
1e17c59034
users/plover: add home-manager user to config
2022-12-03 15:24:22 +08:00
Gabriel Arazas
b5b52426dc
config: restructure user and host files
2022-12-03 15:24:22 +08:00
Gabriel Arazas
9924811dc0
hosts/plover: remove GCP KMS key for secrets
2022-12-03 15:24:22 +08:00
Gabriel Arazas
06a8550c03
hosts/plover: fix secrets file
2022-12-03 15:24:22 +08:00
Gabriel Arazas
9e5d2e2307
hosts/plover: add hardened profile from nixpkgs
2022-12-03 15:24:22 +08:00
Gabriel Arazas
b8d916c8a2
hosts/plover: add DNS-related config
2022-12-03 11:48:32 +08:00
Gabriel Arazas
8f037a1606
hosts/plover: add backup service
2022-12-03 11:13:46 +08:00
Gabriel Arazas
625a8b191a
hosts/plover: update config
2022-12-03 07:31:46 +08:00
Gabriel Arazas
d4c45fd86b
hosts/plover: enable TCP/IP connection and fix database service
2022-12-01 08:21:58 +08:00
Gabriel Arazas
9a07eedb14
config: update comments and module descriptions
2022-11-30 08:40:49 +08:00
Gabriel Arazas
e6e3dc85f6
profiles/server: init module
2022-11-30 08:36:37 +08:00
Gabriel Arazas
131fa25023
profiles/system: rename to profiles/desktop
...
The need for configuring desktop and server in separate profiles is
becoming more obvious. Not to mention, most of the system config from
profiles/system is obviously more desktop-oriented.
2022-11-29 21:10:51 +08:00
Gabriel Arazas
07b198c5ab
docs: update
2022-11-29 15:58:33 +08:00
Gabriel Arazas
794a7a65ac
hosts/plover: update config
...
It now uses PostgreSQL for the services and also fixed some of the
misconfigurations in the services.
2022-11-29 15:58:33 +08:00
Gabriel Arazas
8e462418e3
hosts/plover: add gcp-kms key for secret
2022-11-27 00:51:05 +08:00
Gabriel Arazas
3889429ac2
hosts/plover: update config
2022-11-26 14:13:17 +08:00
Gabriel Arazas
f9751a9510
hosts/ni: update config
2022-11-25 21:27:25 +08:00
Gabriel Arazas
51d51f5398
hosts/plover: init
2022-11-25 14:51:27 +08:00
