ec0fe7dec8
services/vouch-proxy: fix permissions for generated secrets
2023-10-14 14:03:40 +08:00
5657a5e023
services/vouch-proxy: use system user for service
...
This enables integration with secrets such as sops-nix instead of the
previous service config of being a dynamic user.
2023-10-14 11:06:23 +08:00
d43708983a
services/wezterm-mux-server: update service hardening options
...
It should be less strict overall with the ProtectHome= settings.
2023-10-14 11:05:46 +08:00
6012556a3d
services/wezterm-mux-server: revert to system user for service
...
I don't know how to completely make it isolated AND working.
2023-10-14 11:05:17 +08:00
7daea6c427
services/vouch-proxy: update service config
2023-10-13 14:24:44 +08:00
3ee04bb812
chore: reformat codebase
2023-10-09 20:48:01 +08:00
7d55e45f70
services/vouch-proxy: add some more hardening options
2023-10-09 20:46:06 +08:00
2dbb3ed68c
services/vouch-proxy: restructure for multiple instances
...
This resolves some cases where the admin does not have all of their
users within the protected domain and some in others.
2023-10-09 20:43:13 +08:00
5152bae032
services/vouch-proxy: add more systemd directives
2023-10-09 22:31:27 +08:00
b4b64fa50b
services/vouch-proxy: improve conditional settings file option
2023-10-07 20:42:52 +08:00
069723d38a
services/wezterm-mux-server: hardcode user and group
...
With DynamicUser directive, it should be easy to make this usable.
2023-10-06 13:48:12 +08:00
86d8878fab
services/vouch-proxy: init
2023-10-07 20:41:14 +08:00
12bb71be20
services/wezterm-mux-server: improve code
2023-10-05 10:23:09 +08:00
c410ece05a
treewide: remove options attribute for modules
2023-10-02 14:26:11 +08:00
ac39b4cc58
services/wezterm-mux-server: add user and group option
...
The errors are most likely from wezterm-mux-server trying to start a
shell. This could be configured but it is better to treat this service
similarly to SSH servers.
2023-07-28 08:35:07 +08:00
f34d793bb6
services/wezterm-mux-server: update hardening settings
2023-07-27 22:21:30 +08:00
9d75a4101f
services/wezterm-mux-server: update service dependency
2023-07-27 13:35:38 +08:00
3c4aef00d4
modules: convert module description to RFC0072-style
2023-07-27 11:13:39 +08:00
44ccbea7e1
services/wezterm-mux-server: init module
2023-07-20 10:40:04 +08:00
Gabriel Arazas
3a7816a901
chore: reformat codebase
2022-11-19 11:32:29 +08:00
Gabriel Arazas
ae0cb8596a
config: refactor and update
2022-10-10 11:45:22 +08:00
Gabriel Arazas
d20b192c41
services: refactor
2022-09-12 17:36:22 +08:00
Gabriel Arazas
767bfddead
services/yt-dlp: update config to log to journal
...
Apparently, it doesn't really log the errors in the journal so it can
make the service failed for no reason. It can be configured to redirect
it to journal.
2022-08-31 14:37:58 +08:00
Gabriel Arazas
36909a281f
services/yt-dlp: refactor
2022-08-11 09:43:17 +08:00
Gabriel Arazas
631b14f8b5
services/archivebox: add job-specific service persistence
2022-08-06 14:04:21 +08:00
Gabriel Arazas
4dd2acfe7f
services/archivebox: change jobs.<name>.links to jobs.<name>.urls
2022-07-31 14:44:29 +08:00
Gabriel Arazas
8fdd60098f
services: fix correct module documentation
2022-07-30 16:22:24 +08:00
Gabriel Arazas
906ea48993
services: change dependency requirement
...
I didn't realize `network.target` is very ambiguous. The next best thing
for booting up the service after the system is up is `default.target`
but we're being explicit here for NixOS services just to make sure.
2022-07-22 15:02:30 +08:00
Gabriel Arazas
d9811b1d84
services/gallery-dl: add job persistence
2022-07-21 09:54:36 +08:00
Gabriel Arazas
e9c2c3d226
services/yt-dlp: add job persistence
2022-07-21 09:54:00 +08:00
Gabriel Arazas
37a1c4ee33
services/yt-dlp: escape extra arguments
...
Proper service scripting and all that.
2022-07-20 16:58:31 +08:00
Gabriel Arazas
dd9921fc7e
services/gallery-dl: add job-specific settings
...
The arguments are also arranged to let the resulting settings cascade
from service-wide to job-specific settings.
2022-07-20 16:56:44 +08:00
Gabriel Arazas
a916d78f09
profiles/services: remove path assertions
...
It was supposed to create the directory if it wasn't found which is
self-defeating. In any case, it will still fail if the directory is in
the way of an unmounted device.
2022-07-13 19:11:33 +08:00
Gabriel Arazas
ff6f652641
services/archivebox: create service
2022-07-06 07:46:40 +08:00
Gabriel Arazas
d111304d71
nixos/services: add path assertions
2022-07-06 07:38:21 +08:00
Gabriel Arazas
cffc206eb4
services/gallery-dl: update hardening options
2022-04-29 16:55:09 +08:00
Gabriel Arazas
c9d497c3fc
services/yt-dlp: update hardening options
2022-04-29 16:54:36 +08:00
Gabriel Arazas
b50b53238c
services/gallery-dl: fix script and options
2022-04-22 13:14:02 +08:00
Gabriel Arazas
c0dd8ab1a8
services/yt-dlp: fix service working directory
...
There is the `--paths` option for that purpose. It also eliminates the
workaround for creating the directory before starting the service for
newly-bootstrapped systems.
The several hardening options have also been corrected.
2022-04-22 13:13:48 +08:00
Gabriel Arazas
560e296532
services/yt-dlp: harden the service
2022-04-17 22:33:04 +08:00
Gabriel Arazas
10b3d01424
services/gallery-dl: harden the service
2022-04-17 22:33:04 +08:00
Gabriel Arazas
49018fb53e
modules: reformat and refactor
2022-04-06 10:48:29 +08:00
Gabriel Arazas
6e214feb4a
services/yt-dlp: init service
...
Structure-wise, it is pretty similar to the gallery-dl service. It was
about to be combined into a bigger service module as a dedicated service
for multimedia archiving but it is better to have them modularized in
the long run.
2022-04-03 10:18:22 +08:00
Gabriel Arazas
e0bba5655b
services/gallery-dl: init service
...
Both for home-manager and NixOS, this time. Because I find use for both
of them, especially if you have a dedicated server for NixOS.
2022-04-03 10:10:29 +08:00
Gabriel Arazas
e79460b3af
nixos/services/borgmatic: remove service
...
It is not needed anymore since all of my backup procedures are now done
with the NixOS borg service.
2022-02-23 14:02:24 +08:00
Gabriel Arazas
4ec2730ad8
host/ni: use Guix module from guix-overlay
2022-02-02 12:27:32 +08:00
Gabriel Arazas
a6a4b2b1e1
Update various files
2022-01-25 09:32:17 +08:00
Gabriel Arazas
0f31e8b361
modules/nixos/services/guix: add Guix binary installation service
2022-01-19 09:53:55 +08:00
Gabriel Arazas
7db21c9fc5
Format the files through nixfmt
2022-01-11 20:22:08 +08:00
Gabriel Arazas
6b481a163a
Restructure the modules
...
While it is easier to maintain the modules by prefixing them all with
`modules`, it is not easy when used from other flakes and/or modules.
This is my attempt on making it easier with appropriate namespaces.
Update home-manager user from the restructure
2022-01-09 19:44:09 +08:00
