414bb513d0
kanidm: update options to use their new names
2026-02-22 21:36:43 +11:00
874d22580e
kanidm: upgrade to version 1.9
2026-02-22 21:16:14 +11:00
321850c714
forgejo: get certs for domain
2026-02-22 20:28:53 +11:00
90ba20d2cc
forgejo: move domain from being machine-specific to public
2026-02-22 20:14:59 +11:00
fa05bf798d
forgejo: make public
2026-02-20 17:14:03 +11:00
8d99b9cdf3
ddns-updater: init
2026-02-20 17:14:03 +11:00
b4bcfd90a9
coredns: init
2026-02-20 17:14:03 +11:00
887f72ad07
uptime-kuma: fix systemd tmpfile rule
2026-02-20 17:14:03 +11:00
93f912d548
services: move all secrets into /media/secrets
...
moves all secrets into one centralised location in
/media/secrets and uses systemd-tmpfiles to set the
appropriate permissions for them
2026-02-20 17:14:03 +11:00
0dc8c93281
nix: fix evaluation warnings
2026-02-20 17:14:03 +11:00
0e23397308
samba: init
2026-02-20 17:14:03 +11:00
dd7d4dbff5
chore: move all service data to /media/apps
2026-02-20 17:14:03 +11:00
36b3ef29fc
arr: remove bazarr
...
doesnt work half the time... and torrents downloaded already has better
subtitles included
2026-01-12 16:20:59 +11:00
59e9e26fcb
tinyauth: init
2026-01-12 16:19:38 +11:00
0d346e5ae6
karakeep: use native nix module
2026-01-11 21:59:44 +11:00
efa6c47e10
Revert "deluge: use a declarative configuration"
...
This reverts commit c02057b16decb83b295e4ab52dfdc3124c9c15fb.
2025-12-14 20:07:25 +11:00
1397a7e9e1
jellyseer: remove jellyseer
2025-12-14 20:07:25 +11:00
db97556d3d
deluge: use a declarative configuration
2025-12-14 20:07:25 +11:00
fc2d9b1076
forgejo: change data dir to /media/git
2025-11-30 21:28:15 +11:00
3e697de009
adguardhome: turn off mutable settings via web ui
2025-11-30 02:26:18 +11:00
b615282d98
adguardhome: rewrite nijika.astolfo.org to tailscale ips
2025-11-30 02:25:56 +11:00
eb2445ef27
kanidm: upgrade to 1.8
2025-11-23 19:03:27 +11:00
e1942bbe86
arr: reorganise module order
2025-09-11 18:31:41 +10:00
254433bc62
Revert "k3s: init"
...
This reverts commit 04a828d78d
2025-08-30 18:13:27 +10:00
04a828d78d
k3s: init
2025-08-30 15:19:39 +10:00
c0f9113ca7
karakeep: update oidc configuration
2025-08-23 21:45:41 +10:00
22ccbe0ccd
linkding: init
2025-08-23 21:08:58 +10:00
3e7fa7f2b9
ssh: allow putting authorised pub keys in home dir
2025-08-23 18:11:49 +10:00
dc179e636b
miniflux: set feed polling frequency to 3 hours
2025-08-23 14:48:12 +10:00
4a1b49ef6a
archiveteamwarrior: set configuration in env
2025-08-18 18:43:10 +10:00
4b41770aef
archiveteamwarrior: init
2025-08-18 18:22:09 +10:00
a4c17a3120
kanidm: update to version 1.7
2025-08-16 17:56:34 +10:00
7537a1e5b6
caddy: add block_non_private_ips snippet
...
blocks ips not in tailnet or in local network from accessing services
using `important block_non_private_ips` in their caddy config
2025-08-04 22:15:05 +10:00
42b72cfa0b
kanidm: update to kanidm 1.6
2025-06-25 17:17:31 +10:00
182e5fb3c4
Revert "forgejo: protect with anubis"
...
This reverts commit cdee22e165
2025-06-08 21:26:00 +10:00
5438cc0d76
forgejo: allow registration
...
previously registration was blocked (even with external providers) as
DISABLE_REGISTRATION was enabled.
now users can only register through oidc.
2025-05-25 01:14:43 +10:00
8d8d050dac
glance: replace pocketID with kanidm
2025-05-17 22:49:25 +10:00
064c72b1ec
glance: remove karakeep
2025-05-17 22:48:48 +10:00
cdee22e165
forgejo: protect with anubis
...
https://anubis.techaro.lol/docs/
2025-05-17 20:35:06 +10:00
b17a78cc4e
caddy: add an option to set the authentication domain
2025-05-12 19:34:19 +10:00
aefc1ad786
miniflux: use kanidm
2025-05-12 19:34:19 +10:00
26b050c9fc
forgejo: only allow registration through oidc providers
2025-05-12 19:34:19 +10:00
d6a7a1fc53
kanidm: init
2025-05-12 19:34:19 +10:00
a96821361d
caddy: make each machine have a seperate subdomain based on their hostname
2025-05-04 18:51:57 +10:00
7254a7d61f
glance: remove lidarr
2025-05-04 00:38:53 +10:00
72da1a0203
ssh: move ssh keys to a more acceptable place
2025-05-03 20:46:30 +10:00
e1bb7f664c
arr: remove lidarr
2025-05-03 20:40:44 +10:00
0561eaf54d
openssh: fix opening firewall
2025-05-03 16:34:35 +10:00
f7357d75b9
forgejo: disable registration
...
users would be created with oauth
2025-05-03 16:34:35 +10:00
66f036aee3
forgejo: fix ssh
...
really only a temporary solution for now, ideally we would do it so
only the forgejo user can use the .ssh/authorizedKeys file in their home
folder. but nix purity rules prevents that
2025-05-03 16:34:35 +10:00
