Navidrome is a Subsonic/Airsonic-compatible music server with a built-in
web interface, and can be used as a quasi-self-hosted-Spotify-alternative.
By default, music files are read from an empty `navidrome-music` volume,
which is expected to be populated via whatever external means are
available to the server. The workflow here might be improved in the
future.
This commit enables FTS via Xapian, and exposes the port required for
ManagedSieve integration with Dovecot; additionally, bugs in the
integration of LMTP with RSpamd have been fixed.
In support of these changes, configuration files that were previously
split into container-based and service-based are now consolidated, and
we now ensure that only our own container-based configuration is used
when running Dovecot.
Components being registered typically require a full restart of the
service, as a simple configuration reload does not handle on-the-fly
activation of any new components or modules.
Fortunately, a separate method exists for doing so, and our
`prosody-component-register` will now use this method in registering
components without a full restart of the underlying service.
This allows for registering external components for Prosody as needed,
and enables us to create templated Spectrum services for each supported
protocol.
Configuration has been updated for Biboumi to allow for automated
registration against Prosody as well.
This is a basic implementation on top of the venerable `rss2email`
script, and is intended to be driven by a timer and the
`rss2email-subscribe` service, which manages the subscribed feeds.
The SMTPS (465) And Submission (587) ports expect encryption, either
implicitly (i.e. via direct TLS connection) or explicitly (i.e. via
STARTTLS), but this was not enforced previously. Port 25 remains
configured for opportunistic encryption, but will still not allow for
authentication over unencrypted transports.
This partially reverts default network configuration, which will now
implicitly create the specified network without the ability to set
default plugins.
Templated services are also no longer enabled by default, but expect to
be enabled as part of concrete patterns.
Defaults for Podman that were previous applied as command-line arguments
to all `podman run` or `podman create` invocations are now specified in
a dedicated configuration file.
Services are also better identified against their name rather than the
generic `podman` ID derived from the `ExecStart` invocations.
This includes setting the Debian base image to a specific release rather
than the generic `stable` version, which can cause issues when assuming
package versions or external repository status.
This commit implements three new services, specifically:
- The `container-volume` service, which applies to a specific volume
name and ensures this exists. This is mainly useful as a dependency
to other services, as Podman will create named volumes itself if
needed.
- The `container-volume-backup` service, which creates a `tar.gz`
snapshot of the given volume's contents in `/var/lib/backups`.
- The `container-volume-restore` service, which populates an empty
volume from a pre-existing file in `/var/lib/backups`, presumably
created by `container-volume-backup`.
These are then be used to automatically create volume snapshots every 12
hours, rolling over every 7 days.
System files are moved to `/etc/coreos-home-server` to be unambiguous
in relation to other, pre-installed system files. Long-running services
are also now defined as `Type=notify`, which helps improve ordering and
dependencies.
The fixes here include typos, removals of deprecated paths, fixes for
first-boot-only systemd targets and related MariaDB migrate machinery,
better logging for Postfix, and an increase in the default request body
size for the default NGINX ingress.
Naming for services has been consolidated to `nginx-proxy` and
`nginx-serve`, and issues with resolving underlying containers in the
case of restarts have been fixed by way of resolver configuration.
This commit represents a large amount of work toward moving services to
a more standard approach to storing data, and a simplification in how
networks are managed.