Users in the `prosody_user` and `prosody_admin` groups will be granted
access to Prosody (as regular users and administrators, respectively),
making this a more flexible solution compared to IMAP.
These were prepared as import-able dashboards, which prepares common
options as variables to be provided by the user, and thus is not
compatible with automated provisioning.
This commit adds basic Grafana dashboards for Dovecot and Prosody, to be
automatically deployed alongside the relevant services (if Grafana
itself is enabled).
This commit adds two services, `grafana` and `prometheus`, and sets up
some existing services (`dovecot` and `prosody`) to expose metrics into
Grafana. In addition, systemd services have been added to facilitate
registering metrics for services into Prometheus, as well as
automatically provisioning Grafana dashboards based on static JSON
representations.
This work will continue to evolve as more services gain proper Grafana
dashboards, and Loki is also integrated for access to the systemd
journal.
Direct TLS connections for clients allow for faster connection
establishment, and disabling HTTPS in Prosody fixes use of components
which expect to be exposed via a reverse proxy (such as Nginx).
This extends SSL/TLS configuration for client connections to allow for a
set of additional ciphers over the current "intermediate" set of
defaults applied, in support of older clients.
This brings a number of changes and improvements, and moves from MariaDB
to SQLite for storage, which requires manual migration for pre-existing
deployments using `prosody-migrator`.
We no longer copy service directories into `/etc/coreos-home-server` if
these have not had their respective `spec.bu` files included; these
directories are not needed in these cases, and would be erroneously
considered as eligible in subsequent `coreos-home-server-update`
invocations.
This commit contains a fairly large diff for a fairly small change:
moving the `config/common` directory to `host/base` to better reflect
its intended use, and promoting `config/service` to the root directory.
These changes unlock some improvements in `coreos-home-server-update`
processes, which will (assuming `/etc/coreos-home-server/base` exists)
keep host-wide systemd services in sync in addition to service-specific
ones.
Changes have been make to the `Makefile` and a few other places where
`config/common` was referenced, but most of this work is renames that
are not intended to break compatibility with new or running servers.