This commit contains a fairly large diff for a fairly small change:
moving the `config/common` directory to `host/base` to better reflect
its intended use, and promoting `config/service` to the root directory.
These changes unlock some improvements in `coreos-home-server-update`
processes, which will (assuming `/etc/coreos-home-server/base` exists)
keep host-wide systemd services in sync in addition to service-specific
ones.
Changes have been make to the `Makefile` and a few other places where
`config/common` was referenced, but most of this work is renames that
are not intended to break compatibility with new or running servers.
Most importantly, this helps make WebRTC calls in XMPP more reliable
when either (or both) endpoints are behind NAT (as is the case with most
mobile devices), and avoids depending on a third-party service.
Default configuration has been applied in the virtual environment file;
this allows for setting up most host-dependent configuration easily.
This service allows for easy serving of static content in a volume,
typically HTML files in directory structures mapping to the navigation
structure for the content served.
This commit extends the pre-existing `git` service with static HTML
generation for public repositories (i.e. repositories placed under the
`public` directory), which can then be served via existing mechanisms.
In support of these changes, public repositories can be made available
for cloning via the `git://` protocol, which listens on port 9418 by
default. Only public repositories will be considered, and user access
has been set up to ensure that private repositories are not made
accessible by accident.
This commit updates the default resolver configuration for Nginx servers
to not attempt to resolve IPv6 addresses, and only holds resolved IPs
for a maximum of 60 seconds, in order to avoid issues with stale cache.
Our previous setup did not ensure that the default server was actually
the default (though doing this for port 443 remains an open question).
In addition, we now have Nginx close the connection immediately rather
than respond with a 204.
This commit integrates WriteFreely as a systemd service, set up as a
single-user instance by default (as is probably appropriate for a
home-server setup); a default administrator is set up, and whoever
is managing the home-server is expected to update the username and
password after first login.
Though WriteFreely expects to have a hostname set up for the instance,
we do not listen on any specific hostname by default. It is expected,
rather, that the `nginx-proxy-http` service is used with a drop-in for
using the correct `writefreely` upstream.
Configuration for this will continue to evolve as required.
Navidrome is a Subsonic/Airsonic-compatible music server with a built-in
web interface, and can be used as a quasi-self-hosted-Spotify-alternative.
By default, music files are read from an empty `navidrome-music` volume,
which is expected to be populated via whatever external means are
available to the server. The workflow here might be improved in the
future.
This commit enables FTS via Xapian, and exposes the port required for
ManagedSieve integration with Dovecot; additionally, bugs in the
integration of LMTP with RSpamd have been fixed.
In support of these changes, configuration files that were previously
split into container-based and service-based are now consolidated, and
we now ensure that only our own container-based configuration is used
when running Dovecot.
The `discord-ircd` service has been removed as of a few commits ago, but
references to this were not removed entirely. In addition, we now mask,
not disable, the `coreos-home-server-update` timer to ensure this cannot
be re-enabled spuriously.
Components being registered typically require a full restart of the
service, as a simple configuration reload does not handle on-the-fly
activation of any new components or modules.
Fortunately, a separate method exists for doing so, and our
`prosody-component-register` will now use this method in registering
components without a full restart of the underlying service.
This also updates the Ignition compilation dependency resolution to
ignore local file references that have been commented out, and masks the
timer for updating CoreOS configuration in virtual environments, to
avoid overriding any changes made locally.
This allows for registering external components for Prosody as needed,
and enables us to create templated Spectrum services for each supported
protocol.
Configuration has been updated for Biboumi to allow for automated
registration against Prosody as well.