This commit moves away from `virsh`, which requires setup and a
persistent daemon, and is rather complex and opaque, and will now have
virtual hosts use QEMU directly. Port mappings are now also made
automatically, albeit on higher ports -- port 8022 for SSH, port 8080
for HTTP, port 8443 for HTTPS. More port mappings will be added in the
future, with direct mappings made where possible.
Slidge replaces Spectrum with immense improvement to bridging
capabilities, albeit with only experimental MUC support. Nevertheless,
the current state is sufficiently stable for a complete replacement.
This option has Dovecot only return directories in LIST commands, which
is a necessary workaround because of how our home and maildir locations
are the same, which sometimes has extraneous files (such as Sieve
scripts) appear in IMAP directory listings.
We should eventually move away from this unified location, but doing so
requires careful planning and migration.
This commit moves the `nginx-proxy-http` service back to separate
`UPSTREAM_HOST`, `UPSTREAM_PORT`, and `UPSTREAM_PATH` variables, which
allows for more granular configuration, e.g. `proxy_redirect` patterns.
Gitea and Gitlab allow for filtering push events based on the branch
name, so we assume that webhook payloads don't need to be filtered based
on the branch in these cases. Github doesn't allow for this sort of
filtering, so we have to specify a default branch to filter on.
This commit switches Hugo to a webhook-based building process, with
support for Github, Gitlab, and Gitea hooks (including local versions of
Gitea) initially. In addition, Hugo-based sites are now intended to be
served under a single volume, with ingress configuration pointing to
sub-paths into the volume.
Documentation for webhook setup and NGINX proxy configuration is still
underway, and will be filled in later.
This commit unifies the `UPSTREAM_HOST` and `UPSTREAM_PORT` environment
variables to a new `UPSTREAM_ENDPOINT` variable, making additional
customizations (such as a `proxy_pass` to a sub-path) possible.
Users in the `prosody_user` and `prosody_admin` groups will be granted
access to Prosody (as regular users and administrators, respectively),
making this a more flexible solution compared to IMAP.
New Gitea installations will now use LDAP authentication, typically
provided by the included `lldap` service, over SMTP authentication, as
this is is more flexible.
This commit extends our `coreos-home-server-update` script with support
for updating host directories with configuration collected across
multiple remote directories of the same name. This will, essentially,
allow for extending systemd services with custom configuration, as
sometimes required of base systemd service files.
This sets the stage for moving common authentication from IMAP/Dovecot
to LDAP, which allows for more control over user information, as well as
a basic form of RBAC.
No services are currently set up to support LDAP -- support will follow
soon after this commit.
This commit removes host configuration that is only useful for my own
personal use-cases, and leaves base and virtual hosts, which are more
commonly useful. It is intended that additional hosts are tracked as
either submodules or subtrees, as required by individual use-cases.