* create new module for nginx
* setup cloudflare real_ip_header forwarding for fail2ban setup
* add hsts, improve qualys score
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* replace per-app postgresql configuration with a single, global postgres
setup
* add backup configuration to backup using restic
* add cluster upgrade script based on the NixOS Manual:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* lanzaboote is needed to evaluate nix configuration, even if it's not used
in the system.
* removed nixpkgs-immich since nixpkgs now has immich service
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
This is required for the document upload processing to successfully run.
Without this enabled, the document upload gets stuck on:
Upload complete, waiting...
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>