e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
cecb114810
clightning: harden
2024-01-04 18:47:40 +00:00
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
41ae86f40f
servo: enable clightning
2024-01-03 13:56:42 +00:00
3e52956a3a
servo: clightning: integrate, but do not enable
2024-01-02 18:32:34 +00:00
28d0a72c62
define (but dont activate) a clighting bitcoin service
2024-01-02 14:29:52 +00:00
23f4b2e2e4
nixserve: dependency-inject the pubkey
...
this is in modules/ dir; shouldn't have that kind of data in it
2023-11-23 02:14:18 +00:00
2d65282643
nixremote: define the user as part of the nixserve module
2023-11-23 02:08:45 +00:00
77a0a36bb8
enable remote-building for lappy/moby
2023-11-23 01:59:37 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
6191542805
nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000
2023-10-20 04:48:30 +00:00
e5125065d6
eg25-control: add a timeout to how long a power-on can take
2023-10-07 04:27:14 +00:00
6c6e1ee84b
moby: add gps-related services to the "dialout" group
2023-10-03 01:01:06 +00:00
2f7655e1c1
eg25-control: don't auto-start GPS on boot
...
this also means we don't power the modem on boot
this is OK to do now that i have a toggle in swaync for GPS
2023-09-15 16:55:27 +00:00
71c01795f4
moby: eg25-control-freshen-agps: fix to actually run hourly
2023-09-15 07:35:05 +00:00
2291c89dbc
moby: eg25-control: fixup perms & add service that DLs new agps data when stale
2023-09-15 04:47:12 +00:00
1546304b4e
eg25-control: run as own user
...
its perms might still need adjustment so that it can control modem power and write to mmcli
2023-09-15 03:54:01 +00:00
a0c2ed38e6
eg25-control: allow finer-grained service control
2023-09-15 01:38:50 +00:00
1c7997e1ef
rename eg25-control-defaults.service -> eg25-control
2023-08-28 08:03:14 +00:00
5d349ce042
moby: init GPS during boot
2023-08-22 04:53:40 +00:00
17b90fc697
eg25-manager: configure without modemmanager support
2023-08-17 08:34:32 +00:00
4ec947d549
eg25-manager: set RestartSec to make the restart loops less painful
2023-08-16 09:09:13 +00:00
db99043753
eg25-manager.service: remove modem_power module & point to the right UART
2023-08-15 10:46:18 +00:00
664b21e5f1
enable eg25-manager (experimental)
2023-08-10 07:27:38 +00:00
ebcc0c269e
trust-dns: remove from this repo
...
it's fully upstreamed into nixpkgs now
2023-07-16 12:27:23 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
4a7398da2f
trust-dns: finish hardening
2023-07-13 01:33:31 +00:00
f765e3d030
sane-ip-check: also store the upnp gateway
2023-07-11 00:55:04 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
b648aca505
trust-dns: link to docs in service file
2023-07-10 08:12:07 +00:00
8c4af55f82
trust-dns: apply some hardening (still need more)
2023-07-10 08:00:45 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
c44f69a01f
modules/services/dyn-dns: specifc sane-ip-check* more irectly
2023-06-07 08:00:43 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
7e402ce974
dyn-dns: obtain IP address via UPnP
2023-05-26 22:40:50 +00:00
ace9d71d0e
nix-serve: fix typo
2023-05-18 11:07:51 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
6af0d54e7b
matrix: re-enable signal bridge
2023-04-18 06:10:17 +00:00
c5c1378f59
trust-dns: properly quote TXT records
2023-03-14 11:34:48 +00:00
017aa335b1
servo: dyn-dns: have getIp command use a fallback
2023-02-21 11:25:34 +00:00
854977c3aa
move duplicity out of modules -> hosts
2023-01-30 11:11:42 +00:00
33d7819619
trust-dns: add a "quiet" option and enable it
2023-01-25 08:18:29 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
9eafacad12
mautrix-signal: get a *little* closer to working
...
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from
its config file -- which we place in the nix store. as such, we have no
easy way of getting the token from registration.yaml over to
mautrix-signal. this is presumably what the environmentFile stuff is
meant for, but it doesn't *really* help much.
i think it makes sense to pursue coffeetables' nix-matrix-appservices
module, which has good-looking AS_TOKEN support:
<https://gitlab.com/coffeetables/nix-matrix-appservices >
2023-01-16 10:22:44 +00:00
