colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
3,522 Commits 125 Branches 1 Tag 12 MiB
00d831e755
Commit Graph

105 Commits

Author SHA1 Message Date
Colin
00d831e755 wg-home: fix DNS forwarding 
ugh, this is a mess, but it seems to work
 2023-09-22 14:36:56 +00:00
Colin
63d65a453c trust-dns: spin up a separate server to wg-home requests, also forwarding them to upstream 2023-09-22 12:36:48 +00:00
Colin
38f839fb60 servo: fix over-broad "passwordFile" fix 2023-09-16 08:42:05 +00:00
Colin
321cc62ca0 passwordFile -> hashedPasswordFile to fix deprecation warning 2023-09-16 08:17:48 +00:00
Colin
f54d5a68ff trust-dns: 0.22.1 -> 0.23.0 2023-09-13 02:53:06 +00:00
Colin
7f8ce68182 transmission: disable the incomplete dir 2023-09-07 06:14:11 +00:00
Colin
edf936820a transmission: fix permission-related errors 2023-09-07 06:14:11 +00:00
Colin
4d75c3d97a ejabberd: document more compat & how to admin 2023-09-02 08:36:32 +00:00
Colin
90511ed765 ejabberd: support matrix: clarify client support 2023-09-02 08:36:32 +00:00
Colin
aa3b85511f ejabberd: docs: update federation/support matrix 2023-09-02 08:36:32 +00:00
Colin
357b6ef06e nfs: expose playground as a read/write dir 2023-09-01 10:08:29 +00:00
Colin
4fdf74fdbe export: enforce a quota 2023-09-01 03:37:33 +00:00
Colin
15e09573d5 exports: consolidate nfs and sftpgo mounts into /var/export 2023-09-01 01:23:35 +00:00
Colin
d6479ca148 nfs/sftpgo: combine into "exports" nix directory 2023-09-01 00:39:22 +00:00
Colin
cf9558f166 WIP: sftp: define playground as a btrfs subvolume 2023-09-01 00:35:43 +00:00
Colin
3f748164e4 ftp: add a playground directory 2023-08-31 12:56:30 +00:00
Colin
815a8b52b6 refactor: sftpgo: define permissions via nix config 2023-08-31 12:56:30 +00:00
Colin
639a4cfe50 ftp: grant read access to LAN 2023-08-31 12:56:30 +00:00
Colin
bf302f70f1 servo: ejabberd: give each TURN port a unique upnp description 
i think some impls expect the description to be unique?
 2023-08-29 11:46:40 +00:00
Colin
bdcccbd894 ejabberd: forward TURN ports over UPnP 2023-08-29 07:22:48 +00:00
Colin
89b5e8145d lemmy: pict-rs: remove unused options 2023-08-20 05:01:24 +00:00
Colin
0edab7ed64 lemmy: port to new pict-rs and enable video 2023-08-20 05:00:35 +00:00
Colin
2c4d30b5ec postgresql: tune db parameters 
fixes pleroma timeouts
 2023-08-17 01:28:37 +00:00
Colin
d0af645af8 pleroma: add missing "prepare: :named" config 2023-08-17 01:28:33 +00:00
Colin
69efecb2ef postgresql: update 13 -> 15 2023-08-16 11:09:22 +00:00
Colin
29b53d934f trust-dns: apply PR feedback 2023-07-15 09:07:57 +00:00
Colin
e6a989bc92 nginx/pleroma: correct an old todo 2023-07-15 00:08:05 +00:00
Colin
fdc18821ca servo: matrix-appservice-irc: remove completed todo 2023-07-14 22:11:59 +00:00
Colin
41f4d8e85a trust-dns: specify zone via shorthand 2023-07-13 10:04:20 +00:00
Colin
e38bf42506 trust-dns: migrate module to nixpkgs repo 2023-07-13 09:57:11 +00:00
Colin
452260f7c7 trust-dns: don't run as root 2023-07-10 09:00:37 +00:00
Colin
0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin
b7a77375b2 pleroma: block FB/IG/Meta's threads.net instance 2023-07-05 21:36:55 +00:00
Colin
07d7994176 pleroma: simplify proxy settings & make log level configurable 2023-07-05 09:04:50 +00:00
Colin
9777e5f83c trust-dns: rework the module to be more suitable for upstreaming 
still need to do hardening and docs
 2023-07-02 08:21:33 +00:00
Colin
154711432f pleroma: link to docs 2023-07-02 04:33:34 +00:00
Colin
36c181c147 matrix-irc: fix oftc connection 2023-06-27 08:08:27 +00:00
Colin
ed2480f48c matrix-appservice-irc: fix permissions errors 2023-06-21 06:12:08 +00:00
Colin
95f6fd7082 jackett: use recommendedProxySettings so that returned URLs are correct 2023-06-20 00:28:46 +00:00
Colin
8e17e2beb2 lemmy: remove unsupported settings.federation.enabled option 2023-06-19 21:17:59 +00:00
Colin
3b958ba356 sftp: allow read-only anonymous FTP 2023-06-19 03:49:51 +00:00
Colin
d95042ab65 servo: partially enable a FTP server 
disabled as i tidy it
strugging to enable an anonymous FTP user -- might not be possible without using the web admin interface
 2023-06-17 10:15:30 +00:00
Colin
b81642ccc9 servo/nfs: fix netmask typo 2023-06-15 02:13:29 +00:00
Colin
57ca3e67b3 servo/nfs: export rw if the source is wireguard 2023-06-15 01:52:15 +00:00
Colin
bcca6b6096 servo: export some read-only NFS mounts 2023-06-15 01:38:09 +00:00
Colin
79a7daca12 lemmy: more debugging 2023-06-11 11:24:15 +00:00
Colin
4fd4efa22f DNS: split the zone generation out of trust-dns 
this is in preparation for upstreaming parts of this into nixpkgs
 2023-06-08 00:32:28 +00:00
Colin
287817056f refactor: sane.services.wan-ports -> sane.ports 2023-05-31 04:25:39 +00:00
Colin
5cc7ced859 dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface. 
this simplifies the UPnP forwards and the OVPN routing
 2023-05-31 00:56:52 +00:00
Colin
4dc5378b3e dns: give different results based on which port the request arrives from 
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.

LAN requests are served by port 53 and `servo.lan.uninsane.org`.

i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).

we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
 2023-05-30 12:00:30 +00:00