8b25bc96a4
rescue: enable root-on-tmpfs, and consolidate those definitions
2023-11-09 00:15:30 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
6b7507384c
sftpo: restart on failure (e.g. when it fails to bind address
2023-11-03 07:21:21 +00:00
ec4b974f3d
matrix-synapse: auto-register the ntfy-sh push gateway at launch
2023-10-24 14:47:59 +00:00
275f1ba49f
trust-dns: 0.23.0 -> 0.24.0
2023-10-24 02:36:08 +00:00
c59e9b09fc
matrix: document push notification configuration
2023-10-22 14:47:52 +00:00
b10425f6b6
ntfy-waiter: never drop notifications, but rather sleep until client is ready to receive them
2023-10-22 12:10:52 +00:00
7541d5466e
ntfy-waiter: add a todo for not dropping notifications (!)
2023-10-22 11:48:01 +00:00
e1a80d6752
ntfy-waiter: forbid duplicate connections from the same IP
...
this is sort of a bandaid; it's still a bit iffy
2023-10-22 11:18:54 +00:00
523e859ee4
ntfy-waiter: more verbosity/debugging
2023-10-22 11:08:48 +00:00
2947e6635d
ntfy-waiter: move target from network -> default
2023-10-22 10:11:45 +00:00
3e8ad5b899
ntfy: implement a wrapper which converts ntfy subscriptions into a more specific wakeup signal
2023-10-22 06:11:49 +00:00
fafe7242f7
ntfy: refactor into multiple files
2023-10-22 04:16:24 +00:00
1a01a40e85
ntfy: move to own directory
2023-10-22 04:13:37 +00:00
f2f721234d
nginx: link to docs
2023-10-22 04:12:34 +00:00
2fa00b4c73
postfix: fix connectivity issues
2023-10-21 11:48:45 +00:00
cd617cc034
coturn: document routability concerns
2023-10-20 23:22:34 +00:00
f70c467971
prosody: push to ntfy on incoming call
2023-10-20 23:06:44 +00:00
6cb5edbfff
prosody: mod_sane_ntfy: hook to detect jingle calls
2023-10-20 10:39:57 +00:00
5a844762c2
prosody: ship a proof-of-concept hello world module
2023-10-20 10:25:42 +00:00
de9b1e6197
prosody: docs: not about watch:stanzas
2023-10-20 10:17:20 +00:00
f43bb446c8
prosody: move to own directory
2023-10-20 10:16:23 +00:00
6191542805
nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000
2023-10-20 04:48:30 +00:00
b8f13cd965
prosody/coturn: debugging (this config works with JMP.chat)
2023-10-20 03:14:36 +00:00
77b4e7ff09
slightly better prosody + coturn integration
...
still not able to receive incoming calls, but i pass more prosody self-checks
2023-10-17 09:43:55 +00:00
827d9626d6
ports: actually forward ovpns ports into the root namespace
2023-10-17 09:42:13 +00:00
cdfcf1a46d
sftpgo: dont activate until we have network
2023-10-17 09:41:07 +00:00
e8c4555be7
prosody: partial integration with coturn
...
still missing something, which breaks inbound calls
2023-10-17 01:16:59 +00:00
0092ccacbe
ejabberd: ensure coturn isnt running
2023-10-17 01:16:36 +00:00
184e37e2dc
derived-secrets: make the mode configurable
...
this should probably be moved into sane.fs proper at some point
2023-10-17 01:16:08 +00:00
5a2382f61c
prosody: remove dead code
2023-10-16 08:05:00 +00:00
f6c56969bc
xmpp: switch from ejabberd to prosody
2023-10-16 07:56:47 +00:00
83586ce483
trust-dns: cleanup some typos
2023-10-02 22:33:54 +00:00
e20c4d01e6
trust-dns: fix missing "mkdir" during service startup
2023-10-02 22:12:09 +00:00
01cad7b702
trust-dns: perform more specialization via structured config instead of sed
2023-10-02 22:02:46 +00:00
48715546e2
trust-dns: split into separate (restartable) services
2023-10-02 21:30:51 +00:00
9a16b1cda7
ntfy: add a lengthy proxy_read_timeout to prevent hangups
2023-09-27 18:25:36 +00:00
fad9c8f483
ntfy: run on a non-443 port
2023-09-26 13:51:27 +00:00
a265dd28dd
ntfy-sh: configure auth, simplify proxying
2023-09-25 17:34:50 +00:00
865777b7ba
enable ntfy (and manually integrate with matrix)
2023-09-23 21:09:04 +00:00
7b38ec3f8f
docs: irc: mention mnt-reform channel location
2023-09-23 11:20:45 +00:00
2f12fd8ae7
ejabberd: port config to structured nix attrs
2023-09-22 22:50:51 +00:00
6d7ff7ea86
fix trust-dns to resolve when invoked from VPN
2023-09-22 18:54:12 +00:00
00d831e755
wg-home: fix DNS forwarding
...
ugh, this is a mess, but it seems to work
2023-09-22 14:36:56 +00:00
63d65a453c
trust-dns: spin up a separate server to wg-home requests, also forwarding them to upstream
2023-09-22 12:36:48 +00:00
c1d62bdbc2
wg-quick: allow clients to contact the internet
2023-09-19 12:36:57 +00:00
9d1ebd38ce
wg-home: don't infer role from ip address, but set it explicitly
2023-09-19 11:38:51 +00:00
38f839fb60
servo: fix over-broad "passwordFile" fix
2023-09-16 08:42:05 +00:00
321cc62ca0
passwordFile -> hashedPasswordFile to fix deprecation warning
2023-09-16 08:17:48 +00:00
f54d5a68ff
trust-dns: 0.22.1 -> 0.23.0
2023-09-13 02:53:06 +00:00
7f8ce68182
transmission: disable the incomplete dir
2023-09-07 06:14:11 +00:00
edf936820a
transmission: fix permission-related errors
2023-09-07 06:14:11 +00:00
4d75c3d97a
ejabberd: document more compat & how to admin
2023-09-02 08:36:32 +00:00
90511ed765
ejabberd: support matrix: clarify client support
2023-09-02 08:36:32 +00:00
aa3b85511f
ejabberd: docs: update federation/support matrix
2023-09-02 08:36:32 +00:00
357b6ef06e
nfs: expose playground as a read/write dir
2023-09-01 10:08:29 +00:00
4fdf74fdbe
export: enforce a quota
2023-09-01 03:37:33 +00:00
15e09573d5
exports: consolidate nfs and sftpgo mounts into /var/export
2023-09-01 01:23:35 +00:00
d6479ca148
nfs/sftpgo: combine into "exports" nix directory
2023-09-01 00:39:22 +00:00
cf9558f166
WIP: sftp: define playground as a btrfs subvolume
2023-09-01 00:35:43 +00:00
3f748164e4
ftp: add a playground directory
2023-08-31 12:56:30 +00:00
815a8b52b6
refactor: sftpgo: define permissions via nix config
2023-08-31 12:56:30 +00:00
639a4cfe50
ftp: grant read access to LAN
2023-08-31 12:56:30 +00:00
bf302f70f1
servo: ejabberd: give each TURN port a unique upnp description
...
i think some impls expect the description to be unique?
2023-08-29 11:46:40 +00:00
bdcccbd894
ejabberd: forward TURN ports over UPnP
2023-08-29 07:22:48 +00:00
89b5e8145d
lemmy: pict-rs: remove unused options
2023-08-20 05:01:24 +00:00
0edab7ed64
lemmy: port to new pict-rs and enable video
2023-08-20 05:00:35 +00:00
2c4d30b5ec
postgresql: tune db parameters
...
fixes pleroma timeouts
2023-08-17 01:28:37 +00:00
d0af645af8
pleroma: add missing "prepare: :named" config
2023-08-17 01:28:33 +00:00
69efecb2ef
postgresql: update 13 -> 15
2023-08-16 11:09:22 +00:00
8a0efb3e40
servo: bump /tmp space to 32 GB
2023-08-11 07:10:25 +00:00
44059b34c7
don't ship unused sane-scripts
2023-08-02 21:09:16 +00:00
5cd05d8762
programs: split consoleUtils into separate normal/desktop sets
2023-07-30 11:59:38 +00:00
29b53d934f
trust-dns: apply PR feedback
2023-07-15 09:07:57 +00:00
e5cca42717
servo: fix sane.nixcache path
2023-07-15 00:40:31 +00:00
e6a989bc92
nginx/pleroma: correct an old todo
2023-07-15 00:08:05 +00:00
2f5c33b2b4
nixcache: tidy up substituter config
2023-07-14 22:33:33 +00:00
fdc18821ca
servo: matrix-appservice-irc: remove completed todo
2023-07-14 22:11:59 +00:00
962ffeab7e
re-enable zramSwap on all devices
...
this is critical on moby, though even with this swap, we run out of CMA (videoram) instead -- just later
2023-07-13 23:37:30 +00:00
d3d9b30f29
consolidate /tmp fs into hosts/modules/roles
2023-07-13 22:04:28 +00:00
41f4d8e85a
trust-dns: specify zone via shorthand
2023-07-13 10:04:20 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
b7a77375b2
pleroma: block FB/IG/Meta's threads.net instance
2023-07-05 21:36:55 +00:00
07d7994176
pleroma: simplify proxy settings & make log level configurable
2023-07-05 09:04:50 +00:00
1d11c9b342
servo: persist media/datasets
...
it has to be under media so that transmission can see it
2023-07-05 09:04:50 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
154711432f
pleroma: link to docs
2023-07-02 04:33:34 +00:00
36c181c147
matrix-irc: fix oftc connection
2023-06-27 08:08:27 +00:00
ed2480f48c
matrix-appservice-irc: fix permissions errors
2023-06-21 06:12:08 +00:00
95f6fd7082
jackett: use recommendedProxySettings so that returned URLs are correct
2023-06-20 00:28:46 +00:00
8e17e2beb2
lemmy: remove unsupported settings.federation.enabled option
2023-06-19 21:17:59 +00:00
3b958ba356
sftp: allow read-only anonymous FTP
2023-06-19 03:49:51 +00:00
d95042ab65
servo: partially enable a FTP server
...
disabled as i tidy it
strugging to enable an anonymous FTP user -- might not be possible without using the web admin interface
2023-06-17 10:15:30 +00:00
b81642ccc9
servo/nfs: fix netmask typo
2023-06-15 02:13:29 +00:00
57ca3e67b3
servo/nfs: export rw if the source is wireguard
2023-06-15 01:52:15 +00:00
bcca6b6096
servo: export some read-only NFS mounts
2023-06-15 01:38:09 +00:00
79a7daca12
lemmy: more debugging
2023-06-11 11:24:15 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
5b80308074
servo: disable broken mx-discord-puppet
2023-05-26 21:04:54 +00:00
a541e866a1
servo: remove the extraneous firewall enable statement. FW is enabled by default
2023-05-26 04:52:52 +00:00
8cde4135b1
matrix: irc: libera: configure with sasl=false
2023-05-24 07:40:35 +00:00
8a28e347f5
matrix: bridge to irc.libera.chat
2023-05-19 10:47:41 +00:00
2e9eb51893
i2p/yggdrasil: factor out and only enable for desko/servo
...
especially this means i no longer run them on moby, improving battery life & such
2023-05-17 01:53:17 +00:00
e0c2e8c149
lemmy: split the nginx config out into something that can be upstreamed later
...
(waiting for the nixosTests to pass before upstreaming)
2023-05-16 06:04:29 +00:00
95635be1d5
matrix: bridge to irc.oftc.net
2023-05-16 05:55:16 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
b39a250e22
secrets: fix servo secrets to all be "binary" format
2023-05-14 08:47:21 +00:00
0822ed34d7
secrets: split matrix_synapse_secrets out of servo.yaml
2023-05-14 08:46:40 +00:00
147b1c50b2
secrets: split pleroma_secrets out of servo.yaml
2023-05-14 08:44:37 +00:00
55875816d0
secrets: split nix_serve_privkey out of servo.yaml
2023-05-14 08:43:07 +00:00
e25a4bbee6
secrets: split freshrss_passwd out of servo.yaml
2023-05-14 08:41:27 +00:00
dbb9e00bed
secrets: split dovecot_passwd out of servo.yaml
2023-05-14 08:40:35 +00:00
6b1c3d02c1
secrets: split wg_ovpns_privkey out of servo.yaml
2023-05-14 08:38:46 +00:00
4a448a1bf1
secrets: split ddns_afraid out of servo.yaml
2023-05-14 08:37:13 +00:00
452a55c5e1
secrets: split ddns_he out of servo.yaml
2023-05-14 08:36:04 +00:00
d10f70aff7
secrets: split duplicity_passphrase out of servo.yaml
2023-05-14 08:34:36 +00:00
38423183ee
secrets: split mediawiki_pw out of servo.yaml
2023-05-14 08:33:22 +00:00
af42cbd575
servo: fix typo in nixserve secret config
2023-05-14 02:33:56 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
74e3aa02b9
servo: disable DNSSEC to fix connectivity problems
2023-05-13 21:28:47 +00:00
5997283cef
lemmy: break pict-rs config into own unit & persist its data
2023-05-12 06:54:26 +00:00
d7bed3bec2
lemmy: remove debugging statements
2023-05-12 04:49:15 +00:00
079ab08642
lemmy: remove federation.debug
2023-05-12 04:47:10 +00:00
e34c9cc190
lemmy: enable proxyWebsockets instead of manually specifying upgrade logic
2023-05-12 04:46:38 +00:00
6ff2c8acae
lemmy: restrict the http_accept types i forward to the backend
...
it seems that forwarding `POST`s is the important part i was missing earlier
2023-05-12 03:05:26 +00:00
04e8e72ae3
lemmy: switch back to using nix-style proxyPass
2023-05-12 02:47:47 +00:00
5b33c85e75
gitea: link to config options
2023-05-12 02:35:46 +00:00
083d905f4c
lemmy: fix federation
...
now when i subscribe to a community, the request actually seems to go through.
this change probably does more than necessary, but it serves as a known-good config
2023-05-12 02:35:37 +00:00
ada8b75670
transmission: double upload BW to 600 kBps
2023-05-11 06:27:31 +00:00
b9afd1e340
lemmy: fixup websocket forwarding
...
able to create admin account and subscribe to remote communities.
haven't tested posting comments.
2023-05-10 08:24:52 +00:00
bfcbea5ca1
lemmy: fix the database connection
2023-05-09 10:05:14 +00:00
0376b15a2f
matrix: appservice-irc: connect to esper.net IRC
2023-05-09 08:01:26 +00:00
94a8c00a40
gitea: migrate config away from deprecated options
2023-05-05 22:33:59 +00:00
96eb427ea7
matrix: support larger uploads (100M)
2023-05-03 22:22:09 +00:00
96d113ffac
lemmy: bump to git version in attempt to debug failed launch
2023-04-30 00:54:08 +00:00
d06516a71b
servo: try to ship lemmy (it's failing with some DB migration stuff)
2023-04-28 02:02:39 +00:00
09a1d286d0
servo: enable komga, a comic/manga webapp
2023-04-21 07:15:05 +00:00
0662b06df6
servo: try to ship calibre (but i get runtime errors, so disable it)
2023-04-21 06:57:26 +00:00
b0a99da884
dovecot: if mail fails DKIM, deliver it to Junk
2023-04-20 14:25:59 +00:00
12fd7ebc41
email: split dovecot config out of postfix config
2023-04-20 09:43:39 +00:00
f4a04ff6ba
reorg: move postfix stuff into an email subdir
2023-04-20 09:24:20 +00:00
89e2a83067
postfix: toy with some spam protection (but don't actually enable it)
2023-04-20 09:17:25 +00:00
6af0d54e7b
matrix: re-enable signal bridge
2023-04-18 06:10:17 +00:00
