ebcc0c269e
trust-dns: remove from this repo
...
it's fully upstreamed into nixpkgs now
2023-07-16 12:27:23 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
4a7398da2f
trust-dns: finish hardening
2023-07-13 01:33:31 +00:00
f765e3d030
sane-ip-check: also store the upnp gateway
2023-07-11 00:55:04 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
b648aca505
trust-dns: link to docs in service file
2023-07-10 08:12:07 +00:00
8c4af55f82
trust-dns: apply some hardening (still need more)
2023-07-10 08:00:45 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
c44f69a01f
modules/services/dyn-dns: specifc sane-ip-check* more irectly
2023-06-07 08:00:43 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
7e402ce974
dyn-dns: obtain IP address via UPnP
2023-05-26 22:40:50 +00:00
ace9d71d0e
nix-serve: fix typo
2023-05-18 11:07:51 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
6af0d54e7b
matrix: re-enable signal bridge
2023-04-18 06:10:17 +00:00
c5c1378f59
trust-dns: properly quote TXT records
2023-03-14 11:34:48 +00:00
017aa335b1
servo: dyn-dns: have getIp command use a fallback
2023-02-21 11:25:34 +00:00
854977c3aa
move duplicity out of modules -> hosts
2023-01-30 11:11:42 +00:00
33d7819619
trust-dns: add a "quiet" option and enable it
2023-01-25 08:18:29 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
9eafacad12
mautrix-signal: get a *little* closer to working
...
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from
its config file -- which we place in the nix store. as such, we have no
easy way of getting the token from registration.yaml over to
mautrix-signal. this is presumably what the environmentFile stuff is
meant for, but it doesn't *really* help much.
i think it makes sense to pursue coffeetables' nix-matrix-appservices
module, which has good-looking AS_TOKEN support:
<https://gitlab.com/coffeetables/nix-matrix-appservices >
2023-01-16 10:22:44 +00:00
0eb46a3179
add mautrix-signal (experimental)
2023-01-16 09:03:56 +00:00
fe816e9110
persist: lift sane.persist.dirs.{home,sys} up one level
2023-01-06 11:29:13 +00:00
8217b22c86
rename impermanence -> persist
2023-01-06 10:04:51 +00:00
327e6b536f
impermanence: large refactor, and experimental bind mounting of things from ~/private
2023-01-03 07:22:37 +00:00
be222c1d70
trust-dns: allow shorthand assignment of record lists
2023-01-02 13:23:52 +00:00
54dd643cf0
trust-dns: make a note about another DNS library we could draw from
2023-01-02 11:33:32 +00:00
121936620a
impermanence: add support for encrypted clear-on-boot storage
...
this is useful for when we need to store files to disk purely due to
their size, but don't actually want them to be persisted.
2022-12-29 01:17:40 +00:00
278cc98c6d
minor ejabberd config changes, simplify DNS %NATIVE% updating
2022-12-21 08:50:41 +00:00
97044bf70e
trust-dns: port to dyn-dns for determining WAN IP
...
although the systemd wantedBy directive is working,
`before` seems to be ignored when the unit fails. so on first run,
dyn-dns runs, fails (poor net connectivity), then trust-dns starts
(fails), then they both restart 10s later.
it's not great, but good enough. also, wan IP is persisted, so this
likely won't happen much in practice.
2022-12-19 13:12:23 +00:00
3122334a41
dyn-dns: fix to only react when the IP actually changes
2022-12-19 11:54:27 +00:00
8acd6ca4f1
create sane.services.dyn-dns to manage dynamic DNS stuff
...
not yet integrated into servo
2022-12-19 11:16:30 +00:00
9b66aecf1b
trust-dns: port the remaining records to a structured format
...
SRV and MX _could_ have more structure (priority, etc).
not sure the best path there (option submodule, i guess).
2022-12-19 04:38:43 +00:00
16cb3b83a2
trust-dns: more idiomatic way to define SOA records
2022-12-19 04:00:27 +00:00
970438be8a
trust-dns: rename records option -> extraConfig
...
i'll be adding special options for records
2022-12-19 03:12:32 +00:00
199a49755a
create a kiwix-serve service
2022-12-16 02:15:17 +00:00
8fe304d6c1
trust-dns: split the service into a generic config interface
2022-12-15 11:17:50 +00:00
a0e85ff31b
nixserve: remove the default sops path
...
it might make more sense to make this a runtime path (/run/secrets/...)
2022-11-22 03:20:50 +00:00
b869617b09
duplicity: refactor and update files list
2022-11-21 10:39:52 +00:00
36d8a711ac
modules/services: abstract behind default.nix
2022-10-24 06:13:04 -07:00
e9da458179
nix-serve: open firewall port (for desko)
2022-09-14 18:19:56 -07:00
b8ab7c1fa9
desko: enable nix-serve
2022-09-14 14:45:07 -07:00
cdbde672d8
lift nix-serve out of servo
...
i'm going to enable it on desktop
2022-09-14 14:32:31 -07:00
8a0da17f05
duplicity: add TODO about impermanence support
2022-08-02 15:58:56 -07:00
451816f623
rename config.{colinsane -> sane}
2022-08-01 00:23:49 -07:00
99d55167f6
impermanence: only persist service directories if those services are enabled.
2022-07-10 17:58:16 -07:00
