77b4e7ff09
slightly better prosody + coturn integration
...
still not able to receive incoming calls, but i pass more prosody self-checks
2023-10-17 09:43:55 +00:00
827d9626d6
ports: actually forward ovpns ports into the root namespace
2023-10-17 09:42:13 +00:00
cdfcf1a46d
sftpgo: dont activate until we have network
2023-10-17 09:41:07 +00:00
e8c4555be7
prosody: partial integration with coturn
...
still missing something, which breaks inbound calls
2023-10-17 01:16:59 +00:00
0092ccacbe
ejabberd: ensure coturn isnt running
2023-10-17 01:16:36 +00:00
184e37e2dc
derived-secrets: make the mode configurable
...
this should probably be moved into sane.fs proper at some point
2023-10-17 01:16:08 +00:00
5a2382f61c
prosody: remove dead code
2023-10-16 08:05:00 +00:00
f6c56969bc
xmpp: switch from ejabberd to prosody
2023-10-16 07:56:47 +00:00
83586ce483
trust-dns: cleanup some typos
2023-10-02 22:33:54 +00:00
e20c4d01e6
trust-dns: fix missing "mkdir" during service startup
2023-10-02 22:12:09 +00:00
01cad7b702
trust-dns: perform more specialization via structured config instead of sed
2023-10-02 22:02:46 +00:00
48715546e2
trust-dns: split into separate (restartable) services
2023-10-02 21:30:51 +00:00
9a16b1cda7
ntfy: add a lengthy proxy_read_timeout to prevent hangups
2023-09-27 18:25:36 +00:00
fad9c8f483
ntfy: run on a non-443 port
2023-09-26 13:51:27 +00:00
a265dd28dd
ntfy-sh: configure auth, simplify proxying
2023-09-25 17:34:50 +00:00
865777b7ba
enable ntfy (and manually integrate with matrix)
2023-09-23 21:09:04 +00:00
7b38ec3f8f
docs: irc: mention mnt-reform channel location
2023-09-23 11:20:45 +00:00
2f12fd8ae7
ejabberd: port config to structured nix attrs
2023-09-22 22:50:51 +00:00
6d7ff7ea86
fix trust-dns to resolve when invoked from VPN
2023-09-22 18:54:12 +00:00
00d831e755
wg-home: fix DNS forwarding
...
ugh, this is a mess, but it seems to work
2023-09-22 14:36:56 +00:00
63d65a453c
trust-dns: spin up a separate server to wg-home requests, also forwarding them to upstream
2023-09-22 12:36:48 +00:00
38f839fb60
servo: fix over-broad "passwordFile" fix
2023-09-16 08:42:05 +00:00
321cc62ca0
passwordFile -> hashedPasswordFile to fix deprecation warning
2023-09-16 08:17:48 +00:00
f54d5a68ff
trust-dns: 0.22.1 -> 0.23.0
2023-09-13 02:53:06 +00:00
7f8ce68182
transmission: disable the incomplete dir
2023-09-07 06:14:11 +00:00
edf936820a
transmission: fix permission-related errors
2023-09-07 06:14:11 +00:00
4d75c3d97a
ejabberd: document more compat & how to admin
2023-09-02 08:36:32 +00:00
90511ed765
ejabberd: support matrix: clarify client support
2023-09-02 08:36:32 +00:00
aa3b85511f
ejabberd: docs: update federation/support matrix
2023-09-02 08:36:32 +00:00
357b6ef06e
nfs: expose playground as a read/write dir
2023-09-01 10:08:29 +00:00
4fdf74fdbe
export: enforce a quota
2023-09-01 03:37:33 +00:00
15e09573d5
exports: consolidate nfs and sftpgo mounts into /var/export
2023-09-01 01:23:35 +00:00
d6479ca148
nfs/sftpgo: combine into "exports" nix directory
2023-09-01 00:39:22 +00:00
cf9558f166
WIP: sftp: define playground as a btrfs subvolume
2023-09-01 00:35:43 +00:00
3f748164e4
ftp: add a playground directory
2023-08-31 12:56:30 +00:00
815a8b52b6
refactor: sftpgo: define permissions via nix config
2023-08-31 12:56:30 +00:00
639a4cfe50
ftp: grant read access to LAN
2023-08-31 12:56:30 +00:00
bf302f70f1
servo: ejabberd: give each TURN port a unique upnp description
...
i think some impls expect the description to be unique?
2023-08-29 11:46:40 +00:00
bdcccbd894
ejabberd: forward TURN ports over UPnP
2023-08-29 07:22:48 +00:00
89b5e8145d
lemmy: pict-rs: remove unused options
2023-08-20 05:01:24 +00:00
0edab7ed64
lemmy: port to new pict-rs and enable video
2023-08-20 05:00:35 +00:00
2c4d30b5ec
postgresql: tune db parameters
...
fixes pleroma timeouts
2023-08-17 01:28:37 +00:00
d0af645af8
pleroma: add missing "prepare: :named" config
2023-08-17 01:28:33 +00:00
69efecb2ef
postgresql: update 13 -> 15
2023-08-16 11:09:22 +00:00
29b53d934f
trust-dns: apply PR feedback
2023-07-15 09:07:57 +00:00
e6a989bc92
nginx/pleroma: correct an old todo
2023-07-15 00:08:05 +00:00
fdc18821ca
servo: matrix-appservice-irc: remove completed todo
2023-07-14 22:11:59 +00:00
41f4d8e85a
trust-dns: specify zone via shorthand
2023-07-13 10:04:20 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
b7a77375b2
pleroma: block FB/IG/Meta's threads.net instance
2023-07-05 21:36:55 +00:00
07d7994176
pleroma: simplify proxy settings & make log level configurable
2023-07-05 09:04:50 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
154711432f
pleroma: link to docs
2023-07-02 04:33:34 +00:00
36c181c147
matrix-irc: fix oftc connection
2023-06-27 08:08:27 +00:00
ed2480f48c
matrix-appservice-irc: fix permissions errors
2023-06-21 06:12:08 +00:00
95f6fd7082
jackett: use recommendedProxySettings so that returned URLs are correct
2023-06-20 00:28:46 +00:00
8e17e2beb2
lemmy: remove unsupported settings.federation.enabled option
2023-06-19 21:17:59 +00:00
3b958ba356
sftp: allow read-only anonymous FTP
2023-06-19 03:49:51 +00:00
d95042ab65
servo: partially enable a FTP server
...
disabled as i tidy it
strugging to enable an anonymous FTP user -- might not be possible without using the web admin interface
2023-06-17 10:15:30 +00:00
b81642ccc9
servo/nfs: fix netmask typo
2023-06-15 02:13:29 +00:00
57ca3e67b3
servo/nfs: export rw if the source is wireguard
2023-06-15 01:52:15 +00:00
bcca6b6096
servo: export some read-only NFS mounts
2023-06-15 01:38:09 +00:00
79a7daca12
lemmy: more debugging
2023-06-11 11:24:15 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
5b80308074
servo: disable broken mx-discord-puppet
2023-05-26 21:04:54 +00:00
8cde4135b1
matrix: irc: libera: configure with sasl=false
2023-05-24 07:40:35 +00:00
8a28e347f5
matrix: bridge to irc.libera.chat
2023-05-19 10:47:41 +00:00
e0c2e8c149
lemmy: split the nginx config out into something that can be upstreamed later
...
(waiting for the nixosTests to pass before upstreaming)
2023-05-16 06:04:29 +00:00
95635be1d5
matrix: bridge to irc.oftc.net
2023-05-16 05:55:16 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
af42cbd575
servo: fix typo in nixserve secret config
2023-05-14 02:33:56 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
5997283cef
lemmy: break pict-rs config into own unit & persist its data
2023-05-12 06:54:26 +00:00
d7bed3bec2
lemmy: remove debugging statements
2023-05-12 04:49:15 +00:00
079ab08642
lemmy: remove federation.debug
2023-05-12 04:47:10 +00:00
e34c9cc190
lemmy: enable proxyWebsockets instead of manually specifying upgrade logic
2023-05-12 04:46:38 +00:00
6ff2c8acae
lemmy: restrict the http_accept types i forward to the backend
...
it seems that forwarding `POST`s is the important part i was missing earlier
2023-05-12 03:05:26 +00:00
04e8e72ae3
lemmy: switch back to using nix-style proxyPass
2023-05-12 02:47:47 +00:00
5b33c85e75
gitea: link to config options
2023-05-12 02:35:46 +00:00
083d905f4c
lemmy: fix federation
...
now when i subscribe to a community, the request actually seems to go through.
this change probably does more than necessary, but it serves as a known-good config
2023-05-12 02:35:37 +00:00
ada8b75670
transmission: double upload BW to 600 kBps
2023-05-11 06:27:31 +00:00
b9afd1e340
lemmy: fixup websocket forwarding
...
able to create admin account and subscribe to remote communities.
haven't tested posting comments.
2023-05-10 08:24:52 +00:00
bfcbea5ca1
lemmy: fix the database connection
2023-05-09 10:05:14 +00:00
0376b15a2f
matrix: appservice-irc: connect to esper.net IRC
2023-05-09 08:01:26 +00:00
94a8c00a40
gitea: migrate config away from deprecated options
2023-05-05 22:33:59 +00:00
96eb427ea7
matrix: support larger uploads (100M)
2023-05-03 22:22:09 +00:00
96d113ffac
lemmy: bump to git version in attempt to debug failed launch
2023-04-30 00:54:08 +00:00
d06516a71b
servo: try to ship lemmy (it's failing with some DB migration stuff)
2023-04-28 02:02:39 +00:00
09a1d286d0
servo: enable komga, a comic/manga webapp
2023-04-21 07:15:05 +00:00
0662b06df6
servo: try to ship calibre (but i get runtime errors, so disable it)
2023-04-21 06:57:26 +00:00
b0a99da884
dovecot: if mail fails DKIM, deliver it to Junk
2023-04-20 14:25:59 +00:00
12fd7ebc41
email: split dovecot config out of postfix config
2023-04-20 09:43:39 +00:00
f4a04ff6ba
reorg: move postfix stuff into an email subdir
2023-04-20 09:24:20 +00:00
89e2a83067
postfix: toy with some spam protection (but don't actually enable it)
2023-04-20 09:17:25 +00:00
6af0d54e7b
matrix: re-enable signal bridge
2023-04-18 06:10:17 +00:00
099cd12bdd
matrix/irc.nix: sanitize quit messages
2023-04-18 00:58:15 +00:00
bf67def14a
matrix/irc.nix: MyAnonamouse: disable SASL auth
...
it's unclear if SASL auth *might* actually work -- just with some weird delays -- but non-SASL auth *definitely* works
2023-04-17 01:57:27 +00:00
4ff82f002b
matrix/irc.nix: bridge to MyAnonamouse
2023-04-16 13:13:36 +00:00
781a149542
matrix: re-enable IRC bridge
2023-04-16 00:32:04 +00:00
94ac4ec0e9
matrix-appservice-irc: correct the user id/gid
2023-04-15 06:58:13 +00:00
8db4498ae8
jellyfin: enable port forwarding and DLNA debugging
2023-03-31 12:42:31 +00:00
f89837f3aa
servo: re-enable jellyfin
2023-03-16 09:11:26 +00:00
4b41aa3718
postfix: group forwarded ports by host
2023-03-14 11:35:56 +00:00
71d6fe44a1
postfix: compact the TXT MX records
2023-03-14 11:35:34 +00:00
403b177a80
matrix: disable mautrix-signal (temporarily)
2023-03-11 00:02:30 +00:00
478002766e
trust-dns: fetch lan IP to listen on from config instead of repeating myself
2023-02-21 11:38:27 +00:00
58b219546b
ejabberd: reduce TURN port pool
2023-02-21 11:25:34 +00:00
499078e0f8
trust-dns: update the address we listen on
2023-02-21 11:25:16 +00:00
c0377ff1a0
dovecot: define Drafts and Trash folders
2023-01-31 08:22:20 +00:00
062ef20d05
dovecot: auto-create the "Sent" message box
2023-01-31 06:57:35 +00:00
33d7819619
trust-dns: add a "quiet" option and enable it
2023-01-25 08:18:29 +00:00
0846abb6bf
signald: update, and persist the /var/lib/signald accounts directory
2023-01-25 06:38:27 +00:00
f3568462c2
fix matrix-synapse after nixpkgs update
2023-01-25 03:46:05 +00:00
f2d22231a3
freshrss: force sync feeds on every launch. requires to login as user "colin"
2023-01-21 03:50:27 +00:00
2f75925678
servo: lift pleroma user def out of toplevel -> pleroma.nix
2023-01-20 22:15:26 +00:00
55a1856e87
servo: lift git user def out of toplevel -> gitea.nix
2023-01-20 22:14:14 +00:00
2ee0f4efe2
servo: navidrome: give non-private dir and fix perms
2023-01-20 22:11:15 +00:00
d13bcc49ab
refactor hosts directory, and move ssh keys out of modules/data
...
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).
also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
2023-01-19 23:23:43 +00:00
