acabd34f28
servo: net: forward http requests from vpn -> host w/o NATing the source address
...
this ensures we have access to the source IP in our host-side logs
2022-12-12 05:21:29 +00:00
d0e6b82739
make it so wireguard-wg0 is restartable
2022-12-11 17:07:53 +00:00
38c5b82a08
servo: fold wg0 setup into one single service
...
it doesn't restart cleanly (maybe i can't kill a netns while stuff lives
inside it?). problem for another day.
2022-12-11 16:46:55 +00:00
89def1a073
servo: remove dead net code
2022-12-11 16:15:43 +00:00
ad2ed370d9
servo: split the firewall rules across services
2022-12-11 16:12:23 +00:00
3e8f7a9ba2
servo: use ISP-provided DNS resolvers by default
...
this is really hacky and i hate it, but there's not a lot of good
options.
2022-12-11 16:03:41 +00:00
c5ac792c13
servo: connect wg0 via IP addr instead of hostname
...
i think this fixes the connectivity issues i've seen.
2022-12-11 12:48:50 +00:00
bd1624bef9
servo: un-firewall tcp port 53 to fix trust-dns over TCP
2022-12-11 12:48:11 +00:00
e7f2d41b1f
servo: forward DNS to root ns without NAT'ing the source address
2022-12-10 13:28:19 +00:00
2014d5ce77
servo: bridge port 80/53 from ovpns to native using iptables instead of socat
...
i should probably narrow the rules to match specifically things destined
for the ovpns address, but for now this should work.
2022-12-09 14:16:48 +00:00
43fa7fdd9f
rename machines -> hosts
...
- shorter.
- congruent with `nixos-rebuild .` choosing what to build based on `hostname`.
- more widely used within other nix repos i've seen.
- more accurate in the case that i migrate a host to a different
machine (which i plan to do with servo).
2022-11-22 02:33:47 +00:00
