7b88c9c644
sane.fs: dont have local-fs.target depend on any of my (persistence) bind mounts
...
otherwise it's too easy for local-fs to hang (/mnt/persist/private), or fail (/mnt/pool), and i lose critical things like *networking*
this was only working because on servo the /mnt/persist/private deps caused a cycle and systemd just _removed_ local-fs.target
2024-11-13 12:05:31 +00:00
d37e7fb5e8
servo: jellyfin: systemd: explicitly depend on /var/media
2024-11-13 12:03:15 +00:00
568ff01bc1
seatd: remove --bunpen-debug=4 flag
2024-11-13 11:47:47 +00:00
f5684b7c06
servo/fs: remove local-fs.target ordering dep on /mnt/pool
...
this is incremental work toward being able to boot (especially to networking) while my media disks are unplugged
2024-11-13 11:07:36 +00:00
8d1c714ba0
hosts/common: clean up the journald persistence to support both *private* or plaintext storage, by config
2024-11-13 09:14:30 +00:00
cffc826746
hosts/common: persist systemd journal in a way thats encrypted AND doesnt break boot
2024-11-12 11:48:36 +00:00
fed25f44d5
dyn-dns: allow services to subscribe *only* to change events, and not require DNS always be available
...
also switch back exclusively to UPnP / local source of trust
2024-11-12 04:06:24 +00:00
6513d927d4
hickory-dns: allow empty DNS substitutions, and handle those by filtering out the corresponding record
2024-11-12 04:05:25 +00:00
4779ad8f41
dyn-dns: better implementation
2024-11-12 02:31:50 +00:00
2134a9c738
WIP: dyn-dns: try a smarter trigger scheme, but im getting weird "resource" errors with systemd path units
2024-11-12 01:09:23 +00:00
5aa6c9b8c7
dyn-dns: when DNS changes, restart immediately instead of blocking on another dyn-dns.service query
...
the new behavior though causes dyn-dns consumers to be started even before we've learned the IP. that sort of matches the semantics of the module though. not sure the best design yet
2024-11-11 23:41:58 +00:00
388c58f656
servo: slim dependencies so that local-fs.target can be reached even if my media drives are inaccessible
...
this means some services which need access (like sftpgo) fail to start if the drive is unavailable
2024-11-11 20:40:13 +00:00
f3ee312dad
modules/ssh: start sshd as early in the boot as possible
...
this allows more scenarios to be recoverable
2024-11-11 20:35:47 +00:00
3fb2656ff5
smartd: enable periodic drive self-tests
2024-11-11 15:42:27 +00:00
bb09575028
programs: btrfs: better sandboxing
2024-11-11 12:41:48 +00:00
ce43b00707
todo.md: sync
2024-11-11 11:11:55 +00:00
ec5e8a3269
netns: simplify the host -> netns response tunneling
...
i don't actually need any route table that's higher priority than 'local'
2024-11-11 11:02:42 +00:00
4604117184
programs: assorted: ensure everything that needs X(wayland) gets X(wayland)
2024-11-11 10:24:37 +00:00
c202e02d51
feeds: subscribe to ICM.museum
2024-11-11 09:03:52 +00:00
f6369bce8d
servo: doof: dont proxy DNS inside the net namespace
2024-11-11 02:46:06 +00:00
309bd04037
modules/netns: rename options for better grouping
2024-11-11 02:37:00 +00:00
23913c9cd2
netns: configure the device in a way that should allow named endpoints to be resolved outside the netns
2024-11-11 02:19:00 +00:00
95d9db3973
neovim: associate \<Ctrl+k> to show keybindings; makes them more easily discoverable
2024-11-11 02:16:34 +00:00
2684b3c1aa
wg-home: re-enable keepalives
...
this should fix some of the flakiness i've seen when deploying moby?
2024-11-10 16:19:07 +00:00
a36c1a6818
wg-home: simplify the server side
2024-11-10 16:05:53 +00:00
2ed633cfe8
wg-ovpns/doof: port from networking.wireguard -> sane.netns
2024-11-10 15:48:43 +00:00
2962f2dc21
refactor: modules/netns.nix
2024-11-10 14:00:29 +00:00
419132df8c
scripts/check-uninsane: better verbosity options
2024-11-10 10:23:16 +00:00
e35e4d54c9
nixpkgs: -> latest
...
this gets me the latest hickory-dns; had to rebase libgweather
2024-11-10 07:16:49 +00:00
cd870e70cd
hickory-dns: use upstream package, unpatched
...
I don't need the recursive resolver patches anymore
2024-11-10 05:56:09 +00:00
c30929e1a6
servo: switch to unbound for local DNS provider
2024-11-10 05:53:17 +00:00
e2dfbfe829
kiwix-serve: fix service sandboxing typo (ReadPaths -> ReadOnlyPaths)
2024-11-10 05:07:13 +00:00
bde5bc5983
libbytesize: push cross fix upstream
2024-11-10 01:44:12 +00:00
33412ad3f2
smartd: fix sandboxing on desko
2024-11-09 22:28:59 +00:00
c70ec39a48
nixpkgs-bootstrap: 0-unstable-2024-11-08 -> 0-unstable-2024-11-09
2024-11-09 21:50:51 +00:00
e51870df6f
scripts/deploy: dont ship builds to servo by default
2024-11-09 21:50:33 +00:00
e8782a078f
nixpkgs-wayland: 0-unstable-2024-11-04 -> 0-unstable-2024-11-09
2024-11-09 21:49:59 +00:00
c68db4d3ef
syshud: 0-unstable-2024-11-04 -> 0-unstable-2024-11-07
2024-11-09 21:49:38 +00:00
f61225c3f4
uassets: 0-unstable-2024-11-05 -> 0-unstable-2024-11-09
2024-11-09 21:48:51 +00:00
ac8deb1e26
opencellid: 0-unstable-2024-10-26 -> 0-unstable-2024-11-09
2024-11-09 21:48:34 +00:00
63dc397665
firefox-extensions.ublock: 1.61.1b0 -> 1.61.1b1
2024-11-09 21:48:18 +00:00
5d9ce829ea
smartd: only enable postfix integration IF postfix is enabled
2024-11-09 21:47:54 +00:00
6bd75034e0
smartd: sandbox
2024-11-09 12:11:17 +00:00
3abf1fdff8
bunpen: fix --bunpen-net pasta integration to work even when pasta isnt on PATH
2024-11-09 09:00:17 +00:00
870a09282f
secrets: net: update auth for UW WiFi
2024-11-09 05:52:49 +00:00
4e402266b2
sane-vpn: fix so that sane-vpn do works even without hickory-dns installed
2024-11-09 05:52:49 +00:00
b6a368419e
scripts/sync: fix Books/ synchronization (cant sync whole folder because of persistence details
2024-11-08 10:27:19 +00:00
62de15d418
todo.md: note that rsync has sandboxing issues
2024-11-08 10:25:19 +00:00
a34ab22fd7
btrfs.autoScrub: enable
2024-11-08 09:37:24 +00:00
b897640f7f
smartd: port to sane.programs
2024-11-08 09:37:24 +00:00
