colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
3,043 Commits 125 Branches 1 Tag 12 MiB
89bb784f3d
Commit Graph

115 Commits

Author SHA1 Message Date
Colin
44059b34c7 don't ship unused sane-scripts 2023-08-02 21:09:16 +00:00
Colin
5cd05d8762 programs: split consoleUtils into separate normal/desktop sets 2023-07-30 11:59:38 +00:00
Colin
29b53d934f trust-dns: apply PR feedback 2023-07-15 09:07:57 +00:00
Colin
e5cca42717 servo: fix sane.nixcache path 2023-07-15 00:40:31 +00:00
Colin
e6a989bc92 nginx/pleroma: correct an old todo 2023-07-15 00:08:05 +00:00
Colin
2f5c33b2b4 nixcache: tidy up substituter config 2023-07-14 22:33:33 +00:00
Colin
fdc18821ca servo: matrix-appservice-irc: remove completed todo 2023-07-14 22:11:59 +00:00
Colin
962ffeab7e re-enable zramSwap on all devices 
this is critical on moby, though even with this swap, we run out of CMA (videoram) instead -- just later
 2023-07-13 23:37:30 +00:00
Colin
d3d9b30f29 consolidate /tmp fs into hosts/modules/roles 2023-07-13 22:04:28 +00:00
Colin
41f4d8e85a trust-dns: specify zone via shorthand 2023-07-13 10:04:20 +00:00
Colin
e38bf42506 trust-dns: migrate module to nixpkgs repo 2023-07-13 09:57:11 +00:00
Colin
452260f7c7 trust-dns: don't run as root 2023-07-10 09:00:37 +00:00
Colin
0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin
b7a77375b2 pleroma: block FB/IG/Meta's threads.net instance 2023-07-05 21:36:55 +00:00
Colin
07d7994176 pleroma: simplify proxy settings & make log level configurable 2023-07-05 09:04:50 +00:00
Colin
1d11c9b342 servo: persist media/datasets 
it has to be under media so that transmission can see it
 2023-07-05 09:04:50 +00:00
Colin
9777e5f83c trust-dns: rework the module to be more suitable for upstreaming 
still need to do hardening and docs
 2023-07-02 08:21:33 +00:00
Colin
154711432f pleroma: link to docs 2023-07-02 04:33:34 +00:00
Colin
36c181c147 matrix-irc: fix oftc connection 2023-06-27 08:08:27 +00:00
Colin
ed2480f48c matrix-appservice-irc: fix permissions errors 2023-06-21 06:12:08 +00:00
Colin
95f6fd7082 jackett: use recommendedProxySettings so that returned URLs are correct 2023-06-20 00:28:46 +00:00
Colin
8e17e2beb2 lemmy: remove unsupported settings.federation.enabled option 2023-06-19 21:17:59 +00:00
Colin
3b958ba356 sftp: allow read-only anonymous FTP 2023-06-19 03:49:51 +00:00
Colin
d95042ab65 servo: partially enable a FTP server 
disabled as i tidy it
strugging to enable an anonymous FTP user -- might not be possible without using the web admin interface
 2023-06-17 10:15:30 +00:00
Colin
b81642ccc9 servo/nfs: fix netmask typo 2023-06-15 02:13:29 +00:00
Colin
57ca3e67b3 servo/nfs: export rw if the source is wireguard 2023-06-15 01:52:15 +00:00
Colin
bcca6b6096 servo: export some read-only NFS mounts 2023-06-15 01:38:09 +00:00
Colin
79a7daca12 lemmy: more debugging 2023-06-11 11:24:15 +00:00
Colin
4fd4efa22f DNS: split the zone generation out of trust-dns 
this is in preparation for upstreaming parts of this into nixpkgs
 2023-06-08 00:32:28 +00:00
Colin
287817056f refactor: sane.services.wan-ports -> sane.ports 2023-05-31 04:25:39 +00:00
Colin
5cc7ced859 dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface. 
this simplifies the UPnP forwards and the OVPN routing
 2023-05-31 00:56:52 +00:00
Colin
4dc5378b3e dns: give different results based on which port the request arrives from 
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.

LAN requests are served by port 53 and `servo.lan.uninsane.org`.

i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).

we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
 2023-05-30 12:00:30 +00:00
Colin
35c9f2bf60 servo: enable UPnP port forwarding timer 2023-05-28 20:38:24 +00:00
Colin
c1ddddddc0 ports: hide behind services.sane.wan-ports 
later i will use this to enable UPnP on relevant ports
 2023-05-26 23:28:30 +00:00
Colin
5b80308074 servo: disable broken mx-discord-puppet 2023-05-26 21:04:54 +00:00
Colin
a541e866a1 servo: remove the extraneous firewall enable statement. FW is enabled by default 2023-05-26 04:52:52 +00:00
Colin
8cde4135b1 matrix: irc: libera: configure with sasl=false 2023-05-24 07:40:35 +00:00
Colin
8a28e347f5 matrix: bridge to irc.libera.chat 2023-05-19 10:47:41 +00:00
Colin
2e9eb51893 i2p/yggdrasil: factor out and only enable for desko/servo 
especially this means i no longer run them on moby, improving battery life & such
 2023-05-17 01:53:17 +00:00
Colin
e0c2e8c149 lemmy: split the nginx config out into something that can be upstreamed later 
(waiting for the nixosTests to pass before upstreaming)
 2023-05-16 06:04:29 +00:00
Colin
95635be1d5 matrix: bridge to irc.oftc.net 2023-05-16 05:55:16 +00:00
Colin
fb427e55e8 secrets: define these by crawling the repo to decrease duplication 2023-05-14 09:50:01 +00:00
Colin
b39a250e22 secrets: fix servo secrets to all be "binary" format 2023-05-14 08:47:21 +00:00
Colin
0822ed34d7 secrets: split matrix_synapse_secrets out of servo.yaml 2023-05-14 08:46:40 +00:00
Colin
147b1c50b2 secrets: split pleroma_secrets out of servo.yaml 2023-05-14 08:44:37 +00:00
Colin
55875816d0 secrets: split nix_serve_privkey out of servo.yaml 2023-05-14 08:43:07 +00:00
Colin
e25a4bbee6 secrets: split freshrss_passwd out of servo.yaml 2023-05-14 08:41:27 +00:00
Colin
dbb9e00bed secrets: split dovecot_passwd out of servo.yaml 2023-05-14 08:40:35 +00:00
Colin
6b1c3d02c1 secrets: split wg_ovpns_privkey out of servo.yaml 2023-05-14 08:38:46 +00:00
Colin
4a448a1bf1 secrets: split ddns_afraid out of servo.yaml 2023-05-14 08:37:13 +00:00