44059b34c7
don't ship unused sane-scripts
2023-08-02 21:09:16 +00:00
5cd05d8762
programs: split consoleUtils into separate normal/desktop sets
2023-07-30 11:59:38 +00:00
29b53d934f
trust-dns: apply PR feedback
2023-07-15 09:07:57 +00:00
e5cca42717
servo: fix sane.nixcache path
2023-07-15 00:40:31 +00:00
e6a989bc92
nginx/pleroma: correct an old todo
2023-07-15 00:08:05 +00:00
2f5c33b2b4
nixcache: tidy up substituter config
2023-07-14 22:33:33 +00:00
fdc18821ca
servo: matrix-appservice-irc: remove completed todo
2023-07-14 22:11:59 +00:00
962ffeab7e
re-enable zramSwap on all devices
...
this is critical on moby, though even with this swap, we run out of CMA (videoram) instead -- just later
2023-07-13 23:37:30 +00:00
d3d9b30f29
consolidate /tmp fs into hosts/modules/roles
2023-07-13 22:04:28 +00:00
41f4d8e85a
trust-dns: specify zone via shorthand
2023-07-13 10:04:20 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
b7a77375b2
pleroma: block FB/IG/Meta's threads.net instance
2023-07-05 21:36:55 +00:00
07d7994176
pleroma: simplify proxy settings & make log level configurable
2023-07-05 09:04:50 +00:00
1d11c9b342
servo: persist media/datasets
...
it has to be under media so that transmission can see it
2023-07-05 09:04:50 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
154711432f
pleroma: link to docs
2023-07-02 04:33:34 +00:00
36c181c147
matrix-irc: fix oftc connection
2023-06-27 08:08:27 +00:00
ed2480f48c
matrix-appservice-irc: fix permissions errors
2023-06-21 06:12:08 +00:00
95f6fd7082
jackett: use recommendedProxySettings so that returned URLs are correct
2023-06-20 00:28:46 +00:00
8e17e2beb2
lemmy: remove unsupported settings.federation.enabled
option
2023-06-19 21:17:59 +00:00
3b958ba356
sftp: allow read-only anonymous FTP
2023-06-19 03:49:51 +00:00
d95042ab65
servo: partially enable a FTP server
...
disabled as i tidy it
strugging to enable an anonymous FTP user -- might not be possible without using the web admin interface
2023-06-17 10:15:30 +00:00
b81642ccc9
servo/nfs: fix netmask typo
2023-06-15 02:13:29 +00:00
57ca3e67b3
servo/nfs: export rw if the source is wireguard
2023-06-15 01:52:15 +00:00
bcca6b6096
servo: export some read-only NFS mounts
2023-06-15 01:38:09 +00:00
79a7daca12
lemmy: more debugging
2023-06-11 11:24:15 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
5b80308074
servo: disable broken mx-discord-puppet
2023-05-26 21:04:54 +00:00
a541e866a1
servo: remove the extraneous firewall enable statement. FW is enabled by default
2023-05-26 04:52:52 +00:00
8cde4135b1
matrix: irc: libera: configure with sasl=false
2023-05-24 07:40:35 +00:00
8a28e347f5
matrix: bridge to irc.libera.chat
2023-05-19 10:47:41 +00:00
2e9eb51893
i2p/yggdrasil: factor out and only enable for desko/servo
...
especially this means i no longer run them on moby, improving battery life & such
2023-05-17 01:53:17 +00:00
e0c2e8c149
lemmy: split the nginx config out into something that can be upstreamed later
...
(waiting for the nixosTests to pass before upstreaming)
2023-05-16 06:04:29 +00:00
95635be1d5
matrix: bridge to irc.oftc.net
2023-05-16 05:55:16 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
b39a250e22
secrets: fix servo secrets to all be "binary" format
2023-05-14 08:47:21 +00:00
0822ed34d7
secrets: split matrix_synapse_secrets out of servo.yaml
2023-05-14 08:46:40 +00:00
147b1c50b2
secrets: split pleroma_secrets out of servo.yaml
2023-05-14 08:44:37 +00:00
55875816d0
secrets: split nix_serve_privkey out of servo.yaml
2023-05-14 08:43:07 +00:00
e25a4bbee6
secrets: split freshrss_passwd out of servo.yaml
2023-05-14 08:41:27 +00:00
dbb9e00bed
secrets: split dovecot_passwd out of servo.yaml
2023-05-14 08:40:35 +00:00
6b1c3d02c1
secrets: split wg_ovpns_privkey out of servo.yaml
2023-05-14 08:38:46 +00:00
4a448a1bf1
secrets: split ddns_afraid out of servo.yaml
2023-05-14 08:37:13 +00:00