colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
6,710 Commits 125 Branches 1 Tag 13 MiB
9b794777b5
Commit Graph

32 Commits

Author SHA1 Message Date
Colin
394259fe21 modemmanager: harden systemd service 2024-06-03 16:41:51 +00:00
Colin
8c256c629b networkmanager: harden further with NoNewPrivileges and PrivateTmp 2024-06-03 16:23:22 +00:00
Colin
0e2d86ac96 NetworkManager-dispatcher: note why we cant use DynamicUser 2024-06-03 15:57:41 +00:00
Colin
e2a1e6730d NetworkManager-dispatcher: harden systemd service 2024-06-03 15:44:22 +00:00
Colin
a1e923f999 networkmanager: tighten ProtectSystem to "strict" 2024-06-03 15:10:14 +00:00
Colin
09333c992c wpa_supplicant: harden systemd service 2024-06-03 15:09:32 +00:00
Colin
80eb385c64 networkmanager: restrict service (using systemd options) 2024-06-03 14:27:00 +00:00
Colin
f6725f60b9 networkmanager: re-introduce my polkit patches 2024-06-03 13:04:48 +00:00
Colin
42fed64b75 NetworkManager: split specific config options out of my main net/default.nix file 2024-06-03 11:24:38 +00:00
Colin
682143d47f NetworkManager: 1.46.0 -> 1.48.0 
mostly so i can review the PR and get this update mainlined sooner :)
 2024-06-03 11:23:33 +00:00
Colin
9d109644b7 nixpkgs: 2024-06-01 -> 2024-06-03; sops-nix -> 2024-06-02 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/f7de25c01e4c073c06e0525226a0c2311d530cee' (2024-06-01)
  → 'github:nixos/nixpkgs/c987c730bbf2121264ebd68921b443db5bb28543' (2024-06-03)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/61c1d282153dbfcb5fe413c228d172d0fe7c2a7e' (2024-06-01)
  → 'github:nixos/nixpkgs/77a51024c0f953d503eb3ed364aa4bff378649f8' (2024-06-03)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/962797a8d7f15ed7033031731d0bb77244839960' (2024-05-26)
  → 'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/59a450646ec8ee0397f5fa54a08573e8240eb91f' (2024-05-25)
  → 'github:NixOS/nixpkgs/3b1b4895b2c5f9f5544d02132896aeb9ceea77bc' (2024-06-01)
```
 2024-06-03 05:31:28 +00:00
Colin
e4bcbab224 hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening 2024-06-02 11:22:03 +00:00
Colin
452543e6f3 fix rescue host build 2024-05-31 10:37:03 +00:00
Colin
b1c7061b21 vpn: fix typos from previous 2 commits 2024-05-26 14:26:47 +00:00
Colin
002639cc76 ovpn: use a single key per-device 
this should fix the traffic collisions i'm seeing with the existing setup
 2024-05-26 14:04:52 +00:00
Colin
b035d312aa firejail: purge 2024-05-25 10:21:31 +00:00
Colin
f3cf9e0bed trust-dns: set it to NOT be the system resolver for servo 
trust-dns recursor is too beta for servo
 2024-05-14 09:03:10 +00:00
Colin
2a199bf373 trust-dns: recursor: merge DHCP DNS servers from all non-downed connections 
otherwise overwriting the toml configs gets messy, when interfaces come up in unpredictable order
 2024-05-14 08:25:59 +00:00
Colin
53198128e8 trust-dns: hook NetworkManager for state changes 
there may be some edgecases to sort out around e.g. first-run,
but so far it seems to be importing the DHCP search zones :)
 2024-05-14 07:42:41 +00:00
Colin
39eb1d150a dns: deploy trust-dns as the default recursive resolver 
outstanding issues: native.uninsane.org doesn't resolve. appears possibly to be an issue with following CNAMEs
 2024-05-14 04:18:29 +00:00
Colin
6544b9aca4 doc: dns: fix typo 2024-05-02 10:27:38 +00:00
Colin
1bd715e57e nixpkgs: 2024-04-18 -> 2024-04-19; nixpkgs-wayland, sops-nix 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/19d2eb80a0e23daf1c4a8cf25b1011fbdb2260fb' (2024-04-18)
  → 'github:nixos/nixpkgs/6ad1fe08582fcdfedb2cb7c31b4a016a227bd38a' (2024-04-19)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/457c34178411e0072e59564ee7986e86255a6eff' (2024-04-18)
  → 'github:nixos/nixpkgs/40d15ed86dd08eff6a29e0a9abc416001d19cd67' (2024-04-19)
• Updated input 'nixpkgs-wayland':
    'github:nix-community/nixpkgs-wayland/7867aa617c6eb205b1ac1b71d98cd18a2561bb18' (2024-04-17)
  → 'github:nix-community/nixpkgs-wayland/ab0f8d391a960764348935e6497fc62ba0d2378d' (2024-04-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/cc535d07cbcdd562bcca418e475c7b1959cefa4b' (2024-04-15)
  → 'github:Mic92/sops-nix/b94c6edbb8355756c53efc8ca3874c63622f287a' (2024-04-18)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
  → 'github:NixOS/nixpkgs/8494ae076b7878d61a7d2d25e89a847fe8f8364c' (2024-04-18)
```
 2024-04-19 20:33:48 +00:00
Colin
ce35330923 vpn.nix: factor into a proper module 
this will allow for better integration with 'sane.programs'
 2024-01-21 00:49:34 +00:00
Colin
a725d42bf5 ip_forward: consolidate the options to fix servo build 2024-01-19 21:34:18 +00:00
Colin
c03cea2d4e net/vpn.nix: cleanup dead code 2024-01-19 09:58:13 +00:00
Colin
f43d6bff92 route VPN traffic such that i can configure any app to selectively use the VPN 
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
 2024-01-19 09:54:01 +00:00
Colin
851c15aa6d vpn: port ovpnd connections to use systemd-network 
this should allow better integration with e.g. systemd-run, in future
 2024-01-16 03:20:40 +00:00
Colin
c45898f903 WIP: wg-dev 2024-01-15 04:15:17 +00:00
Colin
0efec20904 hosts/common/net/vpn: remove unused "extraOptions" argument 2024-01-15 03:52:31 +00:00
Colin
5b9c58dbc6 hosts/common: use servo-style dns on all machines 
it'll be handy as i want to place individual applications inside VPNs/namespaces
 2024-01-15 01:16:22 +00:00
Colin
a7964c4f0c hosts/common: net: split upnp config into own file 2024-01-15 01:12:09 +00:00
Colin
006a7e9f72 consolidate net-related stuff into hosts/common/net/ directory 2024-01-15 01:11:13 +00:00