a473ef6db3
flake update: nixpkgs: 2022-12-02 -> 2022-12-11; others
...
```
• Updated input 'mobile-nixos':
'github:nixos/mobile-nixos/25eec596116553112681d72ee4880107fc3957fa' (2022-11-19)
→ 'github:nixos/mobile-nixos/5ee45cc1f8e43f4af14ee17ccef9156b0db8cd77' (2022-12-04)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/b72b8b94cf0c012b0252a9100a636cad69696666' (2022-12-02)
→ 'github:NixOS/nixpkgs/64e0bf055f9d25928c31fb12924e59ff8ce71e60' (2022-12-11)
• Updated input 'nixpkgs-stable':
'github:NixOS/nixpkgs/5d7d1d5f742e6bb57dd2e3d7b433fb4010c7af22' (2022-12-02)
→ 'github:NixOS/nixpkgs/7b9eeb856cbf976482fa8d1cb295ea03fb3e1277' (2022-12-10)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/8295b8139ef7baadeb90c5cad7a40c4c9297ebf7' (2022-11-29)
→ 'github:Mic92/sops-nix/da98a111623101c64474a14983d83dad8f09f93d' (2022-12-04)
• Removed input 'sops-nix/nixpkgs-22_05'
• Added input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/86370507cb20c905800527539fc049a2bf09c667' (2022-12-04)
```
2022-12-13 00:52:54 +00:00
3627d47f12
firefox: add uBlacklist
2022-12-13 00:44:38 +00:00
115f8d7054
servo: vpn services are part of 'wireguard-wg0'
...
this makes it so if we restart the wireguard connection, the services
themeselves _also_ restart. that should avoid leaving any of them in an
orphaned namespace
2022-12-12 11:53:34 +00:00
ac44b04d99
servo: trust-dns: note about maybe using dig instead of diff'ing the config
2022-12-12 11:35:47 +00:00
afff0aff19
servo: trust-dns: fix up the timers/ddns reliability
2022-12-12 11:33:20 +00:00
f0086dc5bd
servo: trust-dns: implement some dynamic DNS shim
2022-12-12 10:30:08 +00:00
acabd34f28
servo: net: forward http requests from vpn -> host w/o NATing the source address
...
this ensures we have access to the source IP in our host-side logs
2022-12-12 05:21:29 +00:00
d0e6b82739
make it so wireguard-wg0 is restartable
2022-12-11 17:07:53 +00:00
dc09b7b9b2
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-11 16:48:16 +00:00
38c5b82a08
servo: fold wg0 setup into one single service
...
it doesn't restart cleanly (maybe i can't kill a netns while stuff lives
inside it?). problem for another day.
2022-12-11 16:46:55 +00:00
89def1a073
servo: remove dead net code
2022-12-11 16:15:43 +00:00
ad2ed370d9
servo: split the firewall rules across services
2022-12-11 16:12:23 +00:00
3e8f7a9ba2
servo: use ISP-provided DNS resolvers by default
...
this is really hacky and i hate it, but there's not a lot of good
options.
2022-12-11 16:03:41 +00:00
028ecfe93f
snippets: add HN
2022-12-11 13:14:24 +00:00
c5ac792c13
servo: connect wg0 via IP addr instead of hostname
...
i think this fixes the connectivity issues i've seen.
2022-12-11 12:48:50 +00:00
bd1624bef9
servo: un-firewall tcp port 53 to fix trust-dns over TCP
2022-12-11 12:48:11 +00:00
3ae53d7f32
services: add RestartSec to anything which auto-restarts
...
this is to prevent rapid restart failures from killing the service
permanently.
2022-12-10 13:28:46 +00:00
e7f2d41b1f
servo: forward DNS to root ns without NAT'ing the source address
2022-12-10 13:28:19 +00:00
3394a79e2b
trust-dns: restart on failure
...
if the network isn't up, won't be able to bind to eth, and fails.
2022-12-10 13:02:17 +00:00
b01501663d
trust-dns: listen on each address explicitly
2022-12-10 12:29:10 +00:00
cbd5ccd1c8
desko: disable wifi
2022-12-10 12:27:02 +00:00
cf857eaf9f
zsh: more cd aliases (knowledge, secrets)
2022-12-10 12:16:16 +00:00
3a7eb294c7
servo: fix jackett DNS entry
2022-12-10 09:47:28 +00:00
2ccb470adc
packages: add tcpdump
2022-12-10 02:56:00 +00:00
0a2a929507
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-09 14:18:40 +00:00
2014d5ce77
servo: bridge port 80/53 from ovpns to native using iptables instead of socat
...
i should probably narrow the rules to match specifically things destined
for the ovpns address, but for now this should work.
2022-12-09 14:16:48 +00:00
041adb7092
snippets: add nixos search URL
2022-12-09 01:25:24 +00:00
a979521a98
servo: enable ddns against freedns.afraid.org
2022-12-08 14:30:17 +00:00
77881be955
trust-dns: document SOA parameters
2022-12-08 14:23:35 +00:00
0450b4d9a6
trust-dns: fix SOA
2022-12-08 00:46:32 +00:00
edea64a41c
trust-dns: move nameserver to subdomain ns1,ns2
2022-12-08 00:39:22 +00:00
90e479592f
trust-dns: enable port 53 forward
2022-12-08 00:06:20 +00:00
62d83d94f2
add script to query public IP
2022-12-07 23:39:20 +00:00
52bbe4e9f4
trust-dns: don't restart on failure
...
for in case anything goes wrong
2022-12-07 12:17:03 +00:00
ab176b8d4b
servo: enable trust-dns (experimental)
2022-12-07 12:15:35 +00:00
62df4492a3
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-07 09:47:03 +00:00
f4ed194abc
package trust-dns
2022-12-07 09:45:11 +00:00
6420c9fd16
packages: add gajim (at least temporarily, for debugging)
2022-12-07 08:02:14 +00:00
86245b460b
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-07 07:41:58 +00:00
bf1ba786b3
packages: add imagemagick (for convert)
2022-12-07 07:41:05 +00:00
35a896a3e2
shell aliases to cd to common places
2022-12-07 07:40:52 +00:00
b4314bd919
mess with XMPP stuff. ejabberd: enable mam, some other acl's that probably aren't used
...
prosody is still broken
2022-12-07 01:31:17 +00:00
4696209822
nixpatches: update aerc fix hash
2022-12-07 01:14:24 +00:00
c3957d81c2
ejabberd: enable MUC
2022-12-07 00:08:08 +00:00
8a5be00c93
sway: define a "snippets.txt" file for e.g. browser bookmarks
2022-12-06 11:12:27 +00:00
c2db9fe28e
periodically archive my torrents so i don't lose them again
2022-12-06 07:17:19 +00:00
ccaac901f7
Merge branch 'master' of git.uninsane.org:colin/nix-files
2022-12-06 07:06:32 +00:00
7f285a8254
ejabberd: enable some more modules which don't conflict
2022-12-06 07:05:59 +00:00
b0b82a3d88
feeds: add Matrix Live podcast
...
haven't listened. just searching.
2022-12-06 06:58:59 +00:00
b0664d81ab
ejabberd: enable mod_pubsub, mod_avatar
...
i'm able to do this without breaking federation now,
but it doesn't seem to fullly work.
2022-12-05 02:37:35 +00:00
