|
ac44b04d99
|
servo: trust-dns: note about maybe using dig instead of diff'ing the config
|
2022-12-12 11:35:47 +00:00 |
|
|
afff0aff19
|
servo: trust-dns: fix up the timers/ddns reliability
|
2022-12-12 11:33:20 +00:00 |
|
|
f0086dc5bd
|
servo: trust-dns: implement some dynamic DNS shim
|
2022-12-12 10:30:08 +00:00 |
|
|
acabd34f28
|
servo: net: forward http requests from vpn -> host w/o NATing the source address
this ensures we have access to the source IP in our host-side logs
|
2022-12-12 05:21:29 +00:00 |
|
|
d0e6b82739
|
make it so wireguard-wg0 is restartable
|
2022-12-11 17:07:53 +00:00 |
|
|
38c5b82a08
|
servo: fold wg0 setup into one single service
it doesn't restart cleanly (maybe i can't kill a netns while stuff lives
inside it?). problem for another day.
|
2022-12-11 16:46:55 +00:00 |
|
|
89def1a073
|
servo: remove dead net code
|
2022-12-11 16:15:43 +00:00 |
|
|
ad2ed370d9
|
servo: split the firewall rules across services
|
2022-12-11 16:12:23 +00:00 |
|
|
3e8f7a9ba2
|
servo: use ISP-provided DNS resolvers by default
this is really hacky and i hate it, but there's not a lot of good
options.
|
2022-12-11 16:03:41 +00:00 |
|
|
c5ac792c13
|
servo: connect wg0 via IP addr instead of hostname
i think this fixes the connectivity issues i've seen.
|
2022-12-11 12:48:50 +00:00 |
|
|
bd1624bef9
|
servo: un-firewall tcp port 53 to fix trust-dns over TCP
|
2022-12-11 12:48:11 +00:00 |
|
|
3ae53d7f32
|
services: add RestartSec to anything which auto-restarts
this is to prevent rapid restart failures from killing the service
permanently.
|
2022-12-10 13:28:46 +00:00 |
|
|
e7f2d41b1f
|
servo: forward DNS to root ns without NAT'ing the source address
|
2022-12-10 13:28:19 +00:00 |
|
|
3394a79e2b
|
trust-dns: restart on failure
if the network isn't up, won't be able to bind to eth, and fails.
|
2022-12-10 13:02:17 +00:00 |
|
|
b01501663d
|
trust-dns: listen on each address explicitly
|
2022-12-10 12:29:10 +00:00 |
|
|
cbd5ccd1c8
|
desko: disable wifi
|
2022-12-10 12:27:02 +00:00 |
|
|
3a7eb294c7
|
servo: fix jackett DNS entry
|
2022-12-10 09:47:28 +00:00 |
|
|
2014d5ce77
|
servo: bridge port 80/53 from ovpns to native using iptables instead of socat
i should probably narrow the rules to match specifically things destined
for the ovpns address, but for now this should work.
|
2022-12-09 14:16:48 +00:00 |
|
|
a979521a98
|
servo: enable ddns against freedns.afraid.org
|
2022-12-08 14:30:17 +00:00 |
|
|
77881be955
|
trust-dns: document SOA parameters
|
2022-12-08 14:23:35 +00:00 |
|
|
0450b4d9a6
|
trust-dns: fix SOA
|
2022-12-08 00:46:32 +00:00 |
|
|
edea64a41c
|
trust-dns: move nameserver to subdomain ns1,ns2
|
2022-12-08 00:39:22 +00:00 |
|
|
90e479592f
|
trust-dns: enable port 53 forward
|
2022-12-08 00:06:20 +00:00 |
|
|
52bbe4e9f4
|
trust-dns: don't restart on failure
for in case anything goes wrong
|
2022-12-07 12:17:03 +00:00 |
|
|
ab176b8d4b
|
servo: enable trust-dns (experimental)
|
2022-12-07 12:15:35 +00:00 |
|
|
b4314bd919
|
mess with XMPP stuff. ejabberd: enable mam, some other acl's that probably aren't used
prosody is still broken
|
2022-12-07 01:31:17 +00:00 |
|
|
c3957d81c2
|
ejabberd: enable MUC
|
2022-12-07 00:08:08 +00:00 |
|
|
c2db9fe28e
|
periodically archive my torrents so i don't lose them again
|
2022-12-06 07:17:19 +00:00 |
|
|
7f285a8254
|
ejabberd: enable some more modules which don't conflict
|
2022-12-06 07:05:59 +00:00 |
|
|
b0664d81ab
|
ejabberd: enable mod_pubsub, mod_avatar
i'm able to do this without breaking federation now,
but it doesn't seem to fullly work.
|
2022-12-05 02:37:35 +00:00 |
|
|
8ba52bb9cd
|
ejabberd: enable mod_{carboncopy,last,offline,private,stream_mgmt}
|
2022-12-05 02:16:28 +00:00 |
|
|
20f0a19e25
|
ejabberd: fix federation: disable mod_pubsub and mod_avatar
now i can send messages FROM uninsane.org again
|
2022-12-05 00:47:48 +00:00 |
|
|
9dc17a3874
|
ejabberd: enable avatar support
haven't tested that it federates properly -- only that Dino is able to
set it.
|
2022-12-04 12:38:47 +00:00 |
|
|
2992644901
|
bluetooth: persist bluetooth earbuds connection
|
2022-12-04 11:33:03 +00:00 |
|
|
d5d89a10b9
|
bluetooth: add key for connecting to my car
|
2022-12-04 10:56:50 +00:00 |
|
|
7c36a0d522
|
bluetooth: share connections across machines
|
2022-12-03 11:05:09 +00:00 |
|
|
63c92a44ed
|
servo: ejabberd: enable file uploads
|
2022-12-03 08:57:10 +00:00 |
|
|
992efc1093
|
moby: persist pulseaudio volume status
|
2022-12-03 07:30:09 +00:00 |
|
|
a1911f3001
|
ejabberd: fix TLS config (now successfully federating!)
TODO: verify file uploading
TODO: wire up admin panel
|
2022-12-03 02:16:29 +00:00 |
|
|
24967c53a7
|
servo: disable ipfs
|
2022-12-02 08:33:50 +00:00 |
|
|
3f33b2cb76
|
nginx: supply x509 certs for assorted websites under /var/www/sites
|
2022-11-30 11:37:37 +00:00 |
|
|
f8a1df790f
|
servo: allow hosting arbitrary websites by stashing them in /var/www
|
2022-11-30 05:33:04 +00:00 |
|
|
82d11a7ae1
|
nginx: note that OCSP stapling isn't actually working
|
2022-11-30 02:09:35 +00:00 |
|
|
5d1e8f5f60
|
servo: store media on external storage
|
2022-11-29 21:54:33 +00:00 |
|
|
ff9c26b03d
|
servo: port to Ryzen/x86 machine
|
2022-11-29 02:20:18 +00:00 |
|
|
16327fd323
|
nix patches: fix hashes
|
2022-11-29 02:18:05 +00:00 |
|
|
a56f2008d3
|
fix 'nixserv' -> 'nixserve' typo
|
2022-11-23 04:09:58 +00:00 |
|
|
c2a2b27002
|
servo: disable duplicity
|
2022-11-22 12:01:55 +00:00 |
|
|
b566910da0
|
home-manager: hide behind an enable flag
|
2022-11-22 05:28:41 +00:00 |
|
|
ca43811c16
|
remove sane.home-manager.extraPackages
replaced by sane.packages.extraUserPkgs
|
2022-11-22 05:11:02 +00:00 |
|