5924d092f4
coturn: expand documentation
2024-05-16 09:41:53 +00:00
a5f6aae6f5
desko: use stock systemd resolver
...
i need a backup system to use when things are broken, and this helps with debugging as well
2024-05-16 03:12:30 +00:00
fd94422982
distcc: purge
2024-05-16 02:51:38 +00:00
d258d4ddd5
desko: re-enable firewall
2024-05-16 02:49:03 +00:00
9d725a0974
servo: disable unused nixcache.uninsane.org
2024-05-16 02:46:23 +00:00
df4ef0ce5a
desko: disable nix-serve
2024-05-16 02:35:27 +00:00
d5e8974a4a
refactor: trust-dns: listenAddrs -> listenAddrsIpv4
2024-05-14 23:22:50 +00:00
e040a5b0c5
servo: trust-dns: remove hn-resolver
...
my hosts run their own recursive DNS resolvers now, so there's no need for the wireguard VPN to provide them with that
2024-05-14 23:20:19 +00:00
f3cf9e0bed
trust-dns: set it to NOT be the system resolver for servo
...
trust-dns recursor is too beta for servo
2024-05-14 09:03:10 +00:00
889b332ade
trust-dns: split the parts which are generalizable into their own file
...
i can try to build this into a recursive resolver for *all* my hosts
2024-04-30 14:35:56 +00:00
1f2bbd4aec
refactor: split modemmanager stuff into own file
2024-04-27 08:32:15 +00:00
19115dfb65
eg25-control: port to s6 (hopefully)
2024-04-26 21:44:13 +00:00
34842c00fe
moby: make the modem powerable by the user, without root
...
this should allow migrating eg25-control to a user service
2024-04-26 17:19:38 +00:00
6129fbf2b3
lemmy: upstream the proxy headers
2024-04-26 16:44:43 +00:00
f3d2dee470
lemmy: fix federation (broke due to invalid HTTP signatures)
2024-04-26 10:31:47 +00:00
3d207ab7bb
coturn: allocate 256 ports instead of 16
2024-04-26 08:47:52 +00:00
95447eb765
goaccess: fix missing state dir
2024-04-26 08:47:09 +00:00
593268f620
coturn: run inside ovpns namespace
2024-04-26 08:01:34 +00:00
d0de6a9254
sftpgo: reduce the passive port range
...
hopefully this eases the load on the upstream firewall's UPNP service
2024-04-22 12:08:23 +00:00
12f2798140
servo: sftpgo: move to own directory
2024-04-22 12:05:16 +00:00
a7b8eb179b
pipewire: move the clock quantum config into sane.programs proper
...
this ensures it's available in the sandbox
2024-04-20 09:09:05 +00:00
f10bb6c86c
sftpgo: adjust file mode to be compatible with Kodi
2024-04-20 08:07:00 +00:00
317996b609
clightning-sane: document the status
command more
2024-04-19 07:29:20 +00:00
135f63480b
clightning-sane: add a help message
2024-04-19 07:29:20 +00:00
f59f13588f
jackett/transmission/slskd: validate public IP address before starting
2024-04-18 20:05:59 +00:00
a36ff517e7
servo: slskd: disable
2024-04-18 06:55:56 +00:00
60c370df3f
sftpgo: fix domain name in banner
2024-04-18 05:01:57 +00:00
d80852c6c1
sftpgo: re-enable password login
2024-04-18 04:58:59 +00:00
62b3047fff
sftpgo: support FTPS
2024-04-18 04:34:41 +00:00
9a9ffcbea9
transmission: fix faulty "find" expression (thanks shellcheck!)
2024-04-17 23:32:00 +00:00
733efcfaf7
servo: nginx: forceSSL for anything media related
2024-04-17 22:49:24 +00:00
b34d984572
servo: transmission: remove noisy files upon torrent completion
2024-04-17 20:47:00 +00:00
e2b58e1b77
servo: transmission: be extra strict about requiring VPN
2024-04-17 19:52:11 +00:00
b7e5bc5972
servo: sftpgo: disable external access
2024-04-17 19:41:57 +00:00
13c1f01a6b
servo: pleroma: migrate port 4000 -> 4040
...
port 4000 is used by NFS
2024-04-16 18:57:54 +00:00
5f281f57de
servo: transmission: inline nested torrent directories
2024-04-16 18:25:41 +00:00
089e434e3f
servo: transmission: fix group permissions of media when copying them to public dir
2024-04-16 16:31:10 +00:00
feb36d19ac
programs: ship cups
2024-04-14 03:33:55 +00:00
fce3436c88
servo: expose Milkbags to the internet :)
2024-04-08 06:55:09 +00:00
f7e4504764
pict-rs: remove no-transcoding patch (it doesnt apply anymore)
2024-04-04 19:09:12 +00:00
7ab148ea58
servo: migrate /var/media to be 100% on zfs pool
2024-04-04 06:20:50 +00:00
410097480f
docs: servo: fs: fix setfacl typo
2024-04-03 09:48:10 +00:00
f5fadbe4cf
transmission: place torrents in a separate directory, and copy them to the main media directory on completion
2024-04-03 09:48:10 +00:00
d3ad661970
servo: zfs: enable reflink support
2024-03-31 03:48:34 +00:00
eff37765ae
sane.image: fix so imgs.moby
includes a working bootloader
2024-03-31 03:24:33 +00:00
5ed29ceb47
servo: /var/media: fixup permissions so everything is r/w by "media" group, including sftpgo
2024-03-28 23:14:40 +00:00
725ab13628
servo: nfs: allow UDP NFSv3 connections
2024-03-27 00:54:58 +00:00
c6a1f310a0
servo: net: actually assert that ovpns exists if we fail to add it
2024-03-26 11:13:10 +00:00
1d494513a9
slskd: document common errors/flakiness
2024-03-26 11:04:21 +00:00
3cf42db7dc
slskd: fix for more recent nixpkgs
2024-03-26 10:47:20 +00:00
098cd2051e
sftpgo: expose to the WAN
2024-03-14 13:11:44 +00:00
691a7d7ff7
sftpgo: configure for credential-gated r/w access
2024-03-14 13:11:44 +00:00
c7c2785ad8
sftpgo_external_auth_hook: refactor
2024-03-14 13:11:44 +00:00
4c1a7fc910
sftpgo: port auth program to python
2024-03-14 13:11:44 +00:00
f44a4c84ee
moby: don't ship fcitx5 (doesn't cross compile)
2024-03-11 07:54:49 +00:00
f44c3f2e1f
moby: auto-screenoff: bump timeout from 150s -> 300s
2024-03-07 23:14:03 +00:00
bb300a4eb5
swayidle: dont enable screenoff action by default
2024-03-07 11:18:34 +00:00
fd4842ab5b
swayidle: auto screenoff
2024-03-07 10:59:44 +00:00
1cdc3b8bda
moby: enable schlock
screen locker
2024-03-07 10:37:18 +00:00
bd27f3a015
swayidle: enable; pair with swaylock
2024-03-06 20:55:01 +00:00
471339d237
hosts (all): remove sxmo-related polyfills
2024-03-06 05:07:30 +00:00
18c7fc17fd
alacritty: configure font size per-host
2024-03-06 05:07:30 +00:00
41a141dba6
servo: disable navidrome
2024-03-05 18:48:25 +00:00
4d6d79cc81
servo: /var/lib/uninsane/media -> /var/media
2024-03-05 18:44:30 +00:00
53d76920e4
servo: persist more specifically the /var/lib/uninsane/media directory
2024-03-05 18:39:23 +00:00
d43cc6c61c
alsa-ucm-conf: fold the Pinephone patches into sane.programs.alsa-ucm-conf & distribute to all hosts
2024-03-05 00:28:07 +00:00
6b45589e54
wireplumber: ensure ALSA_UCM_CONF2 env var is on PATH
...
this is critical for pipewire/wireplumber to work on moby
2024-03-03 04:43:11 +00:00
0aaa3eaaeb
mpv: remove legacy vo=wlshim hack
2024-03-02 23:46:52 +00:00
6ec3126321
moby: fix display driver reload check to run before unl0kr
...
this should fix the no-graphics-on-boot bug i'm seeing. it was previously fixed for lightdm and greetd: just not unl0kr
2024-03-02 19:50:50 +00:00
b6daeddfa2
waybar: show different modules for moby v.s. others
2024-03-01 15:25:42 +00:00
2e737c2ab1
moby: sxmo -> sway
...
still several things need to be improved, but the groundwork is there
2024-03-01 07:26:26 +00:00
b02ae7ef74
moby: polyfill an OK sway layout
2024-03-01 05:20:28 +00:00
37ddb2ae17
waybar: fix font size to be more usable on moby
2024-03-01 04:46:06 +00:00
81e02e2885
sway: moby: fix layout/scale preferences
2024-03-01 04:38:26 +00:00
c380f61bea
fix "rescue" host to eval again
2024-02-28 14:19:45 +00:00
d0d7994c2f
sxmo: remove 'greeter' option
2024-02-26 07:27:33 +00:00
d5643a6a5d
assorted static-nix-shell packages: use srcRoot
2024-02-25 17:37:38 +00:00
c6ebcfe66e
servo: port legacy /var/lib users over to "method = bind" persistence
...
i may wittle these down in the future
2024-02-23 15:49:54 +00:00
bd7ca20361
desko: fs: remove dead code
2024-02-23 14:45:57 +00:00
f5ef1e96ca
lappy: fs: remove dead code
2024-02-23 14:44:49 +00:00
c23e4dc9c7
servo: note why i use file.text instead of symlink.text here
2024-02-23 08:14:27 +00:00
478747a96e
modules/persist: change default mounting method to symlink
...
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
that's causing problems with sandboxing, particularly ~/private.
that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
if `realpath` doesn't evaluate to `/nix/persist`, then it's not
persisted.
2024-02-23 07:06:29 +00:00
386651044e
sway: port to sane.programs API
2024-02-21 23:18:57 +00:00
5ff1d014b8
servo: transmission: fix user agent
2024-02-17 01:35:40 +00:00
4002a57e03
servo: transmission: advertise as 3.00 to deal with old trackers
2024-02-16 12:58:08 +00:00
74a0b0d125
gitea: serve phone-case-cq/ build files as proper html/js content type
2024-02-16 12:07:28 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
d3eaa69261
lappy/desko: auto-start signal-desktop
2024-02-02 14:22:08 +00:00
25707eb79e
servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts
2024-02-01 15:47:56 +00:00
09923b60ea
moby: disable desko as nixcache
2024-02-01 15:41:43 +00:00
a0f00313a7
moby: disable signal-desktop autostart
2024-01-31 20:09:03 +00:00
6603115192
moby: disable getty auto-login
...
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
2024-01-31 19:47:24 +00:00
1d72e13a98
sxmo: launch via unl0kr by default
2024-01-31 17:40:36 +00:00
e8748ce0a0
servo: lemmy: pict-rs: port the media-enable-full-video -> media-video-allow-audio CLI flag
2024-01-23 17:12:13 +00:00
ad474873e2
dovecot: fix unparseable config
...
upstream/nixpkgs is doing some shit, ugh
2024-01-22 08:09:37 +00:00
03fbf42680
servo: lemmy: pict-rs: fix broken CLI argument
2024-01-20 03:15:06 +00:00
a725d42bf5
ip_forward: consolidate the options to fix servo build
2024-01-19 21:34:18 +00:00
7d504892be
servo: dovecot: fix broken sieve
2024-01-16 06:28:25 +00:00
d7a2bf9d26
servo: remove networking.useDHCP=false override
...
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
2024-01-16 06:09:19 +00:00