|
bbf8fd5b20
|
servo: disable almost all WAN stuff (leave only wireguard, as a fallback)
|
2024-06-18 09:04:13 +00:00 |
|
|
478b443430
|
doc: sftpgo: note that "/README.md" doesnt work
|
2024-06-18 07:56:26 +00:00 |
|
|
5a63f294c0
|
servo: sftpgo: allow fully-anonymous www read access to /pub
this will help me write automated tests for its availability
|
2024-06-18 05:44:20 +00:00 |
|
|
fce426c318
|
servo: trust-dns: expose the hn DNS server on port 53
nothing i had was *expecting* it to be on port 1053, and it was just never working (?)
|
2024-06-17 23:16:00 +00:00 |
|
|
9b794777b5
|
servo: trust-dns: have the ovpns DNS provider return doof-based addresses instead of WAN-based addresses
|
2024-06-17 23:14:21 +00:00 |
|
|
3ada668366
|
servo: expose all wan services also to the doof tunnel
|
2024-06-17 23:08:08 +00:00 |
|
|
50353280d3
|
servo: port ANATIVE over the doof interface to return the doof IP address
|
2024-06-17 22:37:50 +00:00 |
|
|
72b8211029
|
servo: switch ns2.uninsane.org from ovpns -> doof
|
2024-06-17 22:19:36 +00:00 |
|
|
9fc5b83b61
|
refactor: servo: hardcode OVPN-related IP addresses in far fewer places
|
2024-06-17 22:00:39 +00:00 |
|
|
0d99293b2f
|
servo: split the doof/ovpns netns config into its own module
a big thing this gets me is that the attributes (like IP addresses) are now accessible via 'config' an i won't have to hardcode them so much
|
2024-06-17 09:25:10 +00:00 |
|
|
b3890b82dc
|
servo: http/https: expose to doof
|
2024-06-17 07:55:53 +00:00 |
|
|
1af7b613bd
|
servo: doof: respond to DNS queries
|
2024-06-17 07:39:52 +00:00 |
|
|
4c8695aae8
|
servo: fix missing route table for doof
|
2024-06-17 07:31:28 +00:00 |
|
|
d45e3fda5e
|
servo: trust-dns: enable on doof-net
|
2024-06-17 07:20:23 +00:00 |
|
|
456e0de872
|
servo: doof net: add the capability to forward ports
|
2024-06-17 07:20:23 +00:00 |
|
|
7825ddc123
|
servo: split out a "bridgedWireguardNamespace" helper for configuring ovpns VPN
i can re-use this to forward traffic over doof
|
2024-06-17 07:20:23 +00:00 |
|
|
dd47a5083c
|
servo: only forward ports to OVPN which are actually marked for visiblity
|
2024-06-17 06:29:09 +00:00 |
|
|
14d5d9eb5a
|
servo: net: remove dead Hurricane Electric code
|
2024-06-17 06:04:29 +00:00 |
|
|
3c2347faba
|
nwg-panel: fixup the formatting
especially, make it fit on moby
|
2024-06-15 03:49:01 +00:00 |
|
|
63a88da3b4
|
moby: switch from waybar -> nwg-panel
|
2024-06-14 08:47:24 +00:00 |
|
|
02fdc91237
|
sway: switch from waybar -> nwg-panel (except for moby)
|
2024-06-14 08:47:24 +00:00 |
|
Shelvacu
|
dc2c31f220
|
gitea: keep login session alive for 30 days
|
2024-06-14 03:34:42 +00:00 |
|
|
8f1332797d
|
crappy: dont auto-start messengers
|
2024-06-12 07:11:41 +00:00 |
|
Shelvacu
|
bcab89dbfb
|
gitea: enable push-to-create for new repositories
|
2024-06-07 20:27:43 -07:00 |
|
|
10158bb444
|
rename snowy -> crappy
get it? it's the crappy version of lappy
|
2024-06-07 08:04:57 +00:00 |
|
|
14f4f1e80d
|
hosts: add snowy
the Samsung Chromebook thing
|
2024-06-07 07:34:35 +00:00 |
|
|
56d84dea4d
|
hosts: remove unused (defaulted) option: boot.loader.efi.canTouchEfiVariables
|
2024-06-07 07:27:34 +00:00 |
|
|
8105e00b39
|
refactor: make system.stateVersion common across all hosts.
otherwise it's hairy to share nixos configs/modules between them
note that this alters the stateVersion for desko/lappy/rescue, but unlikely to matter
|
2024-06-04 15:58:53 +00:00 |
|
|
7e32fab5d4
|
refactor: moby: split more stuff out of the toplevel config and hide behind roles/etc
|
2024-06-04 15:58:51 +00:00 |
|
|
25298c9be6
|
lappy: remove unused xkb_mobile_normal_buttons
|
2024-06-04 14:40:03 +00:00 |
|
|
e61549d917
|
moby: split remaining polyfill into roles.handheld
|
2024-06-04 14:38:32 +00:00 |
|
|
eca14a644b
|
refactor: moby: lift some of the polyfill out to pine64 hal
|
2024-06-04 14:36:46 +00:00 |
|
|
3937121522
|
refactor: moby: split pinephone-specific stuff into sane.hal.pine64
|
2024-06-04 14:35:34 +00:00 |
|
|
a5a635f00b
|
sftpgo: simplify my package override now that sftpgo 2.6.0 is merged
|
2024-06-01 16:22:22 +00:00 |
|
|
d8d11de9bc
|
sftpgo: replace deprecated "crypt" with "passlib"
|
2024-06-01 13:01:19 +00:00 |
|
|
07194d062a
|
servo: nfs: disable
|
2024-06-01 12:45:10 +00:00 |
|
|
84f2006115
|
servo: fix gitea
|
2024-05-30 12:12:06 +00:00 |
|
|
32124d76bf
|
cups: disable (not currently used, and not sandboxed)
|
2024-05-29 18:33:17 +00:00 |
|
|
1378988f21
|
desko: *really* disable wpa_supplicant
|
2024-05-29 10:34:03 +00:00 |
|
|
063b0be5b6
|
hosts/modules/gui/greetd: remove
|
2024-05-27 00:44:01 +00:00 |
|
|
7e490f5c07
|
remove lingering references to sxmo
|
2024-05-27 00:38:30 +00:00 |
|
|
b159240b7f
|
servo: import ovpn privkey
|
2024-05-26 14:37:33 +00:00 |
|
|
8a9f96eefc
|
moby: import own OVPN privkey
|
2024-05-26 14:31:08 +00:00 |
|
|
c528bb3ec9
|
desko: add to OVPN
|
2024-05-26 14:07:32 +00:00 |
|
|
002639cc76
|
ovpn: use a single key per-device
this should fix the traffic collisions i'm seeing with the existing setup
|
2024-05-26 14:04:52 +00:00 |
|
|
6365bb7594
|
desko: disable wpa_supplicant/wireless networking again
|
2024-05-26 01:18:17 +00:00 |
|
|
18ec5505c4
|
servo: re-enable slskd
routing seems stable
|
2024-05-24 02:58:09 +00:00 |
|
|
d9922f8aa8
|
moby: tidy up the initrd kernel modules
|
2024-05-23 02:07:30 +00:00 |
|
|
03dab63042
|
moby: ship a bunch of kernel modules in the initrd: this allows the postmarketos kernel to boot to graphics!
|
2024-05-22 22:35:04 +00:00 |
|
|
5952c275a0
|
moby: document kernel compatibility
|
2024-05-21 22:54:11 +00:00 |
|