colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
1,460 Commits 125 Branches 1 Tag 12 MiB
c9d08c72e7
Commit Graph

68 Commits

Author SHA1 Message Date
colin
c9d08c72e7 WIP: matrix: add signal bridge 2023-01-16 06:20:17 +00:00
colin
b4e19c037e ejabberd: TODO: fix acme/nginx group membership 2023-01-16 05:59:52 +00:00
colin
33967554a5 servo: fix missing "lib" in nginx file 2023-01-09 13:25:56 +00:00
colin
f17ae1ca7b refactor: avoid using // where we know the sets should be disjoint 2023-01-09 03:11:14 +00:00
colin
fb57e9aa5b cleanup the 'every user/group has an id' enforcement 2023-01-08 06:46:07 +00:00
colin
6a209d27fd freshrss: only show text and image feeds 2023-01-08 05:27:45 +00:00
colin
e8f778fecd feeds: convert to module 2023-01-08 05:24:56 +00:00
colin
fe816e9110 persist: lift sane.persist.dirs.{home,sys} up one level 2023-01-06 11:29:13 +00:00
colin
8217b22c86 rename impermanence -> persist 2023-01-06 10:04:51 +00:00
colin
abced7dd0d navidrome: don't try to chown to an invalid user 2023-01-04 08:00:04 +00:00
colin
247ad326b2 freshrss: be conservative and use explicit octal mode bits 2023-01-04 07:14:54 +00:00
colin
327e6b536f impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:22:37 +00:00
colin
be222c1d70 trust-dns: allow shorthand assignment of record lists 2023-01-02 13:23:52 +00:00
colin
121936620a impermanence: add support for encrypted clear-on-boot storage 
this is useful for when we need to store files to disk purely due to
their size, but don't actually want them to be persisted.
 2022-12-29 01:17:40 +00:00
colin
9b75d8705b ejabberd: enable push notifications (verified working on iOS/Modal IM) 2022-12-22 14:12:15 +00:00
colin
217ecec250 ejabberd: enable xmpps-{client,server} SRV records 2022-12-22 13:13:09 +00:00
colin
278cc98c6d minor ejabberd config changes, simplify DNS %NATIVE% updating 2022-12-21 08:50:41 +00:00
colin
55e09c2dbf ejabberd: port to dns-dns; add experimental STUN/TURN support 
during startup it says:
```
Ignoring TLS-enabled STUN/TURN listener
```

and later
```
Invalid certificate in /var/lib/acme/uninsane.org/fullchain.pem: at line 61: certificate is signed by unknown CA
```

the invalid cert thing has always been here. it's for the root cert. idk
if i need to tell ejabberd that one's self-signed, or what.
 2022-12-20 03:26:08 +00:00
colin
97044bf70e trust-dns: port to dyn-dns for determining WAN IP 
although the systemd wantedBy directive is working,
`before` seems to be ignored when the unit fails. so on first run,
dyn-dns runs, fails (poor net connectivity), then trust-dns starts
(fails), then they both restart 10s later.

it's not great, but good enough. also, wan IP is persisted, so this
likely won't happen much in practice.
 2022-12-19 13:12:23 +00:00
colin
8169f7c6b2 ddns-trust-dns: use ddns from router rather than ipinfo.io 2022-12-19 08:24:11 +00:00
colin
9b66aecf1b trust-dns: port the remaining records to a structured format 
SRV and MX _could_ have more structure (priority, etc).
not sure the best path there (option submodule, i guess).
 2022-12-19 04:38:43 +00:00
colin
16cb3b83a2 trust-dns: more idiomatic way to define SOA records 2022-12-19 04:00:27 +00:00
colin
970438be8a trust-dns: rename records option -> extraConfig 
i'll be adding special options for records
 2022-12-19 03:12:32 +00:00
colin
8a745a9b8a ejabberd: enable STUN (with partial discovery support) 
discovery is probably not working:
```
Won't auto-announce STUN/TURN service on port 3478 (udp) without public IP address, please specify 'turn_ipv4_address' and optionally 'turn_ipv6_address'
Won't auto-announce STUN/TURN service on port 3478 (tcp) without public IP address, please specify 'turn_ipv4_address' and optionally 'turn_ipv6_address'
```

no messages for the TLS implementation, so maybe that's working?
 2022-12-19 01:22:20 +00:00
colin
3505f3b9f3 ejabberd: provision cert for conference.xmpp.uninsane.org 
i guess the cert already had that because of legacy prosody setup (?),
but we weren't setup so that new requests would work, i expect.

either that or all of these nginx entries aren't necessary?
 2022-12-19 01:22:20 +00:00
colin
444595e847 disable HE and afraid DDNS 2022-12-19 01:22:20 +00:00
colin
22e46d52c2 trust-dns: distribute records across service files 2022-12-17 01:29:12 +00:00
colin
1e0c213adf split webconfig into each service file 2022-12-17 00:52:48 +00:00
colin
a8a4b8e739 kiwix: serve the full english Wikipedia 2022-12-16 05:58:51 +00:00
colin
2550601179 serve w.uninsane.org through kiwix-serve 2022-12-16 02:25:57 +00:00
colin
8fe304d6c1 trust-dns: split the service into a generic config interface 2022-12-15 11:17:50 +00:00
colin
700fef7df3 servo: mediawiki: remove dead commented-out code 2022-12-15 11:17:50 +00:00
colin
01db7e1f23 servo: install mediawiki 2022-12-15 11:17:50 +00:00
colin
46788fe565 servo: make uninsane.org NS records consistent with upstream 2022-12-13 01:00:16 +00:00
colin
115f8d7054 servo: vpn services are part of 'wireguard-wg0' 
this makes it so if we restart the wireguard connection, the services
themeselves _also_ restart. that should avoid leaving any of them in an
orphaned namespace
 2022-12-12 11:53:34 +00:00
colin
ac44b04d99 servo: trust-dns: note about maybe using dig instead of diff'ing the config 2022-12-12 11:35:47 +00:00
colin
afff0aff19 servo: trust-dns: fix up the timers/ddns reliability 2022-12-12 11:33:20 +00:00
colin
f0086dc5bd servo: trust-dns: implement some dynamic DNS shim 2022-12-12 10:30:08 +00:00
colin
38c5b82a08 servo: fold wg0 setup into one single service 
it doesn't restart cleanly (maybe i can't kill a netns while stuff lives
inside it?). problem for another day.
 2022-12-11 16:46:55 +00:00
colin
ad2ed370d9 servo: split the firewall rules across services 2022-12-11 16:12:23 +00:00
colin
3ae53d7f32 services: add RestartSec to anything which auto-restarts 
this is to prevent rapid restart failures from killing the service
permanently.
 2022-12-10 13:28:46 +00:00
colin
3394a79e2b trust-dns: restart on failure 
if the network isn't up, won't be able to bind to eth, and fails.
 2022-12-10 13:02:17 +00:00
colin
b01501663d trust-dns: listen on each address explicitly 2022-12-10 12:29:10 +00:00
colin
3a7eb294c7 servo: fix jackett DNS entry 2022-12-10 09:47:28 +00:00
colin
a979521a98 servo: enable ddns against freedns.afraid.org 2022-12-08 14:30:17 +00:00
colin
77881be955 trust-dns: document SOA parameters 2022-12-08 14:23:35 +00:00
colin
0450b4d9a6 trust-dns: fix SOA 2022-12-08 00:46:32 +00:00
colin
edea64a41c trust-dns: move nameserver to subdomain ns1,ns2 2022-12-08 00:39:22 +00:00
colin
90e479592f trust-dns: enable port 53 forward 2022-12-08 00:06:20 +00:00
colin
52bbe4e9f4 trust-dns: don't restart on failure 
for in case anything goes wrong
 2022-12-07 12:17:03 +00:00