simon
/
nixos-config
1
1
Fork 0
Code Issues 8 Pull Requests Projects Releases Activity
1,666 Commits
16 Branches
0 Tags
6.8 MiB
Commit Graph

40 Commits (master)

Author SHA1 Message Date
Simon Bruder ef2c667bfe
shinobu: Add NTP server 
This also changes the firewall rules for the IoT network to no longer
accept connections to ntp.org pool hosts over 123/UDP. All clients
should use the local NTP server.
 2024-02-15 13:39:42 +01:00
Simon Bruder 013511c1c9
sops: Switch to new PGP key 2024-01-22 17:32:02 +01:00
Simon Bruder 10b8d432d5
Relicense 
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
 2024-01-13 14:39:22 +01:00
Simon Bruder 9e545950f5
shinobu/wlan: Drop 
It was not used anyway.
 2024-01-06 00:10:02 +01:00
Simon Bruder 9d7d7cb592
wordclock-dimmer: Migrate to shinobu 2023-12-31 17:31:17 +01:00
Simon Bruder 0055de1c26
shinobu/snmp-exporter: Init 2023-11-04 13:57:59 +01:00
Simon Bruder 4f536a00d2
Switch home domain to shinonome-lab.de 
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.

This domain is specifically for the case of not having DNSSEC on it.
 2023-10-27 23:54:56 +02:00
Simon Bruder 7a7d38c2f0
shinobu/router: Fix nft set for ntp 
Appartently, the family is not optional.
 2023-10-24 21:36:40 +02:00
Simon Bruder 315cc1b50c
shinobu/router: Dynamically allow ntp for iot 2023-10-22 14:00:47 +02:00
Simon Bruder 3f9e9e15e9
shinobu/router: Disable hostapd 
The wireless card only supports one AP, so I switched to an OpenWRT
stanadlone AP.
 2023-10-22 14:00:47 +02:00
Simon Bruder ef62aac941
shinobu/router: Add qdisc for guest network 2023-10-22 14:00:47 +02:00
Simon Bruder 4611e12772
shinobu/router: Add network segmentation 2023-10-22 14:00:42 +02:00
Simon Bruder 1740570d00
shinobu/router: Use callPackage for common 2023-10-18 20:04:04 +02:00
Simon Bruder 19da5e13b9
shinobu/router/tc: Properly use hex for identifiers 2023-10-18 20:01:57 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit 
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
 2023-10-07 22:49:47 +02:00
Simon Bruder afc9013506
shinobu/router: Implement QoS using HTB 
This is an initial implementation and probably still needs tuning.
 2023-10-07 22:49:26 +02:00
Simon Bruder 3d880316de
shinobu/router: Disable wg-upstream 
This only complicates many things and creates too much overhead on such
a slow connection.
 2023-10-04 23:19:44 +02:00
Simon Bruder 642fea6b8e
shinobu/router: Route select protocols directly 2023-10-04 23:19:44 +02:00
Simon Bruder 7a7b385b44
shinobu/router: Change nft variable source 2023-10-04 23:19:44 +02:00
Simon Bruder 8ecf4ecbfd
shinobu/router: Split configuration 2023-10-04 23:19:43 +02:00
Simon Bruder 257b000e24
shinobu/router: Add ethtool 2023-09-21 21:11:22 +02:00
Simon Bruder 8a1724fe43
shinobu/router: Clean up nftables rules 2023-09-21 12:59:12 +02:00
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass 
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
 2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules 
This has no practical effect, but did cause confusion.
 2023-09-21 11:31:00 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https 
For some reason, this makes DNS more reliable.
 2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream" 
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
 2023-09-19 12:23:38 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking 
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
 2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00
Simon Bruder 94fcee359a
shinobu/router: Reduce semicolon usage 
Only use it where it is necessary
 2023-09-12 15:00:51 +02:00
Simon Bruder 2dab79f0bc
shinobu/router: Use correct v6 address for vueko 
It is not used (yet), therefore it went unnoticed.
 2023-09-12 15:00:51 +02:00
Simon Bruder f88669f202
shinobu: Move physically 2023-09-12 15:00:51 +02:00
Simon Bruder 0bcc5d6141
shinobu/router: Switch provider for wg-upstream 
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.

However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
 2023-09-12 15:00:51 +02:00
Simon Bruder f71cbedf14
shinobu/router: Exclude vueko from VPN 2023-08-08 14:20:21 +02:00
Simon Bruder 826929571b
shinobu/router: Switch to nftables 2023-08-08 14:19:48 +02:00
Simon Bruder ba1f9262fb
shinobu/router: Make wg-mullvad vendor neutral 2023-08-08 11:44:45 +02:00
Simon Bruder 751e9d51b9
shinobu: Change wg-mullvad peer 2023-08-08 11:42:52 +02:00
Simon Bruder 8e51f746c9
shinobu: Add eMMC to readme 2023-07-01 20:07:49 +02:00
Simon Bruder 3df0ddcc27
shinobu/co2_exporter: Migrate from fuuko 2023-07-01 13:14:32 +02:00
Simon Bruder 1b44e31627
shinobu: Init 2023-07-01 12:37:12 +02:00