Commit graph

588 commits

Author SHA1 Message Date
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder c3365ba881
vueko/mail: Add alias 2023-09-12 15:00:51 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder bc08d06985
renge: Disable netbox
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00
Simon Bruder 94fcee359a
shinobu/router: Reduce semicolon usage
Only use it where it is necessary
2023-09-12 15:00:51 +02:00
Simon Bruder 2dab79f0bc
shinobu/router: Use correct v6 address for vueko
It is not used (yet), therefore it went unnoticed.
2023-09-12 15:00:51 +02:00
Simon Bruder f88669f202
shinobu: Move physically 2023-09-12 15:00:51 +02:00
Simon Bruder 0bcc5d6141
shinobu/router: Switch provider for wg-upstream
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.

However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
2023-09-12 15:00:51 +02:00
Simon Bruder 926d537986
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 986ad238f8
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 35a65b859a
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder e217be3fc5
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 8dd64f4209
hitagi: Document front panel swap 2023-08-26 18:11:10 +02:00
Simon Bruder d26d1127bc
hitagi: Update installed RAM in readme 2023-08-26 18:10:28 +02:00
Simon Bruder b44662e3cc
vueko/mail: Add alias 2023-08-24 18:20:36 +02:00
Simon Bruder 26e6d05db3
vueko/mail: Add alias 2023-08-24 12:04:36 +02:00
Simon Bruder 98dc82f57b
vueko/mail: Add alias 2023-08-23 17:52:43 +02:00
Simon Bruder adafda75bd
vueko/mail: Add alias 2023-08-23 14:07:33 +02:00
Simon Bruder 2421b6dd4c
vueko/mail: Add alias 2023-08-22 22:22:28 +02:00
Simon Bruder 2f71839f58
vueko/mail: Add alias 2023-08-20 14:04:57 +02:00
Simon Bruder 0d92c932ed
fuuko/photoprism: Make reachable from outside
This is not that good, because if I am at home, I want to have a fast
connection without routing everything through the Internet first. I
currently work around this by using an ssh tunnel for this.
2023-08-19 17:30:52 +02:00
Simon Bruder 6b8931d538
hitagi: Use graphics packages from stable
Otherwise there is an impure version conflict.
2023-08-19 10:49:38 +02:00
Simon Bruder 49149fa1d4
fuuko/photoprism: Init 2023-08-18 22:17:02 +02:00
Simon Bruder 385cf15e02
renge/invidious: Use new hmac_key setting 2023-08-18 12:02:50 +02:00
Simon Bruder abcab70626
vueko/mail: Add domain and user 2023-08-17 13:51:45 +02:00
Simon Bruder 795b80e734
vueko/mail: Add alias 2023-08-14 09:51:19 +02:00
Simon Bruder 7f2ed58e19
fuuko: Do DHCP on both interfaces 2023-08-12 15:32:12 +02:00
Simon Bruder 0bdf13b3bd
renge/netbox: Add plugins 2023-08-12 13:59:03 +02:00
Simon Bruder 6f67715a65
renge/netbox: Init 2023-08-12 11:53:11 +02:00
Simon Bruder 72623c05d2
vueko/mail: Add alias 2023-08-12 10:12:28 +02:00
Simon Bruder 0f6a9a1bee
{renge,vueko}: Use correct IPv6 address 2023-08-12 01:00:37 +02:00
Simon Bruder 1ea28cf4b6
vueko/mail: Add alias 2023-08-10 14:50:10 +02:00
Simon Bruder bb0b66d9c1
fuuko: Add r8169 to initrd modules
This allows unlocking with the onboard NIC.
2023-08-08 15:32:00 +02:00
Simon Bruder f71cbedf14
shinobu/router: Exclude vueko from VPN 2023-08-08 14:20:21 +02:00
Simon Bruder 826929571b
shinobu/router: Switch to nftables 2023-08-08 14:19:48 +02:00
Simon Bruder ba1f9262fb
shinobu/router: Make wg-mullvad vendor neutral 2023-08-08 11:44:45 +02:00
Simon Bruder 751e9d51b9
shinobu: Change wg-mullvad peer 2023-08-08 11:42:52 +02:00
Simon Bruder 04b95467f8
vueko/mail: Add alias 2023-08-04 11:32:36 +02:00
Simon Bruder 25ff150b3d
prometheus: Add disk full alert 2023-08-02 23:22:19 +02:00
Simon Bruder ee745afd3d
vueko/mail: Add alias 2023-08-02 14:24:55 +02:00
Simon Bruder 23b81817ba
vueko/mail: Add alias 2023-07-28 22:48:39 +02:00
Simon Bruder 0bf2851100
vueko/mail: Add alias 2023-07-14 08:53:06 +02:00
Simon Bruder 527f6ac056
vueko/mail: Add alias 2023-07-04 20:29:56 +02:00
Simon Bruder 0a33de244f
fuuko/qbittorrent: Switch endpoint 2023-07-03 11:46:28 +02:00
Simon Bruder 7dab8814c6
vueko/mail: Add alias 2023-07-01 21:44:48 +02:00
Simon Bruder 8e51f746c9
shinobu: Add eMMC to readme 2023-07-01 20:07:49 +02:00
Simon Bruder 3df0ddcc27
shinobu/co2_exporter: Migrate from fuuko 2023-07-01 13:14:32 +02:00
Simon Bruder 1b44e31627
shinobu: Init 2023-07-01 12:37:12 +02:00
Simon Bruder 472ff64011
fuuko: Add SSD for hot storage
Adding a new PCIe device changes the names of the network interfaces, so
they need to be adapted.
2023-06-28 23:13:57 +02:00
Simon Bruder 9c5002517c
vueko/mail: Add alias 2023-06-28 20:06:26 +02:00
Simon Bruder 4a182ff522
fuuko: Make co2 exporter more reliable
This also “fixes” a typo in the variable name.
2023-06-28 12:53:29 +02:00
Simon Bruder e627f21603
vueko/mail: Add alias 2023-06-26 08:50:58 +02:00
Simon Bruder c3afd14f8a
fuuko/router: Switch wg-mullvad endpoint 2023-06-23 17:15:06 +02:00
Simon Bruder eea6668c8b
vueko/mail: Add alias 2023-06-22 22:58:07 +02:00
Simon Bruder b2636f87fb
vueko/mail: Add alias 2023-06-17 15:09:22 +02:00
Simon Bruder 7f0eea300f
vueko/mail: Add alias 2023-06-17 13:31:11 +02:00
Simon Bruder aa6d0378cb
vueko/mail: Add alias 2023-06-08 20:26:14 +02:00
Simon Bruder db391a3907
mailserver: Remove rejectSenders
This now gets handled by rspamd with a dynamic map.
2023-06-03 18:34:12 +02:00
Simon Bruder f84e6d9bee
mailserver: Add option for autoconfig 2023-06-02 08:26:33 +02:00
Simon Bruder 75fd40abb3
vueko/mail: Add alias 2023-06-01 19:54:26 +02:00
Simon Bruder 17cfd6cfb9
hitagi: Use stable nixpkgs 2023-06-01 19:54:25 +02:00
Simon Bruder b135035baa
fuuko/router: Migrate dnsmasq options to 23.05 2023-06-01 19:54:25 +02:00
Simon Bruder 4adeba626a
renge/gitea: Migrate to 23.05 options 2023-06-01 19:54:22 +02:00
Simon Bruder dc0a64a44e
hitagi: Reinstall on single drive 2023-05-25 20:08:42 +02:00
Simon Bruder 9724413740
hitagi: Remove virtualisation 2023-05-25 20:08:42 +02:00
Simon Bruder 764834c16f
fuuko/router: Change mullvad peer 2023-05-25 20:08:04 +02:00
Simon Bruder bd32d54ebf
vueko/mail: Add alias 2023-05-21 13:42:43 +02:00
Simon Bruder 73d16d3f09
vueko/mail: Add alias 2023-05-18 12:43:56 +02:00
Simon Bruder cc47b75704
okarin: Init 2023-05-06 11:39:31 +02:00
Simon Bruder 63a2a7e0ed
vueko/mail: Add alias 2023-05-05 18:44:39 +02:00
Simon Bruder 4c3e61db58
vueko/mail: Add alias 2023-05-05 18:38:08 +02:00
Simon Bruder 29438296ca
vueko/mail: Add alias 2023-05-05 17:30:50 +02:00
Simon Bruder 549b1a90f3
vueko/mail: Add alias 2023-05-03 12:31:13 +02:00
Simon Bruder a8bf73a771
vueko/mail: Add alias 2023-05-03 12:31:13 +02:00
Simon Bruder b6d4aec504
vueko/mail: Add alias 2023-05-03 12:31:13 +02:00
Simon Bruder 247896a92e
vueko/mail: Add alias 2023-05-03 12:31:13 +02:00
Simon Bruder dc0255ab39
vueko/mail: Add alias 2023-05-03 12:31:13 +02:00
Simon Bruder 3312b4daa0
vueko/mail: Re-enable spammy alias
I only get spam on this address, but I might configure it as a spamtrap
later.
2023-05-03 12:31:13 +02:00
Simon Bruder 687439cff9
vueko: Expose rspamd prometheus metrics 2023-05-03 12:31:13 +02:00
Simon Bruder a3030f5dbd
vueko: Expose rspamd 2023-05-03 12:31:13 +02:00
Simon Bruder 2f39d10a8a
vueko: Migrate to new server 2023-05-03 12:31:11 +02:00
Simon Bruder 4880116919
renge/sbruder.xyz: Add censorship infrastructure
I don’t want to do this, but I might have to. Hetzner’s ToS are very
vague in what content they don’t allow, so I think I might have to
comply with the Russian censorship authority.
2023-04-29 09:41:00 +02:00
Simon Bruder bdbcbd2a0b
vueko/mail: Add alias 2023-04-26 20:15:38 +02:00
Simon Bruder 9875b7cfbf
vueko/mail: Add alias 2023-04-21 09:10:40 +02:00
Simon Bruder 52dab514ca
fuuko: Use additional NIC instead of VLANs 2023-04-15 18:08:46 +02:00
Simon Bruder 62b1b6a37e
vueko/mail: Remove alias 2023-04-15 17:23:18 +02:00
Simon Bruder c2beb57f21
vueko/mail: Add alias 2023-04-11 12:08:00 +02:00
Simon Bruder 1a78049a7a
renge: Use networkd 2023-04-11 11:44:59 +02:00
Simon Bruder 9c5da77efc
fuuko: Note router/AP in readme 2023-04-08 18:45:14 +02:00
Simon Bruder a8ace37aa2
mayushii: Switch to MediaTek wireless adapter
Whenever possible, I’ll try to avoid Realtek in the future.
2023-04-08 18:09:08 +02:00
Simon Bruder 1498c3fab6
vueko/mail: Add alias 2023-04-07 13:40:55 +02:00
Simon Bruder 5cd4845dbf
fuuko/router: Add wireless AP
It is anything but great, though I will try to find a better solution
for this.
2023-04-05 10:11:39 +02:00
Simon Bruder 7c0ccbbd6a
fuuko/router: Use bridge for lan 2023-04-05 10:11:39 +02:00
Simon Bruder 67dabb0de5
fuuko: Note that remote unlocking is broken 2023-04-02 12:16:00 +02:00
Simon Bruder 68cc1d32d4
fuuko/router: Add static record for switch 2023-04-02 12:00:19 +02:00