Simon Bruder
ef62aac941
shinobu/router: Add qdisc for guest network
2023-10-22 14:00:47 +02:00
Simon Bruder
4611e12772
shinobu/router: Add network segmentation
2023-10-22 14:00:42 +02:00
Simon Bruder
1740570d00
shinobu/router: Use callPackage for common
2023-10-18 20:04:04 +02:00
Simon Bruder
19da5e13b9
shinobu/router/tc: Properly use hex for identifiers
2023-10-18 20:01:57 +02:00
Simon Bruder
5d696d67f0
neovim: Add plantuml syntax
2023-10-18 14:19:52 +02:00
Simon Bruder
bb5937c686
vnstat: Use UTC in database
2023-10-15 17:07:16 +02:00
Simon Bruder
8311a2c906
vueko/mail: Add alias
2023-10-13 21:25:06 +02:00
Simon Bruder
a884f11f69
renge/gitea: Switch to manual user confirmation
...
There was too much spam registration going on.
2023-10-13 20:23:54 +02:00
Simon Bruder
95ae4c03c4
neovim: Use nvim-jdtls
2023-10-11 12:08:47 +02:00
Simon Bruder
ace6f449c3
renge/gitea: Don’t allow creating org by default
2023-10-08 21:36:33 +02:00
Simon Bruder
c0eae808b7
mail: Remove old configuration
...
I use the new imperative configuration for quite some time and don’t
think I will go back to aerc.
2023-10-08 16:45:14 +02:00
Simon Bruder
816004e80b
restic: Use QoS instead of uploadLimit
...
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.
The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder
afc9013506
shinobu/router: Implement QoS using HTB
...
This is an initial implementation and probably still needs tuning.
2023-10-07 22:49:26 +02:00
Simon Bruder
91eb90e9c3
Enable nftables by default
2023-10-07 13:50:18 +02:00
Simon Bruder
4eeae2c1b5
vueko/mail: Add alias
2023-10-07 01:18:48 +02:00
Simon Bruder
3e1cd23aea
tools: Use bandwhich from unstable
2023-10-04 23:42:01 +02:00
Simon Bruder
7b836dd65b
Drastically lower restic upload limit
...
Welcome in the year 2023, where it apparently is acceptable to offer
internet connectivity with not even 5 Mbit/s upload speed.
2023-10-04 23:42:00 +02:00
Simon Bruder
16c0472bb0
nazuna: Enable torrent
2023-10-04 23:19:44 +02:00
Simon Bruder
3a12a3f53a
qbittorrent: Avoid using nscd
2023-10-04 23:19:44 +02:00
Simon Bruder
7fc8a4694c
nazuna: Init
2023-10-04 23:19:44 +02:00
Simon Bruder
70ee0e1d59
vueko/mail: Add alias
2023-10-04 23:19:44 +02:00
Simon Bruder
4ea0cc32ba
mpd: Add listenbrainz-content-resolver
2023-10-04 23:19:44 +02:00
Simon Bruder
b79a088479
vueko/mail: Add alias
2023-10-04 23:19:44 +02:00
Simon Bruder
c229c14d4b
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-utils':
'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
→ 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
• Updated input 'home-manager':
'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
→ 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19)
• Updated input 'home-manager-unstable':
'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
→ 'github:nix-community/home-manager/4f02e35f9d150573e1a710afa338846c2f6d850c' (2023-09-29)
• Updated input 'nix-pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
→ 'github:cachix/pre-commit-hooks.nix/cb770e93516a1609652fa8e945a0f310e98f10c0' (2023-09-24)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
→ 'github:nixos/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
→ 'github:nixos/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
→ 'github:nixos/nixpkgs/8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2' (2023-09-27)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
→ 'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
→ 'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
2023-10-04 23:19:44 +02:00
Simon Bruder
3d880316de
shinobu/router: Disable wg-upstream
...
This only complicates many things and creates too much overhead on such
a slow connection.
2023-10-04 23:19:44 +02:00
Simon Bruder
642fea6b8e
shinobu/router: Route select protocols directly
2023-10-04 23:19:44 +02:00
Simon Bruder
7a7b385b44
shinobu/router: Change nft variable source
2023-10-04 23:19:44 +02:00
Simon Bruder
f6694ebb8c
qutebrowser: Do not use fake user agent
...
C(R)APTCHA services do not like this.
2023-10-04 23:19:44 +02:00
Simon Bruder
8ecf4ecbfd
shinobu/router: Split configuration
2023-10-04 23:19:43 +02:00
Simon Bruder
c48d626c68
neovim: Add nftables highlighting
2023-09-24 14:42:31 +02:00
Simon Bruder
c0ab0c6977
vueko/mail: Add alias
2023-09-22 22:37:49 +02:00
Simon Bruder
257b000e24
shinobu/router: Add ethtool
2023-09-21 21:11:22 +02:00
Simon Bruder
8a1724fe43
shinobu/router: Clean up nftables rules
2023-09-21 12:59:12 +02:00
Simon Bruder
9c42cb0903
shinobu/router: Fix VPN bypass
...
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder
caac620ea6
shinobu/router: Add tracing infrastructure
2023-09-21 12:44:27 +02:00
Simon Bruder
1c24743911
shinobu/router: Fix naming of subnets in rules
...
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder
a39a2ba616
nix: Make nix-shell not fail on non-krops machines
...
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder
b10b83c207
shinobu/router: Use dns over https
...
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder
f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
...
This reverts commit 0bcc5d6141
.
This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder
287560e0fa
mpd: Add listenbrainz submitting
2023-09-19 12:23:38 +02:00
Simon Bruder
c7895e8427
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-utils':
'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
→ 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
• Updated input 'home-manager':
'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15)
→ 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'home-manager-unstable':
'github:nix-community/home-manager/6a94c1a59737783c282c4031555a289c28b961e4' (2023-08-17)
→ 'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
• Updated input 'nix-pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa' (2023-08-17)
→ 'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12)
→ 'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/b30c68669df77d981ce4aefd6b9d378563f6fc4e' (2023-08-16)
→ 'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
→ 'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
→ 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
→ 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
2023-09-12 15:00:51 +02:00
Simon Bruder
c3365ba881
vueko/mail: Add alias
2023-09-12 15:00:51 +02:00
Simon Bruder
aa85febe12
shinobu/router: Fix IPv6 networking
...
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.
However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder
09a9037f1c
Revert "Disable systemd-resolved"
...
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder
bc08d06985
renge: Disable netbox
...
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder
e7d740f03c
shinobu/router: Restrict wan
2023-09-12 15:00:51 +02:00
Simon Bruder
94fcee359a
shinobu/router: Reduce semicolon usage
...
Only use it where it is necessary
2023-09-12 15:00:51 +02:00
Simon Bruder
2dab79f0bc
shinobu/router: Use correct v6 address for vueko
...
It is not used (yet), therefore it went unnoticed.
2023-09-12 15:00:51 +02:00
Simon Bruder
f88669f202
shinobu: Move physically
2023-09-12 15:00:51 +02:00
Simon Bruder
0bcc5d6141
shinobu/router: Switch provider for wg-upstream
...
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.
However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
2023-09-12 15:00:51 +02:00