Commit graph

1710 commits

Author SHA1 Message Date
Simon Bruder ef62aac941
shinobu/router: Add qdisc for guest network 2023-10-22 14:00:47 +02:00
Simon Bruder 4611e12772
shinobu/router: Add network segmentation 2023-10-22 14:00:42 +02:00
Simon Bruder 1740570d00
shinobu/router: Use callPackage for common 2023-10-18 20:04:04 +02:00
Simon Bruder 19da5e13b9
shinobu/router/tc: Properly use hex for identifiers 2023-10-18 20:01:57 +02:00
Simon Bruder 5d696d67f0
neovim: Add plantuml syntax 2023-10-18 14:19:52 +02:00
Simon Bruder bb5937c686
vnstat: Use UTC in database 2023-10-15 17:07:16 +02:00
Simon Bruder 8311a2c906
vueko/mail: Add alias 2023-10-13 21:25:06 +02:00
Simon Bruder a884f11f69
renge/gitea: Switch to manual user confirmation
There was too much spam registration going on.
2023-10-13 20:23:54 +02:00
Simon Bruder 95ae4c03c4
neovim: Use nvim-jdtls 2023-10-11 12:08:47 +02:00
Simon Bruder ace6f449c3
renge/gitea: Don’t allow creating org by default 2023-10-08 21:36:33 +02:00
Simon Bruder c0eae808b7
mail: Remove old configuration
I use the new imperative configuration for quite some time and don’t
think I will go back to aerc.
2023-10-08 16:45:14 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder afc9013506
shinobu/router: Implement QoS using HTB
This is an initial implementation and probably still needs tuning.
2023-10-07 22:49:26 +02:00
Simon Bruder 91eb90e9c3
Enable nftables by default 2023-10-07 13:50:18 +02:00
Simon Bruder 4eeae2c1b5
vueko/mail: Add alias 2023-10-07 01:18:48 +02:00
Simon Bruder 3e1cd23aea
tools: Use bandwhich from unstable 2023-10-04 23:42:01 +02:00
Simon Bruder 7b836dd65b
Drastically lower restic upload limit
Welcome in the year 2023, where it apparently is acceptable to offer
internet connectivity with not even 5 Mbit/s upload speed.
2023-10-04 23:42:00 +02:00
Simon Bruder 16c0472bb0
nazuna: Enable torrent 2023-10-04 23:19:44 +02:00
Simon Bruder 3a12a3f53a
qbittorrent: Avoid using nscd 2023-10-04 23:19:44 +02:00
Simon Bruder 7fc8a4694c
nazuna: Init 2023-10-04 23:19:44 +02:00
Simon Bruder 70ee0e1d59
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder 4ea0cc32ba
mpd: Add listenbrainz-content-resolver 2023-10-04 23:19:44 +02:00
Simon Bruder b79a088479
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder c229c14d4b
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
  → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
  → 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
  → 'github:nix-community/home-manager/4f02e35f9d150573e1a710afa338846c2f6d850c' (2023-09-29)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
  → 'github:cachix/pre-commit-hooks.nix/cb770e93516a1609652fa8e945a0f310e98f10c0' (2023-09-24)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
  → 'github:nixos/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
  → 'github:nixos/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
  → 'github:nixos/nixpkgs/8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2' (2023-09-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
  → 'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
  → 'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
2023-10-04 23:19:44 +02:00
Simon Bruder 3d880316de
shinobu/router: Disable wg-upstream
This only complicates many things and creates too much overhead on such
a slow connection.
2023-10-04 23:19:44 +02:00
Simon Bruder 642fea6b8e
shinobu/router: Route select protocols directly 2023-10-04 23:19:44 +02:00
Simon Bruder 7a7b385b44
shinobu/router: Change nft variable source 2023-10-04 23:19:44 +02:00
Simon Bruder f6694ebb8c
qutebrowser: Do not use fake user agent
C(R)APTCHA services do not like this.
2023-10-04 23:19:44 +02:00
Simon Bruder 8ecf4ecbfd
shinobu/router: Split configuration 2023-10-04 23:19:43 +02:00
Simon Bruder c48d626c68
neovim: Add nftables highlighting 2023-09-24 14:42:31 +02:00
Simon Bruder c0ab0c6977
vueko/mail: Add alias 2023-09-22 22:37:49 +02:00
Simon Bruder 257b000e24
shinobu/router: Add ethtool 2023-09-21 21:11:22 +02:00
Simon Bruder 8a1724fe43
shinobu/router: Clean up nftables rules 2023-09-21 12:59:12 +02:00
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder a39a2ba616
nix: Make nix-shell not fail on non-krops machines
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder 287560e0fa
mpd: Add listenbrainz submitting 2023-09-19 12:23:38 +02:00
Simon Bruder c7895e8427
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
  → 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15)
  → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6a94c1a59737783c282c4031555a289c28b961e4' (2023-08-17)
  → 'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa' (2023-08-17)
  → 'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12)
  → 'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b30c68669df77d981ce4aefd6b9d378563f6fc4e' (2023-08-16)
  → 'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
  → 'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
  → 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
  → 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
2023-09-12 15:00:51 +02:00
Simon Bruder c3365ba881
vueko/mail: Add alias 2023-09-12 15:00:51 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder 09a9037f1c
Revert "Disable systemd-resolved"
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder bc08d06985
renge: Disable netbox
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00
Simon Bruder 94fcee359a
shinobu/router: Reduce semicolon usage
Only use it where it is necessary
2023-09-12 15:00:51 +02:00
Simon Bruder 2dab79f0bc
shinobu/router: Use correct v6 address for vueko
It is not used (yet), therefore it went unnoticed.
2023-09-12 15:00:51 +02:00
Simon Bruder f88669f202
shinobu: Move physically 2023-09-12 15:00:51 +02:00
Simon Bruder 0bcc5d6141
shinobu/router: Switch provider for wg-upstream
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.

However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
2023-09-12 15:00:51 +02:00