Commit graph

679 commits

Author SHA1 Message Date
Simon Bruder ca122a2b37
vueko/mail: Add alias 2024-06-01 13:54:05 +02:00
Simon Bruder 3816e6fc5d
authoritative-dns: Add renge, yuzuru to secondaries 2024-02-24 13:22:17 +01:00
Simon Bruder bb8152d772
vueko/mail: Add alias 2024-02-23 19:21:13 +01:00
Simon Bruder 06958ad544
vueko/mail: Remove alias 2024-02-23 19:21:12 +01:00
Simon Bruder ef2c667bfe
shinobu: Add NTP server
This also changes the firewall rules for the IoT network to no longer
accept connections to ntp.org pool hosts over 123/UDP. All clients
should use the local NTP server.
2024-02-15 13:39:42 +01:00
Simon Bruder badd33a312
vueko/mail: Add alias 2024-02-12 11:28:35 +01:00
Simon Bruder db24be0a69
vueko/mail: Add alias 2024-02-12 11:18:49 +01:00
Simon Bruder 0696d74877
vueko/mail: Add alias 2024-02-11 10:58:54 +01:00
Simon Bruder d645aca536
vueko/mail: Add alias 2024-02-09 11:55:45 +01:00
Simon Bruder 4752437cf5
vueko/mail: Add alias 2024-02-04 14:10:12 +01:00
Simon Bruder 0e870e7188
vueko/mail: Add alias 2024-02-02 12:30:29 +01:00
Simon Bruder ef3939403a
yuzuru/static-sites: Add salespointframework
This had previously been hosted on a separate machine that was now
decommissioned.
2024-02-01 00:40:56 +01:00
Simon Bruder a2cf57ec47
vueko/mail: Drop aliases 2024-01-31 12:07:57 +01:00
Simon Bruder f454aafa20
vueko/mail: Drop aliases 2024-01-27 22:56:33 +01:00
Simon Bruder c5f3b172f3
vueko/mail: Add alias 2024-01-27 22:08:11 +01:00
Simon Bruder 7c4b4a5a9b
vueko/mail: Drop aliases 2024-01-27 22:06:25 +01:00
Simon Bruder 7c26753c04
vueko/mail: Add alias 2024-01-27 20:17:40 +01:00
Simon Bruder eecb609dab
vueko/mail: Drop aliases 2024-01-27 19:00:50 +01:00
Simon Bruder 9caef40c21
wkd: Init 2024-01-27 17:22:53 +01:00
Simon Bruder 013511c1c9
sops: Switch to new PGP key 2024-01-22 17:32:02 +01:00
Simon Bruder 10b8d432d5
Relicense
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:39:22 +01:00
Simon Bruder 62dfb36bb8
vueko/mail: Add alias 2024-01-13 14:34:23 +01:00
Simon Bruder 513e0cf383
renge/sbruder.xyz: Make transparency files state 2024-01-10 21:42:34 +01:00
Simon Bruder 9995ff511e
restic/system: Prune on renge
Because of fuuko’s very slow link, the prune had not been successful for
a whole quarter. Now that renge has more RAM, it can finally run the
prune without having to worry about OOM.
2024-01-10 21:27:42 +01:00
Simon Bruder 34231fb13b
Migrate psycho-power-papagei.de out of repo
The files are not compatible with plans for future licensing.
2024-01-06 01:36:51 +01:00
Simon Bruder 492af23f17
static-webserver: Specify default for deploy keys 2024-01-06 01:35:42 +01:00
Simon Bruder 9e545950f5
shinobu/wlan: Drop
It was not used anyway.
2024-01-06 00:10:02 +01:00
Simon Bruder 8d764fc7e4
mayushii: Allow SMB1
This is required for a Windows XP VM.
2024-01-06 00:08:00 +01:00
Simon Bruder 8757ef7eb8
yuzuru: Add meme site 2024-01-06 00:05:00 +01:00
Simon Bruder afea7afdbf
vueko/mail: Add alias 2024-01-05 13:11:35 +01:00
Simon Bruder 26d85e97aa
infovhost: Init
This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
2024-01-03 12:09:27 +01:00
Simon Bruder 0393661579
yuzuru: Init 2024-01-03 11:44:34 +01:00
Simon Bruder 2a5da89f53
Do not enable fwupd on virtual machines
It only uses up resources on those hosts but serves no purpose.
2024-01-01 16:11:28 +01:00
Simon Bruder faf159bb66
renge: Discontinue nitter and libreddit 2023-12-31 17:31:18 +01:00
Simon Bruder bf7732bbb0
renge/netbox: Drop
It was disabled anyway.
2023-12-31 17:31:18 +01:00
Simon Bruder 9d7d7cb592
wordclock-dimmer: Migrate to shinobu 2023-12-31 17:31:17 +01:00
Simon Bruder eef5f9b617
renge: Migrate to larger server 2023-12-31 17:31:17 +01:00
Simon Bruder c5f5f6a5ca
vueko/mail: Add alias 2023-12-31 11:37:41 +01:00
Simon Bruder 2b91c531e8
okarin: Change domain 2023-12-28 23:27:34 +01:00
Simon Bruder 92bbeffca9
renge/prometheus: Shorten instance name for nodes 2023-12-25 23:39:54 +01:00
Simon Bruder 0c108d9e44
renge/element-web: Use snake_case for config
camelCase is deprecated[0].

This also removes an unused jitsi server preference.

[0] https://github.com/element-hq/element-web/blob/develop/docs/config.md#-deprecation-notice
2023-12-24 13:06:57 +01:00
Simon Bruder 9d85bbfdc9
vueko/mail: Add alias 2023-12-19 17:32:26 +01:00
Simon Bruder 95590d6bc3
vueko/mail: Add alias 2023-12-17 18:04:52 +01:00
Simon Bruder 9bd01d1e8c
vueko/fuuko-proxy: Proxy websockets 2023-12-17 11:57:51 +01:00
Simon Bruder 80fcaab244
nginx: Make recommended settings global 2023-12-16 10:19:20 +01:00
Simon Bruder 6b9e98fdd3
vueko/mail: Add alias 2023-12-12 12:46:09 +01:00
Simon Bruder 8e1b76e663
renge/forgejo: Migrate from gitea 2023-12-10 15:36:11 +01:00
Simon Bruder 496f0debf6
vueko/mail: Add alias 2023-12-10 14:28:22 +01:00
Simon Bruder 32f4c05be2
vueko/mail: Add alias 2023-12-03 12:27:16 +01:00
Simon Bruder 300c9c5531
vueko/mail: Add alias 2023-12-03 11:51:05 +01:00
Simon Bruder ba843ac8c0
Upgrade to 23.11
Flake lock file updates:

• Updated input 'bang-evaluator':
    'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01)
  → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
  → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
  → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
  → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
    'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04)
  → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
    'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
  → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
  → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
    follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
  → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder e5d32e1607
vueko/mail: Add alias 2023-11-27 22:42:40 +01:00
Simon Bruder f581f20cb3
okarin/static-sites: Add arbeitskampf.work 2023-11-27 21:25:08 +01:00
Simon Bruder f39ce20c60
static-webserver: Init
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder 27a209c1d5
vueko/mail: Add domain 2023-11-15 23:42:58 +01:00
Simon Bruder 74ae72d161
vueko/mail: Remove alias 2023-11-04 13:59:24 +01:00
Simon Bruder 0055de1c26
shinobu/snmp-exporter: Init 2023-11-04 13:57:59 +01:00
Simon Bruder 4f536a00d2
Switch home domain to shinonome-lab.de
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.

This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder c705221f71
okarin/maggus.bayern: Init 2023-10-26 14:05:53 +02:00
Simon Bruder af1d41ffda
dns: Add prometheus exporter 2023-10-26 01:18:17 +02:00
Simon Bruder 7a7d38c2f0
shinobu/router: Fix nft set for ntp
Appartently, the family is not optional.
2023-10-24 21:36:40 +02:00
Simon Bruder db5929adec
hitagi: Emulate aarch64-linux binaries 2023-10-22 14:11:02 +02:00
Simon Bruder c49bf4514b
vueko/mail: Add alias 2023-10-22 14:00:47 +02:00
Simon Bruder f3c69fcc45
vueko/mail: Add alias 2023-10-22 14:00:47 +02:00
Simon Bruder 75cfab8d8e
vueko/mail: Add alias 2023-10-22 14:00:47 +02:00
Simon Bruder a6e9959d12
vueko/mail: Add alias 2023-10-22 14:00:47 +02:00
Simon Bruder 27a96649f8
vueko/mail: Add alias 2023-10-22 14:00:47 +02:00
Simon Bruder 315cc1b50c
shinobu/router: Dynamically allow ntp for iot 2023-10-22 14:00:47 +02:00
Simon Bruder 3f9e9e15e9
shinobu/router: Disable hostapd
The wireless card only supports one AP, so I switched to an OpenWRT
stanadlone AP.
2023-10-22 14:00:47 +02:00
Simon Bruder ef62aac941
shinobu/router: Add qdisc for guest network 2023-10-22 14:00:47 +02:00
Simon Bruder 4611e12772
shinobu/router: Add network segmentation 2023-10-22 14:00:42 +02:00
Simon Bruder 1740570d00
shinobu/router: Use callPackage for common 2023-10-18 20:04:04 +02:00
Simon Bruder 19da5e13b9
shinobu/router/tc: Properly use hex for identifiers 2023-10-18 20:01:57 +02:00
Simon Bruder 8311a2c906
vueko/mail: Add alias 2023-10-13 21:25:06 +02:00
Simon Bruder a884f11f69
renge/gitea: Switch to manual user confirmation
There was too much spam registration going on.
2023-10-13 20:23:54 +02:00
Simon Bruder ace6f449c3
renge/gitea: Don’t allow creating org by default 2023-10-08 21:36:33 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder afc9013506
shinobu/router: Implement QoS using HTB
This is an initial implementation and probably still needs tuning.
2023-10-07 22:49:26 +02:00
Simon Bruder 4eeae2c1b5
vueko/mail: Add alias 2023-10-07 01:18:48 +02:00
Simon Bruder 7b836dd65b
Drastically lower restic upload limit
Welcome in the year 2023, where it apparently is acceptable to offer
internet connectivity with not even 5 Mbit/s upload speed.
2023-10-04 23:42:00 +02:00
Simon Bruder 16c0472bb0
nazuna: Enable torrent 2023-10-04 23:19:44 +02:00
Simon Bruder 7fc8a4694c
nazuna: Init 2023-10-04 23:19:44 +02:00
Simon Bruder 70ee0e1d59
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder b79a088479
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder 3d880316de
shinobu/router: Disable wg-upstream
This only complicates many things and creates too much overhead on such
a slow connection.
2023-10-04 23:19:44 +02:00
Simon Bruder 642fea6b8e
shinobu/router: Route select protocols directly 2023-10-04 23:19:44 +02:00
Simon Bruder 7a7b385b44
shinobu/router: Change nft variable source 2023-10-04 23:19:44 +02:00
Simon Bruder 8ecf4ecbfd
shinobu/router: Split configuration 2023-10-04 23:19:43 +02:00
Simon Bruder c0ab0c6977
vueko/mail: Add alias 2023-09-22 22:37:49 +02:00
Simon Bruder 257b000e24
shinobu/router: Add ethtool 2023-09-21 21:11:22 +02:00
Simon Bruder 8a1724fe43
shinobu/router: Clean up nftables rules 2023-09-21 12:59:12 +02:00
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder c3365ba881
vueko/mail: Add alias 2023-09-12 15:00:51 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder bc08d06985
renge: Disable netbox
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00