Commit graph

1629 commits

Author SHA1 Message Date
Simon Bruder 257b000e24
shinobu/router: Add ethtool 2023-09-21 21:11:22 +02:00
Simon Bruder 8a1724fe43
shinobu/router: Clean up nftables rules 2023-09-21 12:59:12 +02:00
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder a39a2ba616
nix: Make nix-shell not fail on non-krops machines
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder 287560e0fa
mpd: Add listenbrainz submitting 2023-09-19 12:23:38 +02:00
Simon Bruder c7895e8427
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
  → 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15)
  → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6a94c1a59737783c282c4031555a289c28b961e4' (2023-08-17)
  → 'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa' (2023-08-17)
  → 'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12)
  → 'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b30c68669df77d981ce4aefd6b9d378563f6fc4e' (2023-08-16)
  → 'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
  → 'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
  → 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
  → 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
2023-09-12 15:00:51 +02:00
Simon Bruder c3365ba881
vueko/mail: Add alias 2023-09-12 15:00:51 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder 09a9037f1c
Revert "Disable systemd-resolved"
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder bc08d06985
renge: Disable netbox
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00
Simon Bruder 94fcee359a
shinobu/router: Reduce semicolon usage
Only use it where it is necessary
2023-09-12 15:00:51 +02:00
Simon Bruder 2dab79f0bc
shinobu/router: Use correct v6 address for vueko
It is not used (yet), therefore it went unnoticed.
2023-09-12 15:00:51 +02:00
Simon Bruder f88669f202
shinobu: Move physically 2023-09-12 15:00:51 +02:00
Simon Bruder 0bcc5d6141
shinobu/router: Switch provider for wg-upstream
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.

However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
2023-09-12 15:00:51 +02:00
Simon Bruder fcbd6806b9
Disable systemd-resolved
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder 926d537986
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 986ad238f8
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 35a65b859a
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder ffb123645d
imprint: Change address 2023-09-12 15:00:50 +02:00
Simon Bruder e217be3fc5
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 8dd64f4209
hitagi: Document front panel swap 2023-08-26 18:11:10 +02:00
Simon Bruder d26d1127bc
hitagi: Update installed RAM in readme 2023-08-26 18:10:28 +02:00
Simon Bruder b44662e3cc
vueko/mail: Add alias 2023-08-24 18:20:36 +02:00
Simon Bruder 2efdce8854
programs: Add gpxsee 2023-08-24 17:45:20 +02:00
Simon Bruder 26e6d05db3
vueko/mail: Add alias 2023-08-24 12:04:36 +02:00
Simon Bruder 98dc82f57b
vueko/mail: Add alias 2023-08-23 17:52:43 +02:00
Simon Bruder adafda75bd
vueko/mail: Add alias 2023-08-23 14:07:33 +02:00
Simon Bruder 2421b6dd4c
vueko/mail: Add alias 2023-08-22 22:22:28 +02:00
Simon Bruder 2f71839f58
vueko/mail: Add alias 2023-08-20 14:04:57 +02:00
Simon Bruder 0d92c932ed
fuuko/photoprism: Make reachable from outside
This is not that good, because if I am at home, I want to have a fast
connection without routing everything through the Internet first. I
currently work around this by using an ssh tunnel for this.
2023-08-19 17:30:52 +02:00
Simon Bruder 6b8931d538
hitagi: Use graphics packages from stable
Otherwise there is an impure version conflict.
2023-08-19 10:49:38 +02:00
Simon Bruder 49149fa1d4
fuuko/photoprism: Init 2023-08-18 22:17:02 +02:00
Simon Bruder 30485e7d70
mailserver: Enable postscreen 2023-08-18 15:15:07 +02:00
Simon Bruder 385cf15e02
renge/invidious: Use new hmac_key setting 2023-08-18 12:02:50 +02:00
Simon Bruder 8d50c9ff10
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27)
  → 'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79' (2023-08-10)
  → 'github:nix-community/home-manager/6a94c1a59737783c282c4031555a289c28b961e4' (2023-08-17)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/c5ac3aa3324bd8aebe8622a3fc92eeb3975d317a' (2023-08-11)
  → 'github:cachix/pre-commit-hooks.nix/7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa' (2023-08-17)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/f61352cf8066ddd3dfe9058e62184bae7382672d' (2023-08-11)
  → 'github:nixos/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/18784aac1013da9b442adf29b6c7c228518b5d3f' (2023-08-10)
  → 'github:nixos/nixpkgs/b30c68669df77d981ce4aefd6b9d378563f6fc4e' (2023-08-16)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10)
  → 'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/5f5d9a3c8bc247eb574823b9f16a79e054dafe73' (2023-08-12)
  → 'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/240472b7e47a641e9e7675f58b64d3626ca7824d' (2023-08-06)
  → 'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
2023-08-18 11:41:26 +02:00
Simon Bruder abcab70626
vueko/mail: Add domain and user 2023-08-17 13:51:45 +02:00
Simon Bruder 795b80e734
vueko/mail: Add alias 2023-08-14 09:51:19 +02:00
Simon Bruder 7f2ed58e19
fuuko: Do DHCP on both interfaces 2023-08-12 15:32:12 +02:00
Simon Bruder 5741591d5f
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/15043a65915bcc16ad207d65b202659e4988066b' (2023-08-04)
  → 'github:nix-community/home-manager/6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79' (2023-08-10)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/ebb43bdacd1af8954d04869c77bc3b61fde515e4' (2023-08-03)
  → 'github:cachix/pre-commit-hooks.nix/c5ac3aa3324bd8aebe8622a3fc92eeb3975d317a' (2023-08-11)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/24f9162b26f0debd163f6d94752aa2acb9db395a' (2023-08-02)
  → 'github:nixos/nixos-hardware/f61352cf8066ddd3dfe9058e62184bae7382672d' (2023-08-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/e9ca92b55bed47696cc7cc25d3f854a1e2e01f86' (2023-08-03)
  → 'github:nixos/nixpkgs/18784aac1013da9b442adf29b6c7c228518b5d3f' (2023-08-10)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/66aedfd010204949cb225cf749be08cb13ce1813' (2023-08-02)
  → 'github:nixos/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c36df4fe4bf4bb87759b1891cab21e7a05219500' (2023-07-24)
  → 'github:Mic92/sops-nix/5f5d9a3c8bc247eb574823b9f16a79e054dafe73' (2023-08-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/ce45b591975d070044ca24e3003c830d26fea1c8' (2023-07-22)
  → 'github:NixOS/nixpkgs/240472b7e47a641e9e7675f58b64d3626ca7824d' (2023-08-06)
2023-08-12 14:00:32 +02:00
Simon Bruder 0bdf13b3bd
renge/netbox: Add plugins 2023-08-12 13:59:03 +02:00
Simon Bruder 6f67715a65
renge/netbox: Init 2023-08-12 11:53:11 +02:00
Simon Bruder 72623c05d2
vueko/mail: Add alias 2023-08-12 10:12:28 +02:00
Simon Bruder 0f6a9a1bee
{renge,vueko}: Use correct IPv6 address 2023-08-12 01:00:37 +02:00
Simon Bruder 1ea28cf4b6
vueko/mail: Add alias 2023-08-10 14:50:10 +02:00
Simon Bruder bb0b66d9c1
fuuko: Add r8169 to initrd modules
This allows unlocking with the onboard NIC.
2023-08-08 15:32:00 +02:00