Commit graph

1550 commits

Author SHA1 Message Date
Simon Bruder c0eae808b7
mail: Remove old configuration
I use the new imperative configuration for quite some time and don’t
think I will go back to aerc.
2023-10-08 16:45:14 +02:00
Simon Bruder 816004e80b
restic: Use QoS instead of uploadLimit
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.

The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder afc9013506
shinobu/router: Implement QoS using HTB
This is an initial implementation and probably still needs tuning.
2023-10-07 22:49:26 +02:00
Simon Bruder 91eb90e9c3
Enable nftables by default 2023-10-07 13:50:18 +02:00
Simon Bruder 4eeae2c1b5
vueko/mail: Add alias 2023-10-07 01:18:48 +02:00
Simon Bruder 3e1cd23aea
tools: Use bandwhich from unstable 2023-10-04 23:42:01 +02:00
Simon Bruder 7b836dd65b
Drastically lower restic upload limit
Welcome in the year 2023, where it apparently is acceptable to offer
internet connectivity with not even 5 Mbit/s upload speed.
2023-10-04 23:42:00 +02:00
Simon Bruder 16c0472bb0
nazuna: Enable torrent 2023-10-04 23:19:44 +02:00
Simon Bruder 3a12a3f53a
qbittorrent: Avoid using nscd 2023-10-04 23:19:44 +02:00
Simon Bruder 7fc8a4694c
nazuna: Init 2023-10-04 23:19:44 +02:00
Simon Bruder 70ee0e1d59
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder 4ea0cc32ba
mpd: Add listenbrainz-content-resolver 2023-10-04 23:19:44 +02:00
Simon Bruder b79a088479
vueko/mail: Add alias 2023-10-04 23:19:44 +02:00
Simon Bruder c229c14d4b
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
  → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
  → 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
  → 'github:nix-community/home-manager/4f02e35f9d150573e1a710afa338846c2f6d850c' (2023-09-29)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
  → 'github:cachix/pre-commit-hooks.nix/cb770e93516a1609652fa8e945a0f310e98f10c0' (2023-09-24)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
  → 'github:nixos/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
  → 'github:nixos/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
  → 'github:nixos/nixpkgs/8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2' (2023-09-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
  → 'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
  → 'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
2023-10-04 23:19:44 +02:00
Simon Bruder 3d880316de
shinobu/router: Disable wg-upstream
This only complicates many things and creates too much overhead on such
a slow connection.
2023-10-04 23:19:44 +02:00
Simon Bruder 642fea6b8e
shinobu/router: Route select protocols directly 2023-10-04 23:19:44 +02:00
Simon Bruder 7a7b385b44
shinobu/router: Change nft variable source 2023-10-04 23:19:44 +02:00
Simon Bruder f6694ebb8c
qutebrowser: Do not use fake user agent
C(R)APTCHA services do not like this.
2023-10-04 23:19:44 +02:00
Simon Bruder 8ecf4ecbfd
shinobu/router: Split configuration 2023-10-04 23:19:43 +02:00
Simon Bruder c48d626c68
neovim: Add nftables highlighting 2023-09-24 14:42:31 +02:00
Simon Bruder c0ab0c6977
vueko/mail: Add alias 2023-09-22 22:37:49 +02:00
Simon Bruder 257b000e24
shinobu/router: Add ethtool 2023-09-21 21:11:22 +02:00
Simon Bruder 8a1724fe43
shinobu/router: Clean up nftables rules 2023-09-21 12:59:12 +02:00
Simon Bruder 9c42cb0903
shinobu/router: Fix VPN bypass
This now actually works and I have a better understanding of nftables.
Some of my learnings are documented as comments in the rules.
2023-09-21 12:56:36 +02:00
Simon Bruder caac620ea6
shinobu/router: Add tracing infrastructure 2023-09-21 12:44:27 +02:00
Simon Bruder 1c24743911
shinobu/router: Fix naming of subnets in rules
This has no practical effect, but did cause confusion.
2023-09-21 11:31:00 +02:00
Simon Bruder a39a2ba616
nix: Make nix-shell not fail on non-krops machines
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder b10b83c207
shinobu/router: Use dns over https
For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00
Simon Bruder f1c70dce99
Revert "shinobu/router: Switch provider for wg-upstream"
This reverts commit 0bcc5d6141.

This leaves MSS clamping in place.
2023-09-19 12:23:38 +02:00
Simon Bruder 287560e0fa
mpd: Add listenbrainz submitting 2023-09-19 12:23:38 +02:00
Simon Bruder c7895e8427
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
  → 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15)
  → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6a94c1a59737783c282c4031555a289c28b961e4' (2023-08-17)
  → 'github:nix-community/home-manager/5171f5ef654425e09d9c2100f856d887da595437' (2023-09-11)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa' (2023-08-17)
  → 'github:cachix/pre-commit-hooks.nix/4f883a76282bc28eb952570afc3d8a1bf6f481d7' (2023-09-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12)
  → 'github:nixos/nixos-hardware/ca41b8a227dd235b1b308217f116c7e6e84ad779' (2023-09-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b30c68669df77d981ce4aefd6b9d378563f6fc4e' (2023-08-16)
  → 'github:nixos/nixpkgs/9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a' (2023-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
  → 'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
  → 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
  → 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
2023-09-12 15:00:51 +02:00
Simon Bruder c3365ba881
vueko/mail: Add alias 2023-09-12 15:00:51 +02:00
Simon Bruder aa85febe12
shinobu/router: Fix IPv6 networking
Previously, I did not have IPv6 upstream, so even a wrong configuration
worked. Now it uses a different routing table for IPv4 and IPv6, so it
also works on dual-stack upstreams.

However, how it worked without IPv6 forwarding enabled, is still a
mystery to me.
2023-09-12 15:00:51 +02:00
Simon Bruder 09a9037f1c
Revert "Disable systemd-resolved"
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder bc08d06985
renge: Disable netbox
I don’t depend on it (yet) and lately, renge often runs out of memory
during backups.
2023-09-12 15:00:51 +02:00
Simon Bruder e7d740f03c
shinobu/router: Restrict wan 2023-09-12 15:00:51 +02:00
Simon Bruder 94fcee359a
shinobu/router: Reduce semicolon usage
Only use it where it is necessary
2023-09-12 15:00:51 +02:00
Simon Bruder 2dab79f0bc
shinobu/router: Use correct v6 address for vueko
It is not used (yet), therefore it went unnoticed.
2023-09-12 15:00:51 +02:00
Simon Bruder f88669f202
shinobu: Move physically 2023-09-12 15:00:51 +02:00
Simon Bruder 0bcc5d6141
shinobu/router: Switch provider for wg-upstream
The old provider was doing weird stuff with DNS that I wasn’t able to
debug well.

However, apparently, the old provider did MSS clamping on their side.
Therefore, it is now required that I do this on my side.
2023-09-12 15:00:51 +02:00
Simon Bruder fcbd6806b9
Disable systemd-resolved
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder 926d537986
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 986ad238f8
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 35a65b859a
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder ffb123645d
imprint: Change address 2023-09-12 15:00:50 +02:00
Simon Bruder e217be3fc5
vueko/mail: Add alias 2023-09-12 15:00:50 +02:00
Simon Bruder 8dd64f4209
hitagi: Document front panel swap 2023-08-26 18:11:10 +02:00
Simon Bruder d26d1127bc
hitagi: Update installed RAM in readme 2023-08-26 18:10:28 +02:00
Simon Bruder b44662e3cc
vueko/mail: Add alias 2023-08-24 18:20:36 +02:00
Simon Bruder 2efdce8854
programs: Add gpxsee 2023-08-24 17:45:20 +02:00