Commit graph

436 commits

Author SHA1 Message Date
Simon Bruder f7fe754a1b
wireguard/he: Correctly route outgoing packets
This previously made yuzuru unreachable over IPv6.
2024-12-11 18:40:44 +01:00
Simon Bruder 83b12e1977
nginx: Lower default error log severity 2024-10-12 12:32:37 +02:00
Simon Bruder 7b7b4fb0ee
cups: Statically add bro
Dynamic resolution often fails or at least takes a long time (for
reasons I can’t comprehend).
2024-10-08 22:31:55 +02:00
Simon Bruder 33436773a4
restic: Lower backblaze mirror interval 2024-09-08 13:30:27 +02:00
Simon Bruder aa0d1752f6
Add local mail service 2024-09-08 13:30:24 +02:00
Simon Bruder 3e88ea9241
mailserver: Allow restricting users to local domains 2024-09-08 13:30:24 +02:00
Simon Bruder cce1211048
restic: Add mirror to backblaze 2024-09-08 13:30:22 +02:00
Simon Bruder 959f7be3d0
Connect home network with IPv6 addresses
It adds a bit of latency (and is definitely not the best solution in
theory), but finally allows dropping IPv6 NAT and it works within the
constraits my home network has to live in.
2024-09-08 13:30:18 +02:00
Simon Bruder 5693e6b75d
restic/vm-image: Init 2024-08-27 01:38:49 +02:00
Simon Bruder 50823a746e
restic: Prepare for additional backups 2024-08-27 01:38:48 +02:00
Simon Bruder d03e463a3a
restic/system: Fix QoS enabling logic 2024-08-27 01:38:46 +02:00
Simon Bruder b0898643fb
vueko: Remove outdated TODO/FIXME comments 2024-08-27 01:38:45 +02:00
Simon Bruder 300327d3b5
koyomi: Reinstall on AX41-NVMe 2024-08-27 01:38:44 +02:00
Simon Bruder 79707438c2
pubkeys: Remove legacy keys 2024-08-21 01:30:23 +02:00
Simon Bruder f97c81ce2c
ssh: Add ci-runner 2024-08-21 01:30:22 +02:00
Simon Bruder 134d58a3c7
hiroshi: Init 2024-08-21 01:30:21 +02:00
Simon Bruder b418a56e09
koyomi/haproxy: Init 2024-08-20 12:08:22 +02:00
Simon Bruder d7600be2e3
smartctl_exporter: Fix guard 2024-07-19 15:32:21 +02:00
Simon Bruder 7d23321c0f
cups: Restructure to include SII SLP 650 2024-07-19 11:36:06 +02:00
Simon Bruder 2d70ccbdb3
podman: Add passt
It (or rather pasta) is required by buildah.
2024-06-20 11:31:44 +02:00
Simon Bruder 7a136f4eb7
fixup! nix: Update global nixpkgs definition 2024-06-15 17:17:23 +02:00
Simon Bruder 2d7305d199
mullvad: Drop 2024-06-02 14:38:40 +02:00
Simon Bruder 3884dd4a5e
fonts: Update Iosevka option names 2024-06-02 14:35:36 +02:00
Simon Bruder 68daaf3cd4
mailserver/postfix: Drop deprecated dhparam option 2024-06-02 14:35:34 +02:00
Simon Bruder 4ed5738a78
mailserver/dovecot: Use nixpkgs sieve options 2024-06-02 14:35:33 +02:00
Simon Bruder f103c17a62
Add want to units ordered after network-online.target 2024-06-02 14:35:28 +02:00
Simon Bruder 360f7de65d
nix: Update global nixpkgs definition
Nixpkgs 24.05 now sets a registry entry and NIX_PATH by default.
2024-06-02 14:35:22 +02:00
Simon Bruder ecc2065201
smartctl_exporter: Add 2024-06-01 13:58:01 +02:00
Simon Bruder ef488cdfd9
koyomi: Init 2024-06-01 13:57:58 +02:00
Simon Bruder 14aa3e8d5e
Disable nano
I did not know that it was actually enabled on every system. This commit
replaces it with vim.
2024-06-01 13:57:51 +02:00
Simon Bruder 421beb7ea4
tools: Add nvme-cli 2024-06-01 13:57:46 +02:00
Simon Bruder de3e4ad1bd
Only enable fwupd on EFI systems 2024-06-01 13:57:45 +02:00
Simon Bruder 76e1ec00af
Migrate docker module to podman
This also enables podman on mayushii.
2024-06-01 13:57:44 +02:00
Simon Bruder 5e122fcef7
Do not use gpg-agent for ssh on headless systems 2024-06-01 13:57:37 +02:00
Simon Bruder d93d724b9f
okarin: Migrate to different VPS
Previously, it was hosted on Ionos’s VMware-based infrastructure. I
already had a VPS on their new KVM-based infrastructure, as I was
planning to migrate okarin to it eventually (as it is cheaper). However,
the new infrastructure does not offer PTR records for IPv6 addresses.
Therefore, I was waiting until they would implement that feature (as the
support promised me they would to in the near future).

However, they are now migrating the (at least my) guests from their
VMware hypervisors onto the KVM ones, assigning new IPv6 addresses to
them. This makes the old VPS essentially the same as the old one, but
with less memory and more expensive. So I decided to migrate now.
2024-06-01 13:57:33 +02:00
Simon Bruder b60dbcada1
tools: Fix reptyr build in qemu-user-aarch64
This was already fixed in NixOS unstable:
https://github.com/NixOS/nixpkgs/pull/292342
2024-06-01 13:54:20 +02:00
Simon Bruder 11609eb96f
authoritative-dns: Drop INWX secondaries 2024-06-01 13:54:04 +02:00
Simon Bruder 8f1d0a149c
node_exporter: Disable ARP netlink collector
It currently fails (logging an error message on every scrape). This
disables the netlink collector, making it fall back to reading ARP
entries from /proc/net/arp.
2024-02-24 20:52:38 +01:00
Simon Bruder a9f86e7ced
Fix resolving FQDN when resolved is enabled 2024-02-24 19:21:56 +01:00
Simon Bruder 3816e6fc5d
authoritative-dns: Add renge, yuzuru to secondaries 2024-02-24 13:22:17 +01:00
Simon Bruder 5375a858bd
Replace steam with flatpak
I am no longer willing to accept hours upon hours of debugging just to
get the client to work. I don’t get why they would ship a 32-bit GTK2
executable that uses CEF with its sandbox disabled in 2024. Obviously,
this makes debugging quite hard as things don’t work well, even when
they work. This leaves red herrings everywhere (“Is this segfault a
symptom of the issue I’m facing or is that also happening to other users
where it works fine?”).

Flatpak also seems to have quite good sandboxing features when Flatseal
is used for every application to take away any unnecessary permissions.
2024-02-23 19:21:11 +01:00
Simon Bruder 7f8859f85b
mailserver/postfix: Update copyright year
This was forgotten in c944812a68 and
242a2315be.
2024-02-15 13:10:42 +01:00
Simon Bruder 242a2315be
mailserver: Disallow requesting DSN over SMTP
This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
2024-02-03 01:15:17 +01:00
Simon Bruder c944812a68
mailserver: Extend Received header with TLS info 2024-02-03 00:12:05 +01:00
Simon Bruder 9caef40c21
wkd: Init 2024-01-27 17:22:53 +01:00
Simon Bruder e600e15141
nitrokey: Only enable on bare metal 2024-01-22 17:31:57 +01:00
Simon Bruder 04c7bc089f
nitrokey: Force learn keys from card on plug
This allows the signing key to be shared among multiple nitrokeys.
2024-01-22 17:31:56 +01:00
Simon Bruder 04a0a6e5ff
nitrokey: Fix module
For some reason, using the // atribute set merge operator does not work
here.
2024-01-22 17:31:54 +01:00
Simon Bruder 54218c7278
Use Nitrokey as PGP smartcard 2024-01-22 17:31:53 +01:00
Simon Bruder 226ce5035e
qbittorrent/exporter: Expose source code 2024-01-22 17:31:50 +01:00