Egor Savkin
6382326316
Use IPv6 for WG transport to decrease latency by 20%
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 15:06:34 +08:00
Egor Savkin
2f1c11d779
Ip rules instead of iptables tracking
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-11 11:28:03 +08:00
Egor Savkin
5e13fc0bc2
Apply tested client configuration
...
Adds an additional route, but doesn't enforce it so other apps will remain the same, but smtp can use tunnel for sending. Also sends replies through the tunnel if connection arrives on the tunnel.
Better have something tested and working before I start doing "perfect".
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-11 11:04:36 +08:00
Egor Savkin
4ae7af98b2
Use wireguard instead of strongswan since its in the kernel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-09 15:12:34 +08:00
Egor Savkin
ebe55e2fa6
WIP: Use gre/ipsec instead of proxy
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-06 17:31:17 +08:00
Egor Savkin
a6f30cff27
Use proxychains-ng instead of tsocks
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-03 17:11:24 +08:00
Egor Savkin
f083672e66
Use tsocks to wrap socks and add sock transport type
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-03 17:11:24 +08:00
Egor Savkin
f46adfd8d3
Use wildcard instead of explicit specification
...
As in example at https://www.postfix.org/transport.5.html
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-03 17:11:24 +08:00
Egor Savkin
694d908339
Use postfix options for routing mails through ssh tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-03 17:11:24 +08:00
Sébastien Bourdeauducq
635f90f0c7
nixbld/flarum: use nix
2024-08-31 17:27:16 +08:00
Sébastien Bourdeauducq
8a187ba5b9
nixbld: SIT can take larger packets
2024-08-29 18:55:52 +08:00
Sébastien Bourdeauducq
9383227c5b
nixbld: consistent netif variables
2024-08-29 18:53:33 +08:00
Sébastien Bourdeauducq
233998b8f3
nixbld: work around tunnel bring-up race condition
2024-08-29 18:40:17 +08:00
Sébastien Bourdeauducq
90a6b84c09
nixbld: work around tunnel TCPMSS issues
2024-08-29 18:39:52 +08:00
Sébastien Bourdeauducq
23e1fa029a
nixbld: upgrade postgresql
2024-08-25 11:06:19 +08:00
Egor Savkin
75035b387e
Skip SPF for mails originating from intl
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-08-20 10:59:27 +08:00
Sébastien Bourdeauducq
4f48ea611a
nixops: remove wanglm user
2024-08-19 11:18:06 +08:00
Sébastien Bourdeauducq
6dc8214102
nixbld/backup: include gitea DB dump
2024-08-17 18:26:46 +08:00
Sébastien Bourdeauducq
a6b216bb87
nixbld/gitea: move to postgresql
2024-08-17 18:18:56 +08:00
Sébastien Bourdeauducq
6e21a95ba8
nixbld/named: add qnetp slave DNS for m-labs-intl.com
2024-08-15 19:52:42 +08:00
Sébastien Bourdeauducq
d08186a27a
nixbld/named: enable CAA for m-labs-intl.com
2024-08-14 11:52:25 +08:00
Sébastien Bourdeauducq
5d132565e6
nixbld/named: add hooks.m-labs-intl.com
2024-08-14 11:42:38 +08:00
Sébastien Bourdeauducq
97ca7ea3ce
nixbld: mail setup for m-labs-intl.com WIP
2024-08-14 11:38:19 +08:00
Sébastien Bourdeauducq
e24c167f8b
Revert "nixbld: block SAP spam"
...
Option seems to have no effect.
This reverts commit b769b47075
.
2024-08-14 10:58:49 +08:00
Egor Savkin
18194be5c3
nixbld: deploy web2019 to the intl domain
...
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-08-14 10:54:52 +08:00
Sébastien Bourdeauducq
7781d6236e
nixbld/rt: disable TCP
2024-08-11 12:19:15 +08:00
Sébastien Bourdeauducq
93e19c74e9
nixbld/rt: use psql peer authentication
2024-08-11 12:12:28 +08:00
Sébastien Bourdeauducq
4ccab3cf2b
nixbld: remove outdated DNS records
2024-08-05 19:13:34 +08:00
Sebastien Bourdeauducq
69fe8c9866
nixbld: add flo user
2024-08-01 07:32:11 +08:00
Sebastien Bourdeauducq
b769b47075
nixbld: block SAP spam
2024-07-02 09:56:02 +02:00
Sébastien Bourdeauducq
f0668fa5b7
juno: mobo swap
2024-06-27 14:20:30 +08:00
Sébastien Bourdeauducq
8422d16978
nixops: add new DSLogic USB ID
2024-06-26 13:29:20 +08:00
Sébastien Bourdeauducq
872dcaa6bc
nixbld: serve m-labs-intl.com domain
2024-06-06 17:29:07 +08:00
Sébastien Bourdeauducq
ca895df9f3
nixbld: switch to gitea built-in SSH server
2024-06-06 16:27:39 +08:00
Sébastien Bourdeauducq
4e6686dbe9
nixbld: fix gitea emails
2024-06-06 13:52:35 +08:00
Sébastien Bourdeauducq
f973d2969a
nixbld: fix gitea emails
2024-06-05 11:23:24 +08:00
Sebastien Bourdeauducq
18a41e1c88
nixbld: work around for hydra input issues in restricted mode
2024-06-03 22:39:00 +08:00
Sébastien Bourdeauducq
f49a0f825e
nixops: typo
2024-06-02 20:29:37 +08:00
Sébastien Bourdeauducq
6c3a89df02
nixops: update wanglm key
2024-06-02 20:24:25 +08:00
Sébastien Bourdeauducq
bbc4d663a9
nixops: add new machines
2024-06-02 17:55:40 +08:00
Sébastien Bourdeauducq
adad8e9894
nixops: add new users
2024-06-02 17:55:19 +08:00
Sébastien Bourdeauducq
f07b292d3b
nixbld: disallow user SSH keys
2024-06-02 14:10:10 +08:00
Sébastien Bourdeauducq
d91ff8300d
nixops: disallow user SSH keys
2024-06-02 14:04:02 +08:00
Sébastien Bourdeauducq
bd6c61094f
nixbld: update letsencrypt CAA URI
...
https://github.com/NixOS/nixpkgs/issues/316608
2024-06-02 13:50:48 +08:00
Sébastien Bourdeauducq
cc0bf224df
nixbld: install mpd
2024-06-02 13:50:24 +08:00
Sébastien Bourdeauducq
41aeae7b2d
nixbld: update simple-nixos-mailserver
2024-06-02 12:59:47 +08:00
Sébastien Bourdeauducq
1eac9d249d
nixbld: nixos 24.05
2024-06-02 12:52:17 +08:00
Sébastien Bourdeauducq
c3d9b9a7a1
nixbld: small cleanup
2024-06-02 12:52:01 +08:00
Sébastien Bourdeauducq
b6263c7dd9
nixops: fix /boot mount options
2024-05-30 18:43:54 +08:00
Sébastien Bourdeauducq
2446d0c946
nixops: mount /opt on rc
2024-05-30 18:41:43 +08:00