M-Labs/it-infra
M-Labs
/
it-infra
8
0
Fork 5
Code Issues 10 Pull Requests 2 Releases Wiki Activity
535 Commits 4 Branches 0 Tags 1.5 MiB
Commit Graph

271 Commits

Author SHA1 Message Date
Egor Savkin 6dded5a701 Ip rules instead of iptables tracking 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin 17b21f3801 Apply tested client configuration 
Adds an additional route, but doesn't enforce it so other apps will remain the same, but smtp can use tunnel for sending. Also sends replies through the tunnel if connection arrives on the tunnel.
Better have something tested and working before I start doing "perfect".

Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin dba87d68d3 Use wireguard instead of strongswan since its in the kernel 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin 4966465b1c WIP: Use gre/ipsec instead of proxy 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin a230f3fa68 Use proxychains-ng instead of tsocks 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin c3be96a166 Use tsocks to wrap socks and add sock transport type 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin 3237cfb50f Use wildcard instead of explicit specification 
As in example at https://www.postfix.org/transport.5.html

Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Egor Savkin f0d13c40ba Use postfix options for routing mails through ssh tunnel 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-09-13 16:47:43 +08:00
Sébastien Bourdeauducq 4a288abe2b nixbld: keep automatic flarum DB migrations 2024-09-10 17:12:44 +08:00
Sébastien Bourdeauducq 635f90f0c7 nixbld/flarum: use nix 2024-08-31 17:27:16 +08:00
Sébastien Bourdeauducq 8a187ba5b9 nixbld: SIT can take larger packets 2024-08-29 18:55:52 +08:00
Sébastien Bourdeauducq 9383227c5b nixbld: consistent netif variables 2024-08-29 18:53:33 +08:00
Sébastien Bourdeauducq 233998b8f3 nixbld: work around tunnel bring-up race condition 2024-08-29 18:40:17 +08:00
Sébastien Bourdeauducq 90a6b84c09 nixbld: work around tunnel TCPMSS issues 2024-08-29 18:39:52 +08:00
Sébastien Bourdeauducq 23e1fa029a nixbld: upgrade postgresql 2024-08-25 11:06:19 +08:00
Egor Savkin 75035b387e Skip SPF for mails originating from intl 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2024-08-20 10:59:27 +08:00
Sébastien Bourdeauducq 6dc8214102 nixbld/backup: include gitea DB dump 2024-08-17 18:26:46 +08:00
Sébastien Bourdeauducq a6b216bb87 nixbld/gitea: move to postgresql 2024-08-17 18:18:56 +08:00
Sébastien Bourdeauducq 6e21a95ba8 nixbld/named: add qnetp slave DNS for m-labs-intl.com 2024-08-15 19:52:42 +08:00
Sébastien Bourdeauducq d08186a27a nixbld/named: enable CAA for m-labs-intl.com 2024-08-14 11:52:25 +08:00
Sébastien Bourdeauducq 5d132565e6 nixbld/named: add hooks.m-labs-intl.com 2024-08-14 11:42:38 +08:00
Sébastien Bourdeauducq 97ca7ea3ce nixbld: mail setup for m-labs-intl.com WIP 2024-08-14 11:38:19 +08:00
Sébastien Bourdeauducq e24c167f8b Revert "nixbld: block SAP spam" 
Option seems to have no effect.

This reverts commit b769b47075.
 2024-08-14 10:58:49 +08:00
Egor Savkin 18194be5c3 nixbld: deploy web2019 to the intl domain 
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
 2024-08-14 10:54:52 +08:00
Sébastien Bourdeauducq 7781d6236e nixbld/rt: disable TCP 2024-08-11 12:19:15 +08:00
Sébastien Bourdeauducq 93e19c74e9 nixbld/rt: use psql peer authentication 2024-08-11 12:12:28 +08:00
Sébastien Bourdeauducq 4ccab3cf2b nixbld: remove outdated DNS records 2024-08-05 19:13:34 +08:00
Sebastien Bourdeauducq 69fe8c9866 nixbld: add flo user 2024-08-01 07:32:11 +08:00
Sebastien Bourdeauducq b769b47075 nixbld: block SAP spam 2024-07-02 09:56:02 +02:00
Sébastien Bourdeauducq 872dcaa6bc nixbld: serve m-labs-intl.com domain 2024-06-06 17:29:07 +08:00
Sébastien Bourdeauducq ca895df9f3 nixbld: switch to gitea built-in SSH server 2024-06-06 16:27:39 +08:00
Sébastien Bourdeauducq 4e6686dbe9 nixbld: fix gitea emails 2024-06-06 13:52:35 +08:00
Sébastien Bourdeauducq f973d2969a nixbld: fix gitea emails 2024-06-05 11:23:24 +08:00
Sebastien Bourdeauducq 18a41e1c88 nixbld: work around for hydra input issues in restricted mode 2024-06-03 22:39:00 +08:00
Sébastien Bourdeauducq f07b292d3b nixbld: disallow user SSH keys 2024-06-02 14:10:10 +08:00
Sébastien Bourdeauducq bd6c61094f nixbld: update letsencrypt CAA URI 
https://github.com/NixOS/nixpkgs/issues/316608
 2024-06-02 13:50:48 +08:00
Sébastien Bourdeauducq cc0bf224df nixbld: install mpd 2024-06-02 13:50:24 +08:00
Sébastien Bourdeauducq 41aeae7b2d nixbld: update simple-nixos-mailserver 2024-06-02 12:59:47 +08:00
Sébastien Bourdeauducq 1eac9d249d nixbld: nixos 24.05 2024-06-02 12:52:17 +08:00
Sébastien Bourdeauducq c3d9b9a7a1 nixbld: small cleanup 2024-06-02 12:52:01 +08:00
Sebastien Bourdeauducq a22e270ac8 nixbld: replace deprecated gitea mailer setting 2024-05-28 11:44:55 +08:00
Sebastien Bourdeauducq 55cfda91e0 nixbld: fix nextcloud logging 2024-05-24 09:58:19 +08:00
Sebastien Bourdeauducq 543e9468cc nixbld: fix nextcloud opcache warning 2024-05-24 09:49:17 +08:00
Sebastien Bourdeauducq 6487eab3c7 nixbld: update nextcloud 2024-05-23 22:58:39 +08:00
Sebastien Bourdeauducq 96f7264258 nixbld: enable audio 2024-05-23 22:21:10 +08:00
Sebastien Bourdeauducq 6018eca294 nixbld: enable SSH X11 forwarding 2024-05-23 22:20:56 +08:00
Sébastien Bourdeauducq 4c7f35bc75 nixbld: allow routing between wifi and LAN 2024-05-06 10:57:33 +08:00
Sébastien Bourdeauducq 2cd3ae1337 nixbld: fix routing policy for wifi 2024-05-06 10:57:11 +08:00
Sébastien Bourdeauducq 7f1972fc9d nixbld: add backup IP to DNS 2024-05-06 10:44:54 +08:00
Sébastien Bourdeauducq 5729c4998a nixbld: add backup internet connection 2024-05-06 10:32:10 +08:00