Commit Graph

291 Commits

Author SHA1 Message Date
Sebastien Bourdeauducq 4c9d96dae3 nixbld: add HP printer to firewall blocklist 2023-08-08 19:02:59 +08:00
Sebastien Bourdeauducq 9ebdb06699 nixbld: add dpn user 2023-08-04 19:45:44 +08:00
Sebastien Bourdeauducq 98072481e7 nixbld: add atse.alt.m-labs.hk 2023-08-04 17:11:36 +08:00
Sebastien Bourdeauducq c89551c610 nixbld: open strongswan ports 2023-07-15 14:23:06 +08:00
Sebastien Bourdeauducq 6ec5e436a2 nixbld: fix altnet routing 2023-07-13 18:25:05 +08:00
Sebastien Bourdeauducq 39a6ea69f6 nixbld: altnet setup 2023-07-13 13:56:10 +08:00
Sebastien Bourdeauducq c2c7e67549 nixbld: block zyxel cloud switch 2023-07-13 09:35:32 +08:00
Sebastien Bourdeauducq 4c62ba7f9d nixbld: block hikvision device 2023-07-12 17:41:05 +08:00
Sebastien Bourdeauducq 257c2dc432 nixbld: fix mysql backup auth 2023-07-07 17:29:24 +08:00
Sebastien Bourdeauducq e2c2dbbeeb nixbld: autostart iPXE HTTP boot 2023-07-02 16:31:25 +08:00
Sebastien Bourdeauducq a9ee77b9e8 nixbld: serve iPXE on LAN 2023-07-02 16:15:24 +08:00
Sebastien Bourdeauducq dbd20c6418 nixbld: update simple-nixos-mailserver 2023-06-13 10:54:20 +08:00
Sebastien Bourdeauducq 2227e816bc nixbld: update dnsmasq settings 2023-06-04 22:40:14 +08:00
Sebastien Bourdeauducq 6b35c751d8 nixbld: NixOS 23.05 compatibility 2023-06-02 17:36:05 +08:00
Sebastien Bourdeauducq d21c31aae5 nixbld: add esavkin to lp group 2023-05-31 18:11:18 +08:00
Sebastien Bourdeauducq f5837877d2 nixbld: increase nextcloud max upload size 2023-05-30 21:34:36 +08:00
Sebastien Bourdeauducq 77ba57e8fa disable X11 forwarding (replaced with waypipe) 2023-05-24 12:45:34 +08:00
Sebastien Bourdeauducq 5223d9fd89 afws: move more code into module file, use new reload mechanism 2023-04-08 17:49:03 +08:00
Sebastien Bourdeauducq 0640cfad04 nixbld: increase AFWS WebSocket timeout 2023-04-07 16:02:07 +08:00
Sebastien Bourdeauducq 6c6f11ed7d nixbld: set up ACME certificate for AFWS 2023-04-07 14:39:05 +08:00
Sebastien Bourdeauducq 0442916420 nixbld: afws websocket proxy settings 2023-04-05 13:37:35 +08:00
Sebastien Bourdeauducq c8c38f79c0 nixbld: set recommendedTlsSettings 2023-04-05 13:37:11 +08:00
Sebastien Bourdeauducq b7d9df794e nixbld: close legacy firewall ports 2023-04-05 12:42:42 +08:00
Sebastien Bourdeauducq 6d31b77f0e add .ph site 2023-03-23 15:22:25 +08:00
Sebastien Bourdeauducq ff37c5949e nixbld: add esavkin 2023-03-03 18:29:45 +08:00
Sebastien Bourdeauducq 8ea7b06218 remove therobs12 user 2023-02-16 11:55:29 +08:00
Sebastien Bourdeauducq c9f774d011 nixbld: install labelprinter 2023-02-10 18:26:12 +08:00
Sebastien Bourdeauducq 9babd68652 nixbld: give backupdl access to nextcloud 2023-01-31 15:41:15 +08:00
Sebastien Bourdeauducq b3f5f687aa nixbld: cleanup backupdl keys 2023-01-30 16:14:12 +08:00
Sebastien Bourdeauducq af27584100 nixbld: remove topquark12 user 2023-01-30 16:12:13 +08:00
Sebastien Bourdeauducq 4c7a2dfce3 nixbld: label printer permissions 2023-01-30 16:12:00 +08:00
Sebastien Bourdeauducq 30fa569bdc nixbld: block more insecure devices 2023-01-30 16:08:27 +08:00
Sebastien Bourdeauducq 9dee7c1888 nixbld: update backupdl key 2023-01-29 20:19:05 +08:00
Sebastien Bourdeauducq 0faa05aec3 nixbld: add back qnetp DNS 2023-01-29 18:29:16 +08:00
Sebastien Bourdeauducq 21a7d1c36e nixbld: update LAN AAAA records 2023-01-29 18:01:31 +08:00
Sebastien Bourdeauducq faff3a5eef nixbld: relocation 2023-01-29 12:11:31 +08:00
Sebastien Bourdeauducq 3210289ebf fix *.mil DNS lookups 2023-01-28 09:54:13 +08:00
Sebastien Bourdeauducq dd0ebf1c47 nixbld: move to he.net DNS 2023-01-27 14:48:14 +08:00
Sebastien Bourdeauducq 2c770e9929 nixbld: better workaround against crappy registrar without glue records
PCCW's static.imsbiz.com is wonky and not always available for all IPs, so stop using it.
2023-01-16 16:07:58 +08:00
Sebastien Bourdeauducq fb54880765 nixbld: start rt-fetchmail after dovecot 2023-01-04 11:54:30 +08:00
Sebastien Bourdeauducq ea0b7d6dc7 nixbld: enable POP3 2022-12-25 11:07:02 +08:00
Sebastien Bourdeauducq 3b224c56aa nixbld: ignore local IP for fail2ban 2022-12-24 15:42:35 +08:00
Sebastien Bourdeauducq 162ad28a52 hydra: allow eval from duke gitlab 2022-12-17 14:58:35 +08:00
Sebastien Bourdeauducq dbc9f4c68d remote setup 2022-12-10 19:17:22 +08:00
Sebastien Bourdeauducq 15d99bc68b nixbld: persist DNSSEC private key
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
Sebastien Bourdeauducq 70a7ce5d30 nixbld: remove obsolete ssh key 2022-12-03 17:14:23 +08:00
Sebastien Bourdeauducq 2af492e37e nixbld: NixOS 22.11 2022-12-03 16:29:32 +08:00
Sebastien Bourdeauducq 88dd1a5fc4 nixbld: update therobs shell 2022-11-11 17:58:10 +08:00
Sebastien Bourdeauducq cecda7e28b nixbld: update users 2022-11-11 17:46:10 +08:00
Sebastien Bourdeauducq 2d9b7767a6 nixbld: enable aarch64-linux binfmt emulation 2022-11-09 21:14:11 +08:00
Sebastien Bourdeauducq fb745a11e3 nixbld: new msys2 repos 2022-11-03 19:09:35 +08:00
Sebastien Bourdeauducq 0c8019516d nixbld: fix bind DNSSEC configuration for new version
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
Sebastien Bourdeauducq d2bfca1f25 nixbld: serve nmigen docs 2022-09-27 11:07:13 +08:00
Sebastien Bourdeauducq 9bc617a019 nixbld: fix munin auth 2022-09-23 11:00:49 +08:00
Sebastien Bourdeauducq 4b23f8d66f nixbld: update DNS zone 2022-09-23 10:58:41 +08:00
Sebastien Bourdeauducq e2e4b0842a nixbld: add yuk account 2022-09-21 10:12:25 +08:00
Sebastien Bourdeauducq 382c8bfaab nixbld: add aux key for backupdl 2022-09-17 19:19:00 +08:00
Sebastien Bourdeauducq ac022776e7 nixbld: SSH reverse proxy setup 2022-09-17 19:13:54 +08:00
Sebastien Bourdeauducq e9b02d0c72 nixbld: disable kk105 account 2022-09-13 08:50:16 +08:00
Sebastien Bourdeauducq cd215e9e66 nixbld: backup hedgedoc 2022-09-02 18:10:17 +08:00
Sebastien Bourdeauducq 663e030aa8 nixbld: update named zone serial 2022-09-01 11:39:56 +08:00
Sebastien Bourdeauducq 365ec54358 nixbld: install hedgedoc 2022-09-01 11:39:47 +08:00
Sebastien Bourdeauducq 20175f7bc0 nixbld: rfc2181 forbids mx cname 2022-09-01 10:55:31 +08:00
Sebastien Bourdeauducq dc8db5fbee rfq: do not write email password to the Nix store 2022-08-13 11:43:01 +08:00
Sebastien Bourdeauducq dc08412ba2 update email settings 2022-08-13 11:22:01 +08:00
Sebastien Bourdeauducq 13bfee7be2 switch email server 2022-08-13 10:25:53 +08:00
Sebastien Bourdeauducq a517d429ab work around Google DNS geolocation fuckup 2022-08-12 18:37:42 +08:00
Sebastien Bourdeauducq 7dc4866314 nixbld: more email setup 2022-08-09 17:45:26 +08:00
Sebastien Bourdeauducq 5f7cb6113e nixbld: block siglent internet 2022-08-03 12:52:26 +08:00
Sebastien Bourdeauducq a147bb3883 nixbld: add topquark12 2022-07-31 19:40:45 +08:00
Sebastien Bourdeauducq 80ee7911cd nixbld: disable jitsi
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
Sebastien Bourdeauducq 66d7dd6efe nixbld: enable more fail2ban filters 2022-07-25 18:33:24 +08:00
Sebastien Bourdeauducq 93a40ea87d nixbld: reduce gitea spamminess 2022-07-25 18:33:08 +08:00
Sebastien Bourdeauducq e5250c88fb nixbld: web/hydra setup for flakes in ARTIQ stable 2022-07-08 19:00:38 +08:00
Sebastien Bourdeauducq 048863593a nixbld: remove obsolete ACME workaround 2022-07-04 16:22:40 +08:00
Sebastien Bourdeauducq 328a85c504 nixbld: install nextcloud 2022-06-30 17:33:09 +08:00
Sebastien Bourdeauducq 3ef19cbe93 nixbld: m-labs.hk DNS zone 2022-06-28 14:44:14 +08:00
Sebastien Bourdeauducq 6333165321 nixbld: setup email server for m-labs.hk 2022-06-27 18:17:30 +08:00
Sebastien Bourdeauducq 8bc44199fc nixbld: make bind CLI tools available 2022-06-27 18:16:38 +08:00
Sebastien Bourdeauducq 66a7a29b0a nixbld: do not create backups during ZFS scrubs 2022-06-27 18:15:57 +08:00
Sebastien Bourdeauducq cef6b7263a nixbld: backup mail 2022-06-27 18:15:47 +08:00
Sebastien Bourdeauducq 08ab958a76 nixbld: use semi-automatic DNSSEC 2022-06-27 13:08:16 +08:00
Sebastien Bourdeauducq 3909d7428d nixbld: DNS server (WIP) 2022-06-26 16:57:17 +08:00
Sebastien Bourdeauducq 70ad63ca56 nixbld: block internet access on insecure device 2022-06-23 15:33:37 +08:00
Sebastien Bourdeauducq 6cb5c84a9b nixbld: enable mail server again 2022-06-18 13:58:51 +08:00
Sebastien Bourdeauducq 7f599bdbc9 nixbld: remove gitea patch (merged upstream) 2022-06-07 10:17:15 +08:00
Sebastien Bourdeauducq ae5e85d611 nixbld: re-add networked derivations patch 2022-06-04 13:52:21 +08:00
Sebastien Bourdeauducq 5f1ff14380 afws_module: fix nix command 2022-05-26 13:05:34 +08:00
Sebastien Bourdeauducq 5354daf585 nixbld: NixOS 22.05 2022-05-26 12:12:14 +08:00
Sebastien Bourdeauducq cb75072f15 nixbld: add kk105 2022-05-26 10:57:19 +08:00
Sebastien Bourdeauducq da3a82a52d nixbld: add spaqin 2022-05-06 16:55:00 +08:00
Sebastien Bourdeauducq aba22c34ca nixbld: add nkrackow 2022-05-05 19:23:40 +08:00
Sebastien Bourdeauducq a58a613418 nixbld: add .science tld 2022-04-14 12:17:22 +08:00
Sebastien Bourdeauducq 61c008ff43 nixbld: publish msys2 repos on web 2022-04-05 11:14:17 +08:00
Sebastien Bourdeauducq 7a14264be4 hydra: fix msys2 icon 2022-04-04 15:39:28 +08:00
Sebastien Bourdeauducq a8d28d2cbc hydra: add msys2 type 2022-04-04 15:05:39 +08:00
Sebastien Bourdeauducq e1e723ece5 nixbld: backup afws 2022-03-20 10:49:59 +08:00
Sebastien Bourdeauducq 28ca789aae nixbld: use flake output for beta conda channel 2022-02-12 18:50:08 +08:00
Sebastien Bourdeauducq 0c04f014d7 nixbld: use sipyco flake output for manual 2022-02-12 11:23:19 +08:00
Sebastien Bourdeauducq d4c36b8cfd nixbld: use ARTIQ flake output for manual 2022-02-12 10:19:15 +08:00
Sebastien Bourdeauducq 0b8aa97192 nixbld: run AFWS server 2022-02-07 14:31:37 +08:00
Sebastien Bourdeauducq 322d267caf hydra: update evalSettings.allowedUris 2022-02-07 14:31:21 +08:00
Sebastien Bourdeauducq a270418cfc nixbld: exclude new gitea archive location from backups 2022-02-02 10:53:11 +08:00
Sebastien Bourdeauducq 995f8897a4 nixbld: work around hidden hydra sudo dependency 2022-01-17 18:48:23 +08:00
Sebastien Bourdeauducq 8e20a3df6e nixbld: update gitea templates 2022-01-04 15:17:17 +08:00
Sebastien Bourdeauducq 910506d3e4 nixbld: enable fail2ban 2022-01-03 14:34:57 +08:00
Sebastien Bourdeauducq ec7e9209f5 nixbld: improve root account security 2022-01-03 13:46:57 +08:00
Sebastien Bourdeauducq b70908f864 nixbld: restrict maxJobs again to avoid Vivado OOM 2021-12-03 11:03:36 +08:00
Sebastien Bourdeauducq a0cb49b59d nixbld: nixos 21.11 2021-12-01 18:11:06 +08:00
Sebastien Bourdeauducq 628e5fb9d7 nixbld: cleanup buildMachines 2021-11-25 10:42:01 +08:00
Sebastien Bourdeauducq e8527e496b nixbld: include rt in backups 2021-11-25 00:15:09 +08:00
Sebastien Bourdeauducq c5c22da2ba nixbld: update nixops 2021-11-24 23:57:18 +08:00
Sebastien Bourdeauducq 8114dcfb6d nixbld: remove memtest86 2021-11-24 23:57:06 +08:00
Sebastien Bourdeauducq 29830b0ae9 nixbld: more frequent backups 2021-11-24 23:56:48 +08:00
Sebastien Bourdeauducq 3e2061c47b nixbld: fix rt group 2021-11-23 13:52:00 +08:00
Sebastien Bourdeauducq f5ff63b74b nixbld: remove hkadmin 2021-11-22 12:19:00 +08:00
Sebastien Bourdeauducq ae6915ab44 nixbld: fix RT startup 2021-11-22 12:18:06 +08:00
Sebastien Bourdeauducq 813b4831c6 nixbld: cleanup 2021-11-22 12:17:58 +08:00
Sebastien Bourdeauducq c75cf3456b nixbld: improve backup
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
Sebastien Bourdeauducq 7342601788 nixbld: add occheung user 2021-11-11 12:12:46 +08:00
Harry Ho bcc5502ec6 rt: prevent text attachments from appearing inline on web interface 2021-10-27 12:20:08 +08:00
Sebastien Bourdeauducq 00d29eba4d nixbld: install borgbackup 2021-09-18 16:35:25 +08:00
Sebastien Bourdeauducq 82e161dba3 hydra: hack-patch allowed URIs to work around Nix issue #5039 2021-09-01 19:59:23 +08:00
Sebastien Bourdeauducq 4ce9c2a718 nixbld: enable flakes 2021-08-18 14:53:01 +08:00
Sebastien Bourdeauducq c96b3793c4 rt: persistent sessions 2021-08-12 13:39:53 +08:00
Sebastien Bourdeauducq 63250304d2 rt: fix default queue (2) 2021-08-11 16:01:32 +08:00
Sebastien Bourdeauducq 89dd90075e rt: fix default queue 2021-08-11 15:35:23 +08:00
Sebastien Bourdeauducq 223ab96b5a nixbld: fix RT SSL 2021-08-11 12:02:33 +08:00
Sebastien Bourdeauducq 0e548d1eff nixbld: handle incoming RT emails 2021-08-11 11:57:05 +08:00
Sebastien Bourdeauducq e3578011a5 rt: email setup WIP 2021-08-11 10:54:24 +08:00
Sebastien Bourdeauducq d9536ff5db rt: fix API security problem 2021-08-11 10:54:12 +08:00
Sebastien Bourdeauducq a385c2db4b rt: stop using tmpfiles for db password file permissions 2021-08-11 10:53:48 +08:00
Sebastien Bourdeauducq a97302a80a nixbld: RT working, no mail 2021-08-10 21:28:14 +08:00
Sebastien Bourdeauducq ef3544f8f3 nixbld: publish conda channel archives 2021-08-10 19:08:25 +08:00
Sebastien Bourdeauducq 977cccc997 nixbld: fix hooks page breaking github backups
https://github.com/josegonzalez/python-github-backup/issues/176
2021-08-09 13:46:46 +08:00
Sebastien Bourdeauducq 01212b4e51 nixbld: install iw and nvme-cli 2021-08-09 13:32:37 +08:00
Sebastien Bourdeauducq adccf47d3c nixbld: wifi problems 2021-08-09 13:32:18 +08:00
Sebastien Bourdeauducq 7d073e371c nixbld: add github backups 2021-08-07 17:47:16 +08:00
Sebastien Bourdeauducq 4c394a0976 nixbld: wifi problems 2021-08-07 17:45:53 +08:00
Sebastien Bourdeauducq a0f445b0dd nixbld: remove old flarum files 2021-08-07 13:47:26 +08:00
Sebastien Bourdeauducq 9474dfa3a2 nixbld: fix stateVersion 2021-08-07 13:19:47 +08:00
Sebastien Bourdeauducq 58252a93a4 nixbld: new server 2021-08-07 12:24:31 +08:00
Sebastien Bourdeauducq b7a49505bc nixbld: end mailserver experiment
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.

https://support.google.com/mail/answer/10336?p=NotAuthorizedError

Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
Sebastien Bourdeauducq b7cef86473 nixbld: nixos 21.05 2021-06-07 09:56:05 +08:00
Sebastien Bourdeauducq 3b4f5d27c8 nixbld: reduce zfs scrub frequency 2021-05-28 16:07:09 +08:00
Sebastien Bourdeauducq 4fc5d2e56a nixbld: fix gitea logo 2021-05-13 15:51:50 +08:00
Sebastien Bourdeauducq 2f8d46d872 nixbld: update for newer hydra (2021-05-03) 2021-05-13 15:46:52 +08:00
Sebastien Bourdeauducq 7b6ed95090 nixbld: disable Nix flarum module
hacky and buggy

https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
Sebastien Bourdeauducq 9185cdcec1 nixbld: update flarum deps 2021-05-06 06:41:32 +08:00
Sebastien Bourdeauducq a680baed40 nixbld: fix hydra-send-stats 2021-04-24 18:19:33 +08:00