Sebastien Bourdeauducq
|
4c9d96dae3
|
nixbld: add HP printer to firewall blocklist
|
2023-08-08 19:02:59 +08:00 |
Sebastien Bourdeauducq
|
9ebdb06699
|
nixbld: add dpn user
|
2023-08-04 19:45:44 +08:00 |
Sebastien Bourdeauducq
|
98072481e7
|
nixbld: add atse.alt.m-labs.hk
|
2023-08-04 17:11:36 +08:00 |
Sebastien Bourdeauducq
|
c89551c610
|
nixbld: open strongswan ports
|
2023-07-15 14:23:06 +08:00 |
Sebastien Bourdeauducq
|
6ec5e436a2
|
nixbld: fix altnet routing
|
2023-07-13 18:25:05 +08:00 |
Sebastien Bourdeauducq
|
39a6ea69f6
|
nixbld: altnet setup
|
2023-07-13 13:56:10 +08:00 |
Sebastien Bourdeauducq
|
c2c7e67549
|
nixbld: block zyxel cloud switch
|
2023-07-13 09:35:32 +08:00 |
Sebastien Bourdeauducq
|
4c62ba7f9d
|
nixbld: block hikvision device
|
2023-07-12 17:41:05 +08:00 |
Sebastien Bourdeauducq
|
257c2dc432
|
nixbld: fix mysql backup auth
|
2023-07-07 17:29:24 +08:00 |
Sebastien Bourdeauducq
|
e2c2dbbeeb
|
nixbld: autostart iPXE HTTP boot
|
2023-07-02 16:31:25 +08:00 |
Sebastien Bourdeauducq
|
a9ee77b9e8
|
nixbld: serve iPXE on LAN
|
2023-07-02 16:15:24 +08:00 |
Sebastien Bourdeauducq
|
dbd20c6418
|
nixbld: update simple-nixos-mailserver
|
2023-06-13 10:54:20 +08:00 |
Sebastien Bourdeauducq
|
2227e816bc
|
nixbld: update dnsmasq settings
|
2023-06-04 22:40:14 +08:00 |
Sebastien Bourdeauducq
|
6b35c751d8
|
nixbld: NixOS 23.05 compatibility
|
2023-06-02 17:36:05 +08:00 |
Sebastien Bourdeauducq
|
d21c31aae5
|
nixbld: add esavkin to lp group
|
2023-05-31 18:11:18 +08:00 |
Sebastien Bourdeauducq
|
f5837877d2
|
nixbld: increase nextcloud max upload size
|
2023-05-30 21:34:36 +08:00 |
Sebastien Bourdeauducq
|
77ba57e8fa
|
disable X11 forwarding (replaced with waypipe)
|
2023-05-24 12:45:34 +08:00 |
Sebastien Bourdeauducq
|
5223d9fd89
|
afws: move more code into module file, use new reload mechanism
|
2023-04-08 17:49:03 +08:00 |
Sebastien Bourdeauducq
|
0640cfad04
|
nixbld: increase AFWS WebSocket timeout
|
2023-04-07 16:02:07 +08:00 |
Sebastien Bourdeauducq
|
6c6f11ed7d
|
nixbld: set up ACME certificate for AFWS
|
2023-04-07 14:39:05 +08:00 |
Sebastien Bourdeauducq
|
0442916420
|
nixbld: afws websocket proxy settings
|
2023-04-05 13:37:35 +08:00 |
Sebastien Bourdeauducq
|
c8c38f79c0
|
nixbld: set recommendedTlsSettings
|
2023-04-05 13:37:11 +08:00 |
Sebastien Bourdeauducq
|
b7d9df794e
|
nixbld: close legacy firewall ports
|
2023-04-05 12:42:42 +08:00 |
Sebastien Bourdeauducq
|
6d31b77f0e
|
add .ph site
|
2023-03-23 15:22:25 +08:00 |
Sebastien Bourdeauducq
|
ff37c5949e
|
nixbld: add esavkin
|
2023-03-03 18:29:45 +08:00 |
Sebastien Bourdeauducq
|
8ea7b06218
|
remove therobs12 user
|
2023-02-16 11:55:29 +08:00 |
Sebastien Bourdeauducq
|
c9f774d011
|
nixbld: install labelprinter
|
2023-02-10 18:26:12 +08:00 |
Sebastien Bourdeauducq
|
9babd68652
|
nixbld: give backupdl access to nextcloud
|
2023-01-31 15:41:15 +08:00 |
Sebastien Bourdeauducq
|
b3f5f687aa
|
nixbld: cleanup backupdl keys
|
2023-01-30 16:14:12 +08:00 |
Sebastien Bourdeauducq
|
af27584100
|
nixbld: remove topquark12 user
|
2023-01-30 16:12:13 +08:00 |
Sebastien Bourdeauducq
|
4c7a2dfce3
|
nixbld: label printer permissions
|
2023-01-30 16:12:00 +08:00 |
Sebastien Bourdeauducq
|
30fa569bdc
|
nixbld: block more insecure devices
|
2023-01-30 16:08:27 +08:00 |
Sebastien Bourdeauducq
|
9dee7c1888
|
nixbld: update backupdl key
|
2023-01-29 20:19:05 +08:00 |
Sebastien Bourdeauducq
|
0faa05aec3
|
nixbld: add back qnetp DNS
|
2023-01-29 18:29:16 +08:00 |
Sebastien Bourdeauducq
|
21a7d1c36e
|
nixbld: update LAN AAAA records
|
2023-01-29 18:01:31 +08:00 |
Sebastien Bourdeauducq
|
faff3a5eef
|
nixbld: relocation
|
2023-01-29 12:11:31 +08:00 |
Sebastien Bourdeauducq
|
3210289ebf
|
fix *.mil DNS lookups
|
2023-01-28 09:54:13 +08:00 |
Sebastien Bourdeauducq
|
dd0ebf1c47
|
nixbld: move to he.net DNS
|
2023-01-27 14:48:14 +08:00 |
Sebastien Bourdeauducq
|
2c770e9929
|
nixbld: better workaround against crappy registrar without glue records
PCCW's static.imsbiz.com is wonky and not always available for all IPs, so stop using it.
|
2023-01-16 16:07:58 +08:00 |
Sebastien Bourdeauducq
|
fb54880765
|
nixbld: start rt-fetchmail after dovecot
|
2023-01-04 11:54:30 +08:00 |
Sebastien Bourdeauducq
|
ea0b7d6dc7
|
nixbld: enable POP3
|
2022-12-25 11:07:02 +08:00 |
Sebastien Bourdeauducq
|
3b224c56aa
|
nixbld: ignore local IP for fail2ban
|
2022-12-24 15:42:35 +08:00 |
Sebastien Bourdeauducq
|
162ad28a52
|
hydra: allow eval from duke gitlab
|
2022-12-17 14:58:35 +08:00 |
Sebastien Bourdeauducq
|
dbc9f4c68d
|
remote setup
|
2022-12-10 19:17:22 +08:00 |
Sebastien Bourdeauducq
|
15d99bc68b
|
nixbld: persist DNSSEC private key
https://github.com/NixOS/nixpkgs/issues/204391
|
2022-12-05 10:00:35 +08:00 |
Sebastien Bourdeauducq
|
70a7ce5d30
|
nixbld: remove obsolete ssh key
|
2022-12-03 17:14:23 +08:00 |
Sebastien Bourdeauducq
|
2af492e37e
|
nixbld: NixOS 22.11
|
2022-12-03 16:29:32 +08:00 |
Sebastien Bourdeauducq
|
88dd1a5fc4
|
nixbld: update therobs shell
|
2022-11-11 17:58:10 +08:00 |
Sebastien Bourdeauducq
|
cecda7e28b
|
nixbld: update users
|
2022-11-11 17:46:10 +08:00 |
Sebastien Bourdeauducq
|
2d9b7767a6
|
nixbld: enable aarch64-linux binfmt emulation
|
2022-11-09 21:14:11 +08:00 |
Sebastien Bourdeauducq
|
fb745a11e3
|
nixbld: new msys2 repos
|
2022-11-03 19:09:35 +08:00 |
Sebastien Bourdeauducq
|
0c8019516d
|
nixbld: fix bind DNSSEC configuration for new version
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
|
2022-09-30 16:46:39 +08:00 |
Sebastien Bourdeauducq
|
d2bfca1f25
|
nixbld: serve nmigen docs
|
2022-09-27 11:07:13 +08:00 |
Sebastien Bourdeauducq
|
9bc617a019
|
nixbld: fix munin auth
|
2022-09-23 11:00:49 +08:00 |
Sebastien Bourdeauducq
|
4b23f8d66f
|
nixbld: update DNS zone
|
2022-09-23 10:58:41 +08:00 |
Sebastien Bourdeauducq
|
e2e4b0842a
|
nixbld: add yuk account
|
2022-09-21 10:12:25 +08:00 |
Sebastien Bourdeauducq
|
382c8bfaab
|
nixbld: add aux key for backupdl
|
2022-09-17 19:19:00 +08:00 |
Sebastien Bourdeauducq
|
ac022776e7
|
nixbld: SSH reverse proxy setup
|
2022-09-17 19:13:54 +08:00 |
Sebastien Bourdeauducq
|
e9b02d0c72
|
nixbld: disable kk105 account
|
2022-09-13 08:50:16 +08:00 |
Sebastien Bourdeauducq
|
cd215e9e66
|
nixbld: backup hedgedoc
|
2022-09-02 18:10:17 +08:00 |
Sebastien Bourdeauducq
|
663e030aa8
|
nixbld: update named zone serial
|
2022-09-01 11:39:56 +08:00 |
Sebastien Bourdeauducq
|
365ec54358
|
nixbld: install hedgedoc
|
2022-09-01 11:39:47 +08:00 |
Sebastien Bourdeauducq
|
20175f7bc0
|
nixbld: rfc2181 forbids mx cname
|
2022-09-01 10:55:31 +08:00 |
Sebastien Bourdeauducq
|
dc8db5fbee
|
rfq: do not write email password to the Nix store
|
2022-08-13 11:43:01 +08:00 |
Sebastien Bourdeauducq
|
dc08412ba2
|
update email settings
|
2022-08-13 11:22:01 +08:00 |
Sebastien Bourdeauducq
|
13bfee7be2
|
switch email server
|
2022-08-13 10:25:53 +08:00 |
Sebastien Bourdeauducq
|
a517d429ab
|
work around Google DNS geolocation fuckup
|
2022-08-12 18:37:42 +08:00 |
Sebastien Bourdeauducq
|
7dc4866314
|
nixbld: more email setup
|
2022-08-09 17:45:26 +08:00 |
Sebastien Bourdeauducq
|
5f7cb6113e
|
nixbld: block siglent internet
|
2022-08-03 12:52:26 +08:00 |
Sebastien Bourdeauducq
|
a147bb3883
|
nixbld: add topquark12
|
2022-07-31 19:40:45 +08:00 |
Sebastien Bourdeauducq
|
80ee7911cd
|
nixbld: disable jitsi
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
|
2022-07-25 18:33:40 +08:00 |
Sebastien Bourdeauducq
|
66d7dd6efe
|
nixbld: enable more fail2ban filters
|
2022-07-25 18:33:24 +08:00 |
Sebastien Bourdeauducq
|
93a40ea87d
|
nixbld: reduce gitea spamminess
|
2022-07-25 18:33:08 +08:00 |
Sebastien Bourdeauducq
|
e5250c88fb
|
nixbld: web/hydra setup for flakes in ARTIQ stable
|
2022-07-08 19:00:38 +08:00 |
Sebastien Bourdeauducq
|
048863593a
|
nixbld: remove obsolete ACME workaround
|
2022-07-04 16:22:40 +08:00 |
Sebastien Bourdeauducq
|
328a85c504
|
nixbld: install nextcloud
|
2022-06-30 17:33:09 +08:00 |
Sebastien Bourdeauducq
|
3ef19cbe93
|
nixbld: m-labs.hk DNS zone
|
2022-06-28 14:44:14 +08:00 |
Sebastien Bourdeauducq
|
6333165321
|
nixbld: setup email server for m-labs.hk
|
2022-06-27 18:17:30 +08:00 |
Sebastien Bourdeauducq
|
8bc44199fc
|
nixbld: make bind CLI tools available
|
2022-06-27 18:16:38 +08:00 |
Sebastien Bourdeauducq
|
66a7a29b0a
|
nixbld: do not create backups during ZFS scrubs
|
2022-06-27 18:15:57 +08:00 |
Sebastien Bourdeauducq
|
cef6b7263a
|
nixbld: backup mail
|
2022-06-27 18:15:47 +08:00 |
Sebastien Bourdeauducq
|
08ab958a76
|
nixbld: use semi-automatic DNSSEC
|
2022-06-27 13:08:16 +08:00 |
Sebastien Bourdeauducq
|
3909d7428d
|
nixbld: DNS server (WIP)
|
2022-06-26 16:57:17 +08:00 |
Sebastien Bourdeauducq
|
70ad63ca56
|
nixbld: block internet access on insecure device
|
2022-06-23 15:33:37 +08:00 |
Sebastien Bourdeauducq
|
6cb5c84a9b
|
nixbld: enable mail server again
|
2022-06-18 13:58:51 +08:00 |
Sebastien Bourdeauducq
|
7f599bdbc9
|
nixbld: remove gitea patch (merged upstream)
|
2022-06-07 10:17:15 +08:00 |
Sebastien Bourdeauducq
|
ae5e85d611
|
nixbld: re-add networked derivations patch
|
2022-06-04 13:52:21 +08:00 |
Sebastien Bourdeauducq
|
5f1ff14380
|
afws_module: fix nix command
|
2022-05-26 13:05:34 +08:00 |
Sebastien Bourdeauducq
|
5354daf585
|
nixbld: NixOS 22.05
|
2022-05-26 12:12:14 +08:00 |
Sebastien Bourdeauducq
|
cb75072f15
|
nixbld: add kk105
|
2022-05-26 10:57:19 +08:00 |
Sebastien Bourdeauducq
|
da3a82a52d
|
nixbld: add spaqin
|
2022-05-06 16:55:00 +08:00 |
Sebastien Bourdeauducq
|
aba22c34ca
|
nixbld: add nkrackow
|
2022-05-05 19:23:40 +08:00 |
Sebastien Bourdeauducq
|
a58a613418
|
nixbld: add .science tld
|
2022-04-14 12:17:22 +08:00 |
Sebastien Bourdeauducq
|
61c008ff43
|
nixbld: publish msys2 repos on web
|
2022-04-05 11:14:17 +08:00 |
Sebastien Bourdeauducq
|
7a14264be4
|
hydra: fix msys2 icon
|
2022-04-04 15:39:28 +08:00 |
Sebastien Bourdeauducq
|
a8d28d2cbc
|
hydra: add msys2 type
|
2022-04-04 15:05:39 +08:00 |
Sebastien Bourdeauducq
|
e1e723ece5
|
nixbld: backup afws
|
2022-03-20 10:49:59 +08:00 |
Sebastien Bourdeauducq
|
28ca789aae
|
nixbld: use flake output for beta conda channel
|
2022-02-12 18:50:08 +08:00 |
Sebastien Bourdeauducq
|
0c04f014d7
|
nixbld: use sipyco flake output for manual
|
2022-02-12 11:23:19 +08:00 |
Sebastien Bourdeauducq
|
d4c36b8cfd
|
nixbld: use ARTIQ flake output for manual
|
2022-02-12 10:19:15 +08:00 |
Sebastien Bourdeauducq
|
0b8aa97192
|
nixbld: run AFWS server
|
2022-02-07 14:31:37 +08:00 |
Sebastien Bourdeauducq
|
322d267caf
|
hydra: update evalSettings.allowedUris
|
2022-02-07 14:31:21 +08:00 |
Sebastien Bourdeauducq
|
a270418cfc
|
nixbld: exclude new gitea archive location from backups
|
2022-02-02 10:53:11 +08:00 |
Sebastien Bourdeauducq
|
995f8897a4
|
nixbld: work around hidden hydra sudo dependency
|
2022-01-17 18:48:23 +08:00 |
Sebastien Bourdeauducq
|
8e20a3df6e
|
nixbld: update gitea templates
|
2022-01-04 15:17:17 +08:00 |
Sebastien Bourdeauducq
|
910506d3e4
|
nixbld: enable fail2ban
|
2022-01-03 14:34:57 +08:00 |
Sebastien Bourdeauducq
|
ec7e9209f5
|
nixbld: improve root account security
|
2022-01-03 13:46:57 +08:00 |
Sebastien Bourdeauducq
|
b70908f864
|
nixbld: restrict maxJobs again to avoid Vivado OOM
|
2021-12-03 11:03:36 +08:00 |
Sebastien Bourdeauducq
|
a0cb49b59d
|
nixbld: nixos 21.11
|
2021-12-01 18:11:06 +08:00 |
Sebastien Bourdeauducq
|
628e5fb9d7
|
nixbld: cleanup buildMachines
|
2021-11-25 10:42:01 +08:00 |
Sebastien Bourdeauducq
|
e8527e496b
|
nixbld: include rt in backups
|
2021-11-25 00:15:09 +08:00 |
Sebastien Bourdeauducq
|
c5c22da2ba
|
nixbld: update nixops
|
2021-11-24 23:57:18 +08:00 |
Sebastien Bourdeauducq
|
8114dcfb6d
|
nixbld: remove memtest86
|
2021-11-24 23:57:06 +08:00 |
Sebastien Bourdeauducq
|
29830b0ae9
|
nixbld: more frequent backups
|
2021-11-24 23:56:48 +08:00 |
Sebastien Bourdeauducq
|
3e2061c47b
|
nixbld: fix rt group
|
2021-11-23 13:52:00 +08:00 |
Sebastien Bourdeauducq
|
f5ff63b74b
|
nixbld: remove hkadmin
|
2021-11-22 12:19:00 +08:00 |
Sebastien Bourdeauducq
|
ae6915ab44
|
nixbld: fix RT startup
|
2021-11-22 12:18:06 +08:00 |
Sebastien Bourdeauducq
|
813b4831c6
|
nixbld: cleanup
|
2021-11-22 12:17:58 +08:00 |
Sebastien Bourdeauducq
|
c75cf3456b
|
nixbld: improve backup
include Mattermost attachments
stop using expensive and insecure dropbox
|
2021-11-16 14:21:59 +08:00 |
Sebastien Bourdeauducq
|
7342601788
|
nixbld: add occheung user
|
2021-11-11 12:12:46 +08:00 |
Harry Ho
|
bcc5502ec6
|
rt: prevent text attachments from appearing inline on web interface
|
2021-10-27 12:20:08 +08:00 |
Sebastien Bourdeauducq
|
00d29eba4d
|
nixbld: install borgbackup
|
2021-09-18 16:35:25 +08:00 |
Sebastien Bourdeauducq
|
82e161dba3
|
hydra: hack-patch allowed URIs to work around Nix issue #5039
|
2021-09-01 19:59:23 +08:00 |
Sebastien Bourdeauducq
|
4ce9c2a718
|
nixbld: enable flakes
|
2021-08-18 14:53:01 +08:00 |
Sebastien Bourdeauducq
|
c96b3793c4
|
rt: persistent sessions
|
2021-08-12 13:39:53 +08:00 |
Sebastien Bourdeauducq
|
63250304d2
|
rt: fix default queue (2)
|
2021-08-11 16:01:32 +08:00 |
Sebastien Bourdeauducq
|
89dd90075e
|
rt: fix default queue
|
2021-08-11 15:35:23 +08:00 |
Sebastien Bourdeauducq
|
223ab96b5a
|
nixbld: fix RT SSL
|
2021-08-11 12:02:33 +08:00 |
Sebastien Bourdeauducq
|
0e548d1eff
|
nixbld: handle incoming RT emails
|
2021-08-11 11:57:05 +08:00 |
Sebastien Bourdeauducq
|
e3578011a5
|
rt: email setup WIP
|
2021-08-11 10:54:24 +08:00 |
Sebastien Bourdeauducq
|
d9536ff5db
|
rt: fix API security problem
|
2021-08-11 10:54:12 +08:00 |
Sebastien Bourdeauducq
|
a385c2db4b
|
rt: stop using tmpfiles for db password file permissions
|
2021-08-11 10:53:48 +08:00 |
Sebastien Bourdeauducq
|
a97302a80a
|
nixbld: RT working, no mail
|
2021-08-10 21:28:14 +08:00 |
Sebastien Bourdeauducq
|
ef3544f8f3
|
nixbld: publish conda channel archives
|
2021-08-10 19:08:25 +08:00 |
Sebastien Bourdeauducq
|
977cccc997
|
nixbld: fix hooks page breaking github backups
https://github.com/josegonzalez/python-github-backup/issues/176
|
2021-08-09 13:46:46 +08:00 |
Sebastien Bourdeauducq
|
01212b4e51
|
nixbld: install iw and nvme-cli
|
2021-08-09 13:32:37 +08:00 |
Sebastien Bourdeauducq
|
adccf47d3c
|
nixbld: wifi problems
|
2021-08-09 13:32:18 +08:00 |
Sebastien Bourdeauducq
|
7d073e371c
|
nixbld: add github backups
|
2021-08-07 17:47:16 +08:00 |
Sebastien Bourdeauducq
|
4c394a0976
|
nixbld: wifi problems
|
2021-08-07 17:45:53 +08:00 |
Sebastien Bourdeauducq
|
a0f445b0dd
|
nixbld: remove old flarum files
|
2021-08-07 13:47:26 +08:00 |
Sebastien Bourdeauducq
|
9474dfa3a2
|
nixbld: fix stateVersion
|
2021-08-07 13:19:47 +08:00 |
Sebastien Bourdeauducq
|
58252a93a4
|
nixbld: new server
|
2021-08-07 12:24:31 +08:00 |
Sebastien Bourdeauducq
|
b7a49505bc
|
nixbld: end mailserver experiment
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.
https://support.google.com/mail/answer/10336?p=NotAuthorizedError
Fuck Google.
Fuck PCCW.
|
2021-08-02 13:32:29 +08:00 |
Sebastien Bourdeauducq
|
b7cef86473
|
nixbld: nixos 21.05
|
2021-06-07 09:56:05 +08:00 |
Sebastien Bourdeauducq
|
3b4f5d27c8
|
nixbld: reduce zfs scrub frequency
|
2021-05-28 16:07:09 +08:00 |
Sebastien Bourdeauducq
|
4fc5d2e56a
|
nixbld: fix gitea logo
|
2021-05-13 15:51:50 +08:00 |
Sebastien Bourdeauducq
|
2f8d46d872
|
nixbld: update for newer hydra (2021-05-03)
|
2021-05-13 15:46:52 +08:00 |
Sebastien Bourdeauducq
|
7b6ed95090
|
nixbld: disable Nix flarum module
hacky and buggy
https://github.com/NixOS/nixpkgs/pull/96869
|
2021-05-06 10:09:26 +08:00 |
Sebastien Bourdeauducq
|
9185cdcec1
|
nixbld: update flarum deps
|
2021-05-06 06:41:32 +08:00 |
Sebastien Bourdeauducq
|
a680baed40
|
nixbld: fix hydra-send-stats
|
2021-04-24 18:19:33 +08:00 |