7b98b49fcd
Apply tested client configuration
...
Adds an additional route, but doesn't enforce it so other apps will remain the same, but smtp can use tunnel for sending. Also sends replies through the tunnel if connection arrives on the tunnel.
Better have something tested and working before I start doing "perfect".
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:55:28 +08:00
367d5a8c4c
Use wireguard instead of strongswan since its in the kernel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:55:27 +08:00
5fb951ba3c
WIP: Use gre/ipsec instead of proxy
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:54:57 +08:00
6832725535
Use proxychains-ng instead of tsocks
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:53:44 +08:00
4c9dff8d95
Use tsocks to wrap socks and add sock transport type
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:53:44 +08:00
f909cd71a3
Use wildcard instead of explicit specification
...
As in example at https://www.postfix.org/transport.5.html
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:53:44 +08:00
3959250f0b
Use postfix options for routing mails through ssh tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-17 11:53:44 +08:00
476f5d1d6c
nixbld: update to nextcloud 30
2024-10-16 11:33:07 +08:00
ecf40fb2db
nixbld: fix firewall issue with incoming USA tunnel connections
2024-10-15 21:27:43 +08:00
34102e66ad
nixbld: install nextcloud forms app
2024-10-15 16:22:33 +08:00
93ae830468
nixbld: disable IPv6 MX for m-labs-intl.com
2024-10-14 14:23:15 +08:00
8af66556b9
nixbld: remove google fonts workaround
2024-10-11 17:27:10 +08:00
94cff9bb09
nixbld: revert 233998b8 (did not fix the problem)
2024-10-08 16:11:12 +08:00
2bf7bb0638
nixbld: connect to USA VPN
2024-10-08 16:09:56 +08:00
3419fe6013
nixbld: remove nkrackow user
2024-10-05 10:15:13 +08:00
ec53c0cbdd
nixbld: add eduardotenholder user
2024-10-02 18:41:45 +08:00
0258f5cff4
nixbld: reorganize users (NFC)
2024-10-02 18:40:48 +08:00
b723b7f8c0
nixbld: clean up/update systemPackages
2024-09-30 15:12:01 +08:00
0c336f3dd7
nixbld: do not log refused connections
...
Happen all the time and spam the kernel log.
2024-09-30 14:40:09 +08:00
11181f0397
nixbld: flarum createDatabaseLocally no longer needed
...
https://github.com/NixOS/nixpkgs/pull/341340
2024-09-23 10:52:08 +08:00
4a288abe2b
nixbld: keep automatic flarum DB migrations
2024-09-10 17:12:44 +08:00
635f90f0c7
nixbld/flarum: use nix
2024-08-31 17:27:16 +08:00
8a187ba5b9
nixbld: SIT can take larger packets
2024-08-29 18:55:52 +08:00
9383227c5b
nixbld: consistent netif variables
2024-08-29 18:53:33 +08:00
233998b8f3
nixbld: work around tunnel bring-up race condition
2024-08-29 18:40:17 +08:00
90a6b84c09
nixbld: work around tunnel TCPMSS issues
2024-08-29 18:39:52 +08:00
23e1fa029a
nixbld: upgrade postgresql
2024-08-25 11:06:19 +08:00
75035b387e
Skip SPF for mails originating from intl
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-08-20 10:59:27 +08:00
6dc8214102
nixbld/backup: include gitea DB dump
2024-08-17 18:26:46 +08:00
a6b216bb87
nixbld/gitea: move to postgresql
2024-08-17 18:18:56 +08:00
6e21a95ba8
nixbld/named: add qnetp slave DNS for m-labs-intl.com
2024-08-15 19:52:42 +08:00
d08186a27a
nixbld/named: enable CAA for m-labs-intl.com
2024-08-14 11:52:25 +08:00
5d132565e6
nixbld/named: add hooks.m-labs-intl.com
2024-08-14 11:42:38 +08:00
97ca7ea3ce
nixbld: mail setup for m-labs-intl.com WIP
2024-08-14 11:38:19 +08:00
e24c167f8b
Revert "nixbld: block SAP spam"
...
Option seems to have no effect.
This reverts commit b769b47075
2024-08-14 10:58:49 +08:00
18194be5c3
nixbld: deploy web2019 to the intl domain
...
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-08-14 10:54:52 +08:00
7781d6236e
nixbld/rt: disable TCP
2024-08-11 12:19:15 +08:00
93e19c74e9
nixbld/rt: use psql peer authentication
2024-08-11 12:12:28 +08:00
4ccab3cf2b
nixbld: remove outdated DNS records
2024-08-05 19:13:34 +08:00
69fe8c9866
nixbld: add flo user
2024-08-01 07:32:11 +08:00
b769b47075
nixbld: block SAP spam
2024-07-02 09:56:02 +02:00
872dcaa6bc
nixbld: serve m-labs-intl.com domain
2024-06-06 17:29:07 +08:00
ca895df9f3
nixbld: switch to gitea built-in SSH server
2024-06-06 16:27:39 +08:00
4e6686dbe9
nixbld: fix gitea emails
2024-06-06 13:52:35 +08:00
f973d2969a
nixbld: fix gitea emails
2024-06-05 11:23:24 +08:00
18a41e1c88
nixbld: work around for hydra input issues in restricted mode
2024-06-03 22:39:00 +08:00
f07b292d3b
nixbld: disallow user SSH keys
2024-06-02 14:10:10 +08:00
bd6c61094f
nixbld: update letsencrypt CAA URI
...
https://github.com/NixOS/nixpkgs/issues/316608
2024-06-02 13:50:48 +08:00
cc0bf224df
nixbld: install mpd
2024-06-02 13:50:24 +08:00
41aeae7b2d
nixbld: update simple-nixos-mailserver
2024-06-02 12:59:47 +08:00
