Egor Savkin
b3c97d0fb5
Add virtual ips for the gre tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-30 13:29:10 +08:00
Egor Savkin
c7dff35280
Return swan into the zoo
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-20 17:36:31 +08:00
Egor Savkin
addc202345
Use IPv6 for WG transport to decrease latency by 20%
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
6dded5a701
Ip rules instead of iptables tracking
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
17b21f3801
Apply tested client configuration
...
Adds an additional route, but doesn't enforce it so other apps will remain the same, but smtp can use tunnel for sending. Also sends replies through the tunnel if connection arrives on the tunnel.
Better have something tested and working before I start doing "perfect".
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
dba87d68d3
Use wireguard instead of strongswan since its in the kernel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
4966465b1c
WIP: Use gre/ipsec instead of proxy
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
a230f3fa68
Use proxychains-ng instead of tsocks
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
c3be96a166
Use tsocks to wrap socks and add sock transport type
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
3237cfb50f
Use wildcard instead of explicit specification
...
As in example at https://www.postfix.org/transport.5.html
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Egor Savkin
f0d13c40ba
Use postfix options for routing mails through ssh tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-09-13 16:47:43 +08:00
Sébastien Bourdeauducq
4a288abe2b
nixbld: keep automatic flarum DB migrations
2024-09-10 17:12:44 +08:00
Sébastien Bourdeauducq
635f90f0c7
nixbld/flarum: use nix
2024-08-31 17:27:16 +08:00
Sébastien Bourdeauducq
8a187ba5b9
nixbld: SIT can take larger packets
2024-08-29 18:55:52 +08:00
Sébastien Bourdeauducq
9383227c5b
nixbld: consistent netif variables
2024-08-29 18:53:33 +08:00
Sébastien Bourdeauducq
233998b8f3
nixbld: work around tunnel bring-up race condition
2024-08-29 18:40:17 +08:00
Sébastien Bourdeauducq
90a6b84c09
nixbld: work around tunnel TCPMSS issues
2024-08-29 18:39:52 +08:00
Sébastien Bourdeauducq
23e1fa029a
nixbld: upgrade postgresql
2024-08-25 11:06:19 +08:00
Egor Savkin
75035b387e
Skip SPF for mails originating from intl
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-08-20 10:59:27 +08:00
Sébastien Bourdeauducq
6dc8214102
nixbld/backup: include gitea DB dump
2024-08-17 18:26:46 +08:00
Sébastien Bourdeauducq
a6b216bb87
nixbld/gitea: move to postgresql
2024-08-17 18:18:56 +08:00
Sébastien Bourdeauducq
6e21a95ba8
nixbld/named: add qnetp slave DNS for m-labs-intl.com
2024-08-15 19:52:42 +08:00
Sébastien Bourdeauducq
d08186a27a
nixbld/named: enable CAA for m-labs-intl.com
2024-08-14 11:52:25 +08:00
Sébastien Bourdeauducq
5d132565e6
nixbld/named: add hooks.m-labs-intl.com
2024-08-14 11:42:38 +08:00
Sébastien Bourdeauducq
97ca7ea3ce
nixbld: mail setup for m-labs-intl.com WIP
2024-08-14 11:38:19 +08:00
Sébastien Bourdeauducq
e24c167f8b
Revert "nixbld: block SAP spam"
...
Option seems to have no effect.
This reverts commit b769b47075
.
2024-08-14 10:58:49 +08:00
Egor Savkin
18194be5c3
nixbld: deploy web2019 to the intl domain
...
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-08-14 10:54:52 +08:00
Sébastien Bourdeauducq
7781d6236e
nixbld/rt: disable TCP
2024-08-11 12:19:15 +08:00
Sébastien Bourdeauducq
93e19c74e9
nixbld/rt: use psql peer authentication
2024-08-11 12:12:28 +08:00
Sébastien Bourdeauducq
4ccab3cf2b
nixbld: remove outdated DNS records
2024-08-05 19:13:34 +08:00
Sebastien Bourdeauducq
69fe8c9866
nixbld: add flo user
2024-08-01 07:32:11 +08:00
Sebastien Bourdeauducq
b769b47075
nixbld: block SAP spam
2024-07-02 09:56:02 +02:00
Sébastien Bourdeauducq
872dcaa6bc
nixbld: serve m-labs-intl.com domain
2024-06-06 17:29:07 +08:00
Sébastien Bourdeauducq
ca895df9f3
nixbld: switch to gitea built-in SSH server
2024-06-06 16:27:39 +08:00
Sébastien Bourdeauducq
4e6686dbe9
nixbld: fix gitea emails
2024-06-06 13:52:35 +08:00
Sébastien Bourdeauducq
f973d2969a
nixbld: fix gitea emails
2024-06-05 11:23:24 +08:00
Sebastien Bourdeauducq
18a41e1c88
nixbld: work around for hydra input issues in restricted mode
2024-06-03 22:39:00 +08:00
Sébastien Bourdeauducq
f07b292d3b
nixbld: disallow user SSH keys
2024-06-02 14:10:10 +08:00
Sébastien Bourdeauducq
bd6c61094f
nixbld: update letsencrypt CAA URI
...
https://github.com/NixOS/nixpkgs/issues/316608
2024-06-02 13:50:48 +08:00
Sébastien Bourdeauducq
cc0bf224df
nixbld: install mpd
2024-06-02 13:50:24 +08:00
Sébastien Bourdeauducq
41aeae7b2d
nixbld: update simple-nixos-mailserver
2024-06-02 12:59:47 +08:00
Sébastien Bourdeauducq
1eac9d249d
nixbld: nixos 24.05
2024-06-02 12:52:17 +08:00
Sébastien Bourdeauducq
c3d9b9a7a1
nixbld: small cleanup
2024-06-02 12:52:01 +08:00
Sebastien Bourdeauducq
a22e270ac8
nixbld: replace deprecated gitea mailer setting
2024-05-28 11:44:55 +08:00
Sebastien Bourdeauducq
55cfda91e0
nixbld: fix nextcloud logging
2024-05-24 09:58:19 +08:00
Sebastien Bourdeauducq
543e9468cc
nixbld: fix nextcloud opcache warning
2024-05-24 09:49:17 +08:00
Sebastien Bourdeauducq
6487eab3c7
nixbld: update nextcloud
2024-05-23 22:58:39 +08:00
Sebastien Bourdeauducq
96f7264258
nixbld: enable audio
2024-05-23 22:21:10 +08:00
Sebastien Bourdeauducq
6018eca294
nixbld: enable SSH X11 forwarding
2024-05-23 22:20:56 +08:00
Sébastien Bourdeauducq
4c7f35bc75
nixbld: allow routing between wifi and LAN
2024-05-06 10:57:33 +08:00