Sebastien Bourdeauducq
b7d9df794e
nixbld: close legacy firewall ports
2023-04-05 12:42:42 +08:00
Sebastien Bourdeauducq
6d31b77f0e
add .ph site
2023-03-23 15:22:25 +08:00
Sebastien Bourdeauducq
ff37c5949e
nixbld: add esavkin
2023-03-03 18:29:45 +08:00
Sebastien Bourdeauducq
8ea7b06218
remove therobs12 user
2023-02-16 11:55:29 +08:00
Sebastien Bourdeauducq
c9f774d011
nixbld: install labelprinter
2023-02-10 18:26:12 +08:00
Sebastien Bourdeauducq
9babd68652
nixbld: give backupdl access to nextcloud
2023-01-31 15:41:15 +08:00
Sebastien Bourdeauducq
b3f5f687aa
nixbld: cleanup backupdl keys
2023-01-30 16:14:12 +08:00
Sebastien Bourdeauducq
af27584100
nixbld: remove topquark12 user
2023-01-30 16:12:13 +08:00
Sebastien Bourdeauducq
4c7a2dfce3
nixbld: label printer permissions
2023-01-30 16:12:00 +08:00
Sebastien Bourdeauducq
30fa569bdc
nixbld: block more insecure devices
2023-01-30 16:08:27 +08:00
Sebastien Bourdeauducq
9dee7c1888
nixbld: update backupdl key
2023-01-29 20:19:05 +08:00
Sebastien Bourdeauducq
0faa05aec3
nixbld: add back qnetp DNS
2023-01-29 18:29:16 +08:00
Sebastien Bourdeauducq
faff3a5eef
nixbld: relocation
2023-01-29 12:11:31 +08:00
Sebastien Bourdeauducq
3210289ebf
fix *.mil DNS lookups
2023-01-28 09:54:13 +08:00
Sebastien Bourdeauducq
dd0ebf1c47
nixbld: move to he.net DNS
2023-01-27 14:48:14 +08:00
Sebastien Bourdeauducq
fb54880765
nixbld: start rt-fetchmail after dovecot
2023-01-04 11:54:30 +08:00
Sebastien Bourdeauducq
ea0b7d6dc7
nixbld: enable POP3
2022-12-25 11:07:02 +08:00
Sebastien Bourdeauducq
3b224c56aa
nixbld: ignore local IP for fail2ban
2022-12-24 15:42:35 +08:00
Sebastien Bourdeauducq
15d99bc68b
nixbld: persist DNSSEC private key
...
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
Sebastien Bourdeauducq
70a7ce5d30
nixbld: remove obsolete ssh key
2022-12-03 17:14:23 +08:00
Sebastien Bourdeauducq
2af492e37e
nixbld: NixOS 22.11
2022-12-03 16:29:32 +08:00
Sebastien Bourdeauducq
88dd1a5fc4
nixbld: update therobs shell
2022-11-11 17:58:10 +08:00
Sebastien Bourdeauducq
cecda7e28b
nixbld: update users
2022-11-11 17:46:10 +08:00
Sebastien Bourdeauducq
2d9b7767a6
nixbld: enable aarch64-linux binfmt emulation
2022-11-09 21:14:11 +08:00
Sebastien Bourdeauducq
fb745a11e3
nixbld: new msys2 repos
2022-11-03 19:09:35 +08:00
Sebastien Bourdeauducq
0c8019516d
nixbld: fix bind DNSSEC configuration for new version
...
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
Sebastien Bourdeauducq
d2bfca1f25
nixbld: serve nmigen docs
2022-09-27 11:07:13 +08:00
Sebastien Bourdeauducq
9bc617a019
nixbld: fix munin auth
2022-09-23 11:00:49 +08:00
Sebastien Bourdeauducq
e2e4b0842a
nixbld: add yuk account
2022-09-21 10:12:25 +08:00
Sebastien Bourdeauducq
382c8bfaab
nixbld: add aux key for backupdl
2022-09-17 19:19:00 +08:00
Sebastien Bourdeauducq
ac022776e7
nixbld: SSH reverse proxy setup
2022-09-17 19:13:54 +08:00
Sebastien Bourdeauducq
e9b02d0c72
nixbld: disable kk105 account
2022-09-13 08:50:16 +08:00
Sebastien Bourdeauducq
365ec54358
nixbld: install hedgedoc
2022-09-01 11:39:47 +08:00
Sebastien Bourdeauducq
dc08412ba2
update email settings
2022-08-13 11:22:01 +08:00
Sebastien Bourdeauducq
a517d429ab
work around Google DNS geolocation fuckup
2022-08-12 18:37:42 +08:00
Sebastien Bourdeauducq
7dc4866314
nixbld: more email setup
2022-08-09 17:45:26 +08:00
Sebastien Bourdeauducq
5f7cb6113e
nixbld: block siglent internet
2022-08-03 12:52:26 +08:00
Sebastien Bourdeauducq
a147bb3883
nixbld: add topquark12
2022-07-31 19:40:45 +08:00
Sebastien Bourdeauducq
80ee7911cd
nixbld: disable jitsi
...
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
Sebastien Bourdeauducq
66d7dd6efe
nixbld: enable more fail2ban filters
2022-07-25 18:33:24 +08:00
Sebastien Bourdeauducq
93a40ea87d
nixbld: reduce gitea spamminess
2022-07-25 18:33:08 +08:00
Sebastien Bourdeauducq
e5250c88fb
nixbld: web/hydra setup for flakes in ARTIQ stable
2022-07-08 19:00:38 +08:00
Sebastien Bourdeauducq
048863593a
nixbld: remove obsolete ACME workaround
2022-07-04 16:22:40 +08:00
Sebastien Bourdeauducq
328a85c504
nixbld: install nextcloud
2022-06-30 17:33:09 +08:00
Sebastien Bourdeauducq
3ef19cbe93
nixbld: m-labs.hk DNS zone
2022-06-28 14:44:14 +08:00
Sebastien Bourdeauducq
6333165321
nixbld: setup email server for m-labs.hk
2022-06-27 18:17:30 +08:00
Sebastien Bourdeauducq
8bc44199fc
nixbld: make bind CLI tools available
2022-06-27 18:16:38 +08:00
Sebastien Bourdeauducq
08ab958a76
nixbld: use semi-automatic DNSSEC
2022-06-27 13:08:16 +08:00
Sebastien Bourdeauducq
3909d7428d
nixbld: DNS server (WIP)
2022-06-26 16:57:17 +08:00
Sebastien Bourdeauducq
70ad63ca56
nixbld: block internet access on insecure device
2022-06-23 15:33:37 +08:00
Sebastien Bourdeauducq
6cb5c84a9b
nixbld: enable mail server again
2022-06-18 13:58:51 +08:00
Sebastien Bourdeauducq
7f599bdbc9
nixbld: remove gitea patch (merged upstream)
2022-06-07 10:17:15 +08:00
Sebastien Bourdeauducq
ae5e85d611
nixbld: re-add networked derivations patch
2022-06-04 13:52:21 +08:00
Sebastien Bourdeauducq
5354daf585
nixbld: NixOS 22.05
2022-05-26 12:12:14 +08:00
Sebastien Bourdeauducq
cb75072f15
nixbld: add kk105
2022-05-26 10:57:19 +08:00
Sebastien Bourdeauducq
da3a82a52d
nixbld: add spaqin
2022-05-06 16:55:00 +08:00
Sebastien Bourdeauducq
aba22c34ca
nixbld: add nkrackow
2022-05-05 19:23:40 +08:00
Sebastien Bourdeauducq
a58a613418
nixbld: add .science tld
2022-04-14 12:17:22 +08:00
Sebastien Bourdeauducq
61c008ff43
nixbld: publish msys2 repos on web
2022-04-05 11:14:17 +08:00
Sebastien Bourdeauducq
a8d28d2cbc
hydra: add msys2 type
2022-04-04 15:05:39 +08:00
Sebastien Bourdeauducq
28ca789aae
nixbld: use flake output for beta conda channel
2022-02-12 18:50:08 +08:00
Sebastien Bourdeauducq
0c04f014d7
nixbld: use sipyco flake output for manual
2022-02-12 11:23:19 +08:00
Sebastien Bourdeauducq
d4c36b8cfd
nixbld: use ARTIQ flake output for manual
2022-02-12 10:19:15 +08:00
Sebastien Bourdeauducq
0b8aa97192
nixbld: run AFWS server
2022-02-07 14:31:37 +08:00
Sebastien Bourdeauducq
995f8897a4
nixbld: work around hidden hydra sudo dependency
2022-01-17 18:48:23 +08:00
Sebastien Bourdeauducq
910506d3e4
nixbld: enable fail2ban
2022-01-03 14:34:57 +08:00
Sebastien Bourdeauducq
ec7e9209f5
nixbld: improve root account security
2022-01-03 13:46:57 +08:00
Sebastien Bourdeauducq
b70908f864
nixbld: restrict maxJobs again to avoid Vivado OOM
2021-12-03 11:03:36 +08:00
Sebastien Bourdeauducq
a0cb49b59d
nixbld: nixos 21.11
2021-12-01 18:11:06 +08:00
Sebastien Bourdeauducq
628e5fb9d7
nixbld: cleanup buildMachines
2021-11-25 10:42:01 +08:00
Sebastien Bourdeauducq
c5c22da2ba
nixbld: update nixops
2021-11-24 23:57:18 +08:00
Sebastien Bourdeauducq
8114dcfb6d
nixbld: remove memtest86
2021-11-24 23:57:06 +08:00
Sebastien Bourdeauducq
f5ff63b74b
nixbld: remove hkadmin
2021-11-22 12:19:00 +08:00
Sebastien Bourdeauducq
813b4831c6
nixbld: cleanup
2021-11-22 12:17:58 +08:00
Sebastien Bourdeauducq
c75cf3456b
nixbld: improve backup
...
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
Sebastien Bourdeauducq
7342601788
nixbld: add occheung user
2021-11-11 12:12:46 +08:00
Sebastien Bourdeauducq
00d29eba4d
nixbld: install borgbackup
2021-09-18 16:35:25 +08:00
Sebastien Bourdeauducq
82e161dba3
hydra: hack-patch allowed URIs to work around Nix issue #5039
2021-09-01 19:59:23 +08:00
Sebastien Bourdeauducq
4ce9c2a718
nixbld: enable flakes
2021-08-18 14:53:01 +08:00
Sebastien Bourdeauducq
c96b3793c4
rt: persistent sessions
2021-08-12 13:39:53 +08:00
Sebastien Bourdeauducq
223ab96b5a
nixbld: fix RT SSL
2021-08-11 12:02:33 +08:00
Sebastien Bourdeauducq
0e548d1eff
nixbld: handle incoming RT emails
2021-08-11 11:57:05 +08:00
Sebastien Bourdeauducq
e3578011a5
rt: email setup WIP
2021-08-11 10:54:24 +08:00
Sebastien Bourdeauducq
d9536ff5db
rt: fix API security problem
2021-08-11 10:54:12 +08:00
Sebastien Bourdeauducq
a97302a80a
nixbld: RT working, no mail
2021-08-10 21:28:14 +08:00
Sebastien Bourdeauducq
ef3544f8f3
nixbld: publish conda channel archives
2021-08-10 19:08:25 +08:00
Sebastien Bourdeauducq
01212b4e51
nixbld: install iw and nvme-cli
2021-08-09 13:32:37 +08:00
Sebastien Bourdeauducq
adccf47d3c
nixbld: wifi problems
2021-08-09 13:32:18 +08:00
Sebastien Bourdeauducq
7d073e371c
nixbld: add github backups
2021-08-07 17:47:16 +08:00
Sebastien Bourdeauducq
4c394a0976
nixbld: wifi problems
2021-08-07 17:45:53 +08:00
Sebastien Bourdeauducq
9474dfa3a2
nixbld: fix stateVersion
2021-08-07 13:19:47 +08:00
Sebastien Bourdeauducq
58252a93a4
nixbld: new server
2021-08-07 12:24:31 +08:00
Sebastien Bourdeauducq
b7a49505bc
nixbld: end mailserver experiment
...
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.
https://support.google.com/mail/answer/10336?p=NotAuthorizedError
Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
Sebastien Bourdeauducq
b7cef86473
nixbld: nixos 21.05
2021-06-07 09:56:05 +08:00
Sebastien Bourdeauducq
3b4f5d27c8
nixbld: reduce zfs scrub frequency
2021-05-28 16:07:09 +08:00
Sebastien Bourdeauducq
2f8d46d872
nixbld: update for newer hydra (2021-05-03)
2021-05-13 15:46:52 +08:00
Sebastien Bourdeauducq
7b6ed95090
nixbld: disable Nix flarum module
...
hacky and buggy
https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
Sebastien Bourdeauducq
a680baed40
nixbld: fix hydra-send-stats
2021-04-24 18:19:33 +08:00
Sebastien Bourdeauducq
536a134b32
nixbld: Hydra sysbuild patch merged upstream
...
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
Sebastien Bourdeauducq
7d04f99e33
nixbld: implement fbda8b064
correctly
2021-04-05 00:08:44 +08:00
Sebastien Bourdeauducq
fbda8b0643
nixbld: disable IPv6 DAD
...
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00
Sebastien Bourdeauducq
dbc288c813
fix IP for rpi-5, rename to rpi-ext
2021-03-05 18:57:20 +08:00
Sebastien Bourdeauducq
a2a7b7458f
nixbld: route ext wifi network
2021-03-04 15:54:41 +08:00
Sebastien Bourdeauducq
ed9746f3f4
nixbld: set up artiq-legacy
2021-02-17 16:09:20 +08:00
Sebastien Bourdeauducq
ed42476712
nixbld: work around Gitea token syntax problem ( #14 )
2021-01-27 11:59:10 +08:00
Sebastien Bourdeauducq
6d7235dfc4
nixbld: freeze nixos-mailserver commit
2021-01-26 18:26:17 +08:00
Astro
e94fc3ea85
hydra: add patch for, configure giteastatus plugin
...
Fixes M-Labs/nix-scripts#32
2021-01-25 21:17:54 +01:00
Sebastien Bourdeauducq
169876e211
nixbld: add account creation note to gitea signin page
2021-01-23 17:20:05 +08:00
Sebastien Bourdeauducq
6bc5b75ccb
nixbld: fix gitea errors 500
...
https://github.com/go-gitea/gitea/issues/14274
2021-01-11 16:19:30 +08:00
Sebastien Bourdeauducq
1fa9caf1b8
nixbld: work around nixos bug with acme and local dns resolver
...
https://github.com/NixOS/nixpkgs/issues/106862
2020-12-21 13:04:24 +08:00
Sebastien Bourdeauducq
5ea921f80f
nixbld: disable openhardware.hk
2020-11-06 15:05:33 +08:00
Sebastien Bourdeauducq
5322347cb2
nixbld: fix acme permissions
2020-11-06 14:58:35 +08:00
Sebastien Bourdeauducq
cffeaeba23
nixbld: nixos 20.09 WIP
2020-11-06 14:33:07 +08:00
Sebastien Bourdeauducq
8f62706b08
nixbld: update users
2020-10-27 14:57:07 +08:00
Sebastien Bourdeauducq
9cd9eb43f4
nixbld: add static IPs for cora and rust-pitaya
2020-10-14 12:53:51 +08:00
Astro
4ec72130b1
nixbld: add Nix unstable patch for networked derivations
...
Fixes Gitea issue #7
2020-10-06 00:45:56 +02:00
Astro
8ad847c7fa
hydra: configure githubstatus plugin
...
Part of M-Labs/nix-scripts#32
2020-09-02 19:55:15 +02:00
Sebastien Bourdeauducq
e3690e50f0
nixbld: enable gitea code search
2020-08-31 17:39:28 +08:00
Astro
24e1201ab1
flarum: init
2020-08-22 02:25:43 +02:00
Sebastien Bourdeauducq
4d8214d00e
nixbld: open firewall for jitsi-videobridge
2020-08-03 15:32:06 +08:00
Sebastien Bourdeauducq
420796a547
nixbld: install jitsi
2020-08-03 15:19:56 +08:00
Sebastien Bourdeauducq
5322606804
disable homu
...
Not used anymore.
2020-08-02 20:44:01 +08:00
Sebastien Bourdeauducq
c6c392d10f
Revert "hydra: move store to zfs"
...
This is a mess: https://github.com/NixOS/hydra/issues/796
This reverts commit ac2ea5621d
.
2020-07-29 19:03:34 +08:00
Sebastien Bourdeauducq
ac2ea5621d
hydra: move store to zfs
2020-07-26 23:53:04 +08:00
Sebastien Bourdeauducq
2cdff2b132
nixbld: turn on zfs autosnapshot
2020-07-26 22:29:38 +08:00
Sebastien Bourdeauducq
d2f7181a1f
nixbld: continue zfs setup
2020-07-26 22:21:31 +08:00
Sebastien Bourdeauducq
deaf3e9e75
nixbld: enable ZFS
2020-07-25 19:21:41 +08:00
Sebastien Bourdeauducq
805a3e33ad
nixbld: add Nix 'networked' derivations
...
This obsoletes the fixed-output derivation hack previously used on Hydra, and the associated retry patch.
2020-07-04 16:02:30 +08:00
Astro
45037cb464
nixbld: add hydra-restrictdist.patch
...
Preparation for M-Labs/nix-scripts#26
2020-06-26 20:20:03 +02:00
Sebastien Bourdeauducq
a595a5b8ce
update static IP allocation
2020-06-24 11:06:35 +08:00
Sebastien Bourdeauducq
5a0afc48d4
import from nix-scripts
2020-06-20 17:54:21 +08:00