Egor Savkin
ed9b79a2d7
Fix postfix settings so it should load successfully and accept and send messages through tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-08 16:28:25 +08:00
Egor Savkin
95ee041e13
Fix postfix settings so it should load successfully
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-07 16:43:57 +08:00
Egor Savkin
451328c28b
Add virtual ips for the gre tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
91260e8ec5
Return swan into the zoo
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
291d5c1ee3
Use IPv6 for WG transport to decrease latency by 20%
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
67c1f49478
Ip rules instead of iptables tracking
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
2949d444bc
Apply tested client configuration
...
Adds an additional route, but doesn't enforce it so other apps will remain the same, but smtp can use tunnel for sending. Also sends replies through the tunnel if connection arrives on the tunnel.
Better have something tested and working before I start doing "perfect".
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
7a378cacad
Use wireguard instead of strongswan since its in the kernel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
ec259b1789
WIP: Use gre/ipsec instead of proxy
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
10bbd4f55d
Use proxychains-ng instead of tsocks
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
355c69f1b0
Use tsocks to wrap socks and add sock transport type
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
2ea87d3d1b
Use wildcard instead of explicit specification
...
As in example at https://www.postfix.org/transport.5.html
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Egor Savkin
d1dbdca0cb
Use postfix options for routing mails through ssh tunnel
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-04 15:25:52 +08:00
Sébastien Bourdeauducq
ec53c0cbdd
nixbld: add eduardotenholder user
2024-10-02 18:41:45 +08:00
Sébastien Bourdeauducq
0258f5cff4
nixbld: reorganize users (NFC)
2024-10-02 18:40:48 +08:00
Sébastien Bourdeauducq
b723b7f8c0
nixbld: clean up/update systemPackages
2024-09-30 15:12:01 +08:00
Sébastien Bourdeauducq
0c336f3dd7
nixbld: do not log refused connections
...
Happen all the time and spam the kernel log.
2024-09-30 14:40:09 +08:00
Sebastien Bourdeauducq
11181f0397
nixbld: flarum createDatabaseLocally no longer needed
...
https://github.com/NixOS/nixpkgs/pull/341340
2024-09-23 10:52:08 +08:00
Sébastien Bourdeauducq
4a288abe2b
nixbld: keep automatic flarum DB migrations
2024-09-10 17:12:44 +08:00
Sébastien Bourdeauducq
635f90f0c7
nixbld/flarum: use nix
2024-08-31 17:27:16 +08:00
Sébastien Bourdeauducq
8a187ba5b9
nixbld: SIT can take larger packets
2024-08-29 18:55:52 +08:00
Sébastien Bourdeauducq
9383227c5b
nixbld: consistent netif variables
2024-08-29 18:53:33 +08:00
Sébastien Bourdeauducq
233998b8f3
nixbld: work around tunnel bring-up race condition
2024-08-29 18:40:17 +08:00
Sébastien Bourdeauducq
90a6b84c09
nixbld: work around tunnel TCPMSS issues
2024-08-29 18:39:52 +08:00
Sébastien Bourdeauducq
23e1fa029a
nixbld: upgrade postgresql
2024-08-25 11:06:19 +08:00
Egor Savkin
75035b387e
Skip SPF for mails originating from intl
...
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-08-20 10:59:27 +08:00
Sébastien Bourdeauducq
6dc8214102
nixbld/backup: include gitea DB dump
2024-08-17 18:26:46 +08:00
Sébastien Bourdeauducq
a6b216bb87
nixbld/gitea: move to postgresql
2024-08-17 18:18:56 +08:00
Sébastien Bourdeauducq
6e21a95ba8
nixbld/named: add qnetp slave DNS for m-labs-intl.com
2024-08-15 19:52:42 +08:00
Sébastien Bourdeauducq
d08186a27a
nixbld/named: enable CAA for m-labs-intl.com
2024-08-14 11:52:25 +08:00
Sébastien Bourdeauducq
5d132565e6
nixbld/named: add hooks.m-labs-intl.com
2024-08-14 11:42:38 +08:00
Sébastien Bourdeauducq
97ca7ea3ce
nixbld: mail setup for m-labs-intl.com WIP
2024-08-14 11:38:19 +08:00
Sébastien Bourdeauducq
e24c167f8b
Revert "nixbld: block SAP spam"
...
Option seems to have no effect.
This reverts commit b769b47075
.
2024-08-14 10:58:49 +08:00
Egor Savkin
18194be5c3
nixbld: deploy web2019 to the intl domain
...
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-08-14 10:54:52 +08:00
Sébastien Bourdeauducq
7781d6236e
nixbld/rt: disable TCP
2024-08-11 12:19:15 +08:00
Sébastien Bourdeauducq
93e19c74e9
nixbld/rt: use psql peer authentication
2024-08-11 12:12:28 +08:00
Sébastien Bourdeauducq
4ccab3cf2b
nixbld: remove outdated DNS records
2024-08-05 19:13:34 +08:00
Sebastien Bourdeauducq
69fe8c9866
nixbld: add flo user
2024-08-01 07:32:11 +08:00
Sebastien Bourdeauducq
b769b47075
nixbld: block SAP spam
2024-07-02 09:56:02 +02:00
Sébastien Bourdeauducq
872dcaa6bc
nixbld: serve m-labs-intl.com domain
2024-06-06 17:29:07 +08:00
Sébastien Bourdeauducq
ca895df9f3
nixbld: switch to gitea built-in SSH server
2024-06-06 16:27:39 +08:00
Sébastien Bourdeauducq
4e6686dbe9
nixbld: fix gitea emails
2024-06-06 13:52:35 +08:00
Sébastien Bourdeauducq
f973d2969a
nixbld: fix gitea emails
2024-06-05 11:23:24 +08:00
Sebastien Bourdeauducq
18a41e1c88
nixbld: work around for hydra input issues in restricted mode
2024-06-03 22:39:00 +08:00
Sébastien Bourdeauducq
f07b292d3b
nixbld: disallow user SSH keys
2024-06-02 14:10:10 +08:00
Sébastien Bourdeauducq
bd6c61094f
nixbld: update letsencrypt CAA URI
...
https://github.com/NixOS/nixpkgs/issues/316608
2024-06-02 13:50:48 +08:00
Sébastien Bourdeauducq
cc0bf224df
nixbld: install mpd
2024-06-02 13:50:24 +08:00
Sébastien Bourdeauducq
41aeae7b2d
nixbld: update simple-nixos-mailserver
2024-06-02 12:59:47 +08:00
Sébastien Bourdeauducq
1eac9d249d
nixbld: nixos 24.05
2024-06-02 12:52:17 +08:00
Sébastien Bourdeauducq
c3d9b9a7a1
nixbld: small cleanup
2024-06-02 12:52:01 +08:00