Sebastien Bourdeauducq
c2c7e67549
nixbld: block zyxel cloud switch
2023-07-13 09:35:32 +08:00
Sebastien Bourdeauducq
4c62ba7f9d
nixbld: block hikvision device
2023-07-12 17:41:05 +08:00
Sebastien Bourdeauducq
257c2dc432
nixbld: fix mysql backup auth
2023-07-07 17:29:24 +08:00
Sebastien Bourdeauducq
e2c2dbbeeb
nixbld: autostart iPXE HTTP boot
2023-07-02 16:31:25 +08:00
Sebastien Bourdeauducq
a9ee77b9e8
nixbld: serve iPXE on LAN
2023-07-02 16:15:24 +08:00
Sebastien Bourdeauducq
dbd20c6418
nixbld: update simple-nixos-mailserver
2023-06-13 10:54:20 +08:00
Sebastien Bourdeauducq
2227e816bc
nixbld: update dnsmasq settings
2023-06-04 22:40:14 +08:00
Sebastien Bourdeauducq
6b35c751d8
nixbld: NixOS 23.05 compatibility
2023-06-02 17:36:05 +08:00
Sebastien Bourdeauducq
d21c31aae5
nixbld: add esavkin to lp group
2023-05-31 18:11:18 +08:00
Sebastien Bourdeauducq
f5837877d2
nixbld: increase nextcloud max upload size
2023-05-30 21:34:36 +08:00
Sebastien Bourdeauducq
77ba57e8fa
disable X11 forwarding (replaced with waypipe)
2023-05-24 12:45:34 +08:00
Sebastien Bourdeauducq
5223d9fd89
afws: move more code into module file, use new reload mechanism
2023-04-08 17:49:03 +08:00
Sebastien Bourdeauducq
0640cfad04
nixbld: increase AFWS WebSocket timeout
2023-04-07 16:02:07 +08:00
Sebastien Bourdeauducq
6c6f11ed7d
nixbld: set up ACME certificate for AFWS
2023-04-07 14:39:05 +08:00
Sebastien Bourdeauducq
0442916420
nixbld: afws websocket proxy settings
2023-04-05 13:37:35 +08:00
Sebastien Bourdeauducq
c8c38f79c0
nixbld: set recommendedTlsSettings
2023-04-05 13:37:11 +08:00
Sebastien Bourdeauducq
b7d9df794e
nixbld: close legacy firewall ports
2023-04-05 12:42:42 +08:00
Sebastien Bourdeauducq
6d31b77f0e
add .ph site
2023-03-23 15:22:25 +08:00
Sebastien Bourdeauducq
ff37c5949e
nixbld: add esavkin
2023-03-03 18:29:45 +08:00
Sebastien Bourdeauducq
8ea7b06218
remove therobs12 user
2023-02-16 11:55:29 +08:00
Sebastien Bourdeauducq
c9f774d011
nixbld: install labelprinter
2023-02-10 18:26:12 +08:00
Sebastien Bourdeauducq
9babd68652
nixbld: give backupdl access to nextcloud
2023-01-31 15:41:15 +08:00
Sebastien Bourdeauducq
b3f5f687aa
nixbld: cleanup backupdl keys
2023-01-30 16:14:12 +08:00
Sebastien Bourdeauducq
af27584100
nixbld: remove topquark12 user
2023-01-30 16:12:13 +08:00
Sebastien Bourdeauducq
4c7a2dfce3
nixbld: label printer permissions
2023-01-30 16:12:00 +08:00
Sebastien Bourdeauducq
30fa569bdc
nixbld: block more insecure devices
2023-01-30 16:08:27 +08:00
Sebastien Bourdeauducq
9dee7c1888
nixbld: update backupdl key
2023-01-29 20:19:05 +08:00
Sebastien Bourdeauducq
0faa05aec3
nixbld: add back qnetp DNS
2023-01-29 18:29:16 +08:00
Sebastien Bourdeauducq
21a7d1c36e
nixbld: update LAN AAAA records
2023-01-29 18:01:31 +08:00
Sebastien Bourdeauducq
faff3a5eef
nixbld: relocation
2023-01-29 12:11:31 +08:00
Sebastien Bourdeauducq
3210289ebf
fix *.mil DNS lookups
2023-01-28 09:54:13 +08:00
Sebastien Bourdeauducq
dd0ebf1c47
nixbld: move to he.net DNS
2023-01-27 14:48:14 +08:00
Sebastien Bourdeauducq
2c770e9929
nixbld: better workaround against crappy registrar without glue records
...
PCCW's static.imsbiz.com is wonky and not always available for all IPs, so stop using it.
2023-01-16 16:07:58 +08:00
Sebastien Bourdeauducq
fb54880765
nixbld: start rt-fetchmail after dovecot
2023-01-04 11:54:30 +08:00
Sebastien Bourdeauducq
ea0b7d6dc7
nixbld: enable POP3
2022-12-25 11:07:02 +08:00
Sebastien Bourdeauducq
3b224c56aa
nixbld: ignore local IP for fail2ban
2022-12-24 15:42:35 +08:00
Sebastien Bourdeauducq
162ad28a52
hydra: allow eval from duke gitlab
2022-12-17 14:58:35 +08:00
Sebastien Bourdeauducq
dbc9f4c68d
remote setup
2022-12-10 19:17:22 +08:00
Sebastien Bourdeauducq
15d99bc68b
nixbld: persist DNSSEC private key
...
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
Sebastien Bourdeauducq
70a7ce5d30
nixbld: remove obsolete ssh key
2022-12-03 17:14:23 +08:00
Sebastien Bourdeauducq
2af492e37e
nixbld: NixOS 22.11
2022-12-03 16:29:32 +08:00
Sebastien Bourdeauducq
88dd1a5fc4
nixbld: update therobs shell
2022-11-11 17:58:10 +08:00
Sebastien Bourdeauducq
cecda7e28b
nixbld: update users
2022-11-11 17:46:10 +08:00
Sebastien Bourdeauducq
2d9b7767a6
nixbld: enable aarch64-linux binfmt emulation
2022-11-09 21:14:11 +08:00
Sebastien Bourdeauducq
fb745a11e3
nixbld: new msys2 repos
2022-11-03 19:09:35 +08:00
Sebastien Bourdeauducq
0c8019516d
nixbld: fix bind DNSSEC configuration for new version
...
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
Sebastien Bourdeauducq
d2bfca1f25
nixbld: serve nmigen docs
2022-09-27 11:07:13 +08:00
Sebastien Bourdeauducq
9bc617a019
nixbld: fix munin auth
2022-09-23 11:00:49 +08:00
Sebastien Bourdeauducq
4b23f8d66f
nixbld: update DNS zone
2022-09-23 10:58:41 +08:00
Sebastien Bourdeauducq
e2e4b0842a
nixbld: add yuk account
2022-09-21 10:12:25 +08:00
Sebastien Bourdeauducq
382c8bfaab
nixbld: add aux key for backupdl
2022-09-17 19:19:00 +08:00
Sebastien Bourdeauducq
ac022776e7
nixbld: SSH reverse proxy setup
2022-09-17 19:13:54 +08:00
Sebastien Bourdeauducq
e9b02d0c72
nixbld: disable kk105 account
2022-09-13 08:50:16 +08:00
Sebastien Bourdeauducq
cd215e9e66
nixbld: backup hedgedoc
2022-09-02 18:10:17 +08:00
Sebastien Bourdeauducq
663e030aa8
nixbld: update named zone serial
2022-09-01 11:39:56 +08:00
Sebastien Bourdeauducq
365ec54358
nixbld: install hedgedoc
2022-09-01 11:39:47 +08:00
Sebastien Bourdeauducq
20175f7bc0
nixbld: rfc2181 forbids mx cname
2022-09-01 10:55:31 +08:00
Sebastien Bourdeauducq
dc8db5fbee
rfq: do not write email password to the Nix store
2022-08-13 11:43:01 +08:00
Sebastien Bourdeauducq
dc08412ba2
update email settings
2022-08-13 11:22:01 +08:00
Sebastien Bourdeauducq
13bfee7be2
switch email server
2022-08-13 10:25:53 +08:00
Sebastien Bourdeauducq
a517d429ab
work around Google DNS geolocation fuckup
2022-08-12 18:37:42 +08:00
Sebastien Bourdeauducq
7dc4866314
nixbld: more email setup
2022-08-09 17:45:26 +08:00
Sebastien Bourdeauducq
5f7cb6113e
nixbld: block siglent internet
2022-08-03 12:52:26 +08:00
Sebastien Bourdeauducq
a147bb3883
nixbld: add topquark12
2022-07-31 19:40:45 +08:00
Sebastien Bourdeauducq
80ee7911cd
nixbld: disable jitsi
...
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
Sebastien Bourdeauducq
66d7dd6efe
nixbld: enable more fail2ban filters
2022-07-25 18:33:24 +08:00
Sebastien Bourdeauducq
93a40ea87d
nixbld: reduce gitea spamminess
2022-07-25 18:33:08 +08:00
Sebastien Bourdeauducq
e5250c88fb
nixbld: web/hydra setup for flakes in ARTIQ stable
2022-07-08 19:00:38 +08:00
Sebastien Bourdeauducq
048863593a
nixbld: remove obsolete ACME workaround
2022-07-04 16:22:40 +08:00
Sebastien Bourdeauducq
328a85c504
nixbld: install nextcloud
2022-06-30 17:33:09 +08:00
Sebastien Bourdeauducq
3ef19cbe93
nixbld: m-labs.hk DNS zone
2022-06-28 14:44:14 +08:00
Sebastien Bourdeauducq
6333165321
nixbld: setup email server for m-labs.hk
2022-06-27 18:17:30 +08:00
Sebastien Bourdeauducq
8bc44199fc
nixbld: make bind CLI tools available
2022-06-27 18:16:38 +08:00
Sebastien Bourdeauducq
66a7a29b0a
nixbld: do not create backups during ZFS scrubs
2022-06-27 18:15:57 +08:00
Sebastien Bourdeauducq
cef6b7263a
nixbld: backup mail
2022-06-27 18:15:47 +08:00
Sebastien Bourdeauducq
08ab958a76
nixbld: use semi-automatic DNSSEC
2022-06-27 13:08:16 +08:00
Sebastien Bourdeauducq
3909d7428d
nixbld: DNS server (WIP)
2022-06-26 16:57:17 +08:00
Sebastien Bourdeauducq
70ad63ca56
nixbld: block internet access on insecure device
2022-06-23 15:33:37 +08:00
Sebastien Bourdeauducq
6cb5c84a9b
nixbld: enable mail server again
2022-06-18 13:58:51 +08:00
Sebastien Bourdeauducq
7f599bdbc9
nixbld: remove gitea patch (merged upstream)
2022-06-07 10:17:15 +08:00
Sebastien Bourdeauducq
ae5e85d611
nixbld: re-add networked derivations patch
2022-06-04 13:52:21 +08:00
Sebastien Bourdeauducq
5f1ff14380
afws_module: fix nix command
2022-05-26 13:05:34 +08:00
Sebastien Bourdeauducq
5354daf585
nixbld: NixOS 22.05
2022-05-26 12:12:14 +08:00
Sebastien Bourdeauducq
cb75072f15
nixbld: add kk105
2022-05-26 10:57:19 +08:00
Sebastien Bourdeauducq
da3a82a52d
nixbld: add spaqin
2022-05-06 16:55:00 +08:00
Sebastien Bourdeauducq
aba22c34ca
nixbld: add nkrackow
2022-05-05 19:23:40 +08:00
Sebastien Bourdeauducq
a58a613418
nixbld: add .science tld
2022-04-14 12:17:22 +08:00
Sebastien Bourdeauducq
61c008ff43
nixbld: publish msys2 repos on web
2022-04-05 11:14:17 +08:00
Sebastien Bourdeauducq
7a14264be4
hydra: fix msys2 icon
2022-04-04 15:39:28 +08:00
Sebastien Bourdeauducq
a8d28d2cbc
hydra: add msys2 type
2022-04-04 15:05:39 +08:00
Sebastien Bourdeauducq
e1e723ece5
nixbld: backup afws
2022-03-20 10:49:59 +08:00
Sebastien Bourdeauducq
28ca789aae
nixbld: use flake output for beta conda channel
2022-02-12 18:50:08 +08:00
Sebastien Bourdeauducq
0c04f014d7
nixbld: use sipyco flake output for manual
2022-02-12 11:23:19 +08:00
Sebastien Bourdeauducq
d4c36b8cfd
nixbld: use ARTIQ flake output for manual
2022-02-12 10:19:15 +08:00
Sebastien Bourdeauducq
0b8aa97192
nixbld: run AFWS server
2022-02-07 14:31:37 +08:00
Sebastien Bourdeauducq
322d267caf
hydra: update evalSettings.allowedUris
2022-02-07 14:31:21 +08:00
Sebastien Bourdeauducq
a270418cfc
nixbld: exclude new gitea archive location from backups
2022-02-02 10:53:11 +08:00
Sebastien Bourdeauducq
995f8897a4
nixbld: work around hidden hydra sudo dependency
2022-01-17 18:48:23 +08:00
Sebastien Bourdeauducq
8e20a3df6e
nixbld: update gitea templates
2022-01-04 15:17:17 +08:00
Sebastien Bourdeauducq
910506d3e4
nixbld: enable fail2ban
2022-01-03 14:34:57 +08:00
Sebastien Bourdeauducq
ec7e9209f5
nixbld: improve root account security
2022-01-03 13:46:57 +08:00
Sebastien Bourdeauducq
b70908f864
nixbld: restrict maxJobs again to avoid Vivado OOM
2021-12-03 11:03:36 +08:00
Sebastien Bourdeauducq
a0cb49b59d
nixbld: nixos 21.11
2021-12-01 18:11:06 +08:00
Sebastien Bourdeauducq
628e5fb9d7
nixbld: cleanup buildMachines
2021-11-25 10:42:01 +08:00
Sebastien Bourdeauducq
e8527e496b
nixbld: include rt in backups
2021-11-25 00:15:09 +08:00
Sebastien Bourdeauducq
c5c22da2ba
nixbld: update nixops
2021-11-24 23:57:18 +08:00
Sebastien Bourdeauducq
8114dcfb6d
nixbld: remove memtest86
2021-11-24 23:57:06 +08:00
Sebastien Bourdeauducq
29830b0ae9
nixbld: more frequent backups
2021-11-24 23:56:48 +08:00
Sebastien Bourdeauducq
3e2061c47b
nixbld: fix rt group
2021-11-23 13:52:00 +08:00
Sebastien Bourdeauducq
f5ff63b74b
nixbld: remove hkadmin
2021-11-22 12:19:00 +08:00
Sebastien Bourdeauducq
ae6915ab44
nixbld: fix RT startup
2021-11-22 12:18:06 +08:00
Sebastien Bourdeauducq
813b4831c6
nixbld: cleanup
2021-11-22 12:17:58 +08:00
Sebastien Bourdeauducq
c75cf3456b
nixbld: improve backup
...
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
Sebastien Bourdeauducq
7342601788
nixbld: add occheung user
2021-11-11 12:12:46 +08:00
Harry Ho
bcc5502ec6
rt: prevent text attachments from appearing inline on web interface
2021-10-27 12:20:08 +08:00
Sebastien Bourdeauducq
00d29eba4d
nixbld: install borgbackup
2021-09-18 16:35:25 +08:00
Sebastien Bourdeauducq
82e161dba3
hydra: hack-patch allowed URIs to work around Nix issue #5039
2021-09-01 19:59:23 +08:00
Sebastien Bourdeauducq
4ce9c2a718
nixbld: enable flakes
2021-08-18 14:53:01 +08:00
Sebastien Bourdeauducq
c96b3793c4
rt: persistent sessions
2021-08-12 13:39:53 +08:00
Sebastien Bourdeauducq
63250304d2
rt: fix default queue (2)
2021-08-11 16:01:32 +08:00
Sebastien Bourdeauducq
89dd90075e
rt: fix default queue
2021-08-11 15:35:23 +08:00
Sebastien Bourdeauducq
223ab96b5a
nixbld: fix RT SSL
2021-08-11 12:02:33 +08:00
Sebastien Bourdeauducq
0e548d1eff
nixbld: handle incoming RT emails
2021-08-11 11:57:05 +08:00
Sebastien Bourdeauducq
e3578011a5
rt: email setup WIP
2021-08-11 10:54:24 +08:00
Sebastien Bourdeauducq
d9536ff5db
rt: fix API security problem
2021-08-11 10:54:12 +08:00
Sebastien Bourdeauducq
a385c2db4b
rt: stop using tmpfiles for db password file permissions
2021-08-11 10:53:48 +08:00
Sebastien Bourdeauducq
a97302a80a
nixbld: RT working, no mail
2021-08-10 21:28:14 +08:00
Sebastien Bourdeauducq
ef3544f8f3
nixbld: publish conda channel archives
2021-08-10 19:08:25 +08:00
Sebastien Bourdeauducq
977cccc997
nixbld: fix hooks page breaking github backups
...
https://github.com/josegonzalez/python-github-backup/issues/176
2021-08-09 13:46:46 +08:00
Sebastien Bourdeauducq
01212b4e51
nixbld: install iw and nvme-cli
2021-08-09 13:32:37 +08:00
Sebastien Bourdeauducq
adccf47d3c
nixbld: wifi problems
2021-08-09 13:32:18 +08:00
Sebastien Bourdeauducq
7d073e371c
nixbld: add github backups
2021-08-07 17:47:16 +08:00
Sebastien Bourdeauducq
4c394a0976
nixbld: wifi problems
2021-08-07 17:45:53 +08:00
Sebastien Bourdeauducq
a0f445b0dd
nixbld: remove old flarum files
2021-08-07 13:47:26 +08:00
Sebastien Bourdeauducq
9474dfa3a2
nixbld: fix stateVersion
2021-08-07 13:19:47 +08:00
Sebastien Bourdeauducq
58252a93a4
nixbld: new server
2021-08-07 12:24:31 +08:00
Sebastien Bourdeauducq
b7a49505bc
nixbld: end mailserver experiment
...
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.
https://support.google.com/mail/answer/10336?p=NotAuthorizedError
Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
Sebastien Bourdeauducq
b7cef86473
nixbld: nixos 21.05
2021-06-07 09:56:05 +08:00
Sebastien Bourdeauducq
3b4f5d27c8
nixbld: reduce zfs scrub frequency
2021-05-28 16:07:09 +08:00
Sebastien Bourdeauducq
4fc5d2e56a
nixbld: fix gitea logo
2021-05-13 15:51:50 +08:00
Sebastien Bourdeauducq
2f8d46d872
nixbld: update for newer hydra (2021-05-03)
2021-05-13 15:46:52 +08:00
Sebastien Bourdeauducq
7b6ed95090
nixbld: disable Nix flarum module
...
hacky and buggy
https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
Sebastien Bourdeauducq
9185cdcec1
nixbld: update flarum deps
2021-05-06 06:41:32 +08:00
Sebastien Bourdeauducq
a680baed40
nixbld: fix hydra-send-stats
2021-04-24 18:19:33 +08:00
Sebastien Bourdeauducq
be8881892f
nixbld: upgrade flarum and remove unused extensions
2021-04-24 18:13:44 +08:00
Sebastien Bourdeauducq
536a134b32
nixbld: Hydra sysbuild patch merged upstream
...
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
Sebastien Bourdeauducq
43005f0f65
nixbld: update Nix patches
2021-04-24 17:07:14 +08:00
Sebastien Bourdeauducq
86c840d7f0
nixbld: minor flarum updates, install FoF/subscribed
2021-04-05 14:20:26 +08:00
Sebastien Bourdeauducq
7d04f99e33
nixbld: implement fbda8b064
correctly
2021-04-05 00:08:44 +08:00
Sebastien Bourdeauducq
fbda8b0643
nixbld: disable IPv6 DAD
...
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00