30fa569bdc
nixbld: block more insecure devices
2023-01-30 16:08:27 +08:00
9dee7c1888
nixbld: update backupdl key
2023-01-29 20:19:05 +08:00
0faa05aec3
nixbld: add back qnetp DNS
2023-01-29 18:29:16 +08:00
21a7d1c36e
nixbld: update LAN AAAA records
2023-01-29 18:01:31 +08:00
faff3a5eef
nixbld: relocation
2023-01-29 12:11:31 +08:00
3210289ebf
fix *.mil DNS lookups
2023-01-28 09:54:13 +08:00
dd0ebf1c47
nixbld: move to he.net DNS
2023-01-27 14:48:14 +08:00
2c770e9929
nixbld: better workaround against crappy registrar without glue records
...
PCCW's static.imsbiz.com is wonky and not always available for all IPs, so stop using it.
2023-01-16 16:07:58 +08:00
fb54880765
nixbld: start rt-fetchmail after dovecot
2023-01-04 11:54:30 +08:00
ea0b7d6dc7
nixbld: enable POP3
2022-12-25 11:07:02 +08:00
3b224c56aa
nixbld: ignore local IP for fail2ban
2022-12-24 15:42:35 +08:00
162ad28a52
hydra: allow eval from duke gitlab
2022-12-17 14:58:35 +08:00
dbc9f4c68d
remote setup
2022-12-10 19:17:22 +08:00
15d99bc68b
nixbld: persist DNSSEC private key
...
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
70a7ce5d30
nixbld: remove obsolete ssh key
2022-12-03 17:14:23 +08:00
2af492e37e
nixbld: NixOS 22.11
2022-12-03 16:29:32 +08:00
88dd1a5fc4
nixbld: update therobs shell
2022-11-11 17:58:10 +08:00
cecda7e28b
nixbld: update users
2022-11-11 17:46:10 +08:00
2d9b7767a6
nixbld: enable aarch64-linux binfmt emulation
2022-11-09 21:14:11 +08:00
fb745a11e3
nixbld: new msys2 repos
2022-11-03 19:09:35 +08:00
0c8019516d
nixbld: fix bind DNSSEC configuration for new version
...
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
d2bfca1f25
nixbld: serve nmigen docs
2022-09-27 11:07:13 +08:00
9bc617a019
nixbld: fix munin auth
2022-09-23 11:00:49 +08:00
4b23f8d66f
nixbld: update DNS zone
2022-09-23 10:58:41 +08:00
e2e4b0842a
nixbld: add yuk account
2022-09-21 10:12:25 +08:00
382c8bfaab
nixbld: add aux key for backupdl
2022-09-17 19:19:00 +08:00
ac022776e7
nixbld: SSH reverse proxy setup
2022-09-17 19:13:54 +08:00
e9b02d0c72
nixbld: disable kk105 account
2022-09-13 08:50:16 +08:00
cd215e9e66
nixbld: backup hedgedoc
2022-09-02 18:10:17 +08:00
663e030aa8
nixbld: update named zone serial
2022-09-01 11:39:56 +08:00
365ec54358
nixbld: install hedgedoc
2022-09-01 11:39:47 +08:00
20175f7bc0
nixbld: rfc2181 forbids mx cname
2022-09-01 10:55:31 +08:00
dc8db5fbee
rfq: do not write email password to the Nix store
2022-08-13 11:43:01 +08:00
dc08412ba2
update email settings
2022-08-13 11:22:01 +08:00
13bfee7be2
switch email server
2022-08-13 10:25:53 +08:00
a517d429ab
work around Google DNS geolocation fuckup
2022-08-12 18:37:42 +08:00
7dc4866314
nixbld: more email setup
2022-08-09 17:45:26 +08:00
5f7cb6113e
nixbld: block siglent internet
2022-08-03 12:52:26 +08:00
a147bb3883
nixbld: add topquark12
2022-07-31 19:40:45 +08:00
80ee7911cd
nixbld: disable jitsi
...
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
66d7dd6efe
nixbld: enable more fail2ban filters
2022-07-25 18:33:24 +08:00
93a40ea87d
nixbld: reduce gitea spamminess
2022-07-25 18:33:08 +08:00
e5250c88fb
nixbld: web/hydra setup for flakes in ARTIQ stable
2022-07-08 19:00:38 +08:00
048863593a
nixbld: remove obsolete ACME workaround
2022-07-04 16:22:40 +08:00
328a85c504
nixbld: install nextcloud
2022-06-30 17:33:09 +08:00
3ef19cbe93
nixbld: m-labs.hk DNS zone
2022-06-28 14:44:14 +08:00
6333165321
nixbld: setup email server for m-labs.hk
2022-06-27 18:17:30 +08:00
8bc44199fc
nixbld: make bind CLI tools available
2022-06-27 18:16:38 +08:00
66a7a29b0a
nixbld: do not create backups during ZFS scrubs
2022-06-27 18:15:57 +08:00
cef6b7263a
nixbld: backup mail
2022-06-27 18:15:47 +08:00
08ab958a76
nixbld: use semi-automatic DNSSEC
2022-06-27 13:08:16 +08:00
3909d7428d
nixbld: DNS server (WIP)
2022-06-26 16:57:17 +08:00
70ad63ca56
nixbld: block internet access on insecure device
2022-06-23 15:33:37 +08:00
6cb5c84a9b
nixbld: enable mail server again
2022-06-18 13:58:51 +08:00
7f599bdbc9
nixbld: remove gitea patch (merged upstream)
2022-06-07 10:17:15 +08:00
ae5e85d611
nixbld: re-add networked derivations patch
2022-06-04 13:52:21 +08:00
5f1ff14380
afws_module: fix nix command
2022-05-26 13:05:34 +08:00
5354daf585
nixbld: NixOS 22.05
2022-05-26 12:12:14 +08:00
cb75072f15
nixbld: add kk105
2022-05-26 10:57:19 +08:00
da3a82a52d
nixbld: add spaqin
2022-05-06 16:55:00 +08:00
aba22c34ca
nixbld: add nkrackow
2022-05-05 19:23:40 +08:00
a58a613418
nixbld: add .science tld
2022-04-14 12:17:22 +08:00
61c008ff43
nixbld: publish msys2 repos on web
2022-04-05 11:14:17 +08:00
7a14264be4
hydra: fix msys2 icon
2022-04-04 15:39:28 +08:00
a8d28d2cbc
hydra: add msys2 type
2022-04-04 15:05:39 +08:00
e1e723ece5
nixbld: backup afws
2022-03-20 10:49:59 +08:00
28ca789aae
nixbld: use flake output for beta conda channel
2022-02-12 18:50:08 +08:00
0c04f014d7
nixbld: use sipyco flake output for manual
2022-02-12 11:23:19 +08:00
d4c36b8cfd
nixbld: use ARTIQ flake output for manual
2022-02-12 10:19:15 +08:00
0b8aa97192
nixbld: run AFWS server
2022-02-07 14:31:37 +08:00
322d267caf
hydra: update evalSettings.allowedUris
2022-02-07 14:31:21 +08:00
a270418cfc
nixbld: exclude new gitea archive location from backups
2022-02-02 10:53:11 +08:00
995f8897a4
nixbld: work around hidden hydra sudo dependency
2022-01-17 18:48:23 +08:00
8e20a3df6e
nixbld: update gitea templates
2022-01-04 15:17:17 +08:00
910506d3e4
nixbld: enable fail2ban
2022-01-03 14:34:57 +08:00
ec7e9209f5
nixbld: improve root account security
2022-01-03 13:46:57 +08:00
b70908f864
nixbld: restrict maxJobs again to avoid Vivado OOM
2021-12-03 11:03:36 +08:00
a0cb49b59d
nixbld: nixos 21.11
2021-12-01 18:11:06 +08:00
628e5fb9d7
nixbld: cleanup buildMachines
2021-11-25 10:42:01 +08:00
e8527e496b
nixbld: include rt in backups
2021-11-25 00:15:09 +08:00
c5c22da2ba
nixbld: update nixops
2021-11-24 23:57:18 +08:00
8114dcfb6d
nixbld: remove memtest86
2021-11-24 23:57:06 +08:00
29830b0ae9
nixbld: more frequent backups
2021-11-24 23:56:48 +08:00
3e2061c47b
nixbld: fix rt group
2021-11-23 13:52:00 +08:00
f5ff63b74b
nixbld: remove hkadmin
2021-11-22 12:19:00 +08:00
ae6915ab44
nixbld: fix RT startup
2021-11-22 12:18:06 +08:00
813b4831c6
nixbld: cleanup
2021-11-22 12:17:58 +08:00
c75cf3456b
nixbld: improve backup
...
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
7342601788
nixbld: add occheung user
2021-11-11 12:12:46 +08:00
bcc5502ec6
rt: prevent text attachments from appearing inline on web interface
2021-10-27 12:20:08 +08:00
00d29eba4d
nixbld: install borgbackup
2021-09-18 16:35:25 +08:00
82e161dba3
hydra: hack-patch allowed URIs to work around Nix issue #5039
2021-09-01 19:59:23 +08:00
4ce9c2a718
nixbld: enable flakes
2021-08-18 14:53:01 +08:00
c96b3793c4
rt: persistent sessions
2021-08-12 13:39:53 +08:00
63250304d2
rt: fix default queue (2)
2021-08-11 16:01:32 +08:00
89dd90075e
rt: fix default queue
2021-08-11 15:35:23 +08:00
223ab96b5a
nixbld: fix RT SSL
2021-08-11 12:02:33 +08:00
0e548d1eff
nixbld: handle incoming RT emails
2021-08-11 11:57:05 +08:00
e3578011a5
rt: email setup WIP
2021-08-11 10:54:24 +08:00
d9536ff5db
rt: fix API security problem
2021-08-11 10:54:12 +08:00
a385c2db4b
rt: stop using tmpfiles for db password file permissions
2021-08-11 10:53:48 +08:00
a97302a80a
nixbld: RT working, no mail
2021-08-10 21:28:14 +08:00
ef3544f8f3
nixbld: publish conda channel archives
2021-08-10 19:08:25 +08:00
977cccc997
nixbld: fix hooks page breaking github backups
...
https://github.com/josegonzalez/python-github-backup/issues/176
2021-08-09 13:46:46 +08:00
01212b4e51
nixbld: install iw and nvme-cli
2021-08-09 13:32:37 +08:00
adccf47d3c
nixbld: wifi problems
2021-08-09 13:32:18 +08:00
7d073e371c
nixbld: add github backups
2021-08-07 17:47:16 +08:00
4c394a0976
nixbld: wifi problems
2021-08-07 17:45:53 +08:00
a0f445b0dd
nixbld: remove old flarum files
2021-08-07 13:47:26 +08:00
9474dfa3a2
nixbld: fix stateVersion
2021-08-07 13:19:47 +08:00
58252a93a4
nixbld: new server
2021-08-07 12:24:31 +08:00
b7a49505bc
nixbld: end mailserver experiment
...
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.
https://support.google.com/mail/answer/10336?p=NotAuthorizedError
Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
b7cef86473
nixbld: nixos 21.05
2021-06-07 09:56:05 +08:00
3b4f5d27c8
nixbld: reduce zfs scrub frequency
2021-05-28 16:07:09 +08:00
4fc5d2e56a
nixbld: fix gitea logo
2021-05-13 15:51:50 +08:00
2f8d46d872
nixbld: update for newer hydra (2021-05-03)
2021-05-13 15:46:52 +08:00
7b6ed95090
nixbld: disable Nix flarum module
...
hacky and buggy
https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
9185cdcec1
nixbld: update flarum deps
2021-05-06 06:41:32 +08:00
a680baed40
nixbld: fix hydra-send-stats
2021-04-24 18:19:33 +08:00
be8881892f
nixbld: upgrade flarum and remove unused extensions
2021-04-24 18:13:44 +08:00
536a134b32
nixbld: Hydra sysbuild patch merged upstream
...
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
43005f0f65
nixbld: update Nix patches
2021-04-24 17:07:14 +08:00
86c840d7f0
nixbld: minor flarum updates, install FoF/subscribed
2021-04-05 14:20:26 +08:00
7d04f99e33
nixbld: implement fbda8b064
correctly
2021-04-05 00:08:44 +08:00
fbda8b0643
nixbld: disable IPv6 DAD
...
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00
dbc288c813
fix IP for rpi-5, rename to rpi-ext
2021-03-05 18:57:20 +08:00
f42fc3b986
nixops: create ext wifi network
2021-03-04 15:54:55 +08:00
a2a7b7458f
nixbld: route ext wifi network
2021-03-04 15:54:41 +08:00
ed9746f3f4
nixbld: set up artiq-legacy
2021-02-17 16:09:20 +08:00
ed42476712
nixbld: work around Gitea token syntax problem ( #14 )
2021-01-27 11:59:10 +08:00
6d7235dfc4
nixbld: freeze nixos-mailserver commit
2021-01-26 18:26:17 +08:00
e5b8b37bed
nixbld: update secret_permissions
2021-01-26 18:19:06 +08:00
e94fc3ea85
hydra: add patch for, configure giteastatus plugin
...
Fixes M-Labs/nix-scripts#32
2021-01-25 21:17:54 +01:00
169876e211
nixbld: add account creation note to gitea signin page
2021-01-23 17:20:05 +08:00
6bc5b75ccb
nixbld: fix gitea errors 500
...
https://github.com/go-gitea/gitea/issues/14274
2021-01-11 16:19:30 +08:00
1fa9caf1b8
nixbld: work around nixos bug with acme and local dns resolver
...
https://github.com/NixOS/nixpkgs/issues/106862
2020-12-21 13:04:24 +08:00
5ea921f80f
nixbld: disable openhardware.hk
2020-11-06 15:05:33 +08:00
5322347cb2
nixbld: fix acme permissions
2020-11-06 14:58:35 +08:00
cffeaeba23
nixbld: nixos 20.09 WIP
2020-11-06 14:33:07 +08:00
b10ee89454
nixbld: update Nix unstable patch for networked derivations
...
Fixes Gitea issue #7
2020-11-05 17:22:26 +01:00
8f62706b08
nixbld: update users
2020-10-27 14:57:07 +08:00
9cd9eb43f4
nixbld: add static IPs for cora and rust-pitaya
2020-10-14 12:53:51 +08:00
4ec72130b1
nixbld: add Nix unstable patch for networked derivations
...
Fixes Gitea issue #7
2020-10-06 00:45:56 +02:00
8ad847c7fa
hydra: configure githubstatus plugin
...
Part of M-Labs/nix-scripts#32
2020-09-02 19:55:15 +02:00
e3690e50f0
nixbld: enable gitea code search
2020-08-31 17:39:28 +08:00
24e1201ab1
flarum: init
2020-08-22 02:25:43 +02:00
4d8214d00e
nixbld: open firewall for jitsi-videobridge
2020-08-03 15:32:06 +08:00
420796a547
nixbld: install jitsi
2020-08-03 15:19:56 +08:00
5322606804
disable homu
...
Not used anymore.
2020-08-02 20:44:01 +08:00
c6c392d10f
Revert "hydra: move store to zfs"
...
This is a mess: https://github.com/NixOS/hydra/issues/796
This reverts commit ac2ea5621d
.
2020-07-29 19:03:34 +08:00