Commit Graph

285 Commits

Author SHA1 Message Date
c2c7e67549 nixbld: block zyxel cloud switch 2023-07-13 09:35:32 +08:00
4c62ba7f9d nixbld: block hikvision device 2023-07-12 17:41:05 +08:00
257c2dc432 nixbld: fix mysql backup auth 2023-07-07 17:29:24 +08:00
e2c2dbbeeb nixbld: autostart iPXE HTTP boot 2023-07-02 16:31:25 +08:00
a9ee77b9e8 nixbld: serve iPXE on LAN 2023-07-02 16:15:24 +08:00
dbd20c6418 nixbld: update simple-nixos-mailserver 2023-06-13 10:54:20 +08:00
2227e816bc nixbld: update dnsmasq settings 2023-06-04 22:40:14 +08:00
6b35c751d8 nixbld: NixOS 23.05 compatibility 2023-06-02 17:36:05 +08:00
d21c31aae5 nixbld: add esavkin to lp group 2023-05-31 18:11:18 +08:00
f5837877d2 nixbld: increase nextcloud max upload size 2023-05-30 21:34:36 +08:00
77ba57e8fa disable X11 forwarding (replaced with waypipe) 2023-05-24 12:45:34 +08:00
5223d9fd89 afws: move more code into module file, use new reload mechanism 2023-04-08 17:49:03 +08:00
0640cfad04 nixbld: increase AFWS WebSocket timeout 2023-04-07 16:02:07 +08:00
6c6f11ed7d nixbld: set up ACME certificate for AFWS 2023-04-07 14:39:05 +08:00
0442916420 nixbld: afws websocket proxy settings 2023-04-05 13:37:35 +08:00
c8c38f79c0 nixbld: set recommendedTlsSettings 2023-04-05 13:37:11 +08:00
b7d9df794e nixbld: close legacy firewall ports 2023-04-05 12:42:42 +08:00
6d31b77f0e add .ph site 2023-03-23 15:22:25 +08:00
ff37c5949e nixbld: add esavkin 2023-03-03 18:29:45 +08:00
8ea7b06218 remove therobs12 user 2023-02-16 11:55:29 +08:00
c9f774d011 nixbld: install labelprinter 2023-02-10 18:26:12 +08:00
9babd68652 nixbld: give backupdl access to nextcloud 2023-01-31 15:41:15 +08:00
b3f5f687aa nixbld: cleanup backupdl keys 2023-01-30 16:14:12 +08:00
af27584100 nixbld: remove topquark12 user 2023-01-30 16:12:13 +08:00
4c7a2dfce3 nixbld: label printer permissions 2023-01-30 16:12:00 +08:00
30fa569bdc nixbld: block more insecure devices 2023-01-30 16:08:27 +08:00
9dee7c1888 nixbld: update backupdl key 2023-01-29 20:19:05 +08:00
0faa05aec3 nixbld: add back qnetp DNS 2023-01-29 18:29:16 +08:00
21a7d1c36e nixbld: update LAN AAAA records 2023-01-29 18:01:31 +08:00
faff3a5eef nixbld: relocation 2023-01-29 12:11:31 +08:00
3210289ebf fix *.mil DNS lookups 2023-01-28 09:54:13 +08:00
dd0ebf1c47 nixbld: move to he.net DNS 2023-01-27 14:48:14 +08:00
2c770e9929 nixbld: better workaround against crappy registrar without glue records
PCCW's static.imsbiz.com is wonky and not always available for all IPs, so stop using it.
2023-01-16 16:07:58 +08:00
fb54880765 nixbld: start rt-fetchmail after dovecot 2023-01-04 11:54:30 +08:00
ea0b7d6dc7 nixbld: enable POP3 2022-12-25 11:07:02 +08:00
3b224c56aa nixbld: ignore local IP for fail2ban 2022-12-24 15:42:35 +08:00
162ad28a52 hydra: allow eval from duke gitlab 2022-12-17 14:58:35 +08:00
dbc9f4c68d remote setup 2022-12-10 19:17:22 +08:00
15d99bc68b nixbld: persist DNSSEC private key
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
70a7ce5d30 nixbld: remove obsolete ssh key 2022-12-03 17:14:23 +08:00
2af492e37e nixbld: NixOS 22.11 2022-12-03 16:29:32 +08:00
88dd1a5fc4 nixbld: update therobs shell 2022-11-11 17:58:10 +08:00
cecda7e28b nixbld: update users 2022-11-11 17:46:10 +08:00
2d9b7767a6 nixbld: enable aarch64-linux binfmt emulation 2022-11-09 21:14:11 +08:00
fb745a11e3 nixbld: new msys2 repos 2022-11-03 19:09:35 +08:00
0c8019516d nixbld: fix bind DNSSEC configuration for new version
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
d2bfca1f25 nixbld: serve nmigen docs 2022-09-27 11:07:13 +08:00
9bc617a019 nixbld: fix munin auth 2022-09-23 11:00:49 +08:00
4b23f8d66f nixbld: update DNS zone 2022-09-23 10:58:41 +08:00
e2e4b0842a nixbld: add yuk account 2022-09-21 10:12:25 +08:00
382c8bfaab nixbld: add aux key for backupdl 2022-09-17 19:19:00 +08:00
ac022776e7 nixbld: SSH reverse proxy setup 2022-09-17 19:13:54 +08:00
e9b02d0c72 nixbld: disable kk105 account 2022-09-13 08:50:16 +08:00
cd215e9e66 nixbld: backup hedgedoc 2022-09-02 18:10:17 +08:00
663e030aa8 nixbld: update named zone serial 2022-09-01 11:39:56 +08:00
365ec54358 nixbld: install hedgedoc 2022-09-01 11:39:47 +08:00
20175f7bc0 nixbld: rfc2181 forbids mx cname 2022-09-01 10:55:31 +08:00
dc8db5fbee rfq: do not write email password to the Nix store 2022-08-13 11:43:01 +08:00
dc08412ba2 update email settings 2022-08-13 11:22:01 +08:00
13bfee7be2 switch email server 2022-08-13 10:25:53 +08:00
a517d429ab work around Google DNS geolocation fuckup 2022-08-12 18:37:42 +08:00
7dc4866314 nixbld: more email setup 2022-08-09 17:45:26 +08:00
5f7cb6113e nixbld: block siglent internet 2022-08-03 12:52:26 +08:00
a147bb3883 nixbld: add topquark12 2022-07-31 19:40:45 +08:00
80ee7911cd nixbld: disable jitsi
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
66d7dd6efe nixbld: enable more fail2ban filters 2022-07-25 18:33:24 +08:00
93a40ea87d nixbld: reduce gitea spamminess 2022-07-25 18:33:08 +08:00
e5250c88fb nixbld: web/hydra setup for flakes in ARTIQ stable 2022-07-08 19:00:38 +08:00
048863593a nixbld: remove obsolete ACME workaround 2022-07-04 16:22:40 +08:00
328a85c504 nixbld: install nextcloud 2022-06-30 17:33:09 +08:00
3ef19cbe93 nixbld: m-labs.hk DNS zone 2022-06-28 14:44:14 +08:00
6333165321 nixbld: setup email server for m-labs.hk 2022-06-27 18:17:30 +08:00
8bc44199fc nixbld: make bind CLI tools available 2022-06-27 18:16:38 +08:00
66a7a29b0a nixbld: do not create backups during ZFS scrubs 2022-06-27 18:15:57 +08:00
cef6b7263a nixbld: backup mail 2022-06-27 18:15:47 +08:00
08ab958a76 nixbld: use semi-automatic DNSSEC 2022-06-27 13:08:16 +08:00
3909d7428d nixbld: DNS server (WIP) 2022-06-26 16:57:17 +08:00
70ad63ca56 nixbld: block internet access on insecure device 2022-06-23 15:33:37 +08:00
6cb5c84a9b nixbld: enable mail server again 2022-06-18 13:58:51 +08:00
7f599bdbc9 nixbld: remove gitea patch (merged upstream) 2022-06-07 10:17:15 +08:00
ae5e85d611 nixbld: re-add networked derivations patch 2022-06-04 13:52:21 +08:00
5f1ff14380 afws_module: fix nix command 2022-05-26 13:05:34 +08:00
5354daf585 nixbld: NixOS 22.05 2022-05-26 12:12:14 +08:00
cb75072f15 nixbld: add kk105 2022-05-26 10:57:19 +08:00
da3a82a52d nixbld: add spaqin 2022-05-06 16:55:00 +08:00
aba22c34ca nixbld: add nkrackow 2022-05-05 19:23:40 +08:00
a58a613418 nixbld: add .science tld 2022-04-14 12:17:22 +08:00
61c008ff43 nixbld: publish msys2 repos on web 2022-04-05 11:14:17 +08:00
7a14264be4 hydra: fix msys2 icon 2022-04-04 15:39:28 +08:00
a8d28d2cbc hydra: add msys2 type 2022-04-04 15:05:39 +08:00
e1e723ece5 nixbld: backup afws 2022-03-20 10:49:59 +08:00
28ca789aae nixbld: use flake output for beta conda channel 2022-02-12 18:50:08 +08:00
0c04f014d7 nixbld: use sipyco flake output for manual 2022-02-12 11:23:19 +08:00
d4c36b8cfd nixbld: use ARTIQ flake output for manual 2022-02-12 10:19:15 +08:00
0b8aa97192 nixbld: run AFWS server 2022-02-07 14:31:37 +08:00
322d267caf hydra: update evalSettings.allowedUris 2022-02-07 14:31:21 +08:00
a270418cfc nixbld: exclude new gitea archive location from backups 2022-02-02 10:53:11 +08:00
995f8897a4 nixbld: work around hidden hydra sudo dependency 2022-01-17 18:48:23 +08:00
8e20a3df6e nixbld: update gitea templates 2022-01-04 15:17:17 +08:00
910506d3e4 nixbld: enable fail2ban 2022-01-03 14:34:57 +08:00
ec7e9209f5 nixbld: improve root account security 2022-01-03 13:46:57 +08:00
b70908f864 nixbld: restrict maxJobs again to avoid Vivado OOM 2021-12-03 11:03:36 +08:00
a0cb49b59d nixbld: nixos 21.11 2021-12-01 18:11:06 +08:00
628e5fb9d7 nixbld: cleanup buildMachines 2021-11-25 10:42:01 +08:00
e8527e496b nixbld: include rt in backups 2021-11-25 00:15:09 +08:00
c5c22da2ba nixbld: update nixops 2021-11-24 23:57:18 +08:00
8114dcfb6d nixbld: remove memtest86 2021-11-24 23:57:06 +08:00
29830b0ae9 nixbld: more frequent backups 2021-11-24 23:56:48 +08:00
3e2061c47b nixbld: fix rt group 2021-11-23 13:52:00 +08:00
f5ff63b74b nixbld: remove hkadmin 2021-11-22 12:19:00 +08:00
ae6915ab44 nixbld: fix RT startup 2021-11-22 12:18:06 +08:00
813b4831c6 nixbld: cleanup 2021-11-22 12:17:58 +08:00
c75cf3456b nixbld: improve backup
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
7342601788 nixbld: add occheung user 2021-11-11 12:12:46 +08:00
bcc5502ec6 rt: prevent text attachments from appearing inline on web interface 2021-10-27 12:20:08 +08:00
00d29eba4d nixbld: install borgbackup 2021-09-18 16:35:25 +08:00
82e161dba3 hydra: hack-patch allowed URIs to work around Nix issue #5039 2021-09-01 19:59:23 +08:00
4ce9c2a718 nixbld: enable flakes 2021-08-18 14:53:01 +08:00
c96b3793c4 rt: persistent sessions 2021-08-12 13:39:53 +08:00
63250304d2 rt: fix default queue (2) 2021-08-11 16:01:32 +08:00
89dd90075e rt: fix default queue 2021-08-11 15:35:23 +08:00
223ab96b5a nixbld: fix RT SSL 2021-08-11 12:02:33 +08:00
0e548d1eff nixbld: handle incoming RT emails 2021-08-11 11:57:05 +08:00
e3578011a5 rt: email setup WIP 2021-08-11 10:54:24 +08:00
d9536ff5db rt: fix API security problem 2021-08-11 10:54:12 +08:00
a385c2db4b rt: stop using tmpfiles for db password file permissions 2021-08-11 10:53:48 +08:00
a97302a80a nixbld: RT working, no mail 2021-08-10 21:28:14 +08:00
ef3544f8f3 nixbld: publish conda channel archives 2021-08-10 19:08:25 +08:00
977cccc997 nixbld: fix hooks page breaking github backups
https://github.com/josegonzalez/python-github-backup/issues/176
2021-08-09 13:46:46 +08:00
01212b4e51 nixbld: install iw and nvme-cli 2021-08-09 13:32:37 +08:00
adccf47d3c nixbld: wifi problems 2021-08-09 13:32:18 +08:00
7d073e371c nixbld: add github backups 2021-08-07 17:47:16 +08:00
4c394a0976 nixbld: wifi problems 2021-08-07 17:45:53 +08:00
a0f445b0dd nixbld: remove old flarum files 2021-08-07 13:47:26 +08:00
9474dfa3a2 nixbld: fix stateVersion 2021-08-07 13:19:47 +08:00
58252a93a4 nixbld: new server 2021-08-07 12:24:31 +08:00
b7a49505bc nixbld: end mailserver experiment
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.

https://support.google.com/mail/answer/10336?p=NotAuthorizedError

Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
b7cef86473 nixbld: nixos 21.05 2021-06-07 09:56:05 +08:00
3b4f5d27c8 nixbld: reduce zfs scrub frequency 2021-05-28 16:07:09 +08:00
4fc5d2e56a nixbld: fix gitea logo 2021-05-13 15:51:50 +08:00
2f8d46d872 nixbld: update for newer hydra (2021-05-03) 2021-05-13 15:46:52 +08:00
7b6ed95090 nixbld: disable Nix flarum module
hacky and buggy

https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
9185cdcec1 nixbld: update flarum deps 2021-05-06 06:41:32 +08:00
a680baed40 nixbld: fix hydra-send-stats 2021-04-24 18:19:33 +08:00
be8881892f nixbld: upgrade flarum and remove unused extensions 2021-04-24 18:13:44 +08:00
536a134b32 nixbld: Hydra sysbuild patch merged upstream
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
43005f0f65 nixbld: update Nix patches 2021-04-24 17:07:14 +08:00
86c840d7f0 nixbld: minor flarum updates, install FoF/subscribed 2021-04-05 14:20:26 +08:00
7d04f99e33 nixbld: implement fbda8b064 correctly 2021-04-05 00:08:44 +08:00
fbda8b0643 nixbld: disable IPv6 DAD
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00