Commit Graph

553 Commits

Author SHA1 Message Date
Florian Agbuya d1236d548d afws: enable file logging with afws group permissions 2024-11-22 15:34:23 +08:00
Sebastien Bourdeauducq 98c1ecd325 nixops: nixpkgs 24.11 compatibility 2024-11-16 18:49:26 +08:00
Sébastien Bourdeauducq 45e718d65a nixops: add esavkin to wireshark group 2024-11-06 15:25:21 +08:00
Sébastien Bourdeauducq 243deb96be nixbld: update Nix patch 2024-11-05 18:45:40 +08:00
Egor Savkin b1779b57cc Break cycle dependency of tunnel netdev services on network setup
This changes the following chain after nixos-rebuild switch with modified tunnel interfaces:
stop network-setup -> stop TUN-netdev -> stop network-addresses-TUN -> start network-addresses-TUN (fails since it depends on TUN-netdev which is off).

Chain after this change:
stop TUN-netdev -> stop network-setup -> stop network-addresses-TUN -> start TUN-netdev -> start network-addresses-TUN -> start network-setup

Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-30 17:23:52 +08:00
Sébastien Bourdeauducq 4f8d84e3ef nixbld: enable prioNixbld for new defenestrate 2024-10-30 14:53:56 +08:00
Egor Savkin eabd92d2e8 Use tunnel for uploading web-intl
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-10-24 17:35:34 +08:00
Sébastien Bourdeauducq 04a64c3710 nixbld: set up RT for m-labs-intl.com 2024-10-24 15:49:41 +08:00
Egor Savkin d27ee750a2 m-labs-intl.com VPS setup information
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-10-21 15:48:17 +08:00
Sébastien Bourdeauducq 14e9d63ab7 nixbld: apply TCP MSS clamping to USA tunnel 2024-10-17 15:08:27 +08:00
Sébastien Bourdeauducq 19aee9b59f nixbld: send mail from m-labs-intl.com through trump0 2024-10-17 15:04:50 +08:00
Sébastien Bourdeauducq f8a3d54b54 nixbld: update simple-nixos-mailserver 2024-10-17 15:04:14 +08:00
Sébastien Bourdeauducq c499a7ce86 nixbld: keep checking SPF for email from tunnel
GRE preserves source IP information.
2024-10-17 14:48:04 +08:00
Sébastien Bourdeauducq 476f5d1d6c nixbld: update to nextcloud 30 2024-10-16 11:33:07 +08:00
Sebastien Bourdeauducq ecf40fb2db nixbld: fix firewall issue with incoming USA tunnel connections 2024-10-15 21:27:43 +08:00
Sébastien Bourdeauducq 34102e66ad nixbld: install nextcloud forms app 2024-10-15 16:22:33 +08:00
Sébastien Bourdeauducq 93ae830468 nixbld: disable IPv6 MX for m-labs-intl.com 2024-10-14 14:23:15 +08:00
Sébastien Bourdeauducq 8af66556b9 nixbld: remove google fonts workaround 2024-10-11 17:27:10 +08:00
Sébastien Bourdeauducq 94cff9bb09 nixbld: revert 233998b8 (did not fix the problem) 2024-10-08 16:11:12 +08:00
Sébastien Bourdeauducq 2bf7bb0638 nixbld: connect to USA VPN 2024-10-08 16:09:56 +08:00
Sébastien Bourdeauducq 3419fe6013 nixbld: remove nkrackow user 2024-10-05 10:15:13 +08:00
Sébastien Bourdeauducq ec53c0cbdd nixbld: add eduardotenholder user 2024-10-02 18:41:45 +08:00
Sébastien Bourdeauducq 0258f5cff4 nixbld: reorganize users (NFC) 2024-10-02 18:40:48 +08:00
Sébastien Bourdeauducq b723b7f8c0 nixbld: clean up/update systemPackages 2024-09-30 15:12:01 +08:00
Sébastien Bourdeauducq 0c336f3dd7 nixbld: do not log refused connections
Happen all the time and spam the kernel log.
2024-09-30 14:40:09 +08:00
Sebastien Bourdeauducq 11181f0397 nixbld: flarum createDatabaseLocally no longer needed
https://github.com/NixOS/nixpkgs/pull/341340
2024-09-23 10:52:08 +08:00
Sebastien Bourdeauducq aaf70f36df nixops: remove user accounts 2024-09-13 13:23:15 +08:00
Sébastien Bourdeauducq 4a288abe2b nixbld: keep automatic flarum DB migrations 2024-09-10 17:12:44 +08:00
Sébastien Bourdeauducq 246a375dfb add remote IPsec settings 2024-09-05 14:36:37 +08:00
Sébastien Bourdeauducq 635f90f0c7 nixbld/flarum: use nix 2024-08-31 17:27:16 +08:00
Sébastien Bourdeauducq 8a187ba5b9 nixbld: SIT can take larger packets 2024-08-29 18:55:52 +08:00
Sébastien Bourdeauducq 9383227c5b nixbld: consistent netif variables 2024-08-29 18:53:33 +08:00
Sébastien Bourdeauducq 233998b8f3 nixbld: work around tunnel bring-up race condition 2024-08-29 18:40:17 +08:00
Sébastien Bourdeauducq 90a6b84c09 nixbld: work around tunnel TCPMSS issues 2024-08-29 18:39:52 +08:00
Sébastien Bourdeauducq 23e1fa029a nixbld: upgrade postgresql 2024-08-25 11:06:19 +08:00
Egor Savkin 75035b387e Skip SPF for mails originating from intl
Signed-off-by: Egor Savkin <es@m-labs.hk>
2024-08-20 10:59:27 +08:00
Sébastien Bourdeauducq 4f48ea611a nixops: remove wanglm user 2024-08-19 11:18:06 +08:00
Sébastien Bourdeauducq 6dc8214102 nixbld/backup: include gitea DB dump 2024-08-17 18:26:46 +08:00
Sébastien Bourdeauducq a6b216bb87 nixbld/gitea: move to postgresql 2024-08-17 18:18:56 +08:00
Sébastien Bourdeauducq 6e21a95ba8 nixbld/named: add qnetp slave DNS for m-labs-intl.com 2024-08-15 19:52:42 +08:00
Sébastien Bourdeauducq d08186a27a nixbld/named: enable CAA for m-labs-intl.com 2024-08-14 11:52:25 +08:00
Sébastien Bourdeauducq 5d132565e6 nixbld/named: add hooks.m-labs-intl.com 2024-08-14 11:42:38 +08:00
Sébastien Bourdeauducq 97ca7ea3ce nixbld: mail setup for m-labs-intl.com WIP 2024-08-14 11:38:19 +08:00
Sébastien Bourdeauducq e24c167f8b Revert "nixbld: block SAP spam"
Option seems to have no effect.

This reverts commit b769b47075.
2024-08-14 10:58:49 +08:00
Egor Savkin 18194be5c3 nixbld: deploy web2019 to the intl domain
Co-authored-by: Egor Savkin <es@m-labs.hk>
Co-committed-by: Egor Savkin <es@m-labs.hk>
2024-08-14 10:54:52 +08:00
Sébastien Bourdeauducq 7781d6236e nixbld/rt: disable TCP 2024-08-11 12:19:15 +08:00
Sébastien Bourdeauducq 93e19c74e9 nixbld/rt: use psql peer authentication 2024-08-11 12:12:28 +08:00
Sébastien Bourdeauducq 4ccab3cf2b nixbld: remove outdated DNS records 2024-08-05 19:13:34 +08:00
Sebastien Bourdeauducq 69fe8c9866 nixbld: add flo user 2024-08-01 07:32:11 +08:00
Sebastien Bourdeauducq b769b47075 nixbld: block SAP spam 2024-07-02 09:56:02 +02:00