b7d9df794e
nixbld: close legacy firewall ports
2023-04-05 12:42:42 +08:00
6d31b77f0e
add .ph site
2023-03-23 15:22:25 +08:00
ff37c5949e
nixbld: add esavkin
2023-03-03 18:29:45 +08:00
8ea7b06218
remove therobs12 user
2023-02-16 11:55:29 +08:00
c9f774d011
nixbld: install labelprinter
2023-02-10 18:26:12 +08:00
9babd68652
nixbld: give backupdl access to nextcloud
2023-01-31 15:41:15 +08:00
b3f5f687aa
nixbld: cleanup backupdl keys
2023-01-30 16:14:12 +08:00
af27584100
nixbld: remove topquark12 user
2023-01-30 16:12:13 +08:00
4c7a2dfce3
nixbld: label printer permissions
2023-01-30 16:12:00 +08:00
30fa569bdc
nixbld: block more insecure devices
2023-01-30 16:08:27 +08:00
9dee7c1888
nixbld: update backupdl key
2023-01-29 20:19:05 +08:00
0faa05aec3
nixbld: add back qnetp DNS
2023-01-29 18:29:16 +08:00
faff3a5eef
nixbld: relocation
2023-01-29 12:11:31 +08:00
3210289ebf
fix *.mil DNS lookups
2023-01-28 09:54:13 +08:00
dd0ebf1c47
nixbld: move to he.net DNS
2023-01-27 14:48:14 +08:00
fb54880765
nixbld: start rt-fetchmail after dovecot
2023-01-04 11:54:30 +08:00
ea0b7d6dc7
nixbld: enable POP3
2022-12-25 11:07:02 +08:00
3b224c56aa
nixbld: ignore local IP for fail2ban
2022-12-24 15:42:35 +08:00
15d99bc68b
nixbld: persist DNSSEC private key
...
https://github.com/NixOS/nixpkgs/issues/204391
2022-12-05 10:00:35 +08:00
70a7ce5d30
nixbld: remove obsolete ssh key
2022-12-03 17:14:23 +08:00
2af492e37e
nixbld: NixOS 22.11
2022-12-03 16:29:32 +08:00
88dd1a5fc4
nixbld: update therobs shell
2022-11-11 17:58:10 +08:00
cecda7e28b
nixbld: update users
2022-11-11 17:46:10 +08:00
2d9b7767a6
nixbld: enable aarch64-linux binfmt emulation
2022-11-09 21:14:11 +08:00
fb745a11e3
nixbld: new msys2 repos
2022-11-03 19:09:35 +08:00
0c8019516d
nixbld: fix bind DNSSEC configuration for new version
...
https://gitlab.isc.org/isc-projects/bind9/-/issues/3554
2022-09-30 16:46:39 +08:00
d2bfca1f25
nixbld: serve nmigen docs
2022-09-27 11:07:13 +08:00
9bc617a019
nixbld: fix munin auth
2022-09-23 11:00:49 +08:00
e2e4b0842a
nixbld: add yuk account
2022-09-21 10:12:25 +08:00
382c8bfaab
nixbld: add aux key for backupdl
2022-09-17 19:19:00 +08:00
ac022776e7
nixbld: SSH reverse proxy setup
2022-09-17 19:13:54 +08:00
e9b02d0c72
nixbld: disable kk105 account
2022-09-13 08:50:16 +08:00
365ec54358
nixbld: install hedgedoc
2022-09-01 11:39:47 +08:00
dc08412ba2
update email settings
2022-08-13 11:22:01 +08:00
a517d429ab
work around Google DNS geolocation fuckup
2022-08-12 18:37:42 +08:00
7dc4866314
nixbld: more email setup
2022-08-09 17:45:26 +08:00
5f7cb6113e
nixbld: block siglent internet
2022-08-03 12:52:26 +08:00
a147bb3883
nixbld: add topquark12
2022-07-31 19:40:45 +08:00
80ee7911cd
nixbld: disable jitsi
...
Jitsi is bloated and overly complex, and the NixOS package is too limited.
https://discourse.nixos.org/t/setting-up-authentication-on-a-jitsi-server/17549
2022-07-25 18:33:40 +08:00
66d7dd6efe
nixbld: enable more fail2ban filters
2022-07-25 18:33:24 +08:00
93a40ea87d
nixbld: reduce gitea spamminess
2022-07-25 18:33:08 +08:00
e5250c88fb
nixbld: web/hydra setup for flakes in ARTIQ stable
2022-07-08 19:00:38 +08:00
048863593a
nixbld: remove obsolete ACME workaround
2022-07-04 16:22:40 +08:00
328a85c504
nixbld: install nextcloud
2022-06-30 17:33:09 +08:00
3ef19cbe93
nixbld: m-labs.hk DNS zone
2022-06-28 14:44:14 +08:00
6333165321
nixbld: setup email server for m-labs.hk
2022-06-27 18:17:30 +08:00
8bc44199fc
nixbld: make bind CLI tools available
2022-06-27 18:16:38 +08:00
08ab958a76
nixbld: use semi-automatic DNSSEC
2022-06-27 13:08:16 +08:00
3909d7428d
nixbld: DNS server (WIP)
2022-06-26 16:57:17 +08:00
70ad63ca56
nixbld: block internet access on insecure device
2022-06-23 15:33:37 +08:00
6cb5c84a9b
nixbld: enable mail server again
2022-06-18 13:58:51 +08:00
7f599bdbc9
nixbld: remove gitea patch (merged upstream)
2022-06-07 10:17:15 +08:00
ae5e85d611
nixbld: re-add networked derivations patch
2022-06-04 13:52:21 +08:00
5354daf585
nixbld: NixOS 22.05
2022-05-26 12:12:14 +08:00
cb75072f15
nixbld: add kk105
2022-05-26 10:57:19 +08:00
da3a82a52d
nixbld: add spaqin
2022-05-06 16:55:00 +08:00
aba22c34ca
nixbld: add nkrackow
2022-05-05 19:23:40 +08:00
a58a613418
nixbld: add .science tld
2022-04-14 12:17:22 +08:00
61c008ff43
nixbld: publish msys2 repos on web
2022-04-05 11:14:17 +08:00
a8d28d2cbc
hydra: add msys2 type
2022-04-04 15:05:39 +08:00
28ca789aae
nixbld: use flake output for beta conda channel
2022-02-12 18:50:08 +08:00
0c04f014d7
nixbld: use sipyco flake output for manual
2022-02-12 11:23:19 +08:00
d4c36b8cfd
nixbld: use ARTIQ flake output for manual
2022-02-12 10:19:15 +08:00
0b8aa97192
nixbld: run AFWS server
2022-02-07 14:31:37 +08:00
995f8897a4
nixbld: work around hidden hydra sudo dependency
2022-01-17 18:48:23 +08:00
910506d3e4
nixbld: enable fail2ban
2022-01-03 14:34:57 +08:00
ec7e9209f5
nixbld: improve root account security
2022-01-03 13:46:57 +08:00
b70908f864
nixbld: restrict maxJobs again to avoid Vivado OOM
2021-12-03 11:03:36 +08:00
a0cb49b59d
nixbld: nixos 21.11
2021-12-01 18:11:06 +08:00
628e5fb9d7
nixbld: cleanup buildMachines
2021-11-25 10:42:01 +08:00
c5c22da2ba
nixbld: update nixops
2021-11-24 23:57:18 +08:00
8114dcfb6d
nixbld: remove memtest86
2021-11-24 23:57:06 +08:00
f5ff63b74b
nixbld: remove hkadmin
2021-11-22 12:19:00 +08:00
813b4831c6
nixbld: cleanup
2021-11-22 12:17:58 +08:00
c75cf3456b
nixbld: improve backup
...
include Mattermost attachments
stop using expensive and insecure dropbox
2021-11-16 14:21:59 +08:00
7342601788
nixbld: add occheung user
2021-11-11 12:12:46 +08:00
00d29eba4d
nixbld: install borgbackup
2021-09-18 16:35:25 +08:00
82e161dba3
hydra: hack-patch allowed URIs to work around Nix issue #5039
2021-09-01 19:59:23 +08:00
4ce9c2a718
nixbld: enable flakes
2021-08-18 14:53:01 +08:00
c96b3793c4
rt: persistent sessions
2021-08-12 13:39:53 +08:00
223ab96b5a
nixbld: fix RT SSL
2021-08-11 12:02:33 +08:00
0e548d1eff
nixbld: handle incoming RT emails
2021-08-11 11:57:05 +08:00
e3578011a5
rt: email setup WIP
2021-08-11 10:54:24 +08:00
d9536ff5db
rt: fix API security problem
2021-08-11 10:54:12 +08:00
a97302a80a
nixbld: RT working, no mail
2021-08-10 21:28:14 +08:00
ef3544f8f3
nixbld: publish conda channel archives
2021-08-10 19:08:25 +08:00
01212b4e51
nixbld: install iw and nvme-cli
2021-08-09 13:32:37 +08:00
adccf47d3c
nixbld: wifi problems
2021-08-09 13:32:18 +08:00
7d073e371c
nixbld: add github backups
2021-08-07 17:47:16 +08:00
4c394a0976
nixbld: wifi problems
2021-08-07 17:45:53 +08:00
9474dfa3a2
nixbld: fix stateVersion
2021-08-07 13:19:47 +08:00
58252a93a4
nixbld: new server
2021-08-07 12:24:31 +08:00
b7a49505bc
nixbld: end mailserver experiment
...
This was going well, until some assholes at Gmail decided to block our IP address and as usual PCCW are useless when it
comes to changing to a whitelisted IP.
https://support.google.com/mail/answer/10336?p=NotAuthorizedError
Fuck Google.
Fuck PCCW.
2021-08-02 13:32:29 +08:00
b7cef86473
nixbld: nixos 21.05
2021-06-07 09:56:05 +08:00
3b4f5d27c8
nixbld: reduce zfs scrub frequency
2021-05-28 16:07:09 +08:00
2f8d46d872
nixbld: update for newer hydra (2021-05-03)
2021-05-13 15:46:52 +08:00
7b6ed95090
nixbld: disable Nix flarum module
...
hacky and buggy
https://github.com/NixOS/nixpkgs/pull/96869
2021-05-06 10:09:26 +08:00
a680baed40
nixbld: fix hydra-send-stats
2021-04-24 18:19:33 +08:00
536a134b32
nixbld: Hydra sysbuild patch merged upstream
...
https://github.com/NixOS/hydra/issues/784
2021-04-24 17:08:04 +08:00
7d04f99e33
nixbld: implement fbda8b064
correctly
2021-04-05 00:08:44 +08:00
fbda8b0643
nixbld: disable IPv6 DAD
...
dnsmasq silently stops sending RAs on interfaces where DAD has kicked in, which creates very annoying obscure network
problems for everyone (e.g. IPv6 default route deleted 30min after boot) when an address conflict has occured,
even after the address conflict is no longer present.
nixbld should have authority on LAN IP addresses anyway.
2021-03-14 17:04:39 +08:00
dbc288c813
fix IP for rpi-5, rename to rpi-ext
2021-03-05 18:57:20 +08:00
a2a7b7458f
nixbld: route ext wifi network
2021-03-04 15:54:41 +08:00
ed9746f3f4
nixbld: set up artiq-legacy
2021-02-17 16:09:20 +08:00
ed42476712
nixbld: work around Gitea token syntax problem ( #14 )
2021-01-27 11:59:10 +08:00
6d7235dfc4
nixbld: freeze nixos-mailserver commit
2021-01-26 18:26:17 +08:00
e94fc3ea85
hydra: add patch for, configure giteastatus plugin
...
Fixes M-Labs/nix-scripts#32
2021-01-25 21:17:54 +01:00
169876e211
nixbld: add account creation note to gitea signin page
2021-01-23 17:20:05 +08:00
6bc5b75ccb
nixbld: fix gitea errors 500
...
https://github.com/go-gitea/gitea/issues/14274
2021-01-11 16:19:30 +08:00
1fa9caf1b8
nixbld: work around nixos bug with acme and local dns resolver
...
https://github.com/NixOS/nixpkgs/issues/106862
2020-12-21 13:04:24 +08:00
5ea921f80f
nixbld: disable openhardware.hk
2020-11-06 15:05:33 +08:00
5322347cb2
nixbld: fix acme permissions
2020-11-06 14:58:35 +08:00
cffeaeba23
nixbld: nixos 20.09 WIP
2020-11-06 14:33:07 +08:00
8f62706b08
nixbld: update users
2020-10-27 14:57:07 +08:00
9cd9eb43f4
nixbld: add static IPs for cora and rust-pitaya
2020-10-14 12:53:51 +08:00
4ec72130b1
nixbld: add Nix unstable patch for networked derivations
...
Fixes Gitea issue #7
2020-10-06 00:45:56 +02:00
8ad847c7fa
hydra: configure githubstatus plugin
...
Part of M-Labs/nix-scripts#32
2020-09-02 19:55:15 +02:00
e3690e50f0
nixbld: enable gitea code search
2020-08-31 17:39:28 +08:00
24e1201ab1
flarum: init
2020-08-22 02:25:43 +02:00
4d8214d00e
nixbld: open firewall for jitsi-videobridge
2020-08-03 15:32:06 +08:00
420796a547
nixbld: install jitsi
2020-08-03 15:19:56 +08:00
5322606804
disable homu
...
Not used anymore.
2020-08-02 20:44:01 +08:00
c6c392d10f
Revert "hydra: move store to zfs"
...
This is a mess: https://github.com/NixOS/hydra/issues/796
This reverts commit ac2ea5621d
.
2020-07-29 19:03:34 +08:00
ac2ea5621d
hydra: move store to zfs
2020-07-26 23:53:04 +08:00
2cdff2b132
nixbld: turn on zfs autosnapshot
2020-07-26 22:29:38 +08:00
d2f7181a1f
nixbld: continue zfs setup
2020-07-26 22:21:31 +08:00
deaf3e9e75
nixbld: enable ZFS
2020-07-25 19:21:41 +08:00
805a3e33ad
nixbld: add Nix 'networked' derivations
...
This obsoletes the fixed-output derivation hack previously used on Hydra, and the associated retry patch.
2020-07-04 16:02:30 +08:00
45037cb464
nixbld: add hydra-restrictdist.patch
...
Preparation for M-Labs/nix-scripts#26
2020-06-26 20:20:03 +02:00
a595a5b8ce
update static IP allocation
2020-06-24 11:06:35 +08:00
5a0afc48d4
import from nix-scripts
2020-06-20 17:54:21 +08:00