Commit graph

454 commits

Author SHA1 Message Date
5bf783123e
oh god apparently my mail was broken 2022-04-27 09:06:17 +01:00
07a4d2ad4f
upgrade to elasticsearch 7 2022-04-26 13:14:40 +01:00
8d476bfcd2
fix the header situation 2022-04-26 13:06:21 +01:00
7f7e30e92b
Revert "use the s3 bucket url instead"
This reverts commit 7ee99f3317.
2022-04-26 13:01:21 +01:00
828169373a
recognize nixos-8gb-fsn1-1 as a reverse proxy 2022-04-26 12:58:51 +01:00
d3c0d0f8b6
don’t use a named locations block 2022-04-26 12:57:13 +01:00
7ee99f3317
use the s3 bucket url instead 2022-04-26 12:54:50 +01:00
9dc9b308a4
fix the proxy pass destination 2022-04-26 12:48:49 +01:00
3dcae3ab31
make the endpoint an https endpoint 2022-04-26 12:34:53 +01:00
d8308e0769
add mastodon webfinger 2022-04-26 12:31:59 +01:00
ae20e740f1
set s3_endpoint 2022-04-26 12:30:00 +01:00
338e127d68
fix nginx config 2022-04-26 10:03:00 +01:00
adbfaf3c78
fix proxy-pass 2022-04-26 09:48:16 +01:00
ed65f63452
fix eval 2022-04-26 09:45:29 +01:00
e3b2559439
pass check 2022-04-26 09:44:10 +01:00
3935d18c0b
correct path to the modules directory 2022-04-26 09:42:42 +01:00
74f7ebdcce
host mastodon assets on a separate subdomain 2022-04-26 09:40:11 +01:00
7be407a2b7
disable mastodon unix sockets 2022-04-26 09:20:21 +01:00
a13cad10b1
maybe this worksk? 2022-04-26 09:10:54 +01:00
c45a360ec7
have nginx access mastodon via port? 2022-04-26 08:59:53 +01:00
e85a20173c
please work omg 2022-04-26 08:48:07 +01:00
0b93407955
use https://mastodon.int.chir.rs/ 2022-04-26 08:26:14 +01:00
a2a75691c9
move shit around? 2022-04-26 08:19:57 +01:00
fbc89a2314
enableSSL -> addSSL 2022-04-26 08:11:54 +01:00
08c7bc67bf
connect to mastodon via http i don’t care anymore 2022-04-26 08:06:57 +01:00
c42defd47b
fix stuff? 2022-04-26 07:53:03 +01:00
8b11f2e04c
fix eval error*2 2022-04-26 07:36:17 +01:00
e73e76a932
fix eval error 2022-04-26 07:28:34 +01:00
400315012d
add a mastodon.int.chir.rs 2022-04-26 07:26:16 +01:00
ec0daf01dd
fuck around with the dns until it works 2022-04-26 07:19:59 +01:00
ce9e828a85
increase the priority of localhost as build-pc isn’t always online 2022-04-26 07:12:17 +01:00
3562b07970
please work? 2022-04-26 07:09:56 +01:00
1aa1ce515a
oh oops 2022-04-25 21:14:55 +01:00
1bbecc65d8
set the proxy header? 2022-04-25 21:07:39 +01:00
e505caface
redis.mastodon -> redis.servers.mastodon 2022-04-25 19:22:16 +01:00
b4f88658e4
fix bug in the mastodon module 2022-04-25 19:09:27 +01:00
2e376a8c18
add redis extra config 2022-04-25 18:01:55 +01:00
1202604cbc
add mastodon reverse-proxy 2022-04-25 17:57:59 +01:00
2d03f310b9
config.secrets → config.sops.secrets 2022-04-25 17:51:59 +01:00
15328ab025
add nginx vhost 2022-04-25 17:51:59 +01:00
66dc646d02
add mastodon 2022-04-25 17:47:59 +01:00
877bef3dbc
fix some stuff 2022-04-25 09:49:32 +01:00
c4121a6b58
use backblaze again 2022-04-25 09:15:24 +01:00
acf026d5f0
pass hydra.chir.rs to nas.int.chir.rs 2022-04-25 08:42:57 +01:00
b2eb3a2844
do the correct thing (utf8 ssid) 2022-04-24 22:05:35 +01:00
64c290bbfd
forgot to enable hostapd 2022-04-24 22:01:17 +01:00
0e17a59abb
make the cache key a secret 2022-04-24 21:54:48 +01:00
f7b1c750aa
add hostapd support 2022-04-24 21:20:53 +01:00
6e95290303
Track node_exporter for the nas 2022-04-24 16:10:12 +01:00
6b6d7281e0
Add a backups group 2022-04-24 13:14:47 +01:00
102234539e
fix eval for nas 2022-04-24 13:12:12 +01:00
1c39d0ccf1
Add host keys for initrd ssh 2022-04-24 09:50:26 +01:00
3cbb1e3024
Add ssh access in initrd 2022-04-24 09:43:57 +01:00
80544d5c7c
add the most basic-ass rspamd config possible 2022-04-21 08:47:28 +01:00
4e0152ba06
Re-add hydra.int.chir.rs.
This is because there is no reason for me to be accessing hydra over my
publically accessible server and be limited to maybe 100kB/s
2022-04-20 09:24:42 +01:00
529ade54ea
use nutty-noon.int.chir.rs instead of the removed hydra.int.chir.rs 2022-04-17 09:59:59 +01:00
74ddd61227
Enable autofetch
this is because the constant authorization spam is no longer an issue
2022-04-16 20:37:58 +01:00
5d75d2fca8
Allow static.darkkirb.de 2022-04-16 13:23:59 +01:00
bcfa70d341
fix the allowed uris list 2022-04-16 12:04:10 +01:00
034a6f7046
remove superseeded autodeploy 2022-04-15 19:34:35 +01:00
ffdc2b4059
The github token needs Bearer apparently 2022-04-15 18:48:34 +01:00
22cdfc034d
fix github username 2022-04-15 18:48:33 +01:00
2106e4b847
remove superseeded nix-cache 2022-04-15 18:48:32 +01:00
5e8fc3cce9
now 2022-04-15 09:59:11 +01:00
9afa666c9f
please 2022-04-15 09:54:28 +01:00
61e545a979
??? 2022-04-15 09:49:48 +01:00
55b9ef55e2
set host to proxy host when reverse-proxying 2022-04-15 09:36:46 +01:00
d56b8c4e11
try to publish hydra 2022-04-15 09:28:02 +01:00
f9efdc24c3
Add githubstatus reporting 2022-04-15 09:12:37 +01:00
eebea1e3de
use more agressive compression options 2022-04-14 06:29:42 +01:00
a18cafdc94
Upload to backblaze 2022-04-13 13:39:43 +01:00
7d72b3662e
Use aws credentials 2022-04-13 13:39:43 +01:00
0d7c79d659
Add signing for nix-serve once again 2022-04-12 13:18:20 +01:00
d11f5975fa
Don’t upload hydra results to s3 2022-04-12 10:38:53 +01:00
1c5dd90edc
remove signing once again 2022-04-12 10:37:45 +01:00
a815c86cd1
remove owner for nix-serve secret 2022-04-12 10:35:14 +01:00
01ae3eaa04
add nix-serve signing 2022-04-12 10:34:04 +01:00
4b84f6f241
add missing lib 2022-04-12 09:00:35 +01:00
ed25df7369
add nix-serve 2022-04-12 08:56:19 +01:00
74843e79de
add github_token 2022-04-10 13:08:05 +01:00
1117e2b2ab
set buffer size to maximum? 2022-04-09 12:26:09 +01:00
61ce2cdffc
add some rt stuff 2022-04-09 12:22:14 +01:00
b851765359
fix username and uuid 2022-04-01 19:05:29 +01:00
7ce6d30cfe
feat: Move over the darkkirb.de zone 2022-03-20 10:13:37 +01:00
989285330f
fix: Make the clean-s3-cache timer actually work 2022-03-20 07:49:22 +01:00
fe438e8a90
feat: Add neo-layout git to allowed URIs
this is for the rewrite
2022-03-19 20:05:04 +01:00
9edb1dd015
feat: Add cache cleanup script
This fixes #77
2022-03-16 20:35:15 +01:00
303ec1e4a9
feat: Add rpz.int.chir.rs zone
fix #68
2022-03-12 22:04:01 +01:00
e5406d318f
fix: Use the main dns server instead of the copy
fix #67
2022-03-12 13:41:22 +01:00
9f73713f4e
Revert "fix: Allow the dns tkey for darkkirb.de"
This reverts commit 60373d3042.
2022-03-12 13:39:19 +01:00
60373d3042
fix: Allow the dns tkey for darkkirb.de
fix #67
2022-03-12 11:25:56 +01:00
eb0042cd81
feat: Expose hydra to the local network
fix #64
2022-03-12 10:45:11 +01:00
097ff2d4b6
feat: Do hydra builds against the cache directly
Also adds automated signing

fix #52
2022-03-08 20:18:16 +01:00
b2bfe70b64
fix: disable the derivation size limit in hydra
fix #51
2022-03-08 19:52:55 +01:00
2e60e56bd3
fix: Increase hydra limits
fix #51
2022-03-08 18:40:01 +01:00
7cd30c7b06
fix: Remove home protections for nginx
fix #46
2022-03-06 21:44:43 +01:00
ea38329dad
fix: Add acme cert for miifox
I thought this was automatic

fix #45
2022-03-06 21:34:23 +01:00
b37c784d10
feat: Move the int.chir.rs zone to nix
fix #43
2022-03-06 18:26:20 +01:00
86336e637f
fix: Allow phpfpm to access dovecot pw
fix #41
2022-03-06 14:43:10 +01:00
53607ccfc2
fix: Pass config file instead of config
fix #38
2022-03-06 12:05:23 +01:00
2bf4e84d27
fix: Missed the first argument to toYAML
fix #37
2022-03-06 11:50:56 +01:00
1729cd7957
fix: Use promtail config instead of deleted file
fix #36
2022-03-06 11:46:06 +01:00
22c5ff7adc
fix: Make loki work with multiple systems
fix #35
2022-03-06 11:44:08 +01:00
1f866df312
Revert "Disable Multiverse for now"
This reverts commit 90adb79e6b.
2022-03-05 17:57:00 +01:00
a1bcc25c83
enable multipart upload? 2022-03-03 19:41:23 +01:00
205f452250
Sign and upload to the new cache 2022-03-03 10:21:01 +01:00
3ea92074e8
make the cache internal-only 2022-03-02 21:36:18 +01:00
d228ef73d3
Add cache storj gateway 2022-03-02 20:56:15 +01:00
b397aa25e9
fix ggateway-st 2022-03-02 18:58:17 +01:00
2344b78ebd
switch to storj 2022-03-02 18:34:15 +01:00
19f2bdf21b
use nixFlakes instead of nixUnstable 2022-03-01 20:58:52 +01:00
90adb79e6b
Disable Multiverse for now
It appears that multiverse is extremely slow on this server
2022-03-01 20:58:42 +01:00
ec331e4713
feat: allow hand-selling
this fixes #19
2022-03-01 20:58:41 +01:00
686eaec80d
feat: add essentialsx signs
This commit fixes #17
2022-03-01 20:58:41 +01:00
0ecfee5edd
disable sell command in creative mode 2022-02-24 10:45:50 +01:00
d19688416f
disable gamemode bypass 2022-02-24 10:38:05 +01:00
f97f515add
Add other multiverse components 2022-02-24 10:17:10 +01:00
aa11729a04
Add multiverse 2022-02-24 10:00:57 +01:00
d07d60ad88
move the extra session commands to the zsh extrainit 2022-02-22 08:03:12 +01:00
960e259f0c
allowlist zap 2022-02-21 12:24:28 +01:00
51de516846
add permissions to the default group 2022-02-21 11:48:24 +01:00
589f999cd5
add worth yaml 2022-02-21 10:25:52 +01:00
193892d5e0
add config for essentialsx 2022-02-21 09:39:17 +01:00
9328ecedb6
Add essentialsx 2022-02-20 21:48:07 +01:00
3b61bf31eb
Add vault 2022-02-20 20:14:42 +01:00
a9485de722
groups -> parents 2022-02-20 18:59:24 +01:00
3426f6d102
add per-user permissions 2022-02-20 18:52:34 +01:00
e073319c16
listen on ipv4 only. death 2022-02-20 18:37:06 +01:00
7fe4bd4e52
Add declarative group configuration 2022-02-20 18:19:39 +01:00
a0f64e1be1
disable ops 2022-02-20 17:29:44 +01:00
a212b63548
Add luckperms 2022-02-20 16:30:12 +01:00
8cb413a221
optimize paper config 2022-02-20 12:25:45 +01:00
e8ebc51228
fix the destination of copy-to-cache 2022-02-19 21:22:36 +01:00
6a906d0fb9
Add whitelist entries 2022-02-19 15:37:50 +01:00
40d0903093
Add minecraft 2022-02-19 15:34:43 +01:00
206e911be3
force push to staging 2022-02-18 20:42:38 +01:00
ab42a116e0
this was the wrong filename 2022-02-18 20:39:18 +01:00
6b3db48a70
only run copy-to-cache on the hydra machine 2022-02-18 20:36:49 +01:00
e558743e12
fix the nix update more 2022-02-18 20:25:57 +01:00
c1615b09c5
add git to nix’s path 2022-02-18 20:17:23 +01:00
749c0da8eb
add missing backslashes 2022-02-18 20:15:22 +01:00
cd31b2a153
fix token name and actually add the secret 2022-02-18 20:13:36 +01:00
b34479b748
fix spelling of wantedby 2022-02-18 20:07:25 +01:00
91694fb6e3
Try to automatically update nixpkgs and deploy changes 2022-02-18 20:02:45 +01:00
52d6aa66d0
add the sops secret 2022-02-18 17:04:53 +01:00
2786ac8c6e
add gitea_authorization to hydra 2022-02-18 16:58:36 +01:00
de97b88b88
add minio access 2022-02-18 16:28:32 +01:00
989a6a4808
Allow github and git.chir.rs as sources 2022-02-18 16:26:27 +01:00
332157f210
Use hydra substites 2022-02-18 15:56:22 +01:00
530b903d52
Add hydra to my pc 2022-02-18 15:49:37 +01:00
7843d6b729
Remove need for nixpkgs fork 2022-02-18 14:17:35 +01:00
39deacbb28
remove the QUIC-Status header 2022-02-09 15:45:13 +01:00
d06baee6f1
Advertise quic 2022-02-09 15:38:35 +01:00
b9f6a8a11b
Manually add http3 config 2022-02-09 15:35:39 +01:00
388afba8de
deploy http3 2022-02-09 15:24:07 +01:00
ffee2ace01
permit transfer for old server 2022-02-09 14:21:33 +01:00
ab53a009d8
remove the sieve script ?? 2022-02-09 13:19:49 +01:00
17396de9d0
please just deliver mail jfc 2022-02-09 11:23:39 +01:00
4e826c8143
only allow mail user 2022-02-09 11:22:21 +01:00
feff4b5e79
add pigeonhole 2022-02-09 11:20:46 +01:00
46215e0a69
hopefully get sieve working??? 2022-02-09 11:03:51 +01:00
800fa211d0
hopefully get sieve working? 2022-02-09 11:01:10 +01:00
a27b3adcdb
add missing semicolon 2022-02-09 09:54:55 +01:00
62c4f1ac0a
make named-keys owned by named 2022-02-09 09:51:04 +01:00
dcfd955e57
move chir.rs zone to the server 2022-02-09 09:47:35 +01:00
92345030cc
add ksk and zsk, fix the file names, etc 2022-02-09 09:27:19 +01:00
2f1e842fe4
Add authorative zones hopefully 2022-02-08 22:01:33 +01:00
f396a1e101
Disable gitea dump
This fixes #1
2022-02-08 09:48:06 +01:00
1003e33c38
Add swayidle 2022-02-02 20:12:21 +01:00
9381c2ef59
fix secrets path 2022-01-30 14:09:25 +01:00
afeb3fc9b5
Make gitea secret owned by gitea 2022-01-30 13:59:46 +01:00
16bed46a9a
Purify the config 2022-01-30 13:50:23 +01:00
83eee6a35a
Add more power savings settings for thonkpad 2022-01-29 18:29:54 +01:00
6603fc2bb9
add thinkpad to the thinkpad secret file 2022-01-29 17:24:31 +01:00
4bffcb8db9
Try to add loki for multiple hosts 2022-01-28 13:47:50 +01:00
9bd1aa4202
Fix the minio service more 2022-01-26 13:49:57 +01:00
36a13c3e66
add custom minio systemd service 2022-01-26 12:22:14 +01:00
ce09e1fb9a
add disk caching to minio 2022-01-26 12:17:33 +01:00
86f66bc489
make minio an s3 gateway 2022-01-26 12:15:46 +01:00
0cb8743b44
Open tcp ports 2022-01-23 13:57:02 +01:00
f41a3f1d15
add dove auth listener 2022-01-23 12:09:30 +01:00
57f5753dbf
change sasl path to auth-login 2022-01-23 12:05:46 +01:00
a45c7cfacf
dovecot -> dovecot2 2022-01-23 12:00:17 +01:00
88acd0a3a2
open up postfix to VPN 2022-01-23 11:57:18 +01:00
2ef4602776
remove domains from mydestination 2022-01-23 11:49:57 +01:00
1924c5a34e
fix smtpd_milters argument 2022-01-23 11:47:50 +01:00
d6a3c25014
fix map paths 2022-01-23 11:31:54 +01:00
23e8e05e63
Move postfix database configs to the secrets due to added password 2022-01-23 11:30:08 +01:00
fa8e0b531f
Add postfix user to postgres 2022-01-23 10:55:17 +01:00
b11bca0863
increase the nginx max body size to ludicrous amounts 2022-01-22 21:35:34 +01:00
12ee778be9
GTK does not read your ~/.XCompose file what the fuck 2022-01-22 18:27:52 +01:00
d3a1b3f488
add postfix 2022-01-22 18:26:11 +01:00
366c05ab10
unblock IMAP and POP3 ports 2022-01-22 16:03:19 +01:00
05f0157b5c
uppercase the scheme 2022-01-22 15:37:01 +01:00
14baefae77
Make doveadm pw the password hasher 2022-01-22 15:29:32 +01:00
dfbb133d44
move dovecot-sql.conf.ext to secrets 2022-01-22 15:17:32 +01:00
e6e759b5d1
remove hostname from the connection string 2022-01-22 15:06:21 +01:00
8880703c06
the problem was that i put quotes and a semicolon on the driver line 2022-01-22 15:01:02 +01:00
3ae72c4f9e
change the package override method 2022-01-22 14:40:16 +01:00
1ae3964995
add auth debug 2022-01-22 14:35:00 +01:00