249c6bf9cc
mic92: add flood.r alias
2022-02-06 11:27:35 +01:00
lassulus
332d4f5e17
tinc: use ip from path
2022-02-03 08:58:00 +01:00
tv
f4cb095b72
tv umz: add wiregrill pubkey
2022-02-02 08:53:11 +01:00
lassulus
be042e3446
gum.r: set weight to over 9000
...
we do this so we never route via gum, which tends to eat our packets and
makes it impossible to connect to other peers via gum.
2022-02-01 13:52:21 +01:00
tv
e7884ba391
tv umz: init
2022-01-31 16:06:26 +01:00
tv
9e577d3b88
tv ni wiregrill: assign ipv4 addr
2022-01-31 16:05:39 +01:00
tv
8542154229
tv ni wiregrill: add via
2022-01-31 11:36:23 +01:00
lassulus
100b6fc243
move acl module to krebs
2022-01-30 11:22:09 +01:00
lassulus
7ec575267c
tinc.extraConfig: str -> lines
2022-01-29 23:45:55 +01:00
lassulus
510bfbc9b2
sync-containers: remove obsolete .decalartive
2022-01-29 19:23:36 +01:00
lassulus
14aea1ab48
Merge remote-tracking branch 'mic92/master'
2022-01-29 19:15:35 +01:00
lassulus
d878887c82
Merge remote-tracking branch 'ni/master'
2022-01-29 19:15:19 +01:00
lassulus
fca55dd3e9
tinc: restart via reload for less downtimes
2022-01-29 19:14:53 +01:00
248b3459c7
mic92: drop philipsaendig, drop rock ip4
2022-01-29 10:01:26 +01:00
088ff202cc
mic92: drop ipv4 for yasmin, nardole, bill, graham, ryan
2022-01-29 10:01:26 +01:00
makefu
31a4946a91
ma: add syncthing id for omo.r and x.r
2022-01-28 23:48:57 +01:00
Kierán Meinhardt
d866e61c09
external: add radio.kmein.r
2022-01-28 15:57:59 +01:00
tv
109f6ab1c5
krebs modules: reorder externals
2022-01-27 12:20:31 +01:00
tv
acd91d2263
krebs modules: reorder main imports
2022-01-27 12:19:47 +01:00
lassulus
83ec0fdb97
Merge remote-tracking branch 'ni/master'
2022-01-27 10:55:55 +01:00
tv
ad6f0cd901
krebs.setuid: remove security.wrappers's cruft
2022-01-27 05:37:32 +01:00
tv
10891882ab
krebs.setuid: mark activate string as sh
2022-01-27 05:37:06 +01:00
ba8a196faf
mic92: add dan
2022-01-27 04:21:01 +01:00
bfb86ca39a
mic92: add astrid
2022-01-27 04:21:01 +01:00
tv
f4e35a7312
krebs.setuid: add support for capabilities
2022-01-26 12:58:26 +01:00
lassulus
f78f3c701b
Merge remote-tracking branch 'kmein/master'
2022-01-25 20:12:08 +01:00
Kierán Meinhardt
48830c48c5
external: give kmein phone an ipv4
2022-01-25 20:07:36 +01:00
lassulus
27a726b6cf
external qubasa pub: remove trailing newline
2022-01-24 16:41:41 +01:00
Kierán Meinhardt
b846210a1c
external: one kmein per ssh key
2022-01-24 16:03:47 +01:00
lassulus
95f7f88185
l styx.r: use fixed tinc port because of NAT
2022-01-24 14:39:49 +01:00
lassulus
e422692ef6
go: fix urls with missing prefix
2022-01-24 14:36:22 +01:00
Felix
3b7632b086
external: add papawhakaaro.r
2022-01-18 21:48:34 +01:00
Kierán Meinhardt
138f9409fa
external: move kmein to separate file
2022-01-18 19:13:03 +01:00
Kierán Meinhardt
b3818cc155
external: add rrm.r alias
2022-01-17 20:01:21 +01:00
lassulus
f67bd5783d
Merge remote-tracking branch 'mic92/master'
2022-01-09 18:04:22 +01:00
lassulus
66bcb802f5
Merge remote-tracking branch 'ni/master'
2022-01-09 18:03:04 +01:00
4d50adb1fd
mic92: add dyndns endpoint for turingmachine/bernie
2022-01-09 13:31:13 +01:00
4f5f9c87f1
jarvis: add dyndns
2022-01-09 12:49:26 +01:00
lassulus
545b424ecb
krebs: use ergo instead of solanum everywhere
2022-01-09 00:43:23 +01:00
d814ddd212
mic92: add jarvis
2022-01-07 20:52:58 +01:00
lassulus
dbc2387520
Merge remote-tracking branch 'kmein/master'
2022-01-06 13:52:29 +01:00
lassulus
c5e8c95f68
Merge remote-tracking branch 'ni/master'
2022-01-06 13:52:10 +01:00
Kierán Meinhardt
4ebe149d32
external: rip bvg.kmein.r
2022-01-05 21:50:02 +01:00
Kierán Meinhardt
deda4c9789
external: add kmein grocy, remove radio
2022-01-05 21:34:08 +01:00
Lennart
a5df5deb3b
add ed25519 pubkey to {catalonia,karakalpakstan}.r
2022-01-05 21:30:29 +01:00
tv
63e76e4218
krebs.backup: use dedicated .backup-filter
2022-01-05 04:04:52 +01:00
tv
77d17636b1
tv bu: init
2022-01-05 04:04:52 +01:00
tv
e82cbd6f35
exim: set User= but run as root
...
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=. As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.
[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
2022-01-04 20:30:02 +01:00
tv
853e54ec84
htgen: use currect group names
2022-01-03 14:56:44 +01:00
makefu
2313e962e2
Merge remote-tracking branch 'lass/master'
2022-01-03 00:47:24 +01:00
makefu
057adcb836
k 3 ma: removing trace output for ed25519 keys
2022-01-03 00:47:03 +01:00
lassulus
afaf87781a
krebs.tinc: make /etc/tinc/ writable by tincd
2022-01-02 23:30:50 +01:00
lassulus
dc42812610
Merge remote-tracking branch 'mic92/master'
2022-01-02 22:54:22 +01:00
lassulus
bb4fdd13a4
Merge remote-tracking branch 'ni/master'
2022-01-02 22:54:07 +01:00
lassulus
4b977044b9
Merge remote-tracking branch 'gum/master'
2022-01-02 22:53:37 +01:00
88ec249276
mic92: drop ipv4 for bernie
2022-01-02 22:14:24 +01:00
6f96a15df6
mic92: add ip address for yasmin
2022-01-02 14:54:01 +01:00
62b30b0720
mic92: add tts.r
2021-12-31 17:26:47 +01:00
lassulus
1b59fef50a
Merge remote-tracking branch 'kmein/master'
2021-12-30 03:20:45 +01:00
Kierán Meinhardt
ed896a991f
external: update kmein ssh keys
2021-12-30 03:19:58 +01:00
tv
2280c39d3e
krebs.systemd: don't offer to reload services
...
Because new credentials won't be available after reloading, only after
restarting.
2021-12-29 17:17:45 +01:00
lassulus
7e67b78596
Merge remote-tracking branch 'ni/master'
2021-12-29 16:33:02 +01:00
tv
2f15fd1d68
ergo: fix multiclient default config
2021-12-29 16:23:59 +01:00
lassulus
f393c44c22
external: pinpox-ahorn.r -> ahorn.r
2021-12-29 16:13:03 +01:00
lassulus
8a24a9f395
ergo: reload, accounts, channels, doc
2021-12-29 15:52:29 +01:00
lassulus
d3c3f1551f
Merge remote-tracking branch 'ni/master'
2021-12-29 00:20:31 +01:00
makefu
7766b006a8
Merge remote-tracking branch 'tv/master'
2021-12-29 00:20:28 +01:00
makefu
3330b6a2c4
k 3 ma: add ed25519 keys for all hosts
2021-12-29 00:05:10 +01:00
tv
69d266b76b
ergo: kill dead code and stuff
2021-12-28 23:53:27 +01:00
makefu
a041768aa1
k 3 ma: make ed25519 keys available for hosts
2021-12-28 23:49:34 +01:00
lassulus
3bec49053d
hotdog.r tinc: add ed25519 pubkey
2021-12-28 23:34:13 +01:00
tv
e9cd6d91dc
ergo: always merge default config
2021-12-28 22:33:36 +01:00
lassulus
2a47990f16
ergo: use DynamicUser
2021-12-28 22:20:54 +01:00
lassulus
96c60accf3
Merge remote-tracking branch 'mic92/master'
2021-12-28 20:27:30 +01:00
tv
13a7209ca2
tv hosts: add all the ed25519 keys
2021-12-28 18:18:35 +01:00
Kierán Meinhardt
98e45d2075
mic92: fix ssh ed25519 keys
2021-12-28 16:49:07 +01:00
lassulus
7870cc2b04
external: fix ed25519 pubkey syntax
2021-12-28 16:44:23 +01:00
lassulus
02fbaca275
external kmein: fix ed25519 pubkey syntax
2021-12-28 16:41:24 +01:00
Pablo Ovelleiro Corral
17e614cb00
external: add pinpox-ahorn
2021-12-28 16:30:33 +01:00
Kierán Meinhardt
6104ec910e
external: add kmein ed25519 keys
2021-12-28 16:10:19 +01:00
lassulus
c7b7bd48b5
l tinc: define ed25519 keys for all hosts
2021-12-28 16:09:42 +01:00
lassulus
8692db1285
Merge remote-tracking branch 'mic92/master'
2021-12-25 20:08:31 +01:00
cb26de2f5c
matchbox: remove ipv4
2021-12-25 08:39:02 +01:00
tv
969bd9767e
exim-smarthost: dkim_strict = true
2021-12-24 10:19:13 +01:00
tv
b33381d15e
exim-smarthost: use LoadCredential
2021-12-24 09:22:41 +01:00
tv
7219292dd5
repo-sync: use LoadCredential
2021-12-24 00:51:28 +01:00
tv
71d11e8f2b
repo-sync: add group
2021-12-24 00:51:28 +01:00
tv
234d9d96bf
krebs.systemd: allow LoadCredential to be a string
2021-12-24 00:51:28 +01:00
lassulus
2be08e3c52
systemd module: use LoadCredentials from config.systemd.services
2021-12-23 23:59:22 +01:00
lassulus
29b796f521
Merge remote-tracking branch 'ni/master'
2021-12-23 21:49:55 +01:00
tv
d4521eb339
krebs.systemd: allow reload if credentials change
2021-12-23 20:18:28 +01:00
tv
1cf495d6eb
krebs.systemd: support credentials of any service
2021-12-23 20:18:28 +01:00
a9d324f176
mic92: update ip for eve
2021-12-23 08:36:49 +01:00
tv
5f7ab23ebf
krebs.tinc: drop environment.systemPackages TODO
...
Nobody bothered about this for more than five years. And even though
fixable, chances are quite high that this feature is not needed anymore.
2021-12-23 03:20:36 +01:00
tv
8029e80632
krebs.tinc: drop api and imp boilerplate
2021-12-23 03:16:44 +01:00
tv
018018e16b
krebs.tinc: don't bother aliasing packages
2021-12-23 03:12:58 +01:00
tv
21e407aa59
krebs.tinc: use LoadCredential
2021-12-23 01:59:25 +01:00
tv
d6ebd497f0
krebs.systemd.services: restart by LoadCredential
2021-12-23 01:59:25 +01:00
tv
448cd3b9af
Merge remote-tracking branch 'prism/master'
2021-12-22 23:33:05 +01:00
tv
2656cbf2a9
empty -> emptyDirectory
2021-12-22 23:27:07 +01:00
lassulus
c9f0c17660
tinc module: reload instead of restart
...
remove enableLegacy option since reloading is dependant on
/etc/tinc/<netname> existing
2021-12-22 13:58:30 +01:00
lassulus
8f94e0bc4b
Merge remote-tracking branch 'ni/master'
2021-12-21 16:45:56 +01:00
tv
e888b00a6b
secret service: don't be wanted by multi-user.target
...
This fixes an issue causing secret-trigger-*.service to be restarted on
every activation because after triggering these services are dead, this
in turn causes restarts of secret-*.service.
And finally this caused the issue of always restarting tinc services
as they are PartOf= a couple of secert-*.service.
2021-12-21 15:27:44 +01:00
lassulus
0a7d779cc1
iptables module: add compat layer to networking.firewall
2021-12-21 12:38:07 +01:00
lassulus
d6f79283bf
tinc module: use tinc_pre as default package
2021-12-21 12:08:47 +01:00
lassulus
5b71cbae40
Merge remote-tracking branch 'ni/master'
2021-12-20 21:23:50 +01:00
a7f26ef99b
mic92: add mickey.r
2021-12-20 19:00:45 +01:00
tv
dbc54fb823
github-known-hosts: update list
2021-12-18 09:50:06 +01:00
lassulus
f2533d8892
ci: add gcroots for successful builds
2021-12-11 12:00:36 +01:00
lassulus
abd82c4faf
ca.r: serve ca.crt via nginx
2021-12-09 14:52:35 +01:00
lassulus
fba330ab36
wiki.r: add acme ssl config
2021-12-09 14:30:25 +01:00
lassulus
155e3e18b0
realwallpaper: use new graph.r endpoint
2021-12-09 11:35:27 +01:00
lassulus
e5fc654f50
add ACME ca via ca.r
2021-12-09 11:31:10 +01:00
b981c43a97
mic92: remove ipv4 from turingmachine
2021-12-08 21:08:53 +01:00
2bcac9f89c
mic92: drop redundant addrs blocks
2021-12-08 21:08:53 +01:00
9900a57f3f
mic92: drop eva's ipv4 address
2021-12-08 21:08:53 +01:00
759a471f88
mic92: drop eddie
2021-12-08 21:08:53 +01:00
makefu
3f6219e251
users: add xkey ssh key, use for logging into puyak
2021-12-08 16:15:40 +01:00
lassulus
b48f08ea8e
ci: buildbot-classic -> buildbot; cleanup
2021-12-08 16:15:40 +01:00
Kierán Meinhardt
0d329f970b
external: add moodle.kmein.r
2021-12-08 12:58:06 +01:00
makefu
28d5d0233a
module airdcpp: make group explicit
2021-12-04 22:43:59 +01:00
makefu
22766982a2
module urlwatch: create group for user
2021-12-04 22:20:50 +01:00
makefu
c22610c8e6
Merge remote-tracking branch 'lass/21.11' into 21.11
2021-12-04 18:33:43 +01:00
lassulus
9f6c37f21c
github-host-sync: add group
2021-12-01 18:31:53 +01:00
lassulus
bb709ce412
buildbot: add groups to users
2021-12-01 18:30:57 +01:00
lassulus
5d6bbe6797
brockman: add group
2021-12-01 18:29:24 +01:00
lassulus
cd367626d4
tinc_graphs: add groups
2021-12-01 18:28:26 +01:00
lassulus
c5ade4fdd6
realwallpaper: add group
2021-12-01 18:27:04 +01:00
lassulus
280ed594fb
htgen: generate group for every user
2021-12-01 18:11:58 +01:00
makefu
9301506249
Merge remote-tracking branch 'lass/master'
2021-12-01 11:21:09 +01:00
lassulus
b79f5ab97d
Merge remote-tracking branch 'ni/master'
2021-11-30 23:09:27 +01:00
Kierán Meinhardt
948584f291
external: kmein takes over graph.r
2021-11-30 22:09:06 +01:00
lassulus
8a0685d859
l: init tablet.r
2021-11-27 23:48:41 +01:00
lassulus
d71fe62fff
l prism.r: add jelly.r alias + proxy_pass
2021-11-27 23:47:15 +01:00
lassulus
ee59532c60
l prism.r: add internet ipv6 address
2021-11-27 23:45:26 +01:00
makefu
13c525e548
Merge remote-tracking branch 'mic/master'
2021-11-26 14:13:30 +01:00
makefu
463dc7ea67
Merge remote-tracking branch 'lass/master'
2021-11-26 14:12:34 +01:00
f1bca35b39
eve: drop ipv6
2021-11-26 10:36:23 +01:00
a87fa2d11d
mic92: add keller ed215519
2021-11-24 20:07:38 +01:00
makefu
44d45e7c2c
k/3/m: add arcadeomat
...
brain is also updated
2021-11-24 08:29:27 +01:00
Luis-Hebendanz
f2e83be6a3
qubasa: add kelle.r
2021-11-23 17:44:50 +01:00
db5c1b6659
mic92: add qubasa's public ed25519 key
2021-11-23 17:44:50 +01:00
Luis-Hebendanz
a0c5805e9e
qubasa: changed tinc pubkey
2021-11-23 17:44:50 +01:00
600f9cbe61
sauron: add ipv6
2021-11-23 17:44:50 +01:00
87b7045f53
mic92: add dns name to sandro's machine
2021-11-23 17:44:50 +01:00
a36a09931e
mic92: update eva's ip
2021-11-23 17:44:50 +01:00
2e2f5969ec
mic92: add public ipv6/ipv4 for ryan/graham
2021-11-23 17:44:50 +01:00
lassulus
ff9a042e70
l dishfire.r: revive with minimal config
2021-11-23 12:47:06 +01:00
lassulus
3d1544c785
Revert "l: rip dishfire.r"
...
This reverts commit 61e6552da3
.
2021-11-23 11:43:25 +01:00
tv
8f97f5e2e1
krebs zone-head-config: fix style
2021-11-21 20:39:28 +01:00