Commit Graph

3604 Commits

Author SHA1 Message Date
a2c6601f4b
mic92: add hal9000 2022-02-07 15:01:03 +01:00
249c6bf9cc
mic92: add flood.r alias 2022-02-06 11:27:35 +01:00
lassulus
332d4f5e17 tinc: use ip from path 2022-02-03 08:58:00 +01:00
tv
f4cb095b72 tv umz: add wiregrill pubkey 2022-02-02 08:53:11 +01:00
lassulus
be042e3446 gum.r: set weight to over 9000
we do this so we never route via gum, which tends to eat our packets and
makes it impossible to connect to other peers via gum.
2022-02-01 13:52:21 +01:00
tv
e7884ba391 tv umz: init 2022-01-31 16:06:26 +01:00
tv
9e577d3b88 tv ni wiregrill: assign ipv4 addr 2022-01-31 16:05:39 +01:00
tv
8542154229 tv ni wiregrill: add via 2022-01-31 11:36:23 +01:00
lassulus
100b6fc243 move acl module to krebs 2022-01-30 11:22:09 +01:00
lassulus
7ec575267c tinc.extraConfig: str -> lines 2022-01-29 23:45:55 +01:00
lassulus
510bfbc9b2 sync-containers: remove obsolete .decalartive 2022-01-29 19:23:36 +01:00
lassulus
14aea1ab48 Merge remote-tracking branch 'mic92/master' 2022-01-29 19:15:35 +01:00
lassulus
d878887c82 Merge remote-tracking branch 'ni/master' 2022-01-29 19:15:19 +01:00
lassulus
fca55dd3e9 tinc: restart via reload for less downtimes 2022-01-29 19:14:53 +01:00
248b3459c7 mic92: drop philipsaendig, drop rock ip4 2022-01-29 10:01:26 +01:00
088ff202cc mic92: drop ipv4 for yasmin, nardole, bill, graham, ryan 2022-01-29 10:01:26 +01:00
makefu
31a4946a91
ma: add syncthing id for omo.r and x.r 2022-01-28 23:48:57 +01:00
lassulus
d8b64c4f13 krebsdance: make flake8 happy 2022-01-28 23:13:07 +01:00
lassulus
2f9a8b3331 Merge remote-tracking branch 'kmein/krebs-theory' 2022-01-28 18:38:04 +01:00
Kierán Meinhardt
dc47eaa046 krebsdance: add flag to generate directed graph 2022-01-28 16:49:52 +01:00
Kierán Meinhardt
d866e61c09 external: add radio.kmein.r 2022-01-28 15:57:59 +01:00
lassulus
8f603a3f21 syncthing: remove declarative namespace 2022-01-28 11:05:19 +01:00
lassulus
ff7825816f krebsdance: better looking dance 2022-01-27 15:33:34 +01:00
lassulus
e5c8919da8 reaktor2: show dancing krebs 2022-01-27 13:20:55 +01:00
tv
109f6ab1c5 krebs modules: reorder externals 2022-01-27 12:20:31 +01:00
tv
acd91d2263 krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00
lassulus
83ec0fdb97 Merge remote-tracking branch 'ni/master' 2022-01-27 10:55:55 +01:00
tv
ad6f0cd901 krebs.setuid: remove security.wrappers's cruft 2022-01-27 05:37:32 +01:00
tv
10891882ab krebs.setuid: mark activate string as sh 2022-01-27 05:37:06 +01:00
ba8a196faf mic92: add dan 2022-01-27 04:21:01 +01:00
bfb86ca39a mic92: add astrid 2022-01-27 04:21:01 +01:00
lassulus
3b2fc2105f security-workarounds: point to nixos compat exploit 2022-01-26 18:03:33 +01:00
lassulus
7666833495 move security-workarounds to krebs and cleanup 2022-01-26 13:11:06 +01:00
tv
f4e35a7312 krebs.setuid: add support for capabilities 2022-01-26 12:58:26 +01:00
lassulus
37a3ec2948 teach reaktor2 how to dance 2022-01-25 21:47:23 +01:00
lassulus
f78f3c701b Merge remote-tracking branch 'kmein/master' 2022-01-25 20:12:08 +01:00
Kierán Meinhardt
48830c48c5 external: give kmein phone an ipv4 2022-01-25 20:07:36 +01:00
lassulus
27a726b6cf external qubasa pub: remove trailing newline 2022-01-24 16:41:41 +01:00
Kierán Meinhardt
ca758d76ff mud: allow both kmeins 2022-01-24 16:20:21 +01:00
Kierán Meinhardt
b846210a1c external: one kmein per ssh key 2022-01-24 16:03:47 +01:00
lassulus
8f8600f5b7 nixpkgs-unstable: 5aaed40 -> 689b76b 2022-01-24 14:56:43 +01:00
lassulus
baeaee5b08 nixpkgs: 79c7b6a -> 604c441 2022-01-24 14:56:23 +01:00
lassulus
95f7f88185 l styx.r: use fixed tinc port because of NAT 2022-01-24 14:39:49 +01:00
lassulus
e422692ef6 go: fix urls with missing prefix 2022-01-24 14:36:22 +01:00
Felix
3b7632b086 external: add papawhakaaro.r 2022-01-18 21:48:34 +01:00
Kierán Meinhardt
138f9409fa external: move kmein to separate file 2022-01-18 19:13:03 +01:00
Kierán Meinhardt
b3818cc155 external: add rrm.r alias 2022-01-17 20:01:21 +01:00
lassulus
c0040ec697 nixpkgs-unstable: 59bfda7 -> 5aaed40 2022-01-15 18:16:23 +01:00
lassulus
3f3ae3fe5d Revert "nixpkgs-unstable: 59bfda7 -> 0ecf7d4"
This reverts commit 17892c2fa0.
2022-01-13 14:24:43 +01:00
lassulus
700e0a35db ergo: 2.8.0 -> 2.9.1 2022-01-12 20:24:29 +01:00
lassulus
660846db99 Merge remote-tracking branch 'ni/master' 2022-01-11 21:01:38 +01:00
tv
c76269e708 K_belwagen: init at 1.0.0 2022-01-11 20:57:11 +01:00
tv
decef6d478 painload: c113487 -> a963b45 2022-01-11 20:36:04 +01:00
lassulus
17892c2fa0 nixpkgs-unstable: 59bfda7 -> 0ecf7d4 2022-01-10 19:39:44 +01:00
lassulus
97ca7d4f35 nixpkgs: d1e59cf -> 79c7b6a 2022-01-10 19:39:29 +01:00
lassulus
f67bd5783d Merge remote-tracking branch 'mic92/master' 2022-01-09 18:04:22 +01:00
lassulus
66bcb802f5 Merge remote-tracking branch 'ni/master' 2022-01-09 18:03:04 +01:00
lassulus
42906bb779 pkgs.brockman: 4.0.2 -> 4.0.3 2022-01-09 18:02:51 +01:00
lassulus
ecfc5df838 news: disable history, raise identlen limit 2022-01-09 18:02:37 +01:00
4d50adb1fd mic92: add dyndns endpoint for turingmachine/bernie 2022-01-09 13:31:13 +01:00
4f5f9c87f1 jarvis: add dyndns 2022-01-09 12:49:26 +01:00
lassulus
3b8e4ecbb6 krebs news: increase ergo nicklen limit 2022-01-09 01:34:38 +01:00
lassulus
545b424ecb krebs: use ergo instead of solanum everywhere 2022-01-09 00:43:23 +01:00
tv
16aad34f14 git-hooks irc-announce: don't show merges 2022-01-07 20:59:37 +01:00
tv
622fe9c4ab Merge remote-tracking branch 'Mic92/master' 2022-01-07 20:55:09 +01:00
d814ddd212 mic92: add jarvis 2022-01-07 20:52:58 +01:00
tv
13db0ce256 much: 1.3.0 -> 1.3.1 2022-01-06 14:46:35 +01:00
lassulus
dbc2387520 Merge remote-tracking branch 'kmein/master' 2022-01-06 13:52:29 +01:00
lassulus
c5e8c95f68 Merge remote-tracking branch 'ni/master' 2022-01-06 13:52:10 +01:00
Kierán Meinhardt
4ebe149d32 external: rip bvg.kmein.r 2022-01-05 21:50:02 +01:00
Kierán Meinhardt
deda4c9789 external: add kmein grocy, remove radio 2022-01-05 21:34:08 +01:00
Lennart
a5df5deb3b add ed25519 pubkey to {catalonia,karakalpakstan}.r 2022-01-05 21:30:29 +01:00
tv
63e76e4218 krebs.backup: use dedicated .backup-filter 2022-01-05 04:04:52 +01:00
tv
77d17636b1 tv bu: init 2022-01-05 04:04:52 +01:00
tv
e82cbd6f35 exim: set User= but run as root
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=.  As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.

[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
2022-01-04 20:30:02 +01:00
tv
853e54ec84 htgen: use currect group names 2022-01-03 14:56:44 +01:00
makefu
2313e962e2
Merge remote-tracking branch 'lass/master' 2022-01-03 00:47:24 +01:00
makefu
057adcb836
k 3 ma: removing trace output for ed25519 keys 2022-01-03 00:47:03 +01:00
lassulus
afaf87781a krebs.tinc: make /etc/tinc/ writable by tincd 2022-01-02 23:30:50 +01:00
lassulus
dc42812610 Merge remote-tracking branch 'mic92/master' 2022-01-02 22:54:22 +01:00
lassulus
bb4fdd13a4 Merge remote-tracking branch 'ni/master' 2022-01-02 22:54:07 +01:00
lassulus
4b977044b9 Merge remote-tracking branch 'gum/master' 2022-01-02 22:53:37 +01:00
88ec249276 mic92: drop ipv4 for bernie 2022-01-02 22:14:24 +01:00
lassulus
fa81a9343a nixpkgs-unstable: ac169ec -> 59bfda7 2022-01-02 22:08:10 +01:00
lassulus
43650744d6 nixpkgs: 5730959 -> d1e59cf 2022-01-02 22:07:14 +01:00
6f96a15df6 mic92: add ip address for yasmin 2022-01-02 14:54:01 +01:00
62b30b0720 mic92: add tts.r 2021-12-31 17:26:47 +01:00
lassulus
c2bfb7b641 hotdog.r: add mud prototype 2021-12-31 16:40:42 +01:00
Kierán Meinhardt
e652f40200 weechat-declarative: fix example and filter generation 2021-12-30 03:22:40 +01:00
lassulus
1b59fef50a Merge remote-tracking branch 'kmein/master' 2021-12-30 03:20:45 +01:00
Kierán Meinhardt
ed896a991f external: update kmein ssh keys 2021-12-30 03:19:58 +01:00
lassulus
dd565a928a weechat-declarative: init 2021-12-30 02:14:35 +01:00
tv
bf319b9804 ircaids: 1.2.0 -> 1.3.0 2021-12-29 21:45:24 +01:00
tv
2280c39d3e krebs.systemd: don't offer to reload services
Because new credentials won't be available after reloading, only after
restarting.
2021-12-29 17:17:45 +01:00
lassulus
7e67b78596 Merge remote-tracking branch 'ni/master' 2021-12-29 16:33:02 +01:00
tv
2f15fd1d68 ergo: fix multiclient default config 2021-12-29 16:23:59 +01:00
lassulus
f393c44c22 external: pinpox-ahorn.r -> ahorn.r 2021-12-29 16:13:03 +01:00
lassulus
8a24a9f395 ergo: reload, accounts, channels, doc 2021-12-29 15:52:29 +01:00
lassulus
42bb86b812 Revert "nixpkgs: 5730959 -> d887ac7"
This reverts commit a1a9aad8ba.
2021-12-29 12:29:41 +01:00
lassulus
d3c3f1551f Merge remote-tracking branch 'ni/master' 2021-12-29 00:20:31 +01:00
makefu
7766b006a8
Merge remote-tracking branch 'tv/master' 2021-12-29 00:20:28 +01:00
tv
687948cfe5 ircaids: 1.1.0 -> 1.2.0 2021-12-29 00:12:22 +01:00
makefu
3330b6a2c4
k 3 ma: add ed25519 keys for all hosts 2021-12-29 00:05:10 +01:00
tv
69d266b76b ergo: kill dead code and stuff 2021-12-28 23:53:27 +01:00
makefu
a041768aa1
k 3 ma: make ed25519 keys available for hosts 2021-12-28 23:49:34 +01:00
lassulus
3bec49053d hotdog.r tinc: add ed25519 pubkey 2021-12-28 23:34:13 +01:00
lassulus
4e716685b1 hotdog.r: charydbis -> ergo 2021-12-28 23:20:51 +01:00
tv
a59ed5197f ircaids: 1.0.1 -> 1.1.0 2021-12-28 22:57:10 +01:00
tv
e9cd6d91dc ergo: always merge default config 2021-12-28 22:33:36 +01:00
lassulus
2a47990f16 ergo: use DynamicUser 2021-12-28 22:20:54 +01:00
lassulus
093f3466b0 ergo: 2.7.0-rc1 -> 2.8.0 2021-12-28 21:44:45 +01:00
lassulus
a03e6555f2 nixpkgs-unstable: b0bf5f8 -> ac169ec 2021-12-28 21:20:02 +01:00
lassulus
a1a9aad8ba nixpkgs: 5730959 -> d887ac7 2021-12-28 21:19:44 +01:00
lassulus
96c60accf3 Merge remote-tracking branch 'mic92/master' 2021-12-28 20:27:30 +01:00
tv
13a7209ca2 tv hosts: add all the ed25519 keys 2021-12-28 18:18:35 +01:00
Kierán Meinhardt
98e45d2075 mic92: fix ssh ed25519 keys 2021-12-28 16:49:07 +01:00
lassulus
7870cc2b04 external: fix ed25519 pubkey syntax 2021-12-28 16:44:23 +01:00
lassulus
02fbaca275 external kmein: fix ed25519 pubkey syntax 2021-12-28 16:41:24 +01:00
Pablo Ovelleiro Corral
17e614cb00 external: add pinpox-ahorn 2021-12-28 16:30:33 +01:00
Kierán Meinhardt
6104ec910e external: add kmein ed25519 keys 2021-12-28 16:10:19 +01:00
lassulus
c7b7bd48b5 l tinc: define ed25519 keys for all hosts 2021-12-28 16:09:42 +01:00
lassulus
8692db1285 Merge remote-tracking branch 'mic92/master' 2021-12-25 20:08:31 +01:00
cb26de2f5c matchbox: remove ipv4 2021-12-25 08:39:02 +01:00
tv
969bd9767e exim-smarthost: dkim_strict = true 2021-12-24 10:19:13 +01:00
tv
b33381d15e exim-smarthost: use LoadCredential 2021-12-24 09:22:41 +01:00
tv
7219292dd5 repo-sync: use LoadCredential 2021-12-24 00:51:28 +01:00
tv
71d11e8f2b repo-sync: add group 2021-12-24 00:51:28 +01:00
tv
234d9d96bf krebs.systemd: allow LoadCredential to be a string 2021-12-24 00:51:28 +01:00
lassulus
2be08e3c52 systemd module: use LoadCredentials from config.systemd.services 2021-12-23 23:59:22 +01:00
lassulus
29b796f521 Merge remote-tracking branch 'ni/master' 2021-12-23 21:49:55 +01:00
tv
d4521eb339 krebs.systemd: allow reload if credentials change 2021-12-23 20:18:28 +01:00
tv
1cf495d6eb krebs.systemd: support credentials of any service 2021-12-23 20:18:28 +01:00
a9d324f176 mic92: update ip for eve 2021-12-23 08:36:49 +01:00
tv
5f7ab23ebf krebs.tinc: drop environment.systemPackages TODO
Nobody bothered about this for more than five years.  And even though
fixable, chances are quite high that this feature is not needed anymore.
2021-12-23 03:20:36 +01:00
tv
8029e80632 krebs.tinc: drop api and imp boilerplate 2021-12-23 03:16:44 +01:00
tv
018018e16b krebs.tinc: don't bother aliasing packages 2021-12-23 03:12:58 +01:00
tv
21e407aa59 krebs.tinc: use LoadCredential 2021-12-23 01:59:25 +01:00
tv
d6ebd497f0 krebs.systemd.services: restart by LoadCredential 2021-12-23 01:59:25 +01:00
tv
448cd3b9af Merge remote-tracking branch 'prism/master' 2021-12-22 23:33:05 +01:00
tv
2656cbf2a9 empty -> emptyDirectory 2021-12-22 23:27:07 +01:00
lassulus
c9f0c17660 tinc module: reload instead of restart
remove enableLegacy option since reloading is dependant on
/etc/tinc/<netname> existing
2021-12-22 13:58:30 +01:00
lassulus
8f94e0bc4b Merge remote-tracking branch 'ni/master' 2021-12-21 16:45:56 +01:00
tv
e888b00a6b secret service: don't be wanted by multi-user.target
This fixes an issue causing secret-trigger-*.service to be restarted on
every activation because after triggering these services are dead, this
in turn causes restarts of secret-*.service.

And finally this caused the issue of always restarting tinc services
as they are PartOf= a couple of secert-*.service.
2021-12-21 15:27:44 +01:00
lassulus
0a7d779cc1 iptables module: add compat layer to networking.firewall 2021-12-21 12:38:07 +01:00
lassulus
d6f79283bf tinc module: use tinc_pre as default package 2021-12-21 12:08:47 +01:00
lassulus
5b71cbae40 Merge remote-tracking branch 'ni/master' 2021-12-20 21:23:50 +01:00
lassulus
c573ac9f0e Merge remote-tracking branch 'mic92/master' 2021-12-20 21:23:36 +01:00
lassulus
f198b1b80a rss-bridge: 2021-04-20 -> 2021-12-02 2021-12-20 21:22:05 +01:00
a7f26ef99b mic92: add mickey.r 2021-12-20 19:00:45 +01:00
tv
dbc54fb823 github-known-hosts: update list 2021-12-18 09:50:06 +01:00
lassulus
9e2e237af5 Merge remote-tracking branch 'ni/master' 2021-12-15 09:15:13 +01:00
tv
c2ee574729 flameshot-once profile: +drawColor 2021-12-14 23:23:28 +01:00
tv
657aa2b1d8 flameshot-once profile: don't startup on launch 2021-12-14 23:23:28 +01:00
tv
e655784c49 flameshot-once profile: +showStartupLaunchMessage 2021-12-14 23:23:28 +01:00
tv
329aadc66b flameshot-once profile: +showSidePanelButton 2021-12-14 23:23:28 +01:00
tv
0dc6bc199a flameshot-once profile: +copyAndCloseAfterUpload 2021-12-14 23:23:28 +01:00
tv
0f764d9199 flameshot-once profile: don't check for updates 2021-12-14 23:23:28 +01:00
tv
8fdd9b3a8f flameshot-once profile: use toINI 2021-12-14 23:23:28 +01:00
lassulus
dfdcad1028 nixpkgs-unstable: bc5d683 -> b0bf5f8 2021-12-14 16:03:38 +01:00
lassulus
f35e8188d2 nixpkgs: -> 5730959 2021-12-14 16:03:07 +01:00
lassulus
f2533d8892 ci: add gcroots for successful builds 2021-12-11 12:00:36 +01:00
lassulus
6b59b7972a wiki: listen gollum on localhost only 2021-12-10 18:09:44 +01:00
lassulus
9841e402e2 wiki.r: listen on localhost, fix http redirect 2021-12-10 10:13:49 +01:00
lassulus
6d3ea779b6 rotate krebsAcmeCA.crt 2021-12-10 09:56:02 +01:00
lassulus
e4384e10e9 pkgs.generate-krebs-intermediate-ca: set vailidy to 1y 2021-12-10 09:55:47 +01:00
lassulus
42f9caa6f7 brockman: 4.0.1 -> 4.0.2 2021-12-09 22:58:13 +01:00
lassulus
abd82c4faf ca.r: serve ca.crt via nginx 2021-12-09 14:52:35 +01:00
lassulus
fba330ab36 wiki.r: add acme ssl config 2021-12-09 14:30:25 +01:00
lassulus
08cdf8a6d5 remove hardcoded ca-bundle 2021-12-09 14:12:03 +01:00
lassulus
155e3e18b0 realwallpaper: use new graph.r endpoint 2021-12-09 11:35:27 +01:00
lassulus
8e66a4ff65 wiki: add host proxy_header 2021-12-09 11:31:10 +01:00
lassulus
e5fc654f50 add ACME ca via ca.r 2021-12-09 11:31:10 +01:00
b981c43a97 mic92: remove ipv4 from turingmachine 2021-12-08 21:08:53 +01:00
2bcac9f89c mic92: drop redundant addrs blocks 2021-12-08 21:08:53 +01:00
9900a57f3f mic92: drop eva's ipv4 address 2021-12-08 21:08:53 +01:00
759a471f88 mic92: drop eddie 2021-12-08 21:08:53 +01:00
makefu
3f6219e251 users: add xkey ssh key, use for logging into puyak 2021-12-08 16:15:40 +01:00
lassulus
b48f08ea8e ci: buildbot-classic -> buildbot; cleanup 2021-12-08 16:15:40 +01:00
lassulus
8756011d2d disable includeAllModules again (builds take too long) 2021-12-08 13:17:31 +01:00
Kierán Meinhardt
0d329f970b external: add moodle.kmein.r 2021-12-08 12:58:06 +01:00
lassulus
0f3c4547f9 Merge remote-tracking branch 'ni/master' into 21.11 2021-12-08 08:15:51 +01:00
lassulus
f221b9cc16 nixpkgs-unstable: 6daa4a5 -> bc5d683 2021-12-08 08:14:22 +01:00
lassulus
1b47abf1b4 nixpkgs: a640d83 -> 1bd4bbd 2021-12-08 08:14:01 +01:00
tv
8dbcfef020 flameshot: admit NixOS 21.11 2021-12-07 21:58:34 +01:00
makefu
7c87ed750b
nixpkgs: a640d83 -> a640d83 2021-12-05 14:37:43 +01:00
makefu
28d5d0233a
module airdcpp: make group explicit 2021-12-04 22:43:59 +01:00
makefu
22766982a2
module urlwatch: create group for user 2021-12-04 22:20:50 +01:00
makefu
c3fec61aad
ma: add more groups to users 2021-12-04 21:02:32 +01:00
makefu
84e7a1f222
arcadeomat.r wolf.r: remove use_tempaddr
coming from stockholm module for network
2021-12-04 20:27:59 +01:00
makefu
421e66a138
filebitch.r puyak.r: disable more collectd 2021-12-04 20:25:56 +01:00
makefu
2d3a292ea0
shack: set groups for created users
demanded by 21.11 to set the group
2021-12-04 20:04:37 +01:00
makefu
da6d3992cf
filebitch.r puyak.r: disable stats collection via collectd 2021-12-04 20:03:51 +01:00
makefu
ecaaa1faae
mqtt: migrate to new configuration format 2021-12-04 19:08:15 +01:00
makefu
c22610c8e6
Merge remote-tracking branch 'lass/21.11' into 21.11 2021-12-04 18:33:43 +01:00
makefu
add6d81efc
shack glados: init ampel 2021-12-04 17:30:13 +01:00
lassulus
e44a4024a0 nixpkgs-unstable: 715f634 -> 6daa4a5 2021-12-03 15:51:05 +01:00
lassulus
3906ddedcc nixpkgs: 96b4157 -> a640d83 2021-12-03 15:50:36 +01:00
lassulus
9f6c37f21c github-host-sync: add group 2021-12-01 18:31:53 +01:00
lassulus
bb709ce412 buildbot: add groups to users 2021-12-01 18:30:57 +01:00
lassulus
5d6bbe6797 brockman: add group 2021-12-01 18:29:24 +01:00