Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,113 Commits 1 Branch 0 Tags 28 MiB
6648ea3ceb
Commit Graph

1820 Commits

Author SHA1 Message Date
lassulus
ae9c0b1271 iptables: fix range definition 2022-03-25 14:29:50 +01:00
lassulus
3bd0fe0c2f Merge remote-tracking branch 'kmein/master' 2022-03-23 10:53:41 +01:00
tv
84801ef88c tv: <stockholm> -> ../../.. 2022-03-22 20:11:57 +01:00
tv
60bdd171f5 Merge remote-tracking branch 'prism/master' 2022-03-18 16:52:49 +01:00
tv
519648574e tv: derive ssh.privkey.path 2022-03-18 16:17:44 +01:00
tv
f063c85ed0 tv: allow hosts without nets 2022-03-18 16:17:44 +01:00
tv
e008a493e0 tv: hostDefaults -> evalHost 2022-03-18 16:17:44 +01:00
Kierán Meinhardt
291e9f940c external: add tahina.r 2022-03-16 16:18:09 +01:00
Kierán Meinhardt
7840dca238 external: add home.kmein.r 2022-03-13 17:22:13 +01:00
lassulus
2dc05dbafb mic92: add mukke.krebsco.de CNAME 2022-03-11 20:03:10 +01:00
lassulus
db47b7eec9 Merge remote-tracking branch 'mic92/master' 2022-03-11 13:11:42 +01:00
lassulus
b1576fa5a9 Merge remote-tracking branch 'gum/master' 2022-03-11 13:10:26 +01:00
makefu
7684bcb3d4
Merge remote-tracking branch 'lass/master' 2022-03-10 23:38:36 +01:00
makefu
5bb56133e5
ma gum -> nextgum 2022-03-10 23:38:10 +01:00
Jörg Thalheim
27b112ab32 mic92: herbert: drop ipv6 2022-03-09 21:00:03 +00:00
tv
54f5cca6a5 tinc: allow initialization to fail fast 2022-03-06 17:34:10 +01:00
tv
7f4aef1ffb tinc: use default key locations 
This fixes a warning about missing keys wenn reloading tinc services.
 2022-03-06 17:34:10 +01:00
tv
3f5851a4bb tinc: start tincd using -n 2022-03-06 17:34:10 +01:00
tv
dd1584574a tinc: rsync using checksum 
Because timestamps in the Nix store cannot be used.
 2022-03-06 17:34:10 +01:00
tv
f6cba3d856 tinc: drop unused path definition 2022-03-06 17:33:04 +01:00
tv
4fa1783c64 tinc: stopIfChanged = false instead of reload 2022-03-06 17:32:48 +01:00
tv
ccc7796402 Revert "tinc: use ip from path" 
This reverts commit 332d4f5e17.
 2022-03-06 10:51:05 +01:00
tv
560371d038 Revert "tinc tinc-up: don't rely on store path interpreter" 
This reverts commit 6002189225.
 2022-03-06 10:50:41 +01:00
lassulus
87a44dd157 tinc: add logLevel with default of 3 2022-03-03 10:53:25 +01:00
lassulus
a49a815115 Merge remote-tracking branch 'kmein/master' 2022-03-02 16:38:15 +01:00
lassulus
44a42bb268 Merge remote-tracking branch 'gum/master' 2022-03-02 16:37:48 +01:00
lassulus
6002189225 tinc tinc-up: don't rely on store path interpreter 2022-03-01 14:20:57 +01:00
makefu
0086cc952b
k 3 rtorrent: rip 
in favor of upstream rtorret + flood
 2022-02-28 21:45:20 +01:00
makefu
123221de60
ma rss.euer: gum -> latte 2022-02-28 21:44:27 +01:00
makefu
d085a1b0b4
k 3 ma: torrent.latte.r 2022-02-22 21:47:59 +01:00
Kierán Meinhardt
c88b48f026 external: add redaktion.r 2022-02-22 20:32:16 +01:00
makefu
66341414c5
ma retiolum: fix ed25519 for latte 2022-02-17 22:46:55 +01:00
makefu
6f26a01e0a
k 3 ma: init latte 2022-02-15 22:29:33 +01:00
lassulus
29dbbbb453 Merge remote-tracking branch 'ni/master' 2022-02-14 16:39:07 +01:00
Jörg Thalheim
7c0e9338e5
mic92: drop ipv4 from dimitriosxps 2022-02-14 15:21:59 +01:00
Jörg Thalheim
be45f9fb12
mic92: add navidrome 2022-02-13 07:28:45 +01:00
xkey
304ff4f8e5 external: add alsace.r 2022-02-10 00:00:26 +01:00
lassulus
0ec9ceb5d5 tinc: don't connect to gum 2022-02-08 18:20:21 +01:00
Jörg Thalheim
a2c6601f4b
mic92: add hal9000 2022-02-07 15:01:03 +01:00
Jörg Thalheim
249c6bf9cc
mic92: add flood.r alias 2022-02-06 11:27:35 +01:00
lassulus
332d4f5e17 tinc: use ip from path 2022-02-03 08:58:00 +01:00
tv
f4cb095b72 tv umz: add wiregrill pubkey 2022-02-02 08:53:11 +01:00
lassulus
be042e3446 gum.r: set weight to over 9000 
we do this so we never route via gum, which tends to eat our packets and
makes it impossible to connect to other peers via gum.
 2022-02-01 13:52:21 +01:00
tv
e7884ba391 tv umz: init 2022-01-31 16:06:26 +01:00
tv
9e577d3b88 tv ni wiregrill: assign ipv4 addr 2022-01-31 16:05:39 +01:00
tv
8542154229 tv ni wiregrill: add via 2022-01-31 11:36:23 +01:00
lassulus
100b6fc243 move acl module to krebs 2022-01-30 11:22:09 +01:00
lassulus
7ec575267c tinc.extraConfig: str -> lines 2022-01-29 23:45:55 +01:00
lassulus
510bfbc9b2 sync-containers: remove obsolete .decalartive 2022-01-29 19:23:36 +01:00
lassulus
14aea1ab48 Merge remote-tracking branch 'mic92/master' 2022-01-29 19:15:35 +01:00
lassulus
d878887c82 Merge remote-tracking branch 'ni/master' 2022-01-29 19:15:19 +01:00
lassulus
fca55dd3e9 tinc: restart via reload for less downtimes 2022-01-29 19:14:53 +01:00
Jörg Thalheim
248b3459c7 mic92: drop philipsaendig, drop rock ip4 2022-01-29 10:01:26 +01:00
Jörg Thalheim
088ff202cc mic92: drop ipv4 for yasmin, nardole, bill, graham, ryan 2022-01-29 10:01:26 +01:00
makefu
31a4946a91
ma: add syncthing id for omo.r and x.r 2022-01-28 23:48:57 +01:00
Kierán Meinhardt
d866e61c09 external: add radio.kmein.r 2022-01-28 15:57:59 +01:00
tv
109f6ab1c5 krebs modules: reorder externals 2022-01-27 12:20:31 +01:00
tv
acd91d2263 krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00
lassulus
83ec0fdb97 Merge remote-tracking branch 'ni/master' 2022-01-27 10:55:55 +01:00
tv
ad6f0cd901 krebs.setuid: remove security.wrappers's cruft 2022-01-27 05:37:32 +01:00
tv
10891882ab krebs.setuid: mark activate string as sh 2022-01-27 05:37:06 +01:00
Jörg Thalheim
ba8a196faf mic92: add dan 2022-01-27 04:21:01 +01:00
Jörg Thalheim
bfb86ca39a mic92: add astrid 2022-01-27 04:21:01 +01:00
tv
f4e35a7312 krebs.setuid: add support for capabilities 2022-01-26 12:58:26 +01:00
lassulus
f78f3c701b Merge remote-tracking branch 'kmein/master' 2022-01-25 20:12:08 +01:00
Kierán Meinhardt
48830c48c5 external: give kmein phone an ipv4 2022-01-25 20:07:36 +01:00
lassulus
27a726b6cf external qubasa pub: remove trailing newline 2022-01-24 16:41:41 +01:00
Kierán Meinhardt
b846210a1c external: one kmein per ssh key 2022-01-24 16:03:47 +01:00
lassulus
95f7f88185 l styx.r: use fixed tinc port because of NAT 2022-01-24 14:39:49 +01:00
lassulus
e422692ef6 go: fix urls with missing prefix 2022-01-24 14:36:22 +01:00
Felix
3b7632b086 external: add papawhakaaro.r 2022-01-18 21:48:34 +01:00
Kierán Meinhardt
138f9409fa external: move kmein to separate file 2022-01-18 19:13:03 +01:00
Kierán Meinhardt
b3818cc155 external: add rrm.r alias 2022-01-17 20:01:21 +01:00
lassulus
f67bd5783d Merge remote-tracking branch 'mic92/master' 2022-01-09 18:04:22 +01:00
lassulus
66bcb802f5 Merge remote-tracking branch 'ni/master' 2022-01-09 18:03:04 +01:00
Jörg Thalheim
4d50adb1fd mic92: add dyndns endpoint for turingmachine/bernie 2022-01-09 13:31:13 +01:00
Jörg Thalheim
4f5f9c87f1 jarvis: add dyndns 2022-01-09 12:49:26 +01:00
lassulus
545b424ecb krebs: use ergo instead of solanum everywhere 2022-01-09 00:43:23 +01:00
Jörg Thalheim
d814ddd212 mic92: add jarvis 2022-01-07 20:52:58 +01:00
lassulus
dbc2387520 Merge remote-tracking branch 'kmein/master' 2022-01-06 13:52:29 +01:00
lassulus
c5e8c95f68 Merge remote-tracking branch 'ni/master' 2022-01-06 13:52:10 +01:00
Kierán Meinhardt
4ebe149d32 external: rip bvg.kmein.r 2022-01-05 21:50:02 +01:00
Kierán Meinhardt
deda4c9789 external: add kmein grocy, remove radio 2022-01-05 21:34:08 +01:00
Lennart
a5df5deb3b add ed25519 pubkey to {catalonia,karakalpakstan}.r 2022-01-05 21:30:29 +01:00
tv
63e76e4218 krebs.backup: use dedicated .backup-filter 2022-01-05 04:04:52 +01:00
tv
77d17636b1 tv bu: init 2022-01-05 04:04:52 +01:00
tv
e82cbd6f35 exim: set User= but run as root 
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=.  As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.

[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
 2022-01-04 20:30:02 +01:00
tv
853e54ec84 htgen: use currect group names 2022-01-03 14:56:44 +01:00
makefu
2313e962e2
Merge remote-tracking branch 'lass/master' 2022-01-03 00:47:24 +01:00
makefu
057adcb836
k 3 ma: removing trace output for ed25519 keys 2022-01-03 00:47:03 +01:00
lassulus
afaf87781a krebs.tinc: make /etc/tinc/ writable by tincd 2022-01-02 23:30:50 +01:00
lassulus
dc42812610 Merge remote-tracking branch 'mic92/master' 2022-01-02 22:54:22 +01:00
lassulus
bb4fdd13a4 Merge remote-tracking branch 'ni/master' 2022-01-02 22:54:07 +01:00
lassulus
4b977044b9 Merge remote-tracking branch 'gum/master' 2022-01-02 22:53:37 +01:00
Jörg Thalheim
88ec249276 mic92: drop ipv4 for bernie 2022-01-02 22:14:24 +01:00
Jörg Thalheim
6f96a15df6 mic92: add ip address for yasmin 2022-01-02 14:54:01 +01:00
Jörg Thalheim
62b30b0720 mic92: add tts.r 2021-12-31 17:26:47 +01:00
lassulus
1b59fef50a Merge remote-tracking branch 'kmein/master' 2021-12-30 03:20:45 +01:00
Kierán Meinhardt
ed896a991f external: update kmein ssh keys 2021-12-30 03:19:58 +01:00
tv
2280c39d3e krebs.systemd: don't offer to reload services 
Because new credentials won't be available after reloading, only after
restarting.
 2021-12-29 17:17:45 +01:00
lassulus
7e67b78596 Merge remote-tracking branch 'ni/master' 2021-12-29 16:33:02 +01:00
tv
2f15fd1d68 ergo: fix multiclient default config 2021-12-29 16:23:59 +01:00
lassulus
f393c44c22 external: pinpox-ahorn.r -> ahorn.r 2021-12-29 16:13:03 +01:00
lassulus
8a24a9f395 ergo: reload, accounts, channels, doc 2021-12-29 15:52:29 +01:00
lassulus
d3c3f1551f Merge remote-tracking branch 'ni/master' 2021-12-29 00:20:31 +01:00
makefu
7766b006a8
Merge remote-tracking branch 'tv/master' 2021-12-29 00:20:28 +01:00
makefu
3330b6a2c4
k 3 ma: add ed25519 keys for all hosts 2021-12-29 00:05:10 +01:00
tv
69d266b76b ergo: kill dead code and stuff 2021-12-28 23:53:27 +01:00
makefu
a041768aa1
k 3 ma: make ed25519 keys available for hosts 2021-12-28 23:49:34 +01:00
lassulus
3bec49053d hotdog.r tinc: add ed25519 pubkey 2021-12-28 23:34:13 +01:00
tv
e9cd6d91dc ergo: always merge default config 2021-12-28 22:33:36 +01:00
lassulus
2a47990f16 ergo: use DynamicUser 2021-12-28 22:20:54 +01:00
lassulus
96c60accf3 Merge remote-tracking branch 'mic92/master' 2021-12-28 20:27:30 +01:00
tv
13a7209ca2 tv hosts: add all the ed25519 keys 2021-12-28 18:18:35 +01:00
Kierán Meinhardt
98e45d2075 mic92: fix ssh ed25519 keys 2021-12-28 16:49:07 +01:00
lassulus
7870cc2b04 external: fix ed25519 pubkey syntax 2021-12-28 16:44:23 +01:00
lassulus
02fbaca275 external kmein: fix ed25519 pubkey syntax 2021-12-28 16:41:24 +01:00
Pablo Ovelleiro Corral
17e614cb00 external: add pinpox-ahorn 2021-12-28 16:30:33 +01:00
Kierán Meinhardt
6104ec910e external: add kmein ed25519 keys 2021-12-28 16:10:19 +01:00
lassulus
c7b7bd48b5 l tinc: define ed25519 keys for all hosts 2021-12-28 16:09:42 +01:00
lassulus
8692db1285 Merge remote-tracking branch 'mic92/master' 2021-12-25 20:08:31 +01:00
Jörg Thalheim
cb26de2f5c matchbox: remove ipv4 2021-12-25 08:39:02 +01:00
tv
969bd9767e exim-smarthost: dkim_strict = true 2021-12-24 10:19:13 +01:00
tv
b33381d15e exim-smarthost: use LoadCredential 2021-12-24 09:22:41 +01:00
tv
7219292dd5 repo-sync: use LoadCredential 2021-12-24 00:51:28 +01:00
tv
71d11e8f2b repo-sync: add group 2021-12-24 00:51:28 +01:00
tv
234d9d96bf krebs.systemd: allow LoadCredential to be a string 2021-12-24 00:51:28 +01:00
lassulus
2be08e3c52 systemd module: use LoadCredentials from config.systemd.services 2021-12-23 23:59:22 +01:00
lassulus
29b796f521 Merge remote-tracking branch 'ni/master' 2021-12-23 21:49:55 +01:00
tv
d4521eb339 krebs.systemd: allow reload if credentials change 2021-12-23 20:18:28 +01:00
tv
1cf495d6eb krebs.systemd: support credentials of any service 2021-12-23 20:18:28 +01:00
Jörg Thalheim
a9d324f176 mic92: update ip for eve 2021-12-23 08:36:49 +01:00
tv
5f7ab23ebf krebs.tinc: drop environment.systemPackages TODO 
Nobody bothered about this for more than five years.  And even though
fixable, chances are quite high that this feature is not needed anymore.
 2021-12-23 03:20:36 +01:00
tv
8029e80632 krebs.tinc: drop api and imp boilerplate 2021-12-23 03:16:44 +01:00
tv
018018e16b krebs.tinc: don't bother aliasing packages 2021-12-23 03:12:58 +01:00
tv
21e407aa59 krebs.tinc: use LoadCredential 2021-12-23 01:59:25 +01:00
tv
d6ebd497f0 krebs.systemd.services: restart by LoadCredential 2021-12-23 01:59:25 +01:00
tv
448cd3b9af Merge remote-tracking branch 'prism/master' 2021-12-22 23:33:05 +01:00
tv
2656cbf2a9 empty -> emptyDirectory 2021-12-22 23:27:07 +01:00
lassulus
c9f0c17660 tinc module: reload instead of restart 
remove enableLegacy option since reloading is dependant on
/etc/tinc/<netname> existing
 2021-12-22 13:58:30 +01:00
lassulus
8f94e0bc4b Merge remote-tracking branch 'ni/master' 2021-12-21 16:45:56 +01:00
tv
e888b00a6b secret service: don't be wanted by multi-user.target 
This fixes an issue causing secret-trigger-*.service to be restarted on
every activation because after triggering these services are dead, this
in turn causes restarts of secret-*.service.

And finally this caused the issue of always restarting tinc services
as they are PartOf= a couple of secert-*.service.
 2021-12-21 15:27:44 +01:00
lassulus
0a7d779cc1 iptables module: add compat layer to networking.firewall 2021-12-21 12:38:07 +01:00
lassulus
d6f79283bf tinc module: use tinc_pre as default package 2021-12-21 12:08:47 +01:00
lassulus
5b71cbae40 Merge remote-tracking branch 'ni/master' 2021-12-20 21:23:50 +01:00
Jörg Thalheim
a7f26ef99b mic92: add mickey.r 2021-12-20 19:00:45 +01:00
tv
dbc54fb823 github-known-hosts: update list 2021-12-18 09:50:06 +01:00
lassulus
f2533d8892 ci: add gcroots for successful builds 2021-12-11 12:00:36 +01:00
lassulus
abd82c4faf ca.r: serve ca.crt via nginx 2021-12-09 14:52:35 +01:00
lassulus
fba330ab36 wiki.r: add acme ssl config 2021-12-09 14:30:25 +01:00