tv
7f4aef1ffb
tinc: use default key locations
...
This fixes a warning about missing keys wenn reloading tinc services.
2022-03-06 17:34:10 +01:00
tv
3f5851a4bb
tinc: start tincd using -n
2022-03-06 17:34:10 +01:00
tv
dd1584574a
tinc: rsync using checksum
...
Because timestamps in the Nix store cannot be used.
2022-03-06 17:34:10 +01:00
tv
f6cba3d856
tinc: drop unused path definition
2022-03-06 17:33:04 +01:00
tv
4fa1783c64
tinc: stopIfChanged = false instead of reload
2022-03-06 17:32:48 +01:00
tv
ccc7796402
Revert "tinc: use ip from path"
...
This reverts commit 332d4f5e17
.
2022-03-06 10:51:05 +01:00
tv
560371d038
Revert "tinc tinc-up: don't rely on store path interpreter"
...
This reverts commit 6002189225
.
2022-03-06 10:50:41 +01:00
lassulus
87a44dd157
tinc: add logLevel with default of 3
2022-03-03 10:53:25 +01:00
lassulus
a49a815115
Merge remote-tracking branch 'kmein/master'
2022-03-02 16:38:15 +01:00
lassulus
44a42bb268
Merge remote-tracking branch 'gum/master'
2022-03-02 16:37:48 +01:00
lassulus
6002189225
tinc tinc-up: don't rely on store path interpreter
2022-03-01 14:20:57 +01:00
makefu
0086cc952b
k 3 rtorrent: rip
...
in favor of upstream rtorret + flood
2022-02-28 21:45:20 +01:00
makefu
123221de60
ma rss.euer: gum -> latte
2022-02-28 21:44:27 +01:00
makefu
d085a1b0b4
k 3 ma: torrent.latte.r
2022-02-22 21:47:59 +01:00
Kierán Meinhardt
c88b48f026
external: add redaktion.r
2022-02-22 20:32:16 +01:00
makefu
66341414c5
ma retiolum: fix ed25519 for latte
2022-02-17 22:46:55 +01:00
makefu
6f26a01e0a
k 3 ma: init latte
2022-02-15 22:29:33 +01:00
lassulus
29dbbbb453
Merge remote-tracking branch 'ni/master'
2022-02-14 16:39:07 +01:00
7c0e9338e5
mic92: drop ipv4 from dimitriosxps
2022-02-14 15:21:59 +01:00
be45f9fb12
mic92: add navidrome
2022-02-13 07:28:45 +01:00
xkey
304ff4f8e5
external: add alsace.r
2022-02-10 00:00:26 +01:00
lassulus
0ec9ceb5d5
tinc: don't connect to gum
2022-02-08 18:20:21 +01:00
a2c6601f4b
mic92: add hal9000
2022-02-07 15:01:03 +01:00
249c6bf9cc
mic92: add flood.r alias
2022-02-06 11:27:35 +01:00
lassulus
332d4f5e17
tinc: use ip from path
2022-02-03 08:58:00 +01:00
tv
f4cb095b72
tv umz: add wiregrill pubkey
2022-02-02 08:53:11 +01:00
lassulus
be042e3446
gum.r: set weight to over 9000
...
we do this so we never route via gum, which tends to eat our packets and
makes it impossible to connect to other peers via gum.
2022-02-01 13:52:21 +01:00
tv
e7884ba391
tv umz: init
2022-01-31 16:06:26 +01:00
tv
9e577d3b88
tv ni wiregrill: assign ipv4 addr
2022-01-31 16:05:39 +01:00
tv
8542154229
tv ni wiregrill: add via
2022-01-31 11:36:23 +01:00
lassulus
100b6fc243
move acl module to krebs
2022-01-30 11:22:09 +01:00
lassulus
7ec575267c
tinc.extraConfig: str -> lines
2022-01-29 23:45:55 +01:00
lassulus
510bfbc9b2
sync-containers: remove obsolete .decalartive
2022-01-29 19:23:36 +01:00
lassulus
14aea1ab48
Merge remote-tracking branch 'mic92/master'
2022-01-29 19:15:35 +01:00
lassulus
d878887c82
Merge remote-tracking branch 'ni/master'
2022-01-29 19:15:19 +01:00
lassulus
fca55dd3e9
tinc: restart via reload for less downtimes
2022-01-29 19:14:53 +01:00
248b3459c7
mic92: drop philipsaendig, drop rock ip4
2022-01-29 10:01:26 +01:00
088ff202cc
mic92: drop ipv4 for yasmin, nardole, bill, graham, ryan
2022-01-29 10:01:26 +01:00
makefu
31a4946a91
ma: add syncthing id for omo.r and x.r
2022-01-28 23:48:57 +01:00
Kierán Meinhardt
d866e61c09
external: add radio.kmein.r
2022-01-28 15:57:59 +01:00
tv
109f6ab1c5
krebs modules: reorder externals
2022-01-27 12:20:31 +01:00
tv
acd91d2263
krebs modules: reorder main imports
2022-01-27 12:19:47 +01:00
lassulus
83ec0fdb97
Merge remote-tracking branch 'ni/master'
2022-01-27 10:55:55 +01:00
tv
ad6f0cd901
krebs.setuid: remove security.wrappers's cruft
2022-01-27 05:37:32 +01:00
tv
10891882ab
krebs.setuid: mark activate string as sh
2022-01-27 05:37:06 +01:00
ba8a196faf
mic92: add dan
2022-01-27 04:21:01 +01:00
bfb86ca39a
mic92: add astrid
2022-01-27 04:21:01 +01:00
tv
f4e35a7312
krebs.setuid: add support for capabilities
2022-01-26 12:58:26 +01:00
lassulus
f78f3c701b
Merge remote-tracking branch 'kmein/master'
2022-01-25 20:12:08 +01:00
Kierán Meinhardt
48830c48c5
external: give kmein phone an ipv4
2022-01-25 20:07:36 +01:00
lassulus
27a726b6cf
external qubasa pub: remove trailing newline
2022-01-24 16:41:41 +01:00
Kierán Meinhardt
b846210a1c
external: one kmein per ssh key
2022-01-24 16:03:47 +01:00
lassulus
95f7f88185
l styx.r: use fixed tinc port because of NAT
2022-01-24 14:39:49 +01:00
lassulus
e422692ef6
go: fix urls with missing prefix
2022-01-24 14:36:22 +01:00
Felix
3b7632b086
external: add papawhakaaro.r
2022-01-18 21:48:34 +01:00
Kierán Meinhardt
138f9409fa
external: move kmein to separate file
2022-01-18 19:13:03 +01:00
Kierán Meinhardt
b3818cc155
external: add rrm.r alias
2022-01-17 20:01:21 +01:00
lassulus
f67bd5783d
Merge remote-tracking branch 'mic92/master'
2022-01-09 18:04:22 +01:00
lassulus
66bcb802f5
Merge remote-tracking branch 'ni/master'
2022-01-09 18:03:04 +01:00
4d50adb1fd
mic92: add dyndns endpoint for turingmachine/bernie
2022-01-09 13:31:13 +01:00
4f5f9c87f1
jarvis: add dyndns
2022-01-09 12:49:26 +01:00
lassulus
545b424ecb
krebs: use ergo instead of solanum everywhere
2022-01-09 00:43:23 +01:00
d814ddd212
mic92: add jarvis
2022-01-07 20:52:58 +01:00
lassulus
dbc2387520
Merge remote-tracking branch 'kmein/master'
2022-01-06 13:52:29 +01:00
lassulus
c5e8c95f68
Merge remote-tracking branch 'ni/master'
2022-01-06 13:52:10 +01:00
Kierán Meinhardt
4ebe149d32
external: rip bvg.kmein.r
2022-01-05 21:50:02 +01:00
Kierán Meinhardt
deda4c9789
external: add kmein grocy, remove radio
2022-01-05 21:34:08 +01:00
Lennart
a5df5deb3b
add ed25519 pubkey to {catalonia,karakalpakstan}.r
2022-01-05 21:30:29 +01:00
tv
63e76e4218
krebs.backup: use dedicated .backup-filter
2022-01-05 04:04:52 +01:00
tv
77d17636b1
tv bu: init
2022-01-05 04:04:52 +01:00
tv
e82cbd6f35
exim: set User= but run as root
...
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=. As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.
[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
2022-01-04 20:30:02 +01:00
tv
853e54ec84
htgen: use currect group names
2022-01-03 14:56:44 +01:00
makefu
2313e962e2
Merge remote-tracking branch 'lass/master'
2022-01-03 00:47:24 +01:00
makefu
057adcb836
k 3 ma: removing trace output for ed25519 keys
2022-01-03 00:47:03 +01:00
lassulus
afaf87781a
krebs.tinc: make /etc/tinc/ writable by tincd
2022-01-02 23:30:50 +01:00
lassulus
dc42812610
Merge remote-tracking branch 'mic92/master'
2022-01-02 22:54:22 +01:00
lassulus
bb4fdd13a4
Merge remote-tracking branch 'ni/master'
2022-01-02 22:54:07 +01:00
lassulus
4b977044b9
Merge remote-tracking branch 'gum/master'
2022-01-02 22:53:37 +01:00
88ec249276
mic92: drop ipv4 for bernie
2022-01-02 22:14:24 +01:00
6f96a15df6
mic92: add ip address for yasmin
2022-01-02 14:54:01 +01:00
62b30b0720
mic92: add tts.r
2021-12-31 17:26:47 +01:00
lassulus
1b59fef50a
Merge remote-tracking branch 'kmein/master'
2021-12-30 03:20:45 +01:00
Kierán Meinhardt
ed896a991f
external: update kmein ssh keys
2021-12-30 03:19:58 +01:00
tv
2280c39d3e
krebs.systemd: don't offer to reload services
...
Because new credentials won't be available after reloading, only after
restarting.
2021-12-29 17:17:45 +01:00
lassulus
7e67b78596
Merge remote-tracking branch 'ni/master'
2021-12-29 16:33:02 +01:00
tv
2f15fd1d68
ergo: fix multiclient default config
2021-12-29 16:23:59 +01:00
lassulus
f393c44c22
external: pinpox-ahorn.r -> ahorn.r
2021-12-29 16:13:03 +01:00
lassulus
8a24a9f395
ergo: reload, accounts, channels, doc
2021-12-29 15:52:29 +01:00
lassulus
d3c3f1551f
Merge remote-tracking branch 'ni/master'
2021-12-29 00:20:31 +01:00
makefu
7766b006a8
Merge remote-tracking branch 'tv/master'
2021-12-29 00:20:28 +01:00
makefu
3330b6a2c4
k 3 ma: add ed25519 keys for all hosts
2021-12-29 00:05:10 +01:00
tv
69d266b76b
ergo: kill dead code and stuff
2021-12-28 23:53:27 +01:00
makefu
a041768aa1
k 3 ma: make ed25519 keys available for hosts
2021-12-28 23:49:34 +01:00
lassulus
3bec49053d
hotdog.r tinc: add ed25519 pubkey
2021-12-28 23:34:13 +01:00
tv
e9cd6d91dc
ergo: always merge default config
2021-12-28 22:33:36 +01:00
lassulus
2a47990f16
ergo: use DynamicUser
2021-12-28 22:20:54 +01:00
lassulus
96c60accf3
Merge remote-tracking branch 'mic92/master'
2021-12-28 20:27:30 +01:00
tv
13a7209ca2
tv hosts: add all the ed25519 keys
2021-12-28 18:18:35 +01:00
Kierán Meinhardt
98e45d2075
mic92: fix ssh ed25519 keys
2021-12-28 16:49:07 +01:00
lassulus
7870cc2b04
external: fix ed25519 pubkey syntax
2021-12-28 16:44:23 +01:00
lassulus
02fbaca275
external kmein: fix ed25519 pubkey syntax
2021-12-28 16:41:24 +01:00
Pablo Ovelleiro Corral
17e614cb00
external: add pinpox-ahorn
2021-12-28 16:30:33 +01:00
Kierán Meinhardt
6104ec910e
external: add kmein ed25519 keys
2021-12-28 16:10:19 +01:00
lassulus
c7b7bd48b5
l tinc: define ed25519 keys for all hosts
2021-12-28 16:09:42 +01:00
lassulus
8692db1285
Merge remote-tracking branch 'mic92/master'
2021-12-25 20:08:31 +01:00
cb26de2f5c
matchbox: remove ipv4
2021-12-25 08:39:02 +01:00
tv
969bd9767e
exim-smarthost: dkim_strict = true
2021-12-24 10:19:13 +01:00
tv
b33381d15e
exim-smarthost: use LoadCredential
2021-12-24 09:22:41 +01:00
tv
7219292dd5
repo-sync: use LoadCredential
2021-12-24 00:51:28 +01:00
tv
71d11e8f2b
repo-sync: add group
2021-12-24 00:51:28 +01:00
tv
234d9d96bf
krebs.systemd: allow LoadCredential to be a string
2021-12-24 00:51:28 +01:00
lassulus
2be08e3c52
systemd module: use LoadCredentials from config.systemd.services
2021-12-23 23:59:22 +01:00
lassulus
29b796f521
Merge remote-tracking branch 'ni/master'
2021-12-23 21:49:55 +01:00
tv
d4521eb339
krebs.systemd: allow reload if credentials change
2021-12-23 20:18:28 +01:00
tv
1cf495d6eb
krebs.systemd: support credentials of any service
2021-12-23 20:18:28 +01:00
a9d324f176
mic92: update ip for eve
2021-12-23 08:36:49 +01:00
tv
5f7ab23ebf
krebs.tinc: drop environment.systemPackages TODO
...
Nobody bothered about this for more than five years. And even though
fixable, chances are quite high that this feature is not needed anymore.
2021-12-23 03:20:36 +01:00
tv
8029e80632
krebs.tinc: drop api and imp boilerplate
2021-12-23 03:16:44 +01:00
tv
018018e16b
krebs.tinc: don't bother aliasing packages
2021-12-23 03:12:58 +01:00
tv
21e407aa59
krebs.tinc: use LoadCredential
2021-12-23 01:59:25 +01:00
tv
d6ebd497f0
krebs.systemd.services: restart by LoadCredential
2021-12-23 01:59:25 +01:00
tv
448cd3b9af
Merge remote-tracking branch 'prism/master'
2021-12-22 23:33:05 +01:00
tv
2656cbf2a9
empty -> emptyDirectory
2021-12-22 23:27:07 +01:00
lassulus
c9f0c17660
tinc module: reload instead of restart
...
remove enableLegacy option since reloading is dependant on
/etc/tinc/<netname> existing
2021-12-22 13:58:30 +01:00
lassulus
8f94e0bc4b
Merge remote-tracking branch 'ni/master'
2021-12-21 16:45:56 +01:00
tv
e888b00a6b
secret service: don't be wanted by multi-user.target
...
This fixes an issue causing secret-trigger-*.service to be restarted on
every activation because after triggering these services are dead, this
in turn causes restarts of secret-*.service.
And finally this caused the issue of always restarting tinc services
as they are PartOf= a couple of secert-*.service.
2021-12-21 15:27:44 +01:00
lassulus
0a7d779cc1
iptables module: add compat layer to networking.firewall
2021-12-21 12:38:07 +01:00
lassulus
d6f79283bf
tinc module: use tinc_pre as default package
2021-12-21 12:08:47 +01:00
lassulus
5b71cbae40
Merge remote-tracking branch 'ni/master'
2021-12-20 21:23:50 +01:00
a7f26ef99b
mic92: add mickey.r
2021-12-20 19:00:45 +01:00
tv
dbc54fb823
github-known-hosts: update list
2021-12-18 09:50:06 +01:00
lassulus
f2533d8892
ci: add gcroots for successful builds
2021-12-11 12:00:36 +01:00
lassulus
abd82c4faf
ca.r: serve ca.crt via nginx
2021-12-09 14:52:35 +01:00
lassulus
fba330ab36
wiki.r: add acme ssl config
2021-12-09 14:30:25 +01:00
lassulus
155e3e18b0
realwallpaper: use new graph.r endpoint
2021-12-09 11:35:27 +01:00
lassulus
e5fc654f50
add ACME ca via ca.r
2021-12-09 11:31:10 +01:00
b981c43a97
mic92: remove ipv4 from turingmachine
2021-12-08 21:08:53 +01:00
2bcac9f89c
mic92: drop redundant addrs blocks
2021-12-08 21:08:53 +01:00
9900a57f3f
mic92: drop eva's ipv4 address
2021-12-08 21:08:53 +01:00
759a471f88
mic92: drop eddie
2021-12-08 21:08:53 +01:00
makefu
3f6219e251
users: add xkey ssh key, use for logging into puyak
2021-12-08 16:15:40 +01:00
lassulus
b48f08ea8e
ci: buildbot-classic -> buildbot; cleanup
2021-12-08 16:15:40 +01:00
Kierán Meinhardt
0d329f970b
external: add moodle.kmein.r
2021-12-08 12:58:06 +01:00
makefu
28d5d0233a
module airdcpp: make group explicit
2021-12-04 22:43:59 +01:00
makefu
22766982a2
module urlwatch: create group for user
2021-12-04 22:20:50 +01:00
makefu
c22610c8e6
Merge remote-tracking branch 'lass/21.11' into 21.11
2021-12-04 18:33:43 +01:00
lassulus
9f6c37f21c
github-host-sync: add group
2021-12-01 18:31:53 +01:00
lassulus
bb709ce412
buildbot: add groups to users
2021-12-01 18:30:57 +01:00
lassulus
5d6bbe6797
brockman: add group
2021-12-01 18:29:24 +01:00
lassulus
cd367626d4
tinc_graphs: add groups
2021-12-01 18:28:26 +01:00
lassulus
c5ade4fdd6
realwallpaper: add group
2021-12-01 18:27:04 +01:00
lassulus
280ed594fb
htgen: generate group for every user
2021-12-01 18:11:58 +01:00
makefu
9301506249
Merge remote-tracking branch 'lass/master'
2021-12-01 11:21:09 +01:00
lassulus
b79f5ab97d
Merge remote-tracking branch 'ni/master'
2021-11-30 23:09:27 +01:00
Kierán Meinhardt
948584f291
external: kmein takes over graph.r
2021-11-30 22:09:06 +01:00
lassulus
8a0685d859
l: init tablet.r
2021-11-27 23:48:41 +01:00
lassulus
d71fe62fff
l prism.r: add jelly.r alias + proxy_pass
2021-11-27 23:47:15 +01:00
lassulus
ee59532c60
l prism.r: add internet ipv6 address
2021-11-27 23:45:26 +01:00
makefu
13c525e548
Merge remote-tracking branch 'mic/master'
2021-11-26 14:13:30 +01:00
makefu
463dc7ea67
Merge remote-tracking branch 'lass/master'
2021-11-26 14:12:34 +01:00
f1bca35b39
eve: drop ipv6
2021-11-26 10:36:23 +01:00
a87fa2d11d
mic92: add keller ed215519
2021-11-24 20:07:38 +01:00
makefu
44d45e7c2c
k/3/m: add arcadeomat
...
brain is also updated
2021-11-24 08:29:27 +01:00
Luis-Hebendanz
f2e83be6a3
qubasa: add kelle.r
2021-11-23 17:44:50 +01:00
db5c1b6659
mic92: add qubasa's public ed25519 key
2021-11-23 17:44:50 +01:00
Luis-Hebendanz
a0c5805e9e
qubasa: changed tinc pubkey
2021-11-23 17:44:50 +01:00
600f9cbe61
sauron: add ipv6
2021-11-23 17:44:50 +01:00
87b7045f53
mic92: add dns name to sandro's machine
2021-11-23 17:44:50 +01:00
a36a09931e
mic92: update eva's ip
2021-11-23 17:44:50 +01:00
2e2f5969ec
mic92: add public ipv6/ipv4 for ryan/graham
2021-11-23 17:44:50 +01:00
lassulus
ff9a042e70
l dishfire.r: revive with minimal config
2021-11-23 12:47:06 +01:00
lassulus
3d1544c785
Revert "l: rip dishfire.r"
...
This reverts commit 61e6552da3
.
2021-11-23 11:43:25 +01:00
tv
8f97f5e2e1
krebs zone-head-config: fix style
2021-11-21 20:39:28 +01:00
lassulus
b0f39ae34d
filebitch.r: define shack prefix
2021-11-14 17:15:17 +01:00
lassulus
ebc830a91f
puyak.r: define cores
2021-11-14 17:14:10 +01:00
lassulus
14e6157d30
l prism.r: add nets.internet.ip4.prefix
2021-11-08 19:59:03 +01:00
lassulus
4452b26816
Merge remote-tracking branch 'ni/master'
2021-11-08 09:06:57 +01:00
tv
d7f44debbd
exim: fix for manual
2021-11-08 05:14:49 +01:00
tv
6940c3ac83
htgen: fix for manual
2021-11-08 05:14:49 +01:00
tv
13a1eb3fc5
reaktor2: fix for manual
2021-11-08 05:14:49 +01:00
tv
07d9619956
github-hosts-sync: fix for manual
2021-11-08 05:14:49 +01:00
tv
29c59684a3
exim-smart-host: fix for manual
2021-11-08 05:14:49 +01:00
tv
ebd5fbbe05
buildbot: fix for manual
2021-11-08 05:14:49 +01:00
tv
c8c0f2597f
git: fix for manual
2021-11-08 05:14:49 +01:00
tv
96965e3578
rtorrent: fix for manual
2021-11-08 05:14:49 +01:00
tv
8e5dc749c5
shadow: fix for manual
2021-11-08 05:14:49 +01:00
tv
1247440a3d
tinc: fix for manual
2021-11-08 05:14:49 +01:00
tv
ae0c0de7f1
github-hosts-sync: fix for manual
2021-11-08 05:11:27 +01:00
tv
87f43a3be4
tinc_graphs: fix for manual
2021-11-08 05:11:27 +01:00
tv
551cfeadef
bepasty-server: fix for manual
2021-11-08 05:11:27 +01:00
tv
53f192125b
airdcpp: fix default hubs.*.Nick
2021-11-08 05:01:20 +01:00
tv
85604f02df
krebs.build.profile: fix type
2021-11-07 21:19:09 +01:00
lassulus
0e668121a1
git: set fcgiwrap group as maingroup
2021-11-05 14:35:03 +01:00
tv
2fccbc483d
github-known-hosts: update list
2021-11-04 14:22:01 +01:00
lassulus
9fd58eb162
l codimd: move to pad.lassul.us
2021-10-31 12:35:16 +01:00
xkey
e1fdb4728c
external: modify catalonia.r
2021-10-30 15:35:43 +02:00
lassulus
0f9c6ee738
news.r, puyak.r: use dynamic tinc port
2021-10-24 20:09:51 +02:00
lassulus
d8f72378dc
l domsen: add roundcube at mail.lassul.us
2021-10-24 20:03:16 +02:00
lassulus
6e61a2d9fc
sync-containers module: make chmod failsafe
2021-10-24 18:27:58 +02:00
lassulus
4fa8f74fc0
solanum: use upstream service
2021-10-24 18:25:51 +02:00