c9bedf128a
hosts/plover: update DNS zone file
2023-02-24 01:29:23 +08:00
36cda7bab2
hosts/plover: update networking blocks
2023-02-22 11:29:43 +08:00
41fd659453
hosts/plover: update DNS server setup
2023-02-22 11:28:59 +08:00
84b4e3be3e
hosts/ni: update systemd networking setup
2023-02-22 11:27:18 +08:00
b3ce46ccf9
hosts/plover: update DNS zone and server configuration
2023-02-17 23:10:52 +08:00
ff1927deb5
hosts/ni: update DNS routing for VPN internal network
2023-02-14 11:02:50 +08:00
e6b272c612
hosts/plover: update ACME client environment
2023-02-14 11:02:13 +08:00
2106292bbe
hosts/plover: add local area network to firewall
2023-02-14 11:01:29 +08:00
af9ddbe527
hosts/plover: update network metadata
2023-02-14 11:00:57 +08:00
d1bb54582d
hosts/plover: update LAN interface network config
2023-02-14 11:00:26 +08:00
0ae42d4251
hosts/plover: update hcloud cloud-config
2023-02-14 10:51:37 +08:00
a2407a75c4
hosts/plover: update DNS zone
2023-02-14 10:51:15 +08:00
539d9c0b48
docs: add more items in the Plover management guidelines
2023-02-13 15:39:19 +08:00
60ab954c74
hosts/plover: update Wireguard "server" configuration
2023-02-13 09:51:30 +08:00
a0e0dc5870
hosts/plover: update Keycloak service locations
2023-02-13 09:50:50 +08:00
5e8c65b70e
hosts/plover: automate the admin creation on Gitea
2023-02-13 09:49:45 +08:00
fc7ec80933
hosts/plover: update foodogsquared.one DNS zone
2023-02-13 00:28:41 +08:00
93863ff00c
hosts/ni: update host and user configuration
2023-02-11 15:21:50 +08:00
0991e1a44d
hosts/plover: update firewall settings
...
Firewalls... the cause of most frustrations...
2023-02-11 15:21:18 +08:00
8a81468456
hosts/plover: revert to Porkbun as the DNS provider
2023-02-11 11:19:13 +08:00
7edaec8b60
profiles/dev: add Wireshark
2023-02-11 09:01:31 +08:00
4b0dc93aba
hosts/plover: update DNS provider for ACME client
2023-02-10 23:45:22 +08:00
9b15f5f4dd
hosts/plover: update Wireguard setup
2023-02-10 23:45:11 +08:00
4c62274145
hosts/plover: update DNS-related configuration
2023-02-10 21:09:05 +08:00
7aca74924c
hosts/plover: improve DNS server configuration
2023-02-10 15:58:36 +08:00
cc4d62af9f
hosts/plover: update Portunus config
2023-02-10 10:15:14 +08:00
5ba2b6d846
hosts/plover: update Keycloak service config
2023-02-09 18:10:46 +08:00
b1427c1c9f
hosts/plover: update hcloud user data init script
2023-02-09 14:58:17 +08:00
1c609f5e95
chore: reformat the codebase
2023-02-09 14:51:22 +08:00
ae787f8fcc
config: update comments on config
2023-02-09 14:50:11 +08:00
45cb320725
docs: update networking guidelines
2023-02-09 14:18:10 +08:00
9a07f06512
hosts/plover: update networking setup
2023-02-09 14:17:59 +08:00
f07aa33220
hosts/plover: update domain names for internal services
2023-02-08 19:05:23 +08:00
ac8d875c35
hosts/plover: properly configure WAN interface
2023-02-08 18:30:27 +08:00
76b17d5beb
docs: update networking configuration notes for Plover
2023-02-08 18:03:35 +08:00
93355b3c67
hosts/plover: add comments to various parts
2023-02-08 18:03:20 +08:00
f75c04eaa9
hosts/plover: replace dnsmasq with CoreDNS as DNS server
2023-02-08 18:00:35 +08:00
c508d7a30d
hosts/plover: update dump limit script
2023-02-07 09:47:01 +08:00
2d7abe51d4
hosts/plover: update nginx default server
2023-02-07 09:45:53 +08:00
46dac540c1
hosts/plover: comply services to PostgreSQL secure schema usage
2023-02-07 09:45:37 +08:00
27ee3feee6
hosts/plover: remove extra config for Atuin service
2023-02-06 22:01:01 +08:00
2ae9147a98
hosts/plover: update IP addresses
...
Decided to go with a new production-like run. Networking really stumps
over for the past days. :(
I'll eventually learn if I go with the simplest examples as I learn
along configuring an Ubuntu-based system in the meantime then translate
it to my NixOS config.
2023-02-06 19:33:24 +08:00
efdbc4c103
hosts: fix Wireguard DNS settings
2023-02-06 19:32:55 +08:00
12abc5146e
hosts/plover: update WAN interface network config
2023-02-06 19:30:51 +08:00
102e216ae5
hosts/plover: enable firewall (again)
2023-02-06 16:09:09 +08:00
bb8714d4cc
docs: update networking setup for Hetzner Cloud deployment
2023-02-06 16:08:52 +08:00
c672357a34
hosts/ni: add cntr for debugging Nix builds
2023-02-06 16:08:19 +08:00
c8b55c278a
hosts: update Wireguard setup
2023-02-06 16:08:08 +08:00
213ecb8598
hosts/plover: remove OpenVPN module
...
The Wireguard setup is working quite nicely compared to the OpenVPN
thingy. It is not as much integrated as OpenVPN though.
2023-02-06 16:05:06 +08:00
0086448efa
hosts/plover: add internal DNS server
2023-02-06 16:00:56 +08:00
8429b280ce
hosts/plover: remove extra configuration
2023-02-05 16:28:18 +08:00
d12f1ea15f
hosts/ni: change Wireguard setup to wg-quick
2023-02-05 16:27:49 +08:00
97b9a3ff10
hosts/plover: update networking setup
2023-02-05 11:45:06 +08:00
b1925b99a6
hosts/ni: move bootloader code into hardware configuration
2023-02-06 21:19:56 +08:00
8a23bd7932
hosts/ni: modularize networking configuration
...
Re-added the setup with the traditional networking configuration since
I'm currently using GNOME which only integrates with NetworkManager
which is working alongside it.
systemd-networkd not being used at this point but I'm keeping it.
2023-01-31 16:48:10 +08:00
300aaa786b
hosts/ni: remove swh toolkit
2023-01-29 12:49:27 +08:00
5679323209
hosts/plover: add gateway address to networking set
2023-01-29 12:49:04 +08:00
6c1ff358e2
hosts/plover: update Hetzner filesystem setup
2023-01-29 00:01:32 +08:00
0ffc1a4078
hosts/ni: add decorative parts of the configuration
2023-01-26 13:11:32 +08:00
d0720ee7b7
hosts: revise networking-related variables set
2023-01-26 13:10:15 +08:00
00bbbd8135
hosts/ni: disable ldap service
...
Not yet familiar. Also causing me trouble with long login times since it
is also trying for all users in the system, it seems.
2023-01-24 11:08:02 +08:00
f17ad49352
docs: document the networking setup for Plover
2023-01-23 17:49:16 +08:00
a386f99554
hosts: simplify networking set and update Wireguard setup
...
Currently, the networking set is very messy. It is better to contain
them into another attribute set and categorizing them by the interfaces
that is supposed to contain them. I should've done this some time ago.
2023-01-23 17:46:32 +08:00
fb5f2e277d
hosts/plover: simply Wireguard configuration code
2023-01-23 13:29:42 +08:00
657ee2098d
hosts/plover: update private network hosting for various applications
2023-01-23 00:30:08 +08:00
4b377e527a
hosts/plover: update networking and hardware setup
2023-01-23 00:20:24 +08:00
1a6b5b6579
hosts/ni: update hardware configuration
2023-01-21 23:58:17 +08:00
2283a7166c
hosts/plover: update nginx module
2023-01-21 23:58:17 +08:00
02eba75d63
hosts/plover: update services host configurations
...
We're making some of them completely on the private network. This way,
they can only be accessed once we're in a tunneling service like
Wireguard or OpenVPN.
2023-01-21 23:58:17 +08:00
1bb128401e
hosts/plover: update IPv6 address for main network interface
2023-01-21 09:02:11 +08:00
382a5e6939
hosts/ni: fix IPv4 Wireguard address
2023-01-20 15:45:07 +08:00
665e72d105
hosts/ni: update networking setup
2023-01-20 14:51:11 +08:00
a7515f20eb
hosts/plover: fix string interpolation
2023-01-20 14:50:27 +08:00
5a0a18fa7e
hosts/ni: add wireguard-tools to system packages
2023-01-20 13:15:53 +08:00
33206698c0
hosts: update Wireguard network setup
2023-01-19 20:16:01 +08:00
5fab811812
hosts/plover: update networking setup
2023-01-19 20:12:14 +08:00
2ee3f755fd
hosts/plover: fix erroneous function
...
I haven't obviously tested the related changes since the server was down
at the time.
2023-01-19 07:57:26 +08:00
875c910e61
hosts/ni: add netboot.xyz bootloader entry
2023-01-19 00:37:43 +08:00
9b03f4d4aa
hosts/plover: simplify networking setup
...
It is simple anyways requiring only one of the ethernet interfaces to be
present to the global network while the rest can be in the local
network.
2023-01-18 20:29:16 +08:00
ceb821f2c0
hosts/plover: update Keycloak reverse proxy config
...
Now that a tunneling service is here, there's not much need to expose
the whole thing.
2023-01-18 20:24:49 +08:00
9a941dc543
hosts/plover: update Gitea mirroring interval
2023-01-18 20:18:40 +08:00
cdfe983969
docs: update "Deploying to Hetzner Cloud" section on Plover
2023-01-18 15:43:30 +08:00
ecd8313011
hosts/plover: update routes to main router
2023-01-18 15:42:33 +08:00
04e460142a
chore: format the codebase
2023-01-18 11:41:12 +08:00
f2cdf732cb
hosts/plover: disable firewall service
...
It's not working well for now. I'll have to make some tests with simpler
configurations (even though it's already simple?).
2023-01-18 11:10:40 +08:00
6ae080c68d
hosts/ni: enable nftables-based firewall
2023-01-18 11:10:31 +08:00
55547bddc7
hosts/ni: update LDAP-related settings
...
- Add OpenLDAP to the system packages.
- Fix the file permission for the LDAP password secret.
2023-01-18 11:10:11 +08:00
effdc8d927
hosts/plover: refactor secrets owner
2023-01-17 21:34:54 +08:00
00f5c34a92
docs: update the READMEs
2023-01-17 21:34:54 +08:00
6bf2642ffc
hosts: add Wireguard services to related peers
...
Among other things, Plover now ignores certain IP for fail2ban. This is
for the VPN users that are placed in that range.
2023-01-17 21:34:54 +08:00
c3a5778d3f
hosts/ni: convert to systemd-networkd for network config
...
I thought it is pretty neat. Also, I've created a bond interface for the
network devices.
2023-01-17 21:33:20 +08:00
333adf0ce6
hosts/plover: update Gitea Asciidoctor markup to be embedded
2023-01-17 16:09:28 +08:00
002b65250c
hosts/plover: add default server to reverse proxy
2023-01-17 16:09:28 +08:00
6d9c43bafa
hosts/plover: initialize OpenVPN service
2023-01-17 16:09:28 +08:00
8e07223c97
hosts/plover: move into systemd-networkd for network setup
2023-01-17 16:09:28 +08:00
2e466e4561
hosts/plover: move hardware config to be hosting provider-specific
2023-01-15 14:39:44 +08:00
62d220eb2d
docs: add deploying firewall and networking on Plover README
2023-01-15 14:39:44 +08:00
5341024d96
hosts/plover: update comments and systemd journal matches for fail2ban
2023-01-15 14:39:44 +08:00
7de5c14ef5
hosts/plover: move hcloud-related files into a dedicated folder
2023-01-15 14:39:44 +08:00
6fe30acf2b
hosts/plover: fix formatting of files
2023-01-15 14:39:44 +08:00
02cfaaf362
hosts/plover: modularize PostgreSQL service
2023-01-15 14:39:44 +08:00
8bd05bf2a3
hosts/plover: modularize config
2023-01-12 22:37:52 +08:00
14a6a94d8f
docs: update README for Plover
2023-01-12 22:03:03 +08:00
f3b3666c67
hosts/plover: update gitea-dump pre-start script
2023-01-12 22:03:03 +08:00
98e452c047
hosts/plover: add Portunus seed
...
This is for defining users and groups. Pretty handy feature.
2023-01-12 22:03:03 +08:00
d9e4dbcb52
hosts/plover: update fail2ban configuration
2023-01-12 22:03:03 +08:00
10fe6c33af
hosts/plover: update Gitea home template
2023-01-10 12:13:51 +08:00
a8b66b67ea
hosts/plover: update Gitea logo
2023-01-09 13:12:32 +08:00
7dc523903c
hosts/plover: create separate passwords for different repos
2023-01-07 17:19:45 +08:00
d9908d2d8c
hosts/plover: fix the borg jobs function
2023-01-07 16:58:47 +08:00
4c34a87366
chore: reformat codebase
2023-01-07 16:06:34 +08:00
d9e7f7c67e
hosts/plover: add the dedicated borg SSH public key
2023-01-07 14:43:07 +08:00
c9182102be
hosts/plover: separate borg repos for different jobs
...
Makes it easier to manage them repos.
2023-01-07 11:39:20 +08:00
85e1914025
config: replace Borgbase with Hetzner storage box for Borg repos
2023-01-07 10:52:31 +08:00
e9aa875c6a
hosts/plover: fix hcloud user data
2023-01-07 10:52:30 +08:00
90177118b0
hosts/plover: use nftables as firewall
2023-01-07 10:52:30 +08:00
e90a719ca8
hosts/plover: update hardware config according to Hetzner Cloud defaults
2023-01-07 10:52:30 +08:00
533995eb09
docs: update various READMEs
2023-01-07 10:52:30 +08:00
4359c4d579
hosts/plover: enable firewall for Hetzner Cloud config
2023-01-05 19:48:54 +08:00
a046192bca
hosts/plover: add pre-service script for atuin service
2023-01-05 19:48:41 +08:00
affd08e3c1
hosts/plover: add Atuin sync server
2023-01-05 12:52:57 +08:00
5d02976d2c
hosts/plover: correct Keycloak virtual host location
2023-01-05 12:36:58 +08:00
451cb4e72d
hosts/plover: update hardware configuration
2023-01-05 11:08:51 +08:00
15ad934550
hosts/plover: set hardware config for Hetzner Cloud
2023-01-05 10:56:35 +08:00
de3ad5978b
hosts/plover: add documentation for deploying into Hetzner Cloud
2023-01-04 22:12:52 +08:00
bbc177a4b7
hosts/plover: remove the extra filesystem device
2023-01-04 19:54:21 +08:00
e4701a3e03
hosts/plover: add bootloader settings
2023-01-04 19:53:44 +08:00
dd5ee00ae8
hosts/plover: update LDAP server with Portunus
2023-01-01 15:47:06 +08:00
a8f86a544f
hosts/ni: add LDAP service
2022-12-31 11:14:08 +08:00
b0d9ec560b
hosts/ni: update secrets code
2022-12-31 11:13:27 +08:00
8c57eea6bb
hosts/plover: update OpenLDAP config
2022-12-29 10:26:31 +08:00
f789e85fcc
hosts/plover: add LDAP server to reverse proxy
2022-12-29 10:26:15 +08:00
bdf862cc91
hosts/plover: fix reverse proxy routes
2022-12-29 10:25:53 +08:00
aacfb1d091
hosts/plover: update README
2022-12-28 14:10:16 +08:00
14f190904f
hosts/plover: format code
2022-12-28 14:10:07 +08:00
fcd8bde8dc
hosts/plover: update Keycloak paths in reverse proxy
2022-12-28 14:09:33 +08:00
15722347eb
hosts/plover: add periodic cleanup to Gitea dumps
2022-12-28 14:09:33 +08:00
c92077380b
hosts/plover: refactor code
2022-12-28 14:09:33 +08:00
7b5c25bf18
hosts/plover: add LDAP server
2022-12-28 14:09:33 +08:00
85545ad810
hosts/plover: update Keycloak and Postgres config
2022-12-22 13:58:20 +08:00
7652bae7ed
hosts/plover: update Keycloak config
2022-12-19 20:31:01 +08:00
8c50ad93da
hosts/plover: refactor with subdomains
2022-12-19 20:30:30 +08:00
9f4d0e470c
hosts/plover: update Keycloak config
2022-12-17 22:23:36 +08:00
c008debd74
hosts/plover: disable PostgreSQL SSL mode
2022-12-17 22:23:11 +08:00
138fb25e8f
hosts/plover: update nginx config
2022-12-17 11:17:31 +08:00
59461cc416
config: refactor BorgBackup service
2022-12-17 11:17:31 +08:00
c54f8d7059
hosts/plover: refactor config
2022-12-17 11:17:31 +08:00
8021cb270e
hosts/plover: reformat code
2022-12-13 08:33:51 +08:00
6c02598f35
hosts/plover: add Keycloak service
2022-12-13 08:33:51 +08:00
502fd34ead
hosts/plover: enable SSL mode for PostgreSQL
2022-12-13 08:33:51 +08:00
