1775a0febc
hosts/plover: update Bind systemd service config
2023-10-14 14:05:14 +08:00
3ee04bb812
chore: reformat codebase
2023-10-09 20:48:01 +08:00
c35b72352e
hosts/plover: update Bind config generation
2023-10-08 03:26:07 +08:00
5f5dc2a14e
hosts/plover: add kTLS for various services
2023-10-03 15:52:42 +08:00
8e91973c70
config: add comments
2023-09-28 18:33:00 +08:00
4adc573fcf
hosts/plover: fix string interpolation for integer
2023-09-21 21:26:13 +08:00
b31cc58adc
hosts/plover: refactor bindings
2023-09-21 12:53:18 +08:00
c3ff202b84
hosts/plover: fix credentials permission for Bind service
2023-09-21 12:52:53 +08:00
0eb19acc40
hosts/plover: enable DNS-over-HTTPS for Bind server
2023-09-21 11:36:43 +08:00
eed4160b85
hosts/plover: reduce service capability
2023-09-20 11:04:45 +08:00
fbce914870
hosts/plover: cleanup Bind configuration
2023-09-19 23:45:30 +08:00
05895e11fa
hosts/plover: consolidate Bind config into configFile
2023-09-19 23:45:08 +08:00
eef1ff0b32
hosts/plover: update Bind service settings
2023-07-27 22:20:50 +08:00
9c2e3ee1bf
hosts/plover: fix Bind9 pre-start script
2023-07-27 10:25:06 +08:00
87de61fba8
hosts/plover: add Keybase verification key
2023-07-22 10:39:23 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
1e2d251e1d
hosts/plover: harden Bind systemd service
2023-06-28 00:19:06 +08:00
d98527c89b
hosts/plover: update Bind config for dynamic updates
2023-06-27 22:56:18 +08:00
eb1003f7e6
hosts/plover: change DNS server to Bind9
...
CoreDNS doesn't have dynamic updates available yet (though there are PRs
and discussions for it) so we'll have to go with something that has it.
Also, it provides an opportunity for me to use the de-facto software for
this.
2023-06-22 17:56:47 +08:00
