1d1cb991ea
hosts/plover: set Nix package
2023-12-18 18:04:43 +08:00
f53ac7e8b9
hosts/plover: restructure host-specific profiles
2023-12-11 19:37:27 +08:00
9762042848
hosts/plover: try out host-specific module structure
2023-12-11 16:30:00 +08:00
71640c761c
hosts/plover: add Mosh into the installation
2023-11-06 20:37:08 +08:00
3c5e34865b
hosts/plover: modularize BorgBackup service
2023-11-06 16:59:20 +08:00
97916aaa05
hosts/plover: init Prometheus monitoring daemon
2023-10-08 03:28:35 +08:00
6ec18948b5
hosts/plover: init Vouch proxy server
2023-10-08 03:28:14 +08:00
0eadf55fd5
hosts/plover: init Grafana server
2023-10-08 03:27:47 +08:00
24b70bf04a
hosts/plover: change backup schedule to daily
2023-10-04 13:28:43 +08:00
c410ece05a
treewide: remove options attribute for modules
2023-10-02 14:26:11 +08:00
56c0e245ca
hosts/plover: remove Portunus as LDAP server
...
It is also replaced with Kanidm (though read-only from its user store).
2023-09-28 18:48:17 +08:00
862fd5a07a
hosts/plover: replace Keycloak with Kanidm as SSO application
2023-09-28 18:29:09 +08:00
3fc2d6dbc3
hosts: update system state version to 23.11
2023-08-03 13:29:00 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
...
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
88c0c9aa75
hosts/plover: update service files to backup
2023-06-27 22:49:49 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
d98527c89b
hosts/plover: update Bind config for dynamic updates
2023-06-27 22:56:18 +08:00
ff3dd9d3f7
hosts/plover: update nameserver list
...
With the right configuration alongside systemd-resolved, it shouldn't be
much of a problem.
2023-06-22 18:03:21 +08:00
eb1003f7e6
hosts/plover: change DNS server to Bind9
...
CoreDNS doesn't have dynamic updates available yet (though there are PRs
and discussions for it) so we'll have to go with something that has it.
Also, it provides an opportunity for me to use the de-facto software for
this.
2023-06-22 17:56:47 +08:00
a0219f6260
hosts/plover: move GRUB config to Hetzner hardware config
2023-06-20 19:57:06 +08:00
753699869e
hosts/plover: update nameserver list
2023-06-13 13:33:36 +08:00
c066f85fc2
hosts/plover: update to NixOS 23.05
2023-05-15 22:13:51 +08:00
8a81468456
hosts/plover: revert to Porkbun as the DNS provider
2023-02-11 11:19:13 +08:00
4b0dc93aba
hosts/plover: update DNS provider for ACME client
2023-02-10 23:45:22 +08:00
4c62274145
hosts/plover: update DNS-related configuration
2023-02-10 21:09:05 +08:00
9a07f06512
hosts/plover: update networking setup
2023-02-09 14:17:59 +08:00
93355b3c67
hosts/plover: add comments to various parts
2023-02-08 18:03:20 +08:00
f75c04eaa9
hosts/plover: replace dnsmasq with CoreDNS as DNS server
2023-02-08 18:00:35 +08:00
102e216ae5
hosts/plover: enable firewall (again)
2023-02-06 16:09:09 +08:00
0086448efa
hosts/plover: add internal DNS server
2023-02-06 16:00:56 +08:00
d0720ee7b7
hosts: revise networking-related variables set
2023-01-26 13:10:15 +08:00
2283a7166c
hosts/plover: update nginx module
2023-01-21 23:58:17 +08:00
f2cdf732cb
hosts/plover: disable firewall service
...
It's not working well for now. I'll have to make some tests with simpler
configurations (even though it's already simple?).
2023-01-18 11:10:40 +08:00
effdc8d927
hosts/plover: refactor secrets owner
2023-01-17 21:34:54 +08:00
6bf2642ffc
hosts: add Wireguard services to related peers
...
Among other things, Plover now ignores certain IP for fail2ban. This is
for the VPN users that are placed in that range.
2023-01-17 21:34:54 +08:00
6d9c43bafa
hosts/plover: initialize OpenVPN service
2023-01-17 16:09:28 +08:00
2e466e4561
hosts/plover: move hardware config to be hosting provider-specific
2023-01-15 14:39:44 +08:00
02cfaaf362
hosts/plover: modularize PostgreSQL service
2023-01-15 14:39:44 +08:00
8bd05bf2a3
hosts/plover: modularize config
2023-01-12 22:37:52 +08:00
f3b3666c67
hosts/plover: update gitea-dump pre-start script
2023-01-12 22:03:03 +08:00
98e452c047
hosts/plover: add Portunus seed
...
This is for defining users and groups. Pretty handy feature.
2023-01-12 22:03:03 +08:00
d9e4dbcb52
hosts/plover: update fail2ban configuration
2023-01-12 22:03:03 +08:00
7dc523903c
hosts/plover: create separate passwords for different repos
2023-01-07 17:19:45 +08:00
d9908d2d8c
hosts/plover: fix the borg jobs function
2023-01-07 16:58:47 +08:00
