5a57c1886b
hosts/bootstrap: update config
...
A little update which should result in a smaller closure size.
2023-07-14 19:59:21 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service
2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
66317b18bc
hosts/bootstrap: explicitly configure SSH daemon
2023-07-05 16:39:58 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
5fbd39adfc
hosts/ni: modularize Wireguard
...
I also added a conditional configuration for systemd-networkd and a
condition for the default which should be enabled when NetworkManager is
enabled. Ideally this should be the default when systemd-networkd is not
enabled but since they are the only network manager, we'll let it slide.
2023-07-05 11:40:40 +08:00
ba3af47cb5
hosts/ni: create system-wide nixpkgs config
2023-07-05 11:39:44 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
6bd59ccfd4
docs: update notes on Plover
2023-07-02 20:21:49 +08:00
c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
da24dd1214
hosts/ni: add fstrim service
2023-07-02 19:24:56 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
35ef89a312
hosts/plover: update Borg SSH key
2023-06-30 22:31:14 +08:00
f799b6dc1e
hosts/ni: remove doas
...
I'll just learn more about how to configure sudo properly then.
2023-06-30 14:30:59 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
9af237e242
hosts/ni: add disko device config
2023-06-30 13:38:22 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
c9440205cf
hosts/plover: update Vaultwarden admin token
2023-06-28 19:37:10 +08:00
94c94be9a4
hosts/plover: harden Vaultwarden service
2023-06-28 14:01:18 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
38321152f0
hosts/plover: remove CoreDNS module
...
Bind works well enough for now so no need for this service.
2023-06-28 09:12:56 +08:00
88c0c9aa75
hosts/plover: update service files to backup
2023-06-27 22:49:49 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
e76a881aee
hosts/plover: update Wireguard routing
2023-06-27 12:54:29 +08:00
4dcb82c72b
hosts/plover: update PostgreSQL cert config
2023-06-27 12:53:50 +08:00
1e2d251e1d
hosts/plover: harden Bind systemd service
2023-06-28 00:19:06 +08:00
d98527c89b
hosts/plover: update Bind config for dynamic updates
2023-06-27 22:56:18 +08:00
dc01a2d2f1
hosts/graphical-installer: re-disable wireless module
...
I forgot why it's there. Now I remember. :)
2023-06-23 15:44:19 +08:00
c81038e609
hosts/graphical-installer: update config
2023-06-23 11:46:37 +08:00
218e5cd724
hosts/bootstrap: update config
2023-06-23 11:46:21 +08:00
36e2a817ae
hosts/plover: fix Wireguard firewall settings
2023-06-22 23:17:28 +08:00
482e90efaa
hosts/plover: update zone file to include self-hosted DNS server
2023-06-22 22:52:17 +08:00
2688064651
hosts/plover: add TLS support for PostgreSQL
2023-06-22 18:05:54 +08:00
ff3dd9d3f7
hosts/plover: update nameserver list
...
With the right configuration alongside systemd-resolved, it shouldn't be
much of a problem.
2023-06-22 18:03:21 +08:00
9cfe72a62c
docs: update Plover config notes
2023-06-22 18:02:23 +08:00
4b2777cda2
hosts/plover: change network attribute name
...
It is somewhat not great naming at first.
2023-06-22 18:01:19 +08:00
eb1003f7e6
hosts/plover: change DNS server to Bind9
...
CoreDNS doesn't have dynamic updates available yet (though there are PRs
and discussions for it) so we'll have to go with something that has it.
Also, it provides an opportunity for me to use the de-facto software for
this.
2023-06-22 17:56:47 +08:00
4022f9b43c
hosts/plover: open custom Atuin sync server
2023-06-22 11:12:58 +08:00
03ca6722e9
chore: reformat codebase
2023-06-22 11:12:43 +08:00
55eb4d8c0c
hosts/plover: initialize Terraform configuration
2023-06-22 11:06:43 +08:00
a0219f6260
hosts/plover: move GRUB config to Hetzner hardware config
2023-06-20 19:57:06 +08:00
5a8cdc5769
hosts/plover: disable DNSSEC
...
It's giving me trouble for now. Ideally, this should be configured with
the individual interfaces that is giving me the troubles.
2023-06-20 09:56:40 +08:00
57d897ac82
hosts/ni: update personal VPN config
2023-06-19 12:28:33 +08:00
