7dacbe6963
chore: reformat codebase
2023-08-31 09:59:56 +08:00
1a74104845
hosts/plover: update Gitea files
2023-08-03 19:39:19 +08:00
3fc2d6dbc3
hosts: update system state version to 23.11
2023-08-03 13:29:00 +08:00
101f3771a1
hosts/plover: update Wezterm mux server configuration
2023-07-28 08:53:32 +08:00
eef1ff0b32
hosts/plover: update Bind service settings
2023-07-27 22:20:50 +08:00
0ae9b2033e
hosts/plover: update Gitea tmpfiles configuration
2023-07-27 13:36:19 +08:00
187b32e7bb
hosts/plover: update Wezterm mux server config
...
This should also fix the ACME certificate self-signed permissions error
since there is no `wezterm` group (or user). We're just using systemd's
dynamic user feature in our service.
2023-07-27 13:36:05 +08:00
92bb5b916c
hosts/plover: update foodogsquared.one DNS zone
2023-07-27 11:14:32 +08:00
760e1a3233
hosts/plover: fix Keycloak pre-start script
2023-07-27 10:25:32 +08:00
9c2e3ee1bf
hosts/plover: fix Bind9 pre-start script
2023-07-27 10:25:06 +08:00
9a47f44c4e
hosts/ni: add filesystem setup
2023-07-24 15:24:49 +08:00
87de61fba8
hosts/plover: add Keybase verification key
2023-07-22 10:39:23 +08:00
a2ab1f09a8
hosts/plover: fix Vaultwarden hardened service
2023-07-20 10:42:43 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
...
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
bc3d03ce9e
hosts/graphical-installer: reduce the config with the nixos-generators NixOS module
2023-07-16 18:17:35 +08:00
7a1bf68a34
hosts/bootstrap: reduce the config with nixos-generators NixOS module
2023-07-16 18:17:05 +08:00
2cc6d2bcb6
hosts/graphical-installer: update config
...
It should result in an overall smaller closure size.
2023-07-14 19:59:39 +08:00
5a57c1886b
hosts/bootstrap: update config
...
A little update which should result in a smaller closure size.
2023-07-14 19:59:21 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service
2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
66317b18bc
hosts/bootstrap: explicitly configure SSH daemon
2023-07-05 16:39:58 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
5fbd39adfc
hosts/ni: modularize Wireguard
...
I also added a conditional configuration for systemd-networkd and a
condition for the default which should be enabled when NetworkManager is
enabled. Ideally this should be the default when systemd-networkd is not
enabled but since they are the only network manager, we'll let it slide.
2023-07-05 11:40:40 +08:00
ba3af47cb5
hosts/ni: create system-wide nixpkgs config
2023-07-05 11:39:44 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
6bd59ccfd4
docs: update notes on Plover
2023-07-02 20:21:49 +08:00
c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
da24dd1214
hosts/ni: add fstrim service
2023-07-02 19:24:56 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
35ef89a312
hosts/plover: update Borg SSH key
2023-06-30 22:31:14 +08:00
f799b6dc1e
hosts/ni: remove doas
...
I'll just learn more about how to configure sudo properly then.
2023-06-30 14:30:59 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
9af237e242
hosts/ni: add disko device config
2023-06-30 13:38:22 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
c9440205cf
hosts/plover: update Vaultwarden admin token
2023-06-28 19:37:10 +08:00
94c94be9a4
hosts/plover: harden Vaultwarden service
2023-06-28 14:01:18 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
38321152f0
hosts/plover: remove CoreDNS module
...
Bind works well enough for now so no need for this service.
2023-06-28 09:12:56 +08:00
88c0c9aa75
hosts/plover: update service files to backup
2023-06-27 22:49:49 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
e76a881aee
hosts/plover: update Wireguard routing
2023-06-27 12:54:29 +08:00
4dcb82c72b
hosts/plover: update PostgreSQL cert config
2023-06-27 12:53:50 +08:00
1e2d251e1d
hosts/plover: harden Bind systemd service
2023-06-28 00:19:06 +08:00
