56c0e245ca
hosts/plover: remove Portunus as LDAP server
...
It is also replaced with Kanidm (though read-only from its user store).
2023-09-28 18:48:17 +08:00
3d9351a99b
hosts/plover: delete Keycloak service entirely
...
It is now completely replaced with Kanidm.
2023-09-28 18:46:31 +08:00
8e91973c70
config: add comments
2023-09-28 18:33:00 +08:00
013f751ea4
hosts/plover: update DNS zone
2023-09-28 18:32:31 +08:00
862fd5a07a
hosts/plover: replace Keycloak with Kanidm as SSO application
2023-09-28 18:29:09 +08:00
4adc573fcf
hosts/plover: fix string interpolation for integer
2023-09-21 21:26:13 +08:00
b31cc58adc
hosts/plover: refactor bindings
2023-09-21 12:53:18 +08:00
c3ff202b84
hosts/plover: fix credentials permission for Bind service
2023-09-21 12:52:53 +08:00
7368027cdb
hosts/plover: add DH parameters for nginx
2023-09-21 11:37:09 +08:00
0eb19acc40
hosts/plover: enable DNS-over-HTTPS for Bind server
2023-09-21 11:36:43 +08:00
eed4160b85
hosts/plover: reduce service capability
2023-09-20 11:04:45 +08:00
fbce914870
hosts/plover: cleanup Bind configuration
2023-09-19 23:45:30 +08:00
05895e11fa
hosts/plover: consolidate Bind config into configFile
2023-09-19 23:45:08 +08:00
7dacbe6963
chore: reformat codebase
2023-08-31 09:59:56 +08:00
1a74104845
hosts/plover: update Gitea files
2023-08-03 19:39:19 +08:00
3fc2d6dbc3
hosts: update system state version to 23.11
2023-08-03 13:29:00 +08:00
101f3771a1
hosts/plover: update Wezterm mux server configuration
2023-07-28 08:53:32 +08:00
eef1ff0b32
hosts/plover: update Bind service settings
2023-07-27 22:20:50 +08:00
0ae9b2033e
hosts/plover: update Gitea tmpfiles configuration
2023-07-27 13:36:19 +08:00
187b32e7bb
hosts/plover: update Wezterm mux server config
...
This should also fix the ACME certificate self-signed permissions error
since there is no `wezterm` group (or user). We're just using systemd's
dynamic user feature in our service.
2023-07-27 13:36:05 +08:00
92bb5b916c
hosts/plover: update foodogsquared.one DNS zone
2023-07-27 11:14:32 +08:00
760e1a3233
hosts/plover: fix Keycloak pre-start script
2023-07-27 10:25:32 +08:00
9c2e3ee1bf
hosts/plover: fix Bind9 pre-start script
2023-07-27 10:25:06 +08:00
87de61fba8
hosts/plover: add Keybase verification key
2023-07-22 10:39:23 +08:00
a2ab1f09a8
hosts/plover: fix Vaultwarden hardened service
2023-07-20 10:42:43 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
...
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service
2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
6bd59ccfd4
docs: update notes on Plover
2023-07-02 20:21:49 +08:00
c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
35ef89a312
hosts/plover: update Borg SSH key
2023-06-30 22:31:14 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
c9440205cf
hosts/plover: update Vaultwarden admin token
2023-06-28 19:37:10 +08:00
94c94be9a4
hosts/plover: harden Vaultwarden service
2023-06-28 14:01:18 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
38321152f0
hosts/plover: remove CoreDNS module
...
Bind works well enough for now so no need for this service.
2023-06-28 09:12:56 +08:00
88c0c9aa75
hosts/plover: update service files to backup
2023-06-27 22:49:49 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
e76a881aee
hosts/plover: update Wireguard routing
2023-06-27 12:54:29 +08:00
