c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
94c94be9a4
hosts/plover: harden Vaultwarden service
2023-06-28 14:01:18 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
38321152f0
hosts/plover: remove CoreDNS module
...
Bind works well enough for now so no need for this service.
2023-06-28 09:12:56 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
e76a881aee
hosts/plover: update Wireguard routing
2023-06-27 12:54:29 +08:00
4dcb82c72b
hosts/plover: update PostgreSQL cert config
2023-06-27 12:53:50 +08:00
1e2d251e1d
hosts/plover: harden Bind systemd service
2023-06-28 00:19:06 +08:00
d98527c89b
hosts/plover: update Bind config for dynamic updates
2023-06-27 22:56:18 +08:00
36e2a817ae
hosts/plover: fix Wireguard firewall settings
2023-06-22 23:17:28 +08:00
2688064651
hosts/plover: add TLS support for PostgreSQL
2023-06-22 18:05:54 +08:00
4b2777cda2
hosts/plover: change network attribute name
...
It is somewhat not great naming at first.
2023-06-22 18:01:19 +08:00
eb1003f7e6
hosts/plover: change DNS server to Bind9
...
CoreDNS doesn't have dynamic updates available yet (though there are PRs
and discussions for it) so we'll have to go with something that has it.
Also, it provides an opportunity for me to use the de-facto software for
this.
2023-06-22 17:56:47 +08:00
4022f9b43c
hosts/plover: open custom Atuin sync server
2023-06-22 11:12:58 +08:00
a0219f6260
hosts/plover: move GRUB config to Hetzner hardware config
2023-06-20 19:57:06 +08:00
5a8cdc5769
hosts/plover: disable DNSSEC
...
It's giving me trouble for now. Ideally, this should be configured with
the individual interfaces that is giving me the troubles.
2023-06-20 09:56:40 +08:00
9ba11f0fa6
hosts/plover: update network interface settings
2023-06-13 13:32:41 +08:00
805ef47f70
hosts/plover: update Wireguard firewall rules
2023-06-13 13:20:00 +08:00
9f91d78294
hosts/plover: update DNS server with loopback device
2023-06-12 15:32:38 +08:00
5949475aee
hosts/plover: update Wireguard "server" configuration
2023-06-11 14:11:35 +08:00
bfb4837627
hosts/plover: update DNS server settings
2023-06-11 12:26:59 +08:00
271750f755
hosts/plover: improve network metadata
2023-06-11 12:26:02 +08:00
1bdda28ffe
chore: reformat codebase
2023-06-08 21:19:17 +08:00
ab8ab4921c
config: add more comments
2023-06-08 19:53:20 +08:00
29d990f33c
hosts/plover: improve firewall settings for Wireguard service
2023-06-08 19:52:29 +08:00
316602a35d
hosts/plover: update DNS server list for LAN interface
2023-06-08 19:51:38 +08:00
b9e05dd1fa
hosts/plover: update Gitea configuration
2023-05-02 12:34:24 +08:00
19db60aad2
hosts/ni: update zram setup
2023-02-25 10:02:43 +08:00
00e0258c2e
hosts/ni: update Gitea log level
2023-02-25 10:02:27 +08:00
36cda7bab2
hosts/plover: update networking blocks
2023-02-22 11:29:43 +08:00
41fd659453
hosts/plover: update DNS server setup
2023-02-22 11:28:59 +08:00
b3ce46ccf9
hosts/plover: update DNS zone and server configuration
2023-02-17 23:10:52 +08:00
2106292bbe
hosts/plover: add local area network to firewall
2023-02-14 11:01:29 +08:00
af9ddbe527
hosts/plover: update network metadata
2023-02-14 11:00:57 +08:00
d1bb54582d
hosts/plover: update LAN interface network config
2023-02-14 11:00:26 +08:00
60ab954c74
hosts/plover: update Wireguard "server" configuration
2023-02-13 09:51:30 +08:00
a0e0dc5870
hosts/plover: update Keycloak service locations
2023-02-13 09:50:50 +08:00
5e8c65b70e
hosts/plover: automate the admin creation on Gitea
2023-02-13 09:49:45 +08:00
fc7ec80933
hosts/plover: update foodogsquared.one DNS zone
2023-02-13 00:28:41 +08:00
0991e1a44d
hosts/plover: update firewall settings
...
Firewalls... the cause of most frustrations...
2023-02-11 15:21:18 +08:00
9b15f5f4dd
hosts/plover: update Wireguard setup
2023-02-10 23:45:11 +08:00
4c62274145
hosts/plover: update DNS-related configuration
2023-02-10 21:09:05 +08:00
7aca74924c
hosts/plover: improve DNS server configuration
2023-02-10 15:58:36 +08:00
cc4d62af9f
hosts/plover: update Portunus config
2023-02-10 10:15:14 +08:00
5ba2b6d846
hosts/plover: update Keycloak service config
2023-02-09 18:10:46 +08:00
1c609f5e95
chore: reformat the codebase
2023-02-09 14:51:22 +08:00
ae787f8fcc
config: update comments on config
2023-02-09 14:50:11 +08:00
9a07f06512
hosts/plover: update networking setup
2023-02-09 14:17:59 +08:00
f07aa33220
hosts/plover: update domain names for internal services
2023-02-08 19:05:23 +08:00
ac8d875c35
hosts/plover: properly configure WAN interface
2023-02-08 18:30:27 +08:00
93355b3c67
hosts/plover: add comments to various parts
2023-02-08 18:03:20 +08:00
f75c04eaa9
hosts/plover: replace dnsmasq with CoreDNS as DNS server
2023-02-08 18:00:35 +08:00
c508d7a30d
hosts/plover: update dump limit script
2023-02-07 09:47:01 +08:00
2d7abe51d4
hosts/plover: update nginx default server
2023-02-07 09:45:53 +08:00
46dac540c1
hosts/plover: comply services to PostgreSQL secure schema usage
2023-02-07 09:45:37 +08:00
27ee3feee6
hosts/plover: remove extra config for Atuin service
2023-02-06 22:01:01 +08:00
2ae9147a98
hosts/plover: update IP addresses
...
Decided to go with a new production-like run. Networking really stumps
over for the past days. :(
I'll eventually learn if I go with the simplest examples as I learn
along configuring an Ubuntu-based system in the meantime then translate
it to my NixOS config.
2023-02-06 19:33:24 +08:00
efdbc4c103
hosts: fix Wireguard DNS settings
2023-02-06 19:32:55 +08:00
12abc5146e
hosts/plover: update WAN interface network config
2023-02-06 19:30:51 +08:00
c8b55c278a
hosts: update Wireguard setup
2023-02-06 16:08:08 +08:00
213ecb8598
hosts/plover: remove OpenVPN module
...
The Wireguard setup is working quite nicely compared to the OpenVPN
thingy. It is not as much integrated as OpenVPN though.
2023-02-06 16:05:06 +08:00
0086448efa
hosts/plover: add internal DNS server
2023-02-06 16:00:56 +08:00
8429b280ce
hosts/plover: remove extra configuration
2023-02-05 16:28:18 +08:00
97b9a3ff10
hosts/plover: update networking setup
2023-02-05 11:45:06 +08:00
5679323209
hosts/plover: add gateway address to networking set
2023-01-29 12:49:04 +08:00
6c1ff358e2
hosts/plover: update Hetzner filesystem setup
2023-01-29 00:01:32 +08:00
d0720ee7b7
hosts: revise networking-related variables set
2023-01-26 13:10:15 +08:00
a386f99554
hosts: simplify networking set and update Wireguard setup
...
Currently, the networking set is very messy. It is better to contain
them into another attribute set and categorizing them by the interfaces
that is supposed to contain them. I should've done this some time ago.
2023-01-23 17:46:32 +08:00
fb5f2e277d
hosts/plover: simply Wireguard configuration code
2023-01-23 13:29:42 +08:00
657ee2098d
hosts/plover: update private network hosting for various applications
2023-01-23 00:30:08 +08:00
4b377e527a
hosts/plover: update networking and hardware setup
2023-01-23 00:20:24 +08:00
2283a7166c
hosts/plover: update nginx module
2023-01-21 23:58:17 +08:00
02eba75d63
hosts/plover: update services host configurations
...
We're making some of them completely on the private network. This way,
they can only be accessed once we're in a tunneling service like
Wireguard or OpenVPN.
2023-01-21 23:58:17 +08:00
1bb128401e
hosts/plover: update IPv6 address for main network interface
2023-01-21 09:02:11 +08:00
a7515f20eb
hosts/plover: fix string interpolation
2023-01-20 14:50:27 +08:00
33206698c0
hosts: update Wireguard network setup
2023-01-19 20:16:01 +08:00
5fab811812
hosts/plover: update networking setup
2023-01-19 20:12:14 +08:00
2ee3f755fd
hosts/plover: fix erroneous function
...
I haven't obviously tested the related changes since the server was down
at the time.
2023-01-19 07:57:26 +08:00
9b03f4d4aa
hosts/plover: simplify networking setup
...
It is simple anyways requiring only one of the ethernet interfaces to be
present to the global network while the rest can be in the local
network.
2023-01-18 20:29:16 +08:00
ceb821f2c0
hosts/plover: update Keycloak reverse proxy config
...
Now that a tunneling service is here, there's not much need to expose
the whole thing.
2023-01-18 20:24:49 +08:00
9a941dc543
hosts/plover: update Gitea mirroring interval
2023-01-18 20:18:40 +08:00
ecd8313011
hosts/plover: update routes to main router
2023-01-18 15:42:33 +08:00
04e460142a
chore: format the codebase
2023-01-18 11:41:12 +08:00
6bf2642ffc
hosts: add Wireguard services to related peers
...
Among other things, Plover now ignores certain IP for fail2ban. This is
for the VPN users that are placed in that range.
2023-01-17 21:34:54 +08:00
333adf0ce6
hosts/plover: update Gitea Asciidoctor markup to be embedded
2023-01-17 16:09:28 +08:00
002b65250c
hosts/plover: add default server to reverse proxy
2023-01-17 16:09:28 +08:00
6d9c43bafa
hosts/plover: initialize OpenVPN service
2023-01-17 16:09:28 +08:00
8e07223c97
hosts/plover: move into systemd-networkd for network setup
2023-01-17 16:09:28 +08:00
2e466e4561
hosts/plover: move hardware config to be hosting provider-specific
2023-01-15 14:39:44 +08:00
5341024d96
hosts/plover: update comments and systemd journal matches for fail2ban
2023-01-15 14:39:44 +08:00
6fe30acf2b
hosts/plover: fix formatting of files
2023-01-15 14:39:44 +08:00
02cfaaf362
hosts/plover: modularize PostgreSQL service
2023-01-15 14:39:44 +08:00
