fb5f2e277d
hosts/plover: simply Wireguard configuration code
2023-01-23 13:29:42 +08:00
657ee2098d
hosts/plover: update private network hosting for various applications
2023-01-23 00:30:08 +08:00
4b377e527a
hosts/plover: update networking and hardware setup
2023-01-23 00:20:24 +08:00
1a6b5b6579
hosts/ni: update hardware configuration
2023-01-21 23:58:17 +08:00
2283a7166c
hosts/plover: update nginx module
2023-01-21 23:58:17 +08:00
02eba75d63
hosts/plover: update services host configurations
...
We're making some of them completely on the private network. This way,
they can only be accessed once we're in a tunneling service like
Wireguard or OpenVPN.
2023-01-21 23:58:17 +08:00
1bb128401e
hosts/plover: update IPv6 address for main network interface
2023-01-21 09:02:11 +08:00
382a5e6939
hosts/ni: fix IPv4 Wireguard address
2023-01-20 15:45:07 +08:00
665e72d105
hosts/ni: update networking setup
2023-01-20 14:51:11 +08:00
a7515f20eb
hosts/plover: fix string interpolation
2023-01-20 14:50:27 +08:00
d6fa557433
users/foo-dogsquared: update other SSH public key
2023-01-20 14:16:57 +08:00
5a0a18fa7e
hosts/ni: add wireguard-tools to system packages
2023-01-20 13:15:53 +08:00
1fd834d2f0
profiles/dev: add applications and fix weekly upgrade service
2023-01-19 20:32:25 +08:00
33206698c0
hosts: update Wireguard network setup
2023-01-19 20:16:01 +08:00
5fab811812
hosts/plover: update networking setup
2023-01-19 20:12:14 +08:00
2ee3f755fd
hosts/plover: fix erroneous function
...
I haven't obviously tested the related changes since the server was down
at the time.
2023-01-19 07:57:26 +08:00
875c910e61
hosts/ni: add netboot.xyz bootloader entry
2023-01-19 00:37:43 +08:00
9b03f4d4aa
hosts/plover: simplify networking setup
...
It is simple anyways requiring only one of the ethernet interfaces to be
present to the global network while the rest can be in the local
network.
2023-01-18 20:29:16 +08:00
ceb821f2c0
hosts/plover: update Keycloak reverse proxy config
...
Now that a tunneling service is here, there's not much need to expose
the whole thing.
2023-01-18 20:24:49 +08:00
9a941dc543
hosts/plover: update Gitea mirroring interval
2023-01-18 20:18:40 +08:00
e26831b756
tasks/backup-archive: update private key
2023-01-18 20:18:22 +08:00
d6d461a098
flake.nix: update override value on intended hostname
...
It pretty much causes every host to have the name the default hostname
which I forgot the default value has a stronger override value.
2023-01-18 17:47:45 +08:00
cdfe983969
docs: update "Deploying to Hetzner Cloud" section on Plover
2023-01-18 15:43:30 +08:00
ecd8313011
hosts/plover: update routes to main router
2023-01-18 15:42:33 +08:00
04e460142a
chore: format the codebase
2023-01-18 11:41:12 +08:00
f2cdf732cb
hosts/plover: disable firewall service
...
It's not working well for now. I'll have to make some tests with simpler
configurations (even though it's already simple?).
2023-01-18 11:10:40 +08:00
6ae080c68d
hosts/ni: enable nftables-based firewall
2023-01-18 11:10:31 +08:00
55547bddc7
hosts/ni: update LDAP-related settings
...
- Add OpenLDAP to the system packages.
- Fix the file permission for the LDAP password secret.
2023-01-18 11:10:11 +08:00
cfc99cef4c
users/plover: add inetutils and iputils to package list
2023-01-17 21:50:00 +08:00
effdc8d927
hosts/plover: refactor secrets owner
2023-01-17 21:34:54 +08:00
58d5c8c15c
secrets/backup-archive: update borg remote-backup patterns
2023-01-17 21:34:54 +08:00
92c69f9161
flake.nix: update flake inputs
...
- Added stable branch for nixpkgs. This is for the preparation of
facilitating creating hosts that is more maintainable with stable
branches (like servers, for example).
- Update nixpkgs URL for Neovim overlay. The workaround is based from
the following link at
https://github.com/nix-community/neovim-nightly-overlay/issues/164#issuecomment-1377562202
2023-01-17 21:34:54 +08:00
093271368f
themes/a-happy-gnome: update "Burn my Windows" settings
...
I'm a sucker for these subtle window effects.
2023-01-17 21:34:54 +08:00
00f5c34a92
docs: update the READMEs
2023-01-17 21:34:54 +08:00
df6e209723
profiles/dev: add more applications to shell submodule
2023-01-17 21:34:54 +08:00
6bf2642ffc
hosts: add Wireguard services to related peers
...
Among other things, Plover now ignores certain IP for fail2ban. This is
for the VPN users that are placed in that range.
2023-01-17 21:34:54 +08:00
c3a5778d3f
hosts/ni: convert to systemd-networkd for network config
...
I thought it is pretty neat. Also, I've created a bond interface for the
network devices.
2023-01-17 21:33:20 +08:00
333adf0ce6
hosts/plover: update Gitea Asciidoctor markup to be embedded
2023-01-17 16:09:28 +08:00
002b65250c
hosts/plover: add default server to reverse proxy
2023-01-17 16:09:28 +08:00
6d9c43bafa
hosts/plover: initialize OpenVPN service
2023-01-17 16:09:28 +08:00
8e07223c97
hosts/plover: move into systemd-networkd for network setup
2023-01-17 16:09:28 +08:00
708ed8137c
flake.lock: update inputs
...
Flake lock file updates:
• Updated input 'emacs-overlay':
'github:nix-community/emacs-overlay/fcce0d8df02b4657ed413cf9991a0d81852569de' (2023-01-06)
→ 'github:nix-community/emacs-overlay/3f8a6e839a1574631e135a34c53e5e58ae81bd8e' (2023-01-15)
• Updated input 'helix-editor':
'github:helix-editor/helix/0dbee9590baed10bef3c6c32420b8a5802204657' (2023-01-03)
→ 'github:helix-editor/helix/b6331394a3f341ad21f8fad3e6e0b93becda9ce5' (2023-01-13)
• Updated input 'home-manager':
'github:nix-community/home-manager/3ecd5305a41b6dd87f6cdf8cfe83ac07bdc47a0f' (2023-01-05)
→ 'github:nix-community/home-manager/2827b5306462d91edec16a3d069b2d6e54c3079f' (2023-01-14)
• Updated input 'neovim-nightly-overlay':
'github:nix-community/neovim-nightly-overlay/eec74e8a886540dd44ac6564fbbafef88649d514' (2023-01-05)
→ 'github:nix-community/neovim-nightly-overlay/fd8e5953cfeada345d7daeedce6ab0919f1284d4' (2023-01-15)
• Updated input 'neovim-nightly-overlay/neovim-flake':
'github:neovim/neovim/ae64772a88125153a438a0e9e43d5f6bcb4eeb28?dir=contrib' (2023-01-04)
→ 'github:neovim/neovim/6134c1e8a39a5e61d0593613343a5923a86e3545?dir=contrib' (2023-01-15)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/9813adc7f7c0edd738c6bdd8431439688bb0cb3d' (2023-01-04)
→ 'github:NixOS/nixpkgs/befc83905c965adfd33e5cae49acb0351f6e0404' (2023-01-13)
• Updated input 'nur':
'github:nix-community/NUR/f26476709bd7b81c6baaa92630fa9793f047f595' (2023-01-06)
→ 'github:nix-community/NUR/0d9214b8db66df7d3dac2725abb891d80938e921' (2023-01-15)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/9096306d4a1c3adcc8d20f2c9dcaee3dee30d1ad' (2023-01-06)
→ 'github:oxalica/rust-overlay/aab6eb2dfc7a1e42d94b6f24ef13639ff8544af4' (2023-01-15)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
→ 'github:Mic92/sops-nix/e18eefd2b133a58309475298052c341c08470717' (2023-01-15)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
→ 'github:NixOS/nixpkgs/7c65528c3f8462b902e09d1ccca23bb9034665c2' (2023-01-15)
2023-01-15 17:10:34 +08:00
ca2d818411
docs: add section for things should be absent in the project README
2023-01-15 14:39:44 +08:00
83aaea863e
gnome-shell-extension-burn-my-windows: 21 -> 24
2023-01-15 14:39:44 +08:00
2e466e4561
hosts/plover: move hardware config to be hosting provider-specific
2023-01-15 14:39:44 +08:00
62d220eb2d
docs: add deploying firewall and networking on Plover README
2023-01-15 14:39:44 +08:00
5341024d96
hosts/plover: update comments and systemd journal matches for fail2ban
2023-01-15 14:39:44 +08:00
7de5c14ef5
hosts/plover: move hcloud-related files into a dedicated folder
2023-01-15 14:39:44 +08:00
2f34656ee7
ci: separate checking outputs from building them
2023-01-15 14:39:44 +08:00
6fe30acf2b
hosts/plover: fix formatting of files
2023-01-15 14:39:44 +08:00
