]> Git — Sourcephile - sourcephile-nix.git/log
sourcephile-nix.git
4 years agotor: improve type-checking and hardening (bis)
Julien Moutinho [Sun, 13 Sep 2020 17:55:57 +0000 (19:55 +0200)]
tor: improve type-checking and hardening (bis)

4 years agotor: improve type-checking and hardening
Julien Moutinho [Fri, 11 Sep 2020 07:29:38 +0000 (09:29 +0200)]
tor: improve type-checking and hardening

4 years agonftables: remote debugging ICMPv6 rule
Julien Moutinho [Tue, 8 Sep 2020 15:27:35 +0000 (17:27 +0200)]
nftables: remote debugging ICMPv6 rule

4 years agoknot: fix serial and gandi IPv6
Julien Moutinho [Tue, 8 Sep 2020 15:26:48 +0000 (17:26 +0200)]
knot: fix serial and gandi IPv6

4 years agonix: update to latest nixpkgs-unstable
Julien Moutinho [Tue, 8 Sep 2020 15:25:41 +0000 (17:25 +0200)]
nix: update to latest nixpkgs-unstable

4 years agonftables: fix biboumi IPv6 output
Julien Moutinho [Sun, 6 Sep 2020 17:29:18 +0000 (19:29 +0200)]
nftables: fix biboumi IPv6 output

4 years agonftables: retake at ICMPv6 and other stuffs
Julien Moutinho [Sun, 6 Sep 2020 15:43:20 +0000 (17:43 +0200)]
nftables: retake at ICMPv6 and other stuffs

4 years agotor: preparation
Julien Moutinho [Sat, 5 Sep 2020 06:23:00 +0000 (08:23 +0200)]
tor: preparation

4 years agonix: add a GC root for each machine
Julien Moutinho [Fri, 4 Sep 2020 00:47:09 +0000 (02:47 +0200)]
nix: add a GC root for each machine

4 years agonix: update remote patches
Julien Moutinho [Fri, 4 Sep 2020 00:46:34 +0000 (02:46 +0200)]
nix: update remote patches

4 years agonix: rename flakes to inputs
Julien Moutinho [Sun, 30 Aug 2020 00:51:35 +0000 (02:51 +0200)]
nix: rename flakes to inputs

4 years agozfs: allow sending backup from losurdo to mermet
Julien Moutinho [Sat, 29 Aug 2020 01:21:19 +0000 (03:21 +0200)]
zfs: allow sending backup from losurdo to mermet

4 years agonginx: sourcephile.fr: www: fix redirection
Julien Moutinho [Sat, 29 Aug 2020 00:58:56 +0000 (02:58 +0200)]
nginx: sourcephile.fr: www: fix redirection

4 years agozfs: increase zfs_arc_max to 1.5G
Julien Moutinho [Sat, 29 Aug 2020 00:53:05 +0000 (02:53 +0200)]
zfs: increase zfs_arc_max to 1.5G

4 years agonix: polish shell exports
Julien Moutinho [Thu, 27 Aug 2020 20:39:29 +0000 (22:39 +0200)]
nix: polish shell exports

4 years agonix: re-add smartctl-tbw to the environment
Julien Moutinho [Thu, 27 Aug 2020 16:33:58 +0000 (18:33 +0200)]
nix: re-add smartctl-tbw to the environment

4 years agosyncoid: use a dedicated backup user
Julien Moutinho [Thu, 27 Aug 2020 08:19:14 +0000 (10:19 +0200)]
syncoid: use a dedicated backup user

4 years agonix: fix minor things
Julien Moutinho [Thu, 27 Aug 2020 04:39:30 +0000 (06:39 +0200)]
nix: fix minor things

4 years agonix: polish flake.nix
Julien Moutinho [Thu, 27 Aug 2020 04:36:01 +0000 (06:36 +0200)]
nix: polish flake.nix

4 years agonftables: harden input checks on mermet
Julien Moutinho [Thu, 27 Aug 2020 04:32:01 +0000 (06:32 +0200)]
nftables: harden input checks on mermet

4 years agomalloc: disable unstable scudo hardening
Julien Moutinho [Wed, 26 Aug 2020 18:16:59 +0000 (20:16 +0200)]
malloc: disable unstable scudo hardening

4 years agonix: fix PASSWORD_STORE_DIR
Julien Moutinho [Wed, 26 Aug 2020 18:15:44 +0000 (20:15 +0200)]
nix: fix PASSWORD_STORE_DIR

4 years agonftables: harden input checks on losurdo
Julien Moutinho [Wed, 26 Aug 2020 01:23:05 +0000 (03:23 +0200)]
nftables: harden input checks on losurdo

4 years agodoc: explain tributes in naming the machines
Julien Moutinho [Tue, 25 Aug 2020 20:37:18 +0000 (22:37 +0200)]
doc: explain tributes in naming the machines

4 years agonix: disable fix for /etc/ld-nix.so.preload, too much rebuilds
Julien Moutinho [Tue, 25 Aug 2020 20:36:36 +0000 (22:36 +0200)]
nix: disable fix for /etc/ld-nix.so.preload, too much rebuilds

4 years agonix: fix /etc/ld-nix.so.preload sharing
Julien Moutinho [Tue, 25 Aug 2020 13:12:37 +0000 (15:12 +0200)]
nix: fix /etc/ld-nix.so.preload sharing

4 years agonix: update to latest nixpkgs-unstable
Julien Moutinho [Mon, 24 Aug 2020 23:49:59 +0000 (01:49 +0200)]
nix: update to latest nixpkgs-unstable

4 years agonix: remove old build rules
Julien Moutinho [Mon, 24 Aug 2020 22:02:14 +0000 (00:02 +0200)]
nix: remove old build rules

4 years agonix: remove pre-flake.nix residues
Julien Moutinho [Mon, 24 Aug 2020 21:53:13 +0000 (23:53 +0200)]
nix: remove pre-flake.nix residues

4 years agonix: remove no longer used nixpkgs/patches
Julien Moutinho [Mon, 24 Aug 2020 14:21:47 +0000 (16:21 +0200)]
nix: remove no longer used nixpkgs/patches

4 years agonix: move to flake.nix
Julien Moutinho [Thu, 13 Aug 2020 14:15:27 +0000 (16:15 +0200)]
nix: move to flake.nix

4 years agolosurdo: remove dependency on nix-plugins
Julien Moutinho [Thu, 13 Aug 2020 12:10:08 +0000 (14:10 +0200)]
losurdo: remove dependency on nix-plugins

4 years agonetworking: losurdo
Julien Moutinho [Thu, 13 Aug 2020 09:32:20 +0000 (11:32 +0200)]
networking: losurdo

4 years agodovecot: update fts_xapian
Julien Moutinho [Sun, 9 Aug 2020 04:34:40 +0000 (06:34 +0200)]
dovecot: update fts_xapian

4 years agobiboumi: add service
Julien Moutinho [Sat, 8 Aug 2020 05:41:18 +0000 (07:41 +0200)]
biboumi: add service

4 years agoprosody: wrap up coturn tests
Julien Moutinho [Wed, 5 Aug 2020 04:55:36 +0000 (06:55 +0200)]
prosody: wrap up coturn tests

4 years agoenvironment: add networking tools
Julien Moutinho [Wed, 5 Aug 2020 04:54:27 +0000 (06:54 +0200)]
environment: add networking tools

4 years agotransmission: fix service
Julien Moutinho [Wed, 5 Aug 2020 04:52:36 +0000 (06:52 +0200)]
transmission: fix service

4 years agoprosody: more tests of STUN
Julien Moutinho [Tue, 4 Aug 2020 05:40:29 +0000 (07:40 +0200)]
prosody: more tests of STUN

4 years agoprosody: fix configuration
Julien Moutinho [Mon, 3 Aug 2020 22:20:16 +0000 (00:20 +0200)]
prosody: fix configuration

4 years agoprosody: announce tmp.sourcephile.fr for HTTP uploads
Julien Moutinho [Mon, 3 Aug 2020 06:59:01 +0000 (08:59 +0200)]
prosody: announce tmp.sourcephile.fr for HTTP uploads

4 years agocoturn: install on mermet (for prosody)
Julien Moutinho [Mon, 3 Aug 2020 03:37:15 +0000 (05:37 +0200)]
coturn: install on mermet (for prosody)

4 years agoprosody: test on losurdo
Julien Moutinho [Sun, 2 Aug 2020 22:00:44 +0000 (00:00 +0200)]
prosody: test on losurdo

4 years agowireguard: improve initrd setup
Julien Moutinho [Sun, 2 Aug 2020 10:52:20 +0000 (12:52 +0200)]
wireguard: improve initrd setup

4 years agowireguard: setup in initrd
Julien Moutinho [Sun, 2 Aug 2020 05:38:15 +0000 (07:38 +0200)]
wireguard: setup in initrd

4 years agowireguard: setup intranet
Julien Moutinho [Sat, 1 Aug 2020 05:15:50 +0000 (07:15 +0200)]
wireguard: setup intranet

4 years agossh: add reverse ssh giving access to losurdo from mermet
Julien Moutinho [Fri, 31 Jul 2020 03:58:53 +0000 (05:58 +0200)]
ssh: add reverse ssh giving access to losurdo from mermet

4 years agonix: commit changes during work on services.transmission
Julien Moutinho [Fri, 31 Jul 2020 00:55:13 +0000 (02:55 +0200)]
nix: commit changes during work on services.transmission

4 years agonix: update nixpkgs/patches
Julien Moutinho [Fri, 24 Jul 2020 07:51:00 +0000 (09:51 +0200)]
nix: update nixpkgs/patches

4 years agonix: simplify the sending root's OpenPGP key
Julien Moutinho [Wed, 22 Jul 2020 13:26:32 +0000 (15:26 +0200)]
nix: simplify the sending root's OpenPGP key

4 years agonix: reorganize a few things
Julien Moutinho [Wed, 22 Jul 2020 02:18:42 +0000 (04:18 +0200)]
nix: reorganize a few things

4 years agonix: use nixpkgs/patches/ instead of nixos/modules/
Julien Moutinho [Tue, 21 Jul 2020 08:47:55 +0000 (10:47 +0200)]
nix: use nixpkgs/patches/ instead of nixos/modules/

4 years agonix: fix installation comments
Julien Moutinho [Tue, 21 Jul 2020 04:41:22 +0000 (06:41 +0200)]
nix: fix installation comments

4 years agonix: use nixpkgs/patches/wip.diff instead of nixpkgs/overlays.nix and nixos/modules.nix
Julien Moutinho [Tue, 21 Jul 2020 03:48:02 +0000 (05:48 +0200)]
nix: use nixpkgs/patches/wip.diff instead of nixpkgs/overlays.nix and nixos/modules.nix

4 years agonix: servers.nix -> machines.nix
Julien Moutinho [Tue, 21 Jul 2020 03:43:59 +0000 (05:43 +0200)]
nix: servers.nix -> machines.nix

4 years agotransmission: fix net.core.{r,w}mem_max
Julien Moutinho [Mon, 20 Jul 2020 06:32:47 +0000 (08:32 +0200)]
transmission: fix net.core.{r,w}mem_max

4 years agoapparmor: publich and use PR#93457
Julien Moutinho [Sun, 19 Jul 2020 04:16:36 +0000 (06:16 +0200)]
apparmor: publich and use PR#93457

4 years agoapparmor: remove references to Subdomain
Julien Moutinho [Fri, 17 Jul 2020 06:39:56 +0000 (08:39 +0200)]
apparmor: remove references to Subdomain

4 years agoapparmor: fix path
Julien Moutinho [Fri, 17 Jul 2020 05:35:10 +0000 (07:35 +0200)]
apparmor: fix path

4 years agonix: polish code
Julien Moutinho [Fri, 17 Jul 2020 04:20:28 +0000 (06:20 +0200)]
nix: polish code

4 years agoapparmor: improve the service
Julien Moutinho [Fri, 17 Jul 2020 04:19:58 +0000 (06:19 +0200)]
apparmor: improve the service

4 years agopostgresql: openconcerto: suppression base labascule
Julien Moutinho [Thu, 16 Jul 2020 15:15:42 +0000 (17:15 +0200)]
postgresql: openconcerto: suppression base labascule

4 years agopostgresql: allow pgadmin3 on openconcerto databases
Julien Moutinho [Thu, 16 Jul 2020 14:24:31 +0000 (16:24 +0200)]
postgresql: allow pgadmin3 on openconcerto databases

4 years agoapparmor: fix/rewrite security.apparmor
Julien Moutinho [Thu, 16 Jul 2020 04:24:09 +0000 (06:24 +0200)]
apparmor: fix/rewrite security.apparmor

4 years agonix: typo in comment
Julien Moutinho [Wed, 15 Jul 2020 21:07:51 +0000 (23:07 +0200)]
nix: typo in comment

4 years agopass: use builtins.dirOf
Julien Moutinho [Wed, 15 Jul 2020 12:35:38 +0000 (14:35 +0200)]
pass: use builtins.dirOf

4 years agonftables: open firewall from mermet to losurdo
Julien Moutinho [Wed, 15 Jul 2020 00:41:40 +0000 (02:41 +0200)]
nftables: open firewall from mermet to losurdo

4 years agonginx: fix auth_basic
Julien Moutinho [Wed, 15 Jul 2020 00:40:41 +0000 (02:40 +0200)]
nginx: fix auth_basic

4 years agotransmission: set more higher limits
Julien Moutinho [Wed, 15 Jul 2020 00:40:23 +0000 (02:40 +0200)]
transmission: set more higher limits

4 years agotransmission: more config
Julien Moutinho [Wed, 15 Jul 2020 00:13:48 +0000 (02:13 +0200)]
transmission: more config

4 years agosystemd: fix reload of services
Julien Moutinho [Wed, 15 Jul 2020 00:12:58 +0000 (02:12 +0200)]
systemd: fix reload of services

4 years agotransmission: fix and improve the hardening
Julien Moutinho [Wed, 15 Jul 2020 00:11:16 +0000 (02:11 +0200)]
transmission: fix and improve the hardening

4 years agotransmission: fix umask
Julien Moutinho [Fri, 10 Jul 2020 07:26:44 +0000 (09:26 +0200)]
transmission: fix umask

4 years agonginx: install on losurdo
Julien Moutinho [Fri, 10 Jul 2020 01:21:48 +0000 (03:21 +0200)]
nginx: install on losurdo

4 years agosanoid: add missing cleanup of remote backups
Julien Moutinho [Thu, 9 Jul 2020 22:31:11 +0000 (00:31 +0200)]
sanoid: add missing cleanup of remote backups

4 years agosanoid: cleanup
Julien Moutinho [Thu, 9 Jul 2020 02:34:44 +0000 (04:34 +0200)]
sanoid: cleanup

4 years agopostgresql: add openconcerto database labascule
Julien Moutinho [Wed, 8 Jul 2020 23:59:09 +0000 (01:59 +0200)]
postgresql: add openconcerto database labascule

4 years agoinitrd: fix SSH host key location
Julien Moutinho [Wed, 8 Jul 2020 17:23:36 +0000 (19:23 +0200)]
initrd: fix SSH host key location

4 years agofail2ban: update whitelist
Julien Moutinho [Tue, 7 Jul 2020 15:03:21 +0000 (17:03 +0200)]
fail2ban: update whitelist

4 years agokernel: set only vm.swappiness=10
Julien Moutinho [Tue, 7 Jul 2020 15:02:53 +0000 (17:02 +0200)]
kernel: set only vm.swappiness=10

4 years agonix: upgrade to latests nixos-unstable-small, fix boot.initrd.network.ssh.hostKeys
Julien Moutinho [Tue, 7 Jul 2020 13:25:24 +0000 (15:25 +0200)]
nix: upgrade to latests nixos-unstable-small, fix boot.initrd.network.ssh.hostKeys

4 years agopostgresql: allow pg_dump and tune for ZFS
Julien Moutinho [Tue, 7 Jul 2020 01:50:09 +0000 (03:50 +0200)]
postgresql: allow pg_dump and tune for ZFS

4 years agotransmission: improve the service
Julien Moutinho [Wed, 1 Jul 2020 13:40:58 +0000 (15:40 +0200)]
transmission: improve the service

4 years agonix: add julm to some meta.maintainers
Julien Moutinho [Mon, 29 Jun 2020 02:06:50 +0000 (04:06 +0200)]
nix: add julm to some meta.maintainers

4 years agotransmission: improve the service module
Julien Moutinho [Mon, 29 Jun 2020 01:56:48 +0000 (03:56 +0200)]
transmission: improve the service module

4 years agonix: update to latest nixos-unstable-small
Julien Moutinho [Fri, 26 Jun 2020 18:22:52 +0000 (20:22 +0200)]
nix: update to latest nixos-unstable-small

4 years agodovecot: silence error revealed by scudo, by disabling scudo
Julien Moutinho [Thu, 25 Jun 2020 17:07:22 +0000 (19:07 +0200)]
dovecot: silence error revealed by scudo, by disabling scudo

4 years agofail2ban: reduce findtime to reduce RAM footprint and startup time
Julien Moutinho [Wed, 24 Jun 2020 23:16:36 +0000 (01:16 +0200)]
fail2ban: reduce findtime to reduce RAM footprint and startup time

4 years agofail2ban: enable on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:46:50 +0000 (00:46 +0200)]
fail2ban: enable on mermet too

4 years agonix: use the hardened profile on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:36:12 +0000 (00:36 +0200)]
nix: use the hardened profile on mermet too

4 years agonftables: replace shorewall on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:18:43 +0000 (00:18 +0200)]
nftables: replace shorewall on mermet too

4 years agorspamd: use --no-block to avoid deadlocking services
Julien Moutinho [Wed, 24 Jun 2020 20:45:26 +0000 (22:45 +0200)]
rspamd: use --no-block to avoid deadlocking services

4 years agonix: deploy security.pass to mermet too
Julien Moutinho [Wed, 24 Jun 2020 18:50:04 +0000 (20:50 +0200)]
nix: deploy security.pass to mermet too

4 years agonix: security.pass re-add convenient postStart
Julien Moutinho [Wed, 24 Jun 2020 16:52:55 +0000 (18:52 +0200)]
nix: security.pass re-add convenient postStart

4 years agognupg: create remaining servers' key
Julien Moutinho [Wed, 24 Jun 2020 16:09:51 +0000 (18:09 +0200)]
gnupg: create remaining servers' key

4 years agonix: rename install to install.ssh-nixos
Julien Moutinho [Wed, 24 Jun 2020 15:52:30 +0000 (17:52 +0200)]
nix: rename install to install.ssh-nixos

4 years agonix: fix install and security.pass
Julien Moutinho [Wed, 24 Jun 2020 15:08:06 +0000 (17:08 +0200)]
nix: fix install and security.pass

4 years agonix: fix security.pass services
Julien Moutinho [Wed, 24 Jun 2020 01:36:55 +0000 (03:36 +0200)]
nix: fix security.pass services

4 years agonix: add module security.pass
Julien Moutinho [Tue, 23 Jun 2020 17:16:49 +0000 (19:16 +0200)]
nix: add module security.pass

4 years agopostgresql: log connections
Julien Moutinho [Sat, 20 Jun 2020 17:12:04 +0000 (19:12 +0200)]
postgresql: log connections