about summary refs log tree commit diff
path: root/machines/profpatsch/haku.nix
Commit message (Collapse)AuthorAgeFilesLines
* machines/haku: add lisanne againProfpatsch2019-08-281-1/+1
|
* machines/haku: custom portsProfpatsch2019-08-281-0/+3
|
* machines/haku: add lisanneProfpatsch2019-08-271-0/+1
|
* machines/haku: set up as VPN server with wireguardProfpatsch2019-05-311-5/+54
| | | | | | | | | | | | Generates a wireguard configuration based on https://nixos.wiki/wiki/Wireguard and sets up the iptables firewall in a way that only enables forwarding between `eth0` and the `wg` interfaces. The standard NixOS firewall configuration allows `FORWARD` between all interfaces, and `networking.nat.enable` enables the `ip_forward` rule in the kernel, meaning packages can suddenly hop interfaces without a firewall that `DROP`s forwards by default.
* machines/haku: open less ports in firewallProfpatsch2019-05-161-3/+2
|
* machines/haku: add wireguard kernel moduleProfpatsch2018-12-301-0/+3
|
* machines/haku: add Thomas’s ssh pubkey to vorstandProfpatsch2018-12-301-0/+1
|
* machines/profpatsch: clean up configsProfpatsch2018-12-221-11/+0
| | | | Remove unused packages and commented out stuff.
* machines/haku: serve lojbanistan.de faviconProfpatsch2018-10-201-1/+15
|
* machines/haku: set NIX_PATH similar to kataraProfpatsch2018-06-051-0/+12
|
* machines/haku: pass to v4 localhost warpspeed explicitelyProfpatsch2018-02-171-1/+1
| | | | | Apparently nginx resolves localhost to [::1] in a newer version by defaul, yet my static file server only binds to 127.0.0.1.
* machines/haku: coi doProfpatsch2018-02-101-1/+1
|
* machines/haku: enable auto upgradeProfpatsch2018-02-091-0/+6
|
* machines/haku: remove unused services/attack vectorsProfpatsch2018-02-091-29/+11
|
* machines/haku: Revert setting addSSL to trueaszlig2017-09-011-1/+0
| | | | | | | | | | | | | This reverts commit 0cfbc3bcd4be9ba3798f1752f82f6ea2d3aba650. Since NixOS/nixpkgs@ae9d311565d8c790900ebbc0976e447034930112 the addSSL option is now mutually exclusive to forceSSL. Turns out that this actually was a bug that got introduced in NixOS/nixpkgs@a912a6a291eaa5f6a2ad9143c9e276779c357a41. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Cc: @Profpatsch
* haku: add static vpn interfaceProfpatsch2017-09-011-0/+8
|
* machines/haku: add test mailinglistProfpatsch2017-09-011-1/+1
|
* machines/haku: Fix evaluation error for nginxaszlig2017-08-191-0/+1
| | | | | | | | In order to use forceSSL you now also need to use addSSL and there is an assertion now to check that since NixOS/nixpkgs@a912a6a291eaa5f6a2ad914. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Cc: @Profpatsch
* machines/haku: forgot the firewall exception for searxProfpatsch2017-07-101-1/+3
|
* machines/haku: move searx from katara to hakuProfpatsch2017-07-101-0/+5
|
* machines/haku: remove pub subdomain againProfpatsch2017-07-081-8/+3
| | | | | Apparently `enableACME` doesn’t generate certificates for the right subdomains if they are on the same machine in different virtual hosts.
* machines/haku: add a pub subdomainProfpatsch2017-07-081-3/+8
|
* machines/haku: fix warpspeed serviceProfpatsch2017-07-081-2/+2
|
* machines/haku: add correct port numberProfpatsch2017-07-081-0/+2
|
* machines/haku: refactor a bit to include into base server configProfpatsch2017-07-081-2/+23
| | | | | Until now, the config on the actual server was deviating because I changed it locally.
* machines/profpatsch: factor out basic server configProfpatsch2017-01-271-75/+60
|
* machines.profpatsch: add hakuProfpatsch2017-01-251-0/+99
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-08 23:51:18 +0000