Motiejus Jakštys
|
70e5230611
|
system users: use /bin/sh
Just learned about "bash security issue" when reading about rrsync.
|
2023-09-23 22:46:14 +03:00 |
Motiejus Jakštys
|
3b1d1b439f
|
more formatting
|
2023-09-23 22:29:50 +03:00 |
Motiejus Jakštys
|
92f69eabfa
|
nsd-acme: optionalString
|
2023-09-23 22:28:27 +03:00 |
Motiejus Jakštys
|
46155b9cb8
|
cfg cosmetics
|
2023-09-23 22:25:58 +03:00 |
Motiejus Jakštys
|
397fcd4a44
|
jakstpub: nicer smb settings
|
2023-09-22 10:14:10 +03:00 |
Motiejus Jakštys
|
9c1bfd1b24
|
add a share for snapshots
|
2023-09-22 10:06:04 +03:00 |
Motiejus Jakštys
|
0507fb3328
|
deployerbot and backups: move time around so they don't ovelap
|
2023-09-21 06:55:17 +03:00 |
Motiejus Jakštys
|
21e96199bb
|
deployerbot: use vpn for actual deploying anyway
|
2023-09-20 14:43:04 +03:00 |
Motiejus Jakštys
|
4973a1cdd4
|
deployerbot: fwminex allows vno1
|
2023-09-18 20:49:17 +03:00 |
Motiejus Jakštys
|
ceb7fe191e
|
ping
|
2023-09-18 20:32:22 +03:00 |
Motiejus Jakštys
|
5a5ffd6f00
|
upgrading fwminex too
|
2023-09-18 19:50:24 +03:00 |
Motiejus Jakštys
|
c822cc95c2
|
node_exporter: enable on vno1 subnet
|
2023-09-18 19:29:27 +03:00 |
Motiejus Jakštys
|
40a1edb925
|
syncthing: do not share books with mxp10
|
2023-09-18 13:31:32 +03:00 |
Motiejus Jakštys
|
4740904244
|
syncthing host missing
|
2023-09-18 12:48:22 +03:00 |
Motiejus Jakštys
|
5a1745b6d9
|
add some hosts
|
2023-09-18 12:47:51 +03:00 |
Motiejus Jakštys
|
0802e17eb1
|
nix fmt
|
2023-09-18 12:46:46 +03:00 |
Motiejus Jakštys
|
031e85fa82
|
syncthing: more folders
|
2023-09-18 12:44:09 +03:00 |
Motiejus Jakštys
|
e6a47f4420
|
syncthing: a few more folders
|
2023-09-18 12:38:17 +03:00 |
Motiejus Jakštys
|
52b1aa4450
|
syncthing: starting abstractions
|
2023-09-18 12:13:45 +03:00 |
Motiejus Jakštys
|
a9ec83c732
|
fwminex: start syncthing
|
2023-09-18 12:07:41 +03:00 |
Motiejus Jakštys
|
c84d618d97
|
jakstpub: fix a caddy error
|
2023-09-17 22:31:12 +03:00 |
Motiejus Jakštys
|
ed8c51b45c
|
syntax nitpicking
|
2023-09-17 22:16:11 +03:00 |
Motiejus Jakštys
|
f38fd993d3
|
jakstpub: open up http
|
2023-09-17 22:13:33 +03:00 |
Motiejus Jakštys
|
0f9aa4ed0d
|
deploy-rs: remove --
|
2023-09-16 10:04:48 +03:00 |
Motiejus Jakštys
|
a5d8ba9cdf
|
deploy-rs: fix typo
|
2023-09-16 09:35:12 +03:00 |
Motiejus Jakštys
|
fb4b54b24b
|
deployerbot: use deploy-rs directly
|
2023-09-16 08:56:22 +03:00 |
Motiejus Jakštys
|
b38c4013e7
|
cosmetics: quoting
it's fine, there is overrides.conf
|
2023-09-14 15:15:27 +03:00 |
Motiejus Jakštys
|
b73f671bc0
|
silenceLogs is not picked up
Result:
$ cat result/etc/systemd/system/tailscaled.service
[Unit]
Description=Tailscale node agent
Documentation=https://tailscale.com/kb/
Wants=network-pre.target
After=network-pre.target NetworkManager.service systemd-resolved.service
[Service]
ExecStartPre=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
ExecStart=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=
ExecStopPost=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
Restart=on-failure
RuntimeDirectory=tailscale
RuntimeDirectoryMode=0755
StateDirectory=tailscale
StateDirectoryMode=0700
CacheDirectory=tailscale
CacheDirectoryMode=0750
Type=notify
[Install]
WantedBy=multi-user.target
|
2023-09-14 15:10:18 +03:00 |
Motiejus Jakštys
|
76c07129f3
|
re-add ()
|
2023-09-14 14:51:36 +03:00 |
Motiejus Jakštys
|
fb3c39d7dc
|
re-enable tailscale, oops
|
2023-09-14 14:48:54 +03:00 |
Motiejus Jakštys
|
9eb8147660
|
tailscale: silence logs on some machines
|
2023-09-14 14:37:55 +03:00 |
Motiejus Jakštys
|
553cda8fc7
|
vno1-rp3b: enable vno3
|
2023-09-14 13:23:04 +03:00 |
Motiejus Jakštys
|
85917635fd
|
sshguard is now optional
|
2023-09-14 06:41:16 +03:00 |
Motiejus Jakštys
|
e12e139128
|
samba: make file/dir masks a bit more restrictive
|
2023-09-13 09:00:28 +03:00 |
Motiejus Jakštys
|
4f152205ce
|
samba: log level = 0
|
2023-09-12 23:27:23 +03:00 |
Motiejus Jakštys
|
bef137b967
|
wsdd: specify existing hostname
|
2023-09-12 23:18:46 +03:00 |
Motiejus Jakštys
|
53ce3910aa
|
replace nmbd with wsdd
https://askubuntu.com/questions/661611/make-samba-share-visible-in-windows-network
|
2023-09-12 23:10:59 +03:00 |
Motiejus Jakštys
|
e45573c8a6
|
fix samba config
works!
|
2023-09-12 22:55:17 +03:00 |
Motiejus Jakštys
|
4f45d605e1
|
vno1-rp3b: some attempts at samba
|
2023-09-12 17:44:17 +03:00 |
Motiejus Jakštys
|
7891663a65
|
jakstpub: change home dir to /var/empty
|
2023-09-12 17:27:11 +03:00 |
Motiejus Jakštys
|
2dd8cda85a
|
open up samba
|
2023-09-12 16:08:32 +03:00 |
Motiejus Jakštys
|
e61944dfde
|
rewrite firewall rules
|
2023-09-12 15:46:44 +03:00 |
Motiejus Jakštys
|
2b5b9bc57f
|
samba some progress
|
2023-09-12 13:31:46 +03:00 |
Motiejus Jakštys
|
866347b042
|
add borgstor
|
2023-09-11 15:51:33 +03:00 |
Motiejus Jakštys
|
377030d0c0
|
headscale: remove ipv6 subnet
it's confusing: I couldn't find an easy way to get the ipv4 address on a client
|
2023-09-11 14:37:05 +03:00 |
Motiejus Jakštys
|
20ccb666c8
|
smtp
|
2023-09-07 19:46:47 +03:00 |
Motiejus Jakštys
|
fd9f30f7d4
|
snmp exporter: maybe exposing the file will work now?
|
2023-09-05 14:58:30 +03:00 |
Motiejus Jakštys
|
24e6aa333e
|
snmp exporter: expose in vpn for all to see
|
2023-09-05 14:45:09 +03:00 |
Motiejus Jakštys
|
5c1cccb8a4
|
snmp: from package back to module
|
2023-09-05 14:41:52 +03:00 |
Motiejus Jakštys
|
fe30f6c32a
|
Add dl.jakstys.lt
|
2023-08-29 15:41:57 +03:00 |
Motiejus Jakštys
|
617b829589
|
deployerbot: add fra1-a
|
2023-08-27 01:04:09 +03:00 |
Motiejus Jakštys
|
23347f6952
|
matrix-synapse: listen on 127.0.0.1
reverse proxying is over
|
2023-08-25 17:00:30 +03:00 |
Motiejus Jakštys
|
3687d7cd73
|
matrix-synapse listen on 0.0.0.0
|
2023-08-25 16:14:12 +03:00 |
Motiejus Jakštys
|
2776f8c517
|
fix extraConfigFiles
|
2023-08-25 16:03:46 +03:00 |
Motiejus Jakštys
|
355d8c21cc
|
move matrix-synapse to it's module
|
2023-08-25 15:49:37 +03:00 |
Motiejus Jakštys
|
f87a712635
|
node_exporter gets its own uidgid
|
2023-08-25 09:55:21 +03:00 |
Motiejus Jakštys
|
9740b42493
|
gitea: listen on 3001
|
2023-08-25 09:41:42 +03:00 |
Motiejus Jakštys
|
c3168bb2d3
|
headscale
|
2023-08-24 23:46:45 +03:00 |
Motiejus Jakštys
|
be4df58cbb
|
move gitea to its own module
|
2023-08-24 23:34:48 +03:00 |
Motiejus Jakštys
|
407024dfa9
|
zfsunlock: use IP addresses + zfsunlock
|
2023-08-22 14:14:20 +03:00 |
Motiejus Jakštys
|
bbf562d205
|
move node_exporter to its own module
|
2023-08-18 09:32:01 +03:00 |
Motiejus Jakštys
|
4dee4159e7
|
nix --accept-flake-config
|
2023-08-16 20:26:37 +03:00 |
Motiejus Jakštys
|
98a4ad79f8
|
grafana now on https://grafana.jakstys.lt, over vpn
|
2023-08-14 09:04:09 +03:00 |
Motiejus Jakštys
|
a2a741d27e
|
fmt and formatting; nsd-acme is less verbose
|
2023-08-10 10:48:34 +03:00 |
Motiejus Jakštys
|
fa435f65d0
|
zones don't need to be sanitized
it's DNS!
|
2023-08-10 10:46:06 +03:00 |
Motiejus Jakštys
|
7bedc09abb
|
deployerbot: do not restart if changed
leads to interesting deadlocks when upgrading self
|
2023-08-10 10:40:07 +03:00 |
Motiejus Jakštys
|
4878c42ca9
|
cron + alerting for cert updates
|
2023-08-10 00:46:36 +03:00 |
Motiejus Jakštys
|
9059f84632
|
uacme can return 1 when cert is up to date
|
2023-08-10 00:37:21 +03:00 |
Motiejus Jakštys
|
76a748e086
|
grafana is now prod
|
2023-08-10 00:29:56 +03:00 |
Motiejus Jakštys
|
98816538d2
|
trying grafana1
|
2023-08-10 00:24:36 +03:00 |
Motiejus Jakštys
|
69e6734eb7
|
nsd-acme: misc fixes
|
2023-08-09 15:55:05 +03:00 |
Motiejus Jakštys
|
9a456192af
|
nsd-acme
|
2023-08-09 15:34:44 +03:00 |
Motiejus Jakštys
|
3e66f95668
|
zfsunlock nitpick
|
2023-08-09 14:26:49 +03:00 |
Motiejus Jakštys
|
9a7e42b95d
|
nsd: ConditionPathExists all files
|
2023-08-07 14:50:32 +03:00 |
Motiejus Jakštys
|
5ae9886929
|
deployerbot: set PATH in systemd service definition
|
2023-08-07 14:39:38 +03:00 |
Motiejus Jakštys
|
c8525b4e6b
|
node_exporter on hel1-a
|
2023-08-06 01:00:02 +03:00 |
Motiejus Jakštys
|
665e79a984
|
prometheus: beginnings
|
2023-08-05 18:32:28 +03:00 |
Motiejus Jakštys
|
f4e04faef3
|
friendlyport
|
2023-08-05 18:18:30 +03:00 |
Motiejus Jakštys
|
cf6eeb6f29
|
deployerbot: start action at 23:30 UTC
According to 'nixos infra status' finding a good time of day to run the
updates for nixos release non-small is futile.
|
2023-08-02 15:41:07 +03:00 |
Motiejus Jakštys
|
07921f1eaa
|
nix flake update: schedule at 16:00 UTC
|
2023-08-01 14:24:32 +03:00 |
Motiejus Jakštys
|
7a224096ba
|
set PATH once
|
2023-07-30 09:01:27 +03:00 |
Motiejus Jakštys
|
c99adbbaa1
|
bring back exec
|
2023-07-30 08:59:58 +03:00 |
Motiejus Jakštys
|
d536eb5656
|
set OLD_PATH once
|
2023-07-30 08:56:38 +03:00 |
Motiejus Jakštys
|
afd7743f37
|
deployerbot: push after a successful deploy
|
2023-07-30 08:53:19 +03:00 |
Motiejus Jakštys
|
482f01bb01
|
deployer: set -x
|
2023-07-30 07:36:12 +03:00 |
Motiejus Jakštys
|
36bbceac03
|
limit deployerbot-follower to our vpn
|
2023-07-30 07:23:43 +03:00 |
Motiejus Jakštys
|
d1b19e6cf6
|
deployerbot: do not set -x
|
2023-07-30 07:00:10 +03:00 |
Motiejus Jakštys
|
a9e8904d28
|
add deployerbot-follower to trusted users
|
2023-07-30 06:55:04 +03:00 |
Motiejus Jakštys
|
ef050725c1
|
deploy-rs can deploy multiple targets with --targets
|
2023-07-30 06:50:06 +03:00 |
Motiejus Jakštys
|
69ee6c9caa
|
add comment re calendar time
|
2023-07-30 06:45:54 +03:00 |
Motiejus Jakštys
|
f18a2ff855
|
deploy updates regularly
|
2023-07-30 06:41:13 +03:00 |
Motiejus Jakštys
|
9de5120cc3
|
updaterbot: move all to deployer
|
2023-07-30 06:30:52 +03:00 |
Motiejus Jakštys
|
9e0bd48a22
|
clean up old paths -- untested
|
2023-07-28 16:15:59 +03:00 |
Motiejus Jakštys
|
49b9cc8351
|
vno1-oh2: enable deployerbot master
|
2023-07-28 16:09:41 +03:00 |
Motiejus Jakštys
|
bff8cef210
|
fixes in deployment script
|
2023-07-28 15:55:16 +03:00 |
Motiejus Jakštys
|
e588514c07
|
updater
|
2023-07-28 15:43:23 +03:00 |
Motiejus Jakštys
|
bddb20cd13
|
updater: move to it's own service
|
2023-07-28 14:22:40 +03:00 |
Motiejus Jakštys
|
45724064d1
|
add M-R
|
2023-07-28 09:10:40 +03:00 |
Motiejus Jakštys
|
89f7838c93
|
add Irenos folder
|
2023-07-26 22:24:51 +03:00 |
Motiejus Jakštys
|
4522af453b
|
start/stop firewall commands
|
2023-07-26 15:14:12 +03:00 |