Commit Graph

2301 Commits

Author SHA1 Message Date
8b0573409d fwminex: enable firewall 2023-09-14 15:25:08 +03:00
b38c4013e7 cosmetics: quoting
it's fine, there is overrides.conf
2023-09-14 15:15:27 +03:00
b73f671bc0 silenceLogs is not picked up
Result:
$ cat result/etc/systemd/system/tailscaled.service
[Unit]
Description=Tailscale node agent
Documentation=https://tailscale.com/kb/
Wants=network-pre.target
After=network-pre.target NetworkManager.service systemd-resolved.service

[Service]
ExecStartPre=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup
ExecStart=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=
ExecStopPost=/nix/store/gr38ww9sj0qbcs8sb17iq9871qvmhfjw-tailscale-1.42.0/bin/tailscaled --cleanup

Restart=on-failure

RuntimeDirectory=tailscale
RuntimeDirectoryMode=0755
StateDirectory=tailscale
StateDirectoryMode=0700
CacheDirectory=tailscale
CacheDirectoryMode=0750
Type=notify

[Install]
WantedBy=multi-user.target
2023-09-14 15:10:18 +03:00
76c07129f3 re-add () 2023-09-14 14:51:36 +03:00
fb3c39d7dc re-enable tailscale, oops 2023-09-14 14:48:54 +03:00
9eb8147660 tailscale: silence logs on some machines 2023-09-14 14:37:55 +03:00
aad4502030 rename vno1-rp3b to vno3-rp3b
ready for deployment
2023-09-14 13:27:05 +03:00
45a9b7475b vno1-rp3b: dhcp 2023-09-14 13:24:40 +03:00
553cda8fc7 vno1-rp3b: enable vno3 2023-09-14 13:23:04 +03:00
b1b046d78a sudo: fix extraGroups of motiejus
this misses 'wheel'
2023-09-14 13:07:39 +03:00
4a5893ae73 fwminex: some hardware updates 2023-09-14 09:42:14 +00:00
8e32a16f01 add iwlwifi to early-ish boot 2023-09-14 11:35:29 +03:00
e341092306 fwminex: enable redistributable firmware, remove docker volume 2023-09-14 11:31:53 +03:00
a7a6148d0f fwminex: allow nonfree 2023-09-14 10:53:01 +03:00
280b8cf3ad fwminex: fix mountpoint to /var/lib/docker 2023-09-14 10:40:23 +03:00
1430bf9d6d fwminex: swap 2023-09-14 07:43:18 +03:00
90be8b6e5f fwminex: fix typo 2023-09-14 06:42:44 +03:00
62e00f3bc7 fwminex: firewall and swap devices 2023-09-14 06:41:37 +03:00
85917635fd sshguard is now optional 2023-09-14 06:41:16 +03:00
f34af96bc4 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/36bee398beca22e2428074e0a2e068d87f801718' (2023-09-12)
  → 'github:NixOS/nixpkgs/e27ca312d56522b907b998c2ff99169bf12639f2' (2023-09-13)
2023-09-13 23:30:50 +00:00
182a87b0b9 another fix for swap devices 2023-09-13 15:18:25 +03:00
e617dbf55f fwminex: fix swap and docker 2023-09-13 15:13:44 +03:00
2220be3c81 fwminex: set hostid 2023-09-13 14:46:58 +03:00
b5a3e29e6f force no legacy grub (now) 2023-09-13 14:14:25 +03:00
7775c760fa fwminex: update partition scheme 2023-09-13 13:54:22 +03:00
8a01703bb1 fwminex: disable postfix temporarily 2023-09-13 13:30:16 +03:00
234933dee1 install smartmontools 2023-09-13 13:29:06 +03:00
e38f446793 add fwminex 2023-09-13 13:04:40 +03:00
e12e139128 samba: make file/dir masks a bit more restrictive 2023-09-13 09:00:28 +03:00
00a6a27b92 zfsborg: use TemporaryFileSystem for temp snapshots
Otherwise:

Sep 13 00:01:05 vno1-oh2 systemd[1]: Started BorgBackup job -var-lib-1.
Sep 13 00:01:06 vno1-oh2 borgbackup-job--var-lib-1-start[329228]: filesystem 'rpool/nixos/var/lib@autosnap_2023-09-12_21:00:06_hourly' is already mounted
Sep 13 00:01:06 vno1-oh2 borgbackup-job--var-lib-1-start[329209]: umount: /var/lib/.snapshot-latest: not mounted.
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Main process exited, code=exited, status=32/n/a
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Failed with result 'exit-code'.
Sep 13 00:01:06 vno1-oh2 systemd[1]: borgbackup-job--var-lib-1.service: Triggering OnFailure= dependencies.
2023-09-13 08:37:35 +03:00
6bdaca4095 flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/d0cfc042eba92eb206611c9e8784d41a2c053bab' (2023-09-08)
  → 'github:serokell/deploy-rs/31c32fb2959103a796e07bbe47e0a5e287c343a8' (2023-09-12)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
  → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28)
  → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e20410d4224c6d5ae4acc9d492b4f5b443e90b86' (2023-09-10)
  → 'github:NixOS/nixpkgs/36bee398beca22e2428074e0a2e068d87f801718' (2023-09-12)
2023-09-12 23:30:52 +00:00
4f152205ce samba: log level = 0 2023-09-12 23:27:23 +03:00
bef137b967 wsdd: specify existing hostname 2023-09-12 23:18:46 +03:00
53ce3910aa replace nmbd with wsdd
https://askubuntu.com/questions/661611/make-samba-share-visible-in-windows-network
2023-09-12 23:10:59 +03:00
e45573c8a6 fix samba config
works!
2023-09-12 22:55:17 +03:00
4f45d605e1 vno1-rp3b: some attempts at samba 2023-09-12 17:44:17 +03:00
7891663a65 jakstpub: change home dir to /var/empty 2023-09-12 17:27:11 +03:00
93d3eed065 hdd.jakstys.lt 2023-09-12 17:25:07 +03:00
2dd8cda85a open up samba 2023-09-12 16:08:32 +03:00
e61944dfde rewrite firewall rules 2023-09-12 15:46:44 +03:00
2b5b9bc57f samba some progress 2023-09-12 13:31:46 +03:00
dea3eef575 fra1-a: disable zfsunlock 2023-09-12 12:25:30 +03:00
49d92971c9 pass BORG_HOST_ID correctly 2023-09-12 11:41:45 +03:00
b204d5532f zfsborg: add BORG_HOST_ID if nics change 2023-09-12 11:30:08 +03:00
563d340013 add lshw 2023-09-12 11:17:50 +03:00
5cfc0a62b9 vno1-oh2: mitigating the NIC 2023-09-12 09:59:55 +03:00
92e940e1d4 wip samba 2023-09-12 09:42:20 +03:00
94253212c6 networking.firewall.checkReversePath = "loose" for tailscale 2023-09-11 22:38:44 +03:00
f33f8b3d1b add bonnie++, remove nix-top 2023-09-11 22:01:59 +03:00
80aca1ede2 Revert "firewall: open iperf3 fully"
This reverts commit 56bc914934.
2023-09-11 21:59:43 +03:00