ca3d21b3ad
WIP: feat: Add minecraft server
2025-02-01 18:20:23 +08:00
40187d4b2d
feat: Add crowdsec to replace fail2ban
2025-02-01 00:08:31 +08:00
22981fdcdd
feat: Remove fail2ban
2025-02-01 00:08:29 +08:00
b3be7bd88f
bump: Update to NixOS 24.11
2025-01-19 17:40:30 +08:00
34f88ee8d5
chore: Remove afvalcalendar
2025-01-19 17:40:29 +08:00
04f7a7ef1d
treewide: Use nixfmt for formatting
2024-08-18 20:41:20 +02:00
222829d82a
starbound: Don't build service for now
...
This includes the really huge steam-run closure, which is just a PITA
to keep up with if we're never using it.
2024-07-01 19:24:03 +02:00
fd138d45e6
treewide: Start using nixpkgs-fmt formatting
2024-06-28 20:12:55 +02:00
501c3466bc
Update to NixOS 24.05
2024-06-14 00:49:12 +02:00
8f178f776e
afvalcalendar: Host enschede afvalcalendar
2024-04-15 03:14:46 +02:00
119db5e1d3
sonnenshift: Init
2024-04-08 20:02:53 +02:00
14785afa14
vm: Set up proper bridge networking
2024-03-27 01:51:15 +01:00
fa73574dba
nginx: Factor nginx configuration into a separate module
2024-03-12 06:07:24 +01:00
1c6e7ec106
acme: Don't attempt to get certs if the domain is wrong
2024-03-11 03:42:29 +01:00
ddda6f534b
hetzner: Add new server config
2024-03-11 03:42:28 +01:00
95b5d4b3bd
nginx: Reduce number of rotated logs kept around
2023-12-15 17:04:42 +01:00
55a4aaf48b
metrics: Add metrics with victoriametrics + grafana
2023-10-12 20:41:04 +02:00
87dd9daa4f
backups: Add atomic backups with restic
2023-10-12 20:27:34 +02:00
828d3f3878
services: Update outdated options
2023-07-28 11:23:56 +02:00
acd7cc802b
networking: Set up static IP address
2023-05-11 22:09:32 +01:00
bb397841ee
refactoring: Use flake-inputs instead of awkwardly passing through
2023-02-26 05:59:09 +00:00
b7726af1c4
config: Make changes suggested post 22.11 update
2023-01-11 02:38:56 +00:00
957ab110c5
firewall: Open Minecraft ports for port forwarding
2023-01-11 02:38:53 +00:00
Tristan Daniël Maat
a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate
2022-11-05 22:26:52 +00:00
Tristan Daniël Maat
997707021b
config: Enable authorization through ssh agent
...
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.
*And* seems more secure and convenient at the same time.
2022-11-05 18:01:07 +00:00
Tristan Daniël Maat
0528f73187
nginx: Remove mitigation for openssl CVE
...
This has been fixed, instead we just update to the latest openssl.
2022-11-05 17:33:28 +00:00
Tristan Daniël Maat
2304711359
config: Mitigate upcoming SSL CVE
...
See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
As 1.1 is unaffected, this override should be sufficient to evade this
problem.
2022-10-31 16:07:41 +00:00
Tristan Daniël Maat
b3e8b0e85c
default.nix: Turn on minimal profile
2022-10-30 18:26:45 +00:00
Tristan Daniël Maat
c72953e1ef
matrix: Add coturn support for calls
2022-10-29 01:39:09 +01:00
c56de6cf7e
conduit: Add new conduit service
2022-10-22 21:22:55 +01:00
61d3008bc3
nextcloud: Fetch apps using nvfetcher
2022-10-17 11:00:02 +01:00
c4fa991b62
treewide: Add fail2ban
2022-10-14 06:27:11 +01:00
78ecfd63a1
starbound: Fix post-update issues
2022-10-14 05:58:15 +01:00
e8b16459d9
treewide: Refactor in order to clean up flake.nix
2022-10-14 05:58:13 +01:00
068e6d5d77
webserver: Use a hardened systemd unit instead of a container
2022-10-14 05:58:11 +01:00
b6594cea54
gitea: Use a hardened systemd unit instead of a container
2022-10-14 05:58:08 +01:00
3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container
2022-10-14 05:58:05 +01:00
6a81ce4c1d
sops: Improve secrets provisioning to split out staging
2022-10-12 23:22:50 +01:00
ab3aa19481
treewide: Perform another nitpicking sweep
2022-10-12 23:22:42 +01:00
7095ab2631
treewide: Remove minecraft server
...
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
046a88905d
treewide: Reformat project with alejandra
2022-10-10 13:03:18 +01:00
58e52dd119
ssh: Allow proxy connections with gatewayPorts
2022-10-10 13:01:26 +01:00
cd92ec64c2
Add starbound server
2022-04-23 08:47:13 +01:00
e7102adec1
Add sops-nix
2022-04-23 08:47:07 +01:00
3bdbe66fe4
nginx: Enable HSTS
2021-10-12 13:53:08 +01:00
4fe3b8b22b
minecraft: Fix ridiculous CPU usage
...
Tapes over https://bugs.mojang.com/browse/MC-183518 , which schedules
things completely stupidly on Linux starting with 1.14.
2021-08-25 20:06:05 +01:00
343c7fcc36
nginx: Don't override extra options in the host helper
2021-05-17 00:13:58 +01:00
5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost
2021-05-17 00:13:38 +01:00
458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution
...
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.
This can result in connection issues, especially with containers that
don't support IPv6.
2021-05-16 01:34:03 +01:00
939c768280
nix: Add the wheel group to trusted users to allow remote builds
2021-04-28 00:22:21 +01:00
