Commit graph

37 commits

Author SHA1 Message Date
9ddc5c3547 fix ipv6 for wireguard 2024-01-17 23:04:27 +01:00
14aca80ff6 added kms.kun.is to dns config (without ipv6) 2024-01-17 19:13:46 +01:00
bf93921109 no ipv6 for kms.geokunis2.nl 2024-01-17 18:09:05 +01:00
a341d0dd30 add paperless-ngx docker stack 2024-01-15 21:34:25 +01:00
b59026cb13 allow zone transfers for geokunis2.nl 2024-01-14 19:31:17 +01:00
e9156315d1 don't use IPv6 for git ssh 2024-01-14 18:38:04 +01:00
0b02ed85de enable ipv6 networking on docker swarm 2024-01-14 17:59:32 +01:00
b38f1c291a enable IPv6 support on DNS 2024-01-14 15:20:32 +01:00
13f0f036e9 enable ipv6 networking on DMZ 2024-01-13 17:33:14 +01:00
76501362f7 parameterize main nic and dmz bridge interface names
firewall some services to particular interfaces
2024-01-13 00:05:25 +01:00
6bcdd774ac enable firewall again
replace iptables with nftables
disable reverse path filtering for all hosts
allow port 5353 for host running dnsmasq
closes #31
2024-01-12 22:31:15 +01:00
efe9b57867 create global module for machine-independent custom configuration
parameterize various IP addresses
2024-01-08 23:17:37 +01:00
b189d061cb encrypt secrets with all machines' and admins' public keys
closes #32
2024-01-08 21:46:40 +01:00
0d150b3236 move age keys to /etc
closes #33
2024-01-08 20:47:12 +01:00
aba16d3fd1 restructure modules 2024-01-07 23:06:27 +01:00
54d5f6f5dc enable dnsmasq for DHCP and DNS
allow setting static ipv4 address on DMZ
2024-01-07 22:36:26 +01:00
d4301bf7cd unbloat geokunis2 dns 2024-01-07 20:42:07 +01:00
fcf6864b77 Merge branch 'master' of ssh://git.kun.is:56287/home/nixos-servers 2024-01-07 20:31:17 +01:00
62bbc7c13d use dns.nix voor zone file generation 2024-01-07 20:24:12 +01:00
a152cde165 add authoritative DNS server 2024-01-07 18:14:44 +01:00
d92f27bd03 don't manage database permissions in nix
closes #24
2024-01-07 16:26:11 +01:00
914d84ef23 encrypt borg repository
also backup to AWS EC2 instance
2024-01-07 15:57:30 +01:00
2804e764f5 merge modules into one storage module 2024-01-07 00:22:44 +01:00
997d9bb0cb create terraform project to setup libvirt on hosts
use SATA drive for atlas OS
remove thecloud legacy project
2024-01-06 23:56:00 +01:00
7c7b3e667b swap disks on jefke
fix freshrss NFS volume mount point
remove freshrss extensions volume
disable vpay node in docker swarm
2024-01-06 23:07:54 +01:00
10dbccae97 create top-level switch whether a machine holds the application data 2024-01-06 21:45:18 +01:00
97fc20e251 backup nextcloud and hedgedoc database using borgmatic
expose database passwords using agenix
install lsof and parted
2024-01-06 20:17:45 +01:00
fc2da07613 update borgmatic config to backup btrfs subvolume 2024-01-04 23:04:02 +01:00
837ddf14e1 fix freshrss nfs volume directory
remove freshrss extensions volume
install lsof and parted
2024-01-02 08:27:12 +01:00
5884585b3a migrate data from thecloud.dmz to lewis.dmz
install tcpdump
2024-01-01 13:16:11 +01:00
3981805a6b add experimental module for data sharing on hypverisor 2023-12-30 21:13:48 +01:00
d9f697d171 add possibility of DMZ connectivity on hypervisor 2023-12-30 16:11:28 +01:00
0518fb5949 create module for networking 2023-12-30 15:20:16 +01:00
989ef332bb disable password logins by default in VMs
restructure terraform database module
2023-12-30 14:35:10 +01:00
7222254c22 cleanup nixos modules a bit 2023-12-29 13:46:12 +01:00
1f5d121fd0 restructure nixos modules 2023-12-29 13:41:01 +01:00
6d258fe5ae restructure code 2023-12-29 12:47:59 +01:00