Commit graph

1285 commits

Author SHA1 Message Date
Bruno BELANYI 49232423ca lib: ip: verify ip is valid in 'check' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 0112dd87ac lib: ip: add 'isValidIp4' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 5a06ab74bb lib: ip: add 'nth' utility to 'parseSubnet4' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 1968285d0a lib: ip: add 'nthInRange4'
And use it to refactor 'rangeIp4'
2021-04-25 12:39:17 +00:00
Bruno BELANYI 509332270e services: wireguard: refactor DNS configuration 2021-04-25 12:39:17 +00:00
Bruno BELANYI 05c9a46cde services: wireguard: add internal-only option 2021-04-25 12:39:17 +00:00
Bruno BELANYI 196f9a3e34 services: wireguard: fix server routing
I had made a mistake, hard-coding the server as being `1` for its client
number, instead of using the one configured from its peer configuration.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 26eac86de0 services: wireguard: clean up logic
This module has a complicated logic, and I found the code quite ugly.
making use of `mkMerge` makes it easier to read and think through.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 84b61b25b3 services: wireguard: allow disabling service
Only the server *needs* to have wireguard up at all times. However a
laptop or desktop probably doesn't need it up at all times.
2021-04-25 12:39:17 +00:00
Bruno BELANYI f79fcd020b services: wireguard: set up DNS server on clients
This makes use of my newly written adblocking DNS service, it does
assume that the server would have both wireguard and DNS enabled.

I would also like to move to using my ip-related library functions,
however it does not support IPv6 and is unlikely to be easily added...
But I am not sure that I *need* IPv6 support for my use-case.

Finally, I find this module a bit too heavy, it could be improved by
having specific 'server' and 'client' roles, instead of implicit roles
depending on whether an external IP exists.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 3696471201 services: adblock: restrict to wireguard interface 2021-04-25 12:39:17 +00:00
Bruno BELANYI a551ace6a6 machines: porthos: services: enable adblock 2021-04-25 12:39:17 +00:00
Bruno BELANYI 5b0d12ad40 services: add adblock
This is a self-hosted DNS server with hosts-based adblocking.

I should probably have it update the hosts file more often than I will
probably end up doing myself with a package... We'll see if it ends up
being necessary.
2021-04-25 12:39:17 +00:00
Bruno BELANYI d10f0ed103 pkgs: add unbound-zones-adblock
Unbound wants a configuration file that is not actually formatted like
StevenBlack's hosts files. This derivation fixes that.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 20c20cef46 pkgs: add unified-hosts-lists 2021-04-25 12:39:17 +00:00
Bruno BELANYI 63d28c4ae2 lib: ip: add 'rangeIp4'
The `range` attribute is not very useful by itself. However this
generator can convert it into a list of all addresses in the given
range.
2021-04-25 12:39:17 +00:00
Bruno BELANYI ad006bf2b8 lib: add ip 2021-04-25 12:39:17 +00:00
Bruno BELANYI e438b7b5f5 pkgs: add havm
This is a dependency for Tiger Compiler [1].

[1]: https://assignments.lrde.epita.fr/
2021-04-25 12:39:17 +00:00
Bruno BELANYI 9a9ec81204 pkgs: add nolimips
This is a dependency for Tiger Compiler [1].

[1]: https://assignments.lrde.epita.fr/
2021-04-25 12:39:17 +00:00
Bruno BELANYI 89ea720bff flake: expose custom packages as output 2021-04-25 12:39:17 +00:00
Bruno BELANYI 67faf8fa43 services: lohr: update log environment variable 2021-04-25 12:39:17 +00:00
Bruno BELANYI e6d46b3c59 pkgs: extract lohr from 'services/lohr' 2021-04-25 12:39:17 +00:00
Bruno BELANYI b06f265291 pkgs: extract podgrab from 'services/podgrab' 2021-04-25 12:39:17 +00:00
Bruno BELANYI edb9c46106 flake: introduce 'pkgs' overlay
Also make it the prime overlay instead of the extended 'lib'.

The reason for `pkgs` not being structured as an overlay, but simply
taking `pkgs` as an argument is to allow it to be used as a NUR package
set, if I wanted to.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 15f0f95538 services: lohr: update to 'v0.4.0' 2021-04-25 12:39:17 +00:00
Bruno BELANYI e51ab70d5b modules: add documentation 2021-04-25 12:39:17 +00:00
Bruno BELANYI 6bf6d21392 flake: inject extended 'lib' into NixOS config
Somehow it works just fine in my `home-manager` configuration, I assume it is
using the system `nixpkgs` and its `lib` attribute that I extended. Whereas the
NixOS system must be injected with the extended one intentionally.
2021-04-17 11:41:19 +00:00
Bruno BELANYI ee1b31954a services: calibre-web: use upstream service
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2021-04-15 16:24:41 +00:00
Bruno BELANYI 0d31aebb87 flake: bump inputs 2021-04-15 16:24:41 +00:00
Bruno BELANYI 471fe4e21f machines: porthos: services: enable podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI 558c09cfdf services: add podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI 8d3a87d1b6 project: readme: add lohr to manual steps
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 22:48:38 +00:00
Bruno BELANYI ff975b8c7d machines: porthos: services: enable lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI 3402146298 services: add lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI cf76586585 services: drone: fix docker socket dependency
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-31 17:56:36 +00:00
Bruno BELANYI 3a4098a6c4 modules: users: sort groups 2021-03-31 17:56:36 +00:00
Bruno BELANYI 7e70b57132 services: transmission: remove trailing slash
Otherwise it messes with the UI: Another '/' is inserted
2021-03-31 17:56:36 +00:00
Bruno BELANYI 65d90dfc2c flake: add 'git-crypt' and 'gnupg' to devShell 2021-03-31 17:56:36 +00:00
Bruno BELANYI 61fcfec4cb services: drone: use runners from nixpkgs 2021-03-31 17:56:36 +00:00
Bruno BELANYI 3b07633eb7 flake: bump inputs 2021-03-31 17:56:36 +00:00
Bruno BELANYI 7cacca9baf home: zsh: add 'reset-agent' alias 2021-03-31 17:56:36 +00:00
Bruno BELANYI 859135880e home: vim: remove BetterWhitespace commands 2021-03-31 17:56:36 +00:00
Bruno BELANYI 7fc3a74329 services: use explicit loopback address w/ vhosts
Otherwise it can result in failure to proxy requests sometimes...
2021-03-31 17:56:36 +00:00
Bruno BELANYI 9155e139d4 home: tmux: use 'vi' keys 2021-03-27 15:45:12 +00:00
Bruno BELANYI 29f3367668 services: nextcloud: bump package version
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2021-03-20 00:25:35 +00:00
Bruno BELANYI 4d8604c401 flake: bump inputs 2021-03-20 00:16:01 +00:00
Bruno BELANYI 3e9ccdbca7 home: git: clean up ignore file handling
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-15 20:54:18 +00:00
Bruno BELANYI 4363c1312e home: git: sort configuration attributes 2021-03-15 20:53:52 +00:00
Bruno BELANYI de94160adf home: zsh: make it enable-able
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-14 12:18:09 +00:00
Bruno BELANYI a6f5661a68 home: xdg: make it enable-able 2021-03-14 12:18:09 +00:00