| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-06-15 | Rename wg0 interface to wgnet0 | Dmitry Ilvokhin | |
| 2024-06-15 | Rename wg1 interface to wgvpn0 | Dmitry Ilvokhin | |
| 2024-06-15 | Rename wg2 interface to wgtor0 | Dmitry Ilvokhin | |
| 2024-06-14 | Remove sh suffix from rotate-vault-password example | Dmitry Ilvokhin | |
| 2024-06-14 | Fix ip addresses for Moscow machines | Dmitry Ilvokhin | |
| 2024-06-14 | Mark gate as jumphost | Dmitry Ilvokhin | |
| 2024-06-14 | Cleanup TODO.txt file | Dmitry Ilvokhin | |
| 2024-06-14 | Finally migrate gate.ilvokhin.com | Dmitry Ilvokhin | |
| 2024-06-14 | Add comment why we use reload for wgnet | Dmitry Ilvokhin | |
| 2024-06-14 | Fix wrong state restart -> restarted | Dmitry Ilvokhin | |
| 2024-06-14 | Manually create /etc/systemd/resolved.conf.d dir | Dmitry Ilvokhin | |
| 2024-06-09 | Migrate to restart instead of reload for wgvpn | Dmitry Ilvokhin | |
| For the same reason restart is used in wgtor: there are `iptables` commands in `PostUp` and `PostDown` which are not running on reload. | |||
| 2024-06-09 | Update README.txt with more info on how run stuff | Dmitry Ilvokhin | |
| 2024-06-09 | Update TODO.txt with Tor setup references | Dmitry Ilvokhin | |
| 2024-06-09 | Add wgtor and tor to vpn playbook | Dmitry Ilvokhin | |
| 2024-06-09 | Add tor role | Dmitry Ilvokhin | |
| 2024-06-09 | Add wgtor role for Tor middlebox | Dmitry Ilvokhin | |
| 2024-06-01 | Remove .sh extention from bin tools | Dmitry Ilvokhin | |
| 2024-06-01 | Migrate netfwd to systemd-sysctl | Dmitry Ilvokhin | |
| /etc/sysctl.conf doesn't work, see [1]. Intrestingly enough, I catched it only with system upgrade and reboot. Just reboot didn't catch it for some reason, or I didn't notice. [1]: https://wiki.archlinux.org/title/sysctl | |||
| 2024-05-27 | Remove semicolons from wgvpn config | Dmitry Ilvokhin | |
| 2024-05-27 | Add wgvpn role for WireGuard VPN | Dmitry Ilvokhin | |
| 2024-05-26 | Remove wgnet networkd files | Dmitry Ilvokhin | |
| 2024-05-26 | Move sysctl net forwarding to separate role | Dmitry Ilvokhin | |
| 2024-05-19 | Migrate away from networkd for wireguard | Dmitry Ilvokhin | |
| Migrate due to a bug [1], which wasn't fixed for some time. [1]: https://github.com/systemd/systemd/issues/25547 | |||
| 2024-05-19 | Wireguard overlay network setup | Dmitry Ilvokhin | |
| Need to migrate away from networkd, because it can't add new wireguard peers now out of the box without hacks. [1]: https://github.com/systemd/systemd/issues/25547 | |||
| 2024-05-06 | Add wireguard role | Dmitry Ilvokhin | |
| 2024-05-04 | Simplify ssh config a bit | Dmitry Ilvokhin | |
| Use `%h` to fold config to indentical hosts to one item. | |||
| 2024-05-04 | Push public key from another laptop to servers | Dmitry Ilvokhin | |
| 2024-05-03 | Open git.ilvokhin.com to the world | Dmitry Ilvokhin | |
| 2024-05-03 | Init repositories as private by default | Dmitry Ilvokhin | |
| 2024-05-03 | Add clone URLs for repositories | Dmitry Ilvokhin | |
| 2024-05-03 | Do not export everything with git-daemon | Dmitry Ilvokhin | |
| We should export only repositories with git-daemon-export-ok file inside. | |||
| 2024-05-03 | Rename .htpasswd to htpasswd | Dmitry Ilvokhin | |
| 2024-05-03 | Add dots to comments | Dmitry Ilvokhin | |
| 2024-05-03 | List repositories explicitly instead of scan-path | Dmitry Ilvokhin | |
| This allowes to have private repositories on the same server. | |||
| 2024-04-26 | Remove favicon from cgit | Dmitry Ilvokhin | |
| We set root to /usr/share/webapps/cgit for cgit location. This directory contains favicon which served automatically. One way to stop it is to remove favicon, but every package update will bring it back in. So I just hardcoded into nginx config return code of 404 for favicon request to do not serve it. | |||
| 2024-04-26 | Fix indent in nginx config for cgit | Dmitry Ilvokhin | |
| 2024-04-20 | Wrap text at 72 width for mail messages | Dmitry Ilvokhin | |
| 2024-04-20 | Remove fail2ban installation from TODO | Dmitry Ilvokhin | |
| Decided not to do it after reading ArchWiki. | |||
| 2024-04-20 | Use systemd service instead of service for certbot | Dmitry Ilvokhin | |
| To properly reload systemd in case of changes in unit file. | |||
| 2024-04-20 | Add paccache role to all hosts | Dmitry Ilvokhin | |
| 2024-04-19 | Remove user from ssh config as d is default user | Dmitry Ilvokhin | |
| 2024-04-19 | Use user d for connection to mail | Dmitry Ilvokhin | |
| 2024-04-19 | Migrate mail to Ansible based setup | Dmitry Ilvokhin | |
| 2024-04-19 | Fix postfix virtual_transport: use dovecot-lmtp | Dmitry Ilvokhin | |
| 2024-04-19 | Migrate postfix from hash to lmdb db | Dmitry Ilvokhin | |
| 2024-04-19 | Setup lmtp protocol for dovecot | Dmitry Ilvokhin | |
| 2024-04-14 | Add `systemctl daemon-reload` item in TODO | Dmitry Ilvokhin | |
| 2024-04-14 | Make certificate updates work for nginx | Dmitry Ilvokhin | |
| Currently, we obtain certificates from Let's Encrypt with standalone mode, so when we do renew, certbot tries to run it is own webserver on port 80, but this port is already in use by nginx. Stop nginx, before renewal. This is quite hacky, but should work. Proper solution is to split certificate role by standalone and non-standalone versions. | |||
| 2024-04-07 | Add master.cf file to postfix role | Dmitry Ilvokhin | |
| Enable submission to send mail. | |||