| Age | Commit message (Collapse) | Author |
|---|
|
This commit configures Nginx as a reverse proxy for the Syncthing web
interface, making it accessible via syncthing.bensima.com with SSL
encryption. The configuration includes proper header forwarding and
WebSocket support for the Syncthing GUI.
Additionally, this commit explicitly opens the required firewall ports
for Syncthing's operation, including the GUI port, sync port (22000),
and discovery broadcast port (21027).
|
|
Moved Syncthing configuration from Lithium's configuration file to a
dedicated module in Cloud directory. This change improves organization
by placing the service with other cloud-related configurations.
The new module includes comprehensive Syncthing setup with proper user
configuration, firewall rules, and default settings. It's now imported
in Cloud.nix to make it available to the cloud infrastructure.
|
|
Having this in its own file makes it easier to work on. Then I was able to
figure out (with lots of debugging and trial+error with Claude) the actual
permissions settings that result in a shared calendar. It's very fiddly because
it is matching on usernames and directories using regex, and I think it's
order-dependent as well.
|
|
This does the full transition: web server, mail server, xmpp. I expect some
disruption, but hopefully this is everything and it just switches over without
any problem.
|
|
Added header checks for optaltechtld.com domain to block incoming spam
emails claiming to be from MetaMask. The configuration includes checks
for Received, From, Return-Path, and Sender headers containing this
domain, rejecting any matching messages at the mail server level.
|
|
This commit adds the novastells.com.es domain to our mail server's
blocklist by configuring Postfix header checks to reject messages
from this domain. The implementation checks for the domain in
multiple mail headers (Received, From, Return-Path, and Sender)
to ensure comprehensive blocking.
The commit also improves the comment above the headerChecks section
to better reflect its purpose of blocking multiple unwanted domains.
|
|
Configure Postfix to reject all emails from perfora.net by adding
header_checks rules that inspect both From and Received headers.
Implementation includes:
1. Adding header_checks configuration to Postfix
2. Creating a regexp file with rules to block the domain
3. Setting up an activation script to ensure proper file linking
This change helps prevent unwanted messages from this specific domain
while maintaining normal mail service for all other senders.
|
|
Configure Monica on Omni/Cloud. I had to setup PHP FastCGI so that nginx handles
the PHP requests properly, and setup an email address for the service.
|
|
This changed when I setup my new router.
|
|
I really need a better way of setting this port rather than manually updating it
when I reconfigure emby.
|
|
Because tv.simatime.com is easier to type and remember than the feralhosting URL
with the port and everything.
|
|
This is a very nice web ui frontend similar to ChatGPT that can use both OpenAI
and Ollama as backends at the same time. Currently I'm just using it locally but
eventually I think I'll expose it over the internet and use it as my go-to LLM
interface.
|
|
Removed the murmur server from Lithium and started broadcasting on bensima.com
rather than simatime.com. Eventually I will move everything over there.
|
|
Slowly moving everything to this domain, it will take a while though.
|
|
This was previously implemented in c467f7611f66b6d9b9dcb589ed534374cd7b2e6c but
got lost when I updated nixos at some point. And then I noticed ClaudeBot was
crawling my code while I was working on the previous commit. I don't really like
that, so I'll just add this noindex and see if it stops.
|
|
After the update, the /git endpoint was redirecting in circles and I couldn't
figure out why. Eventually I just moved it to a subdomain, and in the process I
found out that the git-daemon thing doesn't work anymore because of the user
ownership of the repos, as mentioned in the long comment. So I just disabled
that. Now it works, but cloning is only available over ssh, and that's fine I
guess.
|
|
The problem was that the ssl cert wasn't renewing. I added the domains to the
nginx config, and cleaned up some other stuff. During debug I also udpated
nixos-mailserver and nixos stable because I thought it would fix something; it
didn't but I might as well use the updated versions of stuff since it seems to
still work fine.
|
|
I mostly wanted a formatter that would format `inherit` blocks
vertically, because otherwise they are super hard to read when diffing
or even just editing. Both alejandra and the new nixos/nixfmt format
verically like this, but alejandra has slightly better format (I guess)
and for some reason nixfmt did not respect my `GLOBIGNORE` setting when
doing `nixfmt **/*.nix` so it was trying to format stuff in `_/nix`, and
failed. So anyway I went with alejandra.
- https://github.com/kamadorueda/alejandra
- https://discourse.nixos.org/t/enforcing-nix-formatting-in-nixpkgs/49506
|
|
This was all dead weight, just delete it and move on.
|
|
I was getting confused about what is a product and what is internal
infrastructure; I think it is good to keep those things separate. So I moved a
bunch of stuff to an Omni namespace, actually most stuff went there. Only things
that are explicitly external products are still in the Biz namespace.
|
