| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-12-29 | Better ns0 network namespace configs | Xiao Pan | |
| Enable nft. Use different nft config for ns0. Host open emails port. ns0 open wireguard and qbt ports. ns0 configure wireguard. host not configure wiregurad, so also no need ip forwarding sysctl kernel parameters. ns0 use /etc/netns/ns0/nftables.conf that will bind mount to ns0. Host and ns0 both run dnsmasq for dns cache. ns0 dnsmasq I disable dbus because it will conficts with host dnsmasq dbus. Dnsmasq use dbus for config cahnge? I disable systemd-resolved and switch to dnsmasq because systemd-resolved use dbus for dns query? which is maybe easy for dns leak, e.g., when systemd-resolved is only running on host, ns0 with different /etc/resolv.conf still get dns from host open public ip when run resolvectl query, although drill does not leak. sye add enabled systemd units | |||
| 2024-12-25 | Merge branch 'ca' into ib | Xiao Pan | |
| Combine ca into ia to become new ib VPS. | |||
| 2024-06-28 | feat: wg and swgp config, mainly for aa | Xiao Pan | |
| 2024-04-09 | swith to new ca server; wireguard no need | Xiao Pan | |
| 2024-04-05 | Add email server configs | Xiao Pan | |
| References: https://github.com/LukeSmithxyz/emailwiz https://landchad.net/ https://wiki.archlinux.org/title/Postfix https://wiki.archlinux.org/title/Dovecot https://wiki.archlinux.org/title/OpenDKIM https://wiki.archlinux.org/title/OpenDMARC Maybe useful: https://doc.dovecot.org/settings/core/#dovecot-core-settings https://workaround.org https://kyun.host/docs/guides/email `man postconf.5` More necessary commands notes see arch_install.md | |||
| 2024-03-20 | add future maybe enable ports to nft conf | Xiao Pan | |
| 2024-03-18 | ca no qbt | Xiao Pan | |
| 2024-03-11 | Rename to wg0 so no need change names for new computer config. | Xiao Pan | |
| 2024-03-05 | fix: name ia not ka | Xiao Pan | |
| 2023-12-03 | newer kernel no need for `chain prerouting { type nat hook prerouting ↵ | Xiao Pan | |
| priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ | |||
| 2023-12-03 | maybe prevent ipv6 leak | Xiao Pan | |
| 2023-11-17 | change wg0 to wg_ka | Xiao Pan | |
| 2023-07-07 | allow from wg0 network interface so when connected via wireguard, I can ↵ | Xiao Pan | |
| access local services in xyzka that does not have port open for outside | |||
| 2023-07-07 | try close qbt-nox port and only access qbt-nox via wireguard | Xiao Pan | |
| 2023-07-04 | debloat | Xiao Pan | |
| 2023-07-01 | change qbt port name etc. | Xiao Pan | |
| 2023-06-29 | wireguard nft firewall configs | Xiao Pan | |
| 2023-06-29 | prepare for wg | Xiao Pan | |
| 2023-06-13 | HDD monerod even with `monero-blockchain-import ↵ | Xiao Pan | |
| --dangerous-unverified-import 1` is still super slow on ka, I give up | |||
| 2023-06-12 | change monero-p2p port to default, open that port | Xiao Pan | |
| 2023-06-12 | update | Xiao Pan | |
| 2023-06-12 | update | Xiao Pan | |
| 2023-06-01 | nft, iperf3 port, commented out, maybe useful for future | Xiao Pan | |
| 2023-05-31 | edit some files | Xiao Pan | |
| 2022-05-28 | nftable accept monerod mullvad forward port | xyz | |
| 2022-03-12 | nft no test rpi-vid port | xyz | |
| 2022-03-05 | open rpi-vid port for testing | xyz | |
| 2022-02-10 | nftables allow mullvad vpn port forwarding | xyz | |
| 2022-01-30 | nftables.conf, allow qrcp, drop ssh and searx, based on services and config ↵ | xyz | |
| files | |||
| 2022-01-30 | nftables.conf, create and delete tables at top so can reload | xyz | |
| 2022-01-30 | nftables.conf, edited according to examples in arch wiki | xyz | |
| 2022-01-30 | add nftables.conf original | xyz | |
 |
index : config_local_arch | |
| Device dependent config files for Arch Linux, managed by https://git.flylightning.xyz/fsh/tree/sh/cfg (git bare repo method) |
| summaryrefslogtreecommitdiff |