| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-08-29 | remove swgp because I now wg swgp mimic thru ba then forward to ib | Xiao Pan | |
| 2025-08-29 | ibb netns also run sshd, so when I vpn to ibb I can ssh to it | Xiao Pan | |
| 2025-08-29 | nft disallow pp wg ip because no need | Xiao Pan | |
| 2025-08-28 | allow DNS query from other ips, e.g, insp wg ip 10.0.0.1 | Xiao Pan | |
| 2025-08-23 | pacdiff | Xiao Pan | |
| 2025-08-14 | prefer ipv4 because VPS provider cancelled ipv6 | Xiao Pan | |
| This is a workaround, a more proper way to deal with it is to remove those ipv6 configs in network configs. But I would like to wait to see if in the future ipv6 will work again or not. Using this workaround, I don't need to change too much configs. Also ping and wireguard should work with this workaround. | |||
| 2025-08-14 | default gai.conf | Xiao Pan | |
| 2025-07-15 | pacdiff | Xiao Pan | |
| 2025-07-15 | sudoers pacdiff | Xiao Pan | |
| related upstream PR and commit: https://github.com/sudo-project/sudo/pull/427 https://github.com/sudo-project/sudo/commit/7c121ff8340c6fa551ba4997dde9d450cf74e40c | |||
| 2025-07-15 | pacdiff | Xiao Pan | |
| 2025-07-13 | nft allow pp wg ip access all ports, so pp can access qi and ji | Xiao Pan | |
| 2025-07-11 | meta | Xiao Pan | |
| 2025-07-11 | remove ssh-isp port | Xiao Pan | |
| 2025-07-11 | remove special ssh port because I moved the website | Xiao Pan | |
| 2025-06-17 | nft only allow insp wg ip to access local web services like qbt-nox and ↵ | Xiao Pan | |
| jackett webui | |||
| 2025-05-02 | pacdiff | Xiao Pan | |
| 2025-04-13 | pacdiff | Xiao Pan | |
| 2025-03-29 | pacdiff | Xiao Pan | |
| 2025-03-29 | meta | Xiao Pan | |
| 2025-03-29 | swgp run in netns ns0 | Xiao Pan | |
| 2025-03-23 | meta | Xiao Pan | |
| 2025-03-23 | dovecot switch to track only one config file | Xiao Pan | |
| 2025-03-04 | pacdiff | Xiao Pan | |
| 2025-02-28 | postfix hide client hostname and ip | Xiao Pan | |
| Details see `man postconf.5`. It seems smtpd_hide_client_session config for port 25 smtp MTA this must be no, port 587 and 465 (submission and submissions) MTU can be set to yes in master.cf. Port 25 smtp MTA receives messages from others to me. Port 587 and 465 (submission and submissions) MTU receives messages from me to others. main.cf is configs for all. master.cf I can set configs specifically to submission and submissions. Before, when others receives my email that send from my laptop, it will leak my laptop's hostname and ip in one of its `Received` header like `Received: from <my-hostname> (<my-domain-name> [<my-ip>]) by mail.flylightning.xyz ...`. After set smtpd_hide_client_session to yes, that line changed to `Received: by mail.flylightning.xyz ...`, note there's no `from ...` that leaks my ip. | |||
| 2025-02-28 | pacdiff | Xiao Pan | |
| 2025-02-18 | When this VPS provider enable DDOS protection, need to change mtu to 1476 to ↵ | Xiao Pan | |
| download certain files from github. | |||
| 2025-02-01 | meta | Xiao Pan | |
| 2025-02-01 | Forgot to add | Xiao Pan | |
| 2025-01-13 | add french locale, maybe useful | Xiao Pan | |
| 2025-01-10 | meta | Xiao Pan | |
| 2025-01-10 | add opendkim public key | Xiao Pan | |
| 2025-01-02 | not sure if better tho | Xiao Pan | |
| 2024-12-30 | meta | Xiao Pan | |
| 2024-12-30 | secrect ip network config moves to ns0.service, so move 20-default.network ↵ | Xiao Pan | |
| to cfgl public repo | |||
| 2024-12-29 | meta | Xiao Pan | |
| 2024-12-29 | Better ns0 network namespace configs | Xiao Pan | |
| Enable nft. Use different nft config for ns0. Host open emails port. ns0 open wireguard and qbt ports. ns0 configure wireguard. host not configure wiregurad, so also no need ip forwarding sysctl kernel parameters. ns0 use /etc/netns/ns0/nftables.conf that will bind mount to ns0. Host and ns0 both run dnsmasq for dns cache. ns0 dnsmasq I disable dbus because it will conficts with host dnsmasq dbus. Dnsmasq use dbus for config cahnge? I disable systemd-resolved and switch to dnsmasq because systemd-resolved use dbus for dns query? which is maybe easy for dns leak, e.g., when systemd-resolved is only running on host, ns0 with different /etc/resolv.conf still get dns from host open public ip when run resolvectl query, although drill does not leak. sye add enabled systemd units | |||
| 2024-12-28 | meta | Xiao Pan | |
| 2024-12-28 | qbt and wg run in ns0 network namespace | Xiao Pan | |
| 2024-12-25 | I forgot these changes | Xiao Pan | |
| 2024-12-25 | Merge branch 'ca' into ib | Xiao Pan | |
| Combine ca into ia to become new ib VPS. | |||
| 2024-12-12 | pacdiff | Xiao Pan | |
| 2024-12-12 | pacdiff | Xiao Pan | |
| 2024-12-12 | pacdiff | Xiao Pan | |
| 2024-12-01 | pacdiff | Xiao Pan | |
| 2024-12-01 | pacdiff | Xiao Pan | |
| 2024-11-02 | pacdiff | Xiao Pan | |
| 2024-11-02 | pacdiff | Xiao Pan | |
| 2024-10-25 | pacdiff | Xiao Pan | |
| 2024-09-14 | forget to change opt-level to 3 | Xiao Pan | |
| 2024-09-14 | forget to change opt-level to 3 | Xiao Pan | |
 |
index : config_local_arch | |
| Device dependent config files for Arch Linux, managed by https://git.flylightning.xyz/fsh/tree/sh/cfg (git bare repo method) |
| summaryrefslogtreecommitdiff |