summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
3 daysenable mimic on ethernetXiao Pan
3 daysmetaXiao Pan
3 daysremove phantun, add mimic, add distccd-alarm-armv8Xiao Pan
3 daysremove phantun, because I switched to mimicXiao Pan
3 daysadd distccd port and accept that in nft so pp distcc can connectXiao Pan
3 daysdistccd config change to pp wg ip, and change portXiao Pan
Change to wg ip because stricter, safer. Also change to a port no one use.
3 daysadd defaultXiao Pan
9 daysmetaXiao Pan
9 daysadd and enable phantun_client serviceXiao Pan
9 daysmetaXiao Pan
9 daysswgp go through phantun, more see vc notesXiao Pan
2025-07-15comment replace empty line with # to represent those comments are all ↵Xiao Pan
related to next several lines of code
2025-07-15sshd allow from localhostXiao Pan
2025-07-15sshd config add comment about AllowUsers CIDR ip should be consistentXiao Pan
2025-07-15sshd config restrict only from wg ip to insp gitolite userXiao Pan
2025-07-14monero@.service more commentXiao Pan
2025-07-14nft only allow monerod-p2p port to wg_* network interfacesXiao Pan
Note I think this will not prevent monerod download things from public internet without wireguard tunnel. But a little more limit is still better, maybe upload will limit a little bit to wg_* network interfaces.
2025-07-14monerod@.service add more notes about using ↵Xiao Pan
sys-subsystem-net-devices-wg_ba.device
2025-07-14metaXiao Pan
2025-07-14run monerod only when all network thru wireguardXiao Pan
wg_ba network interface tunnels all network through wireguard to ba. I would like to only run monerod when this happened due to various reasons see comments in monerod@.service. Some measures I take are: systemd unit bind to wg_ba, networkmanager dispatcher stop monerod service pre wg_ba down, and vpn script kill monerod process before wg_ba down. The former two measures are in this commit. For bitmonero.conf, I also limit upload rate, reason see comment. I also enabled ipv6. I also try bind ip, which seems does not work, but I put there anyway.
2025-07-11remove ssh-isp portXiao Pan
2025-07-10nft allow ssh from wg_* iifname, because I will let cfgs to pushXiao Pan
2025-07-10metaXiao Pan
2025-07-10I move studio website to ca so I will remove studio so ssh port config for ↵Xiao Pan
studio is not needed any more
2025-07-10add sshd config because I will enable sshdXiao Pan
2025-07-08sudoers pacdiffXiao Pan
related upstream PR and commit: https://github.com/sudo-project/sudo/pull/427 https://github.com/sudo-project/sudo/commit/7c121ff8340c6fa551ba4997dde9d450cf74e40c
2025-07-03change timezone because I movedXiao Pan
2025-06-22pacdiffXiao Pan
2025-04-02pacdiffXiao Pan
2025-03-30metaXiao Pan
2025-03-30merge two swgp config into oneXiao Pan
2025-03-29metaXiao Pan
2025-03-29aa swgp wg to ib instead of caXiao Pan
2025-03-04pacdiffXiao Pan
2025-01-08add french locale, maybe usefulXiao Pan
2025-01-08remove searxngXiao Pan
2025-01-08metaXiao Pan
2025-01-08remove searxng, because it always breakXiao Pan
2025-01-03qg for qemu guix no need any moreXiao Pan
2024-12-28metaXiao Pan
2024-12-28move to secret cfgs, because secret ipXiao Pan
2024-12-26metaXiao Pan
2024-12-12pacdiffXiao Pan
2024-11-18pacdiffXiao Pan
2024-11-08metaXiao Pan
2024-11-06pacdiffXiao Pan
2024-10-28pacdiffXiao Pan
2024-09-17pacman v7 need move repo so alpm user can readXiao Pan
2024-09-14forget to change opt-level to 3Xiao Pan
2024-09-14pacdiffXiao Pan
generated by cgit v1.2.3-70-g09d2 (git 2.50.1) at 2025-08-02 18:44:52 +0000