aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"Baptiste Jonglez2024-07-141-17/+0
| | | | | | | | This reverts commit b89b625f46003e0a018eaede1a6923c93b423755.
* | intervention JitsiADRN2024-07-022-3/+9
|/
* Merge pull request 'openssh: Temporary patch for CVE-2024-6387 mitigation' ↵Jill2024-07-021-0/+17
|\ | | | | | | | | | | (#30) from KokaKiwi/nixcfg:openssh-mitigation into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/30
| * openssh: Temporary patch for CVE-2024-6387 mitigationKokaKiwi2024-07-011-0/+17
| |
* | Merge pull request 'dathomir: Updates' (#29) from ↵Jill2024-07-0218-21/+40
|\ \ | |/ |/| | | | | | | | | KokaKiwi/nixcfg:dathomir-update into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/29 Reviewed-by: maximilien <me@mricher.fr>
| * cluster(staging): Rename jupiter site to dathomirKokaKiwi2024-06-2713-21/+17
| |
| * cluster(prod): Add new ortie nodeKokaKiwi2024-06-275-0/+23
|/
* update guichetQuentin Dufour2024-06-241-1/+1
|
* staging: move bottin and guichet to docker, sync with prod configBaptiste Jonglez2024-06-239-161/+198
|
* cluster(prod/cryptpad): Update cryptpad image on Nomad clusterKokaKiwi2024-06-231-1/+1
|
* staging: Passage garage en mode dockerBaptiste Jonglez2024-06-231-23/+25
|
* Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from ↵baptiste2024-06-238-6231/+106
|\ | | | | | | | | | | | | KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/27 Reviewed-by: maximilien <me@mricher.fr>
| * cluster/prod(app): Upgrade cryptpad from 2024.3.0 to 2024.3.1KokaKiwi2024-05-232-6009/+9
| |
| * cluster/prod(app): Migrate from niv to npins for pinned sources for cryptpadKokaKiwi2024-05-236-222/+97
| |
* | prod: garage: Enable on-demand-tls check for *.garage S3 endpointBaptiste Jonglez2024-06-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access.
* | garage: harmonize staging and prod (checks, services)Baptiste Jonglez2024-06-082-71/+104
| |
* | staging: garage: Handle *.garage.staging for vhost-style S3 and add ↵Baptiste Jonglez2024-06-082-0/+9
| | | | | | | | on-demand TLS checks
* | staging: Upgrade tricot for on-demand TLS checksBaptiste Jonglez2024-06-081-1/+1
| |
* | Disable DHCPv6 and DHCPv6-PD in all casesBaptiste Jonglez2024-06-021-0/+7
| |
* | Add common terminfo for more terminal supportBaptiste Jonglez2024-06-021-0/+3
| |
* | Fix nixos deprecation warningBaptiste Jonglez2024-06-021-1/+1
| |
* | Add small script to gather system information from machinesBaptiste Jonglez2024-05-311-0/+6
| |
* | sshtool: improve usage messageBaptiste Jonglez2024-05-311-1/+1
| |
* | staging: make tricot config closer to prodBaptiste Jonglez2024-05-301-4/+5
| |
* | staging: enable IPv4 diplonat (UPnP) for corrin siteBaptiste Jonglez2024-05-301-1/+1
| |
* | Revert "staging: disable allocation of grafana on piranha"Baptiste Jonglez2024-05-301-6/+0
| | | | | | | | piranha is accessible on a more reliable network now.
* | Move piranha to new networkBaptiste Jonglez2024-05-303-9/+4
| |
* | Merge pull request 'cluster(prod): Add dathomir site' (#25) from ↵maximilien2024-05-2610-11/+85
|\ \ | | | | | | | | | | | | | | | | | | KokaKiwi/nixcfg:add-dathomir into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/25 Reviewed-by: maximilien <me@mricher.fr>
| * | prod(cluster/dathomir): Open more SSH portsKokaKiwi2024-05-263-0/+6
| | |
| * | cluster(prod): Add oseilleKokaKiwi2024-05-265-0/+21
| | |
| * | style: Fix spacetab in cluster/prod/ssh_configKokaKiwi2024-05-261-11/+11
| | |
| * | cluster(prod): Add ioKokaKiwi2024-05-265-0/+20
| | |
| * | cluster(prod): Add dathomir site and onion nodeKokaKiwi2024-05-156-0/+27
| | |
* | | doc/architecture.md: ajout de la ligne de commande utile pour lancer la CLI ↵Armaël Guéneau2024-05-261-0/+9
| |/ |/| | | | | garage
* | use diplonat autodiscovery to set ip addrQuentin Dufour2024-05-181-5/+8
| |
* | update neptune IP addressQuentin Dufour2024-05-181-1/+1
| |
* | hotfix garageQuentin Dufour2024-05-171-1/+1
|/
* migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec ↵ADRN2024-05-122-3/+3
| | | | reconfiguration des backups
* ajout Boris en admin sur CryptpadADRN2024-05-121-0/+1
|
* Move emails from ananas (in scorpio) to celeri (in neptune)Armaël Guéneau2024-05-122-7/+7
|
* staging: disable allocation of grafana on piranhaArmaël Guéneau2024-05-011-0/+6
| | | | piranha does not seem to be available from the outside world currently
* ajout max et vincent en admin cryptpadADRN2024-04-301-1/+3
|
* Fix coturn that was failing with newer Nomad/DockerBaptiste Jonglez2024-04-281-4/+2
| | | | | | | | | | | | | | | | | | | | | | Coturn was failing to start with the following error: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied: unknown It seems to be caused by the recent NixOS update. Either because Docker/runc is now more strict when checking if the entrypoint is executable [1] And/or because Nomad may mount the secrets directory with "noexec" [2]. In any case, the "local" directory [2] looks more appropriate, because it's shared with the task while not being accessible to other tasks. [1] https://github.com/opencontainers/runc/issues/3715 [2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem
* Update woodpecker to latest 2.4.1Baptiste Jonglez2024-04-282-2/+2
|
* Merge pull request 'Update Woodpecker to v2.4.0' (#24) from ↵baptiste2024-04-282-2/+2
|\ | | | | | | | | | | tixie/nixcfg:update-woodpecker-2.4.0 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/24
| * update woodpecker-agent to 2.4.0Tixie2024-04-241-1/+1
| |
| * update woodpecker-server to 2.4.0Tixie2024-04-241-1/+1
| |
* | Fix link in CI setup docBaptiste Jonglez2024-04-281-2/+2
| |
* | sshtool: handle sudo passwords that contain quotes or backslashesArmaël Guéneau2024-04-271-3/+3
| |
* | caribou: update ipv6 address after ISP changeArmaël Guéneau2024-04-261-1/+1
| |