Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | prod: Add new node pamplemousse | Baptiste Jonglez | 2024-07-14 | 6 | -0/+33 | |
| | | ||||||
* | | Revert "staging: enable IPv4 diplonat (UPnP) for corrin site" | Baptiste Jonglez | 2024-07-14 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | This reverts commit 22dba1f35cab74f6ecdc20d30eca4ee295810e8f. This site is now also a production site, so from now on UPnP will only be configured from the production cluster. | |||||
* | | Revert "openssh: Temporary patch for CVE-2024-6387 mitigation" | Baptiste Jonglez | 2024-07-14 | 1 | -17/+0 | |
| | | | | | | | | This reverts commit b89b625f46003e0a018eaede1a6923c93b423755. | |||||
* | | intervention Jitsi | ADRN | 2024-07-02 | 2 | -3/+9 | |
|/ | ||||||
* | Merge pull request 'openssh: Temporary patch for CVE-2024-6387 mitigation' ↵ | Jill | 2024-07-02 | 1 | -0/+17 | |
|\ | | | | | | | | | | | (#30) from KokaKiwi/nixcfg:openssh-mitigation into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/30 | |||||
| * | openssh: Temporary patch for CVE-2024-6387 mitigation | KokaKiwi | 2024-07-01 | 1 | -0/+17 | |
| | | ||||||
* | | Merge pull request 'dathomir: Updates' (#29) from ↵ | Jill | 2024-07-02 | 18 | -21/+40 | |
|\ \ | |/ |/| | | | | | | | | | KokaKiwi/nixcfg:dathomir-update into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/29 Reviewed-by: maximilien <me@mricher.fr> | |||||
| * | cluster(staging): Rename jupiter site to dathomir | KokaKiwi | 2024-06-27 | 13 | -21/+17 | |
| | | ||||||
| * | cluster(prod): Add new ortie node | KokaKiwi | 2024-06-27 | 5 | -0/+23 | |
|/ | ||||||
* | update guichet | Quentin Dufour | 2024-06-24 | 1 | -1/+1 | |
| | ||||||
* | staging: move bottin and guichet to docker, sync with prod config | Baptiste Jonglez | 2024-06-23 | 9 | -161/+198 | |
| | ||||||
* | cluster(prod/cryptpad): Update cryptpad image on Nomad cluster | KokaKiwi | 2024-06-23 | 1 | -1/+1 | |
| | ||||||
* | staging: Passage garage en mode docker | Baptiste Jonglez | 2024-06-23 | 1 | -23/+25 | |
| | ||||||
* | Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from ↵ | baptiste | 2024-06-23 | 8 | -6231/+106 | |
|\ | | | | | | | | | | | | | KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/27 Reviewed-by: maximilien <me@mricher.fr> | |||||
| * | cluster/prod(app): Upgrade cryptpad from 2024.3.0 to 2024.3.1 | KokaKiwi | 2024-05-23 | 2 | -6009/+9 | |
| | | ||||||
| * | cluster/prod(app): Migrate from niv to npins for pinned sources for cryptpad | KokaKiwi | 2024-05-23 | 6 | -222/+97 | |
| | | ||||||
* | | prod: garage: Enable on-demand-tls check for *.garage S3 endpoint | Baptiste Jonglez | 2024-06-08 | 1 | -0/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access. | |||||
* | | garage: harmonize staging and prod (checks, services) | Baptiste Jonglez | 2024-06-08 | 2 | -71/+104 | |
| | | ||||||
* | | staging: garage: Handle *.garage.staging for vhost-style S3 and add ↵ | Baptiste Jonglez | 2024-06-08 | 2 | -0/+9 | |
| | | | | | | | | on-demand TLS checks | |||||
* | | staging: Upgrade tricot for on-demand TLS checks | Baptiste Jonglez | 2024-06-08 | 1 | -1/+1 | |
| | | ||||||
* | | Disable DHCPv6 and DHCPv6-PD in all cases | Baptiste Jonglez | 2024-06-02 | 1 | -0/+7 | |
| | | ||||||
* | | Add common terminfo for more terminal support | Baptiste Jonglez | 2024-06-02 | 1 | -0/+3 | |
| | | ||||||
* | | Fix nixos deprecation warning | Baptiste Jonglez | 2024-06-02 | 1 | -1/+1 | |
| | | ||||||
* | | Add small script to gather system information from machines | Baptiste Jonglez | 2024-05-31 | 1 | -0/+6 | |
| | | ||||||
* | | sshtool: improve usage message | Baptiste Jonglez | 2024-05-31 | 1 | -1/+1 | |
| | | ||||||
* | | staging: make tricot config closer to prod | Baptiste Jonglez | 2024-05-30 | 1 | -4/+5 | |
| | | ||||||
* | | staging: enable IPv4 diplonat (UPnP) for corrin site | Baptiste Jonglez | 2024-05-30 | 1 | -1/+1 | |
| | | ||||||
* | | Revert "staging: disable allocation of grafana on piranha" | Baptiste Jonglez | 2024-05-30 | 1 | -6/+0 | |
| | | | | | | | | piranha is accessible on a more reliable network now. | |||||
* | | Move piranha to new network | Baptiste Jonglez | 2024-05-30 | 3 | -9/+4 | |
| | | ||||||
* | | Merge pull request 'cluster(prod): Add dathomir site' (#25) from ↵ | maximilien | 2024-05-26 | 10 | -11/+85 | |
|\ \ | | | | | | | | | | | | | | | | | | | KokaKiwi/nixcfg:add-dathomir into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/25 Reviewed-by: maximilien <me@mricher.fr> | |||||
| * | | prod(cluster/dathomir): Open more SSH ports | KokaKiwi | 2024-05-26 | 3 | -0/+6 | |
| | | | ||||||
| * | | cluster(prod): Add oseille | KokaKiwi | 2024-05-26 | 5 | -0/+21 | |
| | | | ||||||
| * | | style: Fix spacetab in cluster/prod/ssh_config | KokaKiwi | 2024-05-26 | 1 | -11/+11 | |
| | | | ||||||
| * | | cluster(prod): Add io | KokaKiwi | 2024-05-26 | 5 | -0/+20 | |
| | | | ||||||
| * | | cluster(prod): Add dathomir site and onion node | KokaKiwi | 2024-05-15 | 6 | -0/+27 | |
| | | | ||||||
* | | | doc/architecture.md: ajout de la ligne de commande utile pour lancer la CLI ↵ | Armaël Guéneau | 2024-05-26 | 1 | -0/+9 | |
| |/ |/| | | | | | garage | |||||
* | | use diplonat autodiscovery to set ip addr | Quentin Dufour | 2024-05-18 | 1 | -5/+8 | |
| | | ||||||
* | | update neptune IP address | Quentin Dufour | 2024-05-18 | 1 | -1/+1 | |
| | | ||||||
* | | hotfix garage | Quentin Dufour | 2024-05-17 | 1 | -1/+1 | |
|/ | ||||||
* | migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec ↵ | ADRN | 2024-05-12 | 2 | -3/+3 | |
| | | | | reconfiguration des backups | |||||
* | ajout Boris en admin sur Cryptpad | ADRN | 2024-05-12 | 1 | -0/+1 | |
| | ||||||
* | Move emails from ananas (in scorpio) to celeri (in neptune) | Armaël Guéneau | 2024-05-12 | 2 | -7/+7 | |
| | ||||||
* | staging: disable allocation of grafana on piranha | Armaël Guéneau | 2024-05-01 | 1 | -0/+6 | |
| | | | | piranha does not seem to be available from the outside world currently | |||||
* | ajout max et vincent en admin cryptpad | ADRN | 2024-04-30 | 1 | -1/+3 | |
| | ||||||
* | Fix coturn that was failing with newer Nomad/Docker | Baptiste Jonglez | 2024-04-28 | 1 | -4/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | Coturn was failing to start with the following error: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied: unknown It seems to be caused by the recent NixOS update. Either because Docker/runc is now more strict when checking if the entrypoint is executable [1] And/or because Nomad may mount the secrets directory with "noexec" [2]. In any case, the "local" directory [2] looks more appropriate, because it's shared with the task while not being accessible to other tasks. [1] https://github.com/opencontainers/runc/issues/3715 [2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem | |||||
* | Update woodpecker to latest 2.4.1 | Baptiste Jonglez | 2024-04-28 | 2 | -2/+2 | |
| | ||||||
* | Merge pull request 'Update Woodpecker to v2.4.0' (#24) from ↵ | baptiste | 2024-04-28 | 2 | -2/+2 | |
|\ | | | | | | | | | | | tixie/nixcfg:update-woodpecker-2.4.0 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/24 | |||||
| * | update woodpecker-agent to 2.4.0 | Tixie | 2024-04-24 | 1 | -1/+1 | |
| | | ||||||
| * | update woodpecker-server to 2.4.0 | Tixie | 2024-04-24 | 1 | -1/+1 | |
| | | ||||||
* | | Fix link in CI setup doc | Baptiste Jonglez | 2024-04-28 | 1 | -2/+2 | |
| | |