aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app
Commit message (Collapse)AuthorAgeFilesLines
* staging: move bottin and guichet to docker, sync with prod configBaptiste Jonglez2024-06-232-1/+5
|
* cluster(prod/cryptpad): Update cryptpad image on Nomad clusterKokaKiwi2024-06-231-1/+1
|
* Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from ↵baptiste2024-06-238-6231/+106
|\ | | | | | | | | | | | | KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/27 Reviewed-by: maximilien <me@mricher.fr>
| * cluster/prod(app): Upgrade cryptpad from 2024.3.0 to 2024.3.1KokaKiwi2024-05-232-6009/+9
| |
| * cluster/prod(app): Migrate from niv to npins for pinned sources for cryptpadKokaKiwi2024-05-236-222/+97
| |
* | prod: garage: Enable on-demand-tls check for *.garage S3 endpointBaptiste Jonglez2024-06-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access.
* | garage: harmonize staging and prod (checks, services)Baptiste Jonglez2024-06-081-37/+36
|/
* use diplonat autodiscovery to set ip addrQuentin Dufour2024-05-181-5/+8
|
* hotfix garageQuentin Dufour2024-05-171-1/+1
|
* migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec ↵ADRN2024-05-122-3/+3
| | | | reconfiguration des backups
* ajout Boris en admin sur CryptpadADRN2024-05-121-0/+1
|
* Move emails from ananas (in scorpio) to celeri (in neptune)Armaël Guéneau2024-05-122-7/+7
|
* ajout max et vincent en admin cryptpadADRN2024-04-301-1/+3
|
* Fix coturn that was failing with newer Nomad/DockerBaptiste Jonglez2024-04-281-4/+2
| | | | | | | | | | | | | | | | | | | | | | Coturn was failing to start with the following error: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied: unknown It seems to be caused by the recent NixOS update. Either because Docker/runc is now more strict when checking if the entrypoint is executable [1] And/or because Nomad may mount the secrets directory with "noexec" [2]. In any case, the "local" directory [2] looks more appropriate, because it's shared with the task while not being accessible to other tasks. [1] https://github.com/opencontainers/runc/issues/3715 [2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem
* Update woodpecker to latest 2.4.1Baptiste Jonglez2024-04-282-2/+2
|
* Merge pull request 'Update Woodpecker to v2.4.0' (#24) from ↵baptiste2024-04-282-2/+2
|\ | | | | | | | | | | tixie/nixcfg:update-woodpecker-2.4.0 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/24
| * update woodpecker-agent to 2.4.0Tixie2024-04-241-1/+1
| |
| * update woodpecker-server to 2.4.0Tixie2024-04-241-1/+1
| |
* | Fix link in CI setup docBaptiste Jonglez2024-04-281-2/+2
| |
* | Tricot ulimitQuentin Dufour2024-04-251-0/+3
|/
* prod: allow woodpecker on neptune now with good ipv6Alex Auvolat2024-04-201-3/+1
|
* fix pad when not in neptune, and allow android7 email to move to bespinAlex Auvolat2024-04-192-1/+3
|
* ajout de Jill & Trinity en admins de CryptPadADRN2024-04-181-1/+3
|
* déplacement du service cryptpad concombre -> abricotADRN2024-04-181-2/+2
|
* cluster/prod(app): Add new CryptPad build filesKokaKiwi2024-04-1816-8272/+6399
|
* cluster/prod(app): Upgrade CryptPad to 2024.3.0KokaKiwi2024-04-182-12/+12
|
* prod: garage v1.0.0-rc1Alex Auvolat2024-04-012-1/+3
|
* remove notice message for moderationLauric Desauw2024-03-291-1/+1
|
* add trinity.fr.eu.org to DKIMtrinity-1686a2024-03-241-0/+1
|
* Courderec.re domain in the DKIM tableVincent2024-03-241-0/+1
|
* prod: remove drone-ciAlex Auvolat2024-03-176-328/+0
|
* Ajout de la regex dans le query parameter du http-bind aussiQuentin Dufour2024-03-111-0/+4
|
* ajout redirection nginx des salons Jitsi suspectsADRN2024-03-101-0/+5
|
* added notice message on Jitsi about our monitoringADRN2024-03-101-1/+2
|
* increased Jitsi logs a bitADRN2024-03-091-0/+5
|
* Update lightstream and grafanaMaximilien Richer2024-03-091-3/+3
|
* store real IP from JitsiADRN2024-03-081-0/+6
|
* prod: give more memory to promehteusAlex Auvolat2024-03-081-1/+2
|
* force woodpecker on scorpioAlex Auvolat2024-03-041-7/+3
|
* garage: update to v0.9.2 finalAlex Auvolat2024-03-011-1/+1
|
* prod: update to garage 0.9.2-rc1Alex Auvolat2024-02-291-1/+1
|
* woodpecker-ci: higher affinity to scorpioAlex Auvolat2024-02-281-0/+6
|
* add automatic subdomains for v4 and v6 per site for dashboardAlex Auvolat2024-02-141-2/+8
|
* prod: unpin woodpeckerAlex Auvolat2024-02-131-6/+0
|
* add woodpecker agent instructionsAlex Auvolat2024-02-093-0/+96
|
* prod: install woodpecker-ciAlex Auvolat2024-02-081-0/+165
|
* prod: update diplonat and make garage restart on template changes againAlex Auvolat2024-01-172-2/+2
| | | | | | | Diplonat update prevents unnecessary flapping of autodiscovered ip addresses, which was the cause of useless restarts of the garage daemon. But in principle we want Garage to be restarted if the ipv6 address changes as it indicates changes in the network.
* upgraded postfix to fix smtp smuggling cveQuentin Dufour2023-12-251-1/+1
| | | | | https://security-tracker.debian.org/tracker/source-package/postfix https://www.postfix.org/smtp-smuggling.html
* update smtp server security confQuentin Dufour2023-12-253-5/+9
|
* Revert "Revert "garage prod: use dynamically determined ipv6 addresses""Baptiste Jonglez2023-12-191-2/+11
| | | | | | Quentin's fix seems to work fine. This reverts commit e5f3b6ef0abe3ac67b652b4ece74c933e2c1b554.