Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | staging: move bottin and guichet to docker, sync with prod config | Baptiste Jonglez | 2024-06-23 | 2 | -1/+5 |
| | |||||
* | cluster(prod/cryptpad): Update cryptpad image on Nomad cluster | KokaKiwi | 2024-06-23 | 1 | -1/+1 |
| | |||||
* | Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from ↵ | baptiste | 2024-06-23 | 8 | -6231/+106 |
|\ | | | | | | | | | | | | | KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/27 Reviewed-by: maximilien <me@mricher.fr> | ||||
| * | cluster/prod(app): Upgrade cryptpad from 2024.3.0 to 2024.3.1 | KokaKiwi | 2024-05-23 | 2 | -6009/+9 |
| | | |||||
| * | cluster/prod(app): Migrate from niv to npins for pinned sources for cryptpad | KokaKiwi | 2024-05-23 | 6 | -222/+97 |
| | | |||||
* | | prod: garage: Enable on-demand-tls check for *.garage S3 endpoint | Baptiste Jonglez | 2024-06-08 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access. | ||||
* | | garage: harmonize staging and prod (checks, services) | Baptiste Jonglez | 2024-06-08 | 1 | -37/+36 |
|/ | |||||
* | use diplonat autodiscovery to set ip addr | Quentin Dufour | 2024-05-18 | 1 | -5/+8 |
| | |||||
* | hotfix garage | Quentin Dufour | 2024-05-17 | 1 | -1/+1 |
| | |||||
* | migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec ↵ | ADRN | 2024-05-12 | 2 | -3/+3 |
| | | | | reconfiguration des backups | ||||
* | ajout Boris en admin sur Cryptpad | ADRN | 2024-05-12 | 1 | -0/+1 |
| | |||||
* | Move emails from ananas (in scorpio) to celeri (in neptune) | Armaël Guéneau | 2024-05-12 | 2 | -7/+7 |
| | |||||
* | ajout max et vincent en admin cryptpad | ADRN | 2024-04-30 | 1 | -1/+3 |
| | |||||
* | Fix coturn that was failing with newer Nomad/Docker | Baptiste Jonglez | 2024-04-28 | 1 | -4/+2 |
| | | | | | | | | | | | | | | | | | | | | | | Coturn was failing to start with the following error: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied: unknown It seems to be caused by the recent NixOS update. Either because Docker/runc is now more strict when checking if the entrypoint is executable [1] And/or because Nomad may mount the secrets directory with "noexec" [2]. In any case, the "local" directory [2] looks more appropriate, because it's shared with the task while not being accessible to other tasks. [1] https://github.com/opencontainers/runc/issues/3715 [2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem | ||||
* | Update woodpecker to latest 2.4.1 | Baptiste Jonglez | 2024-04-28 | 2 | -2/+2 |
| | |||||
* | Merge pull request 'Update Woodpecker to v2.4.0' (#24) from ↵ | baptiste | 2024-04-28 | 2 | -2/+2 |
|\ | | | | | | | | | | | tixie/nixcfg:update-woodpecker-2.4.0 into main Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/24 | ||||
| * | update woodpecker-agent to 2.4.0 | Tixie | 2024-04-24 | 1 | -1/+1 |
| | | |||||
| * | update woodpecker-server to 2.4.0 | Tixie | 2024-04-24 | 1 | -1/+1 |
| | | |||||
* | | Fix link in CI setup doc | Baptiste Jonglez | 2024-04-28 | 1 | -2/+2 |
| | | |||||
* | | Tricot ulimit | Quentin Dufour | 2024-04-25 | 1 | -0/+3 |
|/ | |||||
* | prod: allow woodpecker on neptune now with good ipv6 | Alex Auvolat | 2024-04-20 | 1 | -3/+1 |
| | |||||
* | fix pad when not in neptune, and allow android7 email to move to bespin | Alex Auvolat | 2024-04-19 | 2 | -1/+3 |
| | |||||
* | ajout de Jill & Trinity en admins de CryptPad | ADRN | 2024-04-18 | 1 | -1/+3 |
| | |||||
* | déplacement du service cryptpad concombre -> abricot | ADRN | 2024-04-18 | 1 | -2/+2 |
| | |||||
* | cluster/prod(app): Add new CryptPad build files | KokaKiwi | 2024-04-18 | 16 | -8272/+6399 |
| | |||||
* | cluster/prod(app): Upgrade CryptPad to 2024.3.0 | KokaKiwi | 2024-04-18 | 2 | -12/+12 |
| | |||||
* | prod: garage v1.0.0-rc1 | Alex Auvolat | 2024-04-01 | 2 | -1/+3 |
| | |||||
* | remove notice message for moderation | Lauric Desauw | 2024-03-29 | 1 | -1/+1 |
| | |||||
* | add trinity.fr.eu.org to DKIM | trinity-1686a | 2024-03-24 | 1 | -0/+1 |
| | |||||
* | Courderec.re domain in the DKIM table | Vincent | 2024-03-24 | 1 | -0/+1 |
| | |||||
* | prod: remove drone-ci | Alex Auvolat | 2024-03-17 | 6 | -328/+0 |
| | |||||
* | Ajout de la regex dans le query parameter du http-bind aussi | Quentin Dufour | 2024-03-11 | 1 | -0/+4 |
| | |||||
* | ajout redirection nginx des salons Jitsi suspects | ADRN | 2024-03-10 | 1 | -0/+5 |
| | |||||
* | added notice message on Jitsi about our monitoring | ADRN | 2024-03-10 | 1 | -1/+2 |
| | |||||
* | increased Jitsi logs a bit | ADRN | 2024-03-09 | 1 | -0/+5 |
| | |||||
* | Update lightstream and grafana | Maximilien Richer | 2024-03-09 | 1 | -3/+3 |
| | |||||
* | store real IP from Jitsi | ADRN | 2024-03-08 | 1 | -0/+6 |
| | |||||
* | prod: give more memory to promehteus | Alex Auvolat | 2024-03-08 | 1 | -1/+2 |
| | |||||
* | force woodpecker on scorpio | Alex Auvolat | 2024-03-04 | 1 | -7/+3 |
| | |||||
* | garage: update to v0.9.2 final | Alex Auvolat | 2024-03-01 | 1 | -1/+1 |
| | |||||
* | prod: update to garage 0.9.2-rc1 | Alex Auvolat | 2024-02-29 | 1 | -1/+1 |
| | |||||
* | woodpecker-ci: higher affinity to scorpio | Alex Auvolat | 2024-02-28 | 1 | -0/+6 |
| | |||||
* | add automatic subdomains for v4 and v6 per site for dashboard | Alex Auvolat | 2024-02-14 | 1 | -2/+8 |
| | |||||
* | prod: unpin woodpecker | Alex Auvolat | 2024-02-13 | 1 | -6/+0 |
| | |||||
* | add woodpecker agent instructions | Alex Auvolat | 2024-02-09 | 3 | -0/+96 |
| | |||||
* | prod: install woodpecker-ci | Alex Auvolat | 2024-02-08 | 1 | -0/+165 |
| | |||||
* | prod: update diplonat and make garage restart on template changes again | Alex Auvolat | 2024-01-17 | 2 | -2/+2 |
| | | | | | | | Diplonat update prevents unnecessary flapping of autodiscovered ip addresses, which was the cause of useless restarts of the garage daemon. But in principle we want Garage to be restarted if the ipv6 address changes as it indicates changes in the network. | ||||
* | upgraded postfix to fix smtp smuggling cve | Quentin Dufour | 2023-12-25 | 1 | -1/+1 |
| | | | | | https://security-tracker.debian.org/tracker/source-package/postfix https://www.postfix.org/smtp-smuggling.html | ||||
* | update smtp server security conf | Quentin Dufour | 2023-12-25 | 3 | -5/+9 |
| | |||||
* | Revert "Revert "garage prod: use dynamically determined ipv6 addresses"" | Baptiste Jonglez | 2023-12-19 | 1 | -2/+11 |
| | | | | | | Quentin's fix seems to work fine. This reverts commit e5f3b6ef0abe3ac67b652b4ece74c933e2c1b554. |