aboutsummaryrefslogtreecommitdiff
path: root/nix/deuxfleurs.nix
Commit message (Collapse)AuthorAgeFilesLines
* disable network fingerprinting in nomadQuentin Dufour2023-08-071-0/+3
|
* rename wgautomesh config to deuxfleurs namespace to avoid conflictAlex Auvolat2023-06-121-1/+1
|
* Merge branch 'main' into simplify-network-configAlex Auvolat2023-05-091-0/+4
|\
| * nix: allow wireguard + logsQuentin Dufour2023-04-281-0/+5
| |
* | different wgautomesh gossip ports for prod and stagingAlex Auvolat2023-05-041-1/+6
| |
* | make specifying an ipv6 fully optionnalAlex Auvolat2023-04-211-8/+11
| |
* | Fix unbound; remove Nixos firewall (use only diplonat)Alex Auvolat2023-04-211-0/+2
| |
* | introduce back static ipv4 prefix lenght but with default valueAlex Auvolat2023-04-051-1/+6
| |
* | make script clearer and add documentationAlex Auvolat2023-04-051-14/+20
| |
* | Allow for IPv6 with RA disabled by manually providing gatewayAlex Auvolat2023-04-051-33/+54
| |
* | refactor configuration syntaxAlex Auvolat2023-03-241-101/+89
| |
* | greatly simplify ipv4 and ipv6 configurationAlex Auvolat2023-03-241-49/+38
| |
* | Sanitize DNS configurationAlex Auvolat2023-03-241-28/+10
|/ | | | | | | | - get rid of outside nameserver, unbound does the recursive resolving itself (and it checks DNSSEC) - remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on port 53 (was already obsolete) - make unbound config independant of LAN IPv4 address
* wgautomesh actually on prodAlex Auvolat2023-03-241-7/+2
|
* keep wg-quick code as referenceAlex Auvolat2023-03-171-0/+12
|
* wgautomesh persist state to fileAlex Auvolat2023-03-171-0/+1
|
* wgautomesh gossip secret fileAlex Auvolat2023-03-171-0/+1
|
* sample deployment of wgautomesh on staging (dont deploy prod with this commit)Alex Auvolat2023-03-171-9/+24
|
* TODOs in deuxfleurs.nix because the old world is maybe mixing with the newAdrien2023-03-151-2/+2
|
* Remove hardcoded years in deuxfleurs.nixAlex Auvolat2023-01-011-7/+7
|
* Replace deploy_wg by a NixOS activation scriptAlex Auvolat2022-12-141-0/+9
|
* Add possible public_ipv4 node tagAlex Auvolat2022-12-071-1/+10
|
* Staging: Add CNAME target meta parameter, will be used for diplonat auto dns ↵Alex Auvolat2022-12-071-8/+16
| | | | update
* Staging: ability to run Nix jobs using exec2 driverAlex Auvolat2022-11-281-0/+1
|
* Remove root, add wg-quick-wg0 after unboundAlex Auvolat2022-11-281-0/+1
|
* Fix wg-quick MTU because it does bad stuff by defaultAlex Auvolat2022-11-221-0/+1
|
* Add after config on nomad and consulAlex Auvolat2022-11-221-0/+2
|
* Add Baptiste ; fix wireguardAlex Auvolat2022-11-221-2/+2
|
* remove systemd-resolvedAlex Auvolat2022-10-161-8/+2
|
* Complete telemetry configurationAlex Auvolat2022-10-161-0/+5
|
* Add dockerQuentin Dufour2022-10-161-1/+1
|
* Switch to systemd-networkdQuentin Dufour2022-10-151-25/+27
|
* Force Garage to use ipv6 connectivityAlex Auvolat2022-09-151-0/+1
|
* Improve DNS configurationAlex Auvolat2022-08-301-4/+38
| | | | | | | | | Add Unbound server that separates queries between those going to Consul and those going elsewhere. This allows us to have DNS working even if Consul fails for some reason. This way we can also remove the secondary `nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain containers (Alpine-based images?) were using the secondary resolver some of the time, making them unable to access .consul hosts.
* Ask consul to use advertised address and not bind oneQuentin Dufour2022-08-241-0/+1
|
* Fix nomad talking to consulAlex Auvolat2022-08-241-1/+4
|
* Fix access to consul for non-server nodesAlex Auvolat2022-08-241-1/+1
|
* Disable bootstrap_expect unless specific deuxfleurs.bootstrap is setAlex Auvolat2022-08-241-9/+11
|
* Fix IPv6Quentin Dufour2022-08-241-1/+10
|
* Remove wesher, reconfigure staging without itAlex Auvolat2022-08-231-24/+73
|
* Disable ipv6 temporary addressesAlex Auvolat2022-08-231-0/+1
|
* Update to nixos 22.05Alex Auvolat2022-07-271-9/+11
|
* Configure Consul DNSAlex Auvolat2022-06-011-3/+23
|
* Work on drone runner as VMAlex Auvolat2022-05-301-0/+11
|
* Fix firewall rule for IGDAlex Auvolat2022-05-091-2/+2
|
* Network configuration updatesAlex Auvolat2022-05-091-16/+21
|
* Update network configurationAlex Auvolat2022-05-081-1/+1
|
* Replace ad-hoc wireguard by wesher on staging clusterAlex Auvolat2022-04-201-67/+70
|
* nix infinite recursioninfinite-recursionAlex Auvolat2022-04-191-6/+6
|
* Wireguard directly using LAN addresses when possibleAlex Auvolat2022-02-261-2/+13
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 05:29:41 +0000