aboutsummaryrefslogtreecommitdiff
path: root/nix
Commit message (Collapse)AuthorAgeFilesLines
* disable network fingerprinting in nomadQuentin Dufour2023-08-071-0/+3
|
* rename wgautomesh config to deuxfleurs namespace to avoid conflictAlex Auvolat2023-06-122-3/+3
|
* Merge branch 'main' into simplify-network-configAlex Auvolat2023-05-091-0/+4
|\
| * nix: allow wireguard + logsQuentin Dufour2023-04-281-0/+5
| |
* | different wgautomesh gossip ports for prod and stagingAlex Auvolat2023-05-041-1/+6
| |
* | make specifying an ipv6 fully optionnalAlex Auvolat2023-04-211-8/+11
| |
* | Fix unbound; remove Nixos firewall (use only diplonat)Alex Auvolat2023-04-211-0/+2
| |
* | introduce back static ipv4 prefix lenght but with default valueAlex Auvolat2023-04-051-1/+6
| |
* | make script clearer and add documentationAlex Auvolat2023-04-051-14/+20
| |
* | Allow for IPv6 with RA disabled by manually providing gatewayAlex Auvolat2023-04-051-33/+54
| |
* | remove obsolete directivesAlex Auvolat2023-03-311-3/+0
| |
* | refactor configuration syntaxAlex Auvolat2023-03-242-102/+90
| |
* | greatly simplify ipv4 and ipv6 configurationAlex Auvolat2023-03-242-53/+61
| |
* | Sanitize DNS configurationAlex Auvolat2023-03-241-28/+10
|/ | | | | | | | - get rid of outside nameserver, unbound does the recursive resolving itself (and it checks DNSSEC) - remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on port 53 (was already obsolete) - make unbound config independant of LAN IPv4 address
* wgautomesh actually on prodAlex Auvolat2023-03-243-9/+7
|
* use nix enum typeAlex Auvolat2023-03-201-1/+1
|
* wgautomesh variable log level (debug for staging)Alex Auvolat2023-03-171-1/+6
|
* keep wg-quick code as referenceAlex Auvolat2023-03-171-0/+12
|
* wgautomesh from static binary hosted on giteaAlex Auvolat2023-03-171-4/+3
|
* update wgautomeshAlex Auvolat2023-03-171-1/+1
|
* wgautomesh persist state to fileAlex Auvolat2023-03-172-1/+8
|
* wgautomesh gossip secret fileAlex Auvolat2023-03-172-1/+14
|
* sample deployment of wgautomesh on staging (dont deploy prod with this commit)Alex Auvolat2023-03-172-9/+131
|
* TODOs in deuxfleurs.nix because the old world is maybe mixing with the newAdrien2023-03-151-2/+2
|
* Remove hardcoded years in deuxfleurs.nixAlex Auvolat2023-01-011-7/+7
|
* Replace deploy_wg by a NixOS activation scriptAlex Auvolat2022-12-141-0/+9
|
* Add origan node in staging cluster (+ refactor system.stateVersion)Alex Auvolat2022-12-111-8/+0
|
* Add possible public_ipv4 node tagAlex Auvolat2022-12-071-1/+10
|
* Staging: Add CNAME target meta parameter, will be used for diplonat auto dns ↵Alex Auvolat2022-12-071-8/+16
| | | | update
* Clean stuff up and update nix driverAlex Auvolat2022-11-291-1/+1
|
* Remove old nomad-driver-nixAlex Auvolat2022-11-291-31/+0
|
* Use nix driver moved to Deuxfleurs namespaceAlex Auvolat2022-11-291-7/+3
|
* Deploy garage on staging using nix2 driverAlex Auvolat2022-11-292-31/+29
|
* Staging: ability to run Nix jobs using exec2 driverAlex Auvolat2022-11-282-0/+32
|
* Remove root, add wg-quick-wg0 after unboundAlex Auvolat2022-11-281-0/+1
|
* Fix wg-quick MTU because it does bad stuff by defaultAlex Auvolat2022-11-221-0/+1
|
* Add after config on nomad and consulAlex Auvolat2022-11-221-0/+2
|
* Add Baptiste ; fix wireguardAlex Auvolat2022-11-221-2/+2
|
* poc 2 for nix containers: use nomad-driver-nixAlex Auvolat2022-11-161-0/+31
|
* remove systemd-resolvedAlex Auvolat2022-10-162-10/+2
|
* Complete telemetry configurationAlex Auvolat2022-10-161-0/+5
|
* Remove additonal DNS entries from dockerMaximilien Richer2022-10-161-1/+1
|
* Correctly inject dns servers in dockerQuentin Dufour2022-10-161-1/+6
|
* Add dockerQuentin Dufour2022-10-161-1/+1
|
* Switch to systemd-networkdQuentin Dufour2022-10-151-25/+27
|
* Disable IPv6 RA/autoconf/temp addrQuentin Dufour2022-10-141-0/+3
|
* Force Garage to use ipv6 connectivityAlex Auvolat2022-09-151-0/+1
|
* systemd timesyncdAlex Auvolat2022-09-081-1/+2
|
* Improve DNS configurationAlex Auvolat2022-08-301-4/+38
| | | | | | | | | Add Unbound server that separates queries between those going to Consul and those going elsewhere. This allows us to have DNS working even if Consul fails for some reason. This way we can also remove the secondary `nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain containers (Alpine-based images?) were using the secondary resolver some of the time, making them unable to access .consul hosts.
* Ask consul to use advertised address and not bind oneQuentin Dufour2022-08-241-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 01:00:13 +0000