aboutsummaryrefslogtreecommitdiff
path: root/nix
Commit message (Collapse)AuthorAgeFilesLines
* Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"Baptiste Jonglez2024-07-141-17/+0
| | | | This reverts commit b89b625f46003e0a018eaede1a6923c93b423755.
* openssh: Temporary patch for CVE-2024-6387 mitigationKokaKiwi2024-07-011-0/+17
|
* Disable DHCPv6 and DHCPv6-PD in all casesBaptiste Jonglez2024-06-021-0/+7
|
* Add common terminfo for more terminal supportBaptiste Jonglez2024-06-021-0/+3
|
* Fix nixos deprecation warningBaptiste Jonglez2024-06-021-1/+1
|
* prod: nixos 23.11 and nomad 1.5Alex Auvolat2024-04-201-0/+1
|
* prod: update nixos to 23.05Alex Auvolat2024-04-201-1/+0
|
* remove unused remote-unlock.nixAlex Auvolat2024-02-061-45/+0
|
* staging: cluster upgradesAlex Auvolat2024-01-221-2/+2
|
* disable network fingerprinting in nomadQuentin Dufour2023-08-071-0/+3
|
* rename wgautomesh config to deuxfleurs namespace to avoid conflictAlex Auvolat2023-06-122-3/+3
|
* Merge branch 'main' into simplify-network-configAlex Auvolat2023-05-091-0/+4
|\
| * nix: allow wireguard + logsQuentin Dufour2023-04-281-0/+5
| |
* | different wgautomesh gossip ports for prod and stagingAlex Auvolat2023-05-041-1/+6
| |
* | make specifying an ipv6 fully optionnalAlex Auvolat2023-04-211-8/+11
| |
* | Fix unbound; remove Nixos firewall (use only diplonat)Alex Auvolat2023-04-211-0/+2
| |
* | introduce back static ipv4 prefix lenght but with default valueAlex Auvolat2023-04-051-1/+6
| |
* | make script clearer and add documentationAlex Auvolat2023-04-051-14/+20
| |
* | Allow for IPv6 with RA disabled by manually providing gatewayAlex Auvolat2023-04-051-33/+54
| |
* | remove obsolete directivesAlex Auvolat2023-03-311-3/+0
| |
* | refactor configuration syntaxAlex Auvolat2023-03-242-102/+90
| |
* | greatly simplify ipv4 and ipv6 configurationAlex Auvolat2023-03-242-53/+61
| |
* | Sanitize DNS configurationAlex Auvolat2023-03-241-28/+10
|/ | | | | | | | - get rid of outside nameserver, unbound does the recursive resolving itself (and it checks DNSSEC) - remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on port 53 (was already obsolete) - make unbound config independant of LAN IPv4 address
* wgautomesh actually on prodAlex Auvolat2023-03-243-9/+7
|
* use nix enum typeAlex Auvolat2023-03-201-1/+1
|
* wgautomesh variable log level (debug for staging)Alex Auvolat2023-03-171-1/+6
|
* keep wg-quick code as referenceAlex Auvolat2023-03-171-0/+12
|
* wgautomesh from static binary hosted on giteaAlex Auvolat2023-03-171-4/+3
|
* update wgautomeshAlex Auvolat2023-03-171-1/+1
|
* wgautomesh persist state to fileAlex Auvolat2023-03-172-1/+8
|
* wgautomesh gossip secret fileAlex Auvolat2023-03-172-1/+14
|
* sample deployment of wgautomesh on staging (dont deploy prod with this commit)Alex Auvolat2023-03-172-9/+131
|
* TODOs in deuxfleurs.nix because the old world is maybe mixing with the newAdrien2023-03-151-2/+2
|
* Remove hardcoded years in deuxfleurs.nixAlex Auvolat2023-01-011-7/+7
|
* Replace deploy_wg by a NixOS activation scriptAlex Auvolat2022-12-141-0/+9
|
* Add origan node in staging cluster (+ refactor system.stateVersion)Alex Auvolat2022-12-111-8/+0
|
* Add possible public_ipv4 node tagAlex Auvolat2022-12-071-1/+10
|
* Staging: Add CNAME target meta parameter, will be used for diplonat auto dns ↵Alex Auvolat2022-12-071-8/+16
| | | | update
* Clean stuff up and update nix driverAlex Auvolat2022-11-291-1/+1
|
* Remove old nomad-driver-nixAlex Auvolat2022-11-291-31/+0
|
* Use nix driver moved to Deuxfleurs namespaceAlex Auvolat2022-11-291-7/+3
|
* Deploy garage on staging using nix2 driverAlex Auvolat2022-11-292-31/+29
|
* Staging: ability to run Nix jobs using exec2 driverAlex Auvolat2022-11-282-0/+32
|
* Remove root, add wg-quick-wg0 after unboundAlex Auvolat2022-11-281-0/+1
|
* Fix wg-quick MTU because it does bad stuff by defaultAlex Auvolat2022-11-221-0/+1
|
* Add after config on nomad and consulAlex Auvolat2022-11-221-0/+2
|
* Add Baptiste ; fix wireguardAlex Auvolat2022-11-221-2/+2
|
* poc 2 for nix containers: use nomad-driver-nixAlex Auvolat2022-11-161-0/+31
|
* remove systemd-resolvedAlex Auvolat2022-10-162-10/+2
|
* Complete telemetry configurationAlex Auvolat2022-10-161-0/+5
|