Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Revert "openssh: Temporary patch for CVE-2024-6387 mitigation" | Baptiste Jonglez | 2024-07-14 | 1 | -17/+0 |
| | | | | This reverts commit b89b625f46003e0a018eaede1a6923c93b423755. | ||||
* | openssh: Temporary patch for CVE-2024-6387 mitigation | KokaKiwi | 2024-07-01 | 1 | -0/+17 |
| | |||||
* | Disable DHCPv6 and DHCPv6-PD in all cases | Baptiste Jonglez | 2024-06-02 | 1 | -0/+7 |
| | |||||
* | Add common terminfo for more terminal support | Baptiste Jonglez | 2024-06-02 | 1 | -0/+3 |
| | |||||
* | Fix nixos deprecation warning | Baptiste Jonglez | 2024-06-02 | 1 | -1/+1 |
| | |||||
* | prod: nixos 23.11 and nomad 1.5 | Alex Auvolat | 2024-04-20 | 1 | -0/+1 |
| | |||||
* | prod: update nixos to 23.05 | Alex Auvolat | 2024-04-20 | 1 | -1/+0 |
| | |||||
* | remove unused remote-unlock.nix | Alex Auvolat | 2024-02-06 | 1 | -45/+0 |
| | |||||
* | staging: cluster upgrades | Alex Auvolat | 2024-01-22 | 1 | -2/+2 |
| | |||||
* | disable network fingerprinting in nomad | Quentin Dufour | 2023-08-07 | 1 | -0/+3 |
| | |||||
* | rename wgautomesh config to deuxfleurs namespace to avoid conflict | Alex Auvolat | 2023-06-12 | 2 | -3/+3 |
| | |||||
* | Merge branch 'main' into simplify-network-config | Alex Auvolat | 2023-05-09 | 1 | -0/+4 |
|\ | |||||
| * | nix: allow wireguard + logs | Quentin Dufour | 2023-04-28 | 1 | -0/+5 |
| | | |||||
* | | different wgautomesh gossip ports for prod and staging | Alex Auvolat | 2023-05-04 | 1 | -1/+6 |
| | | |||||
* | | make specifying an ipv6 fully optionnal | Alex Auvolat | 2023-04-21 | 1 | -8/+11 |
| | | |||||
* | | Fix unbound; remove Nixos firewall (use only diplonat) | Alex Auvolat | 2023-04-21 | 1 | -0/+2 |
| | | |||||
* | | introduce back static ipv4 prefix lenght but with default value | Alex Auvolat | 2023-04-05 | 1 | -1/+6 |
| | | |||||
* | | make script clearer and add documentation | Alex Auvolat | 2023-04-05 | 1 | -14/+20 |
| | | |||||
* | | Allow for IPv6 with RA disabled by manually providing gateway | Alex Auvolat | 2023-04-05 | 1 | -33/+54 |
| | | |||||
* | | remove obsolete directives | Alex Auvolat | 2023-03-31 | 1 | -3/+0 |
| | | |||||
* | | refactor configuration syntax | Alex Auvolat | 2023-03-24 | 2 | -102/+90 |
| | | |||||
* | | greatly simplify ipv4 and ipv6 configuration | Alex Auvolat | 2023-03-24 | 2 | -53/+61 |
| | | |||||
* | | Sanitize DNS configuration | Alex Auvolat | 2023-03-24 | 1 | -28/+10 |
|/ | | | | | | | | - get rid of outside nameserver, unbound does the recursive resolving itself (and it checks DNSSEC) - remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on port 53 (was already obsolete) - make unbound config independant of LAN IPv4 address | ||||
* | wgautomesh actually on prod | Alex Auvolat | 2023-03-24 | 3 | -9/+7 |
| | |||||
* | use nix enum type | Alex Auvolat | 2023-03-20 | 1 | -1/+1 |
| | |||||
* | wgautomesh variable log level (debug for staging) | Alex Auvolat | 2023-03-17 | 1 | -1/+6 |
| | |||||
* | keep wg-quick code as reference | Alex Auvolat | 2023-03-17 | 1 | -0/+12 |
| | |||||
* | wgautomesh from static binary hosted on gitea | Alex Auvolat | 2023-03-17 | 1 | -4/+3 |
| | |||||
* | update wgautomesh | Alex Auvolat | 2023-03-17 | 1 | -1/+1 |
| | |||||
* | wgautomesh persist state to file | Alex Auvolat | 2023-03-17 | 2 | -1/+8 |
| | |||||
* | wgautomesh gossip secret file | Alex Auvolat | 2023-03-17 | 2 | -1/+14 |
| | |||||
* | sample deployment of wgautomesh on staging (dont deploy prod with this commit) | Alex Auvolat | 2023-03-17 | 2 | -9/+131 |
| | |||||
* | TODOs in deuxfleurs.nix because the old world is maybe mixing with the new | Adrien | 2023-03-15 | 1 | -2/+2 |
| | |||||
* | Remove hardcoded years in deuxfleurs.nix | Alex Auvolat | 2023-01-01 | 1 | -7/+7 |
| | |||||
* | Replace deploy_wg by a NixOS activation script | Alex Auvolat | 2022-12-14 | 1 | -0/+9 |
| | |||||
* | Add origan node in staging cluster (+ refactor system.stateVersion) | Alex Auvolat | 2022-12-11 | 1 | -8/+0 |
| | |||||
* | Add possible public_ipv4 node tag | Alex Auvolat | 2022-12-07 | 1 | -1/+10 |
| | |||||
* | Staging: Add CNAME target meta parameter, will be used for diplonat auto dns ↵ | Alex Auvolat | 2022-12-07 | 1 | -8/+16 |
| | | | | update | ||||
* | Clean stuff up and update nix driver | Alex Auvolat | 2022-11-29 | 1 | -1/+1 |
| | |||||
* | Remove old nomad-driver-nix | Alex Auvolat | 2022-11-29 | 1 | -31/+0 |
| | |||||
* | Use nix driver moved to Deuxfleurs namespace | Alex Auvolat | 2022-11-29 | 1 | -7/+3 |
| | |||||
* | Deploy garage on staging using nix2 driver | Alex Auvolat | 2022-11-29 | 2 | -31/+29 |
| | |||||
* | Staging: ability to run Nix jobs using exec2 driver | Alex Auvolat | 2022-11-28 | 2 | -0/+32 |
| | |||||
* | Remove root, add wg-quick-wg0 after unbound | Alex Auvolat | 2022-11-28 | 1 | -0/+1 |
| | |||||
* | Fix wg-quick MTU because it does bad stuff by default | Alex Auvolat | 2022-11-22 | 1 | -0/+1 |
| | |||||
* | Add after config on nomad and consul | Alex Auvolat | 2022-11-22 | 1 | -0/+2 |
| | |||||
* | Add Baptiste ; fix wireguard | Alex Auvolat | 2022-11-22 | 1 | -2/+2 |
| | |||||
* | poc 2 for nix containers: use nomad-driver-nix | Alex Auvolat | 2022-11-16 | 1 | -0/+31 |
| | |||||
* | remove systemd-resolved | Alex Auvolat | 2022-10-16 | 2 | -10/+2 |
| | |||||
* | Complete telemetry configuration | Alex Auvolat | 2022-10-16 | 1 | -0/+5 |
| |