Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 9 Pull requests 3 Projects Releases Wiki Activity
465 commits 8 branches 0 tags 1.9 MiB
Commit graph

71 commits

Author SHA1 Message Date
Alex 24cf7ddd91 Merge branch 'main' into simplify-network-config 2023-05-09 12:20:35 +02:00
Alex 6c07a42978 different wgautomesh gossip ports for prod and staging 2023-05-04 13:39:33 +02:00
Quentin 3befdea206
nix: allow wireguard + logs 2023-04-28 09:26:32 +02:00
Alex 607add3161 make specifying an ipv6 fully optionnal 2023-04-21 14:36:10 +02:00
Alex a9e9149739 Fix unbound; remove Nixos firewall (use only diplonat) 2023-04-21 11:29:15 +02:00
Alex 16422d2809 introduce back static ipv4 prefix lenght but with default value 2023-04-05 14:04:11 +02:00
Alex bb25797d2f make script clearer and add documentation 2023-04-05 13:44:38 +02:00
Alex dec4ea479d Allow for IPv6 with RA disabled by manually providing gateway 2023-04-05 13:27:18 +02:00
Alex a31c6d109e remove obsolete directives 2023-03-31 16:27:08 +02:00
Alex 96566ae523 refactor configuration syntax 2023-03-24 15:26:39 +01:00
Alex e2aea648cf greatly simplify ipv4 and ipv6 configuration 2023-03-24 14:42:36 +01:00
Alex a0db30ca26 Sanitize DNS configuration 
- get rid of outside nameserver, unbound does the recursive resolving
  itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
  port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
 2023-03-24 12:58:44 +01:00
Alex 53b9cfd838 wgautomesh actually on prod 2023-03-24 12:01:38 +01:00
Alex 6ffaa0ed91 use nix enum type 2023-03-20 11:17:38 +01:00
Alex 90efd9155b wgautomesh variable log level (debug for staging) 2023-03-17 18:21:50 +01:00
Alex 39254cca0e keep wg-quick code as reference 2023-03-17 18:18:25 +01:00
Alex f629f4c171 wgautomesh from static binary hosted on gitea 2023-03-17 18:01:35 +01:00
Alex f9b94f0b47 update wgautomesh 2023-03-17 17:17:56 +01:00
Alex bb2660792f wgautomesh persist state to file 2023-03-17 17:17:56 +01:00
Alex 6664affaa0 wgautomesh gossip secret file 2023-03-17 17:17:56 +01:00
Alex baae97b192 sample deployment of wgautomesh on staging (dont deploy prod with this commit) 2023-03-17 17:17:56 +01:00
Adrien f7be968531 TODOs in deuxfleurs.nix because the old world is maybe mixing with the new 2023-03-15 18:19:01 +01:00
Alex ad6db2f1c5 Remove hardcoded years in deuxfleurs.nix 2023-01-01 19:43:35 +01:00
Alex b47334d7d7
Replace deploy_wg by a NixOS activation script 2022-12-14 18:02:30 +01:00
Alex 578075a925
Add origan node in staging cluster (+ refactor system.stateVersion) 2022-12-11 22:37:28 +01:00
Alex a1fc396412
Add possible public_ipv4 node tag 2022-12-07 17:13:03 +01:00
Alex ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update 2022-12-07 12:32:21 +01:00
Alex 4036a2d951
Clean stuff up and update nix driver 2022-11-29 16:21:38 +01:00
Alex fb4c2ef55a
Remove old nomad-driver-nix 2022-11-29 15:41:35 +01:00
Alex da07fee575
Use nix driver moved to Deuxfleurs namespace 2022-11-29 14:46:42 +01:00
Alex c9f9ed4c71
Deploy garage on staging using nix2 driver 2022-11-29 14:21:12 +01:00
Alex 105c081728
Staging: ability to run Nix jobs using exec2 driver 2022-11-28 22:58:39 +01:00
Alex a327876e25
Remove root, add wg-quick-wg0 after unbound 2022-11-28 10:19:48 +01:00
Alex bedfae8424
Fix wg-quick MTU because it does bad stuff by default 2022-11-22 16:22:05 +01:00
Alex 8d363d2e66
Add after config on nomad and consul 2022-11-22 13:30:00 +01:00
Alex 6659deb544
Add Baptiste ; fix wireguard 2022-11-22 12:09:28 +01:00
Alex 49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix 2022-11-16 16:28:18 +01:00
Alex 7866a92e16
remove systemd-resolved 2022-10-16 19:36:15 +02:00
Alex 5613ed9908
Complete telemetry configuration 2022-10-16 18:12:57 +02:00
Maximilien Richer 5f08713dfb Remove additonal DNS entries from docker 2022-10-16 14:17:12 +00:00
Quentin 38a544d9c4
Correctly inject dns servers in docker 2022-10-16 13:25:46 +02:00
Quentin b5a0f8bd82
Add docker 2022-10-16 13:13:43 +02:00
Quentin c3a30aabab
Switch to systemd-networkd 2022-10-15 10:38:48 +02:00
Quentin 10b0840daa
Disable IPv6 RA/autoconf/temp addr 2022-10-14 08:38:19 +02:00
Alex 72606368bf
Force Garage to use ipv6 connectivity 2022-09-15 11:57:24 +02:00
Alex b23218a7f6
systemd timesyncd 2022-09-08 10:35:14 +02:00
Alex 6ec9aad801
Improve DNS configuration 
Add Unbound server that separates queries between those going to Consul
and those going elsewhere.  This allows us to have DNS working even if
Consul fails for some reason. This way we can also remove the secondary
`nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain
containers (Alpine-based images?) were using the secondary resolver some
of the time, making them unable to access .consul hosts.
 2022-08-30 15:52:42 +02:00
Quentin 243eee4322
Ask consul to use advertised address and not bind one 2022-08-24 20:03:31 +02:00
Alex 1172e8e511
Fix nomad talking to consul 2022-08-24 18:51:55 +02:00
Alex a0c8280c02
Fix access to consul for non-server nodes 2022-08-24 16:58:50 +02:00