Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 9 Pull requests 3 Projects Releases Wiki Activity
531 commits 8 branches 0 tags 1.8 MiB
Commit graph

324 commits

Author SHA1 Message Date
Quentin aaa80ae678
final csp 2023-07-23 14:36:04 +02:00
Quentin 233556e9ef
Simpler IPv6 config for Garage 2023-07-23 14:06:36 +02:00
Quentin 132ad670a1
lines 2023-07-23 13:59:35 +02:00
Quentin 1048456fbf
switch postfix to ipv4 as we have no reverse dns on ipv6 2023-07-08 14:48:34 +02:00
Quentin 919004ae79
albatros 0.9-rc3 2023-07-08 14:38:00 +02:00
Quentin 03658e8f7b
ajout pointecouteau 2023-06-28 15:35:37 +02:00
ADRN 8ebd35730c added estherbouquet.com to DKIM signing table 2023-06-24 18:02:29 +02:00
Alex effe155248 Add armael to staging and ssh key for max 2023-06-24 17:14:34 +02:00
Alex 6c12a71ecb Deploy nixos 23.05 on staging and other staging fixes 2023-06-13 11:56:10 +02:00
Alex 1d19bae7a1 remove postgres replica on concombre 2023-06-12 19:58:03 +02:00
Alex 3fcda94aa0 undo remove postgres from diplotaxis 2023-06-12 16:19:57 +02:00
Alex 3e40bfcca9 add stolon replica on abricot instead of diplotaxis 2023-06-12 13:41:42 +02:00
Alex e06d6b14a3 add ananas, set it raft server instead of dahlia 2023-06-12 13:41:34 +02:00
Alex 1a11ff4202 staging: updated garage with new consul registration 2023-06-02 16:37:13 +02:00
Alex 14b59ba4b0 màj config gitea 2023-06-02 15:40:43 +02:00
Alex c31de0e94f tricot passthrough of external services at neptune 2023-05-24 10:18:02 +02:00
Alex ff13616887 staging: dev garage with fixed k2v double-urlencoding 2023-05-19 12:53:10 +02:00
Alex efd5ec3323 Remove plume backup job (not usefull anymore) 2023-05-16 15:39:36 +02:00
Alex 8a75be4d43 Merge pull request 'prod: Plume with S3 storage backend' (#13) from plume-s3 into main 
Reviewed-on: #13
 2023-05-16 13:38:07 +00:00
Alex 4ca45cf1d4 updated d53 on prod 2023-05-16 15:35:06 +02:00
Alex aee3a09471 Merge pull request 'Simplify network configuration' (#11) from simplify-network-config into main 
Reviewed-on: #11
 2023-05-16 13:19:33 +00:00
Alex 76b7f86d22 use RA on orion as well 2023-05-16 14:14:27 +02:00
Alex 560486bc50 prod plume with s3 backend 2023-05-15 17:30:41 +02:00
Alex 2488ad0ac2 staging plume: cleanup and update 2023-05-15 13:36:38 +02:00
Alex 9cef48a6c2 Merge branch 'main' into simplify-network-config 2023-05-12 18:45:58 +02:00
Alex 5c7a8c72d8 first plume on staging with S3 backend 2023-05-12 18:45:20 +02:00
Alex 258d27c566 deploy tricot at bespin, register gitea (not accessed yet) 2023-05-09 15:12:03 +02:00
Alex 04464f632f Export all Grafana dashboards 2023-05-09 12:29:37 +02:00
Alex 24cf7ddd91 Merge branch 'main' into simplify-network-config 2023-05-09 12:20:35 +02:00
Maximilien Richer 24192cc61a
Update telemetry stack apps 2023-05-07 23:46:48 +02:00
Alex b73c39c7c1 multi-zone matrix 2023-05-04 17:00:31 +02:00
Alex e375304c38 orient SoGo and Synapse to closest psql-proxy; psql backup anywhere 2023-05-04 16:48:22 +02:00
Alex f3cd2e98b4 multisite postgres, orient plume to correct db 2023-05-04 16:39:25 +02:00
Alex 6c07a42978 different wgautomesh gossip ports for prod and staging 2023-05-04 13:39:33 +02:00
Baptiste Jonglez e23b523467 Add infinite restart policy for postgresql 2023-05-03 08:53:59 +02:00
Alex 607add3161 make specifying an ipv6 fully optionnal 2023-04-21 14:36:10 +02:00
Alex c4598bd84f Diplonat on bespin, ipv6-only 2023-04-21 12:03:35 +02:00
Alex 0b3332fd32 break out core services into separate files 2023-04-21 11:55:24 +02:00
Alex a9e9149739 Fix unbound; remove Nixos firewall (use only diplonat) 2023-04-21 11:29:15 +02:00
Alex 529480b133 Merge branch 'main' into simplify-network-config 2023-04-21 10:31:05 +02:00
Alex b4e82e37e4 diplonat with fixed iptables thing 2023-04-20 15:13:13 +02:00
Alex af82308e84 Garage backup to SFTP target hosted by Max 2023-04-20 12:10:07 +02:00
Alex e5f9f3c849 increase diplonat ram 2023-04-19 21:05:47 +02:00
Alex 0372df95b5 staging: fix consul server addresses 2023-04-19 20:36:24 +02:00
Alex 9737c661a4 Merge branch 'main' into simplify-network-config 2023-04-19 20:15:03 +02:00
Quentin 57aa2ce1d2
interface gestion site web guichet 2023-04-19 15:20:49 +02:00
Quentin a614f495ad
allow memory overprovisionning 2023-04-08 10:43:42 +02:00
Alex 07f50f297a D53 with addresses from DiploNAT autodiscovery; diplonat fw opening for tricot 2023-04-05 16:30:28 +02:00
Quentin 0e4c641db7
redeploy bagage 2023-04-05 15:50:53 +02:00
Alex c08bc17cc0 Adapt prod config to new parameters 2023-04-05 14:09:04 +02:00
Alex 16422d2809 introduce back static ipv4 prefix lenght but with default value 2023-04-05 14:04:11 +02:00
Alex dec4ea479d Allow for IPv6 with RA disabled by manually providing gateway 2023-04-05 13:27:18 +02:00
Alex cb8d7e92d2 staging: ipv6-only diplonat for automatic address discovery 2023-04-05 10:25:22 +02:00
Alex c9f122bcd3 diplonat with ipv6 firewall support; email ipv6 addresses in dns 2023-04-04 14:13:57 +02:00
Adrien d83d230aee added luxeylab to dkim signingtable 2023-03-30 18:09:12 +02:00
Quentin 2de291e9b7
upgrade bottin + remove bespin 2023-03-26 10:14:04 +02:00
Alex ecfab3c628 Merge branch 'main' into simplify-network-config 2023-03-24 15:35:27 +01:00
Alex 96566ae523 refactor configuration syntax 2023-03-24 15:26:39 +01:00
Alex e2aea648cf greatly simplify ipv4 and ipv6 configuration 2023-03-24 14:42:36 +01:00
Baptiste Jonglez 8ae9ec6514 Update piranha IP again 2023-03-24 13:01:24 +01:00
Alex a0db30ca26 Sanitize DNS configuration 
- get rid of outside nameserver, unbound does the recursive resolving
  itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
  port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
 2023-03-24 12:58:44 +01:00
Alex 53b9cfd838 wgautomesh actually on prod 2023-03-24 12:01:38 +01:00
Alex 5cd69a9ba1 Merge branch 'main' into wgautomesh 2023-03-24 11:29:14 +01:00
Alex 8e29ee3b0b backup memory 2023-03-24 11:29:07 +01:00
Quentin 4a56b3360f
upgrade matrix 2023-03-22 22:23:37 +01:00
Alex b7c4f94ebd Add Garage backup script running on Abricot 2023-03-20 16:47:22 +01:00
Quentin eec09724fe
socat proxy 2023-03-20 10:45:40 +01:00
Quentin bebbf5bd8b
wip rsa-ecc proxy 2023-03-20 09:45:05 +01:00
Alex 90efd9155b wgautomesh variable log level (debug for staging) 2023-03-17 18:21:50 +01:00
Alex 6664affaa0 wgautomesh gossip secret file 2023-03-17 17:17:56 +01:00
Alex baae97b192 sample deployment of wgautomesh on staging (dont deploy prod with this commit) 2023-03-17 17:17:56 +01:00
Alex 870511931a abricot fixed ipv6 2023-03-17 16:22:24 +01:00
Alex a6c791d342 remove email-in 2023-03-17 13:44:48 +01:00
Adrien 28e7503b27 virguuuule 2023-03-17 10:04:21 +01:00
adrien fd4f601ee0 Merge pull request 'configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)' (#8) from feat/d53-email into main 
Reviewed-on: #8
 2023-03-17 08:53:27 +00:00
Quentin 551988c808
do not allow stale information reading 2023-03-16 17:01:17 +01:00
Quentin 6fe8ef6eed
update albatros 2023-03-16 16:53:16 +01:00
Quentin 8b67c48c52
Fix consul port 2023-03-16 16:19:35 +01:00
Quentin 7bf1467cb1
add albatros 2023-03-16 15:52:13 +01:00
Adrien fe2eda1702 configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself) 2023-03-16 15:48:52 +01:00
Alex 81d3c0e03a d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall) 2023-03-16 14:42:47 +01:00
Alex 1c623c796a update garage and let it use more ram 2023-03-16 14:18:59 +01:00
Adrien e4065dade8 added Consul Registration of personal services (for Adrien's personal stuff) 2023-03-15 18:55:09 +01:00
Adrien f7be968531 TODOs in deuxfleurs.nix because the old world is maybe mixing with the new 2023-03-15 18:19:01 +01:00
Alex 2a0eff07c0 fix cleanup of deploypass 2023-03-15 17:49:31 +01:00
Adrien f6c4576b6c added forgotten new files for scorpio/abricot 2023-03-15 17:30:35 +01:00
Adrien 031d029e10 added scorpio site and abricot node 2023-03-15 17:10:38 +01:00
Quentin c681f63222
alloc more mem 2023-03-14 18:37:28 +01:00
Quentin d2b8b0c517
wip homemade ci? 2023-03-14 17:32:49 +01:00
Alex 385882c74c Changes in prod: 
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
 2023-03-13 19:58:37 +01:00
Quentin d56f895a1c
integrate turn in matrix 2023-03-11 12:37:57 +01:00
Quentin 6b8a94ba2e
wip coturn 2023-03-11 11:44:17 +01:00
Alex 850ea784e7 staging updates 2023-03-09 11:08:33 +01:00
Alex 6a287ffb57 prod: garage v0.8.1 2023-03-06 14:39:12 +01:00
Baptiste Jonglez 3eb5e21f9d New IP for piranha 2023-03-06 14:30:22 +01:00
Quentin 49cc83db21
use https links 2023-02-28 10:51:34 +01:00
Quentin 4ef04f7971
add teabag (for static cms) 2023-02-27 18:42:38 +01:00
Adrien a4eb0b2b56 increased jitsi's priority so that it is above Matrix's 2023-02-20 16:43:29 +01:00
Alex 0b1fccac1c Prod: guichet with mailing list edition interface 2023-02-08 16:58:12 +01:00
Quentin 69f1950b55
bespin 2023-02-03 13:39:48 +01:00