Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 9 Pull requests 3 Projects Releases Wiki Activity
631 commits 8 branches 0 tags 1.8 MiB
Commit graph

262 commits

Author SHA1 Message Date
Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint 
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
 2024-06-08 17:14:48 +02:00
Baptiste Jonglez 9fc22d72d4 garage: harmonize staging and prod (checks, services) 2024-06-08 16:43:18 +02:00
maximilien 726f4b2f32 Merge pull request 'cluster(prod): Add dathomir site' (#25) from KokaKiwi/nixcfg:add-dathomir into main 
Reviewed-on: #25
Reviewed-by: maximilien <me@mricher.fr>
 2024-05-26 21:04:01 +00:00
Jill 37a2f781eb
prod(cluster/dathomir): Open more SSH ports 2024-05-26 23:00:39 +02:00
Jill 435cbeebfb
cluster(prod): Add oseille 2024-05-26 18:24:28 +02:00
Jill 3776734e50
style: Fix spacetab in cluster/prod/ssh_config 2024-05-26 17:04:33 +02:00
Jill 57628b508e
cluster(prod): Add io 2024-05-26 17:04:18 +02:00
Quentin 3e0df95fe9
use diplonat autodiscovery to set ip addr 2024-05-18 15:45:00 +02:00
Quentin 602c003e1e
update neptune IP address 2024-05-18 15:27:48 +02:00
Quentin e746768de1
hotfix garage 2024-05-17 20:29:05 +02:00
Jill a513690004
cluster(prod): Add dathomir site and onion node 2024-05-15 11:50:49 +02:00
ADRN f55891ba21 migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec reconfiguration des backups 2024-05-12 22:02:22 +02:00
ADRN 9a6935ac90 ajout Boris en admin sur Cryptpad 2024-05-12 20:35:04 +02:00
Armaël Guéneau 3b777ddeb6 Move emails from ananas (in scorpio) to celeri (in neptune) 2024-05-12 17:09:05 +02:00
ADRN 28b58b3776 ajout max et vincent en admin cryptpad 2024-04-30 10:10:40 +02:00
Baptiste Jonglez 7db40a8dcf Fix coturn that was failing with newer Nomad/Docker 
Coturn was failing to start with the following error:

failed to create task for container: failed to create shim task: OCI
runtime create failed: runc create failed: unable to start container
process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied:
unknown

It seems to be caused by the recent NixOS update.

Either because Docker/runc is now more strict when checking if the
entrypoint is executable [1]

And/or because Nomad may mount the secrets directory with "noexec" [2].

In any case, the "local" directory [2] looks more appropriate, because
it's shared with the task while not being accessible to other tasks.

[1] https://github.com/opencontainers/runc/issues/3715
[2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem
 2024-04-28 18:01:52 +02:00
Baptiste Jonglez c56ce9134c Update woodpecker to latest 2.4.1 2024-04-28 13:31:15 +02:00
baptiste 1d40a3c7c0 Merge pull request 'Update Woodpecker to v2.4.0' (#24) from tixie/nixcfg:update-woodpecker-2.4.0 into main 
Reviewed-on: #24
 2024-04-28 11:25:06 +00:00
Baptiste Jonglez 5dc7c3132b Fix link in CI setup doc 2024-04-28 13:23:54 +02:00
Quentin e6bac83e02
Tricot ulimit 2024-04-25 09:13:06 +02:00
Tixie 22fbadef2e
update woodpecker-agent to 2.4.0 2024-04-24 22:20:20 +02:00
Tixie 43189a5fc2
update woodpecker-server to 2.4.0 2024-04-24 22:20:06 +02:00
Alex ff7462b2c7 prod: update nomad to 1.6 2024-04-20 12:29:26 +02:00
Alex 972fc4ea7c prod: nixos 23.11 and nomad 1.5 2024-04-20 10:58:36 +02:00
Alex 444306aa54 prod: allow woodpecker on neptune now with good ipv6 2024-04-20 10:20:04 +02:00
Alex c6a1bb341f prod: update nixos to 23.05 2024-04-20 10:09:55 +02:00
Alex eddc95c5df prod: update ip config for Free ISP at Neptune 2024-04-20 09:37:24 +02:00
Alex 27df86a7e5 fix pad when not in neptune, and allow android7 email to move to bespin 2024-04-19 08:53:48 +02:00
ADRN d817ad7b15 Merge branch 'poil' 2024-04-18 19:36:32 +02:00
ADRN 1871f7bbff ajout de Jill & Trinity en admins de CryptPad 2024-04-18 19:36:07 +02:00
adrien 18e73b18f3 Merge pull request 'cluster/prod(app): Upgrade CryptPad to 2024.3.0' (#23) from KokaKiwi/nixcfg:crytptpad-upgrade-1 into main 
Reviewed-on: #23
 2024-04-18 17:35:36 +00:00
ADRN a817d764d3 déplacement du service cryptpad concombre -> abricot 2024-04-18 19:07:08 +02:00
Jill 9111997f84
cluster/prod(app): Add new CryptPad build files 2024-04-18 18:56:19 +02:00
Jill d41e10bd25
cluster/prod(app): Upgrade CryptPad to 2024.3.0 2024-04-18 18:45:07 +02:00
Jill 718a23b74b
cluster/prod: Add kokakiwi to adminAccounts 2024-04-18 17:57:24 +02:00
Alex 96ead9a597 prod: garage v1.0.0-rc1 2024-04-01 20:11:24 +02:00
Lauric Desauw 6152dc18d6 remove notice message for moderation 2024-03-29 15:48:21 +01:00
trinity-1686a e4708a325d add trinity.fr.eu.org to DKIM 2024-03-24 13:42:47 +00:00
Vincent 05dcd1c6a6 Courderec.re domain in the DKIM table 2024-03-24 14:23:47 +01:00
Alex 8fdffdf12f prod: remove drone-ci 2024-03-17 11:35:07 +01:00
Alex d55c9610a9 ajout de marion et darkgallium 2024-03-16 18:53:18 +01:00
Quentin f228592473
Ajout de la regex dans le query parameter du http-bind aussi 2024-03-11 08:37:40 +01:00
ADRN 263dad0243 ajout redirection nginx des salons Jitsi suspects 2024-03-10 21:05:43 +01:00
ADRN aaf95aa110 added notice message on Jitsi about our monitoring 2024-03-10 20:39:41 +01:00
ADRN 6544cd3e14 increased Jitsi logs a bit 2024-03-09 12:56:34 +01:00
Maximilien Richer 54f7cb670d
Update lightstream and grafana 2024-03-09 11:41:46 +01:00
ADRN 3ca0203753 store real IP from Jitsi 2024-03-08 21:25:43 +01:00
Alex dde6ece4db prod: give more memory to promehteus 2024-03-08 12:03:48 +01:00
Alex 3d75b5a0bd remove orsay extra service 2024-03-06 15:15:21 +01:00
Alex eb40718bee force woodpecker on scorpio 2024-03-04 15:38:21 +01:00