Baptiste Jonglez
8b10a0f539
Add SSH host key for pamplemousse
2024-10-03 23:07:15 +02:00
Baptiste Jonglez
e79e5470fb
Update bespin endpoints
2024-10-03 23:07:05 +02:00
aac2019d27
modif de Synapse parce que ça buguait + update Matrix syncv3 to v0.99.16
2024-09-26 19:37:02 +02:00
fabf31a720
update Synapse to v1.104.0 & Riot to v1.11.78
2024-09-26 18:58:51 +02:00
c044078a6e
finalize jitsi
2024-09-20 11:04:49 +02:00
ac4ca90eca
fix listen videobridge management
2024-09-20 10:45:11 +02:00
e204c3e563
activate management in jitsi
2024-09-20 10:39:36 +02:00
e81a6ccff0
Merge pull request 'Upgrade jitsi build recipes to 9646' ( #34 ) from 2024-09-12-update-jitsi into main
...
Reviewed-on: #34
2024-09-12 18:05:14 +00:00
8ca33f3136
ready to deploy jitsi
2024-09-12 20:00:09 +02:00
9742ec34da
add NODE_MAJOR_VERSION as argument of jitsi-meet container instead of hard-coded
2024-09-12 19:12:34 +02:00
64195db879
upgrade jitsi build recipes
2024-09-12 19:02:57 +02:00
dabfbc981b
remove notice message
2024-09-12 18:06:20 +02:00
8f4c78f39c
update woodpecker to 2.7.0
2024-08-25 09:56:03 +02:00
ca01149e16
Merge pull request 'Upgrade crytptpad to 2024.6.1' ( #32 ) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.1 into main
...
Reviewed-on: #32
2024-08-01 11:35:40 +00:00
093951af05
cluster(prod): cryptpad, update pinned sources
2024-07-28 20:26:31 +02:00
e83f12f6a2
cluster(prod): Upgrade crytptpad to 2024.6.1
2024-07-28 20:26:31 +02:00
6c88813e8d
Merge pull request 'Update CryptPad to 2024.6.0' ( #31 ) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.0 into main
...
Reviewed-on: #31
2024-07-22 17:04:09 +00:00
Baptiste Jonglez
7c9fed9e99
Temporary access to pamplemousse
2024-07-14 21:08:24 +02:00
Baptiste Jonglez
aebc4b900f
prod: Add new node pamplemousse
2024-07-14 17:51:25 +02:00
Baptiste Jonglez
2c43fe0fb4
Revert "staging: enable IPv4 diplonat (UPnP) for corrin site"
...
This reverts commit 22dba1f35c
.
This site is now also a production site, so from now on UPnP will only be
configured from the production cluster.
2024-07-14 17:47:19 +02:00
Baptiste Jonglez
b6c083cf93
Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
...
This reverts commit b89b625f46
.
2024-07-14 16:09:33 +02:00
0cc08a1f2b
cluster(prod/app/cryptpad): Update CryptPad to 2024.6.0
2024-07-02 20:22:04 +02:00
1bcfc26c62
cluster(prod/app/cryptpad): Update pinned channel from nixos-23.11 to nixos-24.05
2024-07-02 20:21:22 +02:00
47d94b1ad0
intervention Jitsi
2024-07-02 19:09:34 +02:00
62ff09234d
Merge pull request 'openssh: Temporary patch for CVE-2024-6387 mitigation' ( #30 ) from KokaKiwi/nixcfg:openssh-mitigation into main
...
Reviewed-on: #30
2024-07-02 13:26:15 +00:00
98feb96d27
Merge pull request 'dathomir: Updates' ( #29 ) from KokaKiwi/nixcfg:dathomir-update into main
...
Reviewed-on: #29
Reviewed-by: maximilien <me@mricher.fr>
2024-07-02 09:41:08 +00:00
b89b625f46
openssh: Temporary patch for CVE-2024-6387 mitigation
2024-07-01 14:04:25 +02:00
76186c3fb3
cluster(staging): Rename jupiter site to dathomir
2024-06-27 16:27:23 +02:00
be88b5d274
cluster(prod): Add new ortie node
2024-06-27 16:27:09 +02:00
fa510688d7
update guichet
2024-06-24 13:52:18 +02:00
Baptiste Jonglez
fc83048b02
staging: move bottin and guichet to docker, sync with prod config
2024-06-23 22:29:14 +02:00
86026c5642
cluster(prod/cryptpad): Update cryptpad image on Nomad cluster
2024-06-23 11:55:16 +02:00
Baptiste Jonglez
87464506ce
staging: Passage garage en mode docker
2024-06-23 11:34:36 +02:00
2f8b2c74f4
Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' ( #27 ) from KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main
...
Reviewed-on: #27
Reviewed-by: maximilien <me@mricher.fr>
2024-06-23 09:05:41 +00:00
Baptiste Jonglez
7e88a88e04
prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
...
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"
See https://crt.sh
Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.
In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
Baptiste Jonglez
9fc22d72d4
garage: harmonize staging and prod (checks, services)
2024-06-08 16:43:18 +02:00
Baptiste Jonglez
cbb0093f2c
staging: garage: Handle *.garage.staging for vhost-style S3 and add on-demand TLS checks
2024-06-08 16:35:35 +02:00
Baptiste Jonglez
d4fb14347d
staging: Upgrade tricot for on-demand TLS checks
2024-06-08 16:34:16 +02:00
Baptiste Jonglez
67794c53a3
Disable DHCPv6 and DHCPv6-PD in all cases
2024-06-02 21:35:36 +02:00
Baptiste Jonglez
ba37244447
Add common terminfo for more terminal support
2024-06-02 21:35:22 +02:00
Baptiste Jonglez
8d475b2ee6
Fix nixos deprecation warning
2024-06-02 21:35:08 +02:00
Baptiste Jonglez
7aa220a2e1
Add small script to gather system information from machines
2024-05-31 11:35:00 +02:00
Baptiste Jonglez
1924f2f4ab
sshtool: improve usage message
2024-05-31 11:34:38 +02:00
Baptiste Jonglez
bdc7376df4
staging: make tricot config closer to prod
2024-05-30 23:47:38 +02:00
Baptiste Jonglez
22dba1f35c
staging: enable IPv4 diplonat (UPnP) for corrin site
2024-05-30 23:42:48 +02:00
Baptiste Jonglez
7c174d6746
Revert "staging: disable allocation of grafana on piranha"
...
piranha is accessible on a more reliable network now.
2024-05-30 21:33:32 +02:00
Baptiste Jonglez
02bdc5a0c0
Move piranha to new network
2024-05-30 10:12:48 +02:00
726f4b2f32
Merge pull request 'cluster(prod): Add dathomir site' ( #25 ) from KokaKiwi/nixcfg:add-dathomir into main
...
Reviewed-on: #25
Reviewed-by: maximilien <me@mricher.fr>
2024-05-26 21:04:01 +00:00
37a2f781eb
prod(cluster/dathomir): Open more SSH ports
2024-05-26 23:00:39 +02:00
435cbeebfb
cluster(prod): Add oseille
2024-05-26 18:24:28 +02:00