Baptiste Jonglez
b6c083cf93
Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
...
This reverts commit b89b625f46
.
2024-07-14 16:09:33 +02:00
b89b625f46
openssh: Temporary patch for CVE-2024-6387 mitigation
2024-07-01 14:04:25 +02:00
Baptiste Jonglez
67794c53a3
Disable DHCPv6 and DHCPv6-PD in all cases
2024-06-02 21:35:36 +02:00
Baptiste Jonglez
ba37244447
Add common terminfo for more terminal support
2024-06-02 21:35:22 +02:00
Baptiste Jonglez
8d475b2ee6
Fix nixos deprecation warning
2024-06-02 21:35:08 +02:00
972fc4ea7c
prod: nixos 23.11 and nomad 1.5
2024-04-20 10:58:36 +02:00
c6a1bb341f
prod: update nixos to 23.05
2024-04-20 10:09:55 +02:00
47d33c1773
remove unused remote-unlock.nix
2024-02-06 17:46:55 +01:00
27242fbf70
staging: cluster upgrades
2024-01-22 17:15:29 +01:00
0c9ea6bc56
disable network fingerprinting in nomad
2023-08-07 11:17:40 +02:00
e71ca8fe11
rename wgautomesh config to deuxfleurs namespace to avoid conflict
2023-06-12 13:40:53 +02:00
24cf7ddd91
Merge branch 'main' into simplify-network-config
2023-05-09 12:20:35 +02:00
6c07a42978
different wgautomesh gossip ports for prod and staging
2023-05-04 13:39:33 +02:00
3befdea206
nix: allow wireguard + logs
2023-04-28 09:26:32 +02:00
607add3161
make specifying an ipv6 fully optionnal
2023-04-21 14:36:10 +02:00
a9e9149739
Fix unbound; remove Nixos firewall (use only diplonat)
2023-04-21 11:29:15 +02:00
16422d2809
introduce back static ipv4 prefix lenght but with default value
2023-04-05 14:04:11 +02:00
bb25797d2f
make script clearer and add documentation
2023-04-05 13:44:38 +02:00
dec4ea479d
Allow for IPv6 with RA disabled by manually providing gateway
2023-04-05 13:27:18 +02:00
a31c6d109e
remove obsolete directives
2023-03-31 16:27:08 +02:00
96566ae523
refactor configuration syntax
2023-03-24 15:26:39 +01:00
e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
6ffaa0ed91
use nix enum type
2023-03-20 11:17:38 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
39254cca0e
keep wg-quick code as reference
2023-03-17 18:18:25 +01:00
f629f4c171
wgautomesh from static binary hosted on gitea
2023-03-17 18:01:35 +01:00
f9b94f0b47
update wgautomesh
2023-03-17 17:17:56 +01:00
bb2660792f
wgautomesh persist state to file
2023-03-17 17:17:56 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
f7be968531
TODOs in deuxfleurs.nix because the old world is maybe mixing with the new
2023-03-15 18:19:01 +01:00
ad6db2f1c5
Remove hardcoded years in deuxfleurs.nix
2023-01-01 19:43:35 +01:00
b47334d7d7
Replace deploy_wg by a NixOS activation script
2022-12-14 18:02:30 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion)
2022-12-11 22:37:28 +01:00
a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update
2022-12-07 12:32:21 +01:00
4036a2d951
Clean stuff up and update nix driver
2022-11-29 16:21:38 +01:00
fb4c2ef55a
Remove old nomad-driver-nix
2022-11-29 15:41:35 +01:00
da07fee575
Use nix driver moved to Deuxfleurs namespace
2022-11-29 14:46:42 +01:00
c9f9ed4c71
Deploy garage on staging using nix2 driver
2022-11-29 14:21:12 +01:00
105c081728
Staging: ability to run Nix jobs using exec2 driver
2022-11-28 22:58:39 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound
2022-11-28 10:19:48 +01:00
bedfae8424
Fix wg-quick MTU because it does bad stuff by default
2022-11-22 16:22:05 +01:00
8d363d2e66
Add after config on nomad and consul
2022-11-22 13:30:00 +01:00
6659deb544
Add Baptiste ; fix wireguard
2022-11-22 12:09:28 +01:00
49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix
2022-11-16 16:28:18 +01:00
7866a92e16
remove systemd-resolved
2022-10-16 19:36:15 +02:00
5613ed9908
Complete telemetry configuration
2022-10-16 18:12:57 +02:00