Commit graph

313 commits

Author SHA1 Message Date
Armaël Guéneau
e0385b0456 make the list of IPs sorted and without duplicates for robustness 2024-11-20 13:04:41 +01:00
Armaël Guéneau
c66bff55f4 postfix: add rate-limiting exceptions for our own nodes 2024-11-19 20:24:09 +01:00
Armaël Guéneau
3f51534e03 guichet: augmentation de la limite de mémoire
Guichet s'est fait OOM-killed par Nomad en utilisation normale (nouvel
utilisateur qui clique sur un lien d'invitation).
2024-11-19 20:21:44 +01:00
Armaël Guéneau
fe7725b49e prod: tricot (build musl) 2024-11-09 23:28:57 +01:00
Armaël Guéneau
d0341caf77 cryptpad: repassage en 2024.9.0, pour tester l'ajout des headers 2024-11-08 19:11:10 +01:00
Armaël Guéneau
1a739636ca cryptpad: relax the CORS headers further to allow for onlyoffice fonts 2024-11-07 23:45:49 +01:00
Armaël Guéneau
f32c0c34f3 cryptpad-debug: essai avec un Dockerfile basique plutôt que construit par nix 2024-11-07 23:26:12 +01:00
Armaël Guéneau
bc49f33d65 cryptpad: ajout de headers CORS manquants pour le domaine de sandbox 2024-11-07 23:19:37 +01:00
Armaël Guéneau
00c56a4dda cryptpad-debug: rollback to 2024.6.1 + add some admins 2024-11-07 20:37:31 +01:00
Baptiste Jonglez
3053f7998f cryptpad: add admin 2024-11-07 20:33:41 +01:00
Baptiste Jonglez
bbfd630d58 cryptpad: revert prod to known working version 2024-11-07 20:33:27 +01:00
Baptiste Jonglez
1477417aa8 d53: allow to schedule on corrin 2024-11-07 00:34:15 +01:00
Baptiste Jonglez
0288aefda4 jitsi: allow to schedule on corrin 2024-11-07 00:29:55 +01:00
Baptiste Jonglez
ba27b2f2c2 prod: Schedule some basic services on corrin 2024-11-07 00:17:30 +01:00
Baptiste Jonglez
9c712b0d78 telemetry: update node-exporter (somebody forgot to commit) 2024-11-06 23:50:45 +01:00
Armaël Guéneau
8743e9b69b cryptpad: add armael to admins 2024-11-06 19:06:31 +01:00
Baptiste Jonglez
87e3ef93e3 email: ensure email and email-android7 run on different sites to avoid port conflicts 2024-10-25 09:58:53 +02:00
Baptiste Jonglez
99c031dfc4 email-android7: allocate more memory to avoid OOM killer 2024-10-17 00:51:49 +02:00
9467dfea2a
Add cryptad-debug instance with cloned data 2024-10-16 21:08:25 +02:00
d568dea939 Merge pull request 'Upgrade crytptpad to 2024.9.0' (#35) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.9.0 into main
Reviewed-on: #35
Reviewed-by: maximilien <me@mricher.fr>
2024-10-04 07:49:55 +00:00
Baptiste Jonglez
c6ce1628f9 woodpecker: update to 2.7.1 2024-10-03 23:18:22 +02:00
Baptiste Jonglez
10d9528d91 woodpecker: make sure grpc proxy gets up-to-date IP address of backend 2024-10-03 23:18:11 +02:00
Baptiste Jonglez
8b10a0f539 Add SSH host key for pamplemousse 2024-10-03 23:07:15 +02:00
Baptiste Jonglez
e79e5470fb Update bespin endpoints 2024-10-03 23:07:05 +02:00
e344a1d560
cluster(prod): Upgrade crytptpad to 2024.9.0
Signed-off-by: KokaKiwi <kokakiwi+deuxfleurs@kokakiwi.net>
2024-10-02 18:00:05 +02:00
a560763a41
cluster(prod): cryptpad, update pinned sources
Signed-off-by: KokaKiwi <kokakiwi+deuxfleurs@kokakiwi.net>
2024-10-02 17:49:04 +02:00
aac2019d27 modif de Synapse parce que ça buguait + update Matrix syncv3 to v0.99.16 2024-09-26 19:37:02 +02:00
fabf31a720 update Synapse to v1.104.0 & Riot to v1.11.78 2024-09-26 18:58:51 +02:00
c044078a6e
finalize jitsi 2024-09-20 11:04:49 +02:00
ac4ca90eca
fix listen videobridge management 2024-09-20 10:45:11 +02:00
e204c3e563
activate management in jitsi 2024-09-20 10:39:36 +02:00
8ca33f3136
ready to deploy jitsi 2024-09-12 20:00:09 +02:00
9742ec34da add NODE_MAJOR_VERSION as argument of jitsi-meet container instead of hard-coded 2024-09-12 19:12:34 +02:00
64195db879
upgrade jitsi build recipes 2024-09-12 19:02:57 +02:00
dabfbc981b remove notice message 2024-09-12 18:06:20 +02:00
8f4c78f39c update woodpecker to 2.7.0 2024-08-25 09:56:03 +02:00
093951af05
cluster(prod): cryptpad, update pinned sources 2024-07-28 20:26:31 +02:00
e83f12f6a2
cluster(prod): Upgrade crytptpad to 2024.6.1 2024-07-28 20:26:31 +02:00
6c88813e8d Merge pull request 'Update CryptPad to 2024.6.0' (#31) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.0 into main
Reviewed-on: #31
2024-07-22 17:04:09 +00:00
Baptiste Jonglez
7c9fed9e99 Temporary access to pamplemousse 2024-07-14 21:08:24 +02:00
Baptiste Jonglez
aebc4b900f prod: Add new node pamplemousse 2024-07-14 17:51:25 +02:00
0cc08a1f2b
cluster(prod/app/cryptpad): Update CryptPad to 2024.6.0 2024-07-02 20:22:04 +02:00
1bcfc26c62
cluster(prod/app/cryptpad): Update pinned channel from nixos-23.11 to nixos-24.05 2024-07-02 20:21:22 +02:00
47d94b1ad0 intervention Jitsi 2024-07-02 19:09:34 +02:00
be88b5d274
cluster(prod): Add new ortie node 2024-06-27 16:27:09 +02:00
fa510688d7
update guichet 2024-06-24 13:52:18 +02:00
Baptiste Jonglez
fc83048b02 staging: move bottin and guichet to docker, sync with prod config 2024-06-23 22:29:14 +02:00
86026c5642
cluster(prod/cryptpad): Update cryptpad image on Nomad cluster 2024-06-23 11:55:16 +02:00
2f8b2c74f4 Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main
Reviewed-on: #27
Reviewed-by: maximilien <me@mricher.fr>
2024-06-23 09:05:41 +00:00
Baptiste Jonglez
7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00