Commit graph

679 commits

Author SHA1 Message Date
Baptiste Jonglez
9c712b0d78 telemetry: update node-exporter (somebody forgot to commit) 2024-11-06 23:50:45 +01:00
d1e979d3ae Merge pull request 'cryptpad: add armael to admins' (#38) from armael-cryptpad-admin into main
Reviewed-on: #38
2024-11-06 21:18:28 +00:00
Armaël Guéneau
8743e9b69b cryptpad: add armael to admins 2024-11-06 19:06:31 +01:00
Baptiste Jonglez
87e3ef93e3 email: ensure email and email-android7 run on different sites to avoid port conflicts 2024-10-25 09:58:53 +02:00
Baptiste Jonglez
99c031dfc4 email-android7: allocate more memory to avoid OOM killer 2024-10-17 00:51:49 +02:00
50b021dd02 Merge pull request 'Add cryptad-debug instance with cloned data' (#36) from debug-cryptpad-update into main
Reviewed-on: #36
2024-10-16 19:11:13 +00:00
9467dfea2a
Add cryptad-debug instance with cloned data 2024-10-16 21:08:25 +02:00
d568dea939 Merge pull request 'Upgrade crytptpad to 2024.9.0' (#35) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.9.0 into main
Reviewed-on: #35
Reviewed-by: maximilien <me@mricher.fr>
2024-10-04 07:49:55 +00:00
Baptiste Jonglez
c6ce1628f9 woodpecker: update to 2.7.1 2024-10-03 23:18:22 +02:00
Baptiste Jonglez
10d9528d91 woodpecker: make sure grpc proxy gets up-to-date IP address of backend 2024-10-03 23:18:11 +02:00
Baptiste Jonglez
8b10a0f539 Add SSH host key for pamplemousse 2024-10-03 23:07:15 +02:00
Baptiste Jonglez
e79e5470fb Update bespin endpoints 2024-10-03 23:07:05 +02:00
e344a1d560
cluster(prod): Upgrade crytptpad to 2024.9.0
Signed-off-by: KokaKiwi <kokakiwi+deuxfleurs@kokakiwi.net>
2024-10-02 18:00:05 +02:00
a560763a41
cluster(prod): cryptpad, update pinned sources
Signed-off-by: KokaKiwi <kokakiwi+deuxfleurs@kokakiwi.net>
2024-10-02 17:49:04 +02:00
aac2019d27 modif de Synapse parce que ça buguait + update Matrix syncv3 to v0.99.16 2024-09-26 19:37:02 +02:00
fabf31a720 update Synapse to v1.104.0 & Riot to v1.11.78 2024-09-26 18:58:51 +02:00
c044078a6e
finalize jitsi 2024-09-20 11:04:49 +02:00
ac4ca90eca
fix listen videobridge management 2024-09-20 10:45:11 +02:00
e204c3e563
activate management in jitsi 2024-09-20 10:39:36 +02:00
e81a6ccff0 Merge pull request 'Upgrade jitsi build recipes to 9646' (#34) from 2024-09-12-update-jitsi into main
Reviewed-on: #34
2024-09-12 18:05:14 +00:00
8ca33f3136
ready to deploy jitsi 2024-09-12 20:00:09 +02:00
9742ec34da add NODE_MAJOR_VERSION as argument of jitsi-meet container instead of hard-coded 2024-09-12 19:12:34 +02:00
64195db879
upgrade jitsi build recipes 2024-09-12 19:02:57 +02:00
dabfbc981b remove notice message 2024-09-12 18:06:20 +02:00
8f4c78f39c update woodpecker to 2.7.0 2024-08-25 09:56:03 +02:00
ca01149e16 Merge pull request 'Upgrade crytptpad to 2024.6.1' (#32) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.1 into main
Reviewed-on: #32
2024-08-01 11:35:40 +00:00
093951af05
cluster(prod): cryptpad, update pinned sources 2024-07-28 20:26:31 +02:00
e83f12f6a2
cluster(prod): Upgrade crytptpad to 2024.6.1 2024-07-28 20:26:31 +02:00
6c88813e8d Merge pull request 'Update CryptPad to 2024.6.0' (#31) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.0 into main
Reviewed-on: #31
2024-07-22 17:04:09 +00:00
Baptiste Jonglez
7c9fed9e99 Temporary access to pamplemousse 2024-07-14 21:08:24 +02:00
Baptiste Jonglez
aebc4b900f prod: Add new node pamplemousse 2024-07-14 17:51:25 +02:00
Baptiste Jonglez
2c43fe0fb4 Revert "staging: enable IPv4 diplonat (UPnP) for corrin site"
This reverts commit 22dba1f35c.

This site is now also a production site, so from now on UPnP will only be
configured from the production cluster.
2024-07-14 17:47:19 +02:00
Baptiste Jonglez
b6c083cf93 Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
This reverts commit b89b625f46.
2024-07-14 16:09:33 +02:00
0cc08a1f2b
cluster(prod/app/cryptpad): Update CryptPad to 2024.6.0 2024-07-02 20:22:04 +02:00
1bcfc26c62
cluster(prod/app/cryptpad): Update pinned channel from nixos-23.11 to nixos-24.05 2024-07-02 20:21:22 +02:00
47d94b1ad0 intervention Jitsi 2024-07-02 19:09:34 +02:00
62ff09234d Merge pull request 'openssh: Temporary patch for CVE-2024-6387 mitigation' (#30) from KokaKiwi/nixcfg:openssh-mitigation into main
Reviewed-on: #30
2024-07-02 13:26:15 +00:00
98feb96d27 Merge pull request 'dathomir: Updates' (#29) from KokaKiwi/nixcfg:dathomir-update into main
Reviewed-on: #29
Reviewed-by: maximilien <me@mricher.fr>
2024-07-02 09:41:08 +00:00
b89b625f46
openssh: Temporary patch for CVE-2024-6387 mitigation 2024-07-01 14:04:25 +02:00
76186c3fb3
cluster(staging): Rename jupiter site to dathomir 2024-06-27 16:27:23 +02:00
be88b5d274
cluster(prod): Add new ortie node 2024-06-27 16:27:09 +02:00
fa510688d7
update guichet 2024-06-24 13:52:18 +02:00
Baptiste Jonglez
fc83048b02 staging: move bottin and guichet to docker, sync with prod config 2024-06-23 22:29:14 +02:00
86026c5642
cluster(prod/cryptpad): Update cryptpad image on Nomad cluster 2024-06-23 11:55:16 +02:00
Baptiste Jonglez
87464506ce staging: Passage garage en mode docker 2024-06-23 11:34:36 +02:00
2f8b2c74f4 Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' (#27) from KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main
Reviewed-on: #27
Reviewed-by: maximilien <me@mricher.fr>
2024-06-23 09:05:41 +00:00
Baptiste Jonglez
7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
Baptiste Jonglez
9fc22d72d4 garage: harmonize staging and prod (checks, services) 2024-06-08 16:43:18 +02:00
Baptiste Jonglez
cbb0093f2c staging: garage: Handle *.garage.staging for vhost-style S3 and add on-demand TLS checks 2024-06-08 16:35:35 +02:00
Baptiste Jonglez
d4fb14347d staging: Upgrade tricot for on-demand TLS checks 2024-06-08 16:34:16 +02:00