Commit graph

82 commits

Author SHA1 Message Date
Baptiste Jonglez
b6c083cf93 Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
This reverts commit b89b625f46.
2024-07-14 16:09:33 +02:00
b89b625f46
openssh: Temporary patch for CVE-2024-6387 mitigation 2024-07-01 14:04:25 +02:00
Baptiste Jonglez
67794c53a3 Disable DHCPv6 and DHCPv6-PD in all cases 2024-06-02 21:35:36 +02:00
Baptiste Jonglez
ba37244447 Add common terminfo for more terminal support 2024-06-02 21:35:22 +02:00
Baptiste Jonglez
8d475b2ee6 Fix nixos deprecation warning 2024-06-02 21:35:08 +02:00
972fc4ea7c prod: nixos 23.11 and nomad 1.5 2024-04-20 10:58:36 +02:00
c6a1bb341f prod: update nixos to 23.05 2024-04-20 10:09:55 +02:00
47d33c1773 remove unused remote-unlock.nix 2024-02-06 17:46:55 +01:00
27242fbf70 staging: cluster upgrades 2024-01-22 17:15:29 +01:00
0c9ea6bc56
disable network fingerprinting in nomad 2023-08-07 11:17:40 +02:00
e71ca8fe11 rename wgautomesh config to deuxfleurs namespace to avoid conflict 2023-06-12 13:40:53 +02:00
24cf7ddd91 Merge branch 'main' into simplify-network-config 2023-05-09 12:20:35 +02:00
6c07a42978 different wgautomesh gossip ports for prod and staging 2023-05-04 13:39:33 +02:00
3befdea206
nix: allow wireguard + logs 2023-04-28 09:26:32 +02:00
607add3161 make specifying an ipv6 fully optionnal 2023-04-21 14:36:10 +02:00
a9e9149739 Fix unbound; remove Nixos firewall (use only diplonat) 2023-04-21 11:29:15 +02:00
16422d2809 introduce back static ipv4 prefix lenght but with default value 2023-04-05 14:04:11 +02:00
bb25797d2f make script clearer and add documentation 2023-04-05 13:44:38 +02:00
dec4ea479d Allow for IPv6 with RA disabled by manually providing gateway 2023-04-05 13:27:18 +02:00
a31c6d109e remove obsolete directives 2023-03-31 16:27:08 +02:00
96566ae523 refactor configuration syntax 2023-03-24 15:26:39 +01:00
e2aea648cf greatly simplify ipv4 and ipv6 configuration 2023-03-24 14:42:36 +01:00
a0db30ca26 Sanitize DNS configuration
- get rid of outside nameserver, unbound does the recursive resolving
  itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
  port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838 wgautomesh actually on prod 2023-03-24 12:01:38 +01:00
6ffaa0ed91 use nix enum type 2023-03-20 11:17:38 +01:00
90efd9155b wgautomesh variable log level (debug for staging) 2023-03-17 18:21:50 +01:00
39254cca0e keep wg-quick code as reference 2023-03-17 18:18:25 +01:00
f629f4c171 wgautomesh from static binary hosted on gitea 2023-03-17 18:01:35 +01:00
f9b94f0b47 update wgautomesh 2023-03-17 17:17:56 +01:00
bb2660792f wgautomesh persist state to file 2023-03-17 17:17:56 +01:00
6664affaa0 wgautomesh gossip secret file 2023-03-17 17:17:56 +01:00
baae97b192 sample deployment of wgautomesh on staging (dont deploy prod with this commit) 2023-03-17 17:17:56 +01:00
f7be968531 TODOs in deuxfleurs.nix because the old world is maybe mixing with the new 2023-03-15 18:19:01 +01:00
ad6db2f1c5 Remove hardcoded years in deuxfleurs.nix 2023-01-01 19:43:35 +01:00
b47334d7d7
Replace deploy_wg by a NixOS activation script 2022-12-14 18:02:30 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion) 2022-12-11 22:37:28 +01:00
a1fc396412
Add possible public_ipv4 node tag 2022-12-07 17:13:03 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update 2022-12-07 12:32:21 +01:00
4036a2d951
Clean stuff up and update nix driver 2022-11-29 16:21:38 +01:00
fb4c2ef55a
Remove old nomad-driver-nix 2022-11-29 15:41:35 +01:00
da07fee575
Use nix driver moved to Deuxfleurs namespace 2022-11-29 14:46:42 +01:00
c9f9ed4c71
Deploy garage on staging using nix2 driver 2022-11-29 14:21:12 +01:00
105c081728
Staging: ability to run Nix jobs using exec2 driver 2022-11-28 22:58:39 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound 2022-11-28 10:19:48 +01:00
bedfae8424
Fix wg-quick MTU because it does bad stuff by default 2022-11-22 16:22:05 +01:00
8d363d2e66
Add after config on nomad and consul 2022-11-22 13:30:00 +01:00
6659deb544
Add Baptiste ; fix wireguard 2022-11-22 12:09:28 +01:00
49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix 2022-11-16 16:28:18 +01:00
7866a92e16
remove systemd-resolved 2022-10-16 19:36:15 +02:00
5613ed9908
Complete telemetry configuration 2022-10-16 18:12:57 +02:00