607add3161
make specifying an ipv6 fully optionnal
2023-04-21 14:36:10 +02:00
c4598bd84f
Diplonat on bespin, ipv6-only
2023-04-21 12:03:35 +02:00
0b3332fd32
break out core services into separate files
2023-04-21 11:55:24 +02:00
a9e9149739
Fix unbound; remove Nixos firewall (use only diplonat)
2023-04-21 11:29:15 +02:00
529480b133
Merge branch 'main' into simplify-network-config
2023-04-21 10:31:05 +02:00
b4e82e37e4
diplonat with fixed iptables thing
2023-04-20 15:13:13 +02:00
af82308e84
Garage backup to SFTP target hosted by Max
2023-04-20 12:10:07 +02:00
e5f9f3c849
increase diplonat ram
2023-04-19 21:05:47 +02:00
0372df95b5
staging: fix consul server addresses
2023-04-19 20:36:24 +02:00
9737c661a4
Merge branch 'main' into simplify-network-config
2023-04-19 20:15:03 +02:00
57aa2ce1d2
interface gestion site web guichet
2023-04-19 15:20:49 +02:00
a614f495ad
allow memory overprovisionning
2023-04-08 10:43:42 +02:00
07f50f297a
D53 with addresses from DiploNAT autodiscovery; diplonat fw opening for tricot
2023-04-05 16:30:28 +02:00
0e4c641db7
redeploy bagage
2023-04-05 15:50:53 +02:00
c08bc17cc0
Adapt prod config to new parameters
2023-04-05 14:09:04 +02:00
16422d2809
introduce back static ipv4 prefix lenght but with default value
2023-04-05 14:04:11 +02:00
dec4ea479d
Allow for IPv6 with RA disabled by manually providing gateway
2023-04-05 13:27:18 +02:00
cb8d7e92d2
staging: ipv6-only diplonat for automatic address discovery
2023-04-05 10:25:22 +02:00
c9f122bcd3
diplonat with ipv6 firewall support; email ipv6 addresses in dns
2023-04-04 14:13:57 +02:00
d83d230aee
added luxeylab to dkim signingtable
2023-03-30 18:09:12 +02:00
2de291e9b7
upgrade bottin + remove bespin
2023-03-26 10:14:04 +02:00
ecfab3c628
Merge branch 'main' into simplify-network-config
2023-03-24 15:35:27 +01:00
96566ae523
refactor configuration syntax
2023-03-24 15:26:39 +01:00
e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
Baptiste Jonglez
8ae9ec6514
Update piranha IP again
2023-03-24 13:01:24 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
5cd69a9ba1
Merge branch 'main' into wgautomesh
2023-03-24 11:29:14 +01:00
8e29ee3b0b
backup memory
2023-03-24 11:29:07 +01:00
4a56b3360f
upgrade matrix
2023-03-22 22:23:37 +01:00
b7c4f94ebd
Add Garage backup script running on Abricot
2023-03-20 16:47:22 +01:00
eec09724fe
socat proxy
2023-03-20 10:45:40 +01:00
bebbf5bd8b
wip rsa-ecc proxy
2023-03-20 09:45:05 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
870511931a
abricot fixed ipv6
2023-03-17 16:22:24 +01:00
a6c791d342
remove email-in
2023-03-17 13:44:48 +01:00
28e7503b27
virguuuule
2023-03-17 10:04:21 +01:00
fd4f601ee0
Merge pull request 'configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)' ( #8 ) from feat/d53-email into main
...
Reviewed-on: #8
2023-03-17 08:53:27 +00:00
551988c808
do not allow stale information reading
2023-03-16 17:01:17 +01:00
6fe8ef6eed
update albatros
2023-03-16 16:53:16 +01:00
8b67c48c52
Fix consul port
2023-03-16 16:19:35 +01:00
7bf1467cb1
add albatros
2023-03-16 15:52:13 +01:00
fe2eda1702
configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)
2023-03-16 15:48:52 +01:00
81d3c0e03a
d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall)
2023-03-16 14:42:47 +01:00
1c623c796a
update garage and let it use more ram
2023-03-16 14:18:59 +01:00
e4065dade8
added Consul Registration of personal services (for Adrien's personal stuff)
2023-03-15 18:55:09 +01:00
f7be968531
TODOs in deuxfleurs.nix because the old world is maybe mixing with the new
2023-03-15 18:19:01 +01:00
2a0eff07c0
fix cleanup of deploypass
2023-03-15 17:49:31 +01:00
f6c4576b6c
added forgotten new files for scorpio/abricot
2023-03-15 17:30:35 +01:00
031d029e10
added scorpio site and abricot node
2023-03-15 17:10:38 +01:00
c681f63222
alloc more mem
2023-03-14 18:37:28 +01:00
d2b8b0c517
wip homemade ci?
2023-03-14 17:32:49 +01:00
385882c74c
Changes in prod:
...
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
2023-03-13 19:58:37 +01:00
d56f895a1c
integrate turn in matrix
2023-03-11 12:37:57 +01:00
6b8a94ba2e
wip coturn
2023-03-11 11:44:17 +01:00
850ea784e7
staging updates
2023-03-09 11:08:33 +01:00
6a287ffb57
prod: garage v0.8.1
2023-03-06 14:39:12 +01:00
Baptiste Jonglez
3eb5e21f9d
New IP for piranha
2023-03-06 14:30:22 +01:00
49cc83db21
use https links
2023-02-28 10:51:34 +01:00
4ef04f7971
add teabag (for static cms)
2023-02-27 18:42:38 +01:00
a4eb0b2b56
increased jitsi's priority so that it is above Matrix's
2023-02-20 16:43:29 +01:00
0b1fccac1c
Prod: guichet with mailing list edition interface
2023-02-08 16:58:12 +01:00
69f1950b55
bespin
2023-02-03 13:39:48 +01:00
87fc43d5e6
remove feature flags
2023-02-02 16:30:24 +01:00
a3ade938e0
update config with some flags, not sure
2023-02-02 16:21:43 +01:00
67bcd07056
upgrade prod tentative 1
2023-02-02 15:37:43 +01:00
a3ca27055d
fix integration
2023-02-02 15:32:40 +01:00
2d6616195f
upgrade the building logic
2023-02-02 14:48:59 +01:00
6445d55e3e
upgarde jitsi config
2023-02-02 08:48:19 +01:00
535b28945d
improve jitsi conf
2023-02-02 08:24:50 +01:00
2d55b1dfcc
updated garage and d53 on staging
2023-01-26 17:52:27 +01:00
8e76707c44
fix tricot hostname on prod
2023-01-11 22:18:52 +01:00
0da378d053
staging: remove constraint on im
2023-01-05 11:15:30 +01:00
9fabb5844a
staging: remove node cariacou, update garage
2023-01-04 17:06:39 +01:00
3a8588a1ea
Open ports 80 and 443 on all Orion nodes
2023-01-04 11:10:10 +01:00
da78f3671e
staging: deploy things on bespin
2023-01-04 10:06:06 +01:00
26f78872e6
staging: add node df-pw5 at bespin
2023-01-04 10:02:21 +01:00
c11b6499b8
prod: deploy d53
2023-01-04 09:35:40 +01:00
6478560087
prod: update tricot
2023-01-03 21:14:02 +01:00
fe805b6bab
Fix prometheus ssl certs
2023-01-03 21:00:10 +01:00
606668e25e
fill in cname_target and public_ipv4 for prod cluster
2023-01-03 19:27:35 +01:00
18eef6e8e7
Staging: Reduce resource requirements to pack more things
2023-01-03 18:25:32 +01:00
d588764748
don't rotate grafana password
2023-01-01 20:44:28 +01:00
3847c08181
Merge pull request 'updated version of secretmgr' ( #5 ) from new-secretmgr into main
...
Reviewed-on: #5
2023-01-01 18:47:34 +00:00
Baptiste Jonglez
08c324f1c4
Add new zone to core services
2022-12-29 18:26:52 +01:00
Baptiste Jonglez
1c48fd4ae4
Add new staging zone and node
2022-12-28 16:49:43 +01:00
0d8c6a2d45
Remove obsolete Matrix TLS keys
2022-12-25 23:54:55 +01:00
0becfc2571
Merge branch 'main' into new-secretmgr
2022-12-25 23:47:52 +01:00
b63c03f635
refactor ssh config and move known_hosts
2022-12-25 23:45:53 +01:00
40f5670753
Remove old way of doing email certs (self-signed)
2022-12-25 23:03:37 +01:00
3b74376191
update drone secrets for rotation
2022-12-25 22:50:20 +01:00
8cee3b0043
Update prod secret files
2022-12-25 22:45:05 +01:00
87bb031ed0
Migrate prod cluster secrets to new format
2022-12-25 22:31:18 +01:00
6d6e48c8fa
Improve secretmgr more, update secrets for staging
2022-12-25 22:12:38 +01:00
8d0a7a806d
New secretmgr
2022-12-25 21:03:16 +01:00
7fd81f3470
WIP new secretmgr
2022-12-25 19:52:28 +01:00
11f87a3cd2
staging: add missing secrets, update exiting ones to autogen/autorotate
2022-12-24 23:58:38 +01:00
8d17a07c9b
reorganize some things
2022-12-24 22:59:37 +01:00