Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 9 Pull requests 2 Projects Releases Wiki Activity
593 commits 8 branches 0 tags 1.9 MiB
Commit graph

240 commits

Author SHA1 Message Date
Alex 258d27c566 deploy tricot at bespin, register gitea (not accessed yet) 2023-05-09 15:12:03 +02:00
Alex 04464f632f Export all Grafana dashboards 2023-05-09 12:29:37 +02:00
Alex 24cf7ddd91 Merge branch 'main' into simplify-network-config 2023-05-09 12:20:35 +02:00
Maximilien Richer 24192cc61a
Update telemetry stack apps 2023-05-07 23:46:48 +02:00
Alex b73c39c7c1 multi-zone matrix 2023-05-04 17:00:31 +02:00
Alex e375304c38 orient SoGo and Synapse to closest psql-proxy; psql backup anywhere 2023-05-04 16:48:22 +02:00
Alex f3cd2e98b4 multisite postgres, orient plume to correct db 2023-05-04 16:39:25 +02:00
Baptiste Jonglez e23b523467 Add infinite restart policy for postgresql 2023-05-03 08:53:59 +02:00
Alex 607add3161 make specifying an ipv6 fully optionnal 2023-04-21 14:36:10 +02:00
Alex c4598bd84f Diplonat on bespin, ipv6-only 2023-04-21 12:03:35 +02:00
Alex 0b3332fd32 break out core services into separate files 2023-04-21 11:55:24 +02:00
Alex a9e9149739 Fix unbound; remove Nixos firewall (use only diplonat) 2023-04-21 11:29:15 +02:00
Alex 529480b133 Merge branch 'main' into simplify-network-config 2023-04-21 10:31:05 +02:00
Alex af82308e84 Garage backup to SFTP target hosted by Max 2023-04-20 12:10:07 +02:00
Alex 9737c661a4 Merge branch 'main' into simplify-network-config 2023-04-19 20:15:03 +02:00
Quentin 57aa2ce1d2
interface gestion site web guichet 2023-04-19 15:20:49 +02:00
Quentin a614f495ad
allow memory overprovisionning 2023-04-08 10:43:42 +02:00
Quentin 0e4c641db7
redeploy bagage 2023-04-05 15:50:53 +02:00
Alex c08bc17cc0 Adapt prod config to new parameters 2023-04-05 14:09:04 +02:00
Alex c9f122bcd3 diplonat with ipv6 firewall support; email ipv6 addresses in dns 2023-04-04 14:13:57 +02:00
Adrien d83d230aee added luxeylab to dkim signingtable 2023-03-30 18:09:12 +02:00
Quentin 2de291e9b7
upgrade bottin + remove bespin 2023-03-26 10:14:04 +02:00
Alex 53b9cfd838 wgautomesh actually on prod 2023-03-24 12:01:38 +01:00
Alex 8e29ee3b0b backup memory 2023-03-24 11:29:07 +01:00
Quentin 4a56b3360f
upgrade matrix 2023-03-22 22:23:37 +01:00
Alex b7c4f94ebd Add Garage backup script running on Abricot 2023-03-20 16:47:22 +01:00
Quentin eec09724fe
socat proxy 2023-03-20 10:45:40 +01:00
Quentin bebbf5bd8b
wip rsa-ecc proxy 2023-03-20 09:45:05 +01:00
Alex 870511931a abricot fixed ipv6 2023-03-17 16:22:24 +01:00
Alex a6c791d342 remove email-in 2023-03-17 13:44:48 +01:00
Adrien 28e7503b27 virguuuule 2023-03-17 10:04:21 +01:00
Adrien fe2eda1702 configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself) 2023-03-16 15:48:52 +01:00
Alex 81d3c0e03a d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall) 2023-03-16 14:42:47 +01:00
Alex 1c623c796a update garage and let it use more ram 2023-03-16 14:18:59 +01:00
Adrien e4065dade8 added Consul Registration of personal services (for Adrien's personal stuff) 2023-03-15 18:55:09 +01:00
Adrien f7be968531 TODOs in deuxfleurs.nix because the old world is maybe mixing with the new 2023-03-15 18:19:01 +01:00
Adrien f6c4576b6c added forgotten new files for scorpio/abricot 2023-03-15 17:30:35 +01:00
Adrien 031d029e10 added scorpio site and abricot node 2023-03-15 17:10:38 +01:00
Alex 385882c74c Changes in prod: 
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
 2023-03-13 19:58:37 +01:00
Quentin d56f895a1c
integrate turn in matrix 2023-03-11 12:37:57 +01:00
Quentin 6b8a94ba2e
wip coturn 2023-03-11 11:44:17 +01:00
Alex 6a287ffb57 prod: garage v0.8.1 2023-03-06 14:39:12 +01:00
Quentin 49cc83db21
use https links 2023-02-28 10:51:34 +01:00
Quentin 4ef04f7971
add teabag (for static cms) 2023-02-27 18:42:38 +01:00
Adrien a4eb0b2b56 increased jitsi's priority so that it is above Matrix's 2023-02-20 16:43:29 +01:00
Alex 0b1fccac1c Prod: guichet with mailing list edition interface 2023-02-08 16:58:12 +01:00
Quentin 69f1950b55
bespin 2023-02-03 13:39:48 +01:00
Quentin 87fc43d5e6
remove feature flags 2023-02-02 16:30:24 +01:00
Quentin a3ade938e0
update config with some flags, not sure 2023-02-02 16:21:43 +01:00
Quentin 67bcd07056
upgrade prod tentative 1 2023-02-02 15:37:43 +01:00
Quentin a3ca27055d
fix integration 2023-02-02 15:32:40 +01:00
Quentin 2d6616195f
upgrade the building logic 2023-02-02 14:48:59 +01:00
Quentin 6445d55e3e
upgarde jitsi config 2023-02-02 08:48:19 +01:00
Quentin 535b28945d
improve jitsi conf 2023-02-02 08:24:50 +01:00
Alex 8e76707c44
fix tricot hostname on prod 2023-01-11 22:18:52 +01:00
Alex 3a8588a1ea
Open ports 80 and 443 on all Orion nodes 2023-01-04 11:10:10 +01:00
Alex c11b6499b8
prod: deploy d53 2023-01-04 09:35:40 +01:00
Alex 6478560087
prod: update tricot 2023-01-03 21:14:02 +01:00
Alex fe805b6bab
Fix prometheus ssl certs 2023-01-03 21:00:10 +01:00
Alex 606668e25e
fill in cname_target and public_ipv4 for prod cluster 2023-01-03 19:27:35 +01:00
Alex 0d8c6a2d45
Remove obsolete Matrix TLS keys 2022-12-25 23:54:55 +01:00
Alex 0becfc2571
Merge branch 'main' into new-secretmgr 2022-12-25 23:47:52 +01:00
Alex b63c03f635
refactor ssh config and move known_hosts 2022-12-25 23:45:53 +01:00
Alex 40f5670753
Remove old way of doing email certs (self-signed) 2022-12-25 23:03:37 +01:00
Alex 3b74376191
update drone secrets for rotation 2022-12-25 22:50:20 +01:00
Alex 8cee3b0043
Update prod secret files 2022-12-25 22:45:05 +01:00
Alex 87bb031ed0
Migrate prod cluster secrets to new format 2022-12-25 22:31:18 +01:00
Alex 8d17a07c9b
reorganize some things 2022-12-24 22:59:37 +01:00
Alex 578075a925
Add origan node in staging cluster (+ refactor system.stateVersion) 2022-12-11 22:37:28 +01:00
Alex 1d4599fc1c
prod: update tricot and reduce resource constraints 2022-12-07 12:03:15 +01:00
Alex 5bed1e66db
update alps 2022-12-06 16:14:57 +01:00
Alex 724f0ccfec
Tricot: updated with enough bins for histogram data 2022-12-06 15:11:35 +01:00
Alex 14bea296da
prod: enable site load balancing in tricot 2022-12-06 14:43:58 +01:00
Alex 6036f5a1b7
deploy tricot metrics on production 2022-12-06 14:41:53 +01:00
Alex 195e340f56
prod: more agressive restart on core services 2022-12-01 17:03:20 +01:00
Alex a327876e25
Remove root, add wg-quick-wg0 after unbound 2022-11-28 10:19:48 +01:00
Alex 6659deb544
Add Baptiste ; fix wireguard 2022-11-22 12:09:28 +01:00
Quentin eac950c47f
Upgrade to garage v0.8.0-rc2 2022-11-16 11:57:11 +01:00
Alex 9e19b2b5a2
Update ssh keys 2022-11-09 18:35:17 +01:00
Alex cade21aa24
Give more resources to core stuff 2022-11-04 12:29:43 +01:00
Alex b37c4b3196
Updated drone version 2022-11-04 11:09:19 +01:00
Quentin 40d5665ffe
Upgrade Matrix but disable URL preview 2022-10-28 09:45:00 +02:00
Alex 4584b39639
Update celeri config 2022-10-18 15:44:15 +02:00
Alex 27214332e9
IPv6 by FDN 2022-10-16 19:10:51 +02:00
Alex 5613ed9908
Complete telemetry configuration 2022-10-16 18:12:57 +02:00
Maximilien Richer 42409de1b1 Deploy garage on bespin 2022-10-16 14:17:12 +00:00
Quentin a69a71ca00 Add mounts on bespin + tlsproxy 2022-10-16 14:17:12 +00:00
Quentin e6f118adb0 Celeri is no more a raft server 2022-10-16 14:17:12 +00:00
Maximilien Richer 2eecece831 Fix typo on IP, add keys 2022-10-16 14:17:12 +00:00
mricher c48a7e80c3 Fix key 2022-10-16 14:17:12 +00:00
mricher 8797d4450a Add cluster configuration 2022-10-16 14:17:12 +00:00
mricher 6bafa20bf6 Add bespin machines 2022-10-16 14:17:12 +00:00
Quentin 6942355d43
update readme.md 2022-10-16 11:04:46 +02:00
Alex 3247bf69cf
move grafana-new. to grafana. 2022-10-13 11:01:45 +02:00
Alex f4689d25de
Change email address for let's encrypt expiry notifications 2022-10-09 22:57:55 +02:00
Alex b4e737afdf
Rotate ssh key 2022-10-09 17:46:59 +02:00
Alex c239e34a25
IPv6 prefix at Neptune changed again 2022-10-09 17:07:47 +02:00
Quentin e8cdd6864a
Split garage deployments in 2 categories 
- The ones that will receive some traffic from tricot
 - The ones "only for storage" that will not receive traffic from tricot
 2022-10-08 22:23:19 +02:00
Alex 711b788eb4
Fix restic forget commands 2022-09-26 13:05:53 +02:00
Alex 5b88919746
Move cryptpad backup job to backup-daily.hcl 2022-09-26 13:02:38 +02:00
Alex 535c90b38e
Replace Adrien's SSH key 2022-09-26 11:37:48 +02:00
Alex 72606368bf
Force Garage to use ipv6 connectivity 2022-09-15 11:57:24 +02:00
Alex 39fbbbe863
Change ipv6 tunnel server 2022-09-09 17:23:23 +02:00
Alex be0d7a7ccc
Drone integration files for new version (Nix runners) 2022-09-09 12:24:11 +02:00
Quentin 2695fe4ae8
Force IPv4 when sending to gmail 
Because Free does not provide rDNS on IPv6
so GMail complains that it does not find a PTR record
for our IPv6 address
 2022-09-07 08:13:15 +02:00
Quentin 02c65de5fe
Restart backups 2022-09-01 18:05:50 +02:00
Quentin 1749a98e86
Update LDAP configuration 2022-08-31 10:25:58 +02:00
Alex e81716e41e
Update drone config and add drone monitoring to prometheus 2022-08-30 15:48:32 +02:00
Quentin b5328c3341
Activate memory oversubscription+use it for Plume 2022-08-26 13:04:42 +02:00
Alex 72d033dcd4
Remove garage files at bad location, add basic telemetry 2022-08-25 13:59:40 +02:00
Alex fd3ed44dad
Disable netdata on prod (useless) 2022-08-25 12:34:02 +02:00
Quentin 3f9ad5edc3
Configure the final URL for Guichet 2022-08-25 04:46:42 +02:00
Quentin ec0e483d99
Add email support 2022-08-25 04:39:44 +02:00
Quentin ea1b0e9d19
Add a docker-compose for Jitsi 2022-08-25 01:06:06 +02:00
Quentin e37c1f9057
Deploy Matrix 2022-08-25 01:02:16 +02:00
Quentin 3be2659aa1
Make service addressable by zones 2022-08-24 21:06:48 +02:00
Quentin 00b754727d
Add postgres + WIP plume + fix diplonat 2022-08-24 19:54:15 +02:00
Alex 0d2d46f437
skip consul tls verify for diplonat and tricot (should be reverted?) 2022-08-24 18:19:04 +02:00
Alex cfb1d623d9
Reconfigure services to use correct tricot url, TLS fails 2022-08-24 17:31:08 +02:00
Alex 6ea18bf8ae
Add directory config for prod 2022-08-24 16:03:52 +02:00
Alex 41128f4c36
Clone core module in staging and prod, move bad stuff to experimental 2022-08-24 15:48:18 +02:00
Alex 2e8923b383
Move app files into cluster subdirectories; add prod garage 2022-08-24 15:42:47 +02:00
Alex 9848f3090f
Remove courgette from raft 2022-08-24 15:25:28 +02:00
Alex 6c51a6e484
Don't make diplotaxis and doradille raft servers, fix sshtool 2022-08-24 14:29:56 +02:00
Alex 468c6b702b
Add ipv6 gateway at neptune 2022-08-24 12:31:55 +02:00
Quentin 4253fd84a5
Wireguard configuration of Orion 2022-08-24 12:06:01 +02:00
Quentin 9e39677e1d
Fix IPv6 2022-08-24 11:06:55 +02:00
Alex e50e1c407d
Move prod to wireguard and not wesher, and reaffect IPs 2022-08-24 00:31:07 +02:00
Alex a7ac31cdf5
Affect cluster_ip in d* in correct prefix (10.83.0.0/16 for prod) 2022-08-23 23:22:23 +02:00
Quentin 88d57f8e34
Add new cluster nodes 2022-08-23 22:13:26 +02:00
Alex c81442dc01
Update README; DNS on prod 2022-06-01 15:27:11 +02:00
Alex 178107af0c
Network configuration updates 2022-05-09 00:20:02 +02:00
Alex 83dd3ea25a
Update network configuration 2022-05-08 14:42:18 +02:00
Alex 3df47c8440
Configuration for prod to run on Wesher & other new stuff 2022-05-04 17:38:54 +02:00
Alex 04f2bd48bb
Add some readme 2022-04-20 16:13:14 +02:00
Alex 823c8bd3ba
in prod also use LAN IPs when possible 2022-02-26 00:17:12 +01:00
Alex 6dc9281299
Add remote LUKS unlocking configuration 2022-02-25 17:52:17 +01:00
Alex fe3e529cf6
Use local DNS resolver instead of quad9 that wasn't working very well 2022-02-22 10:06:51 +01:00
Alex 73742f38a4
Firewall rules and netdata monitoring for Garage expansion 2022-02-09 22:57:52 +01:00
Alex b0010b309b
Config for prod cluster 2022-02-09 15:38:36 +01:00