Commit graph

305 commits

Author SHA1 Message Date
1048456fbf
switch postfix to ipv4 as we have no reverse dns on ipv6 2023-07-08 14:48:34 +02:00
03658e8f7b
ajout pointecouteau 2023-06-28 15:35:37 +02:00
8ebd35730c added estherbouquet.com to DKIM signing table 2023-06-24 18:02:29 +02:00
1d19bae7a1 remove postgres replica on concombre 2023-06-12 19:58:03 +02:00
3fcda94aa0 undo remove postgres from diplotaxis 2023-06-12 16:19:57 +02:00
3e40bfcca9 add stolon replica on abricot instead of diplotaxis 2023-06-12 13:41:42 +02:00
e06d6b14a3 add ananas, set it raft server instead of dahlia 2023-06-12 13:41:34 +02:00
14b59ba4b0 màj config gitea 2023-06-02 15:40:43 +02:00
c31de0e94f tricot passthrough of external services at neptune 2023-05-24 10:18:02 +02:00
efd5ec3323 Remove plume backup job (not usefull anymore) 2023-05-16 15:39:36 +02:00
8a75be4d43 Merge pull request 'prod: Plume with S3 storage backend' (#13) from plume-s3 into main
Reviewed-on: Deuxfleurs/nixcfg#13
2023-05-16 13:38:07 +00:00
4ca45cf1d4 updated d53 on prod 2023-05-16 15:35:06 +02:00
76b7f86d22 use RA on orion as well 2023-05-16 14:14:27 +02:00
560486bc50 prod plume with s3 backend 2023-05-15 17:30:41 +02:00
9cef48a6c2 Merge branch 'main' into simplify-network-config 2023-05-12 18:45:58 +02:00
258d27c566 deploy tricot at bespin, register gitea (not accessed yet) 2023-05-09 15:12:03 +02:00
04464f632f Export all Grafana dashboards 2023-05-09 12:29:37 +02:00
24cf7ddd91 Merge branch 'main' into simplify-network-config 2023-05-09 12:20:35 +02:00
24192cc61a
Update telemetry stack apps 2023-05-07 23:46:48 +02:00
b73c39c7c1 multi-zone matrix 2023-05-04 17:00:31 +02:00
e375304c38 orient SoGo and Synapse to closest psql-proxy; psql backup anywhere 2023-05-04 16:48:22 +02:00
f3cd2e98b4 multisite postgres, orient plume to correct db 2023-05-04 16:39:25 +02:00
Baptiste Jonglez
e23b523467 Add infinite restart policy for postgresql 2023-05-03 08:53:59 +02:00
607add3161 make specifying an ipv6 fully optionnal 2023-04-21 14:36:10 +02:00
c4598bd84f Diplonat on bespin, ipv6-only 2023-04-21 12:03:35 +02:00
0b3332fd32 break out core services into separate files 2023-04-21 11:55:24 +02:00
a9e9149739 Fix unbound; remove Nixos firewall (use only diplonat) 2023-04-21 11:29:15 +02:00
529480b133 Merge branch 'main' into simplify-network-config 2023-04-21 10:31:05 +02:00
af82308e84 Garage backup to SFTP target hosted by Max 2023-04-20 12:10:07 +02:00
9737c661a4 Merge branch 'main' into simplify-network-config 2023-04-19 20:15:03 +02:00
57aa2ce1d2
interface gestion site web guichet 2023-04-19 15:20:49 +02:00
a614f495ad
allow memory overprovisionning 2023-04-08 10:43:42 +02:00
0e4c641db7
redeploy bagage 2023-04-05 15:50:53 +02:00
c08bc17cc0 Adapt prod config to new parameters 2023-04-05 14:09:04 +02:00
c9f122bcd3 diplonat with ipv6 firewall support; email ipv6 addresses in dns 2023-04-04 14:13:57 +02:00
d83d230aee added luxeylab to dkim signingtable 2023-03-30 18:09:12 +02:00
2de291e9b7
upgrade bottin + remove bespin 2023-03-26 10:14:04 +02:00
53b9cfd838 wgautomesh actually on prod 2023-03-24 12:01:38 +01:00
8e29ee3b0b backup memory 2023-03-24 11:29:07 +01:00
4a56b3360f
upgrade matrix 2023-03-22 22:23:37 +01:00
b7c4f94ebd Add Garage backup script running on Abricot 2023-03-20 16:47:22 +01:00
eec09724fe
socat proxy 2023-03-20 10:45:40 +01:00
bebbf5bd8b
wip rsa-ecc proxy 2023-03-20 09:45:05 +01:00
870511931a abricot fixed ipv6 2023-03-17 16:22:24 +01:00
a6c791d342 remove email-in 2023-03-17 13:44:48 +01:00
28e7503b27 virguuuule 2023-03-17 10:04:21 +01:00
fe2eda1702 configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself) 2023-03-16 15:48:52 +01:00
81d3c0e03a d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall) 2023-03-16 14:42:47 +01:00
1c623c796a update garage and let it use more ram 2023-03-16 14:18:59 +01:00
e4065dade8 added Consul Registration of personal services (for Adrien's personal stuff) 2023-03-15 18:55:09 +01:00
f7be968531 TODOs in deuxfleurs.nix because the old world is maybe mixing with the new 2023-03-15 18:19:01 +01:00
f6c4576b6c added forgotten new files for scorpio/abricot 2023-03-15 17:30:35 +01:00
031d029e10 added scorpio site and abricot node 2023-03-15 17:10:38 +01:00
385882c74c Changes in prod:
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
2023-03-13 19:58:37 +01:00
d56f895a1c
integrate turn in matrix 2023-03-11 12:37:57 +01:00
6b8a94ba2e
wip coturn 2023-03-11 11:44:17 +01:00
6a287ffb57 prod: garage v0.8.1 2023-03-06 14:39:12 +01:00
49cc83db21
use https links 2023-02-28 10:51:34 +01:00
4ef04f7971
add teabag (for static cms) 2023-02-27 18:42:38 +01:00
a4eb0b2b56 increased jitsi's priority so that it is above Matrix's 2023-02-20 16:43:29 +01:00
0b1fccac1c Prod: guichet with mailing list edition interface 2023-02-08 16:58:12 +01:00
69f1950b55
bespin 2023-02-03 13:39:48 +01:00
87fc43d5e6
remove feature flags 2023-02-02 16:30:24 +01:00
a3ade938e0
update config with some flags, not sure 2023-02-02 16:21:43 +01:00
67bcd07056
upgrade prod tentative 1 2023-02-02 15:37:43 +01:00
a3ca27055d
fix integration 2023-02-02 15:32:40 +01:00
2d6616195f
upgrade the building logic 2023-02-02 14:48:59 +01:00
6445d55e3e
upgarde jitsi config 2023-02-02 08:48:19 +01:00
535b28945d
improve jitsi conf 2023-02-02 08:24:50 +01:00
8e76707c44
fix tricot hostname on prod 2023-01-11 22:18:52 +01:00
3a8588a1ea
Open ports 80 and 443 on all Orion nodes 2023-01-04 11:10:10 +01:00
c11b6499b8
prod: deploy d53 2023-01-04 09:35:40 +01:00
6478560087
prod: update tricot 2023-01-03 21:14:02 +01:00
fe805b6bab
Fix prometheus ssl certs 2023-01-03 21:00:10 +01:00
606668e25e
fill in cname_target and public_ipv4 for prod cluster 2023-01-03 19:27:35 +01:00
0d8c6a2d45
Remove obsolete Matrix TLS keys 2022-12-25 23:54:55 +01:00
0becfc2571
Merge branch 'main' into new-secretmgr 2022-12-25 23:47:52 +01:00
b63c03f635
refactor ssh config and move known_hosts 2022-12-25 23:45:53 +01:00
40f5670753
Remove old way of doing email certs (self-signed) 2022-12-25 23:03:37 +01:00
3b74376191
update drone secrets for rotation 2022-12-25 22:50:20 +01:00
8cee3b0043
Update prod secret files 2022-12-25 22:45:05 +01:00
87bb031ed0
Migrate prod cluster secrets to new format 2022-12-25 22:31:18 +01:00
8d17a07c9b
reorganize some things 2022-12-24 22:59:37 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion) 2022-12-11 22:37:28 +01:00
1d4599fc1c
prod: update tricot and reduce resource constraints 2022-12-07 12:03:15 +01:00
5bed1e66db
update alps 2022-12-06 16:14:57 +01:00
724f0ccfec
Tricot: updated with enough bins for histogram data 2022-12-06 15:11:35 +01:00
14bea296da
prod: enable site load balancing in tricot 2022-12-06 14:43:58 +01:00
6036f5a1b7
deploy tricot metrics on production 2022-12-06 14:41:53 +01:00
195e340f56
prod: more agressive restart on core services 2022-12-01 17:03:20 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound 2022-11-28 10:19:48 +01:00
6659deb544
Add Baptiste ; fix wireguard 2022-11-22 12:09:28 +01:00
eac950c47f
Upgrade to garage v0.8.0-rc2 2022-11-16 11:57:11 +01:00
9e19b2b5a2
Update ssh keys 2022-11-09 18:35:17 +01:00
cade21aa24
Give more resources to core stuff 2022-11-04 12:29:43 +01:00
b37c4b3196
Updated drone version 2022-11-04 11:09:19 +01:00
40d5665ffe
Upgrade Matrix but disable URL preview 2022-10-28 09:45:00 +02:00
4584b39639
Update celeri config 2022-10-18 15:44:15 +02:00
27214332e9
IPv6 by FDN 2022-10-16 19:10:51 +02:00
5613ed9908
Complete telemetry configuration 2022-10-16 18:12:57 +02:00
42409de1b1 Deploy garage on bespin 2022-10-16 14:17:12 +00:00
a69a71ca00 Add mounts on bespin + tlsproxy 2022-10-16 14:17:12 +00:00
e6f118adb0 Celeri is no more a raft server 2022-10-16 14:17:12 +00:00
2eecece831 Fix typo on IP, add keys 2022-10-16 14:17:12 +00:00
mricher
c48a7e80c3 Fix key 2022-10-16 14:17:12 +00:00
mricher
8797d4450a Add cluster configuration 2022-10-16 14:17:12 +00:00
mricher
6bafa20bf6 Add bespin machines 2022-10-16 14:17:12 +00:00
6942355d43
update readme.md 2022-10-16 11:04:46 +02:00
3247bf69cf
move grafana-new. to grafana. 2022-10-13 11:01:45 +02:00
f4689d25de
Change email address for let's encrypt expiry notifications 2022-10-09 22:57:55 +02:00
b4e737afdf
Rotate ssh key 2022-10-09 17:46:59 +02:00
c239e34a25
IPv6 prefix at Neptune changed again 2022-10-09 17:07:47 +02:00
e8cdd6864a
Split garage deployments in 2 categories
- The ones that will receive some traffic from tricot
 - The ones "only for storage" that will not receive traffic from tricot
2022-10-08 22:23:19 +02:00
711b788eb4
Fix restic forget commands 2022-09-26 13:05:53 +02:00
5b88919746
Move cryptpad backup job to backup-daily.hcl 2022-09-26 13:02:38 +02:00
535c90b38e
Replace Adrien's SSH key 2022-09-26 11:37:48 +02:00
72606368bf
Force Garage to use ipv6 connectivity 2022-09-15 11:57:24 +02:00
39fbbbe863
Change ipv6 tunnel server 2022-09-09 17:23:23 +02:00
be0d7a7ccc
Drone integration files for new version (Nix runners) 2022-09-09 12:24:11 +02:00
2695fe4ae8
Force IPv4 when sending to gmail
Because Free does not provide rDNS on IPv6
so GMail complains that it does not find a PTR record
for our IPv6 address
2022-09-07 08:13:15 +02:00
02c65de5fe
Restart backups 2022-09-01 18:05:50 +02:00
1749a98e86
Update LDAP configuration 2022-08-31 10:25:58 +02:00
e81716e41e
Update drone config and add drone monitoring to prometheus 2022-08-30 15:48:32 +02:00
b5328c3341
Activate memory oversubscription+use it for Plume 2022-08-26 13:04:42 +02:00
72d033dcd4
Remove garage files at bad location, add basic telemetry 2022-08-25 13:59:40 +02:00
fd3ed44dad
Disable netdata on prod (useless) 2022-08-25 12:34:02 +02:00
3f9ad5edc3
Configure the final URL for Guichet 2022-08-25 04:46:42 +02:00
ec0e483d99
Add email support 2022-08-25 04:39:44 +02:00
ea1b0e9d19
Add a docker-compose for Jitsi 2022-08-25 01:06:06 +02:00
e37c1f9057
Deploy Matrix 2022-08-25 01:02:16 +02:00
3be2659aa1
Make service addressable by zones 2022-08-24 21:06:48 +02:00
00b754727d
Add postgres + WIP plume + fix diplonat 2022-08-24 19:54:15 +02:00
0d2d46f437
skip consul tls verify for diplonat and tricot (should be reverted?) 2022-08-24 18:19:04 +02:00
cfb1d623d9
Reconfigure services to use correct tricot url, TLS fails 2022-08-24 17:31:08 +02:00
6ea18bf8ae
Add directory config for prod 2022-08-24 16:03:52 +02:00
41128f4c36
Clone core module in staging and prod, move bad stuff to experimental 2022-08-24 15:48:18 +02:00
2e8923b383
Move app files into cluster subdirectories; add prod garage 2022-08-24 15:42:47 +02:00
9848f3090f
Remove courgette from raft 2022-08-24 15:25:28 +02:00
6c51a6e484
Don't make diplotaxis and doradille raft servers, fix sshtool 2022-08-24 14:29:56 +02:00
468c6b702b
Add ipv6 gateway at neptune 2022-08-24 12:31:55 +02:00
4253fd84a5
Wireguard configuration of Orion 2022-08-24 12:06:01 +02:00
9e39677e1d
Fix IPv6 2022-08-24 11:06:55 +02:00
e50e1c407d
Move prod to wireguard and not wesher, and reaffect IPs 2022-08-24 00:31:07 +02:00
a7ac31cdf5
Affect cluster_ip in d* in correct prefix (10.83.0.0/16 for prod) 2022-08-23 23:22:23 +02:00
88d57f8e34
Add new cluster nodes 2022-08-23 22:13:26 +02:00
c81442dc01
Update README; DNS on prod 2022-06-01 15:27:11 +02:00
178107af0c
Network configuration updates 2022-05-09 00:20:02 +02:00
83dd3ea25a
Update network configuration 2022-05-08 14:42:18 +02:00
3df47c8440
Configuration for prod to run on Wesher & other new stuff 2022-05-04 17:38:54 +02:00
04f2bd48bb
Add some readme 2022-04-20 16:13:14 +02:00
823c8bd3ba
in prod also use LAN IPs when possible 2022-02-26 00:17:12 +01:00
6dc9281299
Add remote LUKS unlocking configuration 2022-02-25 17:52:17 +01:00
fe3e529cf6
Use local DNS resolver instead of quad9 that wasn't working very well 2022-02-22 10:06:51 +01:00
73742f38a4
Firewall rules and netdata monitoring for Garage expansion 2022-02-09 22:57:52 +01:00
b0010b309b
Config for prod cluster 2022-02-09 15:38:36 +01:00