8f4c78f39c
update woodpecker to 2.7.0
2024-08-25 09:56:03 +02:00
093951af05
cluster(prod): cryptpad, update pinned sources
2024-07-28 20:26:31 +02:00
e83f12f6a2
cluster(prod): Upgrade crytptpad to 2024.6.1
2024-07-28 20:26:31 +02:00
6c88813e8d
Merge pull request 'Update CryptPad to 2024.6.0' ( #31 ) from KokaKiwi/nixcfg:crytptpad-upgrade-2024.6.0 into main
...
Reviewed-on: Deuxfleurs/nixcfg#31
2024-07-22 17:04:09 +00:00
Baptiste Jonglez
7c9fed9e99
Temporary access to pamplemousse
2024-07-14 21:08:24 +02:00
Baptiste Jonglez
aebc4b900f
prod: Add new node pamplemousse
2024-07-14 17:51:25 +02:00
0cc08a1f2b
cluster(prod/app/cryptpad): Update CryptPad to 2024.6.0
2024-07-02 20:22:04 +02:00
1bcfc26c62
cluster(prod/app/cryptpad): Update pinned channel from nixos-23.11 to nixos-24.05
2024-07-02 20:21:22 +02:00
47d94b1ad0
intervention Jitsi
2024-07-02 19:09:34 +02:00
be88b5d274
cluster(prod): Add new ortie node
2024-06-27 16:27:09 +02:00
fa510688d7
update guichet
2024-06-24 13:52:18 +02:00
Baptiste Jonglez
fc83048b02
staging: move bottin and guichet to docker, sync with prod config
2024-06-23 22:29:14 +02:00
86026c5642
cluster(prod/cryptpad): Update cryptpad image on Nomad cluster
2024-06-23 11:55:16 +02:00
2f8b2c74f4
Merge pull request 'Upgrade cryptpad from 2024.3.0 to 2024.3.1' ( #27 ) from KokaKiwi/nixcfg:update-cryptpad-2024.3.1 into main
...
Reviewed-on: Deuxfleurs/nixcfg#27
Reviewed-by: maximilien <me@mricher.fr>
2024-06-23 09:05:41 +00:00
Baptiste Jonglez
7e88a88e04
prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
...
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"
See https://crt.sh
Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.
In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
Baptiste Jonglez
9fc22d72d4
garage: harmonize staging and prod (checks, services)
2024-06-08 16:43:18 +02:00
726f4b2f32
Merge pull request 'cluster(prod): Add dathomir site' ( #25 ) from KokaKiwi/nixcfg:add-dathomir into main
...
Reviewed-on: Deuxfleurs/nixcfg#25
Reviewed-by: maximilien <me@mricher.fr>
2024-05-26 21:04:01 +00:00
37a2f781eb
prod(cluster/dathomir): Open more SSH ports
2024-05-26 23:00:39 +02:00
435cbeebfb
cluster(prod): Add oseille
2024-05-26 18:24:28 +02:00
3776734e50
style: Fix spacetab in cluster/prod/ssh_config
2024-05-26 17:04:33 +02:00
57628b508e
cluster(prod): Add io
2024-05-26 17:04:18 +02:00
09c3d618e6
cluster/prod(app): Upgrade cryptpad from 2024.3.0 to 2024.3.1
2024-05-23 22:22:07 +02:00
ebfdc6d1a3
cluster/prod(app): Migrate from niv to npins for pinned sources for cryptpad
2024-05-23 22:21:11 +02:00
3e0df95fe9
use diplonat autodiscovery to set ip addr
2024-05-18 15:45:00 +02:00
602c003e1e
update neptune IP address
2024-05-18 15:27:48 +02:00
e746768de1
hotfix garage
2024-05-17 20:29:05 +02:00
a513690004
cluster(prod): Add dathomir site and onion node
2024-05-15 11:50:49 +02:00
f55891ba21
migration Cryptpad sur Courgette (Neptune) depuis Abricot (Scorpio), avec reconfiguration des backups
2024-05-12 22:02:22 +02:00
9a6935ac90
ajout Boris en admin sur Cryptpad
2024-05-12 20:35:04 +02:00
Armaël Guéneau
3b777ddeb6
Move emails from ananas (in scorpio) to celeri (in neptune)
2024-05-12 17:09:05 +02:00
28b58b3776
ajout max et vincent en admin cryptpad
2024-04-30 10:10:40 +02:00
Baptiste Jonglez
7db40a8dcf
Fix coturn that was failing with newer Nomad/Docker
...
Coturn was failing to start with the following error:
failed to create task for container: failed to create shim task: OCI
runtime create failed: runc create failed: unable to start container
process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied:
unknown
It seems to be caused by the recent NixOS update.
Either because Docker/runc is now more strict when checking if the
entrypoint is executable [1]
And/or because Nomad may mount the secrets directory with "noexec" [2].
In any case, the "local" directory [2] looks more appropriate, because
it's shared with the task while not being accessible to other tasks.
[1] https://github.com/opencontainers/runc/issues/3715
[2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem
2024-04-28 18:01:52 +02:00
Baptiste Jonglez
c56ce9134c
Update woodpecker to latest 2.4.1
2024-04-28 13:31:15 +02:00
1d40a3c7c0
Merge pull request 'Update Woodpecker to v2.4.0' ( #24 ) from tixie/nixcfg:update-woodpecker-2.4.0 into main
...
Reviewed-on: Deuxfleurs/nixcfg#24
2024-04-28 11:25:06 +00:00
Baptiste Jonglez
5dc7c3132b
Fix link in CI setup doc
2024-04-28 13:23:54 +02:00
e6bac83e02
Tricot ulimit
2024-04-25 09:13:06 +02:00
22fbadef2e
update woodpecker-agent to 2.4.0
2024-04-24 22:20:20 +02:00
43189a5fc2
update woodpecker-server to 2.4.0
2024-04-24 22:20:06 +02:00
ff7462b2c7
prod: update nomad to 1.6
2024-04-20 12:29:26 +02:00
972fc4ea7c
prod: nixos 23.11 and nomad 1.5
2024-04-20 10:58:36 +02:00
444306aa54
prod: allow woodpecker on neptune now with good ipv6
2024-04-20 10:20:04 +02:00
c6a1bb341f
prod: update nixos to 23.05
2024-04-20 10:09:55 +02:00
eddc95c5df
prod: update ip config for Free ISP at Neptune
2024-04-20 09:37:24 +02:00
27df86a7e5
fix pad when not in neptune, and allow android7 email to move to bespin
2024-04-19 08:53:48 +02:00
d817ad7b15
Merge branch 'poil'
2024-04-18 19:36:32 +02:00
1871f7bbff
ajout de Jill & Trinity en admins de CryptPad
2024-04-18 19:36:07 +02:00
18e73b18f3
Merge pull request 'cluster/prod(app): Upgrade CryptPad to 2024.3.0' ( #23 ) from KokaKiwi/nixcfg:crytptpad-upgrade-1 into main
...
Reviewed-on: Deuxfleurs/nixcfg#23
2024-04-18 17:35:36 +00:00
a817d764d3
déplacement du service cryptpad concombre -> abricot
2024-04-18 19:07:08 +02:00
9111997f84
cluster/prod(app): Add new CryptPad build files
2024-04-18 18:56:19 +02:00
d41e10bd25
cluster/prod(app): Upgrade CryptPad to 2024.3.0
2024-04-18 18:45:07 +02:00
718a23b74b
cluster/prod: Add kokakiwi to adminAccounts
2024-04-18 17:57:24 +02:00
96ead9a597
prod: garage v1.0.0-rc1
2024-04-01 20:11:24 +02:00
6152dc18d6
remove notice message for moderation
2024-03-29 15:48:21 +01:00
e4708a325d
add trinity.fr.eu.org to DKIM
2024-03-24 13:42:47 +00:00
05dcd1c6a6
Courderec.re domain in the DKIM table
2024-03-24 14:23:47 +01:00
8fdffdf12f
prod: remove drone-ci
2024-03-17 11:35:07 +01:00
d55c9610a9
ajout de marion et darkgallium
2024-03-16 18:53:18 +01:00
f228592473
Ajout de la regex dans le query parameter du http-bind aussi
2024-03-11 08:37:40 +01:00
263dad0243
ajout redirection nginx des salons Jitsi suspects
2024-03-10 21:05:43 +01:00
aaf95aa110
added notice message on Jitsi about our monitoring
2024-03-10 20:39:41 +01:00
6544cd3e14
increased Jitsi logs a bit
2024-03-09 12:56:34 +01:00
54f7cb670d
Update lightstream and grafana
2024-03-09 11:41:46 +01:00
3ca0203753
store real IP from Jitsi
2024-03-08 21:25:43 +01:00
dde6ece4db
prod: give more memory to promehteus
2024-03-08 12:03:48 +01:00
3d75b5a0bd
remove orsay extra service
2024-03-06 15:15:21 +01:00
eb40718bee
force woodpecker on scorpio
2024-03-04 15:38:21 +01:00
62bd80a346
garage: update to v0.9.2 final
2024-03-01 18:11:36 +01:00
71e959ee79
prod: update to garage 0.9.2-rc1
2024-02-29 16:19:21 +01:00
5f0cec7d3e
woodpecker-ci: higher affinity to scorpio
2024-02-28 11:42:39 +01:00
f724e81239
add automatic subdomains for v4 and v6 per site for dashboard
2024-02-14 09:28:31 +01:00
82500758f6
prod: unpin woodpecker
2024-02-13 17:32:01 +01:00
c2e0e12dc8
add woodpecker agent instructions
2024-02-09 11:29:03 +01:00
52cfe54129
prod: install woodpecker-ci
2024-02-08 16:10:39 +01:00
9d77b5863a
added URL to redirect
2024-02-05 00:43:14 +01:00
4cddb15fa4
prod: updat external services
2024-01-31 19:04:02 +01:00
be0cbea19b
ajout clé ssh boris, aeddis et vincent
2024-01-17 20:07:48 +01:00
a21493745d
prod: update diplonat and make garage restart on template changes again
...
Diplonat update prevents unnecessary flapping of autodiscovered ip
addresses, which was the cause of useless restarts of the garage daemon.
But in principle we want Garage to be restarted if the ipv6 address
changes as it indicates changes in the network.
2024-01-17 12:38:53 +01:00
3b34e3c2f5
upgraded postfix to fix smtp smuggling cve
...
https://security-tracker.debian.org/tracker/source-package/postfix
https://www.postfix.org/smtp-smuggling.html
2023-12-25 14:09:57 +01:00
ac42e95f1a
update smtp server security conf
2023-12-25 14:00:36 +01:00
Baptiste Jonglez
55c9b89cb2
Revert "Revert "garage prod: use dynamically determined ipv6 addresses""
...
Quentin's fix seems to work fine.
This reverts commit e5f3b6ef0a
.
2023-12-19 09:27:40 +01:00
Baptiste Jonglez
e5f3b6ef0a
Revert "garage prod: use dynamically determined ipv6 addresses"
...
This partially reverts commit 47e982b29d
.
This leads to invalid config:
Dec 19 08:23:09 courgette 25f10ae4271c[781]: 2023-12-19T07:23:09.087813Z INFO garage::server: Loading configuration...
Dec 19 08:23:09 courgette 25f10ae4271c[781]: Error: TOML decode error: TOML parse error at line 16, column 17
Dec 19 08:23:09 courgette 25f10ae4271c[781]: |
Dec 19 08:23:09 courgette 25f10ae4271c[781]: 16 | rpc_bind_addr = "[<no value>]:3901"
Dec 19 08:23:09 courgette 25f10ae4271c[781]: | ^^^^^^^^^^^^^^^^^^^
Dec 19 08:23:09 courgette 25f10ae4271c[781]: invalid socket address syntax
Dec 19 08:23:09 courgette 25f10ae4271c[781]:
2023-12-19 08:38:12 +01:00
516ab9ad91
stop reloading config file
2023-12-19 08:36:26 +01:00
16168b916e
tricot upgrade
2023-12-14 10:59:40 +01:00
47e982b29d
garage prod: use dynamically determined ipv6 addresses
2023-12-13 17:33:56 +01:00
d694ddbe2c
Move garage's redirections to a dedicated service
...
Reason:
- do not slow down the garage web endpoint
- required now that we map domain name to a garage bucket
2023-12-04 12:32:46 +01:00
0c3db22de6
fix bagage
2023-12-04 12:19:00 +01:00
af242486a3
add degrowth
2023-12-04 12:16:41 +01:00
23690238c9
add a sftp domain name
2023-12-02 11:52:35 +01:00
7da4510ee8
tricot update
2023-12-01 16:02:09 +01:00
52044402ac
add some redirections
2023-11-29 17:08:13 +01:00
d14fc2516c
Upgrade tricot
2023-11-29 16:58:37 +01:00
c1d307d7a9
matrix: add memory to async media upload after oom crash
2023-11-27 13:56:47 +01:00
9c6f98f4b8
fix cryptpad backup
2023-11-27 13:43:42 +01:00
a2654529c7
prod: update synapse and element
2023-11-15 16:39:11 +01:00
b1e0397265
revert prometheus scraping on openwrt
2023-11-08 16:21:20 +01:00
a46aa03fe2
prod: add monitoring of openwrt router
2023-11-08 16:14:33 +01:00
a6b84527b0
fix typo
2023-10-30 12:15:30 +01:00
3c22659d90
ajout de domaines d'Esther
2023-10-30 12:00:21 +01:00
79f380c72d
directory
2023-10-30 11:55:25 +01:00
78ed3864d7
update bagage version with cors allow all
2023-10-16 16:16:18 +02:00