88f8f9fd1e
staging: add automatic dns names for staging machines
2024-01-17 20:25:35 +01:00
be0cbea19b
ajout clé ssh boris, aeddis et vincent
2024-01-17 20:07:48 +01:00
a21493745d
prod: update diplonat and make garage restart on template changes again
...
Diplonat update prevents unnecessary flapping of autodiscovered ip
addresses, which was the cause of useless restarts of the garage daemon.
But in principle we want Garage to be restarted if the ipv6 address
changes as it indicates changes in the network.
2024-01-17 12:38:53 +01:00
56e4dd954f
staging: add ram for im replicate-db
2024-01-16 16:30:33 +01:00
102152a14e
staging: garage v0.9.1-pre (not yet released nor tagged), diplonat with STUN flapping fix
2024-01-16 16:10:29 +01:00
3b34e3c2f5
upgraded postfix to fix smtp smuggling cve
...
https://security-tracker.debian.org/tracker/source-package/postfix
https://www.postfix.org/smtp-smuggling.html
2023-12-25 14:09:57 +01:00
ac42e95f1a
update smtp server security conf
2023-12-25 14:00:36 +01:00
Baptiste Jonglez
55c9b89cb2
Revert "Revert "garage prod: use dynamically determined ipv6 addresses""
...
Quentin's fix seems to work fine.
This reverts commit e5f3b6ef0a
.
2023-12-19 09:27:40 +01:00
Baptiste Jonglez
e5f3b6ef0a
Revert "garage prod: use dynamically determined ipv6 addresses"
...
This partially reverts commit 47e982b29d
.
This leads to invalid config:
Dec 19 08:23:09 courgette 25f10ae4271c[781]: 2023-12-19T07:23:09.087813Z INFO garage::server: Loading configuration...
Dec 19 08:23:09 courgette 25f10ae4271c[781]: Error: TOML decode error: TOML parse error at line 16, column 17
Dec 19 08:23:09 courgette 25f10ae4271c[781]: |
Dec 19 08:23:09 courgette 25f10ae4271c[781]: 16 | rpc_bind_addr = "[<no value>]:3901"
Dec 19 08:23:09 courgette 25f10ae4271c[781]: | ^^^^^^^^^^^^^^^^^^^
Dec 19 08:23:09 courgette 25f10ae4271c[781]: invalid socket address syntax
Dec 19 08:23:09 courgette 25f10ae4271c[781]:
2023-12-19 08:38:12 +01:00
516ab9ad91
stop reloading config file
2023-12-19 08:36:26 +01:00
16168b916e
tricot upgrade
2023-12-14 10:59:40 +01:00
47e982b29d
garage prod: use dynamically determined ipv6 addresses
2023-12-13 17:33:56 +01:00
d694ddbe2c
Move garage's redirections to a dedicated service
...
Reason:
- do not slow down the garage web endpoint
- required now that we map domain name to a garage bucket
2023-12-04 12:32:46 +01:00
0c3db22de6
fix bagage
2023-12-04 12:19:00 +01:00
af242486a3
add degrowth
2023-12-04 12:16:41 +01:00
23690238c9
add a sftp domain name
2023-12-02 11:52:35 +01:00
7da4510ee8
tricot update
2023-12-01 16:02:09 +01:00
52044402ac
add some redirections
2023-11-29 17:08:13 +01:00
d14fc2516c
Upgrade tricot
2023-11-29 16:58:37 +01:00
c1d307d7a9
matrix: add memory to async media upload after oom crash
2023-11-27 13:56:47 +01:00
9c6f98f4b8
fix cryptpad backup
2023-11-27 13:43:42 +01:00
a2654529c7
prod: update synapse and element
2023-11-15 16:39:11 +01:00
b1e0397265
revert prometheus scraping on openwrt
2023-11-08 16:21:20 +01:00
a46aa03fe2
prod: add monitoring of openwrt router
2023-11-08 16:14:33 +01:00
a6b84527b0
fix typo
2023-10-30 12:15:30 +01:00
3c22659d90
ajout de domaines d'Esther
2023-10-30 12:00:21 +01:00
79f380c72d
directory
2023-10-30 11:55:25 +01:00
Baptiste Jonglez
a214496d8c
[staging] Update known_hosts
2023-10-22 21:28:10 +02:00
Baptiste Jonglez
b1630cfa8e
[staging] Update garage to v0.9.0
2023-10-22 21:27:55 +02:00
Baptiste Jonglez
d396f35235
Update IP for piranha.corrin
2023-10-22 20:17:33 +02:00
78ed3864d7
update bagage version with cors allow all
2023-10-16 16:16:18 +02:00
ea8b2e8c82
màj garage prod
2023-10-16 14:54:16 +02:00
fbffe1f0dc
staging: update guichet with website management
2023-10-05 18:51:13 +02:00
c790f6f3e1
staging: reaffect raft leaders
2023-10-05 13:48:29 +02:00
e94cb54661
prod: add matrix syncv3 daemon
2023-10-04 11:51:04 +02:00
525f04515e
staging: deploy garage v0.9.0-rc1
2023-10-04 10:44:17 +02:00
2e3725e8a2
staging: disable jaeger; update diplonat
2023-10-03 22:56:41 +02:00
56e19ff2e5
remove default HTTP CSP, put your CSP in your HTML
2023-10-03 16:00:11 +02:00
9e113416ac
fix update guichet
2023-10-03 15:58:20 +02:00
7c7adc76b4
Set sogo as debug
2023-10-03 08:33:29 +02:00
c4f3dece14
update tricot
2023-10-02 16:59:01 +02:00
4e20eb43b3
cryptpad: ajout alex admin
2023-09-22 15:42:02 +02:00
f139238c17
staging: update garage to 0.8.4
2023-09-11 23:28:29 +02:00
ba3e24c41e
added Adrien in admins for CryptPad
2023-09-08 11:31:49 +02:00
9b8882c250
add missing d53 tags for sogo and alps
2023-09-04 19:15:09 +02:00
a490f082bc
prod: remove all apps from orion, add some missing in scorpio
2023-09-04 19:05:18 +02:00
e42ed08788
fix Jitsi public IPv4 config
2023-08-31 18:08:46 +02:00
1340fb6962
upgraded backups
2023-08-29 11:51:18 +02:00
3d925a4505
move emails to lille
2023-08-29 11:43:45 +02:00
b688a1bbb9
increase sogo RAM
2023-08-28 09:50:46 +02:00
7dd8153653
màj tricot
2023-08-27 18:07:30 +02:00
ecb4cabcf0
prod garage: add health check using admin api's '/health'
2023-08-27 13:56:51 +02:00
8e304e8f5f
staging im-nix: add sqlite
2023-08-27 13:36:36 +02:00
be8484b494
[tricot] warmup memory store on boot
2023-08-09 10:40:08 +02:00
ca3283d6a7
upgrade matrix
2023-08-07 12:13:56 +02:00
0c9ea6bc56
disable network fingerprinting in nomad
2023-08-07 11:17:40 +02:00
e7a3582c4e
Update telemetry stack to grafana 10.0.3 & co
2023-08-06 13:45:46 +02:00
aaa80ae678
final csp
2023-07-23 14:36:04 +02:00
233556e9ef
Simpler IPv6 config for Garage
2023-07-23 14:06:36 +02:00
132ad670a1
lines
2023-07-23 13:59:35 +02:00
1048456fbf
switch postfix to ipv4 as we have no reverse dns on ipv6
2023-07-08 14:48:34 +02:00
919004ae79
albatros 0.9-rc3
2023-07-08 14:38:00 +02:00
03658e8f7b
ajout pointecouteau
2023-06-28 15:35:37 +02:00
8ebd35730c
added estherbouquet.com to DKIM signing table
2023-06-24 18:02:29 +02:00
effe155248
Add armael to staging and ssh key for max
2023-06-24 17:14:34 +02:00
6c12a71ecb
Deploy nixos 23.05 on staging and other staging fixes
2023-06-13 11:56:10 +02:00
1d19bae7a1
remove postgres replica on concombre
2023-06-12 19:58:03 +02:00
3fcda94aa0
undo remove postgres from diplotaxis
2023-06-12 16:19:57 +02:00
3e40bfcca9
add stolon replica on abricot instead of diplotaxis
2023-06-12 13:41:42 +02:00
e06d6b14a3
add ananas, set it raft server instead of dahlia
2023-06-12 13:41:34 +02:00
1a11ff4202
staging: updated garage with new consul registration
2023-06-02 16:37:13 +02:00
14b59ba4b0
màj config gitea
2023-06-02 15:40:43 +02:00
c31de0e94f
tricot passthrough of external services at neptune
2023-05-24 10:18:02 +02:00
ff13616887
staging: dev garage with fixed k2v double-urlencoding
2023-05-19 12:53:10 +02:00
efd5ec3323
Remove plume backup job (not usefull anymore)
2023-05-16 15:39:36 +02:00
8a75be4d43
Merge pull request 'prod: Plume with S3 storage backend' ( #13 ) from plume-s3 into main
...
Reviewed-on: Deuxfleurs/nixcfg#13
2023-05-16 13:38:07 +00:00
4ca45cf1d4
updated d53 on prod
2023-05-16 15:35:06 +02:00
aee3a09471
Merge pull request 'Simplify network configuration' ( #11 ) from simplify-network-config into main
...
Reviewed-on: Deuxfleurs/nixcfg#11
2023-05-16 13:19:33 +00:00
76b7f86d22
use RA on orion as well
2023-05-16 14:14:27 +02:00
560486bc50
prod plume with s3 backend
2023-05-15 17:30:41 +02:00
2488ad0ac2
staging plume: cleanup and update
2023-05-15 13:36:38 +02:00
9cef48a6c2
Merge branch 'main' into simplify-network-config
2023-05-12 18:45:58 +02:00
5c7a8c72d8
first plume on staging with S3 backend
2023-05-12 18:45:20 +02:00
258d27c566
deploy tricot at bespin, register gitea (not accessed yet)
2023-05-09 15:12:03 +02:00
04464f632f
Export all Grafana dashboards
2023-05-09 12:29:37 +02:00
24cf7ddd91
Merge branch 'main' into simplify-network-config
2023-05-09 12:20:35 +02:00
24192cc61a
Update telemetry stack apps
2023-05-07 23:46:48 +02:00
b73c39c7c1
multi-zone matrix
2023-05-04 17:00:31 +02:00
e375304c38
orient SoGo and Synapse to closest psql-proxy; psql backup anywhere
2023-05-04 16:48:22 +02:00
f3cd2e98b4
multisite postgres, orient plume to correct db
2023-05-04 16:39:25 +02:00
6c07a42978
different wgautomesh gossip ports for prod and staging
2023-05-04 13:39:33 +02:00
Baptiste Jonglez
e23b523467
Add infinite restart policy for postgresql
2023-05-03 08:53:59 +02:00
607add3161
make specifying an ipv6 fully optionnal
2023-04-21 14:36:10 +02:00
c4598bd84f
Diplonat on bespin, ipv6-only
2023-04-21 12:03:35 +02:00
0b3332fd32
break out core services into separate files
2023-04-21 11:55:24 +02:00
a9e9149739
Fix unbound; remove Nixos firewall (use only diplonat)
2023-04-21 11:29:15 +02:00
529480b133
Merge branch 'main' into simplify-network-config
2023-04-21 10:31:05 +02:00
b4e82e37e4
diplonat with fixed iptables thing
2023-04-20 15:13:13 +02:00
af82308e84
Garage backup to SFTP target hosted by Max
2023-04-20 12:10:07 +02:00
e5f9f3c849
increase diplonat ram
2023-04-19 21:05:47 +02:00
0372df95b5
staging: fix consul server addresses
2023-04-19 20:36:24 +02:00
9737c661a4
Merge branch 'main' into simplify-network-config
2023-04-19 20:15:03 +02:00
57aa2ce1d2
interface gestion site web guichet
2023-04-19 15:20:49 +02:00
a614f495ad
allow memory overprovisionning
2023-04-08 10:43:42 +02:00
07f50f297a
D53 with addresses from DiploNAT autodiscovery; diplonat fw opening for tricot
2023-04-05 16:30:28 +02:00
0e4c641db7
redeploy bagage
2023-04-05 15:50:53 +02:00
c08bc17cc0
Adapt prod config to new parameters
2023-04-05 14:09:04 +02:00
16422d2809
introduce back static ipv4 prefix lenght but with default value
2023-04-05 14:04:11 +02:00
dec4ea479d
Allow for IPv6 with RA disabled by manually providing gateway
2023-04-05 13:27:18 +02:00
cb8d7e92d2
staging: ipv6-only diplonat for automatic address discovery
2023-04-05 10:25:22 +02:00
c9f122bcd3
diplonat with ipv6 firewall support; email ipv6 addresses in dns
2023-04-04 14:13:57 +02:00
d83d230aee
added luxeylab to dkim signingtable
2023-03-30 18:09:12 +02:00
2de291e9b7
upgrade bottin + remove bespin
2023-03-26 10:14:04 +02:00
ecfab3c628
Merge branch 'main' into simplify-network-config
2023-03-24 15:35:27 +01:00
96566ae523
refactor configuration syntax
2023-03-24 15:26:39 +01:00
e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
Baptiste Jonglez
8ae9ec6514
Update piranha IP again
2023-03-24 13:01:24 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
5cd69a9ba1
Merge branch 'main' into wgautomesh
2023-03-24 11:29:14 +01:00
8e29ee3b0b
backup memory
2023-03-24 11:29:07 +01:00
4a56b3360f
upgrade matrix
2023-03-22 22:23:37 +01:00
b7c4f94ebd
Add Garage backup script running on Abricot
2023-03-20 16:47:22 +01:00
eec09724fe
socat proxy
2023-03-20 10:45:40 +01:00
bebbf5bd8b
wip rsa-ecc proxy
2023-03-20 09:45:05 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
870511931a
abricot fixed ipv6
2023-03-17 16:22:24 +01:00
a6c791d342
remove email-in
2023-03-17 13:44:48 +01:00
28e7503b27
virguuuule
2023-03-17 10:04:21 +01:00
fd4f601ee0
Merge pull request 'configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)' ( #8 ) from feat/d53-email into main
...
Reviewed-on: Deuxfleurs/nixcfg#8
2023-03-17 08:53:27 +00:00
551988c808
do not allow stale information reading
2023-03-16 17:01:17 +01:00
6fe8ef6eed
update albatros
2023-03-16 16:53:16 +01:00
8b67c48c52
Fix consul port
2023-03-16 16:19:35 +01:00
7bf1467cb1
add albatros
2023-03-16 15:52:13 +01:00
fe2eda1702
configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)
2023-03-16 15:48:52 +01:00
81d3c0e03a
d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall)
2023-03-16 14:42:47 +01:00
1c623c796a
update garage and let it use more ram
2023-03-16 14:18:59 +01:00
e4065dade8
added Consul Registration of personal services (for Adrien's personal stuff)
2023-03-15 18:55:09 +01:00
f7be968531
TODOs in deuxfleurs.nix because the old world is maybe mixing with the new
2023-03-15 18:19:01 +01:00
2a0eff07c0
fix cleanup of deploypass
2023-03-15 17:49:31 +01:00
f6c4576b6c
added forgotten new files for scorpio/abricot
2023-03-15 17:30:35 +01:00
031d029e10
added scorpio site and abricot node
2023-03-15 17:10:38 +01:00
c681f63222
alloc more mem
2023-03-14 18:37:28 +01:00
d2b8b0c517
wip homemade ci?
2023-03-14 17:32:49 +01:00
385882c74c
Changes in prod:
...
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
2023-03-13 19:58:37 +01:00
d56f895a1c
integrate turn in matrix
2023-03-11 12:37:57 +01:00
6b8a94ba2e
wip coturn
2023-03-11 11:44:17 +01:00
850ea784e7
staging updates
2023-03-09 11:08:33 +01:00
6a287ffb57
prod: garage v0.8.1
2023-03-06 14:39:12 +01:00
Baptiste Jonglez
3eb5e21f9d
New IP for piranha
2023-03-06 14:30:22 +01:00
49cc83db21
use https links
2023-02-28 10:51:34 +01:00
4ef04f7971
add teabag (for static cms)
2023-02-27 18:42:38 +01:00
a4eb0b2b56
increased jitsi's priority so that it is above Matrix's
2023-02-20 16:43:29 +01:00
0b1fccac1c
Prod: guichet with mailing list edition interface
2023-02-08 16:58:12 +01:00
69f1950b55
bespin
2023-02-03 13:39:48 +01:00
87fc43d5e6
remove feature flags
2023-02-02 16:30:24 +01:00
a3ade938e0
update config with some flags, not sure
2023-02-02 16:21:43 +01:00
67bcd07056
upgrade prod tentative 1
2023-02-02 15:37:43 +01:00
a3ca27055d
fix integration
2023-02-02 15:32:40 +01:00
2d6616195f
upgrade the building logic
2023-02-02 14:48:59 +01:00
6445d55e3e
upgarde jitsi config
2023-02-02 08:48:19 +01:00
535b28945d
improve jitsi conf
2023-02-02 08:24:50 +01:00
2d55b1dfcc
updated garage and d53 on staging
2023-01-26 17:52:27 +01:00
8e76707c44
fix tricot hostname on prod
2023-01-11 22:18:52 +01:00
0da378d053
staging: remove constraint on im
2023-01-05 11:15:30 +01:00
9fabb5844a
staging: remove node cariacou, update garage
2023-01-04 17:06:39 +01:00
3a8588a1ea
Open ports 80 and 443 on all Orion nodes
2023-01-04 11:10:10 +01:00
da78f3671e
staging: deploy things on bespin
2023-01-04 10:06:06 +01:00
26f78872e6
staging: add node df-pw5 at bespin
2023-01-04 10:02:21 +01:00
c11b6499b8
prod: deploy d53
2023-01-04 09:35:40 +01:00
6478560087
prod: update tricot
2023-01-03 21:14:02 +01:00
fe805b6bab
Fix prometheus ssl certs
2023-01-03 21:00:10 +01:00
606668e25e
fill in cname_target and public_ipv4 for prod cluster
2023-01-03 19:27:35 +01:00
18eef6e8e7
Staging: Reduce resource requirements to pack more things
2023-01-03 18:25:32 +01:00
d588764748
don't rotate grafana password
2023-01-01 20:44:28 +01:00
3847c08181
Merge pull request 'updated version of secretmgr' ( #5 ) from new-secretmgr into main
...
Reviewed-on: Deuxfleurs/nixcfg#5
2023-01-01 18:47:34 +00:00
Baptiste Jonglez
08c324f1c4
Add new zone to core services
2022-12-29 18:26:52 +01:00
Baptiste Jonglez
1c48fd4ae4
Add new staging zone and node
2022-12-28 16:49:43 +01:00
0d8c6a2d45
Remove obsolete Matrix TLS keys
2022-12-25 23:54:55 +01:00
0becfc2571
Merge branch 'main' into new-secretmgr
2022-12-25 23:47:52 +01:00
b63c03f635
refactor ssh config and move known_hosts
2022-12-25 23:45:53 +01:00
40f5670753
Remove old way of doing email certs (self-signed)
2022-12-25 23:03:37 +01:00
3b74376191
update drone secrets for rotation
2022-12-25 22:50:20 +01:00
8cee3b0043
Update prod secret files
2022-12-25 22:45:05 +01:00
87bb031ed0
Migrate prod cluster secrets to new format
2022-12-25 22:31:18 +01:00
6d6e48c8fa
Improve secretmgr more, update secrets for staging
2022-12-25 22:12:38 +01:00
8d0a7a806d
New secretmgr
2022-12-25 21:03:16 +01:00
7fd81f3470
WIP new secretmgr
2022-12-25 19:52:28 +01:00
11f87a3cd2
staging: add missing secrets, update exiting ones to autogen/autorotate
2022-12-24 23:58:38 +01:00
8d17a07c9b
reorganize some things
2022-12-24 22:59:37 +01:00
912753c7ad
remove useless lines in caribou,origan.nix
2022-12-22 23:16:15 +01:00
8513003388
staging: garage update
2022-12-14 17:52:13 +01:00
7ab91a16e9
Proper nat on origan
2022-12-13 16:01:36 +01:00
3af066397e
Replace carcajou by origan for raft server
2022-12-11 23:13:04 +01:00
dca2e53442
run a bunch of things on new Origan node
2022-12-11 23:02:14 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion)
2022-12-11 22:37:28 +01:00
36e6756b3c
staging: update D53 tags to new (simpler) syntax
2022-12-11 21:27:16 +01:00
a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00