Alex
4ca45cf1d4
updated d53 on prod
2023-05-16 15:35:06 +02:00
Alex
aee3a09471
Merge pull request 'Simplify network configuration' ( #11 ) from simplify-network-config into main
...
Reviewed-on: Deuxfleurs/nixcfg#11
2023-05-16 13:19:33 +00:00
Alex
76b7f86d22
use RA on orion as well
2023-05-16 14:14:27 +02:00
Alex
2488ad0ac2
staging plume: cleanup and update
2023-05-15 13:36:38 +02:00
Alex
9cef48a6c2
Merge branch 'main' into simplify-network-config
2023-05-12 18:45:58 +02:00
Alex
5c7a8c72d8
first plume on staging with S3 backend
2023-05-12 18:45:20 +02:00
Alex
258d27c566
deploy tricot at bespin, register gitea (not accessed yet)
2023-05-09 15:12:03 +02:00
Alex
04464f632f
Export all Grafana dashboards
2023-05-09 12:29:37 +02:00
Alex
24cf7ddd91
Merge branch 'main' into simplify-network-config
2023-05-09 12:20:35 +02:00
Maximilien Richer
24192cc61a
Update telemetry stack apps
2023-05-07 23:46:48 +02:00
Alex
b73c39c7c1
multi-zone matrix
2023-05-04 17:00:31 +02:00
Alex
e375304c38
orient SoGo and Synapse to closest psql-proxy; psql backup anywhere
2023-05-04 16:48:22 +02:00
Alex
f3cd2e98b4
multisite postgres, orient plume to correct db
2023-05-04 16:39:25 +02:00
Alex
6c07a42978
different wgautomesh gossip ports for prod and staging
2023-05-04 13:39:33 +02:00
Baptiste Jonglez
e23b523467
Add infinite restart policy for postgresql
2023-05-03 08:53:59 +02:00
Quentin
3befdea206
nix: allow wireguard + logs
2023-04-28 09:26:32 +02:00
Alex
607add3161
make specifying an ipv6 fully optionnal
2023-04-21 14:36:10 +02:00
Alex
c4598bd84f
Diplonat on bespin, ipv6-only
2023-04-21 12:03:35 +02:00
Alex
0b3332fd32
break out core services into separate files
2023-04-21 11:55:24 +02:00
Alex
a9e9149739
Fix unbound; remove Nixos firewall (use only diplonat)
2023-04-21 11:29:15 +02:00
Alex
529480b133
Merge branch 'main' into simplify-network-config
2023-04-21 10:31:05 +02:00
Alex
b4e82e37e4
diplonat with fixed iptables thing
2023-04-20 15:13:13 +02:00
Alex
af82308e84
Garage backup to SFTP target hosted by Max
2023-04-20 12:10:07 +02:00
Alex
e5f9f3c849
increase diplonat ram
2023-04-19 21:05:47 +02:00
Alex
0372df95b5
staging: fix consul server addresses
2023-04-19 20:36:24 +02:00
Alex
9737c661a4
Merge branch 'main' into simplify-network-config
2023-04-19 20:15:03 +02:00
Quentin
57aa2ce1d2
interface gestion site web guichet
2023-04-19 15:20:49 +02:00
Quentin
a614f495ad
allow memory overprovisionning
2023-04-08 10:43:42 +02:00
Alex
07f50f297a
D53 with addresses from DiploNAT autodiscovery; diplonat fw opening for tricot
2023-04-05 16:30:28 +02:00
Quentin
0e4c641db7
redeploy bagage
2023-04-05 15:50:53 +02:00
Alex
c08bc17cc0
Adapt prod config to new parameters
2023-04-05 14:09:04 +02:00
Alex
16422d2809
introduce back static ipv4 prefix lenght but with default value
2023-04-05 14:04:11 +02:00
Alex
bb25797d2f
make script clearer and add documentation
2023-04-05 13:44:38 +02:00
Alex
dec4ea479d
Allow for IPv6 with RA disabled by manually providing gateway
2023-04-05 13:27:18 +02:00
Alex
cb8d7e92d2
staging: ipv6-only diplonat for automatic address discovery
2023-04-05 10:25:22 +02:00
Alex
c9f122bcd3
diplonat with ipv6 firewall support; email ipv6 addresses in dns
2023-04-04 14:13:57 +02:00
Alex
a31c6d109e
remove obsolete directives
2023-03-31 16:27:08 +02:00
Adrien
d83d230aee
added luxeylab to dkim signingtable
2023-03-30 18:09:12 +02:00
Quentin
3a883b51df
better classification
2023-03-27 12:26:01 +02:00
Quentin
3ce25b880a
update descriptios
2023-03-27 12:24:12 +02:00
Quentin
4c903a2447
update readme
2023-03-27 12:22:00 +02:00
Quentin
2de291e9b7
upgrade bottin + remove bespin
2023-03-26 10:14:04 +02:00
Alex
ecfab3c628
Merge branch 'main' into simplify-network-config
2023-03-24 15:35:27 +01:00
Alex
96566ae523
refactor configuration syntax
2023-03-24 15:26:39 +01:00
Alex
e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
Baptiste Jonglez
8ae9ec6514
Update piranha IP again
2023-03-24 13:01:24 +01:00
Alex
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
Alex
76c8e8f0b0
Merge pull request 'Passer wgautomesh en prod' ( #9 ) from wgautomesh into main
...
Reviewed-on: Deuxfleurs/nixcfg#9
2023-03-24 11:05:29 +00:00
Alex
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
Alex
5cd69a9ba1
Merge branch 'main' into wgautomesh
2023-03-24 11:29:14 +01:00