e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
Baptiste Jonglez
8ae9ec6514
Update piranha IP again
2023-03-24 13:01:24 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
5cd69a9ba1
Merge branch 'main' into wgautomesh
2023-03-24 11:29:14 +01:00
8e29ee3b0b
backup memory
2023-03-24 11:29:07 +01:00
4a56b3360f
upgrade matrix
2023-03-22 22:23:37 +01:00
b7c4f94ebd
Add Garage backup script running on Abricot
2023-03-20 16:47:22 +01:00
eec09724fe
socat proxy
2023-03-20 10:45:40 +01:00
bebbf5bd8b
wip rsa-ecc proxy
2023-03-20 09:45:05 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
870511931a
abricot fixed ipv6
2023-03-17 16:22:24 +01:00
a6c791d342
remove email-in
2023-03-17 13:44:48 +01:00
28e7503b27
virguuuule
2023-03-17 10:04:21 +01:00
fd4f601ee0
Merge pull request 'configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)' ( #8 ) from feat/d53-email into main
...
Reviewed-on: Deuxfleurs/nixcfg#8
2023-03-17 08:53:27 +00:00
551988c808
do not allow stale information reading
2023-03-16 17:01:17 +01:00
6fe8ef6eed
update albatros
2023-03-16 16:53:16 +01:00
8b67c48c52
Fix consul port
2023-03-16 16:19:35 +01:00
7bf1467cb1
add albatros
2023-03-16 15:52:13 +01:00
fe2eda1702
configuration for imap.deuxfleurs.fr & smtp.deuxfleurs.fr as part of email service for d53 + convert tabs into spaces (couldn't help myself)
2023-03-16 15:48:52 +01:00
81d3c0e03a
d53 for email-in.deuxfleurs.fr (A only, AAAA missing firewall)
2023-03-16 14:42:47 +01:00
1c623c796a
update garage and let it use more ram
2023-03-16 14:18:59 +01:00
e4065dade8
added Consul Registration of personal services (for Adrien's personal stuff)
2023-03-15 18:55:09 +01:00
f7be968531
TODOs in deuxfleurs.nix because the old world is maybe mixing with the new
2023-03-15 18:19:01 +01:00
2a0eff07c0
fix cleanup of deploypass
2023-03-15 17:49:31 +01:00
f6c4576b6c
added forgotten new files for scorpio/abricot
2023-03-15 17:30:35 +01:00
031d029e10
added scorpio site and abricot node
2023-03-15 17:10:38 +01:00
c681f63222
alloc more mem
2023-03-14 18:37:28 +01:00
d2b8b0c517
wip homemade ci?
2023-03-14 17:32:49 +01:00
385882c74c
Changes in prod:
...
- migrate courgette and concombre to M710q machines with SSD+HDD
- migrate prod/c* to nixos 22.11
2023-03-13 19:58:37 +01:00
d56f895a1c
integrate turn in matrix
2023-03-11 12:37:57 +01:00
6b8a94ba2e
wip coturn
2023-03-11 11:44:17 +01:00
850ea784e7
staging updates
2023-03-09 11:08:33 +01:00
6a287ffb57
prod: garage v0.8.1
2023-03-06 14:39:12 +01:00
Baptiste Jonglez
3eb5e21f9d
New IP for piranha
2023-03-06 14:30:22 +01:00
49cc83db21
use https links
2023-02-28 10:51:34 +01:00
4ef04f7971
add teabag (for static cms)
2023-02-27 18:42:38 +01:00
a4eb0b2b56
increased jitsi's priority so that it is above Matrix's
2023-02-20 16:43:29 +01:00
0b1fccac1c
Prod: guichet with mailing list edition interface
2023-02-08 16:58:12 +01:00
69f1950b55
bespin
2023-02-03 13:39:48 +01:00
87fc43d5e6
remove feature flags
2023-02-02 16:30:24 +01:00
a3ade938e0
update config with some flags, not sure
2023-02-02 16:21:43 +01:00
67bcd07056
upgrade prod tentative 1
2023-02-02 15:37:43 +01:00
a3ca27055d
fix integration
2023-02-02 15:32:40 +01:00
2d6616195f
upgrade the building logic
2023-02-02 14:48:59 +01:00
6445d55e3e
upgarde jitsi config
2023-02-02 08:48:19 +01:00
535b28945d
improve jitsi conf
2023-02-02 08:24:50 +01:00
2d55b1dfcc
updated garage and d53 on staging
2023-01-26 17:52:27 +01:00
8e76707c44
fix tricot hostname on prod
2023-01-11 22:18:52 +01:00
0da378d053
staging: remove constraint on im
2023-01-05 11:15:30 +01:00
9fabb5844a
staging: remove node cariacou, update garage
2023-01-04 17:06:39 +01:00
3a8588a1ea
Open ports 80 and 443 on all Orion nodes
2023-01-04 11:10:10 +01:00
da78f3671e
staging: deploy things on bespin
2023-01-04 10:06:06 +01:00
26f78872e6
staging: add node df-pw5 at bespin
2023-01-04 10:02:21 +01:00
c11b6499b8
prod: deploy d53
2023-01-04 09:35:40 +01:00
6478560087
prod: update tricot
2023-01-03 21:14:02 +01:00
fe805b6bab
Fix prometheus ssl certs
2023-01-03 21:00:10 +01:00
606668e25e
fill in cname_target and public_ipv4 for prod cluster
2023-01-03 19:27:35 +01:00
18eef6e8e7
Staging: Reduce resource requirements to pack more things
2023-01-03 18:25:32 +01:00
d588764748
don't rotate grafana password
2023-01-01 20:44:28 +01:00
3847c08181
Merge pull request 'updated version of secretmgr' ( #5 ) from new-secretmgr into main
...
Reviewed-on: Deuxfleurs/nixcfg#5
2023-01-01 18:47:34 +00:00
Baptiste Jonglez
08c324f1c4
Add new zone to core services
2022-12-29 18:26:52 +01:00
Baptiste Jonglez
1c48fd4ae4
Add new staging zone and node
2022-12-28 16:49:43 +01:00
0d8c6a2d45
Remove obsolete Matrix TLS keys
2022-12-25 23:54:55 +01:00
0becfc2571
Merge branch 'main' into new-secretmgr
2022-12-25 23:47:52 +01:00
b63c03f635
refactor ssh config and move known_hosts
2022-12-25 23:45:53 +01:00
40f5670753
Remove old way of doing email certs (self-signed)
2022-12-25 23:03:37 +01:00
3b74376191
update drone secrets for rotation
2022-12-25 22:50:20 +01:00
8cee3b0043
Update prod secret files
2022-12-25 22:45:05 +01:00
87bb031ed0
Migrate prod cluster secrets to new format
2022-12-25 22:31:18 +01:00
6d6e48c8fa
Improve secretmgr more, update secrets for staging
2022-12-25 22:12:38 +01:00
8d0a7a806d
New secretmgr
2022-12-25 21:03:16 +01:00
7fd81f3470
WIP new secretmgr
2022-12-25 19:52:28 +01:00
11f87a3cd2
staging: add missing secrets, update exiting ones to autogen/autorotate
2022-12-24 23:58:38 +01:00
8d17a07c9b
reorganize some things
2022-12-24 22:59:37 +01:00
912753c7ad
remove useless lines in caribou,origan.nix
2022-12-22 23:16:15 +01:00
8513003388
staging: garage update
2022-12-14 17:52:13 +01:00
7ab91a16e9
Proper nat on origan
2022-12-13 16:01:36 +01:00
3af066397e
Replace carcajou by origan for raft server
2022-12-11 23:13:04 +01:00
dca2e53442
run a bunch of things on new Origan node
2022-12-11 23:02:14 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion)
2022-12-11 22:37:28 +01:00
36e6756b3c
staging: update D53 tags to new (simpler) syntax
2022-12-11 21:27:16 +01:00
a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00
4c50dd57f1
staging: reorganize core services and add D53
2022-12-07 16:35:21 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update
2022-12-07 12:32:21 +01:00
1d4599fc1c
prod: update tricot and reduce resource constraints
2022-12-07 12:03:15 +01:00
93e66389f7
staging: update Tricot
2022-12-07 11:21:51 +01:00
4e3db0cd5e
staging: correct public IPs through NAT for wireguard
2022-12-07 11:21:39 +01:00
5bed1e66db
update alps
2022-12-06 16:14:57 +01:00
724f0ccfec
Tricot: updated with enough bins for histogram data
2022-12-06 15:11:35 +01:00
14bea296da
prod: enable site load balancing in tricot
2022-12-06 14:43:58 +01:00
6036f5a1b7
deploy tricot metrics on production
2022-12-06 14:41:53 +01:00
e1ddb2d1d3
staging: tricot do load balancing of garage requests to local nodes
2022-12-06 12:41:12 +01:00
27b23e15ec
Staging: tricot with metrics
2022-12-05 23:42:53 +01:00
b260b01915
staging garage: use new health check endpoint
2022-12-05 16:25:46 +01:00
a1a2a83727
Staging: let nodes use each other as Nix caches (only inside same site)
2022-12-02 11:59:32 +01:00
88ddfea4d5
staging: run grafana from nixpkgs
2022-12-02 00:14:31 +01:00
2482a2f819
staging: run prometheus from nixpkgs
2022-12-01 23:48:46 +01:00
b0405d47a6
staging: remove hcl file for garage on docker
2022-12-01 23:33:16 +01:00
db8638223f
staging: also run Guichet from nix
2022-12-01 23:30:12 +01:00
e67b460ae2
staging: run bottin as nix job
2022-12-01 22:49:55 +01:00
bc88622ea2
Staging: run diplonat as nix job
2022-12-01 22:32:02 +01:00
d3fac34e63
staging: simplify litestream config on nix
2022-12-01 17:35:19 +01:00
18ab08a86c
staging: run node_exporter from nixos; run synapse as non-root
2022-12-01 17:25:53 +01:00
195e340f56
prod: more agressive restart on core services
2022-12-01 17:03:20 +01:00
9d0a2d8914
Run Tricot as Nix flake instead of Docker image
2022-12-01 16:04:47 +01:00
e4684ae169
staging: reduce litestream memory_max because it uses it all
2022-11-30 10:04:42 +01:00
6db4ec5311
staging: update garage
2022-11-29 22:59:55 +01:00
1ac9790806
Staging: remove Docker-based synapse config
2022-11-29 22:03:48 +01:00
ab7a770168
Synapse on Nix works great
2022-11-29 22:02:21 +01:00
55e407a3a4
First version of Matrix-synapse in Nix
2022-11-29 21:19:57 +01:00
4036a2d951
Clean stuff up and update nix driver
2022-11-29 16:21:38 +01:00
fb4c2ef55a
Remove old nomad-driver-nix
2022-11-29 15:41:35 +01:00
14e3e6deff
Staging: cleanup garage job
2022-11-29 14:42:53 +01:00
c9f9ed4c71
Deploy garage on staging using nix2 driver
2022-11-29 14:21:12 +01:00
105c081728
Staging: ability to run Nix jobs using exec2 driver
2022-11-28 22:58:39 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound
2022-11-28 10:19:48 +01:00
6659deb544
Add Baptiste ; fix wireguard
2022-11-22 12:09:28 +01:00
945dd4fa9a
Run Garage as a Nomad Nix job on staging cluster
2022-11-17 00:17:56 +01:00
3c5f4b55e6
fix typo
2022-11-17 00:00:13 +01:00
78440a03d2
add+cleanup config
2022-11-16 16:52:38 +01:00
49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix
2022-11-16 16:28:18 +01:00
eac950c47f
Upgrade to garage v0.8.0-rc2
2022-11-16 11:57:11 +01:00
7df8162913
nix volumes RO
2022-11-16 00:12:14 +01:00
2cd4bf1ee7
Demo running directly a service from the nix store
2022-11-15 23:13:55 +01:00
9e19b2b5a2
Update ssh keys
2022-11-09 18:35:17 +01:00
cade21aa24
Give more resources to core stuff
2022-11-04 12:29:43 +01:00
7587024ff5
staging: change resources for im job
2022-11-04 11:22:54 +01:00
cc945340a1
update telemetry config on staging
2022-11-04 11:09:37 +01:00
b37c4b3196
Updated drone version
2022-11-04 11:09:19 +01:00
ea8185d7e6
Reinstall caribou
2022-11-03 19:25:28 +01:00
40d5665ffe
Upgrade Matrix but disable URL preview
2022-10-28 09:45:00 +02:00
859813440c
Automatic garage node discover on staging through consul
2022-10-18 22:09:55 +02:00
4584b39639
Update celeri config
2022-10-18 15:44:15 +02:00
afc368421d
Rebalance ressource attribution on staging
2022-10-18 10:40:59 +02:00
2592dcaa2d
Update telemetry on staging as well
2022-10-18 10:32:41 +02:00
27214332e9
IPv6 by FDN
2022-10-16 19:10:51 +02:00
5613ed9908
Complete telemetry configuration
2022-10-16 18:12:57 +02:00
42409de1b1
Deploy garage on bespin
2022-10-16 14:17:12 +00:00
a69a71ca00
Add mounts on bespin + tlsproxy
2022-10-16 14:17:12 +00:00
e6f118adb0
Celeri is no more a raft server
2022-10-16 14:17:12 +00:00
2eecece831
Fix typo on IP, add keys
2022-10-16 14:17:12 +00:00
mricher
c48a7e80c3
Fix key
2022-10-16 14:17:12 +00:00
mricher
8797d4450a
Add cluster configuration
2022-10-16 14:17:12 +00:00
mricher
6bafa20bf6
Add bespin machines
2022-10-16 14:17:12 +00:00
6942355d43
update readme.md
2022-10-16 11:04:46 +02:00
3247bf69cf
move grafana-new. to grafana.
2022-10-13 11:01:45 +02:00
f4689d25de
Change email address for let's encrypt expiry notifications
2022-10-09 22:57:55 +02:00
b4e737afdf
Rotate ssh key
2022-10-09 17:46:59 +02:00
c239e34a25
IPv6 prefix at Neptune changed again
2022-10-09 17:07:47 +02:00
e8cdd6864a
Split garage deployments in 2 categories
...
- The ones that will receive some traffic from tricot
- The ones "only for storage" that will not receive traffic from tricot
2022-10-08 22:23:19 +02:00
32658ff4d3
Add jaeger service to staging to view Garage traces
2022-09-26 15:53:32 +02:00
711b788eb4
Fix restic forget commands
2022-09-26 13:05:53 +02:00
5b88919746
Move cryptpad backup job to backup-daily.hcl
2022-09-26 13:02:38 +02:00
535c90b38e
Replace Adrien's SSH key
2022-09-26 11:37:48 +02:00
f22e242700
SSB experiment
2022-09-21 19:29:08 +02:00
4e939f55fc
Update garage staging
2022-09-21 19:28:54 +02:00
56ff4c5cfd
Prod-like telemetry into staging
2022-09-20 17:13:46 +02:00
9b6bdc7092
Update to garage config
2022-09-20 17:13:36 +02:00
72606368bf
Force Garage to use ipv6 connectivity
2022-09-15 11:57:24 +02:00
2dad5700d3
garage v0.8.0-beta1 on staging
2022-09-13 23:32:12 +02:00
39fbbbe863
Change ipv6 tunnel server
2022-09-09 17:23:23 +02:00
a90de2cfb9
Update garage staging
2022-09-09 12:24:29 +02:00
be0d7a7ccc
Drone integration files for new version (Nix runners)
2022-09-09 12:24:11 +02:00
2695fe4ae8
Force IPv4 when sending to gmail
...
Because Free does not provide rDNS on IPv6
so GMail complains that it does not find a PTR record
for our IPv6 address
2022-09-07 08:13:15 +02:00
02c65de5fe
Restart backups
2022-09-01 18:05:50 +02:00
1749a98e86
Update LDAP configuration
2022-08-31 10:25:58 +02:00
e81716e41e
Update drone config and add drone monitoring to prometheus
2022-08-30 15:48:32 +02:00
b5328c3341
Activate memory oversubscription+use it for Plume
2022-08-26 13:04:42 +02:00
72d033dcd4
Remove garage files at bad location, add basic telemetry
2022-08-25 13:59:40 +02:00
fd3ed44dad
Disable netdata on prod (useless)
2022-08-25 12:34:02 +02:00
3f9ad5edc3
Configure the final URL for Guichet
2022-08-25 04:46:42 +02:00
ec0e483d99
Add email support
2022-08-25 04:39:44 +02:00
ea1b0e9d19
Add a docker-compose for Jitsi
2022-08-25 01:06:06 +02:00
e37c1f9057
Deploy Matrix
2022-08-25 01:02:16 +02:00
3be2659aa1
Make service addressable by zones
2022-08-24 21:06:48 +02:00
00b754727d
Add postgres + WIP plume + fix diplonat
2022-08-24 19:54:15 +02:00
0d2d46f437
skip consul tls verify for diplonat and tricot (should be reverted?)
2022-08-24 18:19:04 +02:00
cfb1d623d9
Reconfigure services to use correct tricot url, TLS fails
2022-08-24 17:31:08 +02:00
6ea18bf8ae
Add directory config for prod
2022-08-24 16:03:52 +02:00
41128f4c36
Clone core module in staging and prod, move bad stuff to experimental
2022-08-24 15:48:18 +02:00
981294e3d7
Move dummy nginx to cluster/staging
2022-08-24 15:44:40 +02:00
2e8923b383
Move app files into cluster subdirectories; add prod garage
2022-08-24 15:42:47 +02:00
9848f3090f
Remove courgette from raft
2022-08-24 15:25:28 +02:00
6c51a6e484
Don't make diplotaxis and doradille raft servers, fix sshtool
2022-08-24 14:29:56 +02:00
468c6b702b
Add ipv6 gateway at neptune
2022-08-24 12:31:55 +02:00
4253fd84a5
Wireguard configuration of Orion
2022-08-24 12:06:01 +02:00
9e39677e1d
Fix IPv6
2022-08-24 11:06:55 +02:00
e50e1c407d
Move prod to wireguard and not wesher, and reaffect IPs
2022-08-24 00:31:07 +02:00
2a1459d887
Reaffect wireguard IPs in staging cluster
2022-08-24 00:07:08 +02:00
ab901fc81d
Remove wesher, reconfigure staging without it
2022-08-23 23:55:15 +02:00
a7ac31cdf5
Affect cluster_ip in d* in correct prefix (10.83.0.0/16 for prod)
2022-08-23 23:22:23 +02:00
88d57f8e34
Add new cluster nodes
2022-08-23 22:13:26 +02:00
2453a45c74
Disable spoutnik
2022-07-27 10:39:09 +02:00
c81442dc01
Update README; DNS on prod
2022-06-01 15:27:11 +02:00
641a68715f
Configure Consul DNS
2022-06-01 14:48:16 +02:00
178107af0c
Network configuration updates
2022-05-09 00:20:02 +02:00
83dd3ea25a
Update network configuration
2022-05-08 14:42:18 +02:00
3df47c8440
Configuration for prod to run on Wesher & other new stuff
2022-05-04 17:38:54 +02:00
1b4f96ffb2
Fix telemetry
2022-05-04 15:32:51 +02:00
2685970256
fake update spoutnik config
2022-04-20 18:06:42 +02:00
10d370491e
Replace ad-hoc wireguard by wesher on staging cluster
2022-04-20 18:04:57 +02:00
04f2bd48bb
Add some readme
2022-04-20 16:13:14 +02:00
27ffee95b8
Updates; change crontab
2022-03-07 16:57:43 +01:00
02ed668286
Remove mount garage using rclone systemd service
2022-02-27 14:18:43 +01:00
823c8bd3ba
in prod also use LAN IPs when possible
2022-02-26 00:17:12 +01:00
86b9873221
Wireguard directly using LAN addresses when possible
2022-02-26 00:13:08 +01:00
0940e0bdfc
Reinstall cariacou with encryption
2022-02-26 00:00:10 +01:00
33446d2148
Carcajou is encrypted
2022-02-25 19:11:25 +01:00
6dc9281299
Add remote LUKS unlocking configuration
2022-02-25 17:52:17 +01:00
fe3e529cf6
Use local DNS resolver instead of quad9 that wasn't working very well
2022-02-22 10:06:51 +01:00
73742f38a4
Firewall rules and netdata monitoring for Garage expansion
2022-02-09 22:57:52 +01:00
b0010b309b
Config for prod cluster
2022-02-09 15:38:36 +01:00
f03cafd49b
Modularize and prepare to support multiple clusters
2022-02-09 12:09:49 +01:00