a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update
2022-12-07 12:32:21 +01:00
4036a2d951
Clean stuff up and update nix driver
2022-11-29 16:21:38 +01:00
fb4c2ef55a
Remove old nomad-driver-nix
2022-11-29 15:41:35 +01:00
da07fee575
Use nix driver moved to Deuxfleurs namespace
2022-11-29 14:46:42 +01:00
c9f9ed4c71
Deploy garage on staging using nix2 driver
2022-11-29 14:21:12 +01:00
105c081728
Staging: ability to run Nix jobs using exec2 driver
2022-11-28 22:58:39 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound
2022-11-28 10:19:48 +01:00
bedfae8424
Fix wg-quick MTU because it does bad stuff by default
2022-11-22 16:22:05 +01:00
8d363d2e66
Add after config on nomad and consul
2022-11-22 13:30:00 +01:00
6659deb544
Add Baptiste ; fix wireguard
2022-11-22 12:09:28 +01:00
49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix
2022-11-16 16:28:18 +01:00
7866a92e16
remove systemd-resolved
2022-10-16 19:36:15 +02:00
5613ed9908
Complete telemetry configuration
2022-10-16 18:12:57 +02:00
5f08713dfb
Remove additonal DNS entries from docker
2022-10-16 14:17:12 +00:00
38a544d9c4
Correctly inject dns servers in docker
2022-10-16 13:25:46 +02:00
b5a0f8bd82
Add docker
2022-10-16 13:13:43 +02:00
c3a30aabab
Switch to systemd-networkd
2022-10-15 10:38:48 +02:00
10b0840daa
Disable IPv6 RA/autoconf/temp addr
2022-10-14 08:38:19 +02:00
72606368bf
Force Garage to use ipv6 connectivity
2022-09-15 11:57:24 +02:00
b23218a7f6
systemd timesyncd
2022-09-08 10:35:14 +02:00
6ec9aad801
Improve DNS configuration
...
Add Unbound server that separates queries between those going to Consul
and those going elsewhere. This allows us to have DNS working even if
Consul fails for some reason. This way we can also remove the secondary
`nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain
containers (Alpine-based images?) were using the secondary resolver some
of the time, making them unable to access .consul hosts.
2022-08-30 15:52:42 +02:00
243eee4322
Ask consul to use advertised address and not bind one
2022-08-24 20:03:31 +02:00
1172e8e511
Fix nomad talking to consul
2022-08-24 18:51:55 +02:00
a0c8280c02
Fix access to consul for non-server nodes
2022-08-24 16:58:50 +02:00
ec2020b71b
Disable bootstrap_expect unless specific deuxfleurs.bootstrap is set
2022-08-24 14:23:17 +02:00
9e39677e1d
Fix IPv6
2022-08-24 11:06:55 +02:00
ab901fc81d
Remove wesher, reconfigure staging without it
2022-08-23 23:55:15 +02:00
02b1e6200c
Disable ipv6 temporary addresses
2022-08-23 13:12:07 +02:00
7d7efab9ee
Update to nixos 22.05
2022-07-27 11:18:23 +02:00
641a68715f
Configure Consul DNS
2022-06-01 14:48:16 +02:00
d47d4e93ab
Work on drone runner as VM
2022-05-30 14:57:05 +02:00
1e23341710
Fix firewall rule for IGD
2022-05-09 00:29:17 +02:00
178107af0c
Network configuration updates
2022-05-09 00:20:02 +02:00
83dd3ea25a
Update network configuration
2022-05-08 14:42:18 +02:00
10d370491e
Replace ad-hoc wireguard by wesher on staging cluster
2022-04-20 18:04:57 +02:00
50e9f0b589
Wesher secret key in /var/lib/wesher/secrets
2022-04-20 10:50:42 +02:00
db081fad0e
First working Wesher configuration
2022-04-19 22:03:58 +02:00
9ff81afd7e
Wesher package now works
2022-04-19 18:09:56 +02:00
3d8989b9c9
nix infinite recursion
2022-04-19 17:41:18 +02:00
fdb5210f88
Move configuration.nix to nix/ subfolder
2022-03-28 12:18:52 +02:00
86b9873221
Wireguard directly using LAN addresses when possible
2022-02-26 00:13:08 +01:00
33446d2148
Carcajou is encrypted
2022-02-25 19:11:25 +01:00
6dc9281299
Add remote LUKS unlocking configuration
2022-02-25 17:52:17 +01:00
b0010b309b
Config for prod cluster
2022-02-09 15:38:36 +01:00
f03cafd49b
Modularize and prepare to support multiple clusters
2022-02-09 12:09:49 +01:00