e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
5cd69a9ba1
Merge branch 'main' into wgautomesh
2023-03-24 11:29:14 +01:00
bebbf5bd8b
wip rsa-ecc proxy
2023-03-20 09:45:05 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
551988c808
do not allow stale information reading
2023-03-16 17:01:17 +01:00
6fe8ef6eed
update albatros
2023-03-16 16:53:16 +01:00
8b67c48c52
Fix consul port
2023-03-16 16:19:35 +01:00
7bf1467cb1
add albatros
2023-03-16 15:52:13 +01:00
2a0eff07c0
fix cleanup of deploypass
2023-03-15 17:49:31 +01:00
c681f63222
alloc more mem
2023-03-14 18:37:28 +01:00
d2b8b0c517
wip homemade ci?
2023-03-14 17:32:49 +01:00
850ea784e7
staging updates
2023-03-09 11:08:33 +01:00
Baptiste Jonglez
3eb5e21f9d
New IP for piranha
2023-03-06 14:30:22 +01:00
2d55b1dfcc
updated garage and d53 on staging
2023-01-26 17:52:27 +01:00
8e76707c44
fix tricot hostname on prod
2023-01-11 22:18:52 +01:00
0da378d053
staging: remove constraint on im
2023-01-05 11:15:30 +01:00
9fabb5844a
staging: remove node cariacou, update garage
2023-01-04 17:06:39 +01:00
da78f3671e
staging: deploy things on bespin
2023-01-04 10:06:06 +01:00
26f78872e6
staging: add node df-pw5 at bespin
2023-01-04 10:02:21 +01:00
18eef6e8e7
Staging: Reduce resource requirements to pack more things
2023-01-03 18:25:32 +01:00
d588764748
don't rotate grafana password
2023-01-01 20:44:28 +01:00
3847c08181
Merge pull request 'updated version of secretmgr' ( #5 ) from new-secretmgr into main
...
Reviewed-on: Deuxfleurs/nixcfg#5
2023-01-01 18:47:34 +00:00
Baptiste Jonglez
08c324f1c4
Add new zone to core services
2022-12-29 18:26:52 +01:00
Baptiste Jonglez
1c48fd4ae4
Add new staging zone and node
2022-12-28 16:49:43 +01:00
0becfc2571
Merge branch 'main' into new-secretmgr
2022-12-25 23:47:52 +01:00
b63c03f635
refactor ssh config and move known_hosts
2022-12-25 23:45:53 +01:00
6d6e48c8fa
Improve secretmgr more, update secrets for staging
2022-12-25 22:12:38 +01:00
8d0a7a806d
New secretmgr
2022-12-25 21:03:16 +01:00
7fd81f3470
WIP new secretmgr
2022-12-25 19:52:28 +01:00
11f87a3cd2
staging: add missing secrets, update exiting ones to autogen/autorotate
2022-12-24 23:58:38 +01:00
8d17a07c9b
reorganize some things
2022-12-24 22:59:37 +01:00
912753c7ad
remove useless lines in caribou,origan.nix
2022-12-22 23:16:15 +01:00
8513003388
staging: garage update
2022-12-14 17:52:13 +01:00
7ab91a16e9
Proper nat on origan
2022-12-13 16:01:36 +01:00
3af066397e
Replace carcajou by origan for raft server
2022-12-11 23:13:04 +01:00
dca2e53442
run a bunch of things on new Origan node
2022-12-11 23:02:14 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion)
2022-12-11 22:37:28 +01:00
36e6756b3c
staging: update D53 tags to new (simpler) syntax
2022-12-11 21:27:16 +01:00
a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00
4c50dd57f1
staging: reorganize core services and add D53
2022-12-07 16:35:21 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update
2022-12-07 12:32:21 +01:00
93e66389f7
staging: update Tricot
2022-12-07 11:21:51 +01:00
4e3db0cd5e
staging: correct public IPs through NAT for wireguard
2022-12-07 11:21:39 +01:00
724f0ccfec
Tricot: updated with enough bins for histogram data
2022-12-06 15:11:35 +01:00
6036f5a1b7
deploy tricot metrics on production
2022-12-06 14:41:53 +01:00
e1ddb2d1d3
staging: tricot do load balancing of garage requests to local nodes
2022-12-06 12:41:12 +01:00
27b23e15ec
Staging: tricot with metrics
2022-12-05 23:42:53 +01:00