nixcfg/cluster/prod
Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
..
app prod: garage: Enable on-demand-tls check for *.garage S3 endpoint 2024-06-08 17:14:48 +02:00
node prod(cluster/dathomir): Open more SSH ports 2024-05-26 23:00:39 +02:00
site Merge pull request 'cluster(prod): Add dathomir site' (#25) from KokaKiwi/nixcfg:add-dathomir into main 2024-05-26 21:04:01 +00:00
cluster.nix cluster(prod): Add oseille 2024-05-26 18:24:28 +02:00
known_hosts cluster(prod): Add oseille 2024-05-26 18:24:28 +02:00
register_external_services.sh remove orsay extra service 2024-03-06 15:15:21 +01:00
secretmgr.toml Update prod secret files 2022-12-25 22:45:05 +01:00
ssh_config cluster(prod): Add oseille 2024-05-26 18:24:28 +02:00