e71ca8fe11
rename wgautomesh config to deuxfleurs namespace to avoid conflict
2023-06-12 13:40:53 +02:00
24cf7ddd91
Merge branch 'main' into simplify-network-config
2023-05-09 12:20:35 +02:00
6c07a42978
different wgautomesh gossip ports for prod and staging
2023-05-04 13:39:33 +02:00
3befdea206
nix: allow wireguard + logs
2023-04-28 09:26:32 +02:00
607add3161
make specifying an ipv6 fully optionnal
2023-04-21 14:36:10 +02:00
a9e9149739
Fix unbound; remove Nixos firewall (use only diplonat)
2023-04-21 11:29:15 +02:00
16422d2809
introduce back static ipv4 prefix lenght but with default value
2023-04-05 14:04:11 +02:00
bb25797d2f
make script clearer and add documentation
2023-04-05 13:44:38 +02:00
dec4ea479d
Allow for IPv6 with RA disabled by manually providing gateway
2023-04-05 13:27:18 +02:00
a31c6d109e
remove obsolete directives
2023-03-31 16:27:08 +02:00
96566ae523
refactor configuration syntax
2023-03-24 15:26:39 +01:00
e2aea648cf
greatly simplify ipv4 and ipv6 configuration
2023-03-24 14:42:36 +01:00
a0db30ca26
Sanitize DNS configuration
...
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
2023-03-24 12:58:44 +01:00
53b9cfd838
wgautomesh actually on prod
2023-03-24 12:01:38 +01:00
6ffaa0ed91
use nix enum type
2023-03-20 11:17:38 +01:00
90efd9155b
wgautomesh variable log level (debug for staging)
2023-03-17 18:21:50 +01:00
39254cca0e
keep wg-quick code as reference
2023-03-17 18:18:25 +01:00
f629f4c171
wgautomesh from static binary hosted on gitea
2023-03-17 18:01:35 +01:00
f9b94f0b47
update wgautomesh
2023-03-17 17:17:56 +01:00
bb2660792f
wgautomesh persist state to file
2023-03-17 17:17:56 +01:00
6664affaa0
wgautomesh gossip secret file
2023-03-17 17:17:56 +01:00
baae97b192
sample deployment of wgautomesh on staging (dont deploy prod with this commit)
2023-03-17 17:17:56 +01:00
f7be968531
TODOs in deuxfleurs.nix because the old world is maybe mixing with the new
2023-03-15 18:19:01 +01:00
ad6db2f1c5
Remove hardcoded years in deuxfleurs.nix
2023-01-01 19:43:35 +01:00
b47334d7d7
Replace deploy_wg by a NixOS activation script
2022-12-14 18:02:30 +01:00
578075a925
Add origan node in staging cluster (+ refactor system.stateVersion)
2022-12-11 22:37:28 +01:00
a1fc396412
Add possible public_ipv4 node tag
2022-12-07 17:13:03 +01:00
ab97a7bffd
Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update
2022-12-07 12:32:21 +01:00
4036a2d951
Clean stuff up and update nix driver
2022-11-29 16:21:38 +01:00
fb4c2ef55a
Remove old nomad-driver-nix
2022-11-29 15:41:35 +01:00
da07fee575
Use nix driver moved to Deuxfleurs namespace
2022-11-29 14:46:42 +01:00
c9f9ed4c71
Deploy garage on staging using nix2 driver
2022-11-29 14:21:12 +01:00
105c081728
Staging: ability to run Nix jobs using exec2 driver
2022-11-28 22:58:39 +01:00
a327876e25
Remove root, add wg-quick-wg0 after unbound
2022-11-28 10:19:48 +01:00
bedfae8424
Fix wg-quick MTU because it does bad stuff by default
2022-11-22 16:22:05 +01:00
8d363d2e66
Add after config on nomad and consul
2022-11-22 13:30:00 +01:00
6659deb544
Add Baptiste ; fix wireguard
2022-11-22 12:09:28 +01:00
49b0dc2d5b
poc 2 for nix containers: use nomad-driver-nix
2022-11-16 16:28:18 +01:00
7866a92e16
remove systemd-resolved
2022-10-16 19:36:15 +02:00
5613ed9908
Complete telemetry configuration
2022-10-16 18:12:57 +02:00
5f08713dfb
Remove additonal DNS entries from docker
2022-10-16 14:17:12 +00:00
38a544d9c4
Correctly inject dns servers in docker
2022-10-16 13:25:46 +02:00
b5a0f8bd82
Add docker
2022-10-16 13:13:43 +02:00
c3a30aabab
Switch to systemd-networkd
2022-10-15 10:38:48 +02:00
10b0840daa
Disable IPv6 RA/autoconf/temp addr
2022-10-14 08:38:19 +02:00
72606368bf
Force Garage to use ipv6 connectivity
2022-09-15 11:57:24 +02:00
b23218a7f6
systemd timesyncd
2022-09-08 10:35:14 +02:00
6ec9aad801
Improve DNS configuration
...
Add Unbound server that separates queries between those going to Consul
and those going elsewhere. This allows us to have DNS working even if
Consul fails for some reason. This way we can also remove the secondary
`nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain
containers (Alpine-based images?) were using the secondary resolver some
of the time, making them unable to access .consul hosts.
2022-08-30 15:52:42 +02:00
243eee4322
Ask consul to use advertised address and not bind one
2022-08-24 20:03:31 +02:00
1172e8e511
Fix nomad talking to consul
2022-08-24 18:51:55 +02:00