Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Mon, Mar 23

dereckson merged task T1524: Monitor sudo files on servers into T2286: Detect configuration drift by computing difference between Salt states and deployed.
Mon, Mar 23, 09:09 · Eglide, security, Servers
dereckson closed T1524: Monitor sudo files on servers as Wontfix.

With Salt, sudo files content are now managed from rOPS.

Mon, Mar 23, 09:09 · Eglide, security, Servers

Sun, Mar 22

dereckson triaged T2107: j'aimerais avoir une présence permanente sur internet as Wishlist priority.
Sun, Mar 22, 23:58 · Eglide, security
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

Next: configure DNS records

Sun, Mar 22, 19:08 · security, Servers, IPv6
dereckson changed the visibility for T2143: Hash Tomcat credentials.
Sun, Mar 22, 19:04 · Servers, Nasqueron Docker deployment squad, security
dereckson shifted T2143: Hash Tomcat credentials from the Restricted Space space to the S1 Nasqueron space.
Sun, Mar 22, 19:03 · Servers, Nasqueron Docker deployment squad, security
dereckson closed T2143: Hash Tomcat credentials as Resolved.
Sun, Mar 22, 19:02 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts from Backlog to Infra on the Auth Grove board.
Sun, Mar 22, 18:30 · Auth Grove, User-Dereckson, security, Nasqueron Operations Squad
dereckson triaged T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts as Normal priority.
Sun, Mar 22, 18:29 · Auth Grove, User-Dereckson, security, Nasqueron Operations Squad
dereckson placed T1513: Propagate certificate to Openfire server up for grabs.
Sun, Mar 22, 18:21 · TLS certificates, XMPP, security, Servers
dereckson triaged T1513: Propagate certificate to Openfire server as Normal priority.
Sun, Mar 22, 18:21 · TLS certificates, XMPP, security, Servers

Sat, Mar 21

dereckson added a parent task for T1513: Propagate certificate to Openfire server: T2043: Switch to acme.sh instead of certbot.
Sat, Mar 21, 10:32 · TLS certificates, XMPP, security, Servers
dereckson updated subscribers of T1513: Propagate certificate to Openfire server.

Will need to be revisited when we switch to acme.sh.

Sat, Mar 21, 10:31 · TLS certificates, XMPP, security, Servers

Fri, Mar 20

dereckson triaged T2281: [irssi] Secure proxy module with TLS connection as Wishlist priority.
Fri, Mar 20, 21:51 · security, upstream, IRC, C
dereckson updated the title for P390 Anubis default botPolicies.yaml from botPolicies.yaml to Anubis default botPolicies.yaml.
Fri, Mar 20, 20:03 · security, Nasqueron Docker deployment squad, Servers

Feb 5 2026

dereckson closed T2210: fullchain.pem isn't automatically generated by acme.sh as Resolved by committing rOPSc9cb237e5e18: Automate acme.sh install-cert cmd.
Feb 5 2026, 22:53 · TLS certificates, security, Mail
DorianWinty added a revision to T2210: fullchain.pem isn't automatically generated by acme.sh: D3906: Automate acme.sh install-cert cmd.
Feb 5 2026, 22:04 · TLS certificates, security, Mail
dereckson claimed T2210: fullchain.pem isn't automatically generated by acme.sh.

Patched it live.

Feb 5 2026, 21:48 · TLS certificates, security, Mail
dereckson updated subscribers of T2210: fullchain.pem isn't automatically generated by acme.sh.
Feb 5 2026, 19:52 · TLS certificates, security, Mail
dereckson triaged T2210: fullchain.pem isn't automatically generated by acme.sh as High priority.
Feb 5 2026, 19:52 · TLS certificates, security, Mail

Feb 3 2026

dereckson closed T2198: Create new account for duranzed for Samy as Resolved.
Feb 3 2026, 18:57 · security, Servers
dereckson added a revision to T2198: Create new account for duranzed for Samy: D3899: Add duranzed to shell users.
Feb 3 2026, 18:57 · security, Servers
dereckson reassigned T2198: Create new account for duranzed for Samy from dereckson to Duranzed.
Feb 3 2026, 18:56 · security, Servers
dereckson renamed T2198: Create new account for duranzed for Samy from SSH pubkey to add to Create new account for duranzed for Samy.
Feb 3 2026, 18:56 · security, Servers

Nov 10 2025

dereckson added a comment to T2183: Detect legacy SHA-1 RSA keys.

Bruteforce attack scenario possible, so we're only interested by usernames defined in users.sls, not by "root" (can't login by SSH) or generic accounts like "docker" (doesn't exist):

Nov 10 2025, 01:57 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:55 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:47 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:16 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

Oct 25 2025

dereckson moved T1145: Don't truncate passwords from Backlog to General bug & features on the C board.
Oct 25 2025, 23:15 · C, security, Odderon
dereckson moved T1292: userlist.db is saved in 644 from Backlog to Network / System on the C board.
Oct 25 2025, 23:15 · C, good-first-issue, security, Odderon
dereckson added a project to T1145: Don't truncate passwords: C.
Oct 25 2025, 23:12 · C, security, Odderon
dereckson added a project to T1292: userlist.db is saved in 644: C.
Oct 25 2025, 23:12 · C, good-first-issue, security, Odderon

Oct 24 2025

dereckson added a comment to T2155: Review rotation for acme.sh logs.

Same issue for rhyne-wyse.log. Configuration was copied from acme.sh one.

Oct 24 2025, 23:05 · TLS certificates, Restricted Project, security, Servers
dereckson closed T2132: Propagate acme.sh certificate so Dovecot can read it as Resolved.
Oct 24 2025, 19:33 · TLS certificates, security, Mail, Restricted Project

Oct 20 2025

dereckson added a parent task for T2155: Review rotation for acme.sh logs: T2043: Switch to acme.sh instead of certbot.
Oct 20 2025, 23:06 · TLS certificates, Restricted Project, security, Servers
dereckson triaged T2155: Review rotation for acme.sh logs as Normal priority.
Oct 20 2025, 22:52 · TLS certificates, Restricted Project, security, Servers
dereckson added a project to T2154: IPv6 support for ns1.nasqueron.org: security.
Oct 20 2025, 22:49 · Servers, IPv6, DNS

Oct 13 2025

dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the Nasqueron Docker deployment squad board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the Servers board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the security board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson added a comment to T2143: Hash Tomcat credentials.

Credentials have been hashed directly in Vault, so we don't need to manipulate cleartext password with Salt.
Salt updated the tomcat-users.xml accordingly.

Oct 13 2025, 22:42 · Servers, Nasqueron Docker deployment squad, security
dereckson added a revision to T2143: Hash Tomcat credentials: D3755: Configure Tomcat server explicitly.
Oct 13 2025, 20:47 · Servers, Nasqueron Docker deployment squad, security
dereckson added a revision to T2143: Hash Tomcat credentials: D3754: Use target name instead of generic name for orbeon.xml.
Oct 13 2025, 20:27 · Servers, Nasqueron Docker deployment squad, security
dereckson triaged T2143: Hash Tomcat credentials as High priority.
Oct 13 2025, 20:24 · Servers, Nasqueron Docker deployment squad, security

Oct 11 2025

dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog to Need dev on the documentation board.
Oct 11 2025, 11:53 · upsection, security, documentation, IRC, Dæghrefn
dereckson moved T1657: Convert docs. for Uspection use from Backlog to Need dev on the documentation board.
Oct 11 2025, 11:53 · upsection, security, documentation
dereckson closed T1765: SELinux context is missing for /etc/nginx configuration files as Resolved.

The full /etc/nginx directories on both docker-002 and dwellers use httpd_config_t for every file.

Oct 11 2025, 11:44 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T1765: SELinux context is missing for /etc/nginx configuration files.
Oct 11 2025, 11:39 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

Oct 10 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Oct 10 2025, 22:25 · TLS certificates, security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog to Pending review on the security board.
Oct 10 2025, 22:24 · TLS certificates, security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog - On hold pending T1475 to Pending review on the Mail board.
Oct 10 2025, 22:24 · TLS certificates, security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3732: Enforce correct attributes for acme.sh private keys.
Oct 10 2025, 22:19 · TLS certificates, security, Mail, Restricted Project
dereckson claimed T2132: Propagate acme.sh certificate so Dovecot can read it.
Oct 10 2025, 22:07 · TLS certificates, security, Mail, Restricted Project

Oct 9 2025

dereckson added a comment to T1878: Allow to run queries for reporting.

Alternatively, we made a lot of progress on this in T2124.

Oct 9 2025, 14:41 · Monitoring and reporting, security, DBA, Servers

Oct 6 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Oct 6 2025, 09:43 · TLS certificates, security, Mail, Restricted Project

Sep 23 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Sep 23 2025, 17:19 · TLS certificates, security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Sep 23 2025, 17:18 · TLS certificates, security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3712: Share /var/certificates/<domain> for all mail services.
Sep 23 2025, 17:14 · TLS certificates, security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Sep 23 2025, 16:42 · TLS certificates, security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Sep 23 2025, 16:42 · TLS certificates, security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Sep 23 2025, 16:22 · TLS certificates, security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sep 23 2025, 16:21 · TLS certificates, security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3711: Correct path for dovecot certificates.
Sep 23 2025, 16:19 · TLS certificates, security, Mail, Restricted Project

Sep 22 2025

dereckson triaged T2132: Propagate acme.sh certificate so Dovecot can read it as High priority.
Sep 22 2025, 21:32 · TLS certificates, security, Mail, Restricted Project

Sep 18 2025

dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Sep 18 2025, 22:22 · security, Servers, Vault
dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Sep 18 2025, 22:05 · security, Servers, Vault
dereckson added a comment to T2040: Supersede Vault by OpenBao.

So, there is a new reason to do the upgrade.

Sep 18 2025, 22:04 · security, Servers, Vault

Sep 14 2025

dereckson moved T1580: Deploy ACME-specific DNS server from DNS Server / KnotDNS to AcmeDNS on the DNS board.
Sep 14 2025, 23:11 · TLS certificates, Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sep 14 2025, 23:10 · TLS certificates, Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1928: Serve CAA DNS records from Backlog to DNS records on the DNS board.
Sep 14 2025, 23:10 · TLS certificates, Servers, DNS, security

Sep 10 2025

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTPS certificate automatically to Renew Vault web server certificate automatically.
Sep 10 2025, 19:38 · TLS certificates, security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTP certificate automatically to Renew Vault HTTPS certificate automatically.
Sep 10 2025, 19:38 · TLS certificates, security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault certificate to Renew Vault HTTP certificate automatically.
Sep 10 2025, 19:38 · TLS certificates, security, Servers
dereckson added a revision to T2112: Renew Vault web server certificate automatically: D3657: Renew Vault intermediate authority certificate.
Sep 10 2025, 19:34 · TLS certificates, security, Servers
dereckson added a comment to T2112: Renew Vault web server certificate automatically.

First step is to create a script to renew all needed certificates:

Sep 10 2025, 19:31 · TLS certificates, security, Servers

May 18 2025

dereckson added a project to T2115: Update Dwellers packages: security.
May 18 2025, 09:06 · Servers
dereckson triaged T2112: Renew Vault web server certificate automatically as High priority.
May 18 2025, 08:46 · TLS certificates, security, Servers

Apr 5 2025

dereckson added a comment to T2107: j'aimerais avoir une présence permanente sur internet.

Une fois que tu as retrouvé les accès SSH pour le web statique:

Apr 5 2025, 13:55 · Eglide, security
dereckson added projects to T2107: j'aimerais avoir une présence permanente sur internet: security, Eglide.
Apr 5 2025, 13:51 · Eglide, security

Nov 2 2024

dereckson created Blog Post: SSH keys fingerprints for Dwellers.
Nov 2 2024, 18:17 · Servers, security

Oct 27 2024

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.
Oct 27 2024, 01:09 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Servers config to Require Salt dev on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Servers config on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson triaged T2075: Generate SSH keys for backup purpose as Normal priority.
Oct 27 2024, 00:58 · security, Servers, Backups, Salt

Oct 23 2024

dereckson closed T2051: Can't renew TLS certificates verified through HTTP on docker engines as Resolved by committing rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.
Oct 23 2024, 16:38 · TLS certificates, security, Nasqueron Docker deployment squad, Servers

Oct 13 2024

dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Knowledge sharing is needed on the IPv6 board.
Oct 13 2024, 12:04 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

So, to get routing back:

Oct 13 2024, 12:03 · security, Servers, IPv6

Oct 12 2024

dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog - Docker to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 10:21 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson closed T619: Allow to control from TC2 the Docker engine as Wontfix.

Not sure of the current benefit to use TC2.

Oct 12 2024, 10:16 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T1486: Evaluate Archery from Backlog to Not for this sprint on the Operations sprints (Move the ambiant lights) board.
Oct 12 2024, 10:07 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 09:48 · TLS certificates, Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson edited projects for T1602: Provision ACME DNS credentials for core domains on each servers, added: Operations sprints (Ignite Alkane Propulsion); removed Operations sprints (Consolidate them all).
Oct 12 2024, 09:47 · TLS certificates, Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Pending review to Not for this sprint on the Operations sprints (Consolidate them all) board.
Oct 12 2024, 09:47 · TLS certificates, Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a comment to T1602: Provision ACME DNS credentials for core domains on each servers.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Oct 12 2024, 09:47 · TLS certificates, Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a subtask for T1602: Provision ACME DNS credentials for core domains on each servers: T1599: Install TLS wildcard certificates for nginx fallback vhost.
Oct 12 2024, 09:44 · TLS certificates, Operations sprints (Ignite Alkane Propulsion), security, Servers

Oct 9 2024

dereckson lowered the priority of T2051: Can't renew TLS certificates verified through HTTP on docker engines from High to Normal.
Oct 9 2024, 18:45 · TLS certificates, security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:45 · TLS certificates, security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Salt SELinux module issue

Oct 9 2024, 18:45 · TLS certificates, security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:07 · TLS certificates, security, Nasqueron Docker deployment squad, Servers
dereckson added a revision to T2051: Can't renew TLS certificates verified through HTTP on docker engines: D3501: Allow nginx to read /.well-known/acme-challenge.
Oct 9 2024, 17:48 · TLS certificates, security, Nasqueron Docker deployment squad, Servers
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator