Mail bien reçu : `
ARC-Authentication-Results: i=1; mx.google.com;

spf=pass (google.com: domain of mediawiki-saas-no-reply@nasqueron.org designates 2001:41d0:303:d971::517e:c0de as permitted sender) smtp.mailfrom=mediawiki-saas-no-reply@nasqueron.org

Return-Path: <mediawiki-saas-no-reply@nasqueron.org>
Received: from web-001.nasqueron.drake (www-alkane.nasqueron.org. [2001:41d0:303:d971::517e:c0de])

by mx.google.com with ESMTP id ffacd0b85a97d-42e1ca54633si1934360f8f.947.2025.11.28.03.09.59
for <doba.guimartinien@gmail.com>;
Fri, 28 Nov 2025 03:10:00 -0800 (PST)

Received-SPF: pass (google.com: domain of mediawiki-saas-no-reply@nasqueron.org designates 2001:41d0:303:d971::517e:c0de as permitted sender) client-ip=2001:41d0:303:d971::517e:c0de;
Authentication-Results: mx.google.com;

spf=pass (google.com: domain of mediawiki-saas-no-reply@nasqueron.org designates 2001:41d0:303:d971::517e:c0de as permitted sender) smtp.mailfrom=mediawiki-saas-no-reply@nasqueron.org

Received: from mediawiki (uid 3004) (envelope-from mediawiki-saas-no-reply@nasqueron.org) id 1fd73 by web-001.nasqueron.drake (DragonFly Mail Agent v0.13+ on web-001.nasqueron.drake); Fri, 28 Nov 2025 11:09:58 +0000

SPF updated for nasqueron.org domain to allow web-001:

https://agora.nasqueron.org/Operations_grimoire/NTP#FreeBSD

Deployed on all FreeBSE servers with salt -G 'os:FreeBSD' state.apply roles/core/ntp

Action plan

Activer ntpd : nécessaire si le serveur doit aussi servir de source horaire à d'autres machines.

Let's go for that road, even if it's only for the local machine.

DNS record for SPF, TXT version, didn't include the IPs of web-001, now it's the case with D3892 (propagation still pending to nsX.he.net)

Dans le cadre de mes activités du jour, j'ai travaillé avec mon maître de scène sur un problème de synchronisation horaire détecté sur le serveur db-B-001, qui présentait un décalage de deux heures.
Ce problème a été documenté dans le rapport d'incident suivant :
https://agora.nasqueron.org/Operations_grimoire/Incidents/2025-11-25-MariaDB
Nous avons analysé la configuration actuelle : la synchronisation NTP est gérée par les scripts périodiques situés dans :

ntpq log shows it only works to print statistics when ntpd is launched.

ntpq log: https://termbin.com/1vu4

Configuration is ready.

Next step: deploy to docker-002, and ensure D3622 is already deployed there too.

@sandrined Could you publish the commit for this change for review?

Current status: deployed to Dwellers

Wiki account created. Password should have been sent by e-mail.

Deployed for WindRiver, server now runs on 17.6.

Confirmed for recent package:

Taking this, we've PostgreSQL deinstalled on WindRiver; as we're on a UNIX system, it still runs without any issue as long as it doesn't need to load dynamically a library, accepts connection, serves traffic but software isn't there anymore.

In T2185#33876, @dereckson wrote:

Each test run produces this:

Nov 11 02:29:33 windriver postgres[63389]: [19-1] 2025-11-11 02:29:33.804 UTC [63389] ERROR:  relation "nonexisting" does not exist at character 13
Nov 11 02:29:33 windriver postgres[63389]: [19-2] 2025-11-11 02:29:33.804 UTC [63389] STATEMENT:  DELETE FROM nonexisting
Nov 11 02:29:34 windriver postgres[63402]: [19-1] 2025-11-11 02:29:34.181 UTC [63402] ERROR:  relation "nonexisting" does not exist at character 15
Nov 11 02:29:34 windriver postgres[63402]: [19-2] 2025-11-11 02:29:34.181 UTC [63402] STATEMENT:  SELECT * FROM nonexisting
Nov 11 02:29:34 windriver postgres[63403]: [19-1] 2025-11-11 02:29:34.209 UTC [63403] ERROR:  relation "nonexisting" does not exist at character 15
Nov 11 02:29:34 windriver postgres[63403]: [19-2] 2025-11-11 02:29:34.209 UTC [63403] STATEMENT:  SELECT * FROM nonexisting
Nov 11 02:29:34 windriver postgres[63408]: [19-1] 2025-11-11 02:29:34.357 UTC [63408] ERROR:  relation "not_existing_table" does not exist
Nov 11 02:29:34 windriver postgres[63408]: [19-2] 2025-11-11 02:29:34.357 UTC [63408] STATEMENT:  TRUNCATE not_existing_table
Nov 11 02:29:34 windriver postgres[63409]: [19-1] 2025-11-11 02:29:34.385 UTC [63409] ERROR:  relation "not_existing" does not exist
Nov 11 02:29:34 windriver postgres[63409]: [19-2] 2025-11-11 02:29:34.385 UTC [63409] STATEMENT:  TRUNCATE not_existing
Nov 11 02:29:34 windriver postgres[63416]: [19-1] 2025-11-11 02:29:34.591 UTC [63416] FATAL:  password authentication failed for user "notexisting"
Nov 11 02:29:34 windriver postgres[63416]: [19-2] 2025-11-11 02:29:34.591 UTC [63416] DETAIL:  Role "notexisting" does not exist.
Nov 11 02:29:34 windriver postgres[63416]: [19-3]       Connection matched pg_hba.conf line 22: "host    all             all             127.0.0.1/32            scram-sha-256"

I guess we could avoid to post PostgreSQL logs directly in /var/log/messages.

Bruteforce attack scenario possible, so we're only interested by usernames defined in users.sls, not by "root" (can't login by SSH) or generic accounts like "docker" (doesn't exist):