Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Mon, Oct 6

dereckson added a revision to T2043: Switch to acme.sh instead of certbot: D3731: Sort acme.sh and certbot files.
Mon, Oct 6, 10:02 · Operations sprints (Ignite Alkane Propulsion), Servers
dereckson added a revision to T2043: Switch to acme.sh instead of certbot: D3712: Share /var/certificates/<domain> for all mail services.
Mon, Oct 6, 09:43 · Operations sprints (Ignite Alkane Propulsion), Servers

Fri, Sep 26

dereckson closed T2105: Use HE as secondary DNS server, a subtask of T1217: Host our DNS servers, as Resolved.
Fri, Sep 26, 00:26 · DNS, Servers
dereckson closed T2105: Use HE as secondary DNS server as Resolved.
Fri, Sep 26, 00:26 · DNS, Servers
dereckson closed T2105: Use HE as secondary DNS server, a subtask of T1218: Provision primary DNS server, as Resolved.
Fri, Sep 26, 00:26 · Restricted Project, DNS, Servers

Tue, Sep 23

dereckson added a revision to T2043: Switch to acme.sh instead of certbot: D3711: Correct path for dovecot certificates.
Tue, Sep 23, 16:18 · Operations sprints (Ignite Alkane Propulsion), Servers

Mon, Sep 22

dereckson moved T2124: Update reports automatically on Agora from Backlog to Pending review on the Servers board.
Mon, Sep 22, 21:46 · Servers, Agora
dereckson added a project to T2124: Update reports automatically on Agora: Servers.
Mon, Sep 22, 21:45 · Servers, Agora
dereckson added a comment to T1217: Host our DNS servers.

Dorian and me meet this evening to do the switch.

Mon, Sep 22, 21:03 · DNS, Servers
dereckson edited P372 DNS - Raw AXFR output - nasqueron.org.
Mon, Sep 22, 19:08 · DNS, Servers
dereckson moved T1427: Prepare a Jenkins job template for Rust CI from Backlog to Features on the Limiting Factor board.
Mon, Sep 22, 18:14 · Servers, Limiting Factor, Nasqueron API, Jenkins

Sun, Sep 21

dereckson triaged T2130: Rotate nginx logs on PaaS Docker as Normal priority.
Sun, Sep 21, 15:09 · Nasqueron Docker deployment squad, Servers
dereckson triaged T2129: Rotate nginx logs on FreeBSD servers as High priority.
Sun, Sep 21, 15:02 · privacy, Alkane, Servers

Sat, Sep 20

dereckson added a comment to T1762: Deploy NetBox.

Merged D3469 so we can have secrets.

Sat, Sep 20, 14:24 · Restricted Project, Servers, Drake network
dereckson added a revision to T1762: Deploy NetBox: D3469: Install netbox on new WindRiver.
Sat, Sep 20, 14:14 · Restricted Project, Servers, Drake network

Fri, Sep 19

dereckson added a comment to T1938: Non open-source infrastructure software policy.

We're testing OpenTofu and Terraform. We've a problem with providers: opentofu registry doesn't compile everything for FreeBSD...

Fri, Sep 19, 01:03 · discussion, Servers

Thu, Sep 18

dereckson updated the task description for T1938: Non open-source infrastructure software policy.
Thu, Sep 18, 22:38 · discussion, Servers
dereckson updated the task description for T1938: Non open-source infrastructure software policy.
Thu, Sep 18, 22:38 · discussion, Servers
dereckson added a comment to T1938: Non open-source infrastructure software policy.

AGPLv3 is an open source, we don't see any objection to it.

Thu, Sep 18, 22:36 · discussion, Servers
dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:22 · security, Servers, Vault
dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:05 · security, Servers, Vault
dereckson added a comment to T2040: Supersede Vault by OpenBao.

So, there is a new reason to do the upgrade.

Thu, Sep 18, 22:04 · security, Servers, Vault
dereckson added a revision to T1217: Host our DNS servers: D3691: Use @ syntax for zone apex.
Thu, Sep 18, 17:08 · DNS, Servers
dereckson added a revision to T1217: Host our DNS servers: D3690: Test DNS zone files.
Thu, Sep 18, 16:38 · DNS, Servers

Wed, Sep 17

dereckson renamed T1561: Improve igal2 compatibility with ImageMagick 7 from Allow igal2 to operate with ImageMagick 7 to Improve igal2 compatibility with ImageMagick 7.
Wed, Sep 17, 21:03 · upstream, Operations sprints (Consolidate them all), Technical debt, Servers, freebsd-port-wanted
dereckson added a comment to T1561: Improve igal2 compatibility with ImageMagick 7.

The port now depends of ImageMagick 7. ImageMagick provides compatibility commands:

Wed, Sep 17, 21:03 · upstream, Operations sprints (Consolidate them all), Technical debt, Servers, freebsd-port-wanted
dereckson closed T2044: Upgrade FreeBSD servers still on 14.0 to 14.1 as Resolved.

Activity done, not upgraded machines will be done with all others as part of T2103.

Wed, Sep 17, 20:56 · Servers
dereckson added a revision to T1939: Implement blue/green deployment or immutable artefacts for router-001: D3687: Provision router-002 on hyper-001.
Wed, Sep 17, 20:54 · Servers, Drake network
dereckson added a revision to T2103: Upgrade servers to FreeBSD 14.3: D3687: Provision router-002 on hyper-001.
Wed, Sep 17, 20:54 · Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3685: Avoid importlib.machinery.SourceFileLoader load_module use.
Wed, Sep 17, 16:42 · Technical debt, Servers

Sun, Sep 14

dereckson moved T1580: Deploy ACME-specific DNS server from DNS Server / KnotDNS to AcmeDNS on the DNS board.
Sun, Sep 14, 23:11 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T2021: Can't renew certificate with acme DNS plugin under Python 3.11 from Backlog to AcmeDNS on the DNS board.
Sun, Sep 14, 23:11 · DNS, Servers
dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:10 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1928: Serve CAA DNS records from Backlog to DNS records on the DNS board.
Sun, Sep 14, 23:10 · Servers, DNS, security
dereckson moved T761: Automate to create subdomains DNS records from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:09 · DNS, Servers
dereckson moved T1269: Update SSHFP records for ysul from Backlog to DNS records on the DNS board.
Sun, Sep 14, 23:09 · DNS, Operations sprints (The Dreadnought will produce new officers), Servers
dereckson moved T1925: No SRV record found for the repo 'Nasqueron' from Backlog to DNS records on the DNS board.
Sun, Sep 14, 23:09 · DNS, Servers
dereckson closed T2021: Can't renew certificate with acme DNS plugin under Python 3.11 as Resolved.

Not spot anymore. Python 3.11 is used on every FreeBSD systems now.

Sun, Sep 14, 23:09 · DNS, Servers
dereckson added a comment to T761: Automate to create subdomains DNS records.

Closing as a duplicate, as with T1217 task, automation is there:

  • new records can be submitted as a commit against zone file
  • new zones can be added by creating a new file and pillar entry
Sun, Sep 14, 23:08 · DNS, Servers
dereckson merged task T761: Automate to create subdomains DNS records into T1217: Host our DNS servers.
Sun, Sep 14, 23:06 · DNS, Servers
dereckson merged T761: Automate to create subdomains DNS records into T1217: Host our DNS servers.
Sun, Sep 14, 23:06 · DNS, Servers
dereckson moved T1218: Provision primary DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:05 · Restricted Project, DNS, Servers
dereckson moved T1217: Host our DNS servers from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:05 · DNS, Servers
dereckson added a project to T1217: Host our DNS servers: DNS.
Sun, Sep 14, 23:05 · DNS, Servers
dereckson closed T1219: Provision secondary DNS server, a subtask of T1217: Host our DNS servers, as Wontfix.
Sun, Sep 14, 23:04 · DNS, Servers
dereckson closed T1219: Provision secondary DNS server as Wontfix.

Per T2105, current solution is to use an external provider (Hurricane Electric?) to host our secondary zone.

Sun, Sep 14, 23:04 · DNS, Servers
dereckson moved T1219: Provision secondary DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:02 · DNS, Servers
dereckson moved T2014: Serve https://nasqueron.org from web-001 from Backlog to DNS records on the DNS board.
Sun, Sep 14, 23:02 · Alkane, DNS, Servers
dereckson moved T2105: Use HE as secondary DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:02 · DNS, Servers
dereckson moved T1610: Deploy Jitsi Meet instance from Current focus to Backlog on the Product evaluation board.
Sun, Sep 14, 22:14 · Operations sprints (Ignite Alkane Propulsion), Wolfplex migration, XMPP, Nasqueron Docker deployment squad, Servers, Product evaluation
dereckson renamed T2125: Review Vault policies from vault_secrets_by_role from Review Vault policies to Review Vault policies from vault_secrets_by_role.
Sun, Sep 14, 00:58 · Nasqueron Docker deployment squad, Servers
dereckson triaged T2125: Review Vault policies from vault_secrets_by_role as High priority.
Sun, Sep 14, 00:57 · Nasqueron Docker deployment squad, Servers

Fri, Sep 12

dereckson moved T2123: Fix tests for operations repository from Backlog to Ops on the Technical debt board.
Fri, Sep 12, 17:51 · Technical debt, Servers
dereckson moved T2123: Fix tests for operations repository from Backlog to Pending review on the Servers board.
Fri, Sep 12, 17:51 · Technical debt, Servers
dereckson added a comment to T2123: Fix tests for operations repository.
In T2123#32403, @dereckson wrote:

Tests fix commits will be aggregated in datacube T2123-improve-tests-suite branch, so we can have a look of what's remaining to fix.

Fri, Sep 12, 17:50 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3665: Prune unused webserver-content index generator.
Fri, Sep 12, 17:46 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3664: Deploy the monitoring Vault policy.
Fri, Sep 12, 17:19 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3663: Fix node.resolve_network tests.
Fri, Sep 12, 17:15 · Technical debt, Servers

Thu, Sep 11

dereckson added a revision to T2123: Fix tests for operations repository: D3662: Read flatter docker_networks pillar.
Thu, Sep 11, 23:56 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3661: Avoid unittest deprecated aliases.
Thu, Sep 11, 23:09 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3660: Fix docker_containers app_port/host test.
Thu, Sep 11, 22:58 · Technical debt, Servers
dereckson added a comment to T2123: Fix tests for operations repository.

Tests commits will be aggregates in datacube T2123-improve-tests-suite branch, so we can have a look of what's remaining to fix.

Thu, Sep 11, 22:18 · Technical debt, Servers
dereckson added a revision to T2123: Fix tests for operations repository: D3659: Handle ssh_keys_by_forest and everywhere_tasks in pillar users test.
Thu, Sep 11, 22:16 · Technical debt, Servers
dereckson updated subscribers of T2123: Fix tests for operations repository.

Going to take this, as I wrote the tests suite, @DorianWinty will review.

Thu, Sep 11, 22:15 · Technical debt, Servers
dereckson triaged T2123: Fix tests for operations repository as High priority.
Thu, Sep 11, 22:15 · Technical debt, Servers

Wed, Sep 10

dereckson added a comment to T2067: Deploy an OpenBSD server.

Why not port encrypt to FreeBSD?

Wed, Sep 10, 22:57 · Servers
dereckson added a comment to T2081: Deploy Snuffleupagus.

Support for PHP 8.4 is still there.

Wed, Sep 10, 22:56 · PHP 8.x support, Product evaluation, Servers, Alkane
dereckson closed T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship as Resolved by committing rOPSe5ec87dfe258: Allow systemd-hostnamed to create socket when called from Varlink.
Wed, Sep 10, 22:51 · Servers
dereckson closed T2115: Update Dwellers packages as Resolved.

Uninstalled certbot.
Pruned old Python 3 dependencies.
Updated EPEL repo to epel-release-10-6
Updated packages
Reinstalled certbot, now running under Python 3.12 too.

Wed, Sep 10, 22:30 · Servers
dereckson added a comment to T2115: Update Dwellers packages.

Just for information, working on T2113, I've first updated the packages non related to that conflict, so I had fresh packages for both systemd and selinux config.

Wed, Sep 10, 22:24 · Servers
dereckson added a comment to T2122: Package starship for EPEL.

https://snapcraft.io/starship - last update: 27 April 2023 - latest/edge

Wed, Sep 10, 22:10 · Servers
dereckson added a revision to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship: D3658: Allow systemd-hostnamed to create socket when called from Varlink.
Wed, Sep 10, 22:06 · Servers
dereckson added a comment to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship.

Was looking to offer a fix upstream, like read hostname from /proc/sys/kernel/hostname on Linux, but then I've realised this is an interaction issue with snap, starship, systemd and SELinux.

Wed, Sep 10, 22:03 · Servers
dereckson triaged T2122: Package starship for EPEL as Low priority.
Wed, Sep 10, 22:00 · Servers
dereckson added a comment to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship.

Decreasing priority, as it only occurs with Starship.

Wed, Sep 10, 21:12 · Servers
dereckson renamed T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship from systemd-hostnamed service can't be launched - SELinux blocks it to systemd-hostnamed service can't be launched - SELinux blocks it - starship.
Wed, Sep 10, 21:11 · Servers
dereckson added a comment to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship.

Normal behavior observed with the policy:

Wed, Sep 10, 21:10 · Servers
dereckson added a comment to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship.

Still an error with last packages versions.

Wed, Sep 10, 21:09 · Servers
dereckson added a comment to T2113: systemd-hostnamed service can't be launched - SELinux blocks it - starship.

audit2allow policy

Wed, Sep 10, 21:01 · Servers
dereckson added a comment to T2103: Upgrade servers to FreeBSD 14.3.

Bumping for 14.3, are still going on, it makes sense to target latest version

Wed, Sep 10, 19:41 · Servers
dereckson renamed T2103: Upgrade servers to FreeBSD 14.3 from Upgrade servers to FreeBSD 14.2 to Upgrade servers to FreeBSD 14.3.
Wed, Sep 10, 19:41 · Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTPS certificate automatically to Renew Vault web server certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTP certificate automatically to Renew Vault HTTPS certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault certificate to Renew Vault HTTP certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson added a revision to T2112: Renew Vault web server certificate automatically: D3657: Renew Vault intermediate authority certificate.
Wed, Sep 10, 19:34 · security, Servers
dereckson added a comment to T2112: Renew Vault web server certificate automatically.

First step is to create a script to renew all needed certificates:

Wed, Sep 10, 19:31 · security, Servers
dereckson closed T2116: Drop of OCSP Service as Resolved.
Wed, Sep 10, 19:01 · Servers, Nasqueron Operations Squad
dereckson added a comment to T2116: Drop of OCSP Service.

Applied to Hervil, was missing there.

Wed, Sep 10, 19:01 · Servers, Nasqueron Operations Squad

Sep 2 2025

DorianWinty added a revision to T1217: Host our DNS servers: D3654: Define nasqueron.org DNS zone.
Sep 2 2025, 20:41 · DNS, Servers
DorianWinty added a revision to T1217: Host our DNS servers: D3652: Define testdom for ook.space to test on windriver dns.
Sep 2 2025, 17:52 · DNS, Servers
dereckson edited P372 DNS - Raw AXFR output - nasqueron.org.
Sep 2 2025, 17:03 · DNS, Servers

Aug 31 2025

dereckson closed T2120: Don't allow infinite grow of MariaDB binary log as Resolved by committing rOPS9e78009934a7: Sets the MariaDB binary log expiration.
Aug 31 2025, 15:48 · DBA, Servers
dereckson added a comment to T2017: Install WindRiver replacement server.

Find more easily the gateway

Aug 31 2025, 15:31 · Servers

Jul 27 2025

dereckson added a revision to T2120: Don't allow infinite grow of MariaDB binary log: D3645: Sets the MariaDB binary log expiration.
Jul 27 2025, 15:51 · DBA, Servers
dereckson added a comment to T2120: Don't allow infinite grow of MariaDB binary log.

For reference, the configuration contains max_binlog_size = 1000M. This only affects the maximal size of ONE log file, but it can create as many as needed.

Jul 27 2025, 15:47 · DBA, Servers
dereckson added a comment to T2120: Don't allow infinite grow of MariaDB binary log.

For dbserver-mysql role, configuration is located at roles/dbserver-mysql/mysql-server/files/conf.d/server.cnf

Jul 27 2025, 15:45 · DBA, Servers
dereckson triaged T2120: Don't allow infinite grow of MariaDB binary log as High priority.
Jul 27 2025, 15:40 · DBA, Servers

Jun 12 2025

DorianWinty added a revision to T1217: Host our DNS servers: D3641: Get public IPV6 from servers.
Jun 12 2025, 19:06 · DNS, Servers

Jun 11 2025

DorianWinty added a revision to T1217: Host our DNS servers: D3640: Deploy KnotDNS on dns server.
Jun 11 2025, 17:37 · DNS, Servers

Jun 3 2025

dereckson closed T2118: Load pefs module automatically on devserver role on boot as Resolved by committing rOPS5f9cc5dbd472: Load pefs module at boot time.
Jun 3 2025, 18:38 · Servers
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator