Page MenuHomeDevCentral
Projects security

securityTag
ActivePublic
Watch Project

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity
View All

Sat, Oct 11

dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog to Need dev on the documentation board.
Sat, Oct 11, 11:53 · upsection, security, documentation, IRC, Dæghrefn
dereckson moved T1657: Convert docs. for Uspection use from Backlog to Need dev on the documentation board.
Sat, Oct 11, 11:53 · upsection, security, documentation
dereckson closed T1765: SELinux context is missing for /etc/nginx configuration files as Resolved.

The full /etc/nginx directories on both docker-002 and dwellers use httpd_config_t for every file.

Sat, Oct 11, 11:44 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T1765: SELinux context is missing for /etc/nginx configuration files.
Sat, Oct 11, 11:39 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

Fri, Oct 10

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Fri, Oct 10, 22:25 · security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog to Pending review on the security board.
Fri, Oct 10, 22:24 · security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog - On hold pending T1475 to Pending review on the Mail board.
Fri, Oct 10, 22:24 · security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3732: Enforce correct attributes for acme.sh private keys.
Fri, Oct 10, 22:19 · security, Mail, Restricted Project
dereckson claimed T2132: Propagate acme.sh certificate so Dovecot can read it.
Fri, Oct 10, 22:07 · security, Mail, Restricted Project

Thu, Oct 9

dereckson added a comment to T1878: Allow to run queries for reporting.

Alternatively, we made a lot of progress on this in T2124.

Thu, Oct 9, 14:41 · Monitoring and reporting, security, DBA, Servers

Mon, Oct 6

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Mon, Oct 6, 09:43 · security, Mail, Restricted Project

Tue, Sep 23

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 17:19 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 17:18 · security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3712: Share /var/certificates/<domain> for all mail services.
Tue, Sep 23, 17:14 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:42 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:42 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:22 · security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Sep 23, 16:21 · security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3711: Correct path for dovecot certificates.
Tue, Sep 23, 16:19 · security, Mail, Restricted Project

Mon, Sep 22

dereckson triaged T2132: Propagate acme.sh certificate so Dovecot can read it as High priority.
Mon, Sep 22, 21:32 · security, Mail, Restricted Project

Thu, Sep 18

dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:22 · security, Servers, Vault
dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:05 · security, Servers, Vault
dereckson added a comment to T2040: Supersede Vault by OpenBao.

So, there is a new reason to do the upgrade.

Thu, Sep 18, 22:04 · security, Servers, Vault

Sep 14 2025

dereckson moved T1580: Deploy ACME-specific DNS server from DNS Server / KnotDNS to AcmeDNS on the DNS board.
Sep 14 2025, 23:11 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sep 14 2025, 23:10 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1928: Serve CAA DNS records from Backlog to DNS records on the DNS board.
Sep 14 2025, 23:10 · Servers, DNS, security

Sep 10 2025

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTPS certificate automatically to Renew Vault web server certificate automatically.
Sep 10 2025, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTP certificate automatically to Renew Vault HTTPS certificate automatically.
Sep 10 2025, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault certificate to Renew Vault HTTP certificate automatically.
Sep 10 2025, 19:38 · security, Servers
dereckson added a revision to T2112: Renew Vault web server certificate automatically: D3657: Renew Vault intermediate authority certificate.
Sep 10 2025, 19:34 · security, Servers
dereckson added a comment to T2112: Renew Vault web server certificate automatically.

First step is to create a script to renew all needed certificates:

Sep 10 2025, 19:31 · security, Servers

May 18 2025

dereckson added a project to T2115: Update Dwellers packages: security.
May 18 2025, 09:06 · Servers
dereckson triaged T2112: Renew Vault web server certificate automatically as High priority.
May 18 2025, 08:46 · security, Servers

Apr 5 2025

dereckson added a comment to T2107: j'aimerais avoir une présence permanente sur internet.

Une fois que tu as retrouvé les accès SSH pour le web statique:

Apr 5 2025, 13:55 · Eglide, security
dereckson added projects to T2107: j'aimerais avoir une présence permanente sur internet: security, Eglide.
Apr 5 2025, 13:51 · Eglide, security

Nov 2 2024

dereckson created Blog Post: SSH keys fingerprints for Dwellers.
Nov 2 2024, 18:17 · Servers, security

Oct 27 2024

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.
Oct 27 2024, 01:09 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Servers config to Require Salt dev on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Servers config on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson triaged T2075: Generate SSH keys for backup purpose as Normal priority.
Oct 27 2024, 00:58 · security, Servers, Backups, Salt

Oct 23 2024

dereckson closed T2051: Can't renew TLS certificates verified through HTTP on docker engines as Resolved by committing rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.
Oct 23 2024, 16:38 · security, Nasqueron Docker deployment squad, Servers

Oct 13 2024

dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Knowledge sharing is needed on the IPv6 board.
Oct 13 2024, 12:04 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

So, to get routing back:

Oct 13 2024, 12:03 · security, Servers, IPv6

Oct 12 2024

dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog - Docker to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 10:21 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson closed T619: Allow to control from TC2 the Docker engine as Wontfix.

Not sure of the current benefit to use TC2.

Oct 12 2024, 10:16 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T1486: Evaluate Archery from Backlog to Not for this sprint on the Operations sprints (Move the ambiant lights) board.
Oct 12 2024, 10:07 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 09:48 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson edited projects for T1602: Provision ACME DNS credentials for core domains on each servers, added: Operations sprints (Ignite Alkane Propulsion); removed Operations sprints (Consolidate them all).
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Pending review to Not for this sprint on the Operations sprints (Consolidate them all) board.
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a comment to T1602: Provision ACME DNS credentials for core domains on each servers.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator