Page MenuHomeDevCentral

securityTag
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity

Mon, Oct 6

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Mon, Oct 6, 09:43 · security, Mail, Restricted Project

Tue, Sep 23

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 17:19 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 17:18 · security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3712: Share /var/certificates/<domain> for all mail services.
Tue, Sep 23, 17:14 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:42 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:42 · security, Mail, Restricted Project
dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Tue, Sep 23, 16:22 · security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Sep 23, 16:21 · security, Mail, Restricted Project
dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3711: Correct path for dovecot certificates.
Tue, Sep 23, 16:19 · security, Mail, Restricted Project

Mon, Sep 22

dereckson triaged T2132: Propagate acme.sh certificate so Dovecot can read it as High priority.
Mon, Sep 22, 21:32 · security, Mail, Restricted Project

Thu, Sep 18

dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:22 · security, Servers, Vault
dereckson updated the task description for T2040: Supersede Vault by OpenBao.
Thu, Sep 18, 22:05 · security, Servers, Vault
dereckson added a comment to T2040: Supersede Vault by OpenBao.

So, there is a new reason to do the upgrade.

Thu, Sep 18, 22:04 · security, Servers, Vault

Sun, Sep 14

dereckson moved T1580: Deploy ACME-specific DNS server from DNS Server / KnotDNS to AcmeDNS on the DNS board.
Sun, Sep 14, 23:11 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to DNS Server / KnotDNS on the DNS board.
Sun, Sep 14, 23:10 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1928: Serve CAA DNS records from Backlog to DNS records on the DNS board.
Sun, Sep 14, 23:10 · Servers, DNS, security

Wed, Sep 10

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTPS certificate automatically to Renew Vault web server certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTP certificate automatically to Renew Vault HTTPS certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault certificate to Renew Vault HTTP certificate automatically.
Wed, Sep 10, 19:38 · security, Servers
dereckson added a revision to T2112: Renew Vault web server certificate automatically: D3657: Renew Vault intermediate authority certificate.
Wed, Sep 10, 19:34 · security, Servers
dereckson added a comment to T2112: Renew Vault web server certificate automatically.

First step is to create a script to renew all needed certificates:

Wed, Sep 10, 19:31 · security, Servers

May 18 2025

dereckson added a project to T2115: Update Dwellers packages: security.
May 18 2025, 09:06 · Servers
dereckson triaged T2112: Renew Vault web server certificate automatically as High priority.
May 18 2025, 08:46 · security, Servers

Apr 5 2025

dereckson added a comment to T2107: j'aimerais avoir une présence permanente sur internet.

Une fois que tu as retrouvé les accès SSH pour le web statique:

Apr 5 2025, 13:55 · Eglide, security
dereckson added projects to T2107: j'aimerais avoir une présence permanente sur internet: security, Eglide.
Apr 5 2025, 13:51 · Eglide, security

Nov 2 2024

dereckson created Blog Post: SSH keys fingerprints for Dwellers.
Nov 2 2024, 18:17 · Servers, security

Oct 27 2024

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.
Oct 27 2024, 01:09 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Servers config to Require Salt dev on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Servers config on the Salt board.
Oct 27 2024, 01:00 · security, Servers, Backups, Salt
dereckson triaged T2075: Generate SSH keys for backup purpose as Normal priority.
Oct 27 2024, 00:58 · security, Servers, Backups, Salt

Oct 23 2024

dereckson closed T2051: Can't renew TLS certificates verified through HTTP on docker engines as Resolved by committing rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.
Oct 23 2024, 16:38 · security, Nasqueron Docker deployment squad, Servers

Oct 13 2024

dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Knowledge sharing is needed on the IPv6 board.
Oct 13 2024, 12:04 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

So, to get routing back:

Oct 13 2024, 12:03 · security, Servers, IPv6

Oct 12 2024

dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog - Docker to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 10:21 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson closed T619: Allow to control from TC2 the Docker engine as Wontfix.

Not sure of the current benefit to use TC2.

Oct 12 2024, 10:16 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T1486: Evaluate Archery from Backlog to Not for this sprint on the Operations sprints (Move the ambiant lights) board.
Oct 12 2024, 10:07 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 09:48 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson edited projects for T1602: Provision ACME DNS credentials for core domains on each servers, added: Operations sprints (Ignite Alkane Propulsion); removed Operations sprints (Consolidate them all).
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Pending review to Not for this sprint on the Operations sprints (Consolidate them all) board.
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a comment to T1602: Provision ACME DNS credentials for core domains on each servers.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a subtask for T1602: Provision ACME DNS credentials for core domains on each servers: T1599: Install TLS wildcard certificates for nginx fallback vhost.
Oct 12 2024, 09:44 · Operations sprints (Ignite Alkane Propulsion), security, Servers

Oct 9 2024

dereckson lowered the priority of T2051: Can't renew TLS certificates verified through HTTP on docker engines from High to Normal.
Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Salt SELinux module issue

Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:07 · security, Nasqueron Docker deployment squad, Servers
dereckson added a revision to T2051: Can't renew TLS certificates verified through HTTP on docker engines: D3501: Allow nginx to read /.well-known/acme-challenge.
Oct 9 2024, 17:48 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Pending review on the Servers board.
Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Working on on the Nasqueron Docker deployment squad board.

SELinux context was the default for anything created under /var, which we didn't allow and aren't interested to allow for nginx.

Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson triaged T2051: Can't renew TLS certificates verified through HTTP on docker engines as High priority.
Oct 9 2024, 16:02 · security, Nasqueron Docker deployment squad, Servers
dereckson created T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 16:01 · security, Nasqueron Docker deployment squad, Servers