Projects security

securityTag
ActivePublic
Watch Project

Members (1)

dereckson (Sébastien Santoro)
Nasqueron founder
View All

Watchers

This project does not have any watchers.
View All

Details

Description

This tag identifies security issue.

Recent Activity
View All

May 18 2025

dereckson added a project to T2115: Update Dwellers packages: security.

May 18 2025, 09:06 · Servers

dereckson triaged T2112: Renew Vault certificate as High priority.

May 18 2025, 08:46 · security, Servers

Apr 5 2025

dereckson added a comment to T2107: j'aimerais avoir une présence permanente sur internet.

Une fois que tu as retrouvé les accès SSH pour le web statique:

WindRiver: automatiquement https://windriver.nasqueron.org/~xcombelle est disponible si tu places des fichiers dans /var/home-wwwroot/xcombelle (je ne sais plus si ça se crée automatiquement avec symlink vers $HOME/public_html, à vérifier)
Eglide: https://www.eglide.org/~xcombelle pour $HOME/public_html

Apr 5 2025, 13:55 · Eglide, security

dereckson added projects to T2107: j'aimerais avoir une présence permanente sur internet: security, Eglide.

Apr 5 2025, 13:51 · Eglide, security

Nov 2 2024

dereckson created Blog Post: SSH keys fingerprints for Dwellers.

Nov 2 2024, 18:17 · Servers, security

Oct 27 2024

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.

Oct 27 2024, 01:09 · security, Servers, Backups, Salt

dereckson moved T2075: Generate SSH keys for backup purpose from Servers config to Require Salt dev on the Salt board.

Oct 27 2024, 01:00 · security, Servers, Backups, Salt

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Servers config on the Salt board.

Oct 27 2024, 01:00 · security, Servers, Backups, Salt

dereckson triaged T2075: Generate SSH keys for backup purpose as Normal priority.

Oct 27 2024, 00:58 · security, Servers, Backups, Salt

Oct 23 2024

dereckson closed T2051: Can't renew TLS certificates verified through HTTP on docker engines as Resolved by committing rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.

Oct 23 2024, 16:38 · security, Nasqueron Docker deployment squad, Servers

Oct 13 2024

dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Knowledge sharing is needed on the IPv6 board.

Oct 13 2024, 12:04 · security, Servers, IPv6

dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

So, to get routing back:

Oct 13 2024, 12:03 · security, Servers, IPv6

Oct 12 2024

dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog - Docker to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.

Oct 12 2024, 10:21 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

dereckson closed T619: Allow to control from TC2 the Docker engine as Wontfix.

Not sure of the current benefit to use TC2.

Oct 12 2024, 10:16 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn

dereckson moved T1486: Evaluate Archery from Backlog to Not for this sprint on the Operations sprints (Move the ambiant lights) board.

Oct 12 2024, 10:07 · security, Product evaluation, Operations sprints (Move the ambiant lights)

dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.

Oct 12 2024, 09:48 · Operations sprints (Ignite Alkane Propulsion), security, Servers

dereckson edited projects for T1602: Provision ACME DNS credentials for core domains on each servers, added: Operations sprints (Ignite Alkane Propulsion); removed Operations sprints (Consolidate them all).

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers

dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Pending review to Not for this sprint on the Operations sprints (Consolidate them all) board.

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers

dereckson added a comment to T1602: Provision ACME DNS credentials for core domains on each servers.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers

dereckson added a subtask for T1602: Provision ACME DNS credentials for core domains on each servers: T1599: Install TLS wildcard certificates for nginx fallback vhost.

Oct 12 2024, 09:44 · Operations sprints (Ignite Alkane Propulsion), security, Servers

Oct 9 2024

dereckson lowered the priority of T2051: Can't renew TLS certificates verified through HTTP on docker engines from High to Normal.

Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers

dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers

dereckson added a comment to T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Salt SELinux module issue

Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers

dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Oct 9 2024, 18:07 · security, Nasqueron Docker deployment squad, Servers

dereckson added a revision to T2051: Can't renew TLS certificates verified through HTTP on docker engines: D3501: Allow nginx to read /.well-known/acme-challenge.

Oct 9 2024, 17:48 · security, Nasqueron Docker deployment squad, Servers

dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Pending review on the Servers board.

Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers

dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Working on on the Nasqueron Docker deployment squad board.

SELinux context was the default for anything created under /var, which we didn't allow and aren't interested to allow for nginx.

Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers

dereckson triaged T2051: Can't renew TLS certificates verified through HTTP on docker engines as High priority.

Oct 9 2024, 16:02 · security, Nasqueron Docker deployment squad, Servers

dereckson created T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Oct 9 2024, 16:01 · security, Nasqueron Docker deployment squad, Servers

Oct 3 2024

dereckson created Blog Post: WindRiver moved to a new home. New SSH keys..

Oct 3 2024, 19:42 · security, Servers

dereckson added a comment to T2040: Supersede Vault by OpenBao.

Yes, it's a fork from Vault 1.14 so we've all the features of token generation. back to the shorter s. tokens).

Oct 3 2024, 17:26 · security, Servers, Vault

DorianWinty added a comment to T2040: Supersede Vault by OpenBao.

about the UI it could be usefull managing secrets more easyly

Oct 3 2024, 17:23 · security, Servers, Vault

dereckson moved T2040: Supersede Vault by OpenBao from Backlog to Analysis / under discussion on the Servers board.

Oct 3 2024, 15:21 · security, Servers, Vault

dereckson triaged T2040: Supersede Vault by OpenBao as Normal priority.

Oct 3 2024, 15:21 · security, Servers, Vault

Sep 12 2024

dereckson shifted T1996: Servers on hyper-001 have network issues from the Restricted Space space to the S1 Nasqueron space.

Sep 12 2024, 18:16 · security, Servers

dereckson closed T1996: Servers on hyper-001 have network issues as Wontfix.

Can't repro

Sep 12 2024, 18:15 · security, Servers

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3441: Prune Zemke-Rhyne.

Sep 12 2024, 17:02 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Sep 8 2024

Sandlayth closed T2013: Add new public ssh-key belonging to user sandlayth as Resolved by committing rOPS257aa8d9e00c: Add new public ssh-key belonging to user sandlayth.

Sep 8 2024, 09:07 · security, Servers

Sandlayth added a revision to T2013: Add new public ssh-key belonging to user sandlayth: D3433: Add new public ssh-key belonging to user sandlayth.

Sep 8 2024, 09:06 · security, Servers

Sep 5 2024

Sandlayth triaged T2013: Add new public ssh-key belonging to user sandlayth as Low priority.

Sep 5 2024, 20:40 · security, Servers

Aug 17 2024

dereckson closed T853: Deploy a Let's encrypt certificate to the Mumble server as Wontfix.

Mumble isn't currently in scope.

Aug 17 2024, 14:56 · good-first-issue, Mumble, security, Servers

dereckson closed T853: Deploy a Let's encrypt certificate to the Mumble server, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Wontfix.

Aug 17 2024, 14:56 · security, Servers

Aug 4 2024

dereckson closed T1928: Serve CAA DNS records as Resolved.

Both are already set in DNS:

Aug 4 2024, 17:45 · Servers, DNS, security

dereckson added a comment to T1928: Serve CAA DNS records.

We use a wildcard certificate, so issuewild is needed, yes.

Aug 4 2024, 17:44 · Servers, DNS, security

dereckson claimed T1928: Serve CAA DNS records.

Aug 4 2024, 17:43 · Servers, DNS, security

dereckson moved T1879: Draft a 2FA policy from Backlog to Nasqueron Operations SIG on the discussion board.

Aug 4 2024, 17:42 · discussion, security, DevCentral

dereckson updated subscribers of T1879: Draft a 2FA policy.

@Ash-Crow @fauve @rama @replicatorbe @Sandlayth @xcombelle Any feedback on this?

Aug 4 2024, 17:41 · discussion, security, DevCentral

dereckson triaged T1879: Draft a 2FA policy as High priority.

Aug 4 2024, 17:39 · discussion, security, DevCentral

dereckson triaged T1928: Serve CAA DNS records as High priority.

Aug 4 2024, 17:37 · Servers, DNS, security

Aug 3 2024

dereckson added a comment to T1996: Servers on hyper-001 have network issues.

From router-001 network looks good:

Aug 3 2024, 13:59 · security, Servers