Commit graph

543 commits

Author SHA1 Message Date
4a102117a4
feat(storage01): Init victoria-metrics DB 2024-10-22 13:07:07 +02:00
969f59fbc4
feat(web03): Deploy the new annuaire 2024-10-21 20:03:20 +02:00
sinavir
e993d6de34 fix(stateless-uptime-kuma): Typo in domain name 2024-10-21 12:25:18 +02:00
sinavir
e0eb7bbf7c fix(stateless-uptime-kuma): Correct probes for ollama and s3-api 2024-10-21 12:16:00 +02:00
a93a64d747
feat(forgejo): Send email to admins when new users appear 2024-10-21 09:33:40 +02:00
51133e6e5f
feat(netbird): Update 2024-10-20 23:01:14 +02:00
f0b3d4b490
feat(kanidm): Use kanidm-provision to setup active members 2024-10-18 14:36:38 +02:00
sinavir
e7edf29e11 fix(ollama-proxy): Use ip instead of vpn domain name
VPN dns is slow to start so nginx will fail
2024-10-18 12:45:27 +02:00
sinavir
1a05ea3a9a feat(krz01): Move to lab-infra repo 2024-10-18 11:53:32 +02:00
113c83bb9c
feat: laptop change and smartphone add to authorized MACs 2024-10-18 11:12:14 +02:00
sinavir
3c445ab4c7 feat(networking): Add a bridge to connect VMs to the world 2024-10-17 17:56:09 +02:00
sinavir
492fe550d9 chore(krz01): Put all ollama/whisper stuff in separate modules 2024-10-17 15:47:10 +02:00
sinavir
a02da5f496 chore(proxmox-nixos): Update 2024-10-17 15:34:11 +02:00
db5859e472
feat(web03): Initial deployment of django-apps 2024-10-17 15:11:43 +02:00
b6cbf6e918
feat(infra): Deploy web03 2024-10-16 11:08:24 +02:00
06653220bb
fix(kanidm): Revert switch to simpleProxies
As we proxy to an https endpoint, this was not supported
2024-10-12 22:11:34 +02:00
2f06f22ac7 feat(nginx): Switch to simpleProxies for the majority of configs 2024-10-12 20:00:54 +02:00
af61ae6e61 feat(dgn-web): Add simpleProxies
This proxies the required host to localhost:$port and enables SSL
2024-10-12 20:00:54 +02:00
f819acf9bc
feat(forgejo): 7 days sessions 2024-10-12 19:52:21 +02:00
f20353b727 fix(storage01): pass through the admin API of Garage
not the web API!

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:52:22 +02:00
a4de5f4d31 feat(krz01): move ollama to compute01 via a reverse proxy
krz01 has no public web IP.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:40:56 +02:00
363f8d3c67 fix(krz01): open 80/443 for ACME
Oopsie!

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:20:28 +02:00
12b20e6acf feat(storage01): add monorepo-terraform-state.s3.dgnum.eu
This is required to bootstrap the Terranix setup.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:13:11 +02:00
de6742aa0d feat(storage01): add s3-admin.dgnum.eu
This is the administration endpoint of the S3, you can create new
buckets and more, from there.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:13:11 +02:00
d76e655174 feat(krz01): add a NGINX in front of ollama protected by password
This way, you can do direct requests to ollama from other places.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 16:43:33 +02:00
dae3b7c7f6
fix(web02): Remove test user 2024-10-10 09:41:58 +02:00
1e71ef3636
feat(users): Add root passwords and deactivate mutableUsers 2024-10-10 09:23:19 +02:00
5b271b7b4a
feat(nat): enabling for dgnum members for tests 2024-10-10 00:00:56 +02:00
93c47f47be
fix: laptop change 2024-10-09 23:47:29 +02:00
6c4099d369 feat(infra): Internalize nix-lib, and make keys management simpler 2024-10-09 18:58:46 +02:00
34640d467b feat(krz01): finish ollama integration and whisper.cpp
My sanity was used in the process.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-09 13:59:05 +02:00
4bedb3f497 feat(krz01): move the GPU stuff to the host for now
We also add a K80 specific patch for ollama.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-09 09:33:57 +02:00
8160b2762f feat(krz01): passthrough the nVidia Tesla K80 in ml01
This way, no need for reboot.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-09 09:33:57 +02:00
ebed6462f6 feat(krz01): introduce ML01 -- a machine learning VM
I will add ollama on it later on and passthrough the GPU in there.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-09 09:33:57 +02:00
e200ae53a4
feat(proxmox): Revert the disabling 2024-10-08 20:59:34 +02:00
3aeae4e33f feat(krz01): add basic microvm exprs
For a router01.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-08 17:14:23 +02:00
4d689fee33 feat(krz01): enable proprietary drivers for nVidia
For the Tesla K80.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-08 16:58:47 +02:00
862f004e3c fix(krz01): disable proxmox for now
Until #139 is merged.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-08 16:40:18 +02:00
sinavir
da40fa9b3d fix(krz01): Fix root password hash 2024-10-08 16:05:19 +02:00
sinavir
39f5cad75d feat(krz01): Proxmox 2024-10-08 13:59:28 +02:00
sinavir
a194da9662 fix(krz01): Enable netbird 2024-10-08 12:51:57 +02:00
sinavir
70c69346fb feat(krz01): init 2024-10-08 12:35:59 +02:00
sinavir
bdf0e4cf7a feat(binary-cache): Add some hints on how to configure the cache 2024-10-06 23:57:57 +02:00
e4fc6a0d98
chore(npins): Update 2024-10-06 22:21:07 +02:00
8769d6738e
fix(cas-eleves): Remove dependency on pytest-runner 2024-10-06 18:40:48 +02:00
7d24e2dfc1
feat(dgsi): Update, with SAML provisional auth 2024-10-06 18:40:48 +02:00
sinavir
38231eb6e0 feat(attic): Bye bye attic 2024-10-06 18:33:04 +02:00
sinavir
e70d0be931 chore(garage): update 2024-10-02 19:20:17 +02:00
sinavir
53379c88de feat(pub.dgnum.eu): Add a redirect toward instagram 2024-09-30 20:17:20 +02:00
sinavir
626577e2bc feat(redirections): Make it more flexible to allow temporary redirects 2024-09-30 20:17:20 +02:00
e12b8454fe
chore(dgsi): Update 2024-09-27 13:23:55 +02:00
176cff5e6d
feat(dgsi): Update source and settings 2024-09-26 15:23:43 +02:00
681155318b
fix(nextcloud): Don't use fast_shutdown 2024-09-26 14:05:40 +02:00
sinavir
5c8db3544c chore(ci): Make the CI happy 2024-09-26 13:45:06 +02:00
bdeb55f9ec
feat(dgsi): Make it work 2024-09-25 13:57:55 +02:00
2b75890752
feat(compute01): Deploy dgsi 2024-09-24 20:54:51 +02:00
sinavir
05f7be1983 fix(tvix-cache): Update the cache to a working version 2024-09-23 00:40:06 +02:00
sinavir
89d219fe8a feat(garage): Add hackens website 2024-09-22 00:52:04 +02:00
sinavir
9e7215b5b8 feat(hermes): Bridge more channels 2024-09-22 00:51:36 +02:00
859418b377 feat(chatops): init takumi
Takumi means "artisan" (in the sense of "master") in Japanese. It's an
accurate and efficient ChatOps for day-to-day operations of DGNum.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-09-20 21:50:15 +02:00
sinavir
f6253021d7 feat(nuit website): migrate to s3 2024-09-18 14:21:13 +02:00
99825b89ca
fix(stirling-pdf): Make it build again 2024-09-10 22:41:25 +02:00
595407c13b feat(ISP): enable SNAT on 5C:64:8E:F4:09:06
For testing purposes.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-09-08 12:32:56 +02:00
3b766e6a2b feat(ulogd): enabling ulogd 2024-09-08 12:21:08 +02:00
b8601b0782 feat(nat): desactivating on vlan-apro 2024-09-07 16:09:01 +02:00
605f7beda2
fix(uptime-kuma): Don't try to get the radius endpoint 2024-09-01 23:34:07 +02:00
fd0aeacff4
feat(firewall): Sunset fail2ban and switch to reaction 2024-09-01 22:51:56 +02:00
86c1018dc8
fix(web01): Add a redirection from bds.ens.fr/gestion2 to its new location 2024-09-01 15:48:35 +02:00
8a42e18d98
feat(k-radius): Use LE certificates instead of self-signed ones 2024-09-01 15:40:59 +02:00
3ca3ff8939 feat(radius): add AP secret for RADIUS auth requests
Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-08-31 22:38:35 +02:00
16f47ce227
feat(wordpress): Finish the migration of the BDS website 2024-08-31 00:36:19 +02:00
f5cc186ea1
feat(web01): Decomissionate kahulm 2024-08-30 18:44:58 +02:00
ccaa999adc
feat(wordpress): Prepare the migration 2024-08-30 10:08:12 +02:00
0d7b4efbd3 feat(kahulm): Added kahulm to web01 2024-08-17 18:00:30 +02:00
b3b21d1f96
feat(forgejo-runners): Switch to patched version of colmena
This allows to evaluate bridge01 in the CI
2024-08-14 18:56:11 +02:00
sinavir
c14e263b98 feat(tvix-store): Init 2024-07-29 14:31:42 +02:00
be128f6c3a
feat(kadenios): Fix build of static files and restore cas.eleves.ens.fr for authens 2024-07-28 14:30:03 +02:00
1216a0a780
feat(cas-eleves): Redirect from cas-eleves.dgnum.eu to cas.eleves 2024-07-28 14:10:42 +02:00
sinavir
f6c9137850 fix(signal-irc-bridge): make it work 2024-07-20 00:45:17 +02:00
23b2a19494
feat(kadenios): Don't include dev dependencies in the environment 2024-07-19 11:24:21 +02:00
ce64be6e79
Revert "fix(web02): Don't be too fast"
This reverts commit a6c3b42ad9.
2024-07-12 19:13:04 +02:00
a6c3b42ad9
fix(web02): Don't be too fast 2024-07-12 11:02:04 +02:00
680682f520
feat(bridge02): Initialize and add instructions to the README 2024-07-10 17:31:04 +02:00
4bc2ebf429 feat(web02): Switch to cas.eleves.ens.fr for the cas server 2024-07-10 14:15:24 +02:00
1bf5ad93a2 feat(kadenios): Add management script 2024-07-09 14:52:01 +02:00
954ba45281 feat(web02): Deploy kadenios on vote.dgnum.eu 2024-07-09 10:47:30 +02:00
59aaf015dd chore(cas-eleves): There is no real build phase 2024-07-09 10:46:58 +02:00
411795c664
fix(routing): clean icmp storm 2024-07-08 20:38:01 +02:00
dce439fcca
fix(shitty-oob): Drop user vlans when no-uplink 2024-07-08 20:38:00 +02:00
37a18c0347
feat(nat): Enable nat (with ip_forward) 2024-07-08 20:38:00 +02:00
a00833c682 fix(cas-eleves): Fix the build of django-cas-server 2024-07-08 16:23:12 +02:00
adf62b0534 feat(web02): Switch to nix-pkgs for python modules 2024-07-07 13:56:10 +02:00
7092c4e9c3 fix(attic): Don't use the same port as prometheus 2024-07-06 11:59:58 +02:00
d553d6efe7 fix(stirling-pdf): Vendor patches and update version 2024-07-06 11:36:54 +02:00
9f7ddf2adf feat(nextcloud): Update collabora and settings 2024-07-05 18:44:49 +02:00
5279356835 feat(nextcloud): Upgrade to 29 2024-07-05 16:15:27 +02:00
8b3747fd22 fix(web02): Once more 2024-07-05 16:09:04 +02:00
38f6151fbb fix(web02): Don't let the CI choke 2024-07-05 15:31:57 +02:00
sinavir
f637ae9ea8 fixup! feat: Upgrade machines to nixos-24.05 2024-07-05 10:54:33 +02:00
ac09d221ad feat: Upgrade machines to nixos-24.05 2024-07-05 10:54:33 +02:00