- 21 Sep, 2022 8 commits
-
-
Zen Fu authoredrefs sysadmin#17740 refs sysadmin#17950
-
Zen Fu authored
refs sysadmin#17740
-
Zen Fu authored
The path to the dockerd executable is hardcoded in the docker Puppet module and differs from the path of the binary in the Debian package. Let's trick systemd by adding a symlink: /usr/bin/dockerd -> /usr/sbin/dockerd refs sysadmin#17740 -
Zen Fu authored
It's simpler to manage package instalation in our custom profile. refs sysadmin#17740
-
Zen Fu authored
The docker Puppet module tries to find a package declared with name "docker", but in Debian the package is called "docker.io". refs sysadmin#17740
-
Zen Fu authored
-
Zen Fu authored
refs sysadmin#17740
-
Zen Fu authored
refs sysadmin#17740
-
- 16 Sep, 2022 1 commit
-
-
Zen Fu authored
Our current use case mandates using a local image proxy cache (otherwise we quickly reach Docker Hub's daily download limits). Let's make this mandatory for now and avoid unneeded extra config in hiera. Bonus: wrap a few GitLab CI Runner params so we can configure them using the `tails::profile::gitlab_runner` namespace. refs sysadmin#17740
-
- 15 Sep, 2022 3 commits
-
-
Zen Fu authored
Each part of our infra has different needs for routing via the VPN. This commit changes the collection of VPN exported network routes to allow fore selection of which routes a node wants to collect. refs sysadmin#17950 refs sysadmin#17960
-
Zen Fu authored
We won't immediately have a Libvirt-based GitLab Runner in production, so let's temporarily disable tests that need it. refs sysadmin#17740
-
Zen Fu authored
refs sysadmin#17740
-
- 14 Sep, 2022 2 commits
-
-
groente authored
-
Zen Fu authored
refs sysadmin#17950
-
- 13 Sep, 2022 1 commit
-
-
Zen Fu authored
With this move, the VPN code is free from tails-specific data. refs sysadmin#17950
-
- 08 Sep, 2022 10 commits
-
-
Zen Fu authored
The netmask is already contained in the subnet. refs sysadmin#17950
-
Zen Fu authored
refs sysadmin#17950
-
Zen Fu authored
-
Zen Fu authored
refs sysadmin#17950
-
Zen Fu authored
The previous approach, using the network::route resource, doesn't work because the Tinc network is not brought up using ifupdown, which is the mechanism used by that resource. This change makes use of exported concat::fragment resources to configure the routes provided by other nodes. refs sysadmin#17950
-
Zen Fu authored
-
Zen Fu authored
refs sysadmin#17950
-
Zen Fu authored
refs sysadmin#17950
-
groente authored
-
groente authored
-
- 07 Sep, 2022 8 commits
-
-
Zen Fu authored
refs sysadmin#17950
-
Zen Fu authored
While at it: - Make SSH port configurable - Move SSH config template to EPP refs sysadmin#17950 -
Zen Fu authored
- Allow DHCP and DNS in guests subnet - Allow guests to access the Internet refs sysadmin#17950
-
Zen Fu authored
- Allow for purging unmanaged rules - Configure default policy for all internal firewall chains - Allow ICMP - Accept all traffic in loopback interface - Reject local traffic in other interfaces - Allow all outgoing traffic as well as all incoming established traffic refs sysadmin#17950
-
groente authored
-
groente authored
-
groente authored
-
groente authored
-
- 06 Sep, 2022 3 commits
- 05 Sep, 2022 4 commits
