- Jul 16, 2024
-
-
Zen Fu authored
refs sysadmin#18123
-
Zen Fu authored
Mistakenly introduced in parent commit. refs sysadmin#18123
-
Zen Fu authored
refs sysadmin#18123
-
- Jul 09, 2024
-
-
Zen Fu authored
refs sysadmin#18093
-
- Jul 03, 2024
-
-
Zen Fu authored
We now deploy the website using the private network and don't need a public SSH port anymore. refs sysadmin#17364
-
Zen Fu authored
refs sysadmin#17364
-
Zen Fu authored
refs sysadmin#17364
-
Zen Fu authored
-
Zen Fu authored
-
Zen Fu authored
Restic has been using to much disk space, let's see if Borg improves this.
-
Zen Fu authored
refs sysadmin#18072
-
Zen Fu authored
refs sysadmin#18072
-
- Jul 01, 2024
-
-
groente authored
-
- Jun 28, 2024
-
-
Zen Fu authored
refs sysadmin#17364 sysadmin#18084
-
- Jun 26, 2024
-
-
Zen Fu authored
The port we were previously attempting to use (3008) is already occupied by a redirector to a isotester SSH. refs sysadmin#17364
-
Zen Fu authored
refs sysadmin#17364
-
Zen Fu authored
Not needed anymore, the website will now be built via GitLab CI. refs sysadmin#17364
-
- Jun 11, 2024
-
-
Zen Fu authored
refs sysadmin#18084
-
Zen Fu authored
We want to give a lot of trust to our container images and one of the issues is that there's no DNSSEC for *.tails.boum.org, which makes us succeptible to attacks such as DNS poisoning. Let's then pin the registry IP in our GitLab Runner nodes as a workaround. refs sysadmin#18084
-
- Jun 06, 2024
-
-
Zen Fu authored
This time, lock the Runner to a specific project (sysadmin-team/container-images, in this case) and only allow running tagged jobs.
-
- Jun 04, 2024
-
-
Zen Fu authored
refs sysadmin#17364
-
Zen Fu authored
refs sysadmin#17364
-
Zen Fu authored
This is needed in order to build our own container images using Docker-in-Docker. refs sysadmin#17364
-
- May 31, 2024
-
-
groente authored
-
Zen Fu authored
refs sysadmin#18092
-
- May 30, 2024
- May 27, 2024
- May 17, 2024
-
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
We need dns.lizard to be able to check if the website is up via IP, but right now the VMs of lizard can't see the public IP of lizard. Let's trick the VM into thining it's talking to the public IP, but redirect requests to the private IP of www.lizard. refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-
Zen Fu authored
refs sysadmin#16956
-