Commits · 7c514cfc04733753248b83fcc23537dc7a8cc9a1 · PrivateStorage / PrivateStorageio

Aug 11, 2021
- typo · 7c514cfc
  Florian Sesser authored 3 years ago
  
  7c514cfc
- Move existing database if it exists · cf7041c5
  Florian Sesser authored 3 years ago
  
  cf7041c5
- Set mode for stateDirectory · d3081ce5
  Florian Sesser authored 3 years ago
  
  d3081ce5
- Make systemd create a directory for our state · 316da060
  Florian Sesser authored 3 years ago
  
  316da060
Aug 10, 2021
- Add zkapissuer user and group and make PaymentServer run as it · c0410bb7
  Florian Sesser authored 3 years ago
  
  c0410bb7
- Use default cipher list · 8a25df13
  Florian Sesser authored 3 years ago
  
  8a25df13
- Pull internal payment server port number 1061 out into a variable · c6ada17a
  Florian Sesser authored 3 years ago
  
  ... so it can be used in the nginx config instead of duplicating the number
  c6ada17a
Aug 09, 2021
- Undo more changes that we don't need anymore · 260c50f5
  Florian Sesser authored 3 years ago
  
  260c50f5
- Typo · de6d0c0e
  Florian Sesser authored 3 years ago
  
  de6d0c0e
- Move NGINX proxy from morph/../customize-issuer to nixos/../issuer · a43647e8
  Florian Sesser authored 3 years ago
  
  As per @jcalderone and @florian videoconf on 2021-08-06. - Remove custom handling of Let's Encrypt certs, use NixOs' ACME integration instead. - Use NGINX for TLS termination.
  a43647e8
Aug 05, 2021
- PaymentServer: Allow only IPs from monitoringvpn to access /metrics · c0d22207
  Florian Sesser authored 3 years ago
  
  NGINX does longest-prefix-match for selecting locations.
  c0d22207
- The tests I had in mind don't work with only issuer.nix imported · 5367c8fa
  Florian Sesser authored 3 years ago
  
  5367c8fa
- Restart nginx to make it listen on our fauxvpn interface · 61dc164f
  Florian Sesser authored 3 years ago
  
  Tryfix. Can't run this locally ATM.
  61dc164f
- (Try)fix system tests by adding an alias interface with the right IP · bf89edc3
  Florian Sesser authored 3 years ago
  
  System tests do currently not include testing our monitoringvpn wireguard setup, so let's just add the required IP by an alias to the lo interface.
  bf89edc3
Aug 04, 2021

Add tests for metrics endpoint accessibility by IP · 4e8b9e89

Florian Sesser authored 3 years ago

This should fail currently, since metrics are still public.
Also, I couldn't test this code locally, since I currently run VirtualBox VMs
on my dev box. I'll just see what CI says to this code.

4e8b9e89

Aug 03, 2021
- Add an NGINX reverse proxy in front · 6da20940
  Florian Sesser authored 3 years ago
  
  6da20940
- Make issuer ports configurable · 706a9586
  Florian Sesser authored 3 years ago
  
  706a9586
Jul 29, 2021

Merge branch '222.automatically-renew-payment-certificate' into 'develop' · 66350e7b
Jean-Paul Calderone authored 3 years ago
```
Add a timer service to periodically trigger the cert renewal service

Closes privatestorageops#222

See merge request !143
```
66350e7b

Use the NixOS `startAt` configuration option · bcabf1fe

Jean-Paul Calderone authored 3 years ago

This causes NixOS to generate the systemd timer unit for us and saves us
having to explain a lot of subtle systemd features.

It does pin execution to midnight on Monday but scaling to handle load spikes
is Let's Encrypt's problem, I guess.

bcabf1fe

Jul 28, 2021
- Merge branch 'add-sshUsers-to-monitoring' into 'develop' · 30e98750
  Jean-Paul Calderone authored 3 years ago
  
  Add ssh.nix to monitoring systems See merge request !142
  30e98750
- Add a timer service to periodically trigger the cert renewal service · 63ab6ce0
  Jean-Paul Calderone authored 3 years ago
  
  63ab6ce0
- Add ssh.nix to monitoring as well · 1e50e395
  Florian Sesser authored 3 years ago
  
  1e50e395
Jul 20, 2021
- Merge branch 'monitoring-set-admin-pw' into 'develop' · 1b7252b5
  Jean-Paul Calderone authored 3 years ago
  
  Monitoring: Set admin PW See merge request !123
  1b7252b5
- note about public parts · d47a8798
  Jean-Paul Calderone authored 3 years ago
  
  d47a8798
- write some more words about secrets · a402ca80
  Jean-Paul Calderone authored 3 years ago
  
  a402ca80
- Statically configure a password for localdev Grafana admin · cf734f31
  Jean-Paul Calderone authored 3 years ago
  
  cf734f31
Jul 19, 2021
- Merge branch '77.deployment-key-whitespace' into 'develop' · 0c2ed62e
  Jean-Paul Calderone authored 3 years ago
  
  Fix deployment key whitespace Closes #77 See merge request !138
  0c2ed62e
- Fix the ssh key decoding problem · 986c3eb9
  Jean-Paul Calderone authored 3 years ago
  
  986c3eb9
- move all of the grid deploy stuff into the shell script · 5290d08b
  Jean-Paul Calderone authored 3 years ago
  
  This makes it easier to test outside of GitLab and it also means we don't depend on whatever wacko shell settings we inherit from GitLab.
  5290d08b
- Merge branch '76.deploy-key-decoding' into 'develop' · f7904606
  Jean-Paul Calderone authored 3 years ago
  
  Use a new variable which actually holds a path Closes #76 See merge request !136
  f7904606
- Use a new variable which actually holds a path · 397d667c
  Jean-Paul Calderone authored 3 years ago
  
  397d667c
- Merge branch '75.deploy-key-permissions' into 'develop' · b98dcb77
  Jean-Paul Calderone authored 3 years ago
  
  Remove group and other permissions from the deploy key Closes #75 See merge request !134
  b98dcb77
- Remove group and other permissions from the deploy key · 8dd00d39
  Jean-Paul Calderone authored 3 years ago
  
  8dd00d39
- Merge branch '74.update-deployment-exit-status' into 'develop' · a816c534
  Jean-Paul Calderone authored 3 years ago
  
  Propagate morph success/failure out of update-deployment Closes #74 See merge request !132
  a816c534
- Propagate morph success/failure out of update-deployment · 7b398fd1
  Jean-Paul Calderone authored 3 years ago
  
  7b398fd1
- Merge branch '71.ssh-known_hosts-files' into 'develop' · 0fa5dcc0
  Jean-Paul Calderone authored 3 years ago
  
  Burn in some SSH host key knowledge Closes #71 See merge request !130
  0fa5dcc0
- Merge remote-tracking branch 'origin/develop' into 71.ssh-known_hosts-files · 210b1dc2
  Jean-Paul Calderone authored 3 years ago
  
  210b1dc2
- Merge branch '72.bounded-NIX_PATH' into 'develop' · d1d42ecb
  Jean-Paul Calderone authored 3 years ago
  
  Bounded NIX_PATH Closes #72 See merge request !131
  d1d42ecb
- Point NIX_PATH at a source tree containing our desired version of nixpkgs · 9b2cd793
  Jean-Paul Calderone authored 3 years ago
  
  We can't point it at a Nix expression that evaluates to our desired version of nixpkgs because certain consumers want it to be a filesystem path instead.
  9b2cd793
- Use nixpkgs-2105 from out checkout instead of passing a path around · d9852965
  Jean-Paul Calderone authored 3 years ago
  
  This is what we wanted and much more directly. It also avoids the gradual lengthening of the path by always setting the path to nixpkgs-2105 instead of some derivative of whatever the path was last time.
  d9852965