Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
git subrepo commit (merge) float
See merge request leap/container-platform/lilypad!58
|
|
closes !56 !55
|
|
|
|
subrepo:
subdir: "float"
merged: "1d127174"
upstream:
origin: "https://git.autistici.org/ai3/float.git"
branch: "master"
commit: "c2c4ad89"
git-subrepo:
version: "0.4.3"
origin: "git@github.com:ingydotnet/git-subrepo"
commit: "2f68596"
|
|
subrepo:
subdir: "float"
merged: "aa47bbbf"
upstream:
origin: "https://git.autistici.org/ai3/float.git"
branch: "master"
commit: "4251afa4"
git-subrepo:
version: "0.4.1"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "a04d8c2"
|
|
Dont deactivate non-existing kernel module
Closes #53
See merge request leap/container-platform/lilypad!54
|
|
kernel.unprivileged_userns_clone doesn't exist in some cloud providers
or non-debian kernels. I'm not entirely sure if it's best to add it this
way, testing if /proc/sys/kernel/unprivileged_userns_clone exists could
be another way.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It was possible for the `provider` service to not get an updated provider.json
when it is generated if it is scheduled on a different backend than `vpnweb`,
because it didn't have its own role to apply that template. This fixes that
missing piece for the `provider` service.
However, because the provider role and the vpnweb both need to be able to
reference the templates that are rendered by simplevpn, this abstracts that into
its own role so both can use it.
|
|
|
|
If clients connect with, for example, 'CN=UNLIMITED4rlkwpr0kitv5umpy34m933ko' they
should be allowed to verify the same as if they connect with 'CN=UNLIMITED'.
|
|
If it is not set, it should default to the 'api' endpoint.
Note, this requires https://git.autistici.org/ai3/float/-/merge_requests/266
|
|
These rae already defined in site.yml, no sense in importing them again.
|
|
For transition from the old platform, it can be useful to have the vpnweb
respond to another domain. For example, calyx responds now on api.calyx.net,
however the vpnweb with lilypad will appear on api.vpn.calyx.net. With this
change it is possible to configure `custom_vpn_web_domains: [api.calyx.net]` to
have it available there as well.
|
|
Fix Go dependency install instructions in README
See merge request leap/container-platform/lilypad!53
|
|
|
|
The instructions did not work, and rather than giving people multiple ways to do
things, just show how to do it the best way.
|
|
Prior to Go 1.17 the "go get" command was overloaded to install library
dependencies and applications. As of Go 1.17 installing applications
with it results in a warning, and as of Go 1.18 it will no longer be
used to install applications.
This patch updates the readme to use "go install" instead.
TL;DR — "go get" updates module dependencies, "go install" builds
binaries and sticks them in $GOBIN.
Signed-off-by: Sam Whited <sam@samwhited.com>
|
|
MENSHEN_API now needs explicit https:// prefix
See merge request leap/container-platform/lilypad!52
|
|
this is required as of
https://0xacab.org/leap/menshen/-/commit/fa1e4442d7f32c82521b2a3e7266ab77e8669a4e
|
|
Add note to README.md about the location names
See merge request leap/container-platform/lilypad!51
|
|
VPN: use first ipv4 and ipv6 found in host['ips'] to determine ingress IPs put in eip-service.json
See merge request leap/container-platform/lilypad!50
|
|
put in eip-service.json
|
|
|
|
subrepo:
subdir: "float"
merged: "c75bee81"
upstream:
origin: "https://git.autistici.org/ai3/float.git"
branch: "master"
commit: "c75bee81"
git-subrepo:
version: "0.4.1"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "a04d8c2"
|
|
. test env ansible needs to have the action plugins available
. specify default variable for when vpnweb_auth is empty
. remove example openvpn_tcp_network6
. don't run leap-prometheus role
. ensure roles are added to hosts in test environment
. set a specific MENSHEN_API for CI builds
. allow for an insecure http API call for internal tests
Update .gitlab-ci.yml for fixing test builds:
. Replace the copy with built-in --additional-config flags
. Set the vpn gateway Location in the inventory automatically
. Bring in a pre-fabricated site.yml that will work for CI
. Remove the backend group from the vpn host3
|
|
|
|
|
|
subrepo:
subdir: "float"
merged: "f1ee5fa4"
upstream:
origin: "https://git.autistici.org/ai3/float.git"
branch: "master"
commit: "f1ee5fa4"
git-subrepo:
version: "0.4.1"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "a04d8c2"
|
|
If the openvpn role is applied before the kresd role, then the requisite bind
mounted /etc/knot-resolver directory, that is required for the openvpn container
to start, will not exist when the role attempts to do the systemd restart,
causing a failure.
|
|
|
|
|
|
|
|
|
|
This is required as of
https://0xacab.org/leap/menshen/-/commit/8acd8591a8be49c1303560526d280c6810702a6e
|
|
|