| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-04-21 | users: graffen: remove | Emil Renner Berthing | |
| RIP :( | |||
| 2023-04-21 | space_server: bird: remove Graffen's BGP config | Emil Renner Berthing | |
| RIP :( | |||
| 2023-04-14 | users: otbm: added | Emil Renner Berthing | |
| Added user for Oliver to debug jumbotron bell | |||
| 2023-04-11 | space_server: networkd: remove unneded IPv6RoutePrefix'es | Emil Renner Berthing | |
| 2023-04-11 | space_server: networkd: disable ARP on physical interfaces | Emil Renner Berthing | |
| 2023-04-08 | space_server: radius: dh_file no longer needed | Emil Renner Berthing | |
| 2023-04-08 | space_server: disable pam_sss plugin | Emil Renner Berthing | |
| 2023-04-08 | space_server: bird: add /44 IPv6 prefix for Hafnium | Hafnium | |
| 2023-04-08 | space_server: networkd: update IPv6 RA config | Hafnium | |
| 2023-04-08 | space_server: named: remove obsolete dnssec-enable | Hafnium | |
| 2023-03-26 | space_server: chrony: Enable NTS server | Emil Renner Berthing | |
| 2023-03-26 | space_server: chrony: Use Netnod NTP servers in Malmö | Emil Renner Berthing | |
| ..and add Fiberby's time server as backup too. | |||
| 2023-01-27 | sky: homepage: set up the frontpage of labitat.dk | Joshua Hull | |
| esmil: - use timer to update the homepage - git clone/update and install gems as the homepage user | |||
| 2023-01-27 | sky: certbot: configure certbot | Joshua Hull | |
| esmil: - don't install cron job, just use the packaged timer - install deploy hook to reload nginx when certificates are updated | |||
| 2023-01-27 | sky: add role for new labitat.dk server | Emil Renner Berthing | |
| 2023-01-27 | nginx: add common role for nginx | Joshua Hull | |
| esmil: - disable access log and log errors to syslog (journal really) use journalctl -u nginx to see the errors - hoist some configuration values into ansible variables - add tags and use a handler to reload nginx on configuration changes - make nginx do its DNS queries against our local resolved this enables nginx to use DNSSEC and DoT - don't start nginx before the network is up. if it can't do dns lookups ssl_stapling will be ignored | |||
| 2023-01-26 | space_server: nftables: NAT local traffic bound for colo if | Emil Renner Berthing | |
| 2023-01-25 | jumbotron: jumbotron: clean up git clone | Emil Renner Berthing | |
| 2023-01-25 | doorputer: lockserver: clean up git clone | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: libnss-myhostname is not needed | Emil Renner Berthing | |
| ..now that we always rely on systemd-resolved being up | |||
| 2023-01-24 | space_server: bird: don't reconfigure bird in chroot | Emil Renner Berthing | |
| 2023-01-24 | jumbotron: jumbotron: git clone/update as the jumbotron user | Emil Renner Berthing | |
| 2023-01-24 | doorputer: lockserver: git clone/update as the doorman user | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: always use resolved when enabled | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: install libnss-resolve by default | Emil Renner Berthing | |
| 2023-01-22 | users: esmil: force termcolors | Emil Renner Berthing | |
| 2023-01-21 | space_server: radius: restart radiusd on new certificates | Emil Renner Berthing | |
| Mushbie reports that Windows complains about out of date certificates even when certbot is running fine, so try restarting radiusd on new certificates rather than just telling it to reload its configuration. | |||
| 2023-01-19 | jumbotron: irssi: hide joins, parts, quits and nick changes | Emil Renner Berthing | |
| 2023-01-19 | users: joshbuddy: added | Joshua Hull | |
| 2022-12-02 | documentation: Add blackbox.labitat.dk to addressplan | Allover | |
| 2022-11-17 | users: richard: update ssh keys | Richard42Graham | |
| 2022-10-22 | fedora: sshd: only allow publickey authentication | Asbjørn Sloth Tønnesen | |
| "PasswordAuthentication no" only prevents password logins from ever being successful, but it still entertain clients with the possiblity of password logins. This reduces the offered authentication methods from: debug1: Authentications that can continue: publickey,password to just publickey: debug1: Authentications that can continue: publickey After which most bots just disconnects. Esmil: simplified so we only need one lineinfile stanza | |||
| 2022-10-15 | space_server: networkd: add LocIX connection | Hafnium | |
| systemd mechanics reworked by Esmil Co-developed-by: Emil Renner Berthing <esmil@labitat.dk> | |||
| 2022-10-14 | doorputer: users: add hafnium | Hafnium | |
| 2022-10-14 | space_server: users: give hafnium sudo permissions | Hafnium | |
| 2022-10-14 | users: remove rasmis | Emil Renner Berthing | |
| 2022-03-05 | space_server: bird: validate bird.conf | Emil Renner Berthing | |
| 2022-03-05 | space_server: bird: don't restart server | Emil Renner Berthing | |
| ..just reload configuration gracefully with 'configure soft' | |||
| 2022-03-05 | space_server: bird: update IPv4 filter for asbjorn | Asbjørn Sloth Tønnesen | |
| Just so that Esmil can test his Ansible changes. | |||
| 2022-03-05 | space_server: bird: update IPv6 filter for asbjorn | Asbjørn Sloth Tønnesen | |
| Use ipaddress/pxlen{low,high} syntax to allow all /48 prefixes that are covered by 2a10:2a80::/29. https://bird.network.cz/?get_doc&v=20&f=bird-5.html#type-set | |||
| 2022-02-28 | space_server: bird: add IPv6 prefix for Hafnium | Hafnium | |
| 2021-12-08 | users: hafnium: added | Hafnium | |
| 2021-12-08 | users: signout: remove old ssh key | Dennis Kjær Jensen | |
| 2021-09-27 | space_server: use local_hosts where possible | Emil Renner Berthing | |
| ..to make sure we keep ip addresses in sync everywhere | |||
| 2021-09-27 | space_server: vars: use dictionary for local_hosts | Emil Renner Berthing | |
| This allows us to look up info on specific hosts without searching through the whole list. | |||
| 2021-09-27 | space_server: vars: add space server | Emil Renner Berthing | |
| ..to provide space.s alias | |||
| 2021-09-26 | space_server: bird: add new prefix for Hafnium | Hafnium | |
| Add new prefix 2a0e:8f02:2190::/48 | |||
| 2021-09-14 | space_server: chrony: disable hardwae timestamping | Emil Renner Berthing | |
| ..which doesn't work now that wan is a vlan on bonded interface. | |||
| 2021-09-14 | space_server: networkd: bond all 3 gigabit ports | Asbjørn Sloth Tønnesen | |
| Before: - enp1s0: wan - enp2s0: lan (with VLANs) - enp3s0: mgt Changes in this patch: - wan is moved to VLAN id 5 - bond0 is created, replacing lan as lower device for VLANs - mgt config is removed (could be reconfigured as a VLAN, and made a available on a switch port) - all 3 ports are enslaved in bond0 From the switch towards the space server load-balance algorithm src-dst-ip* is used. From the space server towards the switch L3+L4 is used. Therefore a single IP pair will always use the same 1G from the swith to the space server, a client therefore needs to multiplex over multiple IPs in order to *) The src-dst-ip algorithm on the switch hasn't been tested with IPv6 yet. Hopefully we can find a better switch at some point, so we can include the L4 ports in the hashing on the switch. Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
| 2021-09-14 | space_server: vars: add new infraswitch | Asbjørn Sloth Tønnesen | |
| New* switch for terminating 10 Gbps uplink, with 3x1G LACP towards the space server, and 4x1G LACP towards the space switch. D-Link DGS-1510-28 Ethernet switch - 24x 10/100/1000 Mbps RJ45 port - 2x 1 Gbps SFP ports - 2x 10 Gbps SFP+ ports *) it was new in 2015, but the firmware was unusable back then. Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
 |
index : labitat-ansible | |
| Unnamed repository; edit this file 'description' to name the repository. |
| aboutsummaryrefslogtreecommitdiffstats |