aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/networkd
AgeCommit message (Collapse)Author
2021-09-06space_server: add dedicated VLAN for Tor exit nodesnew-tor-exit-rangeAsbjørn Sloth Tønnesen
Move the Tor exit nodes to their own VLAN, and their own address space. Background for move ------------------- For the first Tor exit node, we where able to create inet6num object 2a01:4262:1ab:20::71/128. So we could assign a specific Tor abuse contact. When we added the second node it was no longer possible to create /128 inet6num objects, but only up to /64. We therefore need to move our Tor exit nodes to a dedicated address space. Connection tracking ------------------- Connection tracking is quite expensive, so it's better to only do it for Tor traffic, when we actually need it, which is only when internal clients need to access the servers. In the future conntrack could also be disabled for labicolo in general. Current stats ~~~~~~~~~~~~~ [root@space ~]# grep -v '185\.38\.175\.7[12] ' /proc/net/nf_conntrack | grep -v '2a01:4262:01ab:0020:0000:0000:0000:007[12]' | wc -l 4071 [root@space ~]# wc -l /proc/net/nf_conntrack 39138 /proc/net/nf_conntrack Currently 4071 out of 39138 connections are not Tor related. Also reading /proc/net/nf_conntrack is quite slow atm.: [root@space ~]# time cat /proc/net/nf_conntrack > /dev/null real 0m35.097s user 0m0.010s sys 0m28.114s Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
2020-08-13space_server: add labicolo ipv6 range for EsmilEmil Renner Berthing
2020-03-21space_server: networkd: set NTP server on wan interfaceEmil Renner Berthing
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers.
2020-02-29space_server: update to Fedora 31Emil Renner Berthing
2020-02-29space_server: networkd: set Scope=link link addressesEmil Renner Berthing
2019-05-02space_server: renumber Fiberby linkAsbjørn Sloth Tønnesen
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
2019-01-10space_server: fix one last reference to the old prefixAsbjørn Sloth Tønnesen
Fixes: 78688483 space_server: add Asbjorn's colo addresses and net
2018-12-05space_server: enable NAT64/DNS64 networkEmil Renner Berthing
2018-12-03space_server: networkd: announce proper DNS on mgtEmil Renner Berthing
2018-12-03space_server: networkd: disable ARP on untagged interfaceEmil Renner Berthing
2018-11-30space_server: networkd: small cleanupsEmil Renner Berthing
2018-11-30space_server: use systemd-network for RAsEmil Renner Berthing
..rather radvd
2018-11-30space_server: networkd: use Link.RequiredForOnlineEmil Renner Berthing
..rather than overriding ExecStart to call networkd-wait-online with --ignore
2018-11-28space_server: nat Labitat free from 185.38.175.1Emil Renner Berthing
2018-11-28space_server: add Asbjorn's colo addresses and netAsbjørn Sloth Tønnesen
2018-11-24space_server: networkd: smarter set differenceEmil Renner Berthing
2018-11-10space_server: drop uneccessary subdirsEmil Renner Berthing
2018-11-06space_server: add spacebrain.labitat.dkAsbjørn Sloth Tønnesen
2018-10-11Migrate to new ipv6 prefixEmil Renner Berthing
..to avoid overlapping /32 announced by DKUUG.
2017-11-25space_server: bird: add preferred sourceEmil Renner Berthing
..to default routes
2017-11-20space_server: networkd: use drop-in file for wait-onlineEmil Renner Berthing
The trick to overwriting the ExecStart option is to clear it first with ExecStart=
2017-11-17space_server: enable IPv6 on the free wifiEmil Renner Berthing
2017-11-13space_server: networkd: use fe80::1 link-local addressEmil Renner Berthing
..on lan interfaces with IPv6
2017-11-12initial commitEmil Renner Berthing
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-23 01:45:02 +0000