aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files
AgeCommit message (Collapse)Author
2021-06-18space_server: bird: set communities on importAsbjørn Sloth Tønnesen
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers.
2021-06-18space_server: bird: prepare large communitiesAsbjørn Sloth Tønnesen
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195
2021-06-18space_server: bird: asbjorn: enable TTL securityAsbjørn Sloth Tønnesen
2021-06-18space_server: bird: fiberby: enable TTL securityAsbjørn Sloth Tønnesen
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082
2021-06-18space_server: bird: fix prefix errorHEADmasterHafnium
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil
2021-06-17space_server: bird: add bgp peering for Hafnium/AS211153Hafnium
Commit message and nftables rule fixed up by Esmil
2021-01-29space_server: chrony: start chrony after we're onlineEmil Renner Berthing
2021-01-22space_server: named: add trust-ad option to resolv.confEmil Renner Berthing
2021-01-19space_server: radius: use letsencrypt certificateEmil Renner Berthing
2021-01-19space_server: certbot: get space.labitat.dk certificateEmil Renner Berthing
2021-01-19space_server: ssh: add config for switchesEmil Renner Berthing
2021-01-19space_server: chrony: run chrony ntp serverEmil Renner Berthing
2021-01-17space_server: update for Fedora 33Emil Renner Berthing
2020-10-17space_server: nftables: drop spoofed incoming trafficEmil Renner Berthing
Discovered by IMAAL Research Lab, Brigham Young University, thank you.
2020-08-13space_server: add labicolo ipv6 range for EsmilEmil Renner Berthing
2020-06-19space_server: radius: update radiusd.confEmil Renner Berthing
2020-03-21space_server: networkd: set NTP server on wan interfaceEmil Renner Berthing
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers.
2020-03-20space_server: nftables: remove traffic stats rulesEmil Renner Berthing
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole.
2020-03-14space_server: nftables: add graffens prefixes to nftablesJesper Hess Nielsen
2020-03-14space_server: bird: add ipv4 BGP session for graffenJesper Hess Nielsen
2020-03-11space_server: bird: add bgp peering for graffen/AS209616Jesper Hess Nielsen
2020-03-07space_server: nftables: forward space.labitat.dk:17380 to jumbotronEmil Renner Berthing
2020-02-29space_server: update to Fedora 31Emil Renner Berthing
2020-02-29space_server: networkd: set Scope=link link addressesEmil Renner Berthing
2020-02-27space_server: move sudo tasks to fedora roleEmil Renner Berthing
..to align with debian role
2019-05-02space_server: renumber Fiberby linkAsbjørn Sloth Tønnesen
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
2019-04-03space_server: named: support dynamic updatesEmil Renner Berthing
..of the dhcp zone and reverse dns for 10.42.0.0/16 This way the dhcp daemon can add entries when it handles out leases.
2019-04-02space_server: named: create reverse ipv4 zoneEmil Renner Berthing
2019-04-01space_server: named: use named instead of unboundEmil Renner Berthing
This reverts commit 3b795796bd03488a385f3ad42b10b8c0d61282c1, "space_server: unbound: use unbound instad of bind". Unlike unbound, bind supports synthesizing DNS64 answers only for certain clients, so only requests from the Labitat NAT64 network will get DNS64 answers.
2019-01-10space_server: fix one last reference to the old prefixAsbjørn Sloth Tønnesen
Fixes: 78688483 space_server: add Asbjorn's colo addresses and net
2018-12-05space_server: enable NAT64/DNS64 networkEmil Renner Berthing
2018-12-05space_server: avahi: ask myhostname 2ndEmil Renner Berthing
2018-12-05space_server: unbound: create /etc/resolv.confEmil Renner Berthing
2018-12-03space_server: networkd: announce proper DNS on mgtEmil Renner Berthing
2018-12-03space_server: networkd: disable ARP on untagged interfaceEmil Renner Berthing
2018-11-30space_server: networkd: small cleanupsEmil Renner Berthing
2018-11-30space_server: use systemd-network for RAsEmil Renner Berthing
..rather radvd
2018-11-30space_server: networkd: use Link.RequiredForOnlineEmil Renner Berthing
..rather than overriding ExecStart to call networkd-wait-online with --ignore
2018-11-28space_server: nat Labitat free from 185.38.175.1Emil Renner Berthing
2018-11-28space_server: add Asbjorn's colo addresses and netAsbjørn Sloth Tønnesen
2018-11-28space_server: nftables: accept all traffic to colo netsEmil Renner Berthing
..but don't let colo servers connect to internal addresses.
2018-11-24space_server: networkd: smarter set differenceEmil Renner Berthing
2018-11-22space_server: radvd: up DNS server valid timeEmil Renner Berthing
2018-11-10space_server: replace blackhole scriptEmil Renner Berthing
2018-11-10space_server: update for Fedora 29Emil Renner Berthing
2018-11-10space_server: drop uneccessary subdirsEmil Renner Berthing
2018-11-06space_server: add spacebrain.labitat.dkAsbjørn Sloth Tønnesen
2018-10-27space_server: radius: use python for ASSHA authEmil Renner Berthing
..rather than our own patched radiusd
2018-10-11Migrate to new ipv6 prefixEmil Renner Berthing
..to avoid overlapping /32 announced by DKUUG.
2018-09-30Make it easier to run locallyEmil Renner Berthing
Now you just need ansible-playbook <playbook> when running ansible from your workstation. However when running ansible on the target machine it's a good idea to add "-clocal". Otherwise ansible will ssh to itself :/