Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-18 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-18 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-27 | space_server: move sudo tasks to fedora role | Emil Renner Berthing | |
..to align with debian role | |||
2019-05-02 | space_server: renumber Fiberby link | Asbjørn Sloth Tønnesen | |
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
2019-04-03 | space_server: named: support dynamic updates | Emil Renner Berthing | |
..of the dhcp zone and reverse dns for 10.42.0.0/16 This way the dhcp daemon can add entries when it handles out leases. | |||
2019-04-02 | space_server: named: create reverse ipv4 zone | Emil Renner Berthing | |
2019-04-01 | space_server: named: use named instead of unbound | Emil Renner Berthing | |
This reverts commit 3b795796bd03488a385f3ad42b10b8c0d61282c1, "space_server: unbound: use unbound instad of bind". Unlike unbound, bind supports synthesizing DNS64 answers only for certain clients, so only requests from the Labitat NAT64 network will get DNS64 answers. | |||
2019-01-10 | space_server: fix one last reference to the old prefix | Asbjørn Sloth Tønnesen | |
Fixes: 78688483 space_server: add Asbjorn's colo addresses and net | |||
2018-12-05 | space_server: enable NAT64/DNS64 network | Emil Renner Berthing | |
2018-12-05 | space_server: avahi: ask myhostname 2nd | Emil Renner Berthing | |
2018-12-05 | space_server: unbound: create /etc/resolv.conf | Emil Renner Berthing | |
2018-12-03 | space_server: networkd: announce proper DNS on mgt | Emil Renner Berthing | |
2018-12-03 | space_server: networkd: disable ARP on untagged interface | Emil Renner Berthing | |
2018-11-30 | space_server: networkd: small cleanups | Emil Renner Berthing | |
2018-11-30 | space_server: use systemd-network for RAs | Emil Renner Berthing | |
..rather radvd | |||
2018-11-30 | space_server: networkd: use Link.RequiredForOnline | Emil Renner Berthing | |
..rather than overriding ExecStart to call networkd-wait-online with --ignore | |||
2018-11-28 | space_server: nat Labitat free from 185.38.175.1 | Emil Renner Berthing | |
2018-11-28 | space_server: add Asbjorn's colo addresses and net | Asbjørn Sloth Tønnesen | |
2018-11-28 | space_server: nftables: accept all traffic to colo nets | Emil Renner Berthing | |
..but don't let colo servers connect to internal addresses. | |||
2018-11-24 | space_server: networkd: smarter set difference | Emil Renner Berthing | |
2018-11-22 | space_server: radvd: up DNS server valid time | Emil Renner Berthing | |
2018-11-10 | space_server: replace blackhole script | Emil Renner Berthing | |
2018-11-10 | space_server: update for Fedora 29 | Emil Renner Berthing | |
2018-11-10 | space_server: drop uneccessary subdirs | Emil Renner Berthing | |
2018-11-06 | space_server: add spacebrain.labitat.dk | Asbjørn Sloth Tønnesen | |
2018-10-27 | space_server: radius: use python for ASSHA auth | Emil Renner Berthing | |
..rather than our own patched radiusd | |||
2018-10-11 | Migrate to new ipv6 prefix | Emil Renner Berthing | |
..to avoid overlapping /32 announced by DKUUG. | |||
2018-09-30 | Make it easier to run locally | Emil Renner Berthing | |
Now you just need ansible-playbook <playbook> when running ansible from your workstation. However when running ansible on the target machine it's a good idea to add "-clocal". Otherwise ansible will ssh to itself :/ |