Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-18 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-18 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-06-01 | space_server: vars: update foodputer mac address | Emil Renner Berthing | |
In a heroic effort Asbjørn has replaced the old broken foodputer. | |||
2021-06-01 | space_server: vars: add more convenient packages | Emil Renner Berthing | |
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-18 | fedora: handlers: add restart sshd handler | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerap1 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerswitch | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add description for switch | Emil Renner Berthing | |
..and remove wrong MAC address. The switch doesn't (and shouldn't) use dhcp. | |||
2020-11-17 | space_server: add static ips for pixelfluthafnium | Hafnium | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-06-01 | users: rasmis: added | Emil Renner Berthing | |
Add Rasmus so he can jump to the foodputer and read out the drinkomatic database. | |||
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-20 | users: graffen: added | Jesper Hess Nielsen | |
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-03-01 | space_server: radius: configure certificates | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-27 | roles: remove useless |bool filters | Emil Renner Berthing | |
This used to be a fix for some bogus warnings, but they seem to have gone in recent versions of Ansible | |||
2020-02-27 | space_server: show nicer loop items | Emil Renner Berthing | |
2020-02-27 | space_server: avahi: use shorter dict format | Emil Renner Berthing | |
2020-02-27 | space_server: move sudo tasks to fedora role | Emil Renner Berthing | |
..to align with debian role | |||
2020-02-27 | space_server: use common secrets.yml in ansible root | Emil Renner Berthing | |
..and generalize and move sshd tasks to fedora role. | |||
2020-02-27 | fedora: update for hash_behaviour = replace | Emil Renner Berthing | |
2020-02-23 | space_server: vars: add piscreen2.s | Emil Renner Berthing | |
2019-07-06 | roles: fix warnings about bare boolean variables | Emil Renner Berthing | |
2019-05-02 | space_server: renumber Fiberby link | Asbjørn Sloth Tønnesen | |
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
2019-04-11 | space_server: dhcpd: add timezone info | Emil Renner Berthing | |
2019-04-07 | space_server: dhcpd: only do ddns for sane hostnames | Emil Renner Berthing | |
2019-04-05 | space_server: named: allow local transfer queries | Emil Renner Berthing | |
..so now you can see all registered dhcp hostnames with: dig axfr dhcp | |||
2019-04-03 | space_server: vars: add SIP box as voip.s | Emil Renner Berthing | |
2019-04-03 | space_server: dhcpd: reclaim 10.42.0.70 | Emil Renner Berthing | |
There used to be a server with this address, so the available dhcp range had to be broken up. | |||
2019-04-03 | space_server: dhcpd: add hosts to .dhcp zone | Emil Renner Berthing | |
Only requests with the host-name header set will be added to the dhcp zone (so it can be looked up at <hostname>.dhcp). This will fail if the host-name is not a valid dns name though. Also leases on the member wired, member wireless, and free are added to the zone, but just like the s zone the dhcp zone and reverse dns for 10.42.0.0/16 cannot be queried from Labitat (free). This way you can connect gadgets to Labitat (free), but still look them up in dns and connect to them from the member networks. | |||
2019-04-03 | space_server: named: support dynamic updates | Emil Renner Berthing | |
..of the dhcp zone and reverse dns for 10.42.0.0/16 This way the dhcp daemon can add entries when it handles out leases. |