| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-02-22 | space_server: networkd: add new secondary Labicolo network | Asbjørn Sloth Tønnesen | |
| This completes the split of Labicolo into two networks. Henceforth we have two Labicolo network, and any two Labicolo nodes on different parts of the network will have to join LabIX, if they want to peer. Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
| 2024-02-22 | space_server: networkd: reduce Labicolo to a /27 | Asbjørn Sloth Tønnesen | |
| I want to split Labicolo up in two networks, since it is a bit silly that we have a internet exchange prefix allocation, when all members of the IX are already connected to the same layer 2 network, when they all have transit through the same network. Therefore by splitting Labicolo into 2 networks, we ensure that there is a need for the internet exchange, since not all nodes are able to talk directly to eachother over the transit layer 2 network. Since it would be a bit excessive to allocate another /26 to Labicolo, thereby using half of our IPv4 space for Labicolo. This patch reduces the the current Labicolo network to a /27 network, a subsequent patch will then add a second Labicolo network with the other /27 network. The only issue here is that Labicolo machines, which haven't been updated to have a /27 netmask, will not be able to reach endpoints in 185.38.175.96/27, before they fix their netmask. Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
| 2024-02-22 | space_server: networkd: move Tor network to vlan 25 | Asbjørn Sloth Tønnesen | |
| Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
| 2024-01-09 | doorputer: users: add otbm | Oliver Taubenheim | |
| 2024-01-09 | space_server: users: add otbm | Oliver Taubenheim | |
| [esmil: add otbm as a regular user] | |||
| 2023-09-06 | space_server: add graceful reboot script | Asbjørn Sloth Tønnesen | |
| [esmil: call the script just reboot-graceful] Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> Signed-off-by: Emil Renner Berthing <esmil@labitat.dk> | |||
| 2023-09-06 | space_server: bird: add /48 IPv6 prefix for DBras | Hafnium | |
| Finally got around to recreate #51 Co-authored-by: DBras danielbrasholt@gmail.com | |||
| 2023-07-26 | sky: vars: add hafnium as a sudo user | Hafnium | |
| 2023-06-20 | space_server: bird: add flummer ASN | Thomas Flummer | |
| 2023-06-20 | space_server: bird: add Rayman ASN | Jens Andersen | |
| 2023-06-20 | space_server: bird: add Olivia ASN | Olivia Wenya | |
| 2023-06-20 | fedora: resolved: skip if service doesn't exist | Emil Renner Berthing | |
| 2023-05-10 | space_server: bird: Allow Hafnium announcements of /44 to /48 | Hafnium | |
| 2023-04-21 | users: graffen: remove | Emil Renner Berthing | |
| RIP :( | |||
| 2023-04-21 | space_server: bird: remove Graffen's BGP config | Emil Renner Berthing | |
| RIP :( | |||
| 2023-04-14 | users: otbm: added | Emil Renner Berthing | |
| Added user for Oliver to debug jumbotron bell | |||
| 2023-04-11 | space_server: networkd: remove unneded IPv6RoutePrefix'es | Emil Renner Berthing | |
| 2023-04-11 | space_server: networkd: disable ARP on physical interfaces | Emil Renner Berthing | |
| 2023-04-08 | space_server: radius: dh_file no longer needed | Emil Renner Berthing | |
| 2023-04-08 | space_server: disable pam_sss plugin | Emil Renner Berthing | |
| 2023-04-08 | space_server: bird: add /44 IPv6 prefix for Hafnium | Hafnium | |
| 2023-04-08 | space_server: networkd: update IPv6 RA config | Hafnium | |
| 2023-04-08 | space_server: named: remove obsolete dnssec-enable | Hafnium | |
| 2023-03-26 | space_server: chrony: Enable NTS server | Emil Renner Berthing | |
| 2023-03-26 | space_server: chrony: Use Netnod NTP servers in Malmö | Emil Renner Berthing | |
| ..and add Fiberby's time server as backup too. | |||
| 2023-01-27 | sky: homepage: set up the frontpage of labitat.dk | Joshua Hull | |
| esmil: - use timer to update the homepage - git clone/update and install gems as the homepage user | |||
| 2023-01-27 | sky: certbot: configure certbot | Joshua Hull | |
| esmil: - don't install cron job, just use the packaged timer - install deploy hook to reload nginx when certificates are updated | |||
| 2023-01-27 | sky: add role for new labitat.dk server | Emil Renner Berthing | |
| 2023-01-27 | nginx: add common role for nginx | Joshua Hull | |
| esmil: - disable access log and log errors to syslog (journal really) use journalctl -u nginx to see the errors - hoist some configuration values into ansible variables - add tags and use a handler to reload nginx on configuration changes - make nginx do its DNS queries against our local resolved this enables nginx to use DNSSEC and DoT - don't start nginx before the network is up. if it can't do dns lookups ssl_stapling will be ignored | |||
| 2023-01-26 | space_server: nftables: NAT local traffic bound for colo if | Emil Renner Berthing | |
| 2023-01-25 | jumbotron: jumbotron: clean up git clone | Emil Renner Berthing | |
| 2023-01-25 | doorputer: lockserver: clean up git clone | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: libnss-myhostname is not needed | Emil Renner Berthing | |
| ..now that we always rely on systemd-resolved being up | |||
| 2023-01-24 | space_server: bird: don't reconfigure bird in chroot | Emil Renner Berthing | |
| 2023-01-24 | jumbotron: jumbotron: git clone/update as the jumbotron user | Emil Renner Berthing | |
| 2023-01-24 | doorputer: lockserver: git clone/update as the doorman user | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: always use resolved when enabled | Emil Renner Berthing | |
| 2023-01-24 | debian: resolved: install libnss-resolve by default | Emil Renner Berthing | |
| 2023-01-22 | users: esmil: force termcolors | Emil Renner Berthing | |
| 2023-01-21 | space_server: radius: restart radiusd on new certificates | Emil Renner Berthing | |
| Mushbie reports that Windows complains about out of date certificates even when certbot is running fine, so try restarting radiusd on new certificates rather than just telling it to reload its configuration. | |||
| 2023-01-19 | jumbotron: irssi: hide joins, parts, quits and nick changes | Emil Renner Berthing | |
| 2023-01-19 | users: joshbuddy: added | Joshua Hull | |
| 2022-11-17 | users: richard: update ssh keys | Richard42Graham | |
| 2022-10-22 | fedora: sshd: only allow publickey authentication | Asbjørn Sloth Tønnesen | |
| "PasswordAuthentication no" only prevents password logins from ever being successful, but it still entertain clients with the possiblity of password logins. This reduces the offered authentication methods from: debug1: Authentications that can continue: publickey,password to just publickey: debug1: Authentications that can continue: publickey After which most bots just disconnects. Esmil: simplified so we only need one lineinfile stanza | |||
| 2022-10-15 | space_server: networkd: add LocIX connection | Hafnium | |
| systemd mechanics reworked by Esmil Co-developed-by: Emil Renner Berthing <esmil@labitat.dk> | |||
| 2022-10-14 | doorputer: users: add hafnium | Hafnium | |
| 2022-10-14 | space_server: users: give hafnium sudo permissions | Hafnium | |
| 2022-10-14 | users: remove rasmis | Emil Renner Berthing | |
| 2022-03-05 | space_server: bird: validate bird.conf | Emil Renner Berthing | |
| 2022-03-05 | space_server: bird: don't restart server | Emil Renner Berthing | |
| ..just reload configuration gracefully with 'configure soft' | |||
