aboutsummaryrefslogtreecommitdiffstats
path: root/roles
AgeCommit message (Collapse)Author
2024-02-22space_server: networkd: move Tor network to vlan 25Asbjørn Sloth Tønnesen
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
2024-01-09doorputer: users: add otbmOliver Taubenheim
2024-01-09space_server: users: add otbmOliver Taubenheim
[esmil: add otbm as a regular user]
2023-09-06space_server: add graceful reboot scriptAsbjørn Sloth Tønnesen
[esmil: call the script just reboot-graceful] Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> Signed-off-by: Emil Renner Berthing <esmil@labitat.dk>
2023-09-06space_server: bird: add /48 IPv6 prefix for DBrasHafnium
Finally got around to recreate #51 Co-authored-by: DBras danielbrasholt@gmail.com
2023-07-26sky: vars: add hafnium as a sudo userHafnium
2023-06-20space_server: bird: add flummer ASNThomas Flummer
2023-06-20space_server: bird: add Rayman ASNJens Andersen
2023-06-20space_server: bird: add Olivia ASNOlivia Wenya
2023-06-20fedora: resolved: skip if service doesn't existEmil Renner Berthing
2023-05-10space_server: bird: Allow Hafnium announcements of /44 to /48Hafnium
2023-04-21users: graffen: removeEmil Renner Berthing
RIP :(
2023-04-21space_server: bird: remove Graffen's BGP configEmil Renner Berthing
RIP :(
2023-04-14users: otbm: addedEmil Renner Berthing
Added user for Oliver to debug jumbotron bell
2023-04-11space_server: networkd: remove unneded IPv6RoutePrefix'esEmil Renner Berthing
2023-04-11space_server: networkd: disable ARP on physical interfacesEmil Renner Berthing
2023-04-08space_server: radius: dh_file no longer neededEmil Renner Berthing
2023-04-08space_server: disable pam_sss pluginEmil Renner Berthing
2023-04-08space_server: bird: add /44 IPv6 prefix for HafniumHafnium
2023-04-08space_server: networkd: update IPv6 RA configHafnium
2023-04-08space_server: named: remove obsolete dnssec-enableHafnium
2023-03-26space_server: chrony: Enable NTS serverEmil Renner Berthing
2023-03-26space_server: chrony: Use Netnod NTP servers in MalmöEmil Renner Berthing
..and add Fiberby's time server as backup too.
2023-01-27sky: homepage: set up the frontpage of labitat.dkJoshua Hull
esmil: - use timer to update the homepage - git clone/update and install gems as the homepage user
2023-01-27sky: certbot: configure certbotJoshua Hull
esmil: - don't install cron job, just use the packaged timer - install deploy hook to reload nginx when certificates are updated
2023-01-27sky: add role for new labitat.dk serverEmil Renner Berthing
2023-01-27nginx: add common role for nginxJoshua Hull
esmil: - disable access log and log errors to syslog (journal really) use journalctl -u nginx to see the errors - hoist some configuration values into ansible variables - add tags and use a handler to reload nginx on configuration changes - make nginx do its DNS queries against our local resolved this enables nginx to use DNSSEC and DoT - don't start nginx before the network is up. if it can't do dns lookups ssl_stapling will be ignored
2023-01-26space_server: nftables: NAT local traffic bound for colo ifEmil Renner Berthing
2023-01-25jumbotron: jumbotron: clean up git cloneEmil Renner Berthing
2023-01-25doorputer: lockserver: clean up git cloneEmil Renner Berthing
2023-01-24debian: resolved: libnss-myhostname is not neededEmil Renner Berthing
..now that we always rely on systemd-resolved being up
2023-01-24space_server: bird: don't reconfigure bird in chrootEmil Renner Berthing
2023-01-24jumbotron: jumbotron: git clone/update as the jumbotron userEmil Renner Berthing
2023-01-24doorputer: lockserver: git clone/update as the doorman userEmil Renner Berthing
2023-01-24debian: resolved: always use resolved when enabledEmil Renner Berthing
2023-01-24debian: resolved: install libnss-resolve by defaultEmil Renner Berthing
2023-01-22users: esmil: force termcolorsEmil Renner Berthing
2023-01-21space_server: radius: restart radiusd on new certificatesEmil Renner Berthing
Mushbie reports that Windows complains about out of date certificates even when certbot is running fine, so try restarting radiusd on new certificates rather than just telling it to reload its configuration.
2023-01-19jumbotron: irssi: hide joins, parts, quits and nick changesEmil Renner Berthing
2023-01-19users: joshbuddy: addedJoshua Hull
2022-11-17users: richard: update ssh keysRichard42Graham
2022-10-22fedora: sshd: only allow publickey authenticationAsbjørn Sloth Tønnesen
"PasswordAuthentication no" only prevents password logins from ever being successful, but it still entertain clients with the possiblity of password logins. This reduces the offered authentication methods from: debug1: Authentications that can continue: publickey,password to just publickey: debug1: Authentications that can continue: publickey After which most bots just disconnects. Esmil: simplified so we only need one lineinfile stanza
2022-10-15space_server: networkd: add LocIX connectionHafnium
systemd mechanics reworked by Esmil Co-developed-by: Emil Renner Berthing <esmil@labitat.dk>
2022-10-14doorputer: users: add hafniumHafnium
2022-10-14space_server: users: give hafnium sudo permissionsHafnium
2022-10-14users: remove rasmisEmil Renner Berthing
2022-03-05space_server: bird: validate bird.confEmil Renner Berthing
2022-03-05space_server: bird: don't restart serverEmil Renner Berthing
..just reload configuration gracefully with 'configure soft'
2022-03-05space_server: bird: update IPv4 filter for asbjornAsbjørn Sloth Tønnesen
Just so that Esmil can test his Ansible changes.
2022-03-05space_server: bird: update IPv6 filter for asbjornAsbjørn Sloth Tønnesen
Use ipaddress/pxlen{low,high} syntax to allow all /48 prefixes that are covered by 2a10:2a80::/29. https://bird.network.cz/?get_doc&v=20&f=bird-5.html#type-set
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-08 13:14:54 +0000