Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-18 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-18 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-06-01 | space_server: vars: update foodputer mac address | Emil Renner Berthing | |
In a heroic effort Asbjørn has replaced the old broken foodputer. | |||
2021-06-01 | space_server: vars: add more convenient packages | Emil Renner Berthing | |
2021-06-01 | users: esmil: remove old ssh keys | Emil Renner Berthing | |
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-18 | fedora: handlers: add restart sshd handler | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2021-01-16 | fedora: homed: configure systemd-homed | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerap1 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerswitch | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add description for switch | Emil Renner Berthing | |
..and remove wrong MAC address. The switch doesn't (and shouldn't) use dhcp. | |||
2021-01-16 | fedora: systemd: configure sleep.conf and user.conf | Emil Renner Berthing | |
2021-01-16 | fedora: timesyncd: fix disabling | Emil Renner Berthing | |
2020-11-17 | space_server: add static ips for pixelfluthafnium | Hafnium | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-06-01 | users: rasmis: added | Emil Renner Berthing | |
Add Rasmus so he can jump to the foodputer and read out the drinkomatic database. | |||
2020-06-01 | users: add support for jumponly users | Emil Renner Berthing | |
2020-06-01 | users: esmil: add stitch key and update .bashrc | Emil Renner Berthing | |
2020-04-10 | users: root: update bashrc | Emil Renner Berthing | |
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-20 | users: graffen: added | Jesper Hess Nielsen | |
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-03-03 | jumbotron: disable IPv6 privacy extensions | Emil Renner Berthing | |
..so we can make sure the jumbotron always takes the same IPv6 address and we can whitelist it in the firewall. | |||
2020-03-02 | Add AnyEvent::HTTPD package (for github integration) | Kristian Nielsen | |
2020-03-01 | space_server: radius: configure certificates | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-29 | fedora: networkd: configure networkd.conf | Emil Renner Berthing | |
2020-02-29 | fedora: sudo: update sudoers file | Emil Renner Berthing | |
2020-02-29 | fedora: dnf: set install_weak_deps=no | Emil Renner Berthing | |
..when installing packages. In case the Ansible dnf module doesn't consult /etc/dnf/dnf.conf | |||
2020-02-27 | debian: networkd: remove last |bool instance | Emil Renner Berthing | |
2020-02-27 | roles: remove useless |bool filters | Emil Renner Berthing | |
This used to be a fix for some bogus warnings, but they seem to have gone in recent versions of Ansible | |||
2020-02-27 | space_server: show nicer loop items | Emil Renner Berthing | |
2020-02-27 | debian: apt: show nicer loop items | Emil Renner Berthing | |