Timotej Lazar
|
7fe1dac008
|
firewall: use slurp instead of generic command to get host key
|
2024-02-27 13:35:29 +01:00 |
|
Timotej Lazar
|
c20c47709c
|
exit: fix keepalive configuration
There will be order or there will be chaos.
|
2024-02-18 16:28:35 +01:00 |
|
Timotej Lazar
|
37c025e2a0
|
firewall_master: move secrets to password store
|
2024-02-13 13:13:56 +01:00 |
|
Timotej Lazar
|
d94e79f8b7
|
certbot_dns: move secrets to password store
|
2024-02-13 13:13:43 +01:00 |
|
Timotej Lazar
|
27dac09549
|
access: move secrets to password store
Keeping ansible-vault values in NetBox is too cumbersome and limited.
|
2024-02-13 10:33:14 +01:00 |
|
Timotej Lazar
|
91afaec9c2
|
firewall: allow connections from master with NATted IP
|
2024-02-06 09:19:49 +01:00 |
|
Timotej Lazar
|
f54b23f49a
|
firewall: disable forwarding for mgmt interfaces in if-pre-up
Should be more robust and more importantly works when interfaces are
not renamed by mdev as is the situation now.
|
2024-01-30 13:11:35 +01:00 |
|
Timotej Lazar
|
25289dd82f
|
firewall: fix interface renaming
The mdev rules for renaming interfaces at boot seem to not work with
latest Alpine. So rename with ifupdown instead.
|
2024-01-30 13:11:35 +01:00 |
|
Timotej Lazar
|
544aa0a088
|
firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
|
2024-01-30 12:37:14 +01:00 |
|
Timotej Lazar
|
161ce73be7
|
exit: restart keepalived on DHCP config update
|
2024-01-30 12:36:19 +01:00 |
|
Timotej Lazar
|
aeb124e346
|
Add inside and outside roles for VLANs
Will probably rename inside/outside and office/server to int/ext.
|
2024-01-30 12:35:33 +01:00 |
|
Timotej Lazar
|
0802dc8637
|
access: move templates to netbox
And adjust tasks to work with FS switches also.
|
2023-12-29 14:55:00 +01:00 |
|
Timotej Lazar
|
be398e54fe
|
fabric: sort bridge VLANs by ID
Instead of barfing on unsortable dicts.
|
2023-12-29 13:52:05 +01:00 |
|
Timotej Lazar
|
6fd5432b69
|
fabric: reload switchd before reloading interfaces
Don’t want to bring up a nonexisting interface.
|
2023-12-29 09:01:01 +01:00 |
|
Timotej Lazar
|
0d24f9fdc7
|
firewall: log policy update messages to syslog
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
2b275c2ab4
|
exit: receive VPN IPv6 addresses from firewalls
And share them with peer over backup link.
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
c2d0e88996
|
firewall: set IPv6 address for wireguard interface
And advertise it.
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
d789e4a037
|
leaf: don’t talk BGP at bridges and bonds
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
9e8db74d24
|
fabric: allow setting bridge access VLANs on non-bond ports
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
950cd41c33
|
fabric: only add enabled ports to bridge
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
158e8740b8
|
Initial commit, squashed
|
2023-12-18 12:55:47 +01:00 |
|