rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
176 commits 1 branch 0 tags 422 KiB
Commit graph

18 commits

Author SHA1 Message Date
Timotej Lazar cf6b682cf8 Add ocserv role 
Create a self-signed CA, set up group configs, add script to allow new
connections through the firewall.

In the base debian role, drop the default nftables forward chain with
drop policy because it clashes with this. If you enable forwarding on
a debian host, make sure to configure the firewall.
 2025-04-12 18:38:48 +02:00
Timotej Lazar 35427f1fbc debian: reorder tasks 
Ensure network interfaces are renamed first.
 2025-04-08 21:31:45 +02:00
Timotej Lazar 0d60aa107f Consolidate nftables setup for alpine, debian and ceph roles 2025-02-12 17:24:24 +01:00
Timotej Lazar 04bfcb03fa debian: update package cache 2025-01-20 15:30:07 +01:00
Timotej Lazar 45c0f25ce0 debian: disable SSH password authentication 
Oops. Also do it for proxmox-backup role even though SSH in default
VRF is disabled there, so it will be easier to deduplicate these roles
when someone gets around to it.
 2025-01-20 14:58:08 +01:00
Timotej Lazar 211d4bdb9a Deconsolidate network setup for proxmox and debian roles 
They are just different enough to be annoying.
 2024-08-28 12:43:14 +02:00
Timotej Lazar 25bcddede1 Factor frr role from debian, ceph and proxmox 
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
 2024-05-19 14:21:25 +02:00
Timotej Lazar 179547beff debian: only advertise local routes 
Also of course.
 2024-04-04 10:53:01 +02:00
Timotej Lazar eed2308609 debian: get all data from netbox 2023-11-18 19:44:52 +01:00
Timotej Lazar d334e9aafa debian: allow overriding release 2023-11-18 19:44:00 +01:00
Timotej Lazar 5cca841e6b debian: allow sftp over management ssh 2023-11-18 19:42:33 +01:00
Timotej Lazar 5da50c14f9 debian: run a separate sshd in mgmt VRF 
Leave the default sshd alone. If ssh is not necessary in default VRF,
another role should disable it.
 2023-10-25 13:06:57 +02:00
Timotej Lazar ce2d0f3cd4 proxmox: add interfaces for fabric links 
Same as debian.
 2023-10-05 12:43:35 +02:00
Timotej Lazar a324da076b Consolidate interface setup for debian and proxmox roles 2023-07-20 13:46:13 +02:00
Timotej Lazar 63ab087645 debian: get inventory data from netbox 
Set standardized interface names (mgmt0… for L2 management interfaces
and lan0… for L3 data interfaces speaking BGP). ASN is stored as a
custom field in netbox but that might change.
 2023-07-20 13:24:51 +02:00
Timotej Lazar db310ba716 debian: take it easy with the reboots 2023-06-05 17:52:25 +02:00
Timotej Lazar 7c209a7c5c debian: set hostname 2023-06-05 17:52:20 +02:00
Timotej Lazar 8dd2476238 Add role to set up base Debian server 
With sshd in separate management VRF and FRR to announce routes to
self over unnumbered BGP.
 2023-06-01 17:22:26 +02:00