rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
174 commits 1 branch 0 tags 422 KiB
Commit graph

7 commits

Author SHA1 Message Date
Timotej Lazar cf6b682cf8 Add ocserv role 
Create a self-signed CA, set up group configs, add script to allow new
connections through the firewall.

In the base debian role, drop the default nftables forward chain with
drop policy because it clashes with this. If you enable forwarding on
a debian host, make sure to configure the firewall.
 2025-04-12 18:38:48 +02:00
Timotej Lazar 0d60aa107f Consolidate nftables setup for alpine, debian and ceph roles 2025-02-12 17:24:24 +01:00
Timotej Lazar 211d4bdb9a Deconsolidate network setup for proxmox and debian roles 
They are just different enough to be annoying.
 2024-08-28 12:43:14 +02:00
Timotej Lazar 25bcddede1 Factor frr role from debian, ceph and proxmox 
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
 2024-05-19 14:21:25 +02:00
Timotej Lazar 5cca841e6b debian: allow sftp over management ssh 2023-11-18 19:42:33 +01:00
Timotej Lazar 5da50c14f9 debian: run a separate sshd in mgmt VRF 
Leave the default sshd alone. If ssh is not necessary in default VRF,
another role should disable it.
 2023-10-25 13:06:57 +02:00
Timotej Lazar 8dd2476238 Add role to set up base Debian server 
With sshd in separate management VRF and FRR to announce routes to
self over unnumbered BGP.
 2023-06-01 17:22:26 +02:00