6a5ebfe5b5
alpine: don’t disable IPv6 autoconf on loopback interface
...
Not sure if it makes a difference but let’s keep the generated config
minimal.
2025-10-22 19:30:31 +02:00
7a4a868d41
alpine: add support for VRF interfaces
...
Mostly so we can merge the firewall role from the network repo, there
aren’t any other current users.
2025-10-22 19:30:31 +02:00
1b206517b6
alpine: enable automatic upgrades only for virtual machines
...
And factor out VM stuff into a separate file.
2025-10-22 19:30:17 +02:00
e2c9acd872
alpine: fix condition for loopback interface template
2025-10-22 18:26:18 +02:00
d1cf462f64
alpine: drop hints from interface configuration
...
Turns out ifupdown-ng ignores "inet static" and "inet loopback" hints
on iface lines. The interface named "lo" is always used as loopback.
2025-07-16 13:07:15 +02:00
a942662e12
alpine: create network interface include directory
...
So that init script doesn’t complain.
2025-07-15 14:16:10 +02:00
bf4fd2c82d
alpine: support non-VM hosts in interfaces template
...
Ignore OOB management interface, allow configuring loopback interface
with NetBox data, and setting MTU.
2025-05-15 14:55:43 +02:00
cbd3f1a7ea
alpine: set inventory_hostname as hostname
...
Instead of dns_name which might not be defined and is wrong in any case.
2025-05-15 10:47:55 +02:00
39fec47f87
alpine: don’t set IPv6 gateway
...
Will get it from RA. Also don’t disable SLAAC for IPv4‐only interfaces.
2025-05-07 12:25:43 +02:00
4dc089e42c
debian: add MOTD
2025-05-05 17:28:32 +02:00
e754db5fbd
Consolidate hosts template
...
For alpine, debian, ceph and proxmox roles.
Add the union of IPv6 LL host entries across all distros to make sure nothing croaks.
2025-04-10 18:22:41 +02:00
1a7b813dff
facts: get admins’ SSH keys from password store
...
Also install them into root’s authorized_keys on alpine.
2025-03-26 19:14:34 +01:00
0d60aa107f
Consolidate nftables setup for alpine, debian and ceph roles
2025-02-12 17:24:24 +01:00
878e8ba6f9
alpine: set up resolv.conf
...
Same as for debian.
2025-01-23 13:22:30 +01:00
6c817624bc
alpine: disable IPv6 automatic addresses
...
So we have predictable addresses if we ever want to firewall
individual hosts.
2024-09-21 22:41:36 +02:00
6b1d871392
alpine: don’t assume all public services are TCP either
2024-09-04 16:42:13 +02:00
2b4a196e4d
alpine: add whimsy
...
For what is life without it.
2024-08-16 11:48:10 +02:00
312cd8d4b3
alpine: rename network interfaces
...
Mostly relevant for VMs, to match the names with proxmox.
2024-08-16 11:47:38 +02:00
3261bc7f98
alpine: don’t hardcode nftables input rule for SSH
...
Instead configure it in NetBox like all other services.
2024-08-14 12:46:23 +02:00
38ff061f81
alpine: don’t set gateway for interface if the gateway is that interface
2024-08-06 15:47:05 +02:00
036f7c8b74
Support custom allowed_ips field for services
...
Like allowed_prefixes, but for single IP addresses. Currently used
just for DHCP server to allow (only) packets from relays.
2024-08-03 11:44:03 +02:00
a3dd4eba65
alpine: don’t assume all services are TCP
2024-07-26 10:14:23 +02:00
bacfc66f7c
alpine: flush some handlers
2024-07-04 14:55:09 +02:00
f1f9d6fa34
alpine: configure network interfaces
2024-06-25 00:40:13 +02:00
29598ef4bb
Rework service handling
...
Allow running playbooks without NetBox access. Mainly to bootstrap
NetBox itself.
Would prefer not to access network from filter plugins, so maybe do
that at some point also.
2024-06-19 13:33:32 +02:00
393614aa79
alpine: configure unattended upgrades
2024-06-17 09:52:56 +02:00
f5e9c7d6dc
alpine: add iproute2 to base packages
...
Too useful too often not to.
2024-06-05 15:40:59 +02:00
398e41732e
alpine: set hostname
...
And configure /etc/hosts accordingly.
2024-06-05 15:40:55 +02:00
fe6c35edf1
alpine: set up firewall
...
Get services from NetBox and enable SSH unconditionally for now.
2024-06-05 15:37:45 +02:00
ce80765560
alpine: add nftables to base packages
2024-05-28 12:52:59 +02:00
c2c1fdbe40
Add alpine role
...
Base packages and SSH config, and QEMU guest agent for VMs.
2024-05-19 14:21:22 +02:00
