Fork 0
Commit Graph

34 Commits (master)

Author SHA1 Message Date
implr 90cf314d1e bgpwtf: cloudflare: remove password
Seems like they aren't actually setting it on their end.

Change-Id: Ia751cd1560196ae44be15f759681dd9d679370da
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1485
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-04-01 16:57:18 +00:00
implr 26a7f5bb56 bgpwtf: peer with cloudflare
Change-Id: I00d040d56610b965d03d5af5cf7f17a5ea7f7b2d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1484
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-03-28 17:12:52 +00:00
patryk 98604701ab bgpwtf: customer cleanup
Change-Id: Idb2e66a1d75d713fc3c73cc9af41d66883bf6366
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1472
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-03-10 21:15:55 +00:00
q3k 9171451c53 bgpwtf: delegate /29 to customer
Change-Id: I3607580126477560f642ec5d9c4ccba7022de559
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1404
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-11-06 17:05:02 +00:00
q3k 0d22d0bcb6 bgpwtf/m/edge01: allow (dcr03 mgmt)
Change-Id: Ide36e7fbcb39c178b0d51dd0da8534c6bf60954b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1403
Reviewed-by: patryk <patryk@hackerspace.pl>
2022-10-08 18:12:21 +00:00
q3k e1aa63c7dd bgpwtf: add rsh tests, fix startup sequencing
Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k 957d91180a bgpwtf: edge01: bump nixpkgs, use networkd
Change-Id: I038f9518e090aecc90f464475f29c5b3c1570eff
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1339
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k d635dc85ce bgpwtf: edge01: fix tests
Change-Id: I66852cc75f3d5a6ce3cc67790c09e248874b0a9b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1338
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k 8469691645 bgpwtf: edge01: new customer
Change-Id: I9b871370e310a98848c8266658b17fef17b61011
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1202
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k d602c28df6 bgpwtf: fixup ssh problems
This makes our routers less likely to reject connections when they're
being bruteforced: first, by disabling password auth (which we don't
use, anyway), second by making connection limits a bit less draconian.

Change-Id: I4e1e3b0be85dd5ad07a10610ca28a6f094249d8c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1174
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k 82fc1318e2 bgpwtf: edge01: repurpose wireguard tunnel for fmt
Change-Id: Ib36048a83641b62210ad0d63b7b7ecda999da542
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1201
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k 767f031898 bgpwtf: fix edge01 DNS blackholing
The grapevine says that people were being fined for not supporting a
punycode domain. This was broken in rsh-unbound, so I had to fix it. I
then also realized we never were reloading unbound, so some changes
might've been slow to propagate.

Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-08 14:12:07 +00:00
q3k b754fee4e3 bgpwtf: edge01.waw: add new customer network
Change-Id: I057a93d543694300483f690598380329782f2876
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1175
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-08 14:12:07 +00:00
q3k a5b0c13228 edge01: deploy kkc wireguard tunnel (never used)
Change-Id: I5f61f00029ac9e86cd4fdcc390d16ec7fa081f51
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1157
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-10-07 18:50:51 +00:00
q3k 81e7fbaadd bgpwtf: edge01: fix ipv4 static routing for customers
Change-Id: I9c34d12a7947c9bb25331e38ea7ee03beede7e47
2021-09-08 23:40:29 +02:00
q3k 11248d88ab bgpwtf: edge01: add new client networks, remove old q3k network, limit nscd
Batch of small changes. Already deployed.

Change-Id: Ieb4f418699f497c7013e617fd7d1827e71a7a415
2021-09-06 12:07:42 +00:00
q3k 400e03fe00 bgpwtf/machines: allow new customer prefix from hscloud/dcr01sw37
Change-Id: Ieb742d3256aa6dd0c1bb28c298f3d2c41b093712
2021-07-21 14:56:29 +00:00
q3k 14f4a8b762 bgpwtf/machines/tests: fix edge01.waw test for new prefix
520f150134 changed the prefix exported
from a /23 to a /24, this broke this test.

Change-Id: I8e57bb58d816d441a17ec57ecd0881ad4facd38f
2021-07-19 22:12:30 +02:00
q3k 0fc01a969b bgpwtf/machines/modules: fix bird_exporter
v.1.2.5's hash broke, let's just swiftly ignore this and update to

Change-Id: I19757abeb2f279be6f56ca429441503710ed433f
2021-07-19 22:12:30 +02:00
q3k 65d4bc5bff Merge "bgpwtf: add q3k's anycast subnet" 2021-07-10 13:55:29 +00:00
q3k 1c80bd7563 bgpwtf: allow route with ptp to dcr03sw48
Change-Id: Ia1173deec1cd3bfc00d543c112df06b7b82dfad0
2021-06-30 21:23:24 +00:00
q3k 520f150134 bgpwtf: add q3k's anycast subnet
Change-Id: I66d449c94b27b741e71da047bb1901b8fba6eb80
2021-06-18 21:24:15 +02:00
q3k ffb80d0ed6 bgpwtf: add ar's ssh keys to routers
Change-Id: I87247136052b5b7077cb7eed33f13b60b81b898e
2021-04-19 07:11:26 +00:00
q3k 5d2a70ac92 bgpwtf/machines: add netboot.xyz to bootstrap
This allows us to selectively boot some DC machines into netboot.xyz for

Change-Id: I5713b220ee986c3584fc68efaa7540bbe99680ba
2021-03-18 19:22:41 +00:00
q3k 225a5c7ee9 nixpkgs: bump
Fixes b/3.

Change-Id: I2f734422cdad00f78956477815c4aea645c6c49e
2021-02-14 14:43:07 +00:00
q3k cc769a56f3 bgpwtf: move tests from eoip to gretap
This removes our dependency on a userspace EoIP implementation that is
mildly broken, and that doesn't build correctly on new gcc versions.

Change-Id: I404c79585336ebaf3bc1761b54ee2433f0841324
2021-02-14 10:54:09 +00:00
q3k 856b284e29 bgpwtf: edge01: add radio rooftop circuit
Change-Id: I07d6f3cb9170e1b8c5c2d8ea429d847ffa87126c
2021-01-21 20:47:42 +00:00
implr 67c86188d7 bgpwtf/edge01: as-deployed: add qemu-bridge-helper config to fix anchorvm
Change-Id: I305c498f8332de8addac435da57ba88e1b34c7f0
2020-12-21 15:14:13 +01:00
implr c726798ef7 edge01: systemd unit for running RIPE Atlas anchor VM
Change-Id: I5d91c3b3075c404af92d40f33a48a487b84ec7a5
2020-12-15 07:05:12 +01:00
implr 76de8f860d enable coredumpctl on edge01
Change-Id: Ibed8b4e9f453019e8857ef4e070d7efbcb1f13d4
2020-12-10 08:30:38 +01:00
q3k 5100715a76 bgpwtf: bump net.ipv6.route_max_size on routers
This combats this:

    [126624.252775] Route cache is full: consider increasing sysctl net.ipv[4|6].route.max_size.

This used to be fixed manually on edge01.waw, but we forgot to actually
set this in configuration. Whoops

Change-Id: Ibd45f019a9f4d8d6c2bf1db27f438589acaffd77
2020-11-10 19:39:55 +01:00
q3k e9f2c9d21b bgpwtf: widen hswaw prefix
Change-Id: I6bf97db741af6cfb788a0e69227ea9e616afea15
2020-11-08 16:31:11 +01:00
q3k d9a6365f8b bgpwtf: add static v6 routes via bird
A customer was missing a static v6 route via their router. Since we
don't want to add them to networking.interfaces.routes.* (as this
restarts the whole scripted network stack in NixOS), we add them to
bird. This requires implementing hscloud.routing.static.

Change-Id: I0a205ed1e1f17a86de43aaf72ab6c2694a069112
2020-10-16 19:07:52 +02:00
q3k 6abe4fa771 bgpwtf/machines: init edge01.waw
This configures our WAW edge router using NixOS. This replaces our
previous Ubuntu installation.

Change-Id: Ibd72bde66ec413164401da407c5b268ad83fd3af
2020-10-03 14:57:38 +00:00