Fork 0
Commit Graph

18 Commits (master)

Author SHA1 Message Date
q3k e1aa63c7dd bgpwtf: add rsh tests, fix startup sequencing
Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k 957d91180a bgpwtf: edge01: bump nixpkgs, use networkd
Change-Id: I038f9518e090aecc90f464475f29c5b3c1570eff
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1339
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k d635dc85ce bgpwtf: edge01: fix tests
Change-Id: I66852cc75f3d5a6ce3cc67790c09e248874b0a9b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1338
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k d602c28df6 bgpwtf: fixup ssh problems
This makes our routers less likely to reject connections when they're
being bruteforced: first, by disabling password auth (which we don't
use, anyway), second by making connection limits a bit less draconian.

Change-Id: I4e1e3b0be85dd5ad07a10610ca28a6f094249d8c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1174
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k 82fc1318e2 bgpwtf: edge01: repurpose wireguard tunnel for fmt
Change-Id: Ib36048a83641b62210ad0d63b7b7ecda999da542
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1201
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k 767f031898 bgpwtf: fix edge01 DNS blackholing
The grapevine says that people were being fined for not supporting a
punycode domain. This was broken in rsh-unbound, so I had to fix it. I
then also realized we never were reloading unbound, so some changes
might've been slow to propagate.

Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-08 14:12:07 +00:00
q3k 11248d88ab bgpwtf: edge01: add new client networks, remove old q3k network, limit nscd
Batch of small changes. Already deployed.

Change-Id: Ieb4f418699f497c7013e617fd7d1827e71a7a415
2021-09-06 12:07:42 +00:00
q3k 0fc01a969b bgpwtf/machines/modules: fix bird_exporter
v.1.2.5's hash broke, let's just swiftly ignore this and update to

Change-Id: I19757abeb2f279be6f56ca429441503710ed433f
2021-07-19 22:12:30 +02:00
q3k ffb80d0ed6 bgpwtf: add ar's ssh keys to routers
Change-Id: I87247136052b5b7077cb7eed33f13b60b81b898e
2021-04-19 07:11:26 +00:00
q3k 5d2a70ac92 bgpwtf/machines: add netboot.xyz to bootstrap
This allows us to selectively boot some DC machines into netboot.xyz for

Change-Id: I5713b220ee986c3584fc68efaa7540bbe99680ba
2021-03-18 19:22:41 +00:00
q3k 225a5c7ee9 nixpkgs: bump
Fixes b/3.

Change-Id: I2f734422cdad00f78956477815c4aea645c6c49e
2021-02-14 14:43:07 +00:00
q3k cc769a56f3 bgpwtf: move tests from eoip to gretap
This removes our dependency on a userspace EoIP implementation that is
mildly broken, and that doesn't build correctly on new gcc versions.

Change-Id: I404c79585336ebaf3bc1761b54ee2433f0841324
2021-02-14 10:54:09 +00:00
implr 67c86188d7 bgpwtf/edge01: as-deployed: add qemu-bridge-helper config to fix anchorvm
Change-Id: I305c498f8332de8addac435da57ba88e1b34c7f0
2020-12-21 15:14:13 +01:00
implr c726798ef7 edge01: systemd unit for running RIPE Atlas anchor VM
Change-Id: I5d91c3b3075c404af92d40f33a48a487b84ec7a5
2020-12-15 07:05:12 +01:00
implr 76de8f860d enable coredumpctl on edge01
Change-Id: Ibed8b4e9f453019e8857ef4e070d7efbcb1f13d4
2020-12-10 08:30:38 +01:00
q3k 5100715a76 bgpwtf: bump net.ipv6.route_max_size on routers
This combats this:

    [126624.252775] Route cache is full: consider increasing sysctl net.ipv[4|6].route.max_size.

This used to be fixed manually on edge01.waw, but we forgot to actually
set this in configuration. Whoops

Change-Id: Ibd45f019a9f4d8d6c2bf1db27f438589acaffd77
2020-11-10 19:39:55 +01:00
q3k d9a6365f8b bgpwtf: add static v6 routes via bird
A customer was missing a static v6 route via their router. Since we
don't want to add them to networking.interfaces.routes.* (as this
restarts the whole scripted network stack in NixOS), we add them to
bird. This requires implementing hscloud.routing.static.

Change-Id: I0a205ed1e1f17a86de43aaf72ab6c2694a069112
2020-10-16 19:07:52 +02:00
q3k 6abe4fa771 bgpwtf/machines: init edge01.waw
This configures our WAW edge router using NixOS. This replaces our
previous Ubuntu installation.

Change-Id: Ibd72bde66ec413164401da407c5b268ad83fd3af
2020-10-03 14:57:38 +00:00