Patrik Lundin
91fe726b61
Update sunet-cdnp to v0.0.2
2024-11-08 08:45:53 +01:00
Patrik Lundin
f0eed8e804
Revert "Test updated certbot sync script"
...
This reverts commit 57b1700759
.
2024-11-07 12:42:44 +01:00
Patrik Lundin
9a73d8bdfe
Improve comment
2024-11-07 12:41:43 +01:00
Patrik Lundin
1164b59747
Install tool for managing ACME provisioner
2024-11-07 12:41:14 +01:00
Patrik Lundin
f07e6708e3
Another update of certbot-sync dir
2024-11-05 15:37:05 +01:00
Patrik Lundin
8cd801bd64
Replace cp+chown with install
2024-11-05 14:45:37 +01:00
Patrik Lundin
0461a8f0b8
mqtt: fix certfile usage
...
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
2024-11-05 14:39:13 +01:00
Patrik Lundin
a858a1973f
Sync dc and hostname
2024-11-04 12:34:38 +01:00
Patrik Lundin
80df8d10ff
Add real client contents to mqtt server
2024-11-04 12:02:25 +01:00
Patrik Lundin
3413446ce4
Less stuttering in variable naming
2024-11-04 11:58:15 +01:00
Patrik Lundin
efa269ab33
Add back $clients
...
Should not have been removed in last commit
2024-11-04 11:56:00 +01:00
Patrik Lundin
a71a8f5639
mqtt: open local firewall for any clients
2024-11-04 11:52:31 +01:00
Patrik Lundin
9cee243af6
Allow ACME validation from step-ca to cache
2024-11-04 09:39:02 +01:00
Patrik Lundin
e5a23593bf
Apply IP-specific certbot command to cache instead
2024-11-04 09:31:50 +01:00
Patrik Lundin
6f2dd2df0f
Revert "Only bind certbot to machine-specific IP"
...
Incorrectly applied to MQTT class, was supposed to be done for cache servers.
This reverts commit b4261094a7
.
2024-11-04 09:30:39 +01:00
Patrik Lundin
b4261094a7
Only bind certbot to machine-specific IP
...
Because there will be haproxy instances running next to this service we
can only listen to the machine-local address not the default of "all addreses":
Error seen:
```
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
```
2024-11-04 09:26:42 +01:00
Patrik Lundin
d4f938770a
Get internal cert for hostname
...
Used for client cert auth to MQTT server
2024-11-04 09:14:42 +01:00
Patrik Lundin
101f11fdad
Use new synced certbot dir
2024-11-01 14:38:04 +01:00
Patrik Lundin
57b1700759
Test updated certbot sync script
2024-11-01 14:21:29 +01:00
Patrik Lundin
a39f5cdbae
Remove "command" and fix indent
2024-10-31 15:39:11 +01:00
Patrik Lundin
ca94d62c62
Make sure root owns sunet-cdnp binary
2024-10-31 15:38:17 +01:00
Patrik Lundin
740c5d29c1
Missing ","
2024-10-31 15:35:44 +01:00
Patrik Lundin
48d9866a7c
Call tar from command to make notify simpler
2024-10-31 15:33:48 +01:00
Patrik Lundin
0ad91d34d1
Missing ","
2024-10-31 15:30:36 +01:00
Patrik Lundin
e15225d1b5
Extract sunet-cdnp and create symlink in PATH
...
Store files in /var/lib/sunet-cdnp instead of /root
2024-10-31 15:26:08 +01:00
Patrik Lundin
19aa10dc05
Missing ","
2024-10-31 12:56:33 +01:00
Patrik Lundin
395e67c918
Download CDN purger to cache
2024-10-31 12:55:07 +01:00
Patrik Lundin
196c1403e6
Allow decapsulated ip6ip6 packets
2024-10-30 09:25:12 +01:00
Patrik Lundin
41298df063
Setup interface for ip6ip6 tunneling
...
Running into systemd-networkd bugs, don't be fooled by "Local=::1" and
"Remote=::1". This still results in the equivalent of setting them to
'any' or '::' because we are using the default interface name.
2024-10-29 17:01:46 +01:00
Patrik Lundin
2ad7073858
Fix name
2024-10-29 14:23:34 +01:00
Patrik Lundin
0b3e9c48ff
Add nftables rule for ip6tnl packets
2024-10-29 14:21:34 +01:00
Patrik Lundin
bd055b1ac8
Run puppet-lint
2024-10-29 08:30:49 +01:00
Patrik Lundin
c4b9bef3c5
Set net.ipv4.vs.sloppy_tcp=1
...
Needed if taking over packets for a connection that was established via
another node.
2024-10-29 08:29:21 +01:00
Patrik Lundin
c93846d03b
Use @
2024-10-28 13:35:55 +01:00
Patrik Lundin
c7b74c27fc
Use fact that exists
2024-10-28 13:34:59 +01:00
Patrik Lundin
6a8671fa3e
Add import filters for bgp
2024-10-28 13:26:13 +01:00
Patrik Lundin
7dc787cb68
Less indentation
2024-10-28 13:22:53 +01:00
Patrik Lundin
af96f5e985
Manage bird.conf on l4lb machines
...
Currently just add basic template
2024-10-28 13:18:59 +01:00
Patrik Lundin
fb956e4198
Add basic dummy0 interface
2024-10-25 15:28:03 +02:00
Patrik Lundin
5d60c2dd02
Move template to correct location
2024-10-25 15:23:49 +02:00
Patrik Lundin
e2d550bf29
Start managing bird2
...
Also give dummy-interface support to sunet-l4lb-namespace tool, used
to hold IPv4/IPv6 service addresses that should be announced via BGP.
2024-10-25 15:19:21 +02:00
Patrik Lundin
d632aaca5c
Update script to use new conf path
2024-10-22 17:12:56 +02:00
Patrik Lundin
4856be3f06
Rework dir layout to match other hosts
2024-10-22 17:11:58 +02:00
Patrik Lundin
f588078b75
Add namespace management files
2024-10-22 17:06:29 +02:00
Patrik Lundin
74c0bf76a1
Fix type name
2024-10-22 15:23:03 +02:00
Patrik Lundin
1ddf93c330
Disable cilium by default
...
We will go for IPVS for now which can deal with the l4lb hosts being
multihomed.
2024-10-22 15:20:09 +02:00
Patrik Lundin
272be292ad
Revert "Test chrony branch"
...
This reverts commit c15070dd28
.
2024-10-22 14:22:39 +02:00
Patrik Lundin
19c864cb77
Manage ntp with sunet::server again
2024-10-18 15:23:26 +02:00
Patrik Lundin
c15070dd28
Test chrony branch
2024-10-18 15:21:48 +02:00
Patrik Lundin
7286dec3ff
Make sure X-Forwarded-Proto is set
...
Needed to cache http and https responses separately via Vary header
2024-10-15 16:29:31 +02:00