Commit graph

51 commits

Author SHA1 Message Date
Patrik Lundin cb46a3b6fb
Expose postgres port 2024-11-14 12:12:50 +01:00
Patrik Lundin f1b4d5ad07
Fix path typo 2024-11-13 14:59:59 +01:00
Patrik Lundin 206e450c99
Add init script for setting up cdn database 2024-11-13 14:52:17 +01:00
Patrik Lundin 61f47320a7
Use named volume for persistence 2024-11-13 13:52:26 +01:00
Patrik Lundin b121790b77
Fix password variable 2024-11-13 13:39:42 +01:00
Patrik Lundin 85afb706ed
Add initial support for handling a DB server
Used to store varnish config etc
2024-11-13 13:27:58 +01:00
Patrik Lundin 2e49e12c70
Start creating sunet-cdnp unit file 2024-11-12 10:11:03 +01:00
Patrik Lundin 0461a8f0b8
mqtt: fix certfile usage
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
2024-11-05 14:39:13 +01:00
Patrik Lundin 41298df063
Setup interface for ip6ip6 tunneling
Running into systemd-networkd bugs, don't be fooled by "Local=::1" and
"Remote=::1". This still results in the equivalent of setting them to
'any' or '::' because we are using the default interface name.
2024-10-29 17:01:46 +01:00
Patrik Lundin c4b9bef3c5
Set net.ipv4.vs.sloppy_tcp=1
Needed if taking over packets for a connection that was established via
another node.
2024-10-29 08:29:21 +01:00
Patrik Lundin c93846d03b
Use @ 2024-10-28 13:35:55 +01:00
Patrik Lundin c7b74c27fc
Use fact that exists 2024-10-28 13:34:59 +01:00
Patrik Lundin 6a8671fa3e
Add import filters for bgp 2024-10-28 13:26:13 +01:00
Patrik Lundin 7dc787cb68
Less indentation 2024-10-28 13:22:53 +01:00
Patrik Lundin af96f5e985
Manage bird.conf on l4lb machines
Currently just add basic template
2024-10-28 13:18:59 +01:00
Patrik Lundin fb956e4198
Add basic dummy0 interface 2024-10-25 15:28:03 +02:00
Patrik Lundin 5d60c2dd02
Move template to correct location 2024-10-25 15:23:49 +02:00
Patrik Lundin e2d550bf29
Start managing bird2
Also give dummy-interface support to sunet-l4lb-namespace tool, used
to hold IPv4/IPv6 service addresses that should be announced via BGP.
2024-10-25 15:19:21 +02:00
Patrik Lundin f588078b75
Add namespace management files 2024-10-22 17:06:29 +02:00
Patrik Lundin 7286dec3ff
Make sure X-Forwarded-Proto is set
Needed to cache http and https responses separately via Vary header
2024-10-15 16:29:31 +02:00
Patrik Lundin d289ffa656
Add config for ipip interface
Supplying an empty .network file is weird but without it the tunl0
interface is left in a DOWN state even with Independent=true.

Maybe this is related to "tunl0" being automatically created when the
"ipip" kernel module is loaded.
2024-10-11 22:05:11 +02:00
Patrik Lundin cb50714f4f
Rename remaining file 2024-10-11 22:00:37 +02:00
Patrik Lundin 44c73b78ae
Prefix files with numbers as recommended by docs
See "systemd.netdev" docs.
2024-10-11 21:57:59 +02:00
Patrik Lundin fe428a9e74
Also include cidr suffix 2024-10-11 18:57:10 +02:00
Patrik Lundin b5d9682e01
This is a hash 2024-10-11 18:55:39 +02:00
Patrik Lundin 637e2ae307
Add address config for dummy interface 2024-10-11 18:52:53 +02:00
Patrik Lundin 1e8cad6ea0
Add dummy0 interface
The netplan version we have is too old to do this so handle it manually.
2024-10-11 18:45:54 +02:00
Patrik Lundin eb49f13c49
Fix backend name 2024-10-11 18:14:30 +02:00
Patrik Lundin 8227300a34
Enclose ipv6 addresses in [] 2024-10-11 14:00:23 +02:00
Patrik Lundin 4d7283e361
Allow haproxy to bind to ports 80/443
This way we can run haproxy as an unprivileged user and still use what
is normally considered privileged ports.
2024-10-11 13:49:04 +02:00
Patrik Lundin 1247c7f0be
Use hiera data for ip4/ip6 2024-10-11 12:03:24 +02:00
Patrik Lundin 88e3771f6e
Install certificate files 2024-10-11 11:38:58 +02:00
Patrik Lundin 747059cd92
Missing " 2024-10-10 20:44:23 +02:00
Patrik Lundin ff6376b68d
Add basic varnish VCL for testing 2024-10-10 20:39:35 +02:00
Patrik Lundin 802e9a1389
Fix erb iteration 2024-10-10 15:45:58 +02:00
Patrik Lundin d0a19691aa
Initial cdn::cache manifest 2024-10-10 15:22:11 +02:00
Patrik Lundin 5d05e596c0
Cleanup ":" 2024-10-10 10:24:31 +02:00
Patrik Lundin 563886294b
Fix template 2024-10-10 10:23:55 +02:00
Patrik Lundin b44fb5ce43
Update key paths to reflect internal CA 2024-10-10 10:17:39 +02:00
Patrik Lundin 22a2029cf9
Enable ACME provisioner at init 2024-10-08 16:50:46 +02:00
Patrik Lundin d1c863c7cb
Expose the step-ca port 2024-10-08 10:09:20 +02:00
Patrik Lundin 1803d1c69a
Add initial compose file for step-ca 2024-10-08 10:02:48 +02:00
Patrik Lundin 828f9a899d
Fix templates for passwords 2024-10-08 09:51:08 +02:00
Patrik Lundin 61a4ec13e3
Start setting up step-ca files 2024-10-08 09:36:04 +02:00
Patrik Lundin e5ce5dd1cd
Start managing cdn.conf 2024-10-06 14:50:07 +02:00
Patrik Lundin 40036c3c32
Fix variable usage 2024-10-06 14:44:32 +02:00
Patrik Lundin 7352a20143
Start managing mqtt ACL
Include sample comsos-rules entry for testing out template
2024-10-06 14:26:10 +02:00
Patrik Lundin d1d72ad80a
Try to access map correctly 2024-10-03 20:42:39 +02:00
Patrik Lundin 32e4a99cef
Add initial forgejo runner config 2024-10-03 20:12:59 +02:00
Patrik Lundin dd0493f869
Fix volume declarations
Did not expect to create anonymous volumes, see
https://stackoverflow.com/questions/46166304/docker-compose-volumes-without-colon
for more details. Now the host directories should be mounted. While here
try setting :ro to the paths we are not expecting to modify. The
/lib/modules :ro flag is based on
3cbd8258eb/cilium-lb.yaml (L143-L145)
2024-08-20 12:31:42 +02:00