Commit graph

69 commits

Author SHA1 Message Date
5d47f75c2f swann: don't add mopup rules for wg-intfs, since we'll get that via BGP 2023-07-19 23:28:58 +01:00
528ed1debc swann: add qvmpc6552 2023-07-11 12:01:00 +01:00
1c9b9e9fcd swann: boot.tmpOnTmpfs -> boot.tmp.useTmpfs 2023-05-28 01:32:25 +01:00
4faf4a4630 swann: disable unifi 2023-04-15 02:45:10 +00:00
ed03e709c5 euw1.api.riotgames.com is on AWS and isn't useful 2023-01-14 22:17:36 +00:00
40ed8549b8 resolve some warnings 2022-12-29 14:15:58 +00:00
9dee33f3dc swann: reenable unifi controller 2022-10-09 18:15:47 +01:00
c16856f8ab treewide: add my.ip.tailscale6 2022-09-02 00:22:16 +01:00
784324fd20 ops/nixos: decommission virgin media 2022-04-15 23:42:05 +01:00
b40f3435f4 swann: switch to SFP 2022-03-30 16:42:37 +00:00
b8acd6e31b swann: re-enable vault-agent 2022-03-20 19:10:24 +00:00
262620f177 swann: also put v6 RA routes into the correct route table
(fixes ee)
2022-03-13 20:35:11 +00:00
615c30ed54 swann: reduce write activity on disk 2022-03-13 17:34:23 +00:00
5283ee4fee swann: migrate fully to using networkd
networkd appears to have gotten very aggressive about clearing routing rules it didn't insert itself
2022-03-12 19:38:54 +00:00
9099ee2a45 swann: only rename physical interfaces 2022-03-12 07:25:48 +00:00
6353ce6603 swann: make systemd-networkd-wait-online wait for _any_ NIC 2022-03-11 22:57:08 +00:00
0c458988de ops/nixos: misc cleanups 2022-03-11 03:27:58 +00:00
f0e645fccb swann: add lukegb01.ring.nlnog.net to smokeping prober 2022-03-03 18:44:56 +00:00
080577e0f3 swann: fix tailscale outbound
Tailscale adds a policy-based routing rule at priority 5200-ish, which is
before all the rules that we add. This avoids any Tailscale traffic going
out... over Tailscale, which would be bad.

Anyway, this breaks us because our main table is empty, so there's nowhere
for the Tailscale traffic to actually go. Oops.

Instead, use policy-based routing to send things over our WG tunnel, or over
any of our upstream connections depending on what's available.
2022-03-02 00:32:31 +00:00
cbabb6f211 ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents 2022-01-30 20:30:20 +00:00
4b14ea5b4d ops/nixos: remove rebuilder
It's in the common profile, we don't need it everywhere.
2022-01-23 16:57:20 +00:00
eb3b306439 Backed out changeset 073cf55ed346
Mischief managed
2022-01-15 13:32:47 +00:00
687d72cfdc ops/nixos: experiment with ECMP 2022-01-15 13:32:41 +00:00
9be6bcaf2d ops/nixos: set up gnetwork link 2022-01-14 19:42:06 +00:00
ad95bffd3d ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
6cfcd10e06 swann: use the router's public IP when making connections
For v6, the link is on an unrouted subnet so there's no way to address it from
outside. We don't want Linux to use the v6 subnet for connections it makes, so
we ask politely that the source on the route is actually an IP address that we
Like.
2022-01-01 02:11:59 +00:00
3458c7766e swann: switch from prod.euw1.riotgames.com to euw1.api.riotgames.com
The former appears to resolve, but no longer respond to ICMP ping (even from a
different network).  Switch to the documented API endpoint, which still
responds to ICMP ping.
2022-01-01 01:31:56 +00:00
8b3e77de1e swann: coredns shouldn't bind to 127.0.0.53 because systemd-resolved wants it 2021-12-31 23:52:57 +00:00
ca6de1910d swann: services.unifi.openPorts -> openFirewall 2021-12-24 02:03:36 +00:00
d99fe8b153 depot: fixups 2021-12-08 02:37:12 +00:00
29f7073384 ops/nixos: compatibility with NixOS 22.05 2021-12-07 19:13:04 +00:00
c535655086 totoro/swann: do shenanigans with PS5 RTMP 2021-09-30 17:10:52 +00:00
fb16bea95c swann: give PS5 a static IP 2021-09-30 16:07:12 +00:00
a8718864c1 swann: configure for eduroam on VLAN 100 2021-09-25 17:38:21 +00:00
4bb015ee0d swann: use IPv6 endpoint for tuvok over EE
EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is
IPv6 and works pretty reasonably.
2021-09-03 12:40:52 +00:00
58b87a9f0e swann: add ee-scrape-data, for putting allowance data into prometheus 2021-09-02 19:19:53 +00:00
e95324c175 swann: yes, this one 2021-08-31 02:29:56 +00:00
2d0a607383 ops/nixos: enable bird-exporter-lfty 2021-08-31 02:26:50 +00:00
7134fe904a ops/nixos: implement BFD+WG tunneling for mldn-rd 2021-08-30 19:58:21 +01:00
1557066375 coredns: allow tailscale net 2021-07-16 01:32:54 +00:00
ded652a595 swann: change MAC address of VM-facing interface 2021-07-15 12:18:07 +00:00
78da7c9f4d swann: disable radvd/ndppd, add static IP for xerox printer 2021-07-15 11:55:10 +00:00
73b1e96727 swann: use /dev/null as /etc/hosts file for coredns 2021-05-31 23:54:07 +00:00
7195ed24c4 swann: change hosts lookup 2021-05-31 23:09:37 +00:00
bb06285f6d swann: map www.nhs.uk to Akamai IPv6 address 2021-05-21 15:22:34 +00:00
63ecd2d0ab swann: metric is a string field 2021-05-15 19:38:46 +00:00
9cee25b83c swann: use unifi rather than unifiLTS 2021-05-15 20:33:13 +01:00
098d3f4aae swann: add dedi2.eq2.co.uk to smokeping 2021-05-13 16:33:40 +00:00
4fb2a9e8e3 swann: tighten up IPv6 config 2021-05-13 10:14:42 +00:00
564c803136 swann: accept-ra on ens-virginmedia 2021-05-12 18:20:45 +00:00