531 commits

Author	SHA1	Message	Date
jeltz	deb4372588	Merge branch 'master' into add-ssh-keys	2021-03-07 21:29:57 +01:00
jeltz	929baa300f	Use 'update_motd' in 'prometheus_federate' (again)	2021-03-06 04:48:39 +01:00
jeltz	71ee06c9c0	Fix typo	2021-03-06 04:45:00 +01:00
jeltz	bc2701d8ba	Use 'update_motd' in 'prometheus_federate'	2021-03-06 04:43:09 +01:00
jeltz	2353589da6	Ensures /etc/update-motd.d exists	2021-03-06 04:42:21 +01:00
jeltz	1d0200a1f0	Use 'update_motd' in 'prometheus'	2021-03-06 04:32:06 +01:00
jeltz	b81600aef8	Use 'update_motd' in 'baseconfig'	2021-03-06 04:31:20 +01:00
jeltz	7e92fdfab7	Create an 'update_motd' role	2021-03-06 04:30:32 +01:00
jeltz	cf07de4ec4	Fetch switch_snmp jobs	2021-03-06 02:41:58 +01:00
jeltz	8abca7916f	Add switch_snmp job for prometheus	2021-03-06 01:57:32 +01:00
jeltz	763cc2eb51	Generate targets_switch_snmp.json	2021-03-06 01:57:08 +01:00
jeltz	eaa0d2e0fc	Fix bad indent in snmp.yml.j2	2021-03-06 01:56:18 +01:00
jeltz	21fed6ae3f	Add useful lookups for switchs interfaces	2021-03-06 00:58:46 +01:00
jeltz	52124d2cad	Cleanup prometheus_federate's prometheus.yml.j2	2021-03-06 00:46:13 +01:00
jeltz	7d527be1c0	Remove duplicate alerts from 'prometheus-federate'	2021-03-06 00:45:43 +01:00
jeltz	32669e1fb1	Don't load Django rules prometheus-federate	2021-03-06 00:44:22 +01:00
jeltz	4ca7ebd144	Add a unique exported label (useful for federation)	2021-03-06 00:40:44 +01:00
jeltz	802bfcc698	'prometheus-federate' must not retrieve its own federated metrics	2021-03-06 00:38:36 +01:00
jeltz	958eaa1bcb	Use label federated_instance instead of instance	2021-03-05 00:54:44 +01:00
jeltz	6525508401	Forward journald logs to rsyslog	2021-03-02 01:24:53 +01:00
jeltz	77a5fdac6f	Remove some duplicate logs from syslog.log	2021-03-02 00:56:28 +01:00
jeltz	529550f594	Don't use 'imjournal' ('imuxsock' is already used) ... I still don't understand why it increased the size of the firewall logs by a factor of 5 to 10, but we don't really need structured logs from systemd-journald and the author seems to discourage it's use, so I will not investigate further.	2021-03-02 00:46:16 +01:00
jeltz	ee041b9ead	Use 'simple' instead of 'oneshot' (rotate service)	2021-03-02 00:14:25 +01:00
jeltz	1f6bfeee23	Fix broadcast address on routeur-aurore	2021-03-01 20:04:38 +01:00
jeltz	0f55b90de9	Remove 10.129.0.1 gateway on routeur-aurore-*	2021-03-01 20:04:02 +01:00
jeltz	b13b22da05	Add ignored destinations for firewall logs	2021-03-01 19:39:11 +01:00
jeltz	8f815a30c5	Remove useless date (already added by journald)	2021-03-01 17:47:12 +01:00
jeltz	acd5721a5b	Fix typos in rotate-remote-logs.service.j2	2021-03-01 17:45:17 +01:00
jeltz	9547868c7d	Send nginx logs to local syslog	2021-03-01 17:40:05 +01:00
jeltz	cdb9f88614	Do not rate limit collection of journald logs	2021-03-01 16:31:52 +01:00
jeltz	9eeb8ccd73	Remove non-Ansible SSH root keys	2021-03-01 16:08:08 +01:00
jeltz	9252249d18	Use 'true' instead of 'yes'	2021-03-01 04:15:54 +01:00
jeltz	e4b58c0bf4	Fix typo in 20-collector.conf.j2	2021-03-01 04:07:17 +01:00
jeltz	c65b3f090b	Compress and delete old remote logs ... Logrotate is not used because I didn't found an easy way to configure it to handle the compression/deletion of log files already rotated by rsyslog (it is probably possible, but I found the script to be easier).	2021-03-01 03:58:58 +01:00
jeltz	f7183095c1	Add explicit permissions for directories	2021-03-01 02:26:22 +01:00
jeltz	ba8b4e8c29	Fix the ordering of rsyslog.d files ... A call to sendLogsToRemote for logs received through RELP/UDP has been added (to send them to Logstash/Redis/…), so common.conf's prefix must be lower than collector.conf's. Note: future "third-party" config files will also call sendLogsToRemote and thus will also have to use a prefix higher than 10.	2021-03-01 02:15:28 +01:00
jeltz	7fd1b5ff5d	Add rsyslog_collector role	2021-03-01 01:27:56 +01:00
jeltz	6263c31785	Add rsyslog_common role	2021-03-01 01:27:30 +01:00
ynerant	ba6da939ab	[certbot] Fix certificates for auro.re ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-24 13:57:59 +01:00
ynerant	ae151321db	[nginx/certbot] Clone roles from Crans ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-24 11:46:37 +01:00
pz2891	d7d0676f5e	Remove .save file; remove fo fleming prometheus	2021-02-18 17:53:15 +01:00
pz2891	74c30b81df	Merge branch 'master' into Global_monitoring	2021-02-17 19:41:06 +01:00
pz2891	b278b02bc2	Remove percentage sign for load alert	2021-02-17 19:37:33 +01:00
pz2891	0b90c9944b	Fix CI warning from last commit	2021-02-17 18:15:31 +01:00
pz2891	61001e09f5	Add alert for load usage	2021-02-17 18:08:39 +01:00
pz2891	a5b4deacee	Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus	2021-02-17 17:42:24 +01:00
otthorn	5b2580056d	🐛 Final fix, should stop sending ill-formed mail from now on	2021-02-16 18:10:39 +01:00
otthorn	f607a76ec8	🐛 Fix a small bug. Postfix does not accept trailing comments	2021-02-16 13:13:26 +01:00
otthorn	3fceeff74f	Fix ansible lint for rule [208] always specify mode and owner for template	2021-02-16 02:47:04 +01:00
otthorn	3925e32188	Repect ansible-lint [106] for role names	2021-02-16 02:45:35 +01:00
otthorn	69d732e612	Fix case	2021-02-16 02:42:08 +01:00
otthorn	ab3659adc2	Also config hostname just in case	2021-02-16 02:32:46 +01:00
otthorn	1ca75ccfb0	Add postfix non mailhost conf	2021-02-16 02:22:41 +01:00
otthorn	f08b11445d	Add postfix non mailhost task	2021-02-16 02:15:52 +01:00
otthorn	a9b03aed82	Add postfix non mailhost handlers	2021-02-16 02:02:15 +01:00
pz2891	6ec449c3b3	Fix restarting prometheus snmp (not installed)	2021-02-10 20:43:43 +01:00
pz2891	d8924abe66	Add prometheus-federate role	2021-02-10 20:42:37 +01:00
pz2891	4308bedf8f	Monitoring of docker containers	2021-02-10 19:06:28 +01:00
pz2891	bd5b88c4fc	Correcting format of percentage	2021-02-08 18:22:08 +01:00
pz2891	428b6f5733	Correcting grafana stats for wireless	2021-02-08 13:57:32 +01:00
pz2891	8bfe83f73c	Adaptation of UPS alerts	2021-02-08 13:52:17 +01:00
otthorn	faf5fc7362	fix re2o-service -> re2o_service role name	2021-02-07 17:39:04 +01:00
otthorn	e6b853a552	fix role name	2021-02-07 17:33:29 +01:00
otthorn	679daa633f	Fix ansible lint	2021-02-07 17:32:44 +01:00
otthorn	1e136e3736	Remove rules from warn list when it is not needed	2021-02-07 17:31:21 +01:00
ynerant	f9e83e514e	Merge pull request 'Captive portal' (#11) from accueil into master ... Reviewed-on: Aurore/ansible#11	2021-02-05 20:39:50 +01:00
ynerant	0e224df41f	Install ipset on each router ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:26 +01:00
ynerant	c527ce16b0	Use good output interface for the main router ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	a82edc3e24	Firewall configuration without MASQUERADE ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	bbac76023c	Update masquerade configuration for the captive portal ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	7e4a2d20c0	Clone nginx role from Crans ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	889cb764c1	Clone certbot role from Crans ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	154cbedec2	Deploy firewall config for the captive portal ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
ynerant	9bd06520fb	Add reverse-proxy for Re2o on the portal VM ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:39:25 +01:00
jeltz	e02670afb0	Les caches unbound renvoie les addresses en 10/8	2021-02-05 20:38:50 +01:00
ynerant	a7b073e1cc	Add captive portal firewall configuration ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:38:50 +01:00
ynerant	89ebbd423e	Use the local firewall repository ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:38:50 +01:00
ynerant	5a09b77070	Resolve DNS for the accueil vlan ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-05 20:38:49 +01:00
jeltz	5fc2d0a3f9	Ajout d'accueil dans keepalived	2021-02-05 20:38:49 +01:00
jeltz	7cdef7ee96	Fix: keep the logs for 90 days	2021-02-05 20:38:49 +01:00
ynerant	3eb48edccd	Tmux everywhere ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-02-02 23:17:47 +01:00
otthorn	f6c9208a41	Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master ... Reviewed-on: Aurore/ansible#5	2021-01-29 20:48:43 +01:00
otthorn	c9352fb9ab	Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master ... Reviewed-on: Aurore/ansible#4	2021-01-29 20:42:24 +01:00
otthorn	a8af3c9c72	Merge branch 'master' into monitoring_pdu	2021-01-29 20:29:28 +01:00
pz2891	eecf807b53	Delte main.yml.save	2021-01-29 20:15:21 +01:00
pz2891	a12bcbc97f	Correct yamlint	2021-01-29 20:12:14 +01:00
otthorn	6ec89b88d8	Limit floats in alerts to 2 decimal places	2021-01-29 19:33:38 +01:00
jeltz	d59cb41d5e	Use unattended-upgrades for Debian-Security	2021-01-28 03:42:07 +01:00
pz2891	e3ae912f44	Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts	2021-01-23 22:10:57 +01:00
pz2891	bac377f634	Update alert rules of UPS	2021-01-23 19:01:27 +01:00
otthorn	fff6ec5807	fix typo: restart -> reload	2021-01-23 16:04:09 +01:00
otthorn	795ee3846f	fix indent	2021-01-23 16:02:10 +01:00
otthorn	e6af0f2bd7	fix typo: groupe -> group	2021-01-23 15:59:03 +01:00
otthorn	e1a961273d	fix typo: dst -> dest	2021-01-23 15:42:52 +01:00
otthorn	73142dbe03	Fix yaml syntax	2021-01-23 14:41:25 +01:00
otthorn	43274ef2ec	Add the ansible_managed var at the begining of the config file	2021-01-23 14:40:29 +01:00
otthorn	66c2ff6305	full path to logrotate for command	2021-01-23 14:37:18 +01:00
otthorn	05326c15d3	Enforce logrotate rules	2021-01-23 14:27:09 +01:00
otthorn	ddd69e04c0	create logrotate role	2021-01-23 14:25:35 +01:00
pz2891	c7a3495ae5	Alert rules for UPS	2021-01-22 12:16:36 +01:00
pz2891	40d3c22276	Setup config snmp for Prometheus, to monitore Aurore's PDU	2021-01-21 21:26:40 +01:00
otthorn	f0e3bd78c9	use command instead of shell when you don't need sh features (pipes, env, etc...)	2021-01-19 23:27:17 +01:00
otthorn	4a57dad8a6	use handlers	2021-01-19 23:19:25 +01:00
otthorn	facfe3c169	Attempt to fix ansible lint	2021-01-17 18:21:29 +01:00
otthorn	ee1726589a	Linter should pass now!	2021-01-17 17:06:59 +01:00
ynerant	0364006062	Install curl and net-tools by default ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-01-17 12:13:30 +01:00
ynerant	02e4e7d48f	Sort APT packages ... Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2021-01-17 12:12:53 +01:00
pz2891	078d141236	Add task to remove smartmontools of the VM	2021-01-08 22:43:18 +01:00
otthorn	07f9ee1fbb	yes -> true to please yaml linter (truthy)	2021-01-07 11:21:53 +01:00
pz2891	37e3fe2231	Add ldap replica rives	2020-11-09 18:53:47 +01:00
pz2891	b232d6b40b	Renommage re2o_service en re2o-service	2020-11-09 18:10:34 +01:00
chirac	8bf080dbf7	Fix radius permission bug	2020-11-08 18:50:38 +01:00
chirac	5b56f9cfc9	Revert "Use command instead of shell" ... This reverts commit 0f9169284f.	2020-11-08 18:13:21 +01:00
Yohann D'ANELLO	24ab53675a	Automatically renew certificates if a new domain was added	2020-11-04 23:58:27 +01:00
Yohann D'ANELLO	03d48a2d82	Add possibility to configure port forwarding, like SSH for Gitea	2020-11-04 23:49:35 +01:00
Yohann D'ANELLO	ac7696c81f	User cerbot-nginx to create certificates	2020-11-04 23:07:51 +01:00
Yohann D'ANELLO	f9b7e052b9	Store reverse proxy data in proxy host vars	2020-11-04 22:38:54 +01:00
Yohann D'ANELLO	26427665f3	Fix indentation	2020-11-04 20:11:31 +01:00
Yohann D'ANELLO	9505e87113	Use true instead of yes	2020-11-04 20:00:35 +01:00
Yohann D'ANELLO	0f9169284f	Use command instead of shell	2020-11-04 19:49:49 +01:00
Yohann D'ANELLO	4c8e05e08f	Use underscore instead of dashes	2020-11-04 19:36:40 +01:00
Yohann D'ANELLO	9b8dee098e	Always set file permissions	2020-11-04 19:31:50 +01:00
Yohann D'ANELLO	3c405db661	Add Drone	2020-11-04 00:29:31 +01:00
Yohann D'ANELLO	2a6c005190	Replace ansible_header by ansible_managed	2020-11-03 23:29:30 +01:00
chirac	518560b392	Add new ldap replica at ovh	2020-11-03 14:21:26 +01:00
chirac	a213e18d9c	Update Ldap priority	2020-11-02 17:25:38 +01:00
chirac	4a43c0f0db	Update re2o ip	2020-11-02 17:25:26 +01:00
jeltz	3d64f22c39	Modification du keepalive d'OpenSSHd. ... Les serveurs OpenSSH détectent désormais la déconnexion du client et peuvent terminer la session.	2020-10-24 19:12:35 +02:00
chirac	68f7fd5b59	Isc-dhcp-server config for banni/accueil vlans	2020-10-17 19:48:34 +02:00
chirac	0d7bfbd872	Create group for non pve physical server	2020-10-17 19:48:17 +02:00
Yohaï-Eliel BERREBY	8adf6b8105	add ipv6-edge-router role	2020-09-28 18:15:03 +02:00
chirac	ba2baa3020	Return routes now handled by keepalived	2020-09-27 13:55:56 +02:00
chirac	bba144ef14	Inverse les opérations de lecture/ecriture par defaut -> rw ... Ce fix corrige le problème des opérations d'écritures dans la bdd master remote, qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites. Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations d'écriture.	2020-09-19 14:02:53 +02:00
chirac	773f39cede	Fichier inutile	2020-09-16 21:04:10 +02:00
chirac	dac049f125	Tous les cron dhcp sont décalés de 2 minutes	2020-09-16 21:02:44 +02:00
Yohaï-Eliel BERREBY	91157d80c1	dhcp: run re2o service as root in cron / directly	2020-09-13 17:54:46 +02:00
Yohaï-Eliel BERREBY	6dd6168d2a	dhcp: upgrade role for dhcp-aurore-backup	2020-09-12 16:03:33 +02:00
Yohaï-Eliel BERREBY	9b07fc9001	dhcp: manage dhcp-aurore	2020-09-11 15:13:11 +02:00
chirac	26743b464d	Add Radius-aurore.adm.auro.re to ansible managed radius servers	2020-09-09 23:17:15 +02:00
chirac	53842e4c2f	Add ipv6 Radius AURORE address	2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY	e48425300a	Merge branch 'ansible-2.10' into master	2020-09-08 22:35:30 +02:00
Yohann D'ANELLO	5c46191389	Register camelot and gitea, make camelot accessible for everyone	2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY	646ebd3ba9	router: ansibilize routeur-aurore{,backup}	2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY	12b0bc91dc	radvd: cosmetic changes	2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY	b199c45d97	fix broken radius role ... Would crash if called from anything other than the nuke radius DBs playbook	2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY	af3c3dc132	enable radvd service	2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY	30e503458e	add ability to nuke radius DBs	2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY	e762091435	explain fe80::1 keepalived/radvd magic	2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY	de36a3bb95	announce IPv6 recursive resolver (untested)	2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY	3a8112bf0d	roll out (private) IPv6 on George Sand	2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY	361fd54414	keepalived: add IPv6 virtual route	2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY	2e6306b61e	radvd: advertise keepalived VIP	2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY	56808e4e60	wip: begin updating 'router' role for IPv6 ... pending: update virtual routes	2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY	194c19fbf3	fix wrong hardcoded email for keepalived monitoring	2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY	713c93ac44	update unbound role for IPv6	2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY	d54da8d2b9	add ipv6_base_prefix variable	2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY	f09b0906c6	radvd: fix wifi interface, comment out APs for now	2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY	a4841e6947	add radvd role, deploy in routers	2020-08-01 12:56:23 +02:00
Alexandre Iooss	c7c6e50dd9	Remove matrix mxisd	2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY	337906c6c0	add gs dhcp, dns, routing ... and add thor to inventory	2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY	fe62055cdd	radius: enable service, fix details	2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY	8ce63d14b6	radius: fix settings_local.py	2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY	99070ed5ef	radius: step 2 of deployment (WIP)	2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY	e2fa1964af	radius: change proxy.conf password, use vault ... and also actually template it... it wasn't being uploaded.	2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY	266b0dde6f	radius: initial setup	2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY	6d00e2733b	unbound: fix log rotation ... Was too frequent, now that we only log SERVFAILs. Rotate according to file size. Fix unbound-control binary path.	2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY	ba3aec348f	keepalived: deploy to fleming w/ proper password	2020-05-09 16:07:04 +02:00
Alexandre Iooss	9c226c680c	Certbot wildcard role	2020-05-09 12:54:38 +02:00
Alexandre Iooss	544498c81a	New reverse proxy role	2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY	dea4dda285	hosts: remove dhcp and recursive_dns groups ... Use patterns instead for now.	2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY	a4d0f051b6	dhcp: restart server on config update	2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY	223578eefa	keepalived: no ansible_managed ... Used to restart keepalived needlessly	2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY	4372b21976	dhcp: allow different router IP suffix ... This variable is only needed because we're in the process of deploying keepalived. For now it's only at EDC.	2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY	e58ee1c4b5	keepalived: initial config	2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY	fea73a13aa	aurore-firewall: correct backup router ip	2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY	8ba2de1698	aurore-firewall: fix repo address + branch	2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY	44be43e528	aurore-firewall: add config after cloning	2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY	c77ae7f4c3	aurore-firewall: initial setup ... group_vars: add apartment_block_id var dhcp: move vars to role	2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY	e4d428d1dc	unbound: change task order ... Seems to be necessary to restart unbound manually for some reason?...	2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY	4f224ee817	re2o-service: install Python dependencies	2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY	24a6063a91	baseconfig: fix resolv.conf	2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY	7c7abb6be5	baseconfig: set up /etc/resolv.conf	2020-05-07 12:53:59 +02:00
Alexandre IOOSS	81592fa986	Merge branch 'master' into 'aurore-dev' ... # Conflicts: # .gitignore # hosts # network.yml # proxmox.yml	2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY	a77b2c4f0f	unbound: fix MTU settings ... That was the root cause of all our DNSSEC issues. Now that this was fixed, we're not having these anymore, so the relaxed checks can be restored back to their original state.	2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY	aae7e0120a	unbound: drop verbosity but log SERVFAILs ... TODO: less frequent log rotation because of decreased log volume	2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY	c54e8f5d67	unbound: smarter logging ... - stop using journald, write to /var/log/unbound/ - set up frequent log rotation for the huge log files we are producing	2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY	1dca5d2259	unbound: use handlers ... Only restart unbound if the configuration was actually updated.	2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY	b94c62d710	unbound-control: no certificates for local use	2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY	3695a3d771	unbound: attempt to fix spurious blacklisting	2020-04-28 23:14:43 +02:00
Yohaï-Eliel BERREBY	b4482b6d3b	unbound: configure unbound-control	2020-04-28 20:21:47 +02:00
Yohaï-Eliel BERREBY	bac131791b	unbound: bump verbosity up to 3 ... Some users are having issues resolving *.auro.re domains from our network, and the bug does not show itself reliably. Increased verbosity should help us pinpoint its source.	2020-04-28 20:13:56 +02:00
Yohaï-Eliel BERREBY	ded5f38aec	unbound: name set_fact tasks	2020-04-18 17:36:25 +02:00
Yohaï-Eliel BERREBY	662452065f	dhcp: remove Cloudflare from backup DNS ... and rename variable, since these are not technically upstream DNS servers (unbound will ask the root servers, not these)	2020-04-18 17:06:38 +02:00
Yohaï-Eliel BERREBY	a0651d7703	unbound: bind to the right addresses on backup hosts	2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY	b57fa6e356	dhcp: use backup DNS servers too	2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY	22166bc69b	unbound: log to journalctl	2020-04-18 16:56:17 +02:00
Yohaï-Eliel BERREBY	1777d0e154	unbound: log to /var/log/unbound.log, errors only	2020-04-18 15:42:31 +02:00
Yohaï-Eliel BERREBY	7275ebda47	dhcp: ask clients to use our DNS servers	2020-04-18 15:39:32 +02:00
Yohaï-Eliel BERREBY	f05e92dc5e	unbound: remove unchecked configuration keys	2020-04-13 18:42:02 +02:00
Yohaï-Eliel BERREBY	b3712ed335	unbound: initial deployment	2020-04-13 18:41:12 +02:00