chiark / gitweb /
7 years agohosts.lisp, distorted.lisp: Set up `safe' subnet.
Mark Wooding [Mon, 12 Mar 2012 14:34:40 +0000 (14:34 +0000)]
hosts.lisp, distorted.lisp: Set up `safe' subnet.

Add interfaces on vampire and radius; move evolution to the new subnet.

7 years agozone.lisp: The `colo' net doesn't really exist as such.
Mark Wooding [Sun, 11 Mar 2012 04:58:39 +0000 (04:58 +0000)]
zone.lisp: The `colo' net doesn't really exist as such.

This is waiting on fender's guests and the VPN link being set up.

7 years agodistorted.lisp: Fix which network ranges are announced.
Mark Wooding [Sun, 11 Mar 2012 04:56:33 +0000 (04:56 +0000)]
distorted.lisp: Fix which network ranges are announced.

The `wired' net doesn't really exist as a coherent entity any more; and
the `unsafe', `untrusted' and `safe' networks are fairly well-defined,
really, so announce them properly.

7 years agodistorted.lisp: New role name `lpr'.
Mark Wooding [Sun, 11 Mar 2012 04:55:28 +0000 (04:55 +0000)]
distorted.lisp: New role name `lpr'.

7 years agohosts.lisp: Promote `safe' net.
Mark Wooding [Sat, 3 Mar 2012 20:29:31 +0000 (20:29 +0000)]
hosts.lisp: Promote `safe' net.

The firewall configuration already assumed that I'd done this, but I

7 years agohosts.lisp, distorted.lisp: Proper assignments for colocated servers.
Mark Wooding [Mon, 27 Feb 2012 21:45:41 +0000 (21:45 +0000)]
hosts.lisp, distorted.lisp: Proper assignments for colocated servers.

7 years agofelixpearce.lisp: A records for web service.
Mark Wooding [Tue, 8 Nov 2011 17:37:24 +0000 (17:37 +0000)]
felixpearce.lisp: A records for web service.

7 years agohosts.lisp, distorted.lisp: Separate address for anonymity services.
Mark Wooding [Mon, 3 Oct 2011 19:01:59 +0000 (20:01 +0100)]
hosts.lisp, distorted.lisp: Separate address for anonymity services.

With a little luck, this will prevent most arsey Tor-blocking services
from rejecting innocent traffic.

8 years agodistorted.lisp: Publish information about the Kerberos setup.
Mark Wooding [Tue, 6 Sep 2011 14:35:34 +0000 (15:35 +0100)]
distorted.lisp: Publish information about the Kerberos setup.

Not that there is one yet.

8 years ago*.lisp: Change comment conventions slightly.
Mark Wooding [Tue, 6 Sep 2011 10:00:41 +0000 (11:00 +0100)]
*.lisp: Change comment conventions slightly.

Remove the empty comments.

8 years agodistorted.lisp: Service name for rsync.
Mark Wooding [Sun, 4 Sep 2011 18:50:38 +0000 (19:50 +0100)]
distorted.lisp: Service name for rsync.

8 years agoNew domain:
Mark Wooding [Sun, 4 Sep 2011 18:50:19 +0000 (19:50 +0100)]
New domain:

8 years agodistorted.lisp: Remove the dynamic zones.
Mark Wooding [Tue, 19 Jul 2011 22:24:33 +0000 (23:24 +0100)]
distorted.lisp: Remove the dynamic zones.

I have to maintain them by hand anyway, so keeping them here is just

8 years agoMakefile: Installation rules.
Mark Wooding [Tue, 19 Jul 2011 20:45:39 +0000 (21:45 +0100)]
Makefile: Installation rules.

Primarily for zoneconf, though the hooks are pretty generic.

8 years agodistorted.lisp, harlequin.lisp, hosts.lisp: Reorgranization.
Mark Wooding [Tue, 19 Jul 2011 08:34:38 +0000 (09:34 +0100)]
distorted.lisp, harlequin.lisp, hosts.lisp: Reorgranization.

  * Move the distorted host definitions into hosts.lisp, because harlequin
    is still using raw hostnames which are being resolved.

  * Qualify all of the basic host definitions.

  * Move the name switch there too, and use unqualified hostnames to
    indicate view-dependent mappings.

  * Rename some of the networks, most obviously inet -> dmz.

8 years agoMakefile, distorted, harlequin: Rename `fretwank' to `internal'.
Mark Wooding [Sat, 18 Jun 2011 19:49:05 +0000 (20:49 +0100)]
Makefile, distorted, harlequin: Rename `fretwank' to `internal'.

I think the time has come to take things a little more seriously.

Naah, not really.  But I'll put on a good show.

8 years agodistorted.lisp: Remove pointless `@' in the top-level A record.
Mark Wooding [Sun, 17 Jul 2011 18:17:02 +0000 (19:17 +0100)]
distorted.lisp: Remove pointless `@' in the top-level A record.

8 years agoMakefile: Replace the m4 crock with a proper GNU Make crock.
Mark Wooding [Sat, 18 Jun 2011 19:59:20 +0000 (20:59 +0100)]
Makefile: Replace the m4 crock with a proper GNU Make crock.

The m4 was an unmaintainable pile of horribleness.  It needed
replacing.  The only question is: have I replaced it with something
even worse?

An important new feature of the Makefile is that we can be interested in
different zones in each view.  Previously, there was a list containing
the zones defined by the zoneset, and each view had to have the same
zones in it.  There's now a list ZONESET_all_ZONES containing zones
common to all views in a zoneset, but there's also a variable
ZONESET_VIEW_ZONES for the zones which are specific to each view.

We've also made the separation between preferred subnets and views
clearer.  Although we're still using the same names for both right now,
this will change soon.  There's now a list of preferred subnets for each
view, and the feature keyword has changed to :VIEW/name.

This is important because the new publication machinery will object if
we try to feed it zones which it doesn't know about.

We also drop the various dynamic zones from publication, because they
always had to be maintained manually anyway.

8 years agoMajor network reorganization.
Mark Wooding [Sun, 10 Jul 2011 21:16:57 +0000 (22:16 +0100)]
Major network reorganization.

There is now a new globally routable /28, used as a DMZ, and the
servers live on that as well as on the existing unsafe network (though
they've been renumbered).  This also means that all of the old NAT
cruft must be swept away.

Life is hard, unfortunately: guvnor is too stupid to have the same
address on multiple network interfaces, so we must assign it two
addresses in the DMZ.

8 years agohosts, distorted, harlequin: Drop boyle; adopt
Mark Wooding [Sat, 18 Jun 2011 19:43:42 +0000 (20:43 +0100)]
hosts, distorted, harlequin: Drop boyle; adopt

I've lost the ability to administer boyle's nameserver, so I can't rely
on it continuing to be a secondary server for these zones.  Remove it
from the list, and replace it with two of's
nameservers since they generously provide secondary name service for
domains they register.

8 years agodistorted.lisp: New CNAME records for DHCP hosts.
Mark Wooding [Sat, 11 Jun 2011 13:52:42 +0000 (14:52 +0100)]
distorted.lisp: New CNAME records for DHCP hosts.

8 years agodistorted.lisp: Reorganize services.
Mark Wooding [Thu, 9 Jun 2011 10:27:04 +0000 (11:27 +0100)]
distorted.lisp: Reorganize services.

  * Move metalzone's services to vampire's IP address.  I know vampire
    is still listening on metalzone's old address, but this seems more
    honest.  Some SSH clients might need tweaking as a result.

  * Announce ibanez as the new NTP master.  This is perhaps a little
    premature, but I want its guests syncing from it (to minimize
    network latency) and don't want to fiddle with the configuration

8 years agodistorted.lisp: Move ibanez into the unsafe net.
Mark Wooding [Tue, 7 Jun 2011 12:28:57 +0000 (13:28 +0100)]
distorted.lisp: Move ibanez into the unsafe net.

8 years agodistorted.lisp: A name for radius on the untrusted network.
Mark Wooding [Mon, 6 Jun 2011 10:21:07 +0000 (11:21 +0100)]
distorted.lisp: A name for radius on the untrusted network.

8 years agodistorted.lisp: Expose a name for vampire.
Mark Wooding [Mon, 6 Jun 2011 10:20:07 +0000 (11:20 +0100)]
distorted.lisp: Expose a name for vampire.

It's the same old NAT gateway, but what do you want?

8 years agoMerge branch 'master' of
Mark Wooding [Tue, 31 May 2011 12:29:29 +0000 (13:29 +0100)]
Merge branch 'master' of

* 'master' of
  Makefile.m4: Make the LaTeX documnt be optional.
  harlequin.lisp: Use the statically defined address for `guvnor'.
  distorted.lisp, harlequin.lisp: Use explicit filetype for `hosts.lisp'.

8 years agodistorted.lisp: Define addresses for all of the new machines.
Mark Wooding [Tue, 31 May 2011 09:24:12 +0000 (10:24 +0100)]
distorted.lisp: Define addresses for all of the new machines.

New feature: we have CNAME records for some of our regular DHCP

8 years agodistorted.lisp: Merge together some of the role address definitions.
Mark Wooding [Tue, 31 May 2011 09:22:29 +0000 (10:22 +0100)]
distorted.lisp: Merge together some of the role address definitions.

This way, it's slightly easier to see which servers are providing which
services, and moving roles between servers is a fairly simple kill-and-
yank operation.

8 years agodistorted.lisp: Full stops in section comments.
Mark Wooding [Tue, 31 May 2011 09:20:01 +0000 (10:20 +0100)]
distorted.lisp: Full stops in section comments.

8 years agoMakefile.m4: Make the LaTeX documnt be optional.
Mark Wooding [Sun, 22 May 2011 14:40:39 +0000 (15:40 +0100)]
Makefile.m4: Make the LaTeX documnt be optional.

8 years agoharlequin.lisp: Use the statically defined address for `guvnor'.
Mark Wooding [Sun, 22 May 2011 14:39:19 +0000 (15:39 +0100)]
harlequin.lisp: Use the statically defined address for `guvnor'.

This avoids exercising the resolver for what's anyway a locally defined
name, and also avoids stressing the local search rules.

8 years agodistorted.lisp, harlequin.lisp: Use explicit filetype for `hosts.lisp'.
Mark Wooding [Sun, 22 May 2011 14:36:52 +0000 (15:36 +0100)]
distorted.lisp, harlequin.lisp: Use explicit filetype for `hosts.lisp'.

For some reason, CLisp didn't like it without.

9 years agodistorted.lisp: New VPN host `terror'.
Mark Wooding [Fri, 7 May 2010 08:35:48 +0000 (09:35 +0100)]
distorted.lisp: New VPN host `terror'.

9 years agodistorted.lisp: Service name for published `i2p' service.
Mark Wooding [Sat, 17 Apr 2010 18:27:51 +0000 (19:27 +0100)]
distorted.lisp: Service name for published `i2p' service.

9 years agodistorted.lisp: Carve an iodine subnet out of `untrusted'.
Mark Wooding [Thu, 18 Feb 2010 09:35:50 +0000 (09:35 +0000)]
distorted.lisp: Carve an iodine subnet out of `untrusted'.

10 years agodistorted: Move news server to vampire.
Mark Wooding [Sat, 25 Jul 2009 17:15:09 +0000 (18:15 +0100)]
distorted: Move news server to vampire.

10 years agodistorted: Add a service name for the Tor onion router.
Mark Wooding [Mon, 12 Jan 2009 21:45:08 +0000 (21:45 +0000)]
distorted: Add a service name for the Tor onion router.

10 years agodistorted: Switch around the ntp servers.
Mark Wooding [Mon, 12 Jan 2009 21:44:23 +0000 (21:44 +0000)]
distorted: Switch around the ntp servers.

Now vampire is the primary.  Currently both are getting time directly
from upstream.

10 years agoharlequin: Fix zone source address.
Mark Wooding [Mon, 12 Jan 2009 21:43:40 +0000 (21:43 +0000)]
harlequin: Fix zone source address.

10 years agodistorted: Remove entry for evolution.fretwank.
Mark Wooding [Wed, 10 Dec 2008 09:41:22 +0000 (09:41 +0000)]
distorted: Remove entry for evolution.fretwank.

evolution now only exists on the untrusted network.

10 years agodistorted: Renumbering evolution.
Mark Wooding [Thu, 4 Dec 2008 14:19:25 +0000 (14:19 +0000)]
distorted: Renumbering evolution.

evolution is no longer the gateway to the untrusted net -- that's going
to be vampire now.  Accordingly, give vampire.untrusted the .1 address.

Eventually, evolution simply won't need to exist on the trusted net, but
that's overly annoying right now.  So its default name now corresponds
to its untrusted address, and the trusted .3 address will vanish later.

10 years agodistorted: Various changes.
Mark Wooding [Wed, 26 Nov 2008 21:27:23 +0000 (21:27 +0000)]
distorted: Various changes.

  * Merge the untrusted wired and wireless networks.  There's no longer
    any need for the wireless CIDR-delegation so delete it.

  * Assign vampire an address in the untrusted network.  This way it
    can provide a VPN endpoint without messing up the routing completely.

  * Assign crybaby a VPN address.

  * Expunge tubescreamer and fuzzface.

11 years agodistorted: Provide ITS with its own little network.
Mark Wooding [Thu, 3 Apr 2008 19:16:14 +0000 (20:16 +0100)]
distorted: Provide ITS with its own little network.

ITS doesn't understand point-to-point links (bless), so humour it and
give it a little four-host network.

Also make the source file prettier.

11 years agodistorted: Add service vox.
Mark Wooding [Mon, 17 Mar 2008 09:33:17 +0000 (09:33 +0000)]
distorted: Add service vox.

11 years agodistorted: Remove duplicate PTR for evolution.wireless.
Mark Wooding [Mon, 17 Mar 2008 09:32:59 +0000 (09:32 +0000)]
distorted: Remove duplicate PTR for evolution.wireless.

11 years agoharlequin: Rename blog site to `bindery'.
Mark Wooding [Sun, 16 Mar 2008 17:47:51 +0000 (17:47 +0000)]
harlequin: Rename blog site to `bindery'.

11 years agoharlequin: Add new service patchwork for blog.
Mark Wooding [Sun, 16 Mar 2008 15:46:31 +0000 (15:46 +0000)]
harlequin: Add new service patchwork for blog.

Alas, this involves adding harlequin to the split-horizon-doom-thing.

11 years agodistorted: Provide SRV records for various obvious things.
Mark Wooding [Sun, 16 Mar 2008 15:06:33 +0000 (15:06 +0000)]
distorted: Provide SRV records for various obvious things.

11 years agodistorted, Makefile: Introduce the wireless reverse zone.
Mark Wooding [Sun, 16 Mar 2008 15:04:44 +0000 (15:04 +0000)]
distorted, Makefile: Introduce the wireless reverse zone.

This is CIDR-delegated and set up for dynamic DNS population.

11 years agodistorted: Put NS glue in the reverse zones.
Mark Wooding [Sun, 16 Mar 2008 14:47:50 +0000 (14:47 +0000)]
distorted: Put NS glue in the reverse zones.

Rather than using the A records in the forward zones.  It keeps the
zone definitions simpler for a start.

12 years agoUpdate for chiark moving to new IP address.
Mark Wooding [Wed, 15 Aug 2007 07:59:30 +0000 (08:59 +0100)]
Update for chiark moving to new IP address.

12 years agoReformatting.
Mark Wooding [Wed, 15 Aug 2007 07:59:12 +0000 (08:59 +0100)]

12 years agoNew service names: wiki, db, ntp{,1}, and wpad.
Mark Wooding [Wed, 15 Aug 2007 07:58:32 +0000 (08:58 +0100)]
New service names: wiki, db, ntp{,1}, and wpad.

12 years agoAdd delegated reverse-zone for DHCP-allocated addresses.
Mark Wooding [Wed, 15 Aug 2007 07:57:11 +0000 (08:57 +0100)]
Add delegated reverse-zone for DHCP-allocated addresses.

12 years agodistorted: Move www-cache to vampire.
Mark Wooding [Tue, 26 Jun 2007 15:35:55 +0000 (16:35 +0100)]
distorted: Move www-cache to vampire.

12 years agoMerge branch 'origin' -- abandoned work
Mark Wooding [Mon, 25 Jun 2007 16:59:52 +0000 (17:59 +0100)]
Merge branch 'origin' -- abandoned work

* origin:
  doc: Predump format for faster TeXing.

12 years agodistorted: Different nameservers inside and out; add vampire.
Mark Wooding [Mon, 25 Jun 2007 14:44:52 +0000 (15:44 +0100)]
distorted: Different nameservers inside and out; add vampire.

Also make the build system pass feature flags on so that we can build
the nameserver lists properly.

12 years agoOverhaul for service role names and split-horizon craziness.
Mark Wooding [Fri, 15 Jun 2007 17:07:45 +0000 (18:07 +0100)]
Overhaul for service role names and split-horizon craziness.

To add to the fun, the Makefile is now m4-preprocessed.  Output files
are now written to subdirectories.

12 years agoRename zone definition files.
Mark Wooding [Fri, 15 Jun 2007 16:25:46 +0000 (17:25 +0100)]
Rename zone definition files.

Since a definition file can produce a number of zones, it seems silly to
name them after a single zone.

12 years New domain.
Mark Wooding [Fri, 15 Jun 2007 16:25:27 +0000 (17:25 +0100)] New domain.

12 years Delete obsolete domain.
Mark Wooding [Fri, 15 Jun 2007 16:24:53 +0000 (17:24 +0100)] Delete obsolete domain.

12 years agoMerge branch 'master' of git+ssh://
Mark Wooding [Sat, 23 Dec 2006 14:57:20 +0000 (14:57 +0000)]
Merge branch 'master' of git+ssh://

12 years agodoc: Predump format for faster TeXing.
Mark Wooding [Sat, 23 Dec 2006 14:57:07 +0000 (14:57 +0000)]
doc: Predump format for faster TeXing.

12 years agoUpdate for Demon IP-address change.
Mark Wooding [Sat, 23 Dec 2006 14:41:09 +0000 (14:41 +0000)]
Update for Demon IP-address change.

13 years Dynamically allocate IP addresses and use names.
Mark Wooding [Sun, 23 Apr 2006 16:07:19 +0000 (17:07 +0100)] Dynamically allocate IP addresses and use names.

This removes address allocation from the zone specification, and means
that the network description, with all the hostnames and addresses, can
live somewhere else in the future.

13 years agoMakefile: Run `zone' without runlisp; print zones being installed.
Mark Wooding [Sun, 23 Apr 2006 16:05:46 +0000 (17:05 +0100)]
Makefile: Run `zone' without runlisp; print zones being installed.

13 years Fix formatting.
Mark Wooding [Thu, 20 Apr 2006 16:34:31 +0000 (17:34 +0100)] Fix formatting.

13 years agoInitial import.
Mark Wooding [Thu, 20 Apr 2006 16:27:15 +0000 (17:27 +0100)]
Initial import.