Update ACLs to include equinix IP addresses

openstreetmap · Dec 17, 2024 · 3d2a0fd · 3d2a0fd
1 parent 6349917
commit 3d2a0fd
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 12 deletions.
diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
@@ -75,14 +75,22 @@
 <% @admins.sort.each do |address| -%>
     Require ip <%= address %>
 <% end -%>
-    # OSM Amsterdam IPv4
+    # OSM Amsterdam IPv4 (he.net)
     Require ip 184.104.179.128/27
-    # OSM Amsterdam IPv6
+    # OSM Amsterdam IPv4 (equinix)
+    Require ip 82.199.86.96/27
+    # OSM Amsterdam IPv6 (he.net)
     Require ip 2001:470:1:fa1::/64
-    # OSM Dublin IPv4
+    # OSM Amsterdam IPv6 (equinix)
+    # Require ip
+    # OSM Dublin IPv4 (he.net)
     Require ip 184.104.226.96/27
-    # OSM Dublin IPv6
+    # OSM Dublin IPv4 (equinix)
+    Require ip 87.252.214.96/27
+    # OSM Dublin IPv6 (he.net)
     Require ip 2001:470:1:b3b::/64
+    # OSM Dublin IPv6 (equinix)
+    Require ip 2001:4d78:fe03:1c::/64
     # OSM UCL IPv4
     Require ip 193.60.236.0/24
   </LocationMatch>

diff --git a/roles/backup.rb b/roles/backup.rb
@@ -16,11 +16,15 @@
         :hosts_allow => [
           "193.60.236.0/24",                     # ucl external
           "10.0.48.0/20",                        # amsterdam internal
-          "184.104.179.128/27",                  # amsterdam external
-          "2001:470:1:fa1::/64",                 # amsterdam external
+          "184.104.179.128/27",                  # amsterdam external (he.net)
+          "2001:470:1:fa1::/64",                 # amsterdam external (he.net)
+          "82.199.86.96/27",                     # amsterdam external (equinix)
+          # "/64",                                 # amsterdam external (equinix)
           "10.0.64.0/20",                        # dublin internal
-          "184.104.226.96/27",                   # dublin external
-          "2001:470:1:b3b::/64",                 # dublin external
+          "184.104.226.96/27",                   # dublin external (he.net)
+          "2001:470:1:b3b::/64",                 # dublin external (he.net)
+          "87.252.214.96/27",                    # dublin external (equinix)
+          "2001:4d78:fe03:1c::/64",              # dublin external (equinix)
           "10.0.32.0/20",                        # bytemark internal
           "89.16.162.16/28",                     # bytemark external
           "2001:41c9:2:d6::/64",                 # bytemark external
@@ -46,11 +50,15 @@
         :hosts_allow => [
           "193.60.236.0/24",          # ucl external
           "10.0.48.0/20",             # amsterdam internal
-          "184.104.179.128/27",       # amsterdam external
-          "2001:470:1:fa1::/64",      # amsterdam external
+          "184.104.179.128/27",       # amsterdam external (he.net)
+          "2001:470:1:fa1::/64",      # amsterdam external (he.net)
+          "82.199.86.96/27",          # amsterdam external (equinix)
+          # "/64",                     # amsterdam external (equinix)
           "10.0.64.0/20",             # dublin internal
-          "184.104.226.96/27",        # dublin external
-          "2001:470:1:b3b::/64",      # dublin external
+          "184.104.226.96/27",        # dublin external (he.net)
+          "2001:470:1:b3b::/64",      # dublin external (he.net)
+          "87.252.214.96/27",         # dublin external (equinix)
+          "2001:4d78:fe03:1c::/64",   # dublin external (equinix)
           "10.0.32.0/20",             # bytemark internal
           "89.16.162.16/28",          # bytemark external
           "2001:41c9:2:d6::/64",      # bytemark external