Ansible Playbook for the Dark.Fail Onion Mirror Guidelines

Dark.Fail is a dual stack (clearnet + .onion) website whose stated purpose is “to compile a list of ‘official’ .onion links to serve as an anti phishing resource”.

To aid in their (and everyone’s) ability to confirm if a given .onion mirror is legitimate or not the Dark.Fail website has proposed the “Onion Mirror Guidelines”.

This blog post discusses the OMG and Ablative’s OMG Ansible role that is available on Ansible Galaxy.

Read more →

Onion Only IRCd - Part 1

Since the early days of QuakeNet I’ve always wanted to run an IRC server but I’ve never had a real reason to do so. With Ablative Hosting starting to gain traction I’ve found that some people don’t want to send an email to ask a question or get support. It seems I now have my reason.
Read more →

Automating BGP on OpenBSD with Ansible

BrassHornCommunications is 99% OpenBSD and in January Vultr announced support for OpenBSD virtual machines, not only that but they also support BGP peering from virtual machines! After earning some credit for writing the OpenBSD BGP guide I set about automating the BGP configuration of new VMs to use my IPs. Vultr allows IPv4 announcements as granular as a /32 but IPv6 is a minimum of /64, I allocated a /36 of IPv6 space and a /24 of IPv4 space and updated the RIPE route records for AS28715 to declare a ROUTE-SET specifically for Vultr;
Read more →

Automating LetsEncrypt Certificates and OpenBSD’s HTTPD using Ansible

My newest side project involves the configuration of OpenBSDs HTTPD(8) to serve a clients domain via plain HTTP and via TLS using an automatically provisioned LetsEncrypt certificate. The difficulty is that if we don’t have a certificate but we do have the config then httpd will fail to launch leaving the user in a worse situation than they were before. The answer is to use Ansible’s stat module and liberal use of Jinja IF statements.
Read more →