Revision as of 08:33, 14 August 2018 by GuySoft (talk | contribs) (document etherpad and its https)
Jump to navigationJump to search

This contains a description of the network setup and any servers running.

Network Topology and Organization


Bezeq NGN 100Mbps/3Mbps via Bezeqint (username: telavivmakers@014)

Static WAN IP:

Also accessible via: (we also have proper reverse DNS records pointing back to that domain.)

(Phone line number is +972 3 5058210 but is blocked for PSTN usage. We are connected to a junction box on our floor, to port 90.)


TP-Link TL-WR4300 main router ( / 2001:470:7038:cOf3::1) serving DHCP on

PPPoE through Netgear VVG2000 VDSL gateway (configured by Bezeq in bridge mode only - it's just a fucking modem).



  • SSID TelAvivMakers in the clear (no encryption, use standard precautions)
  • 5Ghz is provided via TelAvivMakers-5Ghz
  • Paranoids can use the WPA-protected TelAvivMakers2 (with password international) but please don't expect your traffic to be private just because it's WPA.

Edimax BR-6428 ( located behind kitchen counter broadcasting on channel 6

TP-Link TL-WDR4300 located on router board (next to balcony) broadcasting on channel 11 and 5GHz on channel 36


Disabled until further notice.

Available through hurricane elctric tunnelbroker.

2001:470:7038::/48 TAMI prefix

2001:470:7038:cOf3::/64 TAMI LAN

2001:470:7038:cOf3::1 WN801ND main router

External Services

we have a few diffrent domains

    • DNS provider Amazon AWS
    • redirects to
    • DNS provider

Internal only services

Internal file server

FTP and big-ass file/media server - coming soon...

Network audio

Meeep - See SoundSetup


Using the attached USB dongle you can listen to any radio station with rtl_fm. A proper alias already exists in the .bashrc use syntax:

$ radio 106M   # 106FM
$ radio 91.8M  # galgalatz

The reception might not be so good, I still need to calibrate tuning errors and setup a nice antenna.

Network printer

There is a network connected Officejet 4500, tested with Windows XP and Fedora 19.

Network scanning

I installed sane and an xinetd service to provide network access to the scanner. However, the xeros_mfp driver of sane fails to detect the device and cheap fixes (adding the USB vendor/device ID) didn't work. Sorry.

Services (aka security holes)

StartSSLNotes - getting a certificate from the Eilat CA.

network camera

motion running on a TP-Link WR703n [1]


see SoundSetup
mpd is running on meeep (not mail.lan which is or mail.local, which also runs an FTP (NOT sftp) server on which the mp3 files are kept. Add to the music collection!)

to restart mpd (for instance to update the list of mp3's that you just uploaded) try updating the database using

mpc update

There is also a web interface for controlling the music played in the space on meeep:



A tor relay is configured and running

RIPE Atlas Probe

We host a RIPE Atlas probe, #18746, which is used for various internet health measurements.


We run our own instance at , installation instructions, InstallingMediaGoblin


(Not there yet) InstallingKolab


(Closer but no cigar)


Mail & Mailing lists

port 25 is now open for business on, or

We don't have anything there yet for anyone - it's all local accounts. Mail can be delivered outwardly, thanks to a SPF record:

$ dig txt | grep "ANSWER SECTION" -A1
;; ANSWER SECTION:		86384	IN	TXT	"v=spf1" "a" "mx" "-all"


  • mailman 2 instance at


  • mailman 3 + hyperkitty, to give it a forum interface too


  • librelist - not sure why I would prefer it yet.


  • how does it compare to google groups?
  • can we run them side by side? test run where we keep using google groups and having hyperkitty on the side, using the same script that needs to be written anyway to pull content from google groups.


Our setup will be at [], see Discourse

Mailman Howto

Using fedora package it's simpler:

  • yum install mailman (version 2, not the developed version 3)
  • /usr/share/doc/mailman-2.1.15/INSTALL.REDHAT

Google Groups - retrieving members and messages

There is no easy way to retrieve the messages so far.

To retrieve the member list:

  • as a group owner there should be a csv export option

Google Apps API:

And more

FTP setup

ftp mail.local or

Using vsftpd. Some settings required for renames and deletions to work:

  • anon_mkdir_write_enable=YES
  • anon_other_write_enable=YES

selinux notes: (man ftpd_selinux)

  • enable anonymous uploads:
    • setsebool -P ftpd_anon_write 1
  • set public things to public_content_rw_t
    • semanage fcontext -a -t public_content_rw_t "/media/ftp(/.*)?"
    • restorecon -F -R -v /media/ftp


Sage is a free open-source mathematics software system licensed under the GPL. It combines the power of many existing open-source packages into a common Python-based interface.

we have a sagemath instance running internally

mail.lan:8080 open to new user creation, not visible externally. (local ip is if name resolution fails)

We are running 5.13, it can be upgraded to 6.11 if there is a requirement for that.


There is an etherpad sitting as a systemctl service on tamitam server.

https for etherpad

There is a script at


which updates the certificate


our hitgub





previously called mail.


  • mediagoblin
  • yacy
  • ftp


  • installed RAID 1 array using two 2 TB WD disks. Slightly weird (read: dumb) config:
    • boot partition not on raid, swap neither.
    • mirrored boot partition and swap unused on second disk (could set up a non metadata RAID for them, see mdadm)
    • third primary partition is the raid partition, with it's own partition table (under the raid block device), with two partitions, root and data (not yet mounted, 100G/1.89T)
      • /dev/sdb{1,2,3} + /dev/sdc{1,2,3} (1+2 unused), sdb3+sdc3=md127, /dev/md127p{1,2} where md127p1=>/, md127p2=>unmounted
  • disabled nouveau_update_fan module (probable cause of SOFT LOCKUPS)
  • removed Vortex OCX SSD with problems (SMART failures, read failures)
  • Updated bios (use dok with freedos, labeled, on it)