Hi On Wed, Nov 17, 2021 at 08:01:55AM -0300, Antonio Terceiro wrote: > For ci, we are working with the security team on testing embargoed > security updates, and for that we need a unique IP address, because it > will be added to an ACL on the security repository side.
You mean via https://security-master.debian.org/debian-security-buildd? > I would like the central server to have its unique public IPv4 address > for this. None of the IP addresses you can assign are actually stable. The best approximation comes in form of a complete IPv6 subnet, aka a /64 where only your stuff with security access runs. > > - IPv4 incoming will _not_ work with a public IP assigned to an > > instance, and > > - IPv4-only or (better) dual-stack network load balancers can be used > > for stuff like HTTP access for users. > This means that all incoming HTTP access has to go through the admins > first. Is there a way to do this without creating a bottleneck or a > SPoF? I have not decided how that should work. Actually I added the permissions required to manage load balancers. We can however also pre-create it and only let you decide where to route the traffic. Bastian -- Love sometimes expresses itself in sacrifice. -- Kirk, "Metamorphosis", stardate 3220.3
