CCCHH/ansible-infra
CCCHH/ansible-infra
3
2
Fork 0
Code Issues2 Pull requests Wiki Activity Actions
370 commits 3 branches 0 tags 5.2 MiB
Commit graph

370 commits

Author SHA1 Message Date
c6ristian
01c006ec22
grafana fix nginx ip allow list 2025-05-02 01:08:55 +02:00
c6ristian
58642620a1
IPv6 fix für metrics 2025-04-30 16:23:35 +02:00
c6ristian
0c9e3ccb87
fix switchup in prometheus.relabel 2025-04-30 15:07:26 +02:00
c6ristian
bd9e04eef8
metrics fux 2025-04-30 02:16:09 +02:00
c6ristian
e183f1a2c3
prometheus remote write with alloy using it 2025-04-30 01:11:17 +02:00
c6ristian
e21ff26f36
fix: alertmanager 
the message template now just give out simple string if the list of alerts is to long
 2025-04-28 23:02:13 +02:00
c6ristian
b0660deb71
fix: nginx role 
add defaults for nginx__deploy_htpasswds and nginx__htpasswds
 2025-04-28 22:23:11 +02:00
c6ristian
456117a789
adding loki 2025-04-28 20:31:55 +02:00
June
3548c1f4d6
restart ssh service instead of rebooting as this should be fine 
Active connections should survive a restart of the service and testing
also didn't show any issues.
 2025-04-25 02:01:29 +02:00
Stefan Bethke
9c57fca876 Also supply a dmoain for user content 2025-04-16 16:27:21 +02:00
Stefan Bethke
811b5832da Incread file upload limit to 1G (from 10MB) 2025-04-16 16:27:02 +02:00
c6ristian
77e1d3bc3e
keycloak: allow access form new IPv6 subnet at z9 2025-02-26 23:48:19 +01:00
June
6b80f5b52a
fix accidentally added personalized ansible_user by removing it 2025-02-23 23:51:58 +01:00
June
41ba73d7c3
dep._hyperv.(playb.): add deps step to vm template generation setup play 2025-02-23 23:26:36 +01:00
June
fd13e5341b
add thinkcccore0 to inventory and enable VM template gen. setup on it 2025-02-23 23:23:51 +01:00
June
ca16e3d55f
dep._hypervisor(playb.): introduce play for setting up vm template gen. 2025-02-23 22:42:58 +01:00
c6ristian
98972e39c4
keycloak(host): update to 26.1 & postgres to 15.12 2025-02-22 23:17:36 +01:00
June
fce4c2f73b
grafana(host): account in Prom. hyperv. disk alerts for longer backups 
Set duration for Prometheus hypervisor disk rw rate and hard disk io
alerts to 2h to account for the very long running (over 90m) backup job.
 2025-02-18 15:38:07 +01:00
June
0e4df5b590
nginx(role): make loop output manageable using loop_control label 2025-02-18 06:07:47 +01:00
June
9dba002f10
maintenance(playbook): simplify nginx repo setup and install task name 2025-02-18 05:48:52 +01:00
June
1ea63a19d3
maintenance(playbook): ensure docker repo and install before update 
As with ensuring the nginx repo setup and install on relevant hosts, do
the same for docker.
 2025-02-18 05:48:01 +01:00
June
7420ed6010
nginx(role): split up repo setup and install task lists to estab. conv. 
Split up repo setup and package installation after all to establish this
as a convention (its already done this way in the docker role and was
done this way in the nginx role before) to highlight that an external
repo is used.
 2025-02-18 05:43:39 +01:00
June
89f3e55eac
docker(role): use better naming 2025-02-18 05:35:45 +01:00
June
ce812fb006
docker(role): update README 
Document Debian 12 support, enhance wording, bring structure in line
with the READMEs of more modern roles and remove unnecessary sections.
 2025-02-18 05:33:30 +01:00
June
d62c070ccc
maintenance(playbook): fix playbook by using updated nginx role res. 2025-02-18 05:17:38 +01:00
June
07511ef723
grafana(host): remove decomissioned nix-box-june from Prometheus targets 2025-02-18 04:51:26 +01:00
June
5e5c980f14
check(playbook): print all held packages 2025-02-18 04:32:43 +01:00
June
34b9ee2fa4
nginx(role): simplify description in README 2025-02-18 04:32:43 +01:00
June
344dd78981
nginx(role): use better naming, wording and file structure 2025-02-18 04:32:43 +01:00
June
9b2ef55f86
nginx(role): remove unneces. "hosts" and "entry points" sec. from README 2025-02-18 04:32:43 +01:00
June
5809e4015f
nginx(role): add "logging" to the reserved configuration names 2025-02-18 04:32:43 +01:00
June
3d22f7ffae
nginx(role): document Debian 12 support 2025-02-18 04:32:43 +01:00
June
4adf39d969
nginx(role): document arguments in README for better discoverability 
Document the role arguments in the README instead of in the
argument_specs for better discoverability and readability.
 2025-02-18 04:32:43 +01:00
June
2e9f73b46b
nginx(role): simplify ensuring that gnupg is installed 
Also improve naming.
 2025-02-18 04:32:43 +01:00
June
df22074aeb
nginx(role): simplify installation by removing version spec 
We always just want the latest anyway and therefore don't use it, so no
need to keep the complexity introduced by that setting.
Also merge repo_setup and nginx_install task lists into one
nginx_install task list as keeping two files isn't necessary.
Finally improving naming a bit.
 2025-02-18 04:32:43 +01:00
June
172d6472bc
nginx(role): remove unnecessary apt-get update step 
The nginx package gets installed with "update_cache: true" afterwards
anyway, so the apt-get update step shouldn't be necessary.
 2025-02-18 04:32:43 +01:00
Dario
5dc2520ecd
eh22-wiki: configure custom eh22-theme 2025-02-17 22:26:17 +01:00
Dario
7271426502
dokuwiki: add option to checkout custom design repo 2025-02-17 22:20:25 +01:00
June
79012fb7f8
eh22-netbox: setup EH22 NetBox 2025-02-17 01:23:35 +01:00
June
496f122968
give ansible docker comp. cron jobs unique names to not overw. each oth. 
Give them unique names, so the latter doesn't overwrite the former.
Also make the task names nicer.
 2025-02-17 00:32:50 +01:00
Stefan Bethke
f0e345b15a Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra 2025-02-16 22:09:29 +01:00
Stefan Bethke
690ec9bebc Use distinct short code to avoid confusion with EH pretix 2025-02-16 22:09:27 +01:00
June
ff540126a1
add chaosknoten to hosts and new hypervisors group 
Also exclude that group from the tasks otherwise targeting all hosts.
 2025-02-16 02:34:14 +01:00
June
61cd5053d0
flatten inventories making them simpler 
Remove the child groups as we weren't using their functionality anyway.
Also remove the debian_11/12 host groups as they're not in use.
 2025-02-16 00:36:10 +01:00
June
4def1334d8
for non-verbose output hide user passwords in postgresql role 2025-02-15 20:06:55 +01:00
June
2ec1471d7f
netbox: move NetBox from NixOS to Ansible 
Also introduce netbox_hosts group for applying netbox role to multiple
hosts.
 2025-02-15 19:57:15 +01:00
June
09a8551c8a
add option to netbox role for custom pipeline code for OIDC mapping 
Add option to netbox role for ensuring custom pipeline code for OIDC
group and role mapping is either present or not.

The custom pipeline code is licensed under the Creative Commons: CC
BY-SA 4.0 license.

See:
https://github.com/goauthentik/authentik/blob/main/LICENSE
https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
https://docs.goauthentik.io/integrations/services/netbox/
5676b1a468
 2025-02-15 06:23:04 +01:00
June
dbb784e2bb
add license notice to README 
This is in preparation for extending that notice to point out code that
is licensed differently.
 2025-02-15 06:23:04 +01:00
June
783c36bcc1
add netbox role for ensuring netbox is deployed as specified 
The role takes over the deployment of netbox and its dependencies, while
still requiring the user to provide the netbox version, db password and
config as well as to set up a web server and handle stuff like creating
users, etc.
 2025-02-15 06:23:04 +01:00
June
9662995377
add postgresql role for ens. psql and opt. some dbs and users are set up 
Add postgresql role for ensuring postgresql is installed.
Furthermore the role optionally takes some basic configuration to ensure
databases with their owners and users are set up as specified.

This is a requirement for a new netbox role.
 2025-02-15 06:23:04 +01:00