Stefan Bethke
f238182302
Pretix für Hackertours
2023-12-03 13:14:34 +01:00
Stefan Bethke
b94cb009ad
Config fuer lists dazu
2023-11-13 11:32:56 -05:00
Stefan Bethke
a9fac907d5
stbe darf von zuhause Keycloak admin
2023-11-13 11:32:56 -05:00
June
bb95923807
Add a role for deploying infrastructure authorized keys and use it
2023-11-11 00:23:20 +01:00
June
89f1b1b299
Remove call to send_only_mailserver role
2023-11-09 19:27:35 +01:00
June
7da6549727
Remove send_only_mailserver role, since its not needed anymore
2023-11-09 19:27:03 +01:00
June
b29eaba5f9
Remove hacky override for send-only-mailserver
2023-11-09 19:26:36 +01:00
June
66370eceda
Remove hacky override for send-only-mailserver
...
Remove it, since its not needed anymore.
2023-11-09 19:24:19 +01:00
June
6ae47b32f3
Configure new mailserver for Nextcloud
2023-11-09 19:16:45 +01:00
June
b6f316254f
Add Reverse Proxy config for spaceapi.hamburg.ccc.de
2023-11-05 00:57:36 +01:00
yuri
6a023f5433
Remove esphome host and role since it has been migrated to NixOS
2023-11-04 22:46:01 +01:00
June
ed74a88734
Domains don't work (anymore?), so just use IPs
2023-10-28 02:14:44 +02:00
June
95d5ed2ca9
Add Reverse Proxy config for next.hamburg.ccc.de
2023-10-25 02:19:53 +02:00
June
d99874935f
comment out another instance of non-working code
2023-10-23 21:40:46 +02:00
June
16a5d35fb0
comment out non-working code
2023-10-23 21:40:03 +02:00
christian
26181f7759
Add Redirect on id.hamburg.ccc.de to the account management page
2023-10-23 21:16:32 +02:00
June
505a2ba9f9
Add Public-Reverse-Proxy configuration for new branding-resources site
2023-10-07 05:17:25 +02:00
June
3828b8d500
Add Public-Reverse-Proxy configuration for new Element Web hosting
2023-10-07 05:17:01 +02:00
June
9b6d909d11
Add Public-Reverse-Proxy configuration for new Matrix server
2023-10-06 05:06:56 +02:00
June
856cc74d90
Make Public-Reverse-Proxy handle IPv6
2023-10-06 05:06:15 +02:00
June
ce75ba0f70
Fix smtpd.conf. listen on 127.0.0.1 and 0.0.0.0 doesn't work
2023-09-25 20:12:13 +02:00
June
718b6906c5
Allow uploading of stl files to dokuwiki
2023-09-25 18:29:06 +02:00
June
2b1a2c599b
Add link to dokuwiki docs on uploadsize
2023-09-25 18:22:31 +02:00
June
7468b4d8f6
Fix OpenSMTPD annoyingness
...
Co-authored-by: yuri <yuri@nekover.se>
2023-09-25 03:03:14 +02:00
June
fdae96fbc1
Migrate to NixOS: Remove Z9 Audio host from this repo
2023-09-25 02:59:41 +02:00
June
b295690ad5
Add playbook and accompanying role for doing maintenance
2023-09-25 02:57:30 +02:00
June
de97436706
Migrate to NixOS: Remove Z9 Public-Reverse-Proxy host from this repo
2023-09-25 02:48:56 +02:00
June
c5eae99a7f
Add reverse proxy configuration for netbox
2023-09-21 19:13:56 +02:00
jtbx
804becdd31
Wiki: Fix oauth, create role from playbook
2023-09-15 22:06:46 +02:00
June
73db1dd077
Introduce onlyoffice
2023-08-27 20:02:53 +02:00
June
c2964e1707
Remove note regarding encryption and add link to wiki
2023-08-25 22:48:56 +02:00
June
62b4f93218
Introduce Nextcloud role and deploy Cloud on Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-25 20:50:46 +02:00
June
112f1990b9
Introduce Uptime-Kuma
2023-08-12 01:47:55 +02:00
June
69621e3d7f
Add cursed override for the aes as well :S
2023-08-11 02:17:30 +02:00
June
12a1e5dc22
Move Engelsystem MAIL_PASSWORD secret to appropriate place
2023-08-11 02:05:40 +02:00
June
dd5e37fb68
Add restart: unless-stopped to Engelsystem compose
2023-08-11 02:05:20 +02:00
June
d16da59fd7
Migrate Wiki from ThinkCCCluster to Chaosknoten
...
Also do the redirect for DNS cache stuff like with aes.
2023-08-11 01:59:34 +02:00
June
d256082221
Proxy AES in Club to new location for cached DNS records
...
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
2023-08-11 00:55:47 +02:00
June
dc89d33e33
Remove acme challenge entry for aes.ccchh.net
2023-08-11 00:42:05 +02:00
June
373b219031
Migrate Engelsystem from ThinkCCCluster to Chaosknoten
2023-08-11 00:39:55 +02:00
June
993e2f2b81
Hotfix to make mail work (dang, mail is now even more cursed)
...
This entire mail setup is really cursed and needs to be re-done.
2023-08-10 03:17:03 +02:00
June
cc70903f52
Migrate Keycloak from ccchh.net to hamburg.ccc.de
2023-08-08 01:18:44 +02:00
June
09e0c710af
Migrate Keycloak from ThinkCCCluster onto Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-07 23:33:15 +02:00
Stefan Bethke
099bbe0e66
Nextcloud-Config weiter entwickeln
2023-08-05 18:59:58 +02:00
Stefan Bethke
dff8f0ee8b
pad (HedgeDoc) und cloud (NextCloud) dazu
...
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
2023-08-05 17:23:49 +02:00
June
06233d22d5
Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten
2023-08-04 14:06:37 +02:00
June
2825c5089f
Use new secrets path for z9 vm-secrets
2023-08-04 13:53:22 +02:00
June
3d238d9f63
Move z9-host-specific configs and templates into z9 subdirectories
2023-08-04 13:41:00 +02:00
June
4d12d802b8
Add link to relevant wiki page to certbot role README
2023-08-03 05:07:36 +02:00
June
96e9cdb0dc
Add relevant entry for HTTP challenge on PBS
2023-08-03 05:04:13 +02:00
June
3b3c628492
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs
2023-08-03 04:15:03 +02:00
June
48f9a2f901
Deploy certs for aes.ccchh.net using certbot role
...
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
June
542211ca25
Deploy certs for esphome.ccchh.net using certbot role
2023-08-02 23:27:40 +02:00
June
6ac4bf8240
Deploy certs for wiki.ccchh.net using certbot role
...
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
June
6651f4568d
Deploy certs for keycloak-admin and id.ccchh.net using certbot role
2023-08-02 23:07:21 +02:00
June
154a7dfa02
Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
...
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
June
f0c5c2b265
Convert certbot role to use standalone instead of webroot
...
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
June
5341f9dfba
Add role for deploying certbot and setting up certificate using it
2023-08-02 20:47:22 +02:00
Dario
59520b4db6
AES: disable goodies and vouchers
2023-07-30 16:13:49 +02:00
Dario
b89789c37a
fix aes contact email
2023-07-30 15:36:25 +02:00
June
317c822ab5
Combine playbooks for indiviual hosts into one playbook
...
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
June
c9dee93874
Deploy ssh server config on keycloak VM
2023-07-30 05:51:40 +02:00
June
c6926b0a0f
Remove incorrect check from deploy_ssh_server_config role
2023-07-30 05:49:46 +02:00
June
c2a183c013
Add missing "become: true"
2023-07-30 05:25:43 +02:00
June
2efdfcad6d
Setup repo pin. to ensure nginx package gets installed from NGINX repos
2023-07-30 05:19:22 +02:00
June
38fc33ce70
Don't use apt-key anymore, since it's deprecated
2023-07-30 01:21:43 +02:00
jtbx
efc72f70f6
audiopi: Update role
2023-07-30 01:04:25 +02:00
June
8a2c2769c8
Use new secrets path, bc of noc pass store merge into general store
2023-07-29 23:15:00 +02:00
June
23deedf0d6
Update deploy_ssh_server_config role for Debian 12 support
2023-07-29 20:17:22 +02:00
June
f62135e263
Don't reference obsolete secret env files
2023-07-29 01:47:21 +02:00
June
a12b38b284
Provide secrets for engelsystem VM from pass
2023-07-29 01:46:30 +02:00
June
69edb75112
Use correct variable for initial config in zigbee2mqtt role
2023-07-29 01:16:49 +02:00
June
51c1b667f4
Provide secrets for keycloak VM from pass
2023-07-29 00:59:01 +02:00
Dario
c3fc040751
AES: patch code and l10n to add train drivers license
2023-07-28 23:59:02 +02:00
June
727cd0bc74
Bump Keycloak to 22.0
2023-07-28 23:16:46 +02:00
June
2f7e3ae893
Build on docker compose up as well
2023-07-28 23:16:27 +02:00
yuri
18990b3b5f
Bump zigbee2mqtt to 1.32.1
2023-07-27 18:26:47 +02:00
yuri
1570b0c04e
Bump esphome to 2023.7.0
2023-07-27 18:22:58 +02:00
jtbx
d5285a3fd2
deploy an engelsystem named AES
2023-07-09 01:57:55 +02:00
June
b536e5c2fb
Fix: Add necessary becomes
2023-07-09 00:26:20 +02:00
jtbx
b2e9c22821
cert, nginx: Update for debian 12
2023-07-09 00:03:38 +02:00
jtbx
67483ece20
docker roles: Support debian 12
2023-07-08 23:47:04 +02:00
June
82b64e24c6
Fix variable name
...
Thanks jtbx for pointing that out!
2023-07-08 23:41:12 +02:00
June
8bc60e42a8
Extend distribution_check role to account for Ansible changes reg. facts
...
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
2023-07-08 19:58:02 +02:00
June
0c62a8f3e0
Add role for deploying SSH config and also add mailserver-endpoint host
2023-06-06 23:37:42 +02:00
June
ebfa591484
Use larger buf. size to fix 502s sometimes occur. when going through PVE
2023-05-26 03:27:56 +02:00
June
55506a003a
Make Rspamd configs world-readable
2023-05-26 03:27:56 +02:00
Dario
e37d84c60d
clean up foobazdmx role
...
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
2023-05-21 15:12:42 +02:00
yuri
2d5f116ff3
Use access token with Reporter role for foobazdmx
2023-05-21 03:03:02 +02:00
yuri
da710bcf8f
Reduce maximum AirPlay volume for Audio Pi
2023-05-21 01:29:25 +02:00
Dario
a6db315138
Update foobazdmx repository url and release target
...
Update foobazdmx repository url in foobazdmx role to main repo.
Change commit to be checked out by ansible to latest commit on main.
2023-05-20 22:58:24 +02:00
yuri
544abc1c27
Rename automation host to mqtt
2023-05-10 18:02:10 +02:00
yuri
33d1cfca1f
Move become: true into esphome role
...
Move become: true into zigbee2mqtt role
Remove become: true from deploy_public_reverse_proxy playbook
Remove become: true from deploy_dokuwiki playbook
Move become: true from deploy_audio_pi and deploy_light playbooks into roles
Remove become: true from deploy_keycloak playbook
Move become: true from deploy_automation playbook to mosquitto role
2023-05-10 18:02:10 +02:00
June
b56ca3899d
Add send_only_mailserver
role and deploy Send-Only-Mailserver with it
...
Co-authored-by: yuri <yuri@nekover.se>
2023-05-09 23:01:57 +02:00
June
f4a79fb4e2
Make it possible to set custom permissions for certificate files
...
This is in preparation for a role using OpenSMTPD.
2023-05-09 22:07:44 +02:00
yuri
78023f5198
Use cert role to deploy a valid certificate for esphome.ccchh.net
2023-05-09 21:02:32 +02:00
yuri
ca3a30360f
Use cert role to deploy a valid certificate for zigbee2mqtt.ccchh.net
2023-05-09 17:24:20 +02:00
yuri
1cd0700cf5
Fix filename for include_tasks
2023-05-09 17:20:24 +02:00
yuri
9dc77ad5a5
Only deploy zigbee2mqtt config when it doesn't exist
2023-05-09 14:39:50 +02:00
yuri
1bcb77961b
Use the .yaml file extension for all YAML files
2023-05-08 19:55:08 +02:00
julian
9d0697f0d0
Use PROXY Protocol for Keycloak
2023-05-05 00:00:48 +02:00
Jannik Beyerstedt
7710bf384d
Keycloak: Fix restart condition
2023-05-04 23:39:51 +02:00
julian
2dc4b6f5fd
Add keycloak
2023-05-02 06:12:56 +02:00
julian
91274de823
Add my docker
and docker_compose
role
...
Do this in preparation for the keycloak deployment.
2023-05-01 01:45:15 +02:00
julian
d4d2e973a1
Get certificate for wiki using cert
role
2023-05-01 00:22:05 +02:00
julian
1a0636307b
Use Certbot naming for certificate files
2023-05-01 00:18:59 +02:00
julian
aac049efb2
Use BIND 9 server instead of Cloudfl. for DNS-01 challenge via nsupdate
...
Co-authored-by: Jannik Beyerstedt <code@jannikbeyerstedt.de>
2023-04-27 23:38:14 +02:00
julian
4814ea8bda
Use one ACME account key per host
...
This is nicer for us, since this avoids sharing a secret.
Also put certificate directories in `certs` sub-directory for better
organization.
2023-04-25 18:03:59 +02:00
julian
f9c51842fd
Make use of become
in role
2023-04-25 17:13:10 +02:00
julian
6e9d07b6f6
Add some spacing between tasks
2023-04-25 16:59:02 +02:00
julian
f8d89c9742
Use /etc/ansible_certs
instead of /certs
directory
2023-04-25 16:57:34 +02:00
yuri
c407f93b0a
Add initial cert role
2023-04-25 13:49:45 +02:00
julian
9670b6494c
Make the wiki publicly accessible and configure nginxs to give it https
2023-04-16 01:41:29 +02:00
Jannik Beyerstedt
d3842f6b87
Add dokuwiki VM
2023-04-16 01:41:15 +02:00
yuri
79953d3463
Fix esphome task name
2023-04-15 18:22:37 +02:00
julian
65ac14c18b
Use nginx role with custom nginx.conf
support
2023-04-15 18:13:22 +02:00
Jan Almeroth
b8f925e217
chore(mqtt): only import events, export statusses
2023-03-12 18:21:50 +01:00
julian
239b9b9689
Setup https for Light VM for light.ccchh.net
2023-01-12 23:36:57 +01:00
julian
f44e3f28b0
Add Public-Reverse-Proxy
2023-01-08 02:50:23 +01:00
yuri
2f2a4f262f
Only enable Bluetooth Audio Sink
2022-12-18 23:06:39 +01:00
yuri
8a54c0f58e
Fix wireplumber failing before reboot
2022-12-18 20:17:53 +01:00
yuri
96ac8de142
Add playbook and roles for Audio Pi
2022-12-18 04:36:53 +01:00
yuri
7a869f6330
Add nginx ESPHome config
2022-12-18 04:31:37 +01:00
yuri
926f9aa3a5
Make websockets and Web Serial work, set PATH variable in service file
2022-12-18 02:37:15 +01:00
yuri
51fd3367db
Add zigbee2mqtt role and playbook
2022-12-08 23:45:22 +01:00
yuri
e084462ae1
Add esphome role and playbook
2022-12-04 20:11:39 +01:00
yuri
75408d8926
Move variable to host_vars and use fully qualified lookup plugin name
2022-12-01 21:35:03 +01:00
yuri
7a93546616
Add mosquitto role and add playbook to deploy MQTT broker on automation.z9
2022-12-01 21:29:40 +01:00
yuri
59dc7a1d7d
Bump foobazdmx version
2022-11-22 20:44:41 +01:00
yuri
e74a50e873
Automate light server
...
Co-authored-by: J <j@jsts.xyz>
2022-11-17 23:30:52 +01:00
yuri
aefdd123a4
Add ola and foobazdmx role and add playbook for light.z9
2022-11-11 15:28:26 +01:00