CCCHH/ansible-infra
CCCHH/ansible-infra
3
0
Fork 0
Code Issues 4 Pull requests Wiki Activity
275 commits 3 branches 0 tags 1.6 MiB
Commit graph

236 commits

Author SHA1 Message Date
Stefan Bethke 3cb72d8b81 enforce https 2023-12-10 14:03:53 +01:00
Stefan Bethke 9f4d1464bd add de & en path prefixes for websdite 2023-12-10 00:29:49 +01:00
Stefan Bethke ab429df4dd Add Zammad 2023-12-09 12:28:28 +01:00
Stefan Bethke 53ba5b9561 Website dazu 2023-12-07 23:54:22 +01:00
Stefan Bethke e630ffdf46 Small fixes 
* fix ACME setup
* use correct port number
* use correct email sender
 2023-12-03 20:34:31 +01:00
Stefan Bethke f238182302 Pretix für Hackertours 2023-12-03 13:14:34 +01:00
Stefan Bethke b94cb009ad Config fuer lists dazu 2023-11-13 11:32:56 -05:00
Stefan Bethke a9fac907d5 stbe darf von zuhause Keycloak admin 2023-11-13 11:32:56 -05:00
June bb95923807 Add a role for deploying infrastructure authorized keys and use it 2023-11-11 00:23:20 +01:00
June 89f1b1b299 Remove call to send_only_mailserver role 2023-11-09 19:27:35 +01:00
June 7da6549727 Remove send_only_mailserver role, since its not needed anymore 2023-11-09 19:27:03 +01:00
June b29eaba5f9 Remove hacky override for send-only-mailserver 2023-11-09 19:26:36 +01:00
June 66370eceda Remove hacky override for send-only-mailserver 
Remove it, since its not needed anymore.
 2023-11-09 19:24:19 +01:00
June 6ae47b32f3 Configure new mailserver for Nextcloud 2023-11-09 19:16:45 +01:00
June b6f316254f Add Reverse Proxy config for spaceapi.hamburg.ccc.de 2023-11-05 00:57:36 +01:00
yuri 6a023f5433
Remove esphome host and role since it has been migrated to NixOS 2023-11-04 22:46:01 +01:00
June ed74a88734 Domains don't work (anymore?), so just use IPs 2023-10-28 02:14:44 +02:00
June 95d5ed2ca9 Add Reverse Proxy config for next.hamburg.ccc.de 2023-10-25 02:19:53 +02:00
June d99874935f comment out another instance of non-working code 2023-10-23 21:40:46 +02:00
June 16a5d35fb0 comment out non-working code 2023-10-23 21:40:03 +02:00
christian 26181f7759
Add Redirect on id.hamburg.ccc.de to the account management page 2023-10-23 21:16:32 +02:00
June 505a2ba9f9 Add Public-Reverse-Proxy configuration for new branding-resources site 2023-10-07 05:17:25 +02:00
June 3828b8d500 Add Public-Reverse-Proxy configuration for new Element Web hosting 2023-10-07 05:17:01 +02:00
June 9b6d909d11 Add Public-Reverse-Proxy configuration for new Matrix server 2023-10-06 05:06:56 +02:00
June 856cc74d90 Make Public-Reverse-Proxy handle IPv6 2023-10-06 05:06:15 +02:00
June ce75ba0f70 Fix smtpd.conf. listen on 127.0.0.1 and 0.0.0.0 doesn't work 2023-09-25 20:12:13 +02:00
June 718b6906c5 Allow uploading of stl files to dokuwiki 2023-09-25 18:29:06 +02:00
June 2b1a2c599b Add link to dokuwiki docs on uploadsize 2023-09-25 18:22:31 +02:00
June 7468b4d8f6 Fix OpenSMTPD annoyingness 
Co-authored-by: yuri <yuri@nekover.se>
 2023-09-25 03:03:14 +02:00
June fdae96fbc1 Migrate to NixOS: Remove Z9 Audio host from this repo 2023-09-25 02:59:41 +02:00
June b295690ad5 Add playbook and accompanying role for doing maintenance 2023-09-25 02:57:30 +02:00
June de97436706 Migrate to NixOS: Remove Z9 Public-Reverse-Proxy host from this repo 2023-09-25 02:48:56 +02:00
June c5eae99a7f Add reverse proxy configuration for netbox 2023-09-21 19:13:56 +02:00
jtbx 804becdd31 Wiki: Fix oauth, create role from playbook 2023-09-15 22:06:46 +02:00
June 73db1dd077 Introduce onlyoffice 2023-08-27 20:02:53 +02:00
June c2964e1707 Remove note regarding encryption and add link to wiki 2023-08-25 22:48:56 +02:00
June 62b4f93218 Introduce Nextcloud role and deploy Cloud on Chaosknoten 
Co-authored-by: Max <max@mlem.cloud>
 2023-08-25 20:50:46 +02:00
June 112f1990b9 Introduce Uptime-Kuma 2023-08-12 01:47:55 +02:00
June 69621e3d7f Add cursed override for the aes as well :S 2023-08-11 02:17:30 +02:00
June 12a1e5dc22 Move Engelsystem MAIL_PASSWORD secret to appropriate place 2023-08-11 02:05:40 +02:00
June dd5e37fb68 Add restart: unless-stopped to Engelsystem compose 2023-08-11 02:05:20 +02:00
June d16da59fd7 Migrate Wiki from ThinkCCCluster to Chaosknoten 
Also do the redirect for DNS cache stuff like with aes.
 2023-08-11 01:59:34 +02:00
June d256082221 Proxy AES in Club to new location for cached DNS records 
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
 2023-08-11 00:55:47 +02:00
June dc89d33e33 Remove acme challenge entry for aes.ccchh.net 2023-08-11 00:42:05 +02:00
June 373b219031 Migrate Engelsystem from ThinkCCCluster to Chaosknoten 2023-08-11 00:39:55 +02:00
June 993e2f2b81 Hotfix to make mail work (dang, mail is now even more cursed) 
This entire mail setup is really cursed and needs to be re-done.
 2023-08-10 03:17:03 +02:00
June cc70903f52 Migrate Keycloak from ccchh.net to hamburg.ccc.de 2023-08-08 01:18:44 +02:00
June 09e0c710af Migrate Keycloak from ThinkCCCluster onto Chaosknoten 
Co-authored-by: Max <max@mlem.cloud>
 2023-08-07 23:33:15 +02:00
Stefan Bethke 099bbe0e66 Nextcloud-Config weiter entwickeln 2023-08-05 18:59:58 +02:00
Stefan Bethke dff8f0ee8b pad (HedgeDoc) und cloud (NextCloud) dazu 
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
 2023-08-05 17:23:49 +02:00
June 06233d22d5 Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten 2023-08-04 14:06:37 +02:00
June 2825c5089f Use new secrets path for z9 vm-secrets 2023-08-04 13:53:22 +02:00
June 3d238d9f63 Move z9-host-specific configs and templates into z9 subdirectories 2023-08-04 13:41:00 +02:00
June 4d12d802b8 Add link to relevant wiki page to certbot role README 2023-08-03 05:07:36 +02:00
June 96e9cdb0dc Add relevant entry for HTTP challenge on PBS 2023-08-03 05:04:13 +02:00
June 3b3c628492 Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs 2023-08-03 04:15:03 +02:00
June 48f9a2f901 Deploy certs for aes.ccchh.net using certbot role 
Also clean up NGINX configuration a bit.
 2023-08-02 23:40:36 +02:00
June 542211ca25 Deploy certs for esphome.ccchh.net using certbot role 2023-08-02 23:27:40 +02:00
June 6ac4bf8240 Deploy certs for wiki.ccchh.net using certbot role 
Also clean up NGINX configurations.
 2023-08-02 23:17:31 +02:00
June 6651f4568d Deploy certs for keycloak-admin and id.ccchh.net using certbot role 2023-08-02 23:07:21 +02:00
June 154a7dfa02 Deploy certs for zigbee2mqtt.ccchh.net using new certbot role 
Also add certbot role to deploy.yaml playbook and add accompanying
group.
 2023-08-02 22:53:37 +02:00
June f0c5c2b265 Convert certbot role to use standalone instead of webroot 
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
 2023-08-02 22:46:01 +02:00
June 5341f9dfba Add role for deploying certbot and setting up certificate using it 2023-08-02 20:47:22 +02:00
Dario 59520b4db6
AES: disable goodies and vouchers 2023-07-30 16:13:49 +02:00
Dario b89789c37a
fix aes contact email 2023-07-30 15:36:25 +02:00
June 317c822ab5 Combine playbooks for indiviual hosts into one playbook 
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
 2023-07-30 06:57:30 +02:00
June c9dee93874 Deploy ssh server config on keycloak VM 2023-07-30 05:51:40 +02:00
June c6926b0a0f Remove incorrect check from deploy_ssh_server_config role 2023-07-30 05:49:46 +02:00
June c2a183c013 Add missing "become: true" 2023-07-30 05:25:43 +02:00
June 2efdfcad6d Setup repo pin. to ensure nginx package gets installed from NGINX repos 2023-07-30 05:19:22 +02:00
June 38fc33ce70 Don't use apt-key anymore, since it's deprecated 2023-07-30 01:21:43 +02:00
jtbx efc72f70f6 audiopi: Update role 2023-07-30 01:04:25 +02:00
June 8a2c2769c8 Use new secrets path, bc of noc pass store merge into general store 2023-07-29 23:15:00 +02:00
June 23deedf0d6 Update deploy_ssh_server_config role for Debian 12 support 2023-07-29 20:17:22 +02:00
June f62135e263 Don't reference obsolete secret env files 2023-07-29 01:47:21 +02:00
June a12b38b284 Provide secrets for engelsystem VM from pass 2023-07-29 01:46:30 +02:00
June 69edb75112 Use correct variable for initial config in zigbee2mqtt role 2023-07-29 01:16:49 +02:00
June 51c1b667f4 Provide secrets for keycloak VM from pass 2023-07-29 00:59:01 +02:00
Dario c3fc040751
AES: patch code and l10n to add train drivers license 2023-07-28 23:59:02 +02:00
June 727cd0bc74 Bump Keycloak to 22.0 2023-07-28 23:16:46 +02:00
June 2f7e3ae893 Build on docker compose up as well 2023-07-28 23:16:27 +02:00
yuri 18990b3b5f
Bump zigbee2mqtt to 1.32.1 2023-07-27 18:26:47 +02:00
yuri 1570b0c04e
Bump esphome to 2023.7.0 2023-07-27 18:22:58 +02:00
jtbx d5285a3fd2 deploy an engelsystem named AES 2023-07-09 01:57:55 +02:00
June b536e5c2fb Fix: Add necessary becomes 2023-07-09 00:26:20 +02:00
jtbx b2e9c22821 cert, nginx: Update for debian 12 2023-07-09 00:03:38 +02:00
jtbx 67483ece20 docker roles: Support debian 12 2023-07-08 23:47:04 +02:00
June 82b64e24c6 Fix variable name 
Thanks jtbx for pointing that out!
 2023-07-08 23:41:12 +02:00
June 8bc60e42a8 Extend distribution_check role to account for Ansible changes reg. facts 
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
 2023-07-08 19:58:02 +02:00
June 0c62a8f3e0 Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00
June ebfa591484 Use larger buf. size to fix 502s sometimes occur. when going through PVE 2023-05-26 03:27:56 +02:00
June 55506a003a Make Rspamd configs world-readable 2023-05-26 03:27:56 +02:00
Dario e37d84c60d
clean up foobazdmx role 
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
 2023-05-21 15:12:42 +02:00
yuri 2d5f116ff3
Use access token with Reporter role for foobazdmx 2023-05-21 03:03:02 +02:00
yuri da710bcf8f
Reduce maximum AirPlay volume for Audio Pi 2023-05-21 01:29:25 +02:00
Dario a6db315138
Update foobazdmx repository url and release target 
Update foobazdmx repository url in foobazdmx role to main repo.
Change commit to be checked out by ansible to latest commit on main.
 2023-05-20 22:58:24 +02:00
yuri 544abc1c27
Rename automation host to mqtt 2023-05-10 18:02:10 +02:00
yuri 33d1cfca1f
Move become: true into esphome role 
Move become: true into zigbee2mqtt role

Remove become: true from deploy_public_reverse_proxy playbook

Remove become: true from deploy_dokuwiki playbook

Move become: true from deploy_audio_pi and deploy_light playbooks into roles

Remove become: true from deploy_keycloak playbook

Move become: true from deploy_automation playbook to mosquitto role
 2023-05-10 18:02:10 +02:00
June b56ca3899d Add send_only_mailserver role and deploy Send-Only-Mailserver with it 
Co-authored-by: yuri <yuri@nekover.se>
 2023-05-09 23:01:57 +02:00
June f4a79fb4e2 Make it possible to set custom permissions for certificate files 
This is in preparation for a role using OpenSMTPD.
 2023-05-09 22:07:44 +02:00
yuri 78023f5198
Use cert role to deploy a valid certificate for esphome.ccchh.net 2023-05-09 21:02:32 +02:00
yuri ca3a30360f
Use cert role to deploy a valid certificate for zigbee2mqtt.ccchh.net 2023-05-09 17:24:20 +02:00
yuri 1cd0700cf5
Fix filename for include_tasks 2023-05-09 17:20:24 +02:00
yuri 9dc77ad5a5
Only deploy zigbee2mqtt config when it doesn't exist 2023-05-09 14:39:50 +02:00
yuri 1bcb77961b
Use the .yaml file extension for all YAML files 2023-05-08 19:55:08 +02:00
julian 9d0697f0d0 Use PROXY Protocol for Keycloak 2023-05-05 00:00:48 +02:00
Jannik Beyerstedt 7710bf384d Keycloak: Fix restart condition 2023-05-04 23:39:51 +02:00
julian 2dc4b6f5fd Add keycloak 2023-05-02 06:12:56 +02:00
julian 91274de823 Add my docker and docker_compose role 
Do this in preparation for the keycloak deployment.
 2023-05-01 01:45:15 +02:00
julian d4d2e973a1 Get certificate for wiki using cert role 2023-05-01 00:22:05 +02:00
julian 1a0636307b Use Certbot naming for certificate files 2023-05-01 00:18:59 +02:00
julian aac049efb2 Use BIND 9 server instead of Cloudfl. for DNS-01 challenge via nsupdate 
Co-authored-by: Jannik Beyerstedt <code@jannikbeyerstedt.de>
 2023-04-27 23:38:14 +02:00
julian 4814ea8bda Use one ACME account key per host 
This is nicer for us, since this avoids sharing a secret.
Also put certificate directories in `certs` sub-directory for better
organization.
 2023-04-25 18:03:59 +02:00
julian f9c51842fd Make use of become in role 2023-04-25 17:13:10 +02:00
julian 6e9d07b6f6 Add some spacing between tasks 2023-04-25 16:59:02 +02:00
julian f8d89c9742 Use /etc/ansible_certs instead of /certs directory 2023-04-25 16:57:34 +02:00
yuri c407f93b0a
Add initial cert role 2023-04-25 13:49:45 +02:00
julian 9670b6494c Make the wiki publicly accessible and configure nginxs to give it https 2023-04-16 01:41:29 +02:00
Jannik Beyerstedt d3842f6b87 Add dokuwiki VM 2023-04-16 01:41:15 +02:00
yuri 79953d3463
Fix esphome task name 2023-04-15 18:22:37 +02:00
julian 65ac14c18b Use nginx role with custom nginx.conf support 2023-04-15 18:13:22 +02:00
Jan Almeroth b8f925e217 chore(mqtt): only import events, export statusses 2023-03-12 18:21:50 +01:00
julian 239b9b9689 Setup https for Light VM for light.ccchh.net 2023-01-12 23:36:57 +01:00
julian f44e3f28b0 Add Public-Reverse-Proxy 2023-01-08 02:50:23 +01:00
yuri 2f2a4f262f
Only enable Bluetooth Audio Sink 2022-12-18 23:06:39 +01:00
yuri 8a54c0f58e
Fix wireplumber failing before reboot 2022-12-18 20:17:53 +01:00
yuri 96ac8de142
Add playbook and roles for Audio Pi 2022-12-18 04:36:53 +01:00
yuri 7a869f6330
Add nginx ESPHome config 2022-12-18 04:31:37 +01:00
yuri 926f9aa3a5
Make websockets and Web Serial work, set PATH variable in service file 2022-12-18 02:37:15 +01:00
yuri 51fd3367db
Add zigbee2mqtt role and playbook 2022-12-08 23:45:22 +01:00
yuri e084462ae1
Add esphome role and playbook 2022-12-04 20:11:39 +01:00
yuri 75408d8926
Move variable to host_vars and use fully qualified lookup plugin name 2022-12-01 21:35:03 +01:00
yuri 7a93546616
Add mosquitto role and add playbook to deploy MQTT broker on automation.z9 2022-12-01 21:29:40 +01:00
yuri 59dc7a1d7d
Bump foobazdmx version 2022-11-22 20:44:41 +01:00
yuri e74a50e873
Automate light server 
Co-authored-by: J <j@jsts.xyz>
 2022-11-17 23:30:52 +01:00
yuri aefdd123a4
Add ola and foobazdmx role and add playbook for light.z9 2022-11-11 15:28:26 +01:00