6db21ad3c9
Update https://github.com/ansible/ansible-lint action to v26
/ Ansible Lint (push) Successful in 2m26s
/ Ansible Lint (pull_request) Successful in 1m56s
2026-01-12 02:45:39 +00:00
c638790819
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m31s
/ Ansible Lint (push) Failing after 2m5s
2026-01-12 02:30:47 +00:00
70461c98ba
first run ansible_pull for router, then for all other hosts
...
/ Ansible Lint (push) Failing after 2m13s
Do this to avoid a restarting router affecting playbook runs on other
hosts.
2026-01-12 03:29:06 +01:00
968e29ccb8
do v6-only for internal proxy protocol communication
...
/ Ansible Lint (push) Failing after 2m5s
Since we want to do v6-only internally, only listen on v6 for proxy
protocol.
This is also needed as we only have set_real_ip_from pointing to a v6.
2026-01-12 03:02:09 +01:00
255327952e
ntfy(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2026-01-11 03:57:11 +01:00
1971598e71
pretalx(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m55s
2026-01-11 03:23:18 +01:00
372f264bcb
ccchoir(host): move to new network and hostname
2026-01-11 03:23:14 +01:00
2fbb37db18
grafana(host): move to new network and hostname
2026-01-11 03:23:01 +01:00
bb30e88404
router(host): allowlist only certain icmpv6 types
/ Ansible Lint (push) Failing after 2m14s
2026-01-11 00:29:16 +01:00
a41b07949c
zammad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m56s
2026-01-11 00:22:37 +01:00
ff550cbd8a
tickets(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m22s
2026-01-11 00:00:18 +01:00
49e3ecb986
netbox(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m3s
2026-01-09 03:05:29 +01:00
a622f21b54
renovate(host): move to new network and hostname
2026-01-07 18:46:27 +01:00
40b67c6bc3
sunders(host): move to new network and hostname
2026-01-07 18:46:16 +01:00
fbd3ea5496
base_config: disable cloud-init ssh module to avoid hostkey regeneration
...
/ Ansible Lint (push) Failing after 1m55s
It should run once on first boot anyway and since it apparently runs for
every change in the Proxmox cloud init config, disable it, so it
doesn't, since it's annoying to have "random" hostkey changes.
2026-01-07 18:09:48 +01:00
80ddb2efc9
router: enable a DHCP server for the v4-NAT network as well
...
As the hosts don't really need a static v4, just do DHCP.
2026-01-07 17:25:27 +01:00
a328e92971
Should be compatible with trixie/13
/ Ansible Lint (push) Failing after 2m5s
2026-01-03 14:03:26 +01:00
25db54b8ad
Make sure pip is installed
2026-01-03 14:02:56 +01:00
944c8cde82
onlyoffice(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m5s
2025-12-17 03:34:39 +01:00
366456eff8
keycloak(host): move to new network and hostname
...
/ Ansible Lint (push) Failing after 1m56s
Also just listen on port 8443 for keycloak-admin proxy protocol.
2025-12-16 21:50:40 +01:00
1ca71a053e
pad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m57s
2025-12-16 21:12:21 +01:00
b9add5bda3
cloud(host): set correct new proxy protocol reverse proxy ip
2025-12-16 20:59:15 +01:00
570600fce3
eh22-wiki(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2025-12-16 20:58:05 +01:00
5a476f2103
cloud(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m0s
2025-12-16 20:47:44 +01:00
b72dee0d6d
wiki(host): actually have nginx listen on v6
/ Ansible Lint (push) Failing after 1m58s
2025-12-16 19:52:24 +01:00
8b94a49f5e
wiki(host): move to new network and internal hostname
/ Ansible Lint (push) Failing after 2m2s
2025-12-16 19:23:33 +01:00
5f98dca56c
router(host): expose public v6 networks
...
Also prepare for exposing public v4 networks later.
2025-12-16 19:03:36 +01:00
66ee44366b
public-reverse-proxy: New IP of wiki VM
2025-12-14 15:39:03 +01:00
183b91b9f2
router(host): add nftables config for basic router functionality
/ Ansible Lint (push) Failing after 1m56s
2025-12-13 22:07:38 +01:00
d0618e3820
nftables(role): introduce role for deploying nftables
2025-12-13 22:07:37 +01:00
a9e394da06
router(host): add systemd-networkd-based network config
2025-12-13 22:07:37 +01:00
d6ba70523c
systemd_networkd(role): introd. role for deploy. systemd-networkd config
2025-12-13 22:07:35 +01:00
766aa125c4
router(host): introduce router
2025-12-13 22:07:07 +01:00
c39cb0e390
we dont need to set a specific alloy version
/ Ansible Lint (push) Failing after 2m1s
2025-12-06 22:11:53 +01:00
df3710f019
grafana: set alloy to version v1.11.3
...
/ Ansible Lint (push) Failing after 2m4s
1.12.0 is buggy
2025-12-02 22:55:29 +01:00
0eaaf9227c
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m4s
/ Ansible Lint (push) Failing after 2m6s
2025-11-19 13:30:39 +00:00
ddab157600
don't pin digests anymore
...
/ Ansible Lint (push) Failing after 47s
The benefit of digest pinning isn't that great for this project really
and it comes at the cost of more issues and additional renovate noise,
so just don't anymore.
Adjust renovate config accordingly as well.
2025-11-18 14:24:21 +01:00
80acd5fdc6
grafana: store date for up to 28 days
/ Ansible Lint (push) Failing after 1m58s
2025-11-11 23:03:59 +01:00
5f6000adca
ssh_config: also enable sntrup761x25519-sha512 for Debain 13
...
/ Ansible Lint (push) Failing after 1m46s
tldr: PQC algorithms are complex but sntrup still is not brocken
2025-11-11 22:47:42 +01:00
6fea98ffd2
Redirect to 39c3 instead of eh22
/ Ansible Lint (push) Failing after 2m3s
2025-11-07 20:09:02 +01:00
63917722ff
fix foobazdmx role
...
/ Ansible Lint (push) Failing after 1m58s
poetry is available via apt now so we install it that way
2025-11-06 21:19:20 +01:00
aeec08fce8
remove distribution checks
...
/ Ansible Lint (push) Failing after 2m2s
Signed-Off-By: june
2025-11-06 21:16:42 +01:00
cffe5c2b16
dooris: use hostname instead of IP
/ Ansible Lint (push) Failing after 2m9s
2025-11-06 18:25:29 +01:00
d690f81e3d
deploy_ssh_server_config: setup ssh pq cryptography
/ Ansible Lint (push) Failing after 2m14s
2025-11-05 23:08:28 +01:00
ae60d6fea6
docker_compose(role): use community.docker.docker_compose_v2 module
...
/ Ansible Lint (pull_request) Failing after 2m12s
/ Ansible Lint (push) Failing after 1m57s
Use the community.docker.docker_compose_v2 module as it supports proper
changed handling out of the box, making the roles code more
straightforward and work. Also just do a docker compose restart instead
of having the custom docker compose reload script.
https://docs.ansible.com/ansible/latest/collections/community/docker/docker_compose_v2_module.html
2025-11-02 23:13:20 +01:00
9f8d2d89cd
docker_compose(role): move argument documentation to README
...
Do this to match newer roles and since reading documentation from
argument_specs is quite unergonomic.
2025-11-02 22:32:20 +01:00
e390b7c202
docker_compose(role): remove unnecessary hosts section from README
...
The hosts section isn't really relevant for that role, so remove it.
2025-11-02 22:32:20 +01:00
8cefd07618
docker_compose(role): remove distribution check
...
The distribution check isn't really needed in our setup anyway and just
adds unnecessary noise.
2025-11-02 22:32:20 +01:00
c3f71b1f08
sunders: replace password in healthcheck with dynamic secret
...
/ Ansible Lint (push) Failing after 2m2s
#55
Co-authored-by: ViMaSter <vincent@mahn.ke>
Co-committed-by: ViMaSter <vincent@mahn.ke>
2025-11-02 20:24:55 +01:00
dc6c7cbfb7
sunders(host): deploy sunders using docker compose
...
/ Ansible Lint (push) Failing after 2m29s
https://git.hamburg.ccc.de/CCCHH/sunders
2025-11-01 17:53:08 +01:00
