0385d5ad00
Update docker.io/pretalx/standalone Docker tag to v2025.2.3
/ Ansible Lint (push) Successful in 2m42s
/ Ansible Lint (pull_request) Successful in 2m40s
/ build (pull_request) Failing after 2m40s
2026-05-19 16:46:30 +00:00
197b9c297c
docs: fix code blocks overflowing and add syntax highlighting
...
/ Ansible Lint (pull_request) Successful in 2m38s
/ build (pull_request) Successful in 25s
/ cleanup-staging (pull_request) Successful in 2s
/ build (push) Successful in 23s
/ Ansible Lint (push) Successful in 4m45s
Without these options code blocks would overflow. See:
https://github.com/asiffer/mkdocs-shadcn/issues/57
And it also provides nice syntax highlighting.
2026-05-19 18:33:03 +02:00
abcc144711
docs: add index page
2026-05-19 18:33:03 +02:00
31cc60c648
docs: add mkdocs config and CI for building infra-docs website
...
Heavily inspired by: https://forgejo.c3voc.de/voc/av-docs
2026-05-19 18:33:03 +02:00
a93d22fb05
add configuration for infra-docs and infra-docs staging
2026-05-19 18:33:03 +02:00
8a8ce7206d
add infrastructure-authorized-keys to lists host
/ Ansible Lint (push) Successful in 2m48s
2026-05-19 16:27:59 +02:00
dcd454011f
status(host): add checks for auth-dns
/ Ansible Lint (push) Successful in 2m21s
2026-05-19 14:27:54 +02:00
55d1279c3e
status(host): add check for diday.org
/ Ansible Lint (push) Successful in 2m34s
2026-05-19 14:17:07 +02:00
3541c68357
disable dnssec for catalog zones on auth-dns
...
/ Ansible Lint (push) Successful in 2m35s
Catalog zones are not real zones in the DNS hierarchy and don't
have a parent zone. Therefore they will never have a valid DNSSEC
delegation so we should skip signing those zones.
2026-05-19 11:01:52 +02:00
6bb09901a0
add ns.vie.ccc.de. as direct secondary for authoritative DNS zones
/ Ansible Lint (push) Has been cancelled
2026-05-19 11:00:03 +02:00
73e77bde70
tag plays in playbooks (instead of tasks in roles)
/ Ansible Lint (pull_request) Successful in 3m18s
/ Ansible Lint (push) Successful in 2m20s
2026-05-19 00:24:10 +02:00
6b19f69135
renovate(role): add cleanup service and timer for renovate volume
...
/ Ansible Lint (push) Successful in 2m25s
With time the volume seems to just keeps growing with cache data, so
clean it up once a day.
2026-05-19 00:23:26 +02:00
b0347d64bf
remove configuration for deleted woodpecker host
/ Ansible Lint (push) Successful in 34m8s
2026-05-18 20:13:48 +02:00
1275d50bdf
dooris(host): use new dooris software
...
/ Ansible Lint (push) Successful in 3m56s
Also fix DNS record not properly working anymore.
2026-05-18 18:00:30 +02:00
1757c36605
Postorious needs REST API as well
/ Ansible Lint (push) Successful in 8m34s
2026-05-16 13:31:18 +02:00
a76f01aea7
Move secrets to SOPS, add REST_USER
/ Ansible Lint (push) Successful in 9m15s
2026-05-16 13:06:19 +02:00
cc5dfb3cf7
Update docker.io/grafana/grafana Docker tag to v13
/ Ansible Lint (push) Failing after 13m15s
2026-05-15 19:41:57 +02:00
83e6f76464
deploy_systemd_journal_config(role): Disable ForwardToSyslog
...
/ Ansible Lint (pull_request) Failing after 29m12s
/ Ansible Lint (push) Successful in 41m19s
We don't want hour journalctl logs mirrored to /var/log/syslog
2026-05-15 19:25:44 +02:00
164f784957
remove errornously added irz42 reverse-dns secondaries
/ Ansible Lint (push) Successful in 3m0s
2026-05-15 14:50:15 +02:00
637dc6b25a
consider ansible-pull jobs failed after 30 minutes
/ Ansible Lint (pull_request) Successful in 2m27s
/ Ansible Lint (push) Successful in 2m32s
2026-05-13 16:53:57 +02:00
18ffa42358
remove actually unused reverse-dns zones
/ Ansible Lint (push) Successful in 3m0s
2026-05-13 15:14:37 +02:00
d2f95237a0
add wieskes nameservers for reverse-dns zone transfers from auth-dns
2026-05-13 15:11:29 +02:00
e3ef60186f
grafana: set default alertmanager notifications
/ Ansible Lint (push) Successful in 2m25s
2026-05-09 21:34:08 +02:00
c9c44efa0b
auth-dns(host): remove entries for old and deprecated services
/ Ansible Lint (push) Successful in 3m16s
2026-05-09 19:16:34 +02:00
d76212c5a8
auth-dns(host): remove legacy "-intern" entries from hamburg.ccc.de zone
2026-05-09 18:27:54 +02:00
3c558003a9
auth-dns(host): format hamburg.ccc.de zone file
...
/ Ansible Lint (push) Successful in 21m51s
Format zone file as first step of a series of clean-ups.
2026-05-08 21:20:55 +02:00
595b19375a
replace primary NS in all zones except *.hamburg.ccc.de zones
/ Ansible Lint (push) Successful in 3m42s
2026-05-07 23:59:50 +02:00
bc4df9a3f4
fix ansible-lint warnings of knot role
/ Ansible Lint (push) Successful in 2m31s
2026-05-07 23:45:48 +02:00
50beedbc62
configure metric scraping from knot on auth-dns
/ Ansible Lint (push) Failing after 6m12s
2026-05-06 15:51:38 +02:00
291ebce943
router(host): configure public (v4) network
/ Ansible Lint (push) Successful in 4m20s
2026-05-06 14:43:05 +02:00
f7306b91a6
remove unused dns zones
/ Ansible Lint (push) Successful in 3m22s
2026-05-06 14:37:53 +02:00
021843b5ce
migrate reverse dns zones to new auth-dns server
/ Ansible Lint (push) Successful in 2m36s
2026-05-06 14:33:04 +02:00
5283d2da95
improve knot roles reloading behavior
...
With this change, the nameserver is not restarted on configuration
updates but only reloaded instead.
2026-05-06 14:33:04 +02:00
3aa146d723
nftables(role): reload instead of restart
...
/ Ansible Lint (push) Failing after 3m22s
This should make the role more robust against misconfigurations.
2026-05-06 14:19:38 +02:00
46b0a49eb8
migrate dns zone eh22.easterhegg.eu to new auth-dns server
/ Ansible Lint (push) Failing after 2m29s
2026-05-06 12:34:23 +02:00
d535607ae6
migrate dns zone eh20.easterhegg.eu. to new auth-dns server
2026-05-06 12:31:55 +02:00
04a6c685d1
migrate dns zone hamburg.ccc.de. to new auth-dns server
/ Ansible Lint (push) Successful in 2m32s
2026-05-06 12:17:51 +02:00
fa021fb737
migrate dns zone ccchh.net. to new auth-dns server
/ Ansible Lint (push) Successful in 2m27s
2026-05-06 12:12:54 +02:00
9100523045
remove obsolete auth-dns compose file
/ Ansible Lint (push) Successful in 3m37s
2026-05-06 11:59:51 +02:00
416ca85b11
rename auth_dns -> knot role
/ Ansible Lint (pull_request) Successful in 2m37s
/ Ansible Lint (push) Has been cancelled
2026-05-06 11:52:33 +02:00
8c1553c707
fix role name auth-dns -> auth_dns
/ Ansible Lint (push) Failing after 2m38s
/ Ansible Lint (pull_request) Failing after 2m40s
2026-05-06 11:47:10 +02:00
9ca4eb14e1
configure hh.ccc.de on auth-dns
2026-05-06 11:47:10 +02:00
c0a09cd299
add old zones from ns-intern
/ Ansible Lint (push) Failing after 3m40s
2026-05-06 11:47:10 +02:00
6fa2d65db2
enable auth-dns role to actually configure useful zones
2026-05-06 11:47:10 +02:00
becee70ab9
disable systemd-resolved on auth-dns
2026-05-06 11:47:10 +02:00
fa94d59df6
add barebones knot config
...
This configuration does not yet do much but it provisions a knot
server that runs.
2026-05-06 11:47:10 +02:00
adc3400177
mute ansible discovered interpreter warning
/ Ansible Lint (push) Successful in 2m41s
2026-05-06 11:44:41 +02:00
d880eb8677
fix systemd-resolved not being installed
...
/ Ansible Lint (pull_request) Successful in 2m27s
/ Ansible Lint (push) Successful in 2m25s
closes #88
2026-05-03 16:50:45 +02:00
c304a1c82a
add README.md to deploy_systemd_resolved_config role
/ Ansible Lint (pull_request) Successful in 2m31s
/ Ansible Lint (push) Successful in 2m24s
2026-05-02 01:01:23 +02:00
58ced1a85e
add capability to disable systemd-resolved to base_config role
/ Ansible Lint (push) Successful in 2m28s
/ Ansible Lint (pull_request) Successful in 2m24s
2026-05-01 00:16:43 +02:00
