CCCHH/ansible-infra
CCCHH/ansible-infra
3
0
Fork 0
Code Issues 5 Pull requests Wiki Activity
110 commits 1 branch 0 tags 1.6 MiB
Commit graph

110 commits

This branch
This branch
All branches
Author SHA1 Message Date
June 06233d22d5 Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten 2023-08-04 14:06:37 +02:00
June 2825c5089f Use new secrets path for z9 vm-secrets 2023-08-04 13:53:22 +02:00
June 3d238d9f63 Move z9-host-specific configs and templates into z9 subdirectories 2023-08-04 13:41:00 +02:00
June 4d12d802b8 Add link to relevant wiki page to certbot role README 2023-08-03 05:07:36 +02:00
June 96e9cdb0dc Add relevant entry for HTTP challenge on PBS 2023-08-03 05:04:13 +02:00
June 3b3c628492 Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs 2023-08-03 04:15:03 +02:00
June 48f9a2f901 Deploy certs for aes.ccchh.net using certbot role 
Also clean up NGINX configuration a bit.
 2023-08-02 23:40:36 +02:00
June 542211ca25 Deploy certs for esphome.ccchh.net using certbot role 2023-08-02 23:27:40 +02:00
June 6ac4bf8240 Deploy certs for wiki.ccchh.net using certbot role 
Also clean up NGINX configurations.
 2023-08-02 23:17:31 +02:00
June 6651f4568d Deploy certs for keycloak-admin and id.ccchh.net using certbot role 2023-08-02 23:07:21 +02:00
June 154a7dfa02 Deploy certs for zigbee2mqtt.ccchh.net using new certbot role 
Also add certbot role to deploy.yaml playbook and add accompanying
group.
 2023-08-02 22:53:37 +02:00
June f0c5c2b265 Convert certbot role to use standalone instead of webroot 
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
 2023-08-02 22:46:01 +02:00
June 5341f9dfba Add role for deploying certbot and setting up certificate using it 2023-08-02 20:47:22 +02:00
June 1b45e94960 Add redhat.ansible extension to VSCode Workspace Recommendations 2023-07-30 19:30:06 +02:00
June 1613e2d25c Describe new way of secret storage 2023-07-30 19:27:04 +02:00
Dario 59520b4db6
AES: disable goodies and vouchers 2023-07-30 16:13:49 +02:00
Dario b89789c37a
fix aes contact email 2023-07-30 15:36:25 +02:00
June a7565d5f35 Deploy SSH Server config to public-reverse-proxy and wiki hosts 2023-07-30 07:06:26 +02:00
June 6994cfa123 Use correct ansible_host for mqtt host 2023-07-30 07:01:06 +02:00
June 317c822ab5 Combine playbooks for indiviual hosts into one playbook 
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
 2023-07-30 06:57:30 +02:00
June 042ff7c2ec Move keycloak and public-reverse-proxy to new debian_12 group 
Do this, since they are on Debian 12.
 2023-07-30 05:53:39 +02:00
June c9dee93874 Deploy ssh server config on keycloak VM 2023-07-30 05:51:40 +02:00
June c6926b0a0f Remove incorrect check from deploy_ssh_server_config role 2023-07-30 05:49:46 +02:00
June c2a183c013 Add missing "become: true" 2023-07-30 05:25:43 +02:00
June 2efdfcad6d Setup repo pin. to ensure nginx package gets installed from NGINX repos 2023-07-30 05:19:22 +02:00
June 38fc33ce70 Don't use apt-key anymore, since it's deprecated 2023-07-30 01:21:43 +02:00
jtbx efc72f70f6 audiopi: Update role 2023-07-30 01:04:25 +02:00
June 8a2c2769c8 Use new secrets path, bc of noc pass store merge into general store 2023-07-29 23:15:00 +02:00
June 23deedf0d6 Update deploy_ssh_server_config role for Debian 12 support 2023-07-29 20:17:22 +02:00
June f62135e263 Don't reference obsolete secret env files 2023-07-29 01:47:21 +02:00
June a12b38b284 Provide secrets for engelsystem VM from pass 2023-07-29 01:46:30 +02:00
June f695afa981 Provide network_key for zigbee2mqtt from pass 2023-07-29 01:28:44 +02:00
June 69edb75112 Use correct variable for initial config in zigbee2mqtt role 2023-07-29 01:16:49 +02:00
June 51c1b667f4 Provide secrets for keycloak VM from pass 2023-07-29 00:59:01 +02:00
Dario 8fa4e5af3e Merge branch 'feature/aes_lingo_patches' into 'main' 
AES: patch code and l10n to add train drivers license

See merge request ccchh/thinkcccentre-ansible!3
 2023-07-28 22:26:04 +00:00
Dario c3fc040751
AES: patch code and l10n to add train drivers license 2023-07-28 23:59:02 +02:00
June 727cd0bc74 Bump Keycloak to 22.0 2023-07-28 23:16:46 +02:00
June 2f7e3ae893 Build on docker compose up as well 2023-07-28 23:16:27 +02:00
yuri 18990b3b5f
Bump zigbee2mqtt to 1.32.1 2023-07-27 18:26:47 +02:00
yuri 1570b0c04e
Bump esphome to 2023.7.0 2023-07-27 18:22:58 +02:00
jtbx d5285a3fd2 deploy an engelsystem named AES 2023-07-09 01:57:55 +02:00
June b536e5c2fb Fix: Add necessary becomes 2023-07-09 00:26:20 +02:00
jtbx b2e9c22821 cert, nginx: Update for debian 12 2023-07-09 00:03:38 +02:00
jtbx 67483ece20 docker roles: Support debian 12 2023-07-08 23:47:04 +02:00
June 82b64e24c6 Fix variable name 
Thanks jtbx for pointing that out!
 2023-07-08 23:41:12 +02:00
June 8bc60e42a8 Extend distribution_check role to account for Ansible changes reg. facts 
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
 2023-07-08 19:58:02 +02:00
June 0c62a8f3e0 Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00
June ebfa591484 Use larger buf. size to fix 502s sometimes occur. when going through PVE 2023-05-26 03:27:56 +02:00
June 55506a003a Make Rspamd configs world-readable 2023-05-26 03:27:56 +02:00
Dario e37d84c60d
clean up foobazdmx role 
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
 2023-05-21 15:12:42 +02:00