June
06233d22d5
Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten
2023-08-04 14:06:37 +02:00
June
2825c5089f
Use new secrets path for z9 vm-secrets
2023-08-04 13:53:22 +02:00
June
3d238d9f63
Move z9-host-specific configs and templates into z9 subdirectories
2023-08-04 13:41:00 +02:00
June
4d12d802b8
Add link to relevant wiki page to certbot role README
2023-08-03 05:07:36 +02:00
June
96e9cdb0dc
Add relevant entry for HTTP challenge on PBS
2023-08-03 05:04:13 +02:00
June
3b3c628492
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs
2023-08-03 04:15:03 +02:00
June
48f9a2f901
Deploy certs for aes.ccchh.net using certbot role
...
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
June
542211ca25
Deploy certs for esphome.ccchh.net using certbot role
2023-08-02 23:27:40 +02:00
June
6ac4bf8240
Deploy certs for wiki.ccchh.net using certbot role
...
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
June
6651f4568d
Deploy certs for keycloak-admin and id.ccchh.net using certbot role
2023-08-02 23:07:21 +02:00
June
154a7dfa02
Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
...
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
June
f0c5c2b265
Convert certbot role to use standalone instead of webroot
...
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
June
5341f9dfba
Add role for deploying certbot and setting up certificate using it
2023-08-02 20:47:22 +02:00
June
1b45e94960
Add redhat.ansible extension to VSCode Workspace Recommendations
2023-07-30 19:30:06 +02:00
June
1613e2d25c
Describe new way of secret storage
2023-07-30 19:27:04 +02:00
Dario
59520b4db6
AES: disable goodies and vouchers
2023-07-30 16:13:49 +02:00
Dario
b89789c37a
fix aes contact email
2023-07-30 15:36:25 +02:00
June
a7565d5f35
Deploy SSH Server config to public-reverse-proxy and wiki hosts
2023-07-30 07:06:26 +02:00
June
6994cfa123
Use correct ansible_host for mqtt host
2023-07-30 07:01:06 +02:00
June
317c822ab5
Combine playbooks for indiviual hosts into one playbook
...
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
June
042ff7c2ec
Move keycloak and public-reverse-proxy to new debian_12 group
...
Do this, since they are on Debian 12.
2023-07-30 05:53:39 +02:00
June
c9dee93874
Deploy ssh server config on keycloak VM
2023-07-30 05:51:40 +02:00
June
c6926b0a0f
Remove incorrect check from deploy_ssh_server_config role
2023-07-30 05:49:46 +02:00
June
c2a183c013
Add missing "become: true"
2023-07-30 05:25:43 +02:00
June
2efdfcad6d
Setup repo pin. to ensure nginx package gets installed from NGINX repos
2023-07-30 05:19:22 +02:00
June
38fc33ce70
Don't use apt-key anymore, since it's deprecated
2023-07-30 01:21:43 +02:00
jtbx
efc72f70f6
audiopi: Update role
2023-07-30 01:04:25 +02:00
June
8a2c2769c8
Use new secrets path, bc of noc pass store merge into general store
2023-07-29 23:15:00 +02:00
June
23deedf0d6
Update deploy_ssh_server_config role for Debian 12 support
2023-07-29 20:17:22 +02:00
June
f62135e263
Don't reference obsolete secret env files
2023-07-29 01:47:21 +02:00
June
a12b38b284
Provide secrets for engelsystem VM from pass
2023-07-29 01:46:30 +02:00
June
f695afa981
Provide network_key for zigbee2mqtt from pass
2023-07-29 01:28:44 +02:00
June
69edb75112
Use correct variable for initial config in zigbee2mqtt role
2023-07-29 01:16:49 +02:00
June
51c1b667f4
Provide secrets for keycloak VM from pass
2023-07-29 00:59:01 +02:00
Dario
8fa4e5af3e
Merge branch 'feature/aes_lingo_patches' into 'main'
...
AES: patch code and l10n to add train drivers license
See merge request ccchh/thinkcccentre-ansible!3
2023-07-28 22:26:04 +00:00
Dario
c3fc040751
AES: patch code and l10n to add train drivers license
2023-07-28 23:59:02 +02:00
June
727cd0bc74
Bump Keycloak to 22.0
2023-07-28 23:16:46 +02:00
June
2f7e3ae893
Build on docker compose up as well
2023-07-28 23:16:27 +02:00
yuri
18990b3b5f
Bump zigbee2mqtt to 1.32.1
2023-07-27 18:26:47 +02:00
yuri
1570b0c04e
Bump esphome to 2023.7.0
2023-07-27 18:22:58 +02:00
jtbx
d5285a3fd2
deploy an engelsystem named AES
2023-07-09 01:57:55 +02:00
June
b536e5c2fb
Fix: Add necessary becomes
2023-07-09 00:26:20 +02:00
jtbx
b2e9c22821
cert, nginx: Update for debian 12
2023-07-09 00:03:38 +02:00
jtbx
67483ece20
docker roles: Support debian 12
2023-07-08 23:47:04 +02:00
June
82b64e24c6
Fix variable name
...
Thanks jtbx for pointing that out!
2023-07-08 23:41:12 +02:00
June
8bc60e42a8
Extend distribution_check role to account for Ansible changes reg. facts
...
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
2023-07-08 19:58:02 +02:00
June
0c62a8f3e0
Add role for deploying SSH config and also add mailserver-endpoint host
2023-06-06 23:37:42 +02:00
June
ebfa591484
Use larger buf. size to fix 502s sometimes occur. when going through PVE
2023-05-26 03:27:56 +02:00
June
55506a003a
Make Rspamd configs world-readable
2023-05-26 03:27:56 +02:00
Dario
e37d84c60d
clean up foobazdmx role
...
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
2023-05-21 15:12:42 +02:00