06ae220857
Remove spaceapiccc.hamburg.ccc.de
/ Ansible Lint (push) Successful in 2m9s
2026-01-27 22:35:28 +01:00
1f2a08cf15
Spell stuff correctly
/ Ansible Lint (push) Successful in 2m10s
2026-01-27 20:16:57 +01:00
2e5b0ab940
nginx(role): to not log IPs, just disable the access log
/ Ansible Lint (push) Successful in 2m16s
2026-01-27 18:18:17 +01:00
3bba747dab
Configure seperate server for spaceapi.ccc.de
/ Ansible Lint (push) Successful in 2m32s
2026-01-27 16:30:00 +01:00
b90a57ffb0
Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra
/ Ansible Lint (push) Successful in 2m20s
2026-01-27 16:21:20 +01:00
ad783e4a15
now in production
2026-01-27 16:21:18 +01:00
200e8019ed
public-reverse-proxy: add config for local/lokal.ccc.de
...
/ Ansible Lint (push) Successful in 2m13s
local/lokal.ccc.de points to cpu.ccc.de.
2026-01-27 15:49:38 +01:00
4f0c4bb276
Explain need to re-encrypt after adding a host
/ Ansible Lint (push) Successful in 2m7s
2026-01-27 09:47:01 +01:00
3abc375984
Re-encrypt for spaceapiccc
2026-01-27 09:46:47 +01:00
c8edde4d11
Pretty up
/ Ansible Lint (push) Failing after 56s
2026-01-26 00:20:27 +01:00
ca20721f04
add missing grafana.grafana collection dependency
/ Ansible Lint (push) Failing after 57s
2026-01-25 23:55:57 +01:00
42b23eb181
get collections from repos directly instead of using Ansible Galaxy
...
As Ansible Galaxy is currently down, switch to using the repos directly.
This avoids reliancy on Ansible Galaxy in the future as well.
2026-01-25 23:55:48 +01:00
0f3cd2c70a
amcedns to enable Let's Encrypt DNS-01 challenges
/ Ansible Lint (push) Failing after 38s
2026-01-25 22:41:42 +01:00
c33ae36af3
Enable IPv6 by default
2026-01-25 22:40:36 +01:00
2cd0811b29
Fix warning
2026-01-25 22:40:36 +01:00
6a92aa68c1
light: fix tls cert expiring and not renewing
/ Ansible Lint (push) Failing after 39s
2026-01-25 22:36:30 +01:00
5693989c38
add alloy to the z9 hosts and some cleanup
/ Ansible Lint (push) Failing after 45s
2026-01-25 21:44:49 +01:00
c7d51af5b4
rollout Alloy to replace prometheus_node_exporter
...
With the new network we need to deploy a push based solution in order to get metrics into prometheus
2026-01-25 21:44:49 +01:00
995dbb06e2
wip: alloy
2026-01-25 21:44:49 +01:00
11779ab21d
grafana: get alertmanager to be more chill
...
/ Ansible Lint (push) Waiting to run
a bit of help to deal with alert fatigue
2026-01-25 21:41:20 +01:00
8f7990acc0
docs: add ansible_pull_hosts to the desired minimum roles/groups
/ Ansible Lint (push) Failing after 41s
2026-01-25 21:17:28 +01:00
c6c0272448
docs: add section on conf. monitoring with Gatus (status.hamburg.ccc.de)
2026-01-25 21:16:38 +01:00
1523b15952
docs: improve formatting and wording a bit to make things clearer
2026-01-25 21:11:07 +01:00
a5d291cea8
spaceapiccc(host): setup ansible-pull
/ Ansible Lint (push) Failing after 57s
2026-01-25 20:58:57 +01:00
652aa32e21
docker_compose(role): document new build and pull arguments
/ Ansible Lint (push) Failing after 40s
2026-01-25 20:49:39 +01:00
0939771d08
public-reverse-proxy(host): add entries for cpu.ccc.de
/ Ansible Lint (push) Failing after 43s
2026-01-25 20:22:44 +01:00
c285694aaa
Add age private key
/ Ansible Lint (push) Failing after 42s
2026-01-25 15:47:41 +01:00
d35f1cc779
GPG must be installed for the docker role to be able to add the repo
/ Ansible Lint (push) Failing after 43s
2026-01-25 15:31:42 +01:00
cee1fe970a
Add spaceapiccc as a replacement for erfafoo
/ Ansible Lint (push) Failing after 42s
2026-01-25 14:03:54 +01:00
0c782caee7
Explain what all needs to be added for a new host
/ Ansible Lint (push) Failing after 41s
2026-01-25 14:03:34 +01:00
f887de25c5
make building and pulling configurable
/ Ansible Lint (push) Failing after 40s
2026-01-25 13:26:20 +01:00
664b9115b8
Fix warning
/ Ansible Lint (push) Failing after 44s
2026-01-25 13:01:52 +01:00
b492472179
Explain how to add age key for ansible pull
/ Ansible Lint (push) Failing after 44s
2026-01-25 12:12:30 +01:00
ddaa069204
status(host): configure Gatus to store more results and events
...
/ Ansible Lint (push) Successful in 1m52s
Also see:
https://github.com/TwiN/gatus?tab=readme-ov-file#storage
2026-01-18 21:39:23 +01:00
28f80a85f3
status(host): Switch to nekover.se user for personal token
...
/ Ansible Lint (push) Successful in 1m53s
As access token now apparently expire with matrix authentication services,
use a nekover.se user where we can get a long-lived personal token.
2026-01-18 19:49:59 +01:00
d514688574
systemd_networkd(role),router(host): support global config to fix forw.
...
/ Ansible Lint (push) Successful in 1m58s
With the router upgrade to Debian 13 the systemd version got upgraded as
well breaking the current configuration for IP forwarding.
Add a variable for global systemd-networkd configuration and use that to
enable IPv4 and IPv6 forwarding on the router.
The systemd_networkd role could be a bit nicer, not deploying/deleting
the global configuration, if the variable is empty and
reloading/restarting systemd-networkd at appropriate times. But as is
works for now.
2026-01-18 19:21:33 +01:00
d7b463ecb9
status(host): fix token not working by using a new one
/ Ansible Lint (push) Successful in 1m59s
2026-01-18 04:54:31 +01:00
0b6847493c
Update actions/checkout action to v6
/ Ansible Lint (pull_request) Successful in 2m22s
/ Ansible Lint (push) Successful in 1m52s
2026-01-18 03:30:42 +00:00
744dc00ae5
Update https://github.com/ansible/ansible-lint action to v26
/ Ansible Lint (pull_request) Successful in 2m26s
/ Ansible Lint (push) Successful in 1m57s
2026-01-18 03:01:35 +00:00
fe52127e82
status(host): configure external status page and uptime monitoring host
/ Ansible Lint (push) Failing after 2m0s
2026-01-18 01:26:52 +01:00
51bbdd42a2
dooris(host): make certbot work
/ Ansible Lint (push) Failing after 2m6s
2026-01-13 16:55:22 +01:00
428b5c70bc
pretalx(host): roll back to pretalx v2025.1.0 for celery as well
2026-01-13 14:19:57 +01:00
92601ab9ea
renovate: add package rule for pretalx reclassifying major updates
...
/ Ansible Lint (push) Failing after 2m8s
So that v2025.1.0 to v2025.2.2 counts as a major, not a minor, update.
2026-01-13 03:48:34 +01:00
3e0fdfa8de
pretalx(host): roll back to pretalx v2025.1.0 as v2025.2.2 doesn't work
/ Ansible Lint (push) Failing after 1m56s
2026-01-13 03:43:28 +01:00
951ec7ebcd
netbox(role): fix oidc integration by no longer using is_staff
...
/ Ansible Lint (push) Failing after 1m56s
is_staff got removed in 4.5.0.
See: https://github.com/netbox-community/netbox/releases/tag/v4.5.0
2026-01-13 02:25:06 +01:00
a92e144cfc
base_config(role): ensure base set of admin tools is installed
...
/ Ansible Lint (push) Failing after 1m55s
See:
https://git.hamburg.ccc.de/CCCHH/nix-infra/src/branch/main/config/common/admin-environment.nix
2026-01-13 00:41:06 +01:00
c638790819
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m31s
/ Ansible Lint (push) Failing after 2m5s
2026-01-12 02:30:47 +00:00
70461c98ba
first run ansible_pull for router, then for all other hosts
...
/ Ansible Lint (push) Failing after 2m13s
Do this to avoid a restarting router affecting playbook runs on other
hosts.
2026-01-12 03:29:06 +01:00
968e29ccb8
do v6-only for internal proxy protocol communication
...
/ Ansible Lint (push) Failing after 2m5s
Since we want to do v6-only internally, only listen on v6 for proxy
protocol.
This is also needed as we only have set_real_ip_from pointing to a v6.
2026-01-12 03:02:09 +01:00
255327952e
ntfy(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2026-01-11 03:57:11 +01:00
