10388c8333
rollout Alloy to replace prometheus_node_exporter
...
/ Ansible Lint (push) Failing after 41s
/ Ansible Lint (pull_request) Failing after 41s
With the new network we need to deploy a push based solution in order to get metrics into prometheus
2026-01-25 20:38:38 +01:00
29af58ff94
wip: alloy
2026-01-25 20:09:09 +01:00
c285694aaa
Add age private key
/ Ansible Lint (push) Failing after 42s
2026-01-25 15:47:41 +01:00
d35f1cc779
GPG must be installed for the docker role to be able to add the repo
/ Ansible Lint (push) Failing after 43s
2026-01-25 15:31:42 +01:00
cee1fe970a
Add spaceapiccc as a replacement for erfafoo
/ Ansible Lint (push) Failing after 42s
2026-01-25 14:03:54 +01:00
0c782caee7
Explain what all needs to be added for a new host
/ Ansible Lint (push) Failing after 41s
2026-01-25 14:03:34 +01:00
f887de25c5
make building and pulling configurable
/ Ansible Lint (push) Failing after 40s
2026-01-25 13:26:20 +01:00
664b9115b8
Fix warning
/ Ansible Lint (push) Failing after 44s
2026-01-25 13:01:52 +01:00
b492472179
Explain how to add age key for ansible pull
/ Ansible Lint (push) Failing after 44s
2026-01-25 12:12:30 +01:00
ddaa069204
status(host): configure Gatus to store more results and events
...
/ Ansible Lint (push) Successful in 1m52s
Also see:
https://github.com/TwiN/gatus?tab=readme-ov-file#storage
2026-01-18 21:39:23 +01:00
28f80a85f3
status(host): Switch to nekover.se user for personal token
...
/ Ansible Lint (push) Successful in 1m53s
As access token now apparently expire with matrix authentication services,
use a nekover.se user where we can get a long-lived personal token.
2026-01-18 19:49:59 +01:00
d514688574
systemd_networkd(role),router(host): support global config to fix forw.
...
/ Ansible Lint (push) Successful in 1m58s
With the router upgrade to Debian 13 the systemd version got upgraded as
well breaking the current configuration for IP forwarding.
Add a variable for global systemd-networkd configuration and use that to
enable IPv4 and IPv6 forwarding on the router.
The systemd_networkd role could be a bit nicer, not deploying/deleting
the global configuration, if the variable is empty and
reloading/restarting systemd-networkd at appropriate times. But as is
works for now.
2026-01-18 19:21:33 +01:00
d7b463ecb9
status(host): fix token not working by using a new one
/ Ansible Lint (push) Successful in 1m59s
2026-01-18 04:54:31 +01:00
0b6847493c
Update actions/checkout action to v6
/ Ansible Lint (pull_request) Successful in 2m22s
/ Ansible Lint (push) Successful in 1m52s
2026-01-18 03:30:42 +00:00
744dc00ae5
Update https://github.com/ansible/ansible-lint action to v26
/ Ansible Lint (pull_request) Successful in 2m26s
/ Ansible Lint (push) Successful in 1m57s
2026-01-18 03:01:35 +00:00
fe52127e82
status(host): configure external status page and uptime monitoring host
/ Ansible Lint (push) Failing after 2m0s
2026-01-18 01:26:52 +01:00
51bbdd42a2
dooris(host): make certbot work
/ Ansible Lint (push) Failing after 2m6s
2026-01-13 16:55:22 +01:00
428b5c70bc
pretalx(host): roll back to pretalx v2025.1.0 for celery as well
2026-01-13 14:19:57 +01:00
92601ab9ea
renovate: add package rule for pretalx reclassifying major updates
...
/ Ansible Lint (push) Failing after 2m8s
So that v2025.1.0 to v2025.2.2 counts as a major, not a minor, update.
2026-01-13 03:48:34 +01:00
3e0fdfa8de
pretalx(host): roll back to pretalx v2025.1.0 as v2025.2.2 doesn't work
/ Ansible Lint (push) Failing after 1m56s
2026-01-13 03:43:28 +01:00
951ec7ebcd
netbox(role): fix oidc integration by no longer using is_staff
...
/ Ansible Lint (push) Failing after 1m56s
is_staff got removed in 4.5.0.
See: https://github.com/netbox-community/netbox/releases/tag/v4.5.0
2026-01-13 02:25:06 +01:00
a92e144cfc
base_config(role): ensure base set of admin tools is installed
...
/ Ansible Lint (push) Failing after 1m55s
See:
https://git.hamburg.ccc.de/CCCHH/nix-infra/src/branch/main/config/common/admin-environment.nix
2026-01-13 00:41:06 +01:00
c638790819
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m31s
/ Ansible Lint (push) Failing after 2m5s
2026-01-12 02:30:47 +00:00
70461c98ba
first run ansible_pull for router, then for all other hosts
...
/ Ansible Lint (push) Failing after 2m13s
Do this to avoid a restarting router affecting playbook runs on other
hosts.
2026-01-12 03:29:06 +01:00
968e29ccb8
do v6-only for internal proxy protocol communication
...
/ Ansible Lint (push) Failing after 2m5s
Since we want to do v6-only internally, only listen on v6 for proxy
protocol.
This is also needed as we only have set_real_ip_from pointing to a v6.
2026-01-12 03:02:09 +01:00
255327952e
ntfy(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2026-01-11 03:57:11 +01:00
1971598e71
pretalx(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m55s
2026-01-11 03:23:18 +01:00
372f264bcb
ccchoir(host): move to new network and hostname
2026-01-11 03:23:14 +01:00
2fbb37db18
grafana(host): move to new network and hostname
2026-01-11 03:23:01 +01:00
bb30e88404
router(host): allowlist only certain icmpv6 types
/ Ansible Lint (push) Failing after 2m14s
2026-01-11 00:29:16 +01:00
a41b07949c
zammad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m56s
2026-01-11 00:22:37 +01:00
ff550cbd8a
tickets(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m22s
2026-01-11 00:00:18 +01:00
49e3ecb986
netbox(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m3s
2026-01-09 03:05:29 +01:00
a622f21b54
renovate(host): move to new network and hostname
2026-01-07 18:46:27 +01:00
40b67c6bc3
sunders(host): move to new network and hostname
2026-01-07 18:46:16 +01:00
fbd3ea5496
base_config: disable cloud-init ssh module to avoid hostkey regeneration
...
/ Ansible Lint (push) Failing after 1m55s
It should run once on first boot anyway and since it apparently runs for
every change in the Proxmox cloud init config, disable it, so it
doesn't, since it's annoying to have "random" hostkey changes.
2026-01-07 18:09:48 +01:00
80ddb2efc9
router: enable a DHCP server for the v4-NAT network as well
...
As the hosts don't really need a static v4, just do DHCP.
2026-01-07 17:25:27 +01:00
a328e92971
Should be compatible with trixie/13
/ Ansible Lint (push) Failing after 2m5s
2026-01-03 14:03:26 +01:00
25db54b8ad
Make sure pip is installed
2026-01-03 14:02:56 +01:00
944c8cde82
onlyoffice(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m5s
2025-12-17 03:34:39 +01:00
366456eff8
keycloak(host): move to new network and hostname
...
/ Ansible Lint (push) Failing after 1m56s
Also just listen on port 8443 for keycloak-admin proxy protocol.
2025-12-16 21:50:40 +01:00
1ca71a053e
pad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m57s
2025-12-16 21:12:21 +01:00
b9add5bda3
cloud(host): set correct new proxy protocol reverse proxy ip
2025-12-16 20:59:15 +01:00
570600fce3
eh22-wiki(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2025-12-16 20:58:05 +01:00
5a476f2103
cloud(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m0s
2025-12-16 20:47:44 +01:00
b72dee0d6d
wiki(host): actually have nginx listen on v6
/ Ansible Lint (push) Failing after 1m58s
2025-12-16 19:52:24 +01:00
8b94a49f5e
wiki(host): move to new network and internal hostname
/ Ansible Lint (push) Failing after 2m2s
2025-12-16 19:23:33 +01:00
5f98dca56c
router(host): expose public v6 networks
...
Also prepare for exposing public v4 networks later.
2025-12-16 19:03:36 +01:00
66ee44366b
public-reverse-proxy: New IP of wiki VM
2025-12-14 15:39:03 +01:00
183b91b9f2
router(host): add nftables config for basic router functionality
/ Ansible Lint (push) Failing after 1m56s
2025-12-13 22:07:38 +01:00
