CCCHH/ansible-infra
CCCHH/ansible-infra
18
0
Fork 0
Code Issues 5 Pull requests Wiki Activity
266 commits 1 branch 0 tags 1.6 MiB
Commit graph

227 commits

Author SHA1 Message Date
June 1921a75339
public-reverse-proxy: add config for hydra.hamburg.ccc.de 2024-10-29 23:52:30 +01:00
Herr-Dante 735fe0ca9b Add local port forwarding for debug sessions 2024-10-27 22:27:07 +01:00
christian 34dc6d9a84
Reduce Host Memory is underutilized to 10% 2024-10-18 21:15:20 +02:00
Stefan Bethke b660d937dc Allow GPG keys as uploads 2024-10-18 12:40:24 +02:00
Stefan Bethke 2f00d21821 Redirect home page to wiki 2024-10-13 13:50:50 +02:00
Stefan Bethke 235e6e514f Move Pretix from hackertours to tickets 2024-10-13 09:10:10 +02:00
June 7cd4a9a723
public-reverse-proxy: add config for staging.hackertours.hamburg.ccc.de 2024-10-12 22:08:28 +02:00
June d7a9534eeb
public-reverse-proxy: use public-web-static as host for hackert. ccchh 2024-10-12 22:00:14 +02:00
Stefan Bethke a35fcc13cf Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra 2024-10-08 20:28:57 +02:00
Stefan Bethke 2fc54f5a83 Add missing headers to avoid CSRF errors 2024-10-08 20:28:56 +02:00
June 4cac84e7ec
prometheus: have different disk alerts for physical and virtual hosts 
Have more relaxed read/write alerts for physical hosts as they are
probably hypervisors and regular high read/writes are more common.
Also differentiate between physical and virtual hosts for IO alerts and
allow for hard disks to spend more time in IO.
 2024-10-05 17:22:45 +02:00
June f721dd9fea
prometheus: make opnsense-ccchh job not fail half the time 
The scrape seems to take around a second to complete and with the
configured timeout of 1s that failed half the time. Therefore use the
default, more relaxed scrape interval and timeout and have it be
reliable.
 2024-10-05 17:22:45 +02:00
christian d8188d192b
Use keycloak version 26 2024-10-04 17:07:49 +02:00
Stefan Bethke 43ca24b5e2 Take website image from Forgejo 2024-10-03 19:44:43 +02:00
Stefan Bethke 229daa72fc Redirect plain URL to hash for ticket deep links 2024-10-03 19:44:15 +02:00
June 0a05cad0a1
prometheus & alertmanager: add self-alerting 
Add self-alerting for Prometheus and Alertmanager using rules from
https://samber.github.io/awesome-prometheus-alerts/rules
 2024-10-02 04:13:37 +02:00
June 2e29b78f6a
prometheus: move Jitsis node exporter target to hosts job 2024-10-02 03:45:56 +02:00
June 61edc3587f
alertmanager: give Alertmanager a persistent storage directory 2024-10-02 03:43:22 +02:00
June 30876f821c
prometheus, alertmanager: use Prometheus alerts with Alertmanager 
For now introduce node-exporter/hosts alert rules, which got taken from
https://samber.github.io/awesome-prometheus-alerts/rules
However with the labels removed from the description, since they don't
render correctly (at least in Telegram) and don't seem to provide much
value, as we render the labels in the notification anyway.

Also only have Telegram as the notification channel for now, as it was
the easiest to set up.
 2024-10-02 03:36:30 +02:00
June 803b19de0a
prometheus: add job for node exporter (for the NixOS VMs for now) 2024-10-01 20:09:42 +02:00
June 29d2d2926f
prometheus: don't duplicate scrape interval and timeout 2024-10-01 01:59:33 +02:00
June e81ae5165f
public-reverse-proxy: config for eh20 static website deploy 2024-09-28 05:04:01 +02:00
Stefan Bethke 5b043ff852 Remove deprecated property 2024-09-13 20:05:17 +02:00
Stefan Bethke a41af95f20 Upgrade to current version 2024-09-13 20:00:39 +02:00
Stefan Bethke dfbc8e58a9 USe unless-stopped instead of always 2024-09-08 17:45:00 +02:00
Stefan Bethke 475a758f83 unattended upgrade all packages 2024-09-02 20:44:55 +02:00
Stefan Bethke 94a5db2215 Add pretalx 2024-08-18 09:20:28 +02:00
Stefan Bethke d7d743ce8b Update to newest version 2024-08-17 18:22:44 +02:00
Stefan Bethke daf2a1dd85 Move to standard image and a config file 2024-08-16 20:16:19 +02:00
Stefan Bethke e9adeecc93 Avoid docker compose down 2024-08-11 21:21:51 +02:00
Stefan Bethke 7a0935cecf Make sure anacron is installed 2024-08-11 21:08:57 +02:00
Stefan Bethke 343a67e0e7 Add auto-update 
* for all hosts, use debops.unattended_upgrades
* for docker compose, install a cron job pulling new images and restarting affected containers
 2024-08-11 20:49:21 +02:00
June 09cbe7340f
public-reverse-proxy: add config for design.hamburg.ccc.de 2024-08-11 00:59:47 +02:00
June fe752495ae
id: allow z9 ipv6 range to access admin interface 2024-08-05 23:32:58 +02:00
June 70a27ec79c
light: use new combined cert and make server reachable over v6 
The server being reachable over v6 is needed for the new method of
getting the cert directly via http challenge over v6.
 2024-07-30 00:14:09 +02:00
christian a23c152d8e
nextcloud: configure maintenance window start time 
See: https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html#maintenance-window-start
 2024-07-29 21:42:48 +02:00
christian 6ad42219c0
Pull nextcloud image from our own image registry 2024-07-29 20:23:17 +02:00
christian f8ac16f65b
Use our Keycloak custom image 
We build our custom Keycloak image with our own theme located at https://git.hamburg.ccc.de/CCCHH/oci-images
 2024-07-27 01:32:33 +02:00
Stefan Bethke ea713aa162 Allow members of intern to issue invites 2024-07-23 21:23:11 +02:00
Stefan Bethke cbb0842539 Add missing parameters 2024-07-16 09:24:46 +02:00
Stefan Bethke 4f5da885ea Add missing params 2024-07-15 18:52:48 +02:00
Stefan Bethke 94f65f8fe7 Add invite to Keycloak 2024-07-15 12:37:36 +02:00
June a990c96eb1
Upgrade to Keycloak 25 and move to new config options 
https://www.keycloak.org/docs/latest/upgrading/index.html#new-hostname-options
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
 2024-07-15 01:40:07 +02:00
Stefan Bethke ad8d27cd6a Take base wordpress from image 2024-07-04 11:21:46 -04:00
June 1e25ebf1e9
Add reverse proxy config for woodpecker.hamburg.ccc.de 2024-06-22 02:11:14 +02:00
June 647c2fc005
Also ensure NGINX repo and install before apt update for nextcloud_hosts 
Do that because the nextcloud role uses NGINX via the nginx role
internally as well, but nextcloud_hosts aren't necessarily in the
nginx_hosts group then.
 2024-06-18 01:37:41 +02:00
June 11bbf187c6
Ensure NGINX repo and install before apt update, so that it works 
Ensure NGINX repo and install on nginx_hosts before apt update, so that
the latest NGINX key is deployed and apt update won't fail on an invalid
signature on these hosts.
Also only run the gnupg install if gnupg isn't present in the nginx
repo_setup.yaml to make that work.
 2024-06-18 01:14:00 +02:00
June fb4aabc772
Add reverse proxy config for hacker.tours and staging.hacker.tours 2024-06-17 22:16:49 +02:00
Stefan Bethke f67483fa46 Add lists.c3lingo.org 2024-06-16 16:39:19 +02:00
June ec400ed7d6
Use new IP for eh22-wiki host 2024-06-13 22:30:29 +02:00