253 commits

Author	SHA1	Message	Date
June	1ea63a19d3	maintenance(playbook): ensure docker repo and install before update ... As with ensuring the nginx repo setup and install on relevant hosts, do the same for docker.	2025-02-18 05:48:01 +01:00
June	7420ed6010	nginx(role): split up repo setup and install task lists to estab. conv. ... Split up repo setup and package installation after all to establish this as a convention (its already done this way in the docker role and was done this way in the nginx role before) to highlight that an external repo is used.	2025-02-18 05:43:39 +01:00
June	d62c070ccc	maintenance(playbook): fix playbook by using updated nginx role res.	2025-02-18 05:17:38 +01:00
June	5e5c980f14	check(playbook): print all held packages	2025-02-18 04:32:43 +01:00
June	ff540126a1	add chaosknoten to hosts and new hypervisors group ... Also exclude that group from the tasks otherwise targeting all hosts.	2025-02-16 02:34:14 +01:00
June	2ec1471d7f	netbox: move NetBox from NixOS to Ansible ... Also introduce netbox_hosts group for applying netbox role to multiple hosts.	2025-02-15 19:57:15 +01:00
June	70d4ce9a2d	eh22-wiki: ensure base for CI deploy of styleguide under /design/	2025-02-12 19:02:53 +01:00
June	bdbd9ce195	eh22-wiki: setup EH22 wiki using Ansible by copying and mod. wiki config ... Also introduce wiki_hosts group for applying dokuwiki role to multiple hosts.	2025-02-10 23:40:39 +01:00
c6ristian	328ec744cc	Add base_config and deploy_systemd_journal_config	2025-01-19 20:30:05 +01:00
June	07dbbf055c	reorganize (config) files and templates into one "resources" dir ... This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.	2024-12-08 02:55:25 +01:00
June	f16f8697c2	move roles, files and templates dirs out of playbook dir into root dir ... Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the "playbooks" directory to find the files and templates for a host. Therefore move them out of the "playbooks" directory into the root directory and add symlinks so everything still works. Similarly for local roles, they also need to be next to the playbooks. So for a nicer structure, move the "roles" directory out into the root directory as well and add a symlink so everything still works. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles	2024-12-08 02:55:25 +01:00
June	2460c31e78	check.yaml: add logic for printing all .dpkg-* files	2024-12-08 02:55:25 +01:00
June	2a4d3c5415	check.yaml: introduce check playbook with it printing host distro info ... This playbook is for checking various host parameters.	2024-12-08 02:55:25 +01:00
June	e6d6d9eed0	report changed properly for "deactivate short moduli" task ... This fixes the ansible-lint no-changed-when complaint and also allows to notify the reboot handler.	2024-12-01 22:20:15 +01:00
June	e3a29c422a	convert two reboot tasks running on changed to handlers ... This fixes ansible-lint no-handler complaints.	2024-12-01 04:38:07 +01:00
June	cf5e6c4e1a	fix ansible-lint error by not comparing to literal false	2024-11-23 02:56:16 +01:00
June	4060dbbe21	fix all ansible-lint yaml errors (except for line-length)	2024-11-23 02:49:23 +01:00
c6ristian	433008d211	Cleanup old configurations we no longer use. ... We have a bunch of old hosts, host_vars and roles we no longer use. There is no real value to keep them as they can just be fetched from the git history, should they be needed again. This make gettin a overview of the repository much simpler.	2024-11-22 23:09:35 +01:00
Stefan Bethke	739a2e1cbd	Redirect to 38c3 hackertours shop for now	2024-11-18 12:22:45 +01:00
June	9faf2f731d	public-reverse-proxy: add config for www. and staging.c3cat.de	2024-11-12 23:07:14 +01:00
c6ristian	a386f9e2eb	custom alerts for CI VMs ... its expected for some VMs to have high Read / Write rates for some time so this is a custom alerts for ours CI VMs	2024-11-10 17:06:41 +01:00
c6ristian	3284fae62a	Add more prometheus node exporter	2024-11-05 19:16:28 +01:00
c6ristian	261bd7d654	Add prometheus-node-exporter role and add it to most hosts	2024-11-03 21:27:51 +01:00
c6ristian	88b8d3b9ba	Update Nextcloud to version 29	2024-10-31 23:17:24 +01:00
Stefan Bethke	d526e9fdfa	Add cron job to prune old images	2024-10-31 11:27:12 +01:00
Stefan Bethke	f184ad220b	Update to current version	2024-10-31 11:26:57 +01:00
June	1921a75339	public-reverse-proxy: add config for hydra.hamburg.ccc.de	2024-10-29 23:52:30 +01:00
Herr-Dante	735fe0ca9b	Add local port forwarding for debug sessions	2024-10-27 22:27:07 +01:00
c6ristian	34dc6d9a84	Reduce Host Memory is underutilized to 10%	2024-10-18 21:15:20 +02:00
Stefan Bethke	b660d937dc	Allow GPG keys as uploads	2024-10-18 12:40:24 +02:00
Stefan Bethke	2f00d21821	Redirect home page to wiki	2024-10-13 13:50:50 +02:00
Stefan Bethke	235e6e514f	Move Pretix from hackertours to tickets	2024-10-13 09:10:10 +02:00
June	7cd4a9a723	public-reverse-proxy: add config for staging.hackertours.hamburg.ccc.de	2024-10-12 22:08:28 +02:00
June	d7a9534eeb	public-reverse-proxy: use public-web-static as host for hackert. ccchh	2024-10-12 22:00:14 +02:00
Stefan Bethke	a35fcc13cf	Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra	2024-10-08 20:28:57 +02:00
Stefan Bethke	2fc54f5a83	Add missing headers to avoid CSRF errors	2024-10-08 20:28:56 +02:00
June	4cac84e7ec	prometheus: have different disk alerts for physical and virtual hosts ... Have more relaxed read/write alerts for physical hosts as they are probably hypervisors and regular high read/writes are more common. Also differentiate between physical and virtual hosts for IO alerts and allow for hard disks to spend more time in IO.	2024-10-05 17:22:45 +02:00
June	f721dd9fea	prometheus: make opnsense-ccchh job not fail half the time ... The scrape seems to take around a second to complete and with the configured timeout of 1s that failed half the time. Therefore use the default, more relaxed scrape interval and timeout and have it be reliable.	2024-10-05 17:22:45 +02:00
c6ristian	d8188d192b	Use keycloak version 26	2024-10-04 17:07:49 +02:00
Stefan Bethke	43ca24b5e2	Take website image from Forgejo	2024-10-03 19:44:43 +02:00
Stefan Bethke	229daa72fc	Redirect plain URL to hash for ticket deep links	2024-10-03 19:44:15 +02:00
June	0a05cad0a1	prometheus & alertmanager: add self-alerting ... Add self-alerting for Prometheus and Alertmanager using rules from https://samber.github.io/awesome-prometheus-alerts/rules	2024-10-02 04:13:37 +02:00
June	2e29b78f6a	prometheus: move Jitsis node exporter target to hosts job	2024-10-02 03:45:56 +02:00
June	61edc3587f	alertmanager: give Alertmanager a persistent storage directory	2024-10-02 03:43:22 +02:00
June	30876f821c	prometheus, alertmanager: use Prometheus alerts with Alertmanager ... For now introduce node-exporter/hosts alert rules, which got taken from https://samber.github.io/awesome-prometheus-alerts/rules However with the labels removed from the description, since they don't render correctly (at least in Telegram) and don't seem to provide much value, as we render the labels in the notification anyway. Also only have Telegram as the notification channel for now, as it was the easiest to set up.	2024-10-02 03:36:30 +02:00
June	803b19de0a	prometheus: add job for node exporter (for the NixOS VMs for now)	2024-10-01 20:09:42 +02:00
June	29d2d2926f	prometheus: don't duplicate scrape interval and timeout	2024-10-01 01:59:33 +02:00
June	e81ae5165f	public-reverse-proxy: config for eh20 static website deploy	2024-09-28 05:04:01 +02:00
Stefan Bethke	5b043ff852	Remove deprecated property	2024-09-13 20:05:17 +02:00
Stefan Bethke	a41af95f20	Upgrade to current version	2024-09-13 20:00:39 +02:00