June
0fb059e6bf
Add nginx reload command on new cert for all VMs with certbot and nginx
2024-01-28 04:01:06 +01:00
June
95a3901935
certbot: add possibility to specify commands to run on new certs
...
This makes it possible to e.g. reload nginx when new certificates are
present.
2024-01-28 03:29:39 +01:00
Stefan Bethke
e53da90160
Enable standalone nginx/certbox config
2024-01-26 20:46:26 +01:00
Stefan Bethke
880e77575a
Sort list alphabetically
2024-01-26 19:33:46 +01:00
Stefan Bethke
79ac891c30
Add metrics for club OPNsense
2024-01-26 19:28:09 +01:00
Stefan Bethke
0307ad6c9f
proxy access to metrics through nginx
2024-01-24 19:36:21 +01:00
Stefan Bethke
a68edb81c4
Add Grafana/Prometheus config
2024-01-24 19:12:43 +01:00
Stefan Bethke
946b35efab
Grafana-Daten auch speichern
2024-01-24 17:22:35 +01:00
Stefan Bethke
ebcde5433c
nginx mit redirect auf wiki
2024-01-23 22:36:15 +01:00
Stefan Bethke
5c4ee01e71
certbot für mumble dazu
2024-01-23 21:24:31 +01:00
June
4363b3d040
Redirect properly from wikis old to new domain
...
Make use of $request_uri redirect to the correct sub-page.
2024-01-22 22:43:52 +01:00
June
81c8bfe16b
Actually keep using $uri for DokuWiki stuff since otherwise it breaks
...
To be investigated if the $uri issue also applies for try_files.
2024-01-22 22:41:12 +01:00
June
6787c7c0d7
Use $request_uri instead of $uri, since $uri allows for injection
...
Thanks NixOS for pointing that out! :3
Also see here for an explanation:
https://reversebrain.github.io/2021/03/29/The-story-of-Nginx-and-uri-variable/
2024-01-22 22:37:10 +01:00
June
98906db4bf
Configure reverse proxy for hamburg.ccc.de, staging and www
...
This replaces next, since the new website is now live.
2024-01-22 22:35:38 +01:00
June
2659796e8b
Migrate to wiki.hamburg.ccc.de
2024-01-22 22:02:33 +01:00
June
586254c147
Actually use an IP, which isn't already in use by another service
2024-01-14 02:33:59 +01:00
June
009de7d398
Actually use correct IP for git.hamburg.ccc.de
2024-01-14 01:22:24 +01:00
June
422330f48c
Add git.hamburg.ccc.de
2024-01-14 01:12:04 +01:00
June
f265390c33
Bump Keycloak version to 23.0
2024-01-13 20:48:04 +01:00
June
ca08cf693b
Actually make spaceapi.hamburg.ccc.de work
2024-01-13 18:44:21 +01:00
June
f5af6c2074
Add c3cat.de
2023-12-29 14:40:50 +01:00
Stefan Bethke
ec7c9b9b86
Document restart issue
2023-12-19 23:20:03 +01:00
Stefan Bethke
5fcbe5cfab
Add grafana
2023-12-19 18:37:24 +01:00
Stefan Bethke
3cb72d8b81
enforce https
2023-12-10 14:03:53 +01:00
Stefan Bethke
9f4d1464bd
add de & en path prefixes for websdite
2023-12-10 00:29:49 +01:00
Stefan Bethke
ab429df4dd
Add Zammad
2023-12-09 12:28:28 +01:00
Stefan Bethke
53ba5b9561
Website dazu
2023-12-07 23:54:22 +01:00
Stefan Bethke
e630ffdf46
Small fixes
...
* fix ACME setup
* use correct port number
* use correct email sender
2023-12-03 20:34:31 +01:00
Stefan Bethke
f238182302
Pretix für Hackertours
2023-12-03 13:14:34 +01:00
Stefan Bethke
b94cb009ad
Config fuer lists dazu
2023-11-13 11:32:56 -05:00
Stefan Bethke
a9fac907d5
stbe darf von zuhause Keycloak admin
2023-11-13 11:32:56 -05:00
June
bb95923807
Add a role for deploying infrastructure authorized keys and use it
2023-11-11 00:23:20 +01:00
June
89f1b1b299
Remove call to send_only_mailserver role
2023-11-09 19:27:35 +01:00
June
7da6549727
Remove send_only_mailserver role, since its not needed anymore
2023-11-09 19:27:03 +01:00
June
b29eaba5f9
Remove hacky override for send-only-mailserver
2023-11-09 19:26:36 +01:00
June
66370eceda
Remove hacky override for send-only-mailserver
...
Remove it, since its not needed anymore.
2023-11-09 19:24:19 +01:00
June
6ae47b32f3
Configure new mailserver for Nextcloud
2023-11-09 19:16:45 +01:00
June
b6f316254f
Add Reverse Proxy config for spaceapi.hamburg.ccc.de
2023-11-05 00:57:36 +01:00
yuri
6a023f5433
Remove esphome host and role since it has been migrated to NixOS
2023-11-04 22:46:01 +01:00
June
ed74a88734
Domains don't work (anymore?), so just use IPs
2023-10-28 02:14:44 +02:00
June
95d5ed2ca9
Add Reverse Proxy config for next.hamburg.ccc.de
2023-10-25 02:19:53 +02:00
June
d99874935f
comment out another instance of non-working code
2023-10-23 21:40:46 +02:00
June
16a5d35fb0
comment out non-working code
2023-10-23 21:40:03 +02:00
christian
26181f7759
Add Redirect on id.hamburg.ccc.de to the account management page
2023-10-23 21:16:32 +02:00
June
505a2ba9f9
Add Public-Reverse-Proxy configuration for new branding-resources site
2023-10-07 05:17:25 +02:00
June
3828b8d500
Add Public-Reverse-Proxy configuration for new Element Web hosting
2023-10-07 05:17:01 +02:00
June
9b6d909d11
Add Public-Reverse-Proxy configuration for new Matrix server
2023-10-06 05:06:56 +02:00
June
856cc74d90
Make Public-Reverse-Proxy handle IPv6
2023-10-06 05:06:15 +02:00
June
ce75ba0f70
Fix smtpd.conf. listen on 127.0.0.1 and 0.0.0.0 doesn't work
2023-09-25 20:12:13 +02:00
June
718b6906c5
Allow uploading of stl files to dokuwiki
2023-09-25 18:29:06 +02:00
June
2b1a2c599b
Add link to dokuwiki docs on uploadsize
2023-09-25 18:22:31 +02:00
June
7468b4d8f6
Fix OpenSMTPD annoyingness
...
Co-authored-by: yuri <yuri@nekover.se>
2023-09-25 03:03:14 +02:00
June
fdae96fbc1
Migrate to NixOS: Remove Z9 Audio host from this repo
2023-09-25 02:59:41 +02:00
June
b295690ad5
Add playbook and accompanying role for doing maintenance
2023-09-25 02:57:30 +02:00
June
de97436706
Migrate to NixOS: Remove Z9 Public-Reverse-Proxy host from this repo
2023-09-25 02:48:56 +02:00
June
c5eae99a7f
Add reverse proxy configuration for netbox
2023-09-21 19:13:56 +02:00
jtbx
804becdd31
Wiki: Fix oauth, create role from playbook
2023-09-15 22:06:46 +02:00
June
73db1dd077
Introduce onlyoffice
2023-08-27 20:02:53 +02:00
June
c2964e1707
Remove note regarding encryption and add link to wiki
2023-08-25 22:48:56 +02:00
June
62b4f93218
Introduce Nextcloud role and deploy Cloud on Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-25 20:50:46 +02:00
June
112f1990b9
Introduce Uptime-Kuma
2023-08-12 01:47:55 +02:00
June
69621e3d7f
Add cursed override for the aes as well :S
2023-08-11 02:17:30 +02:00
June
12a1e5dc22
Move Engelsystem MAIL_PASSWORD secret to appropriate place
2023-08-11 02:05:40 +02:00
June
dd5e37fb68
Add restart: unless-stopped to Engelsystem compose
2023-08-11 02:05:20 +02:00
June
d16da59fd7
Migrate Wiki from ThinkCCCluster to Chaosknoten
...
Also do the redirect for DNS cache stuff like with aes.
2023-08-11 01:59:34 +02:00
June
d256082221
Proxy AES in Club to new location for cached DNS records
...
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
2023-08-11 00:55:47 +02:00
June
dc89d33e33
Remove acme challenge entry for aes.ccchh.net
2023-08-11 00:42:05 +02:00
June
373b219031
Migrate Engelsystem from ThinkCCCluster to Chaosknoten
2023-08-11 00:39:55 +02:00
June
993e2f2b81
Hotfix to make mail work (dang, mail is now even more cursed)
...
This entire mail setup is really cursed and needs to be re-done.
2023-08-10 03:17:03 +02:00
June
cc70903f52
Migrate Keycloak from ccchh.net to hamburg.ccc.de
2023-08-08 01:18:44 +02:00
June
09e0c710af
Migrate Keycloak from ThinkCCCluster onto Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-07 23:33:15 +02:00
Stefan Bethke
099bbe0e66
Nextcloud-Config weiter entwickeln
2023-08-05 18:59:58 +02:00
Stefan Bethke
dff8f0ee8b
pad (HedgeDoc) und cloud (NextCloud) dazu
...
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
2023-08-05 17:23:49 +02:00
June
06233d22d5
Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten
2023-08-04 14:06:37 +02:00
June
2825c5089f
Use new secrets path for z9 vm-secrets
2023-08-04 13:53:22 +02:00
June
3d238d9f63
Move z9-host-specific configs and templates into z9 subdirectories
2023-08-04 13:41:00 +02:00
June
4d12d802b8
Add link to relevant wiki page to certbot role README
2023-08-03 05:07:36 +02:00
June
96e9cdb0dc
Add relevant entry for HTTP challenge on PBS
2023-08-03 05:04:13 +02:00
June
3b3c628492
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs
2023-08-03 04:15:03 +02:00
June
48f9a2f901
Deploy certs for aes.ccchh.net using certbot role
...
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
June
542211ca25
Deploy certs for esphome.ccchh.net using certbot role
2023-08-02 23:27:40 +02:00
June
6ac4bf8240
Deploy certs for wiki.ccchh.net using certbot role
...
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
June
6651f4568d
Deploy certs for keycloak-admin and id.ccchh.net using certbot role
2023-08-02 23:07:21 +02:00
June
154a7dfa02
Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
...
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
June
f0c5c2b265
Convert certbot role to use standalone instead of webroot
...
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
June
5341f9dfba
Add role for deploying certbot and setting up certificate using it
2023-08-02 20:47:22 +02:00
Dario
59520b4db6
AES: disable goodies and vouchers
2023-07-30 16:13:49 +02:00
Dario
b89789c37a
fix aes contact email
2023-07-30 15:36:25 +02:00
June
317c822ab5
Combine playbooks for indiviual hosts into one playbook
...
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
June
c9dee93874
Deploy ssh server config on keycloak VM
2023-07-30 05:51:40 +02:00
June
c6926b0a0f
Remove incorrect check from deploy_ssh_server_config role
2023-07-30 05:49:46 +02:00
June
c2a183c013
Add missing "become: true"
2023-07-30 05:25:43 +02:00
June
2efdfcad6d
Setup repo pin. to ensure nginx package gets installed from NGINX repos
2023-07-30 05:19:22 +02:00
June
38fc33ce70
Don't use apt-key anymore, since it's deprecated
2023-07-30 01:21:43 +02:00
jtbx
efc72f70f6
audiopi: Update role
2023-07-30 01:04:25 +02:00
June
8a2c2769c8
Use new secrets path, bc of noc pass store merge into general store
2023-07-29 23:15:00 +02:00
June
23deedf0d6
Update deploy_ssh_server_config role for Debian 12 support
2023-07-29 20:17:22 +02:00
June
f62135e263
Don't reference obsolete secret env files
2023-07-29 01:47:21 +02:00
June
a12b38b284
Provide secrets for engelsystem VM from pass
2023-07-29 01:46:30 +02:00
June
69edb75112
Use correct variable for initial config in zigbee2mqtt role
2023-07-29 01:16:49 +02:00