73 commits

Author	SHA1	Message	Date
Stefan Bethke	c33ae36af3	Enable IPv6 by default	2026-01-25 22:40:36 +01:00
Stefan Bethke	2cd0811b29	Fix warning	2026-01-25 22:40:36 +01:00
chris	5693989c38	add alloy to the z9 hosts and some cleanup	2026-01-25 21:44:49 +01:00
chris	c7d51af5b4	rollout Alloy to replace prometheus_node_exporter ... With the new network we need to deploy a push based solution in order to get metrics into prometheus	2026-01-25 21:44:49 +01:00
June	995dbb06e2	wip: alloy	2026-01-25 21:44:49 +01:00
June	652aa32e21	docker_compose(role): document new build and pull arguments	2026-01-25 20:49:39 +01:00
Stefan Bethke	d35f1cc779	GPG must be installed for the docker role to be able to add the repo	2026-01-25 15:31:42 +01:00
Stefan Bethke	f887de25c5	make building and pulling configurable	2026-01-25 13:26:20 +01:00
Stefan Bethke	664b9115b8	Fix warning	2026-01-25 13:01:52 +01:00
June	d514688574	systemd_networkd(role),router(host): support global config to fix forw. ... With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now.	2026-01-18 19:21:33 +01:00
June	951ec7ebcd	netbox(role): fix oidc integration by no longer using is_staff ... is_staff got removed in 4.5.0. See: https://github.com/netbox-community/netbox/releases/tag/v4.5.0	2026-01-13 02:25:06 +01:00
June	a92e144cfc	base_config(role): ensure base set of admin tools is installed ... See: https://git.hamburg.ccc.de/CCCHH/nix-infra/src/branch/main/config/common/admin-environment.nix	2026-01-13 00:41:06 +01:00
June	fbd3ea5496	base_config: disable cloud-init ssh module to avoid hostkey regeneration ... It should run once on first boot anyway and since it apparently runs for every change in the Proxmox cloud init config, disable it, so it doesn't, since it's annoying to have "random" hostkey changes.	2026-01-07 18:09:48 +01:00
Stefan Bethke	a328e92971	Should be compatible with trixie/13	2026-01-03 14:03:26 +01:00
Stefan Bethke	25db54b8ad	Make sure pip is installed	2026-01-03 14:02:56 +01:00
June	5a476f2103	cloud(host): move to new network and hostname	2025-12-16 20:47:44 +01:00
June	d0618e3820	nftables(role): introduce role for deploying nftables	2025-12-13 22:07:37 +01:00
June	d6ba70523c	systemd_networkd(role): introd. role for deploy. systemd-networkd config	2025-12-13 22:07:35 +01:00
c6ristian	5f6000adca	ssh_config: also enable sntrup761x25519-sha512 for Debain 13 ... tldr: PQC algorithms are complex but sntrup still is not brocken	2025-11-11 22:47:42 +01:00
lilly	63917722ff	fix foobazdmx role ... poetry is available via apt now so we install it that way	2025-11-06 21:19:20 +01:00
lilly	aeec08fce8	remove distribution checks ... Signed-Off-By: june	2025-11-06 21:16:42 +01:00
c6ristian	d690f81e3d	deploy_ssh_server_config: setup ssh pq cryptography	2025-11-05 23:08:28 +01:00
June	ae60d6fea6	docker_compose(role): use community.docker.docker_compose_v2 module ... Use the community.docker.docker_compose_v2 module as it supports proper changed handling out of the box, making the roles code more straightforward and work. Also just do a docker compose restart instead of having the custom docker compose reload script. https://docs.ansible.com/ansible/latest/collections/community/docker/docker_compose_v2_module.html	2025-11-02 23:13:20 +01:00
June	9f8d2d89cd	docker_compose(role): move argument documentation to README ... Do this to match newer roles and since reading documentation from argument_specs is quite unergonomic.	2025-11-02 22:32:20 +01:00
June	e390b7c202	docker_compose(role): remove unnecessary hosts section from README ... The hosts section isn't really relevant for that role, so remove it.	2025-11-02 22:32:20 +01:00
June	8cefd07618	docker_compose(role): remove distribution check ... The distribution check isn't really needed in our setup anyway and just adds unnecessary noise.	2025-11-02 22:32:20 +01:00
June	0f4fb68c97	netbox(role): don't try to deploy removed housekeeping service and timer ... https://github.com/netbox-community/netbox/releases/tag/v4.4.0 https://github.com/netbox-community/netbox/issues/18349	2025-10-30 05:25:26 +01:00
June	23ea666906	renovate(role): always pull and use full image source ... Ensure we're always running the latest Renovate version.	2025-10-30 05:13:23 +01:00
June	83fd868977	docker(role): use full image sources	2025-10-30 04:49:44 +01:00
June	3840553f9d	docker_compose(role): add support for deploying optional .env file ... This is needed for situations, where one wants to use a vendor-provided compose file and configure it using environment variables. Like for example: https://github.com/zammad/zammad-docker-compose	2025-10-24 22:05:54 +02:00
June	8f612d1d9c	renovate: add persistent volume for base (and therefore cache) dir	2025-10-22 19:42:20 +02:00
June	b46747d251	deploy_ssh_server_config(role): add Debian 13 sshd_config reference	2025-10-17 21:27:29 +02:00
June	8388657d33	renovate(role): introduce first basic Renovate role ... Sets up Renovate using Docker and systemd service and timer to run regularly. Also add accompanying host group and playbook play.	2025-10-16 17:42:13 +02:00
June	dce4e7c4d4	ansible_pull(role): add git as a dependency to ensure is installed	2025-10-16 09:40:34 +02:00
June	dea66771e0	ansible_pull(role): ensure SOPS is installed ... Also add the SOPS community collection as a requirement for this repo.	2025-10-15 02:33:42 +02:00
June	9afbc71801	ansible_pull(role): ensure role and collection dependencies are present	2025-10-15 02:18:07 +02:00
June	eadae7a09b	ansible_pull(role): add failure notifications	2025-10-14 22:20:27 +02:00
June	afceb886dc	msmtp(role): introduce msmtp role ... Introduce msmtp role for setting up msmtp for mail sending. Also add accompanying host group and playbook play.	2025-10-14 01:40:46 +02:00
June	f943e95e2e	fix ansible_lint issues ... Use prefix for role variables, have an ending newline at the end of files and use changed_when for command. Also exclude *.sops.yaml files from ansible-lint.	2025-10-13 17:43:00 +02:00
June	952fbf85c5	ansible_pull(role): add ExecStartPost step rebooting the hosts, if nec. ... Add ExecStartPost step rebooting the hosts, if necessary.	2025-10-13 17:23:08 +02:00
June	434ddfc955	ansible_pull(role): introduce ansible_pull role ... Introduce ansible_pull role for setting up automatic ansible_pull runs. Also add accompanying host group and playbook play.	2025-10-13 16:56:18 +02:00
June	8cb6ab3d04	reboot(role): intro. reboot role, which handles local conns. gracefully ... Also use this role instead of plain ansible.builtin.reboot. This is in preparation for using ansible_pull as we don't want to have ansible.builtin.reboot fail local playbook runs.	2025-10-13 16:56:18 +02:00
Stefan Bethke	2edb3443d6	Kick yate when config file changes ... closes #29	2025-07-06 17:32:23 +02:00
c6ristian	b0660deb71	fix: nginx role ... add defaults for nginx__deploy_htpasswds and nginx__htpasswds	2025-04-28 22:23:11 +02:00
c6ristian	456117a789	adding loki	2025-04-28 20:31:55 +02:00
June	3548c1f4d6	restart ssh service instead of rebooting as this should be fine ... Active connections should survive a restart of the service and testing also didn't show any issues.	2025-04-25 02:01:29 +02:00
June	0e4df5b590	nginx(role): make loop output manageable using loop_control label	2025-02-18 06:07:47 +01:00
June	7420ed6010	nginx(role): split up repo setup and install task lists to estab. conv. ... Split up repo setup and package installation after all to establish this as a convention (its already done this way in the docker role and was done this way in the nginx role before) to highlight that an external repo is used.	2025-02-18 05:43:39 +01:00
June	89f3e55eac	docker(role): use better naming	2025-02-18 05:35:45 +01:00
June	ce812fb006	docker(role): update README ... Document Debian 12 support, enhance wording, bring structure in line with the READMEs of more modern roles and remove unnecessary sections.	2025-02-18 05:33:30 +01:00