b660d937dc
Allow GPG keys as uploads
2024-10-18 12:40:24 +02:00
2f00d21821
Redirect home page to wiki
2024-10-13 13:50:50 +02:00
235e6e514f
Move Pretix from hackertours to tickets
2024-10-13 09:10:10 +02:00
7cd4a9a723
public-reverse-proxy: add config for staging.hackertours.hamburg.ccc.de
2024-10-12 22:08:28 +02:00
d7a9534eeb
public-reverse-proxy: use public-web-static as host for hackert. ccchh
2024-10-12 22:00:14 +02:00
a35fcc13cf
Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra
2024-10-08 20:28:57 +02:00
2fc54f5a83
Add missing headers to avoid CSRF errors
2024-10-08 20:28:56 +02:00
4cac84e7ec
prometheus: have different disk alerts for physical and virtual hosts
...
Have more relaxed read/write alerts for physical hosts as they are
probably hypervisors and regular high read/writes are more common.
Also differentiate between physical and virtual hosts for IO alerts and
allow for hard disks to spend more time in IO.
2024-10-05 17:22:45 +02:00
f721dd9fea
prometheus: make opnsense-ccchh job not fail half the time
...
The scrape seems to take around a second to complete and with the
configured timeout of 1s that failed half the time. Therefore use the
default, more relaxed scrape interval and timeout and have it be
reliable.
2024-10-05 17:22:45 +02:00
d8188d192b
Use keycloak version 26
2024-10-04 17:07:49 +02:00
43ca24b5e2
Take website image from Forgejo
2024-10-03 19:44:43 +02:00
229daa72fc
Redirect plain URL to hash for ticket deep links
2024-10-03 19:44:15 +02:00
0a05cad0a1
prometheus & alertmanager: add self-alerting
...
Add self-alerting for Prometheus and Alertmanager using rules from
https://samber.github.io/awesome-prometheus-alerts/rules
2024-10-02 04:13:37 +02:00
2e29b78f6a
prometheus: move Jitsis node exporter target to hosts job
2024-10-02 03:45:56 +02:00
61edc3587f
alertmanager: give Alertmanager a persistent storage directory
2024-10-02 03:43:22 +02:00
30876f821c
prometheus, alertmanager: use Prometheus alerts with Alertmanager
...
For now introduce node-exporter/hosts alert rules, which got taken from
https://samber.github.io/awesome-prometheus-alerts/rules
However with the labels removed from the description, since they don't
render correctly (at least in Telegram) and don't seem to provide much
value, as we render the labels in the notification anyway.
Also only have Telegram as the notification channel for now, as it was
the easiest to set up.
2024-10-02 03:36:30 +02:00
803b19de0a
prometheus: add job for node exporter (for the NixOS VMs for now)
2024-10-01 20:09:42 +02:00
29d2d2926f
prometheus: don't duplicate scrape interval and timeout
2024-10-01 01:59:33 +02:00
e81ae5165f
public-reverse-proxy: config for eh20 static website deploy
2024-09-28 05:04:01 +02:00
5b043ff852
Remove deprecated property
2024-09-13 20:05:17 +02:00
a41af95f20
Upgrade to current version
2024-09-13 20:00:39 +02:00
dfbc8e58a9
USe unless-stopped instead of always
2024-09-08 17:45:00 +02:00
475a758f83
unattended upgrade all packages
2024-09-02 20:44:55 +02:00
94a5db2215
Add pretalx
2024-08-18 09:20:28 +02:00
d7d743ce8b
Update to newest version
2024-08-17 18:22:44 +02:00
daf2a1dd85
Move to standard image and a config file
2024-08-16 20:16:19 +02:00
e7a6b73e57
Add galaxy requirements
2024-08-12 11:39:50 +02:00
e9adeecc93
Avoid docker compose down
2024-08-11 21:21:51 +02:00
7a0935cecf
Make sure anacron is installed
2024-08-11 21:08:57 +02:00
343a67e0e7
Add auto-update
...
* for all hosts, use debops.unattended_upgrades
* for docker compose, install a cron job pulling new images and restarting affected containers
2024-08-11 20:49:21 +02:00
09cbe7340f
public-reverse-proxy: add config for design.hamburg.ccc.de
2024-08-11 00:59:47 +02:00
fe752495ae
id: allow z9 ipv6 range to access admin interface
2024-08-05 23:32:58 +02:00
c111c6950a
Remove zigbee2mqtt form z9/hosts.yaml
...
we migrated the zigbee2mqtt in to our home assistant
2024-07-31 20:01:23 +02:00
70a27ec79c
light: use new combined cert and make server reachable over v6
...
The server being reachable over v6 is needed for the new method of
getting the cert directly via http challenge over v6.
2024-07-30 00:14:09 +02:00
a23c152d8e
nextcloud: configure maintenance window start time
...
See: https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html#maintenance-window-start
2024-07-29 21:42:48 +02:00
6ad42219c0
Pull nextcloud image from our own image registry
2024-07-29 20:23:17 +02:00
f8ac16f65b
Use our Keycloak custom image
...
We build our custom Keycloak image with our own theme located at https://git.hamburg.ccc.de/CCCHH/oci-images
2024-07-27 01:32:33 +02:00
ea713aa162
Allow members of intern to issue invites
2024-07-23 21:23:11 +02:00
cbb0842539
Add missing parameters
2024-07-16 09:24:46 +02:00
4f5da885ea
Add missing params
2024-07-15 18:52:48 +02:00
94f65f8fe7
Add invite to Keycloak
2024-07-15 12:37:36 +02:00
a990c96eb1
Upgrade to Keycloak 25 and move to new config options
...
https://www.keycloak.org/docs/latest/upgrading/index.html#new-hostname-options
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
2024-07-15 01:40:07 +02:00
ad8d27cd6a
Take base wordpress from image
2024-07-04 11:21:46 -04:00
1e25ebf1e9
Add reverse proxy config for woodpecker.hamburg.ccc.de
2024-06-22 02:11:14 +02:00
647c2fc005
Also ensure NGINX repo and install before apt update for nextcloud_hosts
...
Do that because the nextcloud role uses NGINX via the nginx role
internally as well, but nextcloud_hosts aren't necessarily in the
nginx_hosts group then.
2024-06-18 01:37:41 +02:00
11bbf187c6
Ensure NGINX repo and install before apt update, so that it works
...
Ensure NGINX repo and install on nginx_hosts before apt update, so that
the latest NGINX key is deployed and apt update won't fail on an invalid
signature on these hosts.
Also only run the gnupg install if gnupg isn't present in the nginx
repo_setup.yaml to make that work.
2024-06-18 01:14:00 +02:00
fb4aabc772
Add reverse proxy config for hacker.tours and staging.hacker.tours
2024-06-17 22:16:49 +02:00
f67483fa46
Add lists.c3lingo.org
2024-06-16 16:39:19 +02:00
ec400ed7d6
Use new IP for eh22-wiki host
2024-06-13 22:30:29 +02:00
abcf25359e
Decommissioning mqtt in ansible
2024-06-12 21:43:46 +02:00
