CCCHH/ansible-infra

Author	SHA1	Message	Date
bitwhisker	57ae1456a0	unbound(role): move resolvd vars to task Some checks failed / Ansible Lint (pull_request) Successful in 2m37s Details / build (pull_request) Failing after 2m40s Details / Ansible Lint (push) Successful in 2m21s Details	2026-05-26 10:43:56 +02:00
bitwhisker	c051fc6337	unbound(role): make unbound thread number configurable Some checks failed / Ansible Lint (pull_request) Failing after 2m34s Details / Ansible Lint (push) Failing after 2m36s Details / build (pull_request) Failing after 2m40s Details	2026-05-26 10:30:35 +02:00
bitwhisker	960315d182	unbound(role): reformat config template and use all vcpus Some checks failed / build (pull_request) Failing after 2m41s Details / Ansible Lint (push) Failing after 2m44s Details / Ansible Lint (pull_request) Failing after 2m44s Details	2026-05-26 10:21:29 +02:00
bitwhisker	bb127d1375	unbound(role): remove tags inside role	2026-05-26 10:21:29 +02:00
bitwhisker	84b1fa70ce	unbound(role): add FIXME note to unbound prometheus exporter install	2026-05-26 10:21:29 +02:00
bitwhisker	0a74ac02c2	unbound(role): use existing deploy_systemd_resolved_config role and some reordering	2026-05-26 10:21:29 +02:00
bitwhisker	a19262eae0	kea_dhcp(role): make stork-agent.env smaller and add link to documentation	2026-05-26 10:21:29 +02:00
bitwhisker	09a4869ac1	kea_dhcp(role): fix indentation in template	2026-05-26 10:21:28 +02:00
bitwhisker	2798e9e01c	kea_dhcp(role): add README.md	2026-05-26 10:21:28 +02:00
bitwhisker	9bff86df7f	kea_dhcp(role): some fixes and removing arch part - remove tags from tasks - remove archlinux part - use debian default package for kea	2026-05-26 10:21:28 +02:00
bitwhisker	bbf45e91f4	rt1(z9 host) unbound(role) kea_dhcp(role): create unbound and kea_dhcp role for rt1 - create unbound role - create kea_dhcp role - configure unbound and keadhcp on rt1(z9 host)	2026-05-26 10:21:28 +02:00
June	4574dbf4ba	secrets(role): introduce secrets role for storing secrets Some checks failed / Ansible Lint (push) Successful in 2m18s Details / build (push) Failing after 2m40s Details Allows storage of secrets to then be referenced in other places. The motivation was storing WireGuard secrets for systemd-networkd.	2026-05-23 22:40:17 +02:00
lilly	3541c68357	disable dnssec for catalog zones on auth-dns All checks were successful / Ansible Lint (push) Successful in 2m35s Details Catalog zones are not real zones in the DNS hierarchy and don't have a parent zone. Therefore they will never have a valid DNSSEC delegation so we should skip signing those zones.	2026-05-19 11:01:52 +02:00
June	73e77bde70	tag plays in playbooks (instead of tasks in roles) All checks were successful / Ansible Lint (pull_request) Successful in 3m18s Details / Ansible Lint (push) Successful in 2m20s Details	2026-05-19 00:24:10 +02:00
June	6b19f69135	renovate(role): add cleanup service and timer for renovate volume All checks were successful / Ansible Lint (push) Successful in 2m25s Details With time the volume seems to just keeps growing with cache data, so clean it up once a day.	2026-05-19 00:23:26 +02:00
jtbx	83e6f76464	deploy_systemd_journal_config(role): Disable ForwardToSyslog Some checks failed / Ansible Lint (pull_request) Failing after 29m12s Details / Ansible Lint (push) Successful in 41m19s Details We don't want hour journalctl logs mirrored to /var/log/syslog	2026-05-15 19:25:44 +02:00
lilly	637dc6b25a	consider ansible-pull jobs failed after 30 minutes All checks were successful / Ansible Lint (pull_request) Successful in 2m27s Details / Ansible Lint (push) Successful in 2m32s Details	2026-05-13 16:53:57 +02:00
lilly	bc4df9a3f4	fix ansible-lint warnings of knot role All checks were successful / Ansible Lint (push) Successful in 2m31s Details	2026-05-07 23:45:48 +02:00
lilly	50beedbc62	configure metric scraping from knot on auth-dns Some checks failed / Ansible Lint (push) Failing after 6m12s Details	2026-05-06 15:51:38 +02:00
lilly	5283d2da95	improve knot roles reloading behavior With this change, the nameserver is not restarted on configuration updates but only reloaded instead.	2026-05-06 14:33:04 +02:00
June	3aa146d723	nftables(role): reload instead of restart Some checks failed / Ansible Lint (push) Failing after 3m22s Details This should make the role more robust against misconfigurations.	2026-05-06 14:19:38 +02:00
lilly	fa021fb737	migrate dns zone ccchh.net. to new auth-dns server All checks were successful / Ansible Lint (push) Successful in 2m27s Details	2026-05-06 12:12:54 +02:00
lilly	416ca85b11	rename auth_dns -> knot role Some checks failed / Ansible Lint (pull_request) Successful in 2m37s Details / Ansible Lint (push) Has been cancelled Details	2026-05-06 11:52:33 +02:00
lilly	8c1553c707	fix role name auth-dns -> auth_dns Some checks failed / Ansible Lint (push) Failing after 2m38s Details / Ansible Lint (pull_request) Failing after 2m40s Details	2026-05-06 11:47:10 +02:00
lilly	6fa2d65db2	enable auth-dns role to actually configure useful zones	2026-05-06 11:47:10 +02:00
lilly	fa94d59df6	add barebones knot config This configuration does not yet do much but it provisions a knot server that runs.	2026-05-06 11:47:10 +02:00
lilly	d880eb8677	fix systemd-resolved not being installed All checks were successful / Ansible Lint (pull_request) Successful in 2m27s Details / Ansible Lint (push) Successful in 2m25s Details closes #88	2026-05-03 16:50:45 +02:00
lilly	c304a1c82a	add README.md to deploy_systemd_resolved_config role All checks were successful / Ansible Lint (pull_request) Successful in 2m31s Details / Ansible Lint (push) Successful in 2m24s Details	2026-05-02 01:01:23 +02:00
lilly	58ced1a85e	add capability to disable systemd-resolved to base_config role All checks were successful / Ansible Lint (push) Successful in 2m28s Details / Ansible Lint (pull_request) Successful in 2m24s Details	2026-05-01 00:16:43 +02:00
lilly	0330c6b6ca	reduce ansible grafana log verbosity by using loop_control labels All checks were successful / Ansible Lint (push) Successful in 2m27s Details	2026-04-24 15:32:43 +02:00
June	8bf6dfbefb	certbot(role): support DNS-01 certs using acme-dns All checks were successful / Ansible Lint (push) Successful in 3m36s Details Introduce new configuration structure called certbot__certs, which allows for different challenge types per cert with the first challenge type supported being dns-01-acme-dns.	2026-03-31 16:48:00 +02:00
June	2b5f261cd3	docker(role): move automatic cleanup of unused Docker data here All checks were successful / Ansible Lint (push) Successful in 2m20s Details Move the automatic cleanup of unused Docker data to the docker role from the docker_compose role, so that hosts, which only use Docker (like renovate) also have an automatic cleanup set up. Also use a systemd timer instead of cron.	2026-03-06 21:09:47 +01:00
June	fee18bd349	certbot(role): allow empty list of certificate domains All checks were successful / Ansible Lint (push) Successful in 11m4s Details Also explicitly document that they are used with the HTTP-01 challenge. This is in preparation for adding a new option with DNS-01 challenge support.	2026-03-05 14:37:17 +01:00
June	3820a97584	certbot(role): move arguments documentation into README Do this to match how it's done in newer roles.	2026-03-05 14:37:17 +01:00
June	711f2f1c64	certbot(role): don't use certbot__version_spec anymore as its not used All checks were successful / Ansible Lint (push) Successful in 8m7s Details	2026-03-01 20:08:49 +01:00
Stefan Bethke	08101ccef1	Fix permission	2026-02-22 18:37:01 +01:00
Stefan Bethke	d26fbf2577	Allow syncing an arbitrary set of files to the target	2026-02-22 18:21:47 +01:00
June	7b8dab07b6	distribution_check(role): remove role as it's not really needed As the roles are used internally only anyway, we don't need to specify compatbilities like this and don't properly use it anyway.	2026-02-09 17:49:49 +01:00
June	2e5b0ab940	nginx(role): to not log IPs, just disable the access log All checks were successful / Ansible Lint (push) Successful in 2m16s Details	2026-01-27 18:18:17 +01:00
Stefan Bethke	c33ae36af3	Enable IPv6 by default	2026-01-25 22:40:36 +01:00
Stefan Bethke	2cd0811b29	Fix warning	2026-01-25 22:40:36 +01:00
chris	5693989c38	add alloy to the z9 hosts and some cleanup Some checks failed / Ansible Lint (push) Failing after 45s Details	2026-01-25 21:44:49 +01:00
chris	c7d51af5b4	rollout Alloy to replace prometheus_node_exporter With the new network we need to deploy a push based solution in order to get metrics into prometheus	2026-01-25 21:44:49 +01:00
June	995dbb06e2	wip: alloy	2026-01-25 21:44:49 +01:00
June	652aa32e21	docker_compose(role): document new build and pull arguments Some checks failed / Ansible Lint (push) Failing after 40s Details	2026-01-25 20:49:39 +01:00
Stefan Bethke	d35f1cc779	GPG must be installed for the docker role to be able to add the repo Some checks failed / Ansible Lint (push) Failing after 43s Details	2026-01-25 15:31:42 +01:00
Stefan Bethke	f887de25c5	make building and pulling configurable Some checks failed / Ansible Lint (push) Failing after 40s Details	2026-01-25 13:26:20 +01:00
Stefan Bethke	664b9115b8	Fix warning Some checks failed / Ansible Lint (push) Failing after 44s Details	2026-01-25 13:01:52 +01:00
June	d514688574	systemd_networkd(role),router(host): support global config to fix forw. All checks were successful / Ansible Lint (push) Successful in 1m58s Details With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now.	2026-01-18 19:21:33 +01:00
June	951ec7ebcd	netbox(role): fix oidc integration by no longer using is_staff Some checks failed / Ansible Lint (push) Failing after 1m56s Details is_staff got removed in 4.5.0. See: https://github.com/netbox-community/netbox/releases/tag/v4.5.0	2026-01-13 02:25:06 +01:00

1 2 3

112 commits