Commit graph

219 commits

Author SHA1 Message Date
June d256082221 Proxy AES in Club to new location for cached DNS records
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
2023-08-11 00:55:47 +02:00
June dc89d33e33 Remove acme challenge entry for aes.ccchh.net 2023-08-11 00:42:05 +02:00
June 373b219031 Migrate Engelsystem from ThinkCCCluster to Chaosknoten 2023-08-11 00:39:55 +02:00
June 993e2f2b81 Hotfix to make mail work (dang, mail is now even more cursed)
This entire mail setup is really cursed and needs to be re-done.
2023-08-10 03:17:03 +02:00
June 10b91b9277 Fix jump host for pad-intern and cloud-intern on Chaosknoten 2023-08-08 01:21:07 +02:00
June cc70903f52 Migrate Keycloak from ccchh.net to hamburg.ccc.de 2023-08-08 01:18:44 +02:00
June 09e0c710af Migrate Keycloak from ThinkCCCluster onto Chaosknoten
Co-authored-by: Max <max@mlem.cloud>
2023-08-07 23:33:15 +02:00
Stefan Bethke 099bbe0e66 Nextcloud-Config weiter entwickeln 2023-08-05 18:59:58 +02:00
Stefan Bethke dff8f0ee8b pad (HedgeDoc) und cloud (NextCloud) dazu
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
2023-08-05 17:23:49 +02:00
June 06233d22d5 Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten 2023-08-04 14:06:37 +02:00
June 2825c5089f Use new secrets path for z9 vm-secrets 2023-08-04 13:53:22 +02:00
June 3d238d9f63 Move z9-host-specific configs and templates into z9 subdirectories 2023-08-04 13:41:00 +02:00
June 4d12d802b8 Add link to relevant wiki page to certbot role README 2023-08-03 05:07:36 +02:00
June 96e9cdb0dc Add relevant entry for HTTP challenge on PBS 2023-08-03 05:04:13 +02:00
June 3b3c628492 Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs 2023-08-03 04:15:03 +02:00
June 48f9a2f901 Deploy certs for aes.ccchh.net using certbot role
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
June 542211ca25 Deploy certs for esphome.ccchh.net using certbot role 2023-08-02 23:27:40 +02:00
June 6ac4bf8240 Deploy certs for wiki.ccchh.net using certbot role
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
June 6651f4568d Deploy certs for keycloak-admin and id.ccchh.net using certbot role 2023-08-02 23:07:21 +02:00
June 154a7dfa02 Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
June f0c5c2b265 Convert certbot role to use standalone instead of webroot
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
June 5341f9dfba Add role for deploying certbot and setting up certificate using it 2023-08-02 20:47:22 +02:00
June 1b45e94960 Add redhat.ansible extension to VSCode Workspace Recommendations 2023-07-30 19:30:06 +02:00
June 1613e2d25c Describe new way of secret storage 2023-07-30 19:27:04 +02:00
Dario 59520b4db6
AES: disable goodies and vouchers 2023-07-30 16:13:49 +02:00
Dario b89789c37a
fix aes contact email 2023-07-30 15:36:25 +02:00
June a7565d5f35 Deploy SSH Server config to public-reverse-proxy and wiki hosts 2023-07-30 07:06:26 +02:00
June 6994cfa123 Use correct ansible_host for mqtt host 2023-07-30 07:01:06 +02:00
June 317c822ab5 Combine playbooks for indiviual hosts into one playbook
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
June 042ff7c2ec Move keycloak and public-reverse-proxy to new debian_12 group
Do this, since they are on Debian 12.
2023-07-30 05:53:39 +02:00
June c9dee93874 Deploy ssh server config on keycloak VM 2023-07-30 05:51:40 +02:00
June c6926b0a0f Remove incorrect check from deploy_ssh_server_config role 2023-07-30 05:49:46 +02:00
June c2a183c013 Add missing "become: true" 2023-07-30 05:25:43 +02:00
June 2efdfcad6d Setup repo pin. to ensure nginx package gets installed from NGINX repos 2023-07-30 05:19:22 +02:00
June 38fc33ce70 Don't use apt-key anymore, since it's deprecated 2023-07-30 01:21:43 +02:00
jtbx efc72f70f6 audiopi: Update role 2023-07-30 01:04:25 +02:00
June 8a2c2769c8 Use new secrets path, bc of noc pass store merge into general store 2023-07-29 23:15:00 +02:00
June 23deedf0d6 Update deploy_ssh_server_config role for Debian 12 support 2023-07-29 20:17:22 +02:00
June f62135e263 Don't reference obsolete secret env files 2023-07-29 01:47:21 +02:00
June a12b38b284 Provide secrets for engelsystem VM from pass 2023-07-29 01:46:30 +02:00
June f695afa981 Provide network_key for zigbee2mqtt from pass 2023-07-29 01:28:44 +02:00
June 69edb75112 Use correct variable for initial config in zigbee2mqtt role 2023-07-29 01:16:49 +02:00
June 51c1b667f4 Provide secrets for keycloak VM from pass 2023-07-29 00:59:01 +02:00
Dario 8fa4e5af3e Merge branch 'feature/aes_lingo_patches' into 'main'
AES: patch code and l10n to add train drivers license

See merge request ccchh/thinkcccentre-ansible!3
2023-07-28 22:26:04 +00:00
Dario c3fc040751
AES: patch code and l10n to add train drivers license 2023-07-28 23:59:02 +02:00
June 727cd0bc74 Bump Keycloak to 22.0 2023-07-28 23:16:46 +02:00
June 2f7e3ae893 Build on docker compose up as well 2023-07-28 23:16:27 +02:00
yuri 18990b3b5f
Bump zigbee2mqtt to 1.32.1 2023-07-27 18:26:47 +02:00
yuri 1570b0c04e
Bump esphome to 2023.7.0 2023-07-27 18:22:58 +02:00
jtbx d5285a3fd2 deploy an engelsystem named AES 2023-07-09 01:57:55 +02:00