Commit graph

73 commits

Author SHA1 Message Date
Stefan Bethke 7a0935cecf Make sure anacron is installed 2024-08-11 21:08:57 +02:00
Stefan Bethke 343a67e0e7 Add auto-update
* for all hosts, use debops.unattended_upgrades
* for docker compose, install a cron job pulling new images and restarting affected containers
2024-08-11 20:49:21 +02:00
christian 6ad42219c0
Pull nextcloud image from our own image registry 2024-07-29 20:23:17 +02:00
June 11bbf187c6
Ensure NGINX repo and install before apt update, so that it works
Ensure NGINX repo and install on nginx_hosts before apt update, so that
the latest NGINX key is deployed and apt update won't fail on an invalid
signature on these hosts.
Also only run the gnupg install if gnupg isn't present in the nginx
repo_setup.yaml to make that work.
2024-06-18 01:14:00 +02:00
Stefan Bethke 78837e45fe Use Forgejo instead of Gitlab 2024-05-10 19:18:54 +02:00
Stefan Bethke e96f25cc4d Add seconf foobazdmx for workshop 2024-02-26 23:07:36 +01:00
June 04d74b5c50
nginx: restart nginx on nginx.conf change
This also fixes the problem mentioned in the README.
2024-01-28 04:11:27 +01:00
June 0fb059e6bf
Add nginx reload command on new cert for all VMs with certbot and nginx 2024-01-28 04:01:06 +01:00
June 95a3901935
certbot: add possibility to specify commands to run on new certs
This makes it possible to e.g. reload nginx when new certificates are
present.
2024-01-28 03:29:39 +01:00
Stefan Bethke e53da90160 Enable standalone nginx/certbox config 2024-01-26 20:46:26 +01:00
Stefan Bethke 5c4ee01e71 certbot für mumble dazu 2024-01-23 21:24:31 +01:00
June bb95923807 Add a role for deploying infrastructure authorized keys and use it 2023-11-11 00:23:20 +01:00
June 7da6549727 Remove send_only_mailserver role, since its not needed anymore 2023-11-09 19:27:03 +01:00
June b29eaba5f9 Remove hacky override for send-only-mailserver 2023-11-09 19:26:36 +01:00
yuri 6a023f5433
Remove esphome host and role since it has been migrated to NixOS 2023-11-04 22:46:01 +01:00
June d99874935f comment out another instance of non-working code 2023-10-23 21:40:46 +02:00
June 16a5d35fb0 comment out non-working code 2023-10-23 21:40:03 +02:00
June ce75ba0f70 Fix smtpd.conf. listen on 127.0.0.1 and 0.0.0.0 doesn't work 2023-09-25 20:12:13 +02:00
June 718b6906c5 Allow uploading of stl files to dokuwiki 2023-09-25 18:29:06 +02:00
June 7468b4d8f6 Fix OpenSMTPD annoyingness
Co-authored-by: yuri <yuri@nekover.se>
2023-09-25 03:03:14 +02:00
June b295690ad5 Add playbook and accompanying role for doing maintenance 2023-09-25 02:57:30 +02:00
jtbx 804becdd31 Wiki: Fix oauth, create role from playbook 2023-09-15 22:06:46 +02:00
June 62b4f93218 Introduce Nextcloud role and deploy Cloud on Chaosknoten
Co-authored-by: Max <max@mlem.cloud>
2023-08-25 20:50:46 +02:00
Stefan Bethke 099bbe0e66 Nextcloud-Config weiter entwickeln 2023-08-05 18:59:58 +02:00
June 4d12d802b8 Add link to relevant wiki page to certbot role README 2023-08-03 05:07:36 +02:00
June f0c5c2b265 Convert certbot role to use standalone instead of webroot
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
June 5341f9dfba Add role for deploying certbot and setting up certificate using it 2023-08-02 20:47:22 +02:00
June c6926b0a0f Remove incorrect check from deploy_ssh_server_config role 2023-07-30 05:49:46 +02:00
June c2a183c013 Add missing "become: true" 2023-07-30 05:25:43 +02:00
June 2efdfcad6d Setup repo pin. to ensure nginx package gets installed from NGINX repos 2023-07-30 05:19:22 +02:00
June 38fc33ce70 Don't use apt-key anymore, since it's deprecated 2023-07-30 01:21:43 +02:00
jtbx efc72f70f6 audiopi: Update role 2023-07-30 01:04:25 +02:00
June 23deedf0d6 Update deploy_ssh_server_config role for Debian 12 support 2023-07-29 20:17:22 +02:00
June 69edb75112 Use correct variable for initial config in zigbee2mqtt role 2023-07-29 01:16:49 +02:00
June 2f7e3ae893 Build on docker compose up as well 2023-07-28 23:16:27 +02:00
yuri 18990b3b5f
Bump zigbee2mqtt to 1.32.1 2023-07-27 18:26:47 +02:00
yuri 1570b0c04e
Bump esphome to 2023.7.0 2023-07-27 18:22:58 +02:00
June b536e5c2fb Fix: Add necessary becomes 2023-07-09 00:26:20 +02:00
jtbx b2e9c22821 cert, nginx: Update for debian 12 2023-07-09 00:03:38 +02:00
jtbx 67483ece20 docker roles: Support debian 12 2023-07-08 23:47:04 +02:00
June 82b64e24c6 Fix variable name
Thanks jtbx for pointing that out!
2023-07-08 23:41:12 +02:00
June 8bc60e42a8 Extend distribution_check role to account for Ansible changes reg. facts
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
2023-07-08 19:58:02 +02:00
June 0c62a8f3e0 Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00
June 55506a003a Make Rspamd configs world-readable 2023-05-26 03:27:56 +02:00
Dario e37d84c60d
clean up foobazdmx role
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
2023-05-21 15:12:42 +02:00
yuri 2d5f116ff3
Use access token with Reporter role for foobazdmx 2023-05-21 03:03:02 +02:00
Dario a6db315138
Update foobazdmx repository url and release target
Update foobazdmx repository url in foobazdmx role to main repo.
Change commit to be checked out by ansible to latest commit on main.
2023-05-20 22:58:24 +02:00
yuri 33d1cfca1f
Move become: true into esphome role
Move become: true into zigbee2mqtt role

Remove become: true from deploy_public_reverse_proxy playbook

Remove become: true from deploy_dokuwiki playbook

Move become: true from deploy_audio_pi and deploy_light playbooks into roles

Remove become: true from deploy_keycloak playbook

Move become: true from deploy_automation playbook to mosquitto role
2023-05-10 18:02:10 +02:00
June b56ca3899d Add send_only_mailserver role and deploy Send-Only-Mailserver with it
Co-authored-by: yuri <yuri@nekover.se>
2023-05-09 23:01:57 +02:00
June f4a79fb4e2 Make it possible to set custom permissions for certificate files
This is in preparation for a role using OpenSMTPD.
2023-05-09 22:07:44 +02:00