ac342ec044
Update docker.io/library/postgres Docker tag to v18
/ Ansible Lint (push) Successful in 2m47s
/ Ansible Lint (pull_request) Successful in 2m52s
2026-01-28 14:45:58 +00:00
9c2fe5ea9b
public-reverse-proxy(host): remove cpuccc.hamburg.ccc.de alias
/ Ansible Lint (push) Successful in 2m19s
2026-01-28 15:32:29 +01:00
06ae220857
Remove spaceapiccc.hamburg.ccc.de
/ Ansible Lint (push) Successful in 2m9s
2026-01-27 22:35:28 +01:00
1f2a08cf15
Spell stuff correctly
/ Ansible Lint (push) Successful in 2m10s
2026-01-27 20:16:57 +01:00
3bba747dab
Configure seperate server for spaceapi.ccc.de
/ Ansible Lint (push) Successful in 2m32s
2026-01-27 16:30:00 +01:00
200e8019ed
public-reverse-proxy: add config for local/lokal.ccc.de
...
/ Ansible Lint (push) Successful in 2m13s
local/lokal.ccc.de points to cpu.ccc.de.
2026-01-27 15:49:38 +01:00
c8edde4d11
Pretty up
/ Ansible Lint (push) Failing after 56s
2026-01-26 00:20:27 +01:00
0f3cd2c70a
amcedns to enable Let's Encrypt DNS-01 challenges
/ Ansible Lint (push) Failing after 38s
2026-01-25 22:41:42 +01:00
6a92aa68c1
light: fix tls cert expiring and not renewing
/ Ansible Lint (push) Failing after 39s
2026-01-25 22:36:30 +01:00
c7d51af5b4
rollout Alloy to replace prometheus_node_exporter
...
With the new network we need to deploy a push based solution in order to get metrics into prometheus
2026-01-25 21:44:49 +01:00
11779ab21d
grafana: get alertmanager to be more chill
...
/ Ansible Lint (push) Waiting to run
a bit of help to deal with alert fatigue
2026-01-25 21:41:20 +01:00
0939771d08
public-reverse-proxy(host): add entries for cpu.ccc.de
/ Ansible Lint (push) Failing after 43s
2026-01-25 20:22:44 +01:00
cee1fe970a
Add spaceapiccc as a replacement for erfafoo
/ Ansible Lint (push) Failing after 42s
2026-01-25 14:03:54 +01:00
ddaa069204
status(host): configure Gatus to store more results and events
...
/ Ansible Lint (push) Successful in 1m52s
Also see:
https://github.com/TwiN/gatus?tab=readme-ov-file#storage
2026-01-18 21:39:23 +01:00
28f80a85f3
status(host): Switch to nekover.se user for personal token
...
/ Ansible Lint (push) Successful in 1m53s
As access token now apparently expire with matrix authentication services,
use a nekover.se user where we can get a long-lived personal token.
2026-01-18 19:49:59 +01:00
d514688574
systemd_networkd(role),router(host): support global config to fix forw.
...
/ Ansible Lint (push) Successful in 1m58s
With the router upgrade to Debian 13 the systemd version got upgraded as
well breaking the current configuration for IP forwarding.
Add a variable for global systemd-networkd configuration and use that to
enable IPv4 and IPv6 forwarding on the router.
The systemd_networkd role could be a bit nicer, not deploying/deleting
the global configuration, if the variable is empty and
reloading/restarting systemd-networkd at appropriate times. But as is
works for now.
2026-01-18 19:21:33 +01:00
fe52127e82
status(host): configure external status page and uptime monitoring host
/ Ansible Lint (push) Failing after 2m0s
2026-01-18 01:26:52 +01:00
51bbdd42a2
dooris(host): make certbot work
/ Ansible Lint (push) Failing after 2m6s
2026-01-13 16:55:22 +01:00
428b5c70bc
pretalx(host): roll back to pretalx v2025.1.0 for celery as well
2026-01-13 14:19:57 +01:00
3e0fdfa8de
pretalx(host): roll back to pretalx v2025.1.0 as v2025.2.2 doesn't work
/ Ansible Lint (push) Failing after 1m56s
2026-01-13 03:43:28 +01:00
c638790819
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m31s
/ Ansible Lint (push) Failing after 2m5s
2026-01-12 02:30:47 +00:00
968e29ccb8
do v6-only for internal proxy protocol communication
...
/ Ansible Lint (push) Failing after 2m5s
Since we want to do v6-only internally, only listen on v6 for proxy
protocol.
This is also needed as we only have set_real_ip_from pointing to a v6.
2026-01-12 03:02:09 +01:00
255327952e
ntfy(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2026-01-11 03:57:11 +01:00
1971598e71
pretalx(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m55s
2026-01-11 03:23:18 +01:00
372f264bcb
ccchoir(host): move to new network and hostname
2026-01-11 03:23:14 +01:00
2fbb37db18
grafana(host): move to new network and hostname
2026-01-11 03:23:01 +01:00
bb30e88404
router(host): allowlist only certain icmpv6 types
/ Ansible Lint (push) Failing after 2m14s
2026-01-11 00:29:16 +01:00
a41b07949c
zammad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m56s
2026-01-11 00:22:37 +01:00
ff550cbd8a
tickets(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m22s
2026-01-11 00:00:18 +01:00
49e3ecb986
netbox(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m3s
2026-01-09 03:05:29 +01:00
40b67c6bc3
sunders(host): move to new network and hostname
2026-01-07 18:46:16 +01:00
80ddb2efc9
router: enable a DHCP server for the v4-NAT network as well
...
As the hosts don't really need a static v4, just do DHCP.
2026-01-07 17:25:27 +01:00
944c8cde82
onlyoffice(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m5s
2025-12-17 03:34:39 +01:00
366456eff8
keycloak(host): move to new network and hostname
...
/ Ansible Lint (push) Failing after 1m56s
Also just listen on port 8443 for keycloak-admin proxy protocol.
2025-12-16 21:50:40 +01:00
1ca71a053e
pad(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m57s
2025-12-16 21:12:21 +01:00
570600fce3
eh22-wiki(host): move to new network and hostname
/ Ansible Lint (push) Failing after 1m59s
2025-12-16 20:58:05 +01:00
5a476f2103
cloud(host): move to new network and hostname
/ Ansible Lint (push) Failing after 2m0s
2025-12-16 20:47:44 +01:00
b72dee0d6d
wiki(host): actually have nginx listen on v6
/ Ansible Lint (push) Failing after 1m58s
2025-12-16 19:52:24 +01:00
8b94a49f5e
wiki(host): move to new network and internal hostname
/ Ansible Lint (push) Failing after 2m2s
2025-12-16 19:23:33 +01:00
5f98dca56c
router(host): expose public v6 networks
...
Also prepare for exposing public v4 networks later.
2025-12-16 19:03:36 +01:00
66ee44366b
public-reverse-proxy: New IP of wiki VM
2025-12-14 15:39:03 +01:00
183b91b9f2
router(host): add nftables config for basic router functionality
/ Ansible Lint (push) Failing after 1m56s
2025-12-13 22:07:38 +01:00
a9e394da06
router(host): add systemd-networkd-based network config
2025-12-13 22:07:37 +01:00
0eaaf9227c
Update all stable non-major dependencies
/ Ansible Lint (pull_request) Failing after 2m4s
/ Ansible Lint (push) Failing after 2m6s
2025-11-19 13:30:39 +00:00
ddab157600
don't pin digests anymore
...
/ Ansible Lint (push) Failing after 47s
The benefit of digest pinning isn't that great for this project really
and it comes at the cost of more issues and additional renovate noise,
so just don't anymore.
Adjust renovate config accordingly as well.
2025-11-18 14:24:21 +01:00
80acd5fdc6
grafana: store date for up to 28 days
/ Ansible Lint (push) Failing after 1m58s
2025-11-11 23:03:59 +01:00
6fea98ffd2
Redirect to 39c3 instead of eh22
/ Ansible Lint (push) Failing after 2m3s
2025-11-07 20:09:02 +01:00
c3f71b1f08
sunders: replace password in healthcheck with dynamic secret
...
/ Ansible Lint (push) Failing after 2m2s
#55
Co-authored-by: ViMaSter <vincent@mahn.ke>
Co-committed-by: ViMaSter <vincent@mahn.ke>
2025-11-02 20:24:55 +01:00
dc6c7cbfb7
sunders(host): deploy sunders using docker compose
...
/ Ansible Lint (push) Failing after 2m29s
https://git.hamburg.ccc.de/CCCHH/sunders
2025-11-01 17:53:08 +01:00
a11ccaf16c
disable digest pinning for our images, since Forgejo cleans them up
...
/ Ansible Lint (push) Failing after 1m59s
Since Forgejo seems to clean up older tag versions, so older digests,
disable digest pinning for our images.
While generally resulting in undeployable config, with ansible-pull the
breakage is especially noticeable.
2025-10-30 05:50:42 +01:00
