337 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
June	b907ce15ba	nginx(role): document Debian 12 support	2025-02-18 03:35:37 +01:00
June	791c517de3	nginx(role): document arguments in README for better discoverability ... Document the role arguments in the README instead of in the argument_specs for better discoverability and readability.	2025-02-18 03:30:00 +01:00
June	023e51d3ba	nginx(role): simplify ensuring that gnupg is installed ... Also improve naming.	2025-02-18 03:29:59 +01:00
June	168f508c84	nginx(role): simplify installation by removing version spec ... We always just want the latest anyway and therefore don't use it, so no need to keep the complexity introduced by that setting. Also merge repo_setup and nginx_install task lists into one nginx_install task list as keeping two files isn't necessary. Finally improving naming a bit.	2025-02-18 03:29:55 +01:00
June	938ca6d786	nginx(role): remove unnecessary apt-get update step ... The nginx package gets installed with "update_cache: true" afterwards anyway, so the apt-get update step shouldn't be necessary.	2025-02-18 02:59:00 +01:00
June	79012fb7f8	eh22-netbox: setup EH22 NetBox	2025-02-17 01:23:35 +01:00
June	496f122968	give ansible docker comp. cron jobs unique names to not overw. each oth. ... Give them unique names, so the latter doesn't overwrite the former. Also make the task names nicer.	2025-02-17 00:32:50 +01:00
Stefan Bethke	f0e345b15a	Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra	2025-02-16 22:09:29 +01:00
Stefan Bethke	690ec9bebc	Use distinct short code to avoid confusion with EH pretix	2025-02-16 22:09:27 +01:00
June	ff540126a1	add chaosknoten to hosts and new hypervisors group ... Also exclude that group from the tasks otherwise targeting all hosts.	2025-02-16 02:34:14 +01:00
June	61cd5053d0	flatten inventories making them simpler ... Remove the child groups as we weren't using their functionality anyway. Also remove the debian_11/12 host groups as they're not in use.	2025-02-16 00:36:10 +01:00
June	4def1334d8	for non-verbose output hide user passwords in postgresql role	2025-02-15 20:06:55 +01:00
June	2ec1471d7f	netbox: move NetBox from NixOS to Ansible ... Also introduce netbox_hosts group for applying netbox role to multiple hosts.	2025-02-15 19:57:15 +01:00
June	09a8551c8a	add option to netbox role for custom pipeline code for OIDC mapping ... Add option to netbox role for ensuring custom pipeline code for OIDC group and role mapping is either present or not. The custom pipeline code is licensed under the Creative Commons: CC BY-SA 4.0 license. See: https://github.com/goauthentik/authentik/blob/main/LICENSE https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md https://docs.goauthentik.io/integrations/services/netbox/ 5676b1a468	2025-02-15 06:23:04 +01:00
June	dbb784e2bb	add license notice to README ... This is in preparation for extending that notice to point out code that is licensed differently.	2025-02-15 06:23:04 +01:00
June	783c36bcc1	add netbox role for ensuring netbox is deployed as specified ... The role takes over the deployment of netbox and its dependencies, while still requiring the user to provide the netbox version, db password and config as well as to set up a web server and handle stuff like creating users, etc.	2025-02-15 06:23:04 +01:00
June	9662995377	add postgresql role for ens. psql and opt. some dbs and users are set up ... Add postgresql role for ensuring postgresql is installed. Furthermore the role optionally takes some basic configuration to ensure databases with their owners and users are set up as specified. This is a requirement for a new netbox role.	2025-02-15 06:23:04 +01:00
June	fc24bfff5d	add redis role for ensuring redis is installed from distro packages ... This is a requirement for a new netbox role.	2025-02-15 06:23:04 +01:00
June	537ef55b6f	eh22-wiki: add missing redirect for /design ... Apparently this is still needed.	2025-02-15 06:21:14 +01:00
June	ac7e8bb6f2	grafana: set dur. for Prom. hyperv. disk rw rate and hdd io aler. to 90m ... Set duration for Prometheus hypervisor disk rw rate and hard disk io alerts to 90m to account for the very long running (over an hour) backup job.	2025-02-15 06:08:37 +01:00
Stefan Bethke	1bae6234ae	redirect to eh22	2025-02-14 19:52:19 +01:00
June	9334f70289	eh22-wiki: make automatic dir redirects work for /design ... Do this by setting port_in_redirect to off.	2025-02-14 04:34:09 +01:00
June	70d4ce9a2d	eh22-wiki: ensure base for CI deploy of styleguide under /design/	2025-02-12 19:02:53 +01:00
June	bdbd9ce195	eh22-wiki: setup EH22 wiki using Ansible by copying and mod. wiki config ... Also introduce wiki_hosts group for applying dokuwiki role to multiple hosts.	2025-02-10 23:40:39 +01:00
June	40cddb67b4	grafana: account for long backup jobs in Prom. hyperv. disk rw rate al.	2025-02-06 19:17:21 +01:00
June	c4e35c1adf	grafana: pull out prom. net. rec. err. alerts for OPNs. to ex. wg int. ... Pull out prometheus network receive error alerts for OPNsense to exclude its WireGuard interfaces, which like to throw errors, but which aren't of importance.	2025-02-06 01:34:45 +01:00
June	ee66631c2d	grafana: diff. prometheus disk io alerts by host task and disk type ... Differentiate by host task (hypervisor or not) and disk (hard disk or not) type not by whether or not the host is physical and virtual and then by disk type. This is in line with the disk rate alerts changes and allows for fine-grained adjustments based on the host task type, which actually matters for these alerts.	2025-02-06 01:13:10 +01:00
June	9e77a41e3c	grafana: differentiate prometheus disk rate alerts by host task type ... Not by a mix of host task type (CI server or not) and whether or not the host is virtual or physical. Also only differentiate on the duration not the rate, to not accidentally exclude slow hard disks.	2025-02-06 01:05:05 +01:00
June	5016407cef	grafana: group prometheus alert rules for better organization	2025-02-06 00:12:50 +01:00
Stefan Bethke	07b3a6947d	Add Hub for EH22	2025-02-01 12:46:54 +01:00
c6ristian	c89a6edefe	nextcloud: update to version 30	2025-01-26 03:08:38 +01:00
c6ristian	3139b41433	use the container name as journal tag not id ... Docker by default will use the container id as the journal tag when logging into systemd-journal. Using the container name makes easier to see which log belongs to which container.	2025-01-21 00:25:13 +01:00
c6ristian	6fa896dd3f	Remove jobe for mumble.c3lingo.org since the the endpoint appears to dont exsists anymore	2025-01-19 21:03:38 +01:00
c6ristian	a86b34cf34	set nginx logging to use journald	2025-01-19 20:30:53 +01:00
c6ristian	328ec744cc	Add base_config and deploy_systemd_journal_config	2025-01-19 20:30:05 +01:00
c6ristian	93212e2248	pretalx: set custom docker network in compose file	2025-01-16 14:35:12 +01:00
c6ristian	1d621e12fb	fix pretalx for cfp.eh22.easterhegg.eu CSRF problem	2025-01-16 14:06:36 +01:00
June	64343ae9ec	have the docker role conf. the Docker daemon to log to systemd journal	2025-01-14 23:19:38 +01:00
June	e3a1443df9	use deploy_ssh_server_config role for all Chaosknoten hosts	2025-01-14 22:36:51 +01:00
c6ristian	e1866b2449	add cfp.eh22.easterhegg.eu to pretalx	2025-01-13 23:37:20 +01:00
Stefan Bethke	8bb6c44bec	Allow 50MB uploads	2025-01-13 19:42:37 +01:00
jtbx	4fff0a9d0d	dokuwiki: Refactor support for multiple OS versions	2024-12-08 19:48:48 +01:00
June	03e994b41f	dokuwiki: update role to support Debian 12	2024-12-08 18:37:41 +01:00
June	19abc5f585	reference new "resources" dir and generally fix up and improve README	2024-12-08 02:55:25 +01:00
June	e713b2ea5b	exclude symlinked ("roles" and "resources") dirs from vscode search ... Also remove the ".vscode" directory from the ".gitignore" as the repo includes stuff in it.	2024-12-08 02:55:25 +01:00
June	63390c5588	enable pipelining as it seems to work and be faster ... See: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-pipelining	2024-12-08 02:55:25 +01:00
June	07dbbf055c	reorganize (config) files and templates into one "resources" dir ... This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.	2024-12-08 02:55:25 +01:00
June	4b0e03e8b2	ensure all template files have a .j2 file extension ... As they should and as this is preparation for a future change reorganizing the file structure.	2024-12-08 02:55:25 +01:00
June	f16f8697c2	move roles, files and templates dirs out of playbook dir into root dir ... Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the "playbooks" directory to find the files and templates for a host. Therefore move them out of the "playbooks" directory into the root directory and add symlinks so everything still works. Similarly for local roles, they also need to be next to the playbooks. So for a nicer structure, move the "roles" directory out into the root directory as well and add a symlink so everything still works. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles	2024-12-08 02:55:25 +01:00
June	2460c31e78	check.yaml: add logic for printing all .dpkg-* files	2024-12-08 02:55:25 +01:00