630 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
June	c246a6815c	ansible-lint: fix issues	2026-03-06 21:27:51 +01:00
Renovate	9b092d0daf	Update all stable non-major dependencies	2026-03-06 20:16:48 +00:00
June	2b5f261cd3	docker(role): move automatic cleanup of unused Docker data here ... Move the automatic cleanup of unused Docker data to the docker role from the docker_compose role, so that hosts, which only use Docker (like renovate) also have an automatic cleanup set up. Also use a systemd timer instead of cron.	2026-03-06 21:09:47 +01:00
lilly	0788fde69d	only allow sops encryption of *.sops.* files	2026-03-06 20:21:33 +01:00
June	f345ff5e00	renovate: make exclusion of CalVer non-patch/-minor upgrades work ... Pretix and Pretalx both use CalVer, so we don't want to have upgrades to their second number be identified as minor updates and get grouped with all the other minor and patch updates. The regex to re-classify the second number as major doesn't work. Probably because of: "Important: all capture groups must contain only purely numeric values." (https://docs.renovatebot.com/modules/versioning/regex/) So instead match on the minor update type for Pretix and Pretalx and set the group name to null.	2026-03-06 19:53:24 +01:00
June	e98f6d68bd	Revert "wip: test renovate" ... This reverts commit 05d8c39b75. Doesn't work.	2026-03-06 19:15:55 +01:00
lilly	4f3caaf5ed	add bitwhisker to sops	2026-03-05 20:18:53 +01:00
June	05d8c39b75	wip: test renovate	2026-03-05 15:26:51 +01:00
June	fee18bd349	certbot(role): allow empty list of certificate domains ... Also explicitly document that they are used with the HTTP-01 challenge. This is in preparation for adding a new option with DNS-01 challenge support.	2026-03-05 14:37:17 +01:00
June	3820a97584	certbot(role): move arguments documentation into README ... Do this to match how it's done in newer roles.	2026-03-05 14:37:17 +01:00
chris	0331c77d55	grafana: fuxnoc macht mehr internet mit ipv6	2026-03-01 21:32:10 +01:00
June	711f2f1c64	certbot(role): don't use certbot__version_spec anymore as its not used	2026-03-01 20:08:49 +01:00
lilly	165487884c	setup reverse-proxying for *.staging.diday.org	2026-02-27 21:51:09 +01:00
lilly	bc9e76b8ed	remove did.hamburg.ccc.de from public-reverse-proxy	2026-02-27 21:51:09 +01:00
lilly	983584a510	configure reverse proxy map explicitly for hostnames	2026-02-27 21:51:09 +01:00
June	7ca446457a	onlyoffice: support custom fonts and add di.day fonts	2026-02-26 23:13:30 +01:00
lilly	fcc0d615a7	configure diday.org on public-reverse-proxy	2026-02-26 18:01:52 +01:00
lilly	41dc9c8529	configure www2 nginx	2026-02-26 17:44:24 +01:00
lilly	3e3cedd357	add www2 and www3 hosts	2026-02-24 19:09:20 +01:00
Stefan Bethke	ac013ca8a1	Fix template syntax	2026-02-22 18:37:16 +01:00
Stefan Bethke	08101ccef1	Fix permission	2026-02-22 18:37:01 +01:00
Stefan Bethke	7a1ea7d40e	Override base.html template to brand site	2026-02-22 18:22:12 +01:00
Stefan Bethke	d26fbf2577	Allow syncing an arbitrary set of files to the target	2026-02-22 18:21:47 +01:00
Stefan Bethke	a3c514d18d	Ignore pycaches	2026-02-22 18:21:15 +01:00
lilly	bb06f21c53	configure diday website deployment	2026-02-18 11:57:21 +01:00
Stefan Bethke	e823c46a2d	stb updated key	2026-02-18 09:51:25 +01:00
Stefan Bethke	910655adfb	Explain how to update GPG keys	2026-02-18 09:34:27 +01:00
Stefan Bethke	5f31392a27	Remove authoritative-dns as its not needed anymore	2026-02-11 10:38:04 +01:00
June	fe647da3bf	mjolnir: deploy mjolnir using docker compose ... Moving from mjolnir from nix-infra to ansible-infra. Also using native encryption now instead of the deprecated pantalaimon and having protectAllJoinedRooms set to true for easier and quicker usage.	2026-02-11 03:10:43 +01:00
June	db70d666d1	vscode settings: exclude vendored collections and roles from search	2026-02-09 19:53:27 +01:00
June	7b8dab07b6	distribution_check(role): remove role as it's not really needed ... As the roles are used internally only anyway, we don't need to specify compatbilities like this and don't properly use it anyway.	2026-02-09 17:49:49 +01:00
June	2f67cb875d	status(host): rotate age key	2026-02-09 17:43:25 +01:00
Stefan Bethke	2350710177	Use new entry after acmedns db reset	2026-02-08 18:38:37 +01:00
Stefan Bethke	3086c2b60c	Use new name for sqlite driver	2026-02-08 14:19:02 +01:00
Stefan Bethke	196f1d70cf	downgrade acme-dns to v1.0	2026-02-08 11:37:14 +01:00
June	f6c15773e1	ansible-lint: add collections and roles directories to excluded paths	2026-02-06 22:27:18 +01:00
Stefan Bethke	2aed20393f	Vendor Galaxy Roles and Collections	2026-02-06 22:07:16 +01:00
chris	c1e1897cda	grafana: more alertmanager config	2026-02-06 17:17:26 +01:00
June	17ba7c04f2	acmdns(host): expose and monitor health endpoint	2026-02-01 23:14:15 +01:00
June	536eedeffc	status(host): add monitoring for ACME DNS	2026-02-01 22:44:42 +01:00
June	397285655b	status(host): add monitoring for spaceapi.ccc.de	2026-02-01 21:38:57 +01:00
June	8e75f1ad14	status(host): add monitoring for cpu.ccc.de and aliases	2026-02-01 21:30:40 +01:00
June	c3b20abab3	status(host): use custom alert for Matrix to make it work with PAT ... The Personal Access Token we use isn't compatible with the default Matrix alerting provider, so use a custom alert.	2026-02-01 20:49:33 +01:00
June	9c2fe5ea9b	public-reverse-proxy(host): remove cpuccc.hamburg.ccc.de alias	2026-01-28 15:32:29 +01:00
Stefan Bethke	06ae220857	Remove spaceapiccc.hamburg.ccc.de	2026-01-27 22:35:28 +01:00
Stefan Bethke	1f2a08cf15	Spell stuff correctly	2026-01-27 20:16:57 +01:00
June	2e5b0ab940	nginx(role): to not log IPs, just disable the access log	2026-01-27 18:18:17 +01:00
Stefan Bethke	3bba747dab	Configure seperate server for spaceapi.ccc.de	2026-01-27 16:30:00 +01:00
Stefan Bethke	b90a57ffb0	Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra	2026-01-27 16:21:20 +01:00
Stefan Bethke	ad783e4a15	now in production	2026-01-27 16:21:18 +01:00