c2964e1707
Remove note regarding encryption and add link to wiki
2023-08-25 22:48:56 +02:00
62b4f93218
Introduce Nextcloud role and deploy Cloud on Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-25 20:50:46 +02:00
112f1990b9
Introduce Uptime-Kuma
2023-08-12 01:47:55 +02:00
69621e3d7f
Add cursed override for the aes as well :S
2023-08-11 02:17:30 +02:00
12a1e5dc22
Move Engelsystem MAIL_PASSWORD secret to appropriate place
2023-08-11 02:05:40 +02:00
dd5e37fb68
Add restart: unless-stopped to Engelsystem compose
2023-08-11 02:05:20 +02:00
d16da59fd7
Migrate Wiki from ThinkCCCluster to Chaosknoten
...
Also do the redirect for DNS cache stuff like with aes.
2023-08-11 01:59:34 +02:00
d256082221
Proxy AES in Club to new location for cached DNS records
...
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
2023-08-11 00:55:47 +02:00
dc89d33e33
Remove acme challenge entry for aes.ccchh.net
2023-08-11 00:42:05 +02:00
373b219031
Migrate Engelsystem from ThinkCCCluster to Chaosknoten
2023-08-11 00:39:55 +02:00
993e2f2b81
Hotfix to make mail work (dang, mail is now even more cursed)
...
This entire mail setup is really cursed and needs to be re-done.
2023-08-10 03:17:03 +02:00
10b91b9277
Fix jump host for pad-intern and cloud-intern on Chaosknoten
2023-08-08 01:21:07 +02:00
cc70903f52
Migrate Keycloak from ccchh.net to hamburg.ccc.de
2023-08-08 01:18:44 +02:00
09e0c710af
Migrate Keycloak from ThinkCCCluster onto Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-07 23:33:15 +02:00
099bbe0e66
Nextcloud-Config weiter entwickeln
2023-08-05 18:59:58 +02:00
dff8f0ee8b
pad (HedgeDoc) und cloud (NextCloud) dazu
...
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
2023-08-05 17:23:49 +02:00
06233d22d5
Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten
2023-08-04 14:06:37 +02:00
2825c5089f
Use new secrets path for z9 vm-secrets
2023-08-04 13:53:22 +02:00
3d238d9f63
Move z9-host-specific configs and templates into z9 subdirectories
2023-08-04 13:41:00 +02:00
4d12d802b8
Add link to relevant wiki page to certbot role README
2023-08-03 05:07:36 +02:00
96e9cdb0dc
Add relevant entry for HTTP challenge on PBS
2023-08-03 05:04:13 +02:00
3b3c628492
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs
2023-08-03 04:15:03 +02:00
48f9a2f901
Deploy certs for aes.ccchh.net using certbot role
...
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
542211ca25
Deploy certs for esphome.ccchh.net using certbot role
2023-08-02 23:27:40 +02:00
6ac4bf8240
Deploy certs for wiki.ccchh.net using certbot role
...
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
6651f4568d
Deploy certs for keycloak-admin and id.ccchh.net using certbot role
2023-08-02 23:07:21 +02:00
154a7dfa02
Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
...
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
f0c5c2b265
Convert certbot role to use standalone instead of webroot
...
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
5341f9dfba
Add role for deploying certbot and setting up certificate using it
2023-08-02 20:47:22 +02:00
1b45e94960
Add redhat.ansible extension to VSCode Workspace Recommendations
2023-07-30 19:30:06 +02:00
1613e2d25c
Describe new way of secret storage
2023-07-30 19:27:04 +02:00
59520b4db6
AES: disable goodies and vouchers
2023-07-30 16:13:49 +02:00
b89789c37a
fix aes contact email
2023-07-30 15:36:25 +02:00
a7565d5f35
Deploy SSH Server config to public-reverse-proxy and wiki hosts
2023-07-30 07:06:26 +02:00
6994cfa123
Use correct ansible_host for mqtt host
2023-07-30 07:01:06 +02:00
317c822ab5
Combine playbooks for indiviual hosts into one playbook
...
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
042ff7c2ec
Move keycloak and public-reverse-proxy to new debian_12 group
...
Do this, since they are on Debian 12.
2023-07-30 05:53:39 +02:00
c9dee93874
Deploy ssh server config on keycloak VM
2023-07-30 05:51:40 +02:00
c6926b0a0f
Remove incorrect check from deploy_ssh_server_config role
2023-07-30 05:49:46 +02:00
c2a183c013
Add missing "become: true"
2023-07-30 05:25:43 +02:00
2efdfcad6d
Setup repo pin. to ensure nginx package gets installed from NGINX repos
2023-07-30 05:19:22 +02:00
38fc33ce70
Don't use apt-key anymore, since it's deprecated
2023-07-30 01:21:43 +02:00
efc72f70f6
audiopi: Update role
2023-07-30 01:04:25 +02:00
8a2c2769c8
Use new secrets path, bc of noc pass store merge into general store
2023-07-29 23:15:00 +02:00
23deedf0d6
Update deploy_ssh_server_config role for Debian 12 support
2023-07-29 20:17:22 +02:00
f62135e263
Don't reference obsolete secret env files
2023-07-29 01:47:21 +02:00
a12b38b284
Provide secrets for engelsystem VM from pass
2023-07-29 01:46:30 +02:00
f695afa981
Provide network_key for zigbee2mqtt from pass
2023-07-29 01:28:44 +02:00
69edb75112
Use correct variable for initial config in zigbee2mqtt role
2023-07-29 01:16:49 +02:00
51c1b667f4
Provide secrets for keycloak VM from pass
2023-07-29 00:59:01 +02:00
