586254c147
Actually use an IP, which isn't already in use by another service
2024-01-14 02:33:59 +01:00
009de7d398
Actually use correct IP for git.hamburg.ccc.de
2024-01-14 01:22:24 +01:00
422330f48c
Add git.hamburg.ccc.de
2024-01-14 01:12:04 +01:00
f265390c33
Bump Keycloak version to 23.0
2024-01-13 20:48:04 +01:00
ca08cf693b
Actually make spaceapi.hamburg.ccc.de work
2024-01-13 18:44:21 +01:00
f5af6c2074
Add c3cat.de
2023-12-29 14:40:50 +01:00
ec7c9b9b86
Document restart issue
2023-12-19 23:20:03 +01:00
5fcbe5cfab
Add grafana
2023-12-19 18:37:24 +01:00
3cb72d8b81
enforce https
2023-12-10 14:03:53 +01:00
9f4d1464bd
add de & en path prefixes for websdite
2023-12-10 00:29:49 +01:00
ab429df4dd
Add Zammad
2023-12-09 12:28:28 +01:00
53ba5b9561
Website dazu
2023-12-07 23:54:22 +01:00
e630ffdf46
Small fixes
...
* fix ACME setup
* use correct port number
* use correct email sender
2023-12-03 20:34:31 +01:00
f238182302
Pretix für Hackertours
2023-12-03 13:14:34 +01:00
b94cb009ad
Config fuer lists dazu
2023-11-13 11:32:56 -05:00
a9fac907d5
stbe darf von zuhause Keycloak admin
2023-11-13 11:32:56 -05:00
bb95923807
Add a role for deploying infrastructure authorized keys and use it
2023-11-11 00:23:20 +01:00
89f1b1b299
Remove call to send_only_mailserver role
2023-11-09 19:27:35 +01:00
7da6549727
Remove send_only_mailserver role, since its not needed anymore
2023-11-09 19:27:03 +01:00
b29eaba5f9
Remove hacky override for send-only-mailserver
2023-11-09 19:26:36 +01:00
66370eceda
Remove hacky override for send-only-mailserver
...
Remove it, since its not needed anymore.
2023-11-09 19:24:19 +01:00
6ae47b32f3
Configure new mailserver for Nextcloud
2023-11-09 19:16:45 +01:00
b6f316254f
Add Reverse Proxy config for spaceapi.hamburg.ccc.de
2023-11-05 00:57:36 +01:00
6a023f5433
Remove esphome host and role since it has been migrated to NixOS
2023-11-04 22:46:01 +01:00
ed74a88734
Domains don't work (anymore?), so just use IPs
2023-10-28 02:14:44 +02:00
95d5ed2ca9
Add Reverse Proxy config for next.hamburg.ccc.de
2023-10-25 02:19:53 +02:00
d99874935f
comment out another instance of non-working code
2023-10-23 21:40:46 +02:00
16a5d35fb0
comment out non-working code
2023-10-23 21:40:03 +02:00
26181f7759
Add Redirect on id.hamburg.ccc.de to the account management page
2023-10-23 21:16:32 +02:00
505a2ba9f9
Add Public-Reverse-Proxy configuration for new branding-resources site
2023-10-07 05:17:25 +02:00
3828b8d500
Add Public-Reverse-Proxy configuration for new Element Web hosting
2023-10-07 05:17:01 +02:00
9b6d909d11
Add Public-Reverse-Proxy configuration for new Matrix server
2023-10-06 05:06:56 +02:00
856cc74d90
Make Public-Reverse-Proxy handle IPv6
2023-10-06 05:06:15 +02:00
ce75ba0f70
Fix smtpd.conf. listen on 127.0.0.1 and 0.0.0.0 doesn't work
2023-09-25 20:12:13 +02:00
718b6906c5
Allow uploading of stl files to dokuwiki
2023-09-25 18:29:06 +02:00
2b1a2c599b
Add link to dokuwiki docs on uploadsize
2023-09-25 18:22:31 +02:00
7468b4d8f6
Fix OpenSMTPD annoyingness
...
Co-authored-by: yuri <yuri@nekover.se>
2023-09-25 03:03:14 +02:00
fdae96fbc1
Migrate to NixOS: Remove Z9 Audio host from this repo
2023-09-25 02:59:41 +02:00
b295690ad5
Add playbook and accompanying role for doing maintenance
2023-09-25 02:57:30 +02:00
de97436706
Migrate to NixOS: Remove Z9 Public-Reverse-Proxy host from this repo
2023-09-25 02:48:56 +02:00
c5eae99a7f
Add reverse proxy configuration for netbox
2023-09-21 19:13:56 +02:00
804becdd31
Wiki: Fix oauth, create role from playbook
2023-09-15 22:06:46 +02:00
73db1dd077
Introduce onlyoffice
2023-08-27 20:02:53 +02:00
c2964e1707
Remove note regarding encryption and add link to wiki
2023-08-25 22:48:56 +02:00
62b4f93218
Introduce Nextcloud role and deploy Cloud on Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-25 20:50:46 +02:00
112f1990b9
Introduce Uptime-Kuma
2023-08-12 01:47:55 +02:00
69621e3d7f
Add cursed override for the aes as well :S
2023-08-11 02:17:30 +02:00
12a1e5dc22
Move Engelsystem MAIL_PASSWORD secret to appropriate place
2023-08-11 02:05:40 +02:00
dd5e37fb68
Add restart: unless-stopped to Engelsystem compose
2023-08-11 02:05:20 +02:00
d16da59fd7
Migrate Wiki from ThinkCCCluster to Chaosknoten
...
Also do the redirect for DNS cache stuff like with aes.
2023-08-11 01:59:34 +02:00
d256082221
Proxy AES in Club to new location for cached DNS records
...
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
2023-08-11 00:55:47 +02:00
dc89d33e33
Remove acme challenge entry for aes.ccchh.net
2023-08-11 00:42:05 +02:00
373b219031
Migrate Engelsystem from ThinkCCCluster to Chaosknoten
2023-08-11 00:39:55 +02:00
993e2f2b81
Hotfix to make mail work (dang, mail is now even more cursed)
...
This entire mail setup is really cursed and needs to be re-done.
2023-08-10 03:17:03 +02:00
cc70903f52
Migrate Keycloak from ccchh.net to hamburg.ccc.de
2023-08-08 01:18:44 +02:00
09e0c710af
Migrate Keycloak from ThinkCCCluster onto Chaosknoten
...
Co-authored-by: Max <max@mlem.cloud>
2023-08-07 23:33:15 +02:00
099bbe0e66
Nextcloud-Config weiter entwickeln
2023-08-05 18:59:58 +02:00
dff8f0ee8b
pad (HedgeDoc) und cloud (NextCloud) dazu
...
cloud braucht noch etwas Arbeit, insbesondere die Abslage der Daten in
/data und die Keycloak-Anbindung.
2023-08-05 17:23:49 +02:00
06233d22d5
Deploy NGINX for acme_challenge and PROXY Prot. on PubRP on Chaosknoten
2023-08-04 14:06:37 +02:00
2825c5089f
Use new secrets path for z9 vm-secrets
2023-08-04 13:53:22 +02:00
3d238d9f63
Move z9-host-specific configs and templates into z9 subdirectories
2023-08-04 13:41:00 +02:00
4d12d802b8
Add link to relevant wiki page to certbot role README
2023-08-03 05:07:36 +02:00
96e9cdb0dc
Add relevant entry for HTTP challenge on PBS
2023-08-03 05:04:13 +02:00
3b3c628492
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs
2023-08-03 04:15:03 +02:00
48f9a2f901
Deploy certs for aes.ccchh.net using certbot role
...
Also clean up NGINX configuration a bit.
2023-08-02 23:40:36 +02:00
542211ca25
Deploy certs for esphome.ccchh.net using certbot role
2023-08-02 23:27:40 +02:00
6ac4bf8240
Deploy certs for wiki.ccchh.net using certbot role
...
Also clean up NGINX configurations.
2023-08-02 23:17:31 +02:00
6651f4568d
Deploy certs for keycloak-admin and id.ccchh.net using certbot role
2023-08-02 23:07:21 +02:00
154a7dfa02
Deploy certs for zigbee2mqtt.ccchh.net using new certbot role
...
Also add certbot role to deploy.yaml playbook and add accompanying
group.
2023-08-02 22:53:37 +02:00
f0c5c2b265
Convert certbot role to use standalone instead of webroot
...
Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
2023-08-02 22:46:01 +02:00
5341f9dfba
Add role for deploying certbot and setting up certificate using it
2023-08-02 20:47:22 +02:00
59520b4db6
AES: disable goodies and vouchers
2023-07-30 16:13:49 +02:00
b89789c37a
fix aes contact email
2023-07-30 15:36:25 +02:00
317c822ab5
Combine playbooks for indiviual hosts into one playbook
...
This makes a full deployment of all hosts easier and parallelises
execution of roles, which are used for multiple hosts.
You can still easily deploy only a subset of hosts using the -l flag for
ansible-playbook.
2023-07-30 06:57:30 +02:00
c9dee93874
Deploy ssh server config on keycloak VM
2023-07-30 05:51:40 +02:00
c6926b0a0f
Remove incorrect check from deploy_ssh_server_config role
2023-07-30 05:49:46 +02:00
c2a183c013
Add missing "become: true"
2023-07-30 05:25:43 +02:00
2efdfcad6d
Setup repo pin. to ensure nginx package gets installed from NGINX repos
2023-07-30 05:19:22 +02:00
38fc33ce70
Don't use apt-key anymore, since it's deprecated
2023-07-30 01:21:43 +02:00
efc72f70f6
audiopi: Update role
2023-07-30 01:04:25 +02:00
8a2c2769c8
Use new secrets path, bc of noc pass store merge into general store
2023-07-29 23:15:00 +02:00
23deedf0d6
Update deploy_ssh_server_config role for Debian 12 support
2023-07-29 20:17:22 +02:00
f62135e263
Don't reference obsolete secret env files
2023-07-29 01:47:21 +02:00
a12b38b284
Provide secrets for engelsystem VM from pass
2023-07-29 01:46:30 +02:00
69edb75112
Use correct variable for initial config in zigbee2mqtt role
2023-07-29 01:16:49 +02:00
51c1b667f4
Provide secrets for keycloak VM from pass
2023-07-29 00:59:01 +02:00
c3fc040751
AES: patch code and l10n to add train drivers license
2023-07-28 23:59:02 +02:00
727cd0bc74
Bump Keycloak to 22.0
2023-07-28 23:16:46 +02:00
2f7e3ae893
Build on docker compose up as well
2023-07-28 23:16:27 +02:00
18990b3b5f
Bump zigbee2mqtt to 1.32.1
2023-07-27 18:26:47 +02:00
1570b0c04e
Bump esphome to 2023.7.0
2023-07-27 18:22:58 +02:00
d5285a3fd2
deploy an engelsystem named AES
2023-07-09 01:57:55 +02:00
b536e5c2fb
Fix: Add necessary becomes
2023-07-09 00:26:20 +02:00
b2e9c22821
cert, nginx: Update for debian 12
2023-07-09 00:03:38 +02:00
67483ece20
docker roles: Support debian 12
2023-07-08 23:47:04 +02:00
82b64e24c6
Fix variable name
...
Thanks jtbx for pointing that out!
2023-07-08 23:41:12 +02:00
8bc60e42a8
Extend distribution_check role to account for Ansible changes reg. facts
...
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
2023-07-08 19:58:02 +02:00
0c62a8f3e0
Add role for deploying SSH config and also add mailserver-endpoint host
2023-06-06 23:37:42 +02:00
ebfa591484
Use larger buf. size to fix 502s sometimes occur. when going through PVE
2023-05-26 03:27:56 +02:00
55506a003a
Make Rspamd configs world-readable
2023-05-26 03:27:56 +02:00
e37d84c60d
clean up foobazdmx role
...
make git repo url and version to check out a variable instead of a
hard-coded value the role, and update host_vars to match.
2023-05-21 15:12:42 +02:00
2d5f116ff3
Use access token with Reporter role for foobazdmx
2023-05-21 03:03:02 +02:00
da710bcf8f
Reduce maximum AirPlay volume for Audio Pi
2023-05-21 01:29:25 +02:00
a6db315138
Update foobazdmx repository url and release target
...
Update foobazdmx repository url in foobazdmx role to main repo.
Change commit to be checked out by ansible to latest commit on main.
2023-05-20 22:58:24 +02:00
544abc1c27
Rename automation host to mqtt
2023-05-10 18:02:10 +02:00
33d1cfca1f
Move become: true into esphome role
...
Move become: true into zigbee2mqtt role
Remove become: true from deploy_public_reverse_proxy playbook
Remove become: true from deploy_dokuwiki playbook
Move become: true from deploy_audio_pi and deploy_light playbooks into roles
Remove become: true from deploy_keycloak playbook
Move become: true from deploy_automation playbook to mosquitto role
2023-05-10 18:02:10 +02:00
b56ca3899d
Add send_only_mailserver role and deploy Send-Only-Mailserver with it
...
Co-authored-by: yuri <yuri@nekover.se>
2023-05-09 23:01:57 +02:00
f4a79fb4e2
Make it possible to set custom permissions for certificate files
...
This is in preparation for a role using OpenSMTPD.
2023-05-09 22:07:44 +02:00
78023f5198
Use cert role to deploy a valid certificate for esphome.ccchh.net
2023-05-09 21:02:32 +02:00
ca3a30360f
Use cert role to deploy a valid certificate for zigbee2mqtt.ccchh.net
2023-05-09 17:24:20 +02:00
1cd0700cf5
Fix filename for include_tasks
2023-05-09 17:20:24 +02:00
9dc77ad5a5
Only deploy zigbee2mqtt config when it doesn't exist
2023-05-09 14:39:50 +02:00
1bcb77961b
Use the .yaml file extension for all YAML files
2023-05-08 19:55:08 +02:00
julian
9d0697f0d0
Use PROXY Protocol for Keycloak
2023-05-05 00:00:48 +02:00
Jannik Beyerstedt
7710bf384d
Keycloak: Fix restart condition
2023-05-04 23:39:51 +02:00
julian
2dc4b6f5fd
Add keycloak
2023-05-02 06:12:56 +02:00
julian
91274de823
Add my docker and docker_compose role
...
Do this in preparation for the keycloak deployment.
2023-05-01 01:45:15 +02:00
julian
d4d2e973a1
Get certificate for wiki using cert role
2023-05-01 00:22:05 +02:00
julian
1a0636307b
Use Certbot naming for certificate files
2023-05-01 00:18:59 +02:00
julian
aac049efb2
Use BIND 9 server instead of Cloudfl. for DNS-01 challenge via nsupdate
...
Co-authored-by: Jannik Beyerstedt <code@jannikbeyerstedt.de>
2023-04-27 23:38:14 +02:00
julian
4814ea8bda
Use one ACME account key per host
...
This is nicer for us, since this avoids sharing a secret.
Also put certificate directories in `certs` sub-directory for better
organization.
2023-04-25 18:03:59 +02:00
julian
f9c51842fd
Make use of become in role
2023-04-25 17:13:10 +02:00
julian
6e9d07b6f6
Add some spacing between tasks
2023-04-25 16:59:02 +02:00
julian
f8d89c9742
Use /etc/ansible_certs instead of /certs directory
2023-04-25 16:57:34 +02:00
c407f93b0a
Add initial cert role
2023-04-25 13:49:45 +02:00
julian
9670b6494c
Make the wiki publicly accessible and configure nginxs to give it https
2023-04-16 01:41:29 +02:00
Jannik Beyerstedt
d3842f6b87
Add dokuwiki VM
2023-04-16 01:41:15 +02:00
79953d3463
Fix esphome task name
2023-04-15 18:22:37 +02:00
julian
65ac14c18b
Use nginx role with custom nginx.conf support
2023-04-15 18:13:22 +02:00
Jan Almeroth
b8f925e217
chore(mqtt): only import events, export statusses
2023-03-12 18:21:50 +01:00
julian
239b9b9689
Setup https for Light VM for light.ccchh.net
2023-01-12 23:36:57 +01:00
julian
f44e3f28b0
Add Public-Reverse-Proxy
2023-01-08 02:50:23 +01:00
2f2a4f262f
Only enable Bluetooth Audio Sink
2022-12-18 23:06:39 +01:00
8a54c0f58e
Fix wireplumber failing before reboot
2022-12-18 20:17:53 +01:00
96ac8de142
Add playbook and roles for Audio Pi
2022-12-18 04:36:53 +01:00
7a869f6330
Add nginx ESPHome config
2022-12-18 04:31:37 +01:00
926f9aa3a5
Make websockets and Web Serial work, set PATH variable in service file
2022-12-18 02:37:15 +01:00
51fd3367db
Add zigbee2mqtt role and playbook
2022-12-08 23:45:22 +01:00
e084462ae1
Add esphome role and playbook
2022-12-04 20:11:39 +01:00
75408d8926
Move variable to host_vars and use fully qualified lookup plugin name
2022-12-01 21:35:03 +01:00
7a93546616
Add mosquitto role and add playbook to deploy MQTT broker on automation.z9
2022-12-01 21:29:40 +01:00
59dc7a1d7d
Bump foobazdmx version
2022-11-22 20:44:41 +01:00
e74a50e873
Automate light server
...
Co-authored-by: J <j@jsts.xyz>
2022-11-17 23:30:52 +01:00
aefdd123a4
Add ola and foobazdmx role and add playbook for light.z9
2022-11-11 15:28:26 +01:00
