f16f8697c2
move roles, files and templates dirs out of playbook dir into root dir
...
Because of how Ansible local relative search paths work, the global
"files" and "templates" directories need to be next to the playbooks.
However its not intuitive to look into the "playbooks" directory to find
the files and templates for a host.
Therefore move them out of the "playbooks" directory into the root
directory and add symlinks so everything still works.
Similarly for local roles, they also need to be next to the playbooks.
So for a nicer structure, move the "roles" directory out into the root
directory as well and add a symlink so everything still works.
Also see:
https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles
2024-12-08 02:55:25 +01:00
2460c31e78
check.yaml: add logic for printing all .dpkg-* files
2024-12-08 02:55:25 +01:00
2a4d3c5415
check.yaml: introduce check playbook with it printing host distro info
...
This playbook is for checking various host parameters.
2024-12-08 02:55:25 +01:00
e22d29a75c
pin ansible-lint (action) to a specific version to avoid random breakage
...
/ Ansible Lint (push) Successful in 1m38s
/ Ansible Lint (pull_request) Successful in 1m37s
ansible-lint just broke for our repo, therefore pin it to a specific
version to avoid that.
2024-12-08 02:49:50 +01:00
e6d6d9eed0
report changed properly for "deactivate short moduli" task
...
/ Ansible Lint (pull_request) Successful in 1m34s
/ Ansible Lint (push) Failing after 1m29s
This fixes the ansible-lint no-changed-when complaint and also allows to
notify the reboot handler.
2024-12-01 22:20:15 +01:00
e3a29c422a
convert two reboot tasks running on changed to handlers
...
/ Ansible Lint (push) Failing after 1m37s
This fixes ansible-lint no-handler complaints.
2024-12-01 04:38:07 +01:00
db02969168
add CI running ansible-lint
/ Ansible Lint (push) Failing after 1m32s
2024-12-01 04:16:42 +01:00
d3d37e2e4c
exclude .forgejo/ directory from ansible-lint
2024-11-24 01:08:13 +01:00
cf5e6c4e1a
fix ansible-lint error by not comparing to literal false
2024-11-23 02:56:16 +01:00
bb24e6fd5a
disable name[casing] check in ansible-lint config
2024-11-23 02:53:06 +01:00
4ff826e508
add .ansible-lint config with setting to skip yaml line-length check
2024-11-23 02:50:37 +01:00
4060dbbe21
fix all ansible-lint yaml errors (except for line-length)
2024-11-23 02:49:23 +01:00
a6453711d8
add .yamllint.yaml for some nicer yaml configuration for ansible-lint
2024-11-23 02:31:31 +01:00
6dcf254a24
add .editorconfig to ensure some style and format consistency
2024-11-23 02:11:48 +01:00
433008d211
Cleanup old configurations we no longer use.
...
We have a bunch of old hosts, host_vars and roles we no longer use.
There is no real value to keep them as they can just be fetched from the
git history, should they be needed again.
This make gettin a overview of the repository much simpler.
2024-11-22 23:09:35 +01:00
739a2e1cbd
Redirect to 38c3 hackertours shop for now
2024-11-18 12:22:45 +01:00
9faf2f731d
public-reverse-proxy: add config for www. and staging.c3cat.de
2024-11-12 23:07:14 +01:00
a386f9e2eb
custom alerts for CI VMs
...
its expected for some VMs to have high Read / Write rates for some time
so this is a custom alerts for ours CI VMs
2024-11-10 17:06:41 +01:00
3284fae62a
Add more prometheus node exporter
2024-11-05 19:16:28 +01:00
261bd7d654
Add prometheus-node-exporter role and add it to most hosts
2024-11-03 21:27:51 +01:00
88b8d3b9ba
Update Nextcloud to version 29
2024-10-31 23:17:24 +01:00
d526e9fdfa
Add cron job to prune old images
2024-10-31 11:27:12 +01:00
f184ad220b
Update to current version
2024-10-31 11:26:57 +01:00
1921a75339
public-reverse-proxy: add config for hydra.hamburg.ccc.de
2024-10-29 23:52:30 +01:00
735fe0ca9b
Add local port forwarding for debug sessions
2024-10-27 22:27:07 +01:00
34dc6d9a84
Reduce Host Memory is underutilized to 10%
2024-10-18 21:15:20 +02:00
b660d937dc
Allow GPG keys as uploads
2024-10-18 12:40:24 +02:00
2f00d21821
Redirect home page to wiki
2024-10-13 13:50:50 +02:00
235e6e514f
Move Pretix from hackertours to tickets
2024-10-13 09:10:10 +02:00
7cd4a9a723
public-reverse-proxy: add config for staging.hackertours.hamburg.ccc.de
2024-10-12 22:08:28 +02:00
d7a9534eeb
public-reverse-proxy: use public-web-static as host for hackert. ccchh
2024-10-12 22:00:14 +02:00
a35fcc13cf
Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra
2024-10-08 20:28:57 +02:00
2fc54f5a83
Add missing headers to avoid CSRF errors
2024-10-08 20:28:56 +02:00
4cac84e7ec
prometheus: have different disk alerts for physical and virtual hosts
...
Have more relaxed read/write alerts for physical hosts as they are
probably hypervisors and regular high read/writes are more common.
Also differentiate between physical and virtual hosts for IO alerts and
allow for hard disks to spend more time in IO.
2024-10-05 17:22:45 +02:00
f721dd9fea
prometheus: make opnsense-ccchh job not fail half the time
...
The scrape seems to take around a second to complete and with the
configured timeout of 1s that failed half the time. Therefore use the
default, more relaxed scrape interval and timeout and have it be
reliable.
2024-10-05 17:22:45 +02:00
d8188d192b
Use keycloak version 26
2024-10-04 17:07:49 +02:00
43ca24b5e2
Take website image from Forgejo
2024-10-03 19:44:43 +02:00
229daa72fc
Redirect plain URL to hash for ticket deep links
2024-10-03 19:44:15 +02:00
0a05cad0a1
prometheus & alertmanager: add self-alerting
...
Add self-alerting for Prometheus and Alertmanager using rules from
https://samber.github.io/awesome-prometheus-alerts/rules
2024-10-02 04:13:37 +02:00
2e29b78f6a
prometheus: move Jitsis node exporter target to hosts job
2024-10-02 03:45:56 +02:00
61edc3587f
alertmanager: give Alertmanager a persistent storage directory
2024-10-02 03:43:22 +02:00
30876f821c
prometheus, alertmanager: use Prometheus alerts with Alertmanager
...
For now introduce node-exporter/hosts alert rules, which got taken from
https://samber.github.io/awesome-prometheus-alerts/rules
However with the labels removed from the description, since they don't
render correctly (at least in Telegram) and don't seem to provide much
value, as we render the labels in the notification anyway.
Also only have Telegram as the notification channel for now, as it was
the easiest to set up.
2024-10-02 03:36:30 +02:00
803b19de0a
prometheus: add job for node exporter (for the NixOS VMs for now)
2024-10-01 20:09:42 +02:00
29d2d2926f
prometheus: don't duplicate scrape interval and timeout
2024-10-01 01:59:33 +02:00
e81ae5165f
public-reverse-proxy: config for eh20 static website deploy
2024-09-28 05:04:01 +02:00
5b043ff852
Remove deprecated property
2024-09-13 20:05:17 +02:00
a41af95f20
Upgrade to current version
2024-09-13 20:00:39 +02:00
dfbc8e58a9
USe unless-stopped instead of always
2024-09-08 17:45:00 +02:00
475a758f83
unattended upgrade all packages
2024-09-02 20:44:55 +02:00
94a5db2215
Add pretalx
2024-08-18 09:20:28 +02:00