164 commits

Author	SHA1	Message	Date
lilly	fcc0d615a7	configure diday.org on public-reverse-proxy	2026-02-26 18:01:52 +01:00
lilly	41dc9c8529	configure www2 nginx	2026-02-26 17:44:24 +01:00
Stefan Bethke	ac013ca8a1	Fix template syntax	2026-02-22 18:37:16 +01:00
Stefan Bethke	7a1ea7d40e	Override base.html template to brand site	2026-02-22 18:22:12 +01:00
lilly	bb06f21c53	configure diday website deployment	2026-02-18 11:57:21 +01:00
June	fe647da3bf	mjolnir: deploy mjolnir using docker compose ... Moving from mjolnir from nix-infra to ansible-infra. Also using native encryption now instead of the deprecated pantalaimon and having protectAllJoinedRooms set to true for easier and quicker usage.	2026-02-11 03:10:43 +01:00
Stefan Bethke	2350710177	Use new entry after acmedns db reset	2026-02-08 18:38:37 +01:00
Stefan Bethke	3086c2b60c	Use new name for sqlite driver	2026-02-08 14:19:02 +01:00
Stefan Bethke	196f1d70cf	downgrade acme-dns to v1.0	2026-02-08 11:37:14 +01:00
chris	c1e1897cda	grafana: more alertmanager config	2026-02-06 17:17:26 +01:00
June	17ba7c04f2	acmdns(host): expose and monitor health endpoint	2026-02-01 23:14:15 +01:00
June	536eedeffc	status(host): add monitoring for ACME DNS	2026-02-01 22:44:42 +01:00
June	397285655b	status(host): add monitoring for spaceapi.ccc.de	2026-02-01 21:38:57 +01:00
June	8e75f1ad14	status(host): add monitoring for cpu.ccc.de and aliases	2026-02-01 21:30:40 +01:00
June	c3b20abab3	status(host): use custom alert for Matrix to make it work with PAT ... The Personal Access Token we use isn't compatible with the default Matrix alerting provider, so use a custom alert.	2026-02-01 20:49:33 +01:00
June	9c2fe5ea9b	public-reverse-proxy(host): remove cpuccc.hamburg.ccc.de alias	2026-01-28 15:32:29 +01:00
Stefan Bethke	06ae220857	Remove spaceapiccc.hamburg.ccc.de	2026-01-27 22:35:28 +01:00
Stefan Bethke	1f2a08cf15	Spell stuff correctly	2026-01-27 20:16:57 +01:00
Stefan Bethke	3bba747dab	Configure seperate server for spaceapi.ccc.de	2026-01-27 16:30:00 +01:00
June	200e8019ed	public-reverse-proxy: add config for local/lokal.ccc.de ... local/lokal.ccc.de points to cpu.ccc.de.	2026-01-27 15:49:38 +01:00
Stefan Bethke	c8edde4d11	Pretty up	2026-01-26 00:20:27 +01:00
Stefan Bethke	0f3cd2c70a	amcedns to enable Let's Encrypt DNS-01 challenges	2026-01-25 22:41:42 +01:00
chris	6a92aa68c1	light: fix tls cert expiring and not renewing	2026-01-25 22:36:30 +01:00
chris	c7d51af5b4	rollout Alloy to replace prometheus_node_exporter ... With the new network we need to deploy a push based solution in order to get metrics into prometheus	2026-01-25 21:44:49 +01:00
chris	11779ab21d	grafana: get alertmanager to be more chill ... a bit of help to deal with alert fatigue	2026-01-25 21:41:20 +01:00
June	0939771d08	public-reverse-proxy(host): add entries for cpu.ccc.de	2026-01-25 20:22:44 +01:00
Stefan Bethke	cee1fe970a	Add spaceapiccc as a replacement for erfafoo	2026-01-25 14:03:54 +01:00
June	ddaa069204	status(host): configure Gatus to store more results and events ... Also see: https://github.com/TwiN/gatus?tab=readme-ov-file#storage	2026-01-18 21:39:23 +01:00
fi	28f80a85f3	status(host): Switch to nekover.se user for personal token ... As access token now apparently expire with matrix authentication services, use a nekover.se user where we can get a long-lived personal token.	2026-01-18 19:49:59 +01:00
June	d514688574	systemd_networkd(role),router(host): support global config to fix forw. ... With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now.	2026-01-18 19:21:33 +01:00
June	fe52127e82	status(host): configure external status page and uptime monitoring host	2026-01-18 01:26:52 +01:00
June	51bbdd42a2	dooris(host): make certbot work	2026-01-13 16:55:22 +01:00
June	428b5c70bc	pretalx(host): roll back to pretalx v2025.1.0 for celery as well	2026-01-13 14:19:57 +01:00
June	3e0fdfa8de	pretalx(host): roll back to pretalx v2025.1.0 as v2025.2.2 doesn't work	2026-01-13 03:43:28 +01:00
Renovate	c638790819	Update all stable non-major dependencies	2026-01-12 02:30:47 +00:00
June	968e29ccb8	do v6-only for internal proxy protocol communication ... Since we want to do v6-only internally, only listen on v6 for proxy protocol. This is also needed as we only have set_real_ip_from pointing to a v6.	2026-01-12 03:02:09 +01:00
June	255327952e	ntfy(host): move to new network and hostname	2026-01-11 03:57:11 +01:00
June	1971598e71	pretalx(host): move to new network and hostname	2026-01-11 03:23:18 +01:00
June	372f264bcb	ccchoir(host): move to new network and hostname	2026-01-11 03:23:14 +01:00
June	2fbb37db18	grafana(host): move to new network and hostname	2026-01-11 03:23:01 +01:00
June	bb30e88404	router(host): allowlist only certain icmpv6 types	2026-01-11 00:29:16 +01:00
June	a41b07949c	zammad(host): move to new network and hostname	2026-01-11 00:22:37 +01:00
June	ff550cbd8a	tickets(host): move to new network and hostname	2026-01-11 00:00:18 +01:00
June	49e3ecb986	netbox(host): move to new network and hostname	2026-01-09 03:05:29 +01:00
June	40b67c6bc3	sunders(host): move to new network and hostname	2026-01-07 18:46:16 +01:00
June	80ddb2efc9	router: enable a DHCP server for the v4-NAT network as well ... As the hosts don't really need a static v4, just do DHCP.	2026-01-07 17:25:27 +01:00
June	944c8cde82	onlyoffice(host): move to new network and hostname	2025-12-17 03:34:39 +01:00
June	366456eff8	keycloak(host): move to new network and hostname ... Also just listen on port 8443 for keycloak-admin proxy protocol.	2025-12-16 21:50:40 +01:00
June	1ca71a053e	pad(host): move to new network and hostname	2025-12-16 21:12:21 +01:00
June	570600fce3	eh22-wiki(host): move to new network and hostname	2025-12-16 20:58:05 +01:00