diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml deleted file mode 100644 index 1c8fa93..0000000 --- a/inventories/chaosknoten/host_vars/chaosknoten.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Used in deploy_hypervisor playbook. -hypervisor__template_vm_config: - - name: STORAGE - value: nvme0 - - name: BRIDGE - value: vmbr4 diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index 92185ed..c164b0b 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -55,6 +55,9 @@ all: public-reverse-proxy: ansible_host: public-reverse-proxy.hamburg.ccc.de ansible_user: chaos + router: + ansible_host: router.hamburg.ccc.de + ansible_user: chaos wiki: ansible_host: wiki-intern.hamburg.ccc.de ansible_user: chaos @@ -81,6 +84,7 @@ base_config_hosts: pad: pretalx: public-reverse-proxy: + router: tickets: wiki: zammad: @@ -161,6 +165,7 @@ infrastructure_authorized_keys_hosts: pad: pretalx: public-reverse-proxy: + router: wiki: zammad: wiki_hosts: @@ -171,9 +176,3 @@ netbox_hosts: hosts: eh22-netbox: netbox: -proxmox_vm_template_hosts: - hosts: - chaosknoten: -ansible_pull_hosts: - hosts: - netbox: diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml index 13e2cc9..0dde922 100644 --- a/inventories/z9/hosts.yaml +++ b/inventories/z9/hosts.yaml @@ -6,11 +6,6 @@ all: authoritative-dns: ansible_host: authoritative-dns.z9.ccchh.net ansible_user: chaos - thinkcccore0: - ansible_host: thinkcccore0.z9.ccchh.net -hypervisors: - hosts: - thinkcccore0: nginx_hosts: hosts: light: @@ -24,6 +19,3 @@ infrastructure_authorized_keys_hosts: hosts: light: authoritative-dns: -proxmox_vm_template_hosts: - hosts: - thinkcccore0: diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml deleted file mode 100644 index 4d3200f..0000000 --- a/playbooks/deploy_hypervisor.yaml +++ /dev/null @@ -1,61 +0,0 @@ -- name: Ensure the VM template generation is set up - hosts: proxmox_vm_template_hosts - tasks: - - name: Ensure dependencies are present - ansible.builtin.apt: - name: - - git - - libguestfs-tools - become: true - - - name: Ensure /usr/local/{lib,sbin} exist - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: root - group: root - mode: "0755" - become: true - loop: - - "/usr/local/lib/" - - "/usr/local/sbin/" - - - name: Ensure the pve-template-vm repo is present - ansible.builtin.git: - repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git - dest: /usr/local/lib/pve-template-vm - version: main - force: true - depth: 1 - single_branch: true - track_submodules: true - become: true - - # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin. - - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin - ansible.builtin.file: - src: /usr/local/lib/pve-template-vm/build-proxmox-template - dest: /usr/local/sbin/build-proxmox-template - state: link - owner: root - group: root - mode: '0755' - become: true - - # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config. - - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00 - ansible.builtin.cron: - name: "ansible build proxmox template" - cron_file: ansible_build_proxmox_template - minute: 0 - hour: 4 - weekday: 5 - user: root - job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\ - /usr/bin/env \ - {% for item in hypervisor__template_vm_config | default([]) %}\ - {{ item.name }}=\"{{ item.value }}\" \ - {% endfor %}\ - {% endif %}\ - /usr/local/sbin/build-proxmox-template" - become: true diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 231f581..9509654 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.1 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0 pull_policy: always restart: unless-stopped command: start --optimized @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: postgres:15.12 + image: postgres:15.2 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf index 2b0d919..372715d 100644 --- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf +++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf @@ -43,7 +43,6 @@ server { allow 185.161.129.132/32; # z9 allow 2a07:c480:0:100::/56; # z9 - allow 2a07:c481:1::/48; # z9 new ipv6 allow 213.240.180.39/32; # stbe home allow 2a01:170:118b::1/64; # stbe home deny all; diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 20dbd9c..b210098 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -53,7 +53,6 @@ services: restart: unless-stopped environment: PRETALX_DATA_DIR: /data - PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB PRETALX_FILESYSTEM_MEDIA: /public/media PRETALX_FILESYSTEM_STATIC: /public/static PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index e2b89d9..4e0e8e3 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -71,7 +71,6 @@ map $host $upstream_acme_challenge_host { hydra.hamburg.ccc.de 172.31.17.163:31820; cfp.eh22.easterhegg.eu 172.31.17.157:31820; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; - hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820; default ""; } diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 6560b75..4a7f84c 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -89,7 +89,6 @@ stream { hydra.hamburg.ccc.de 172.31.17.163:8443; cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; - hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443; } diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml index 721a348..001bbe4 100644 --- a/roles/deploy_ssh_server_config/handlers/main.yaml +++ b/roles/deploy_ssh_server_config/handlers/main.yaml @@ -1,5 +1,3 @@ -- name: restart the ssh service - ansible.builtin.systemd: - name: ssh.service - state: restarted +- name: reboot the system become: true + ansible.builtin.reboot: diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml index 4350790..f5d00f5 100644 --- a/roles/deploy_ssh_server_config/tasks/main.yaml +++ b/roles/deploy_ssh_server_config/tasks/main.yaml @@ -12,7 +12,8 @@ group: root src: sshd_config.j2 notify: - - restart the ssh service + # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. + - reboot the system - name: deactivate short moduli ansible.builtin.shell: @@ -31,4 +32,5 @@ changed_when: - '"ansible-changed" in result.stdout' notify: - - restart the ssh service + # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. + - reboot the system