diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index a9c4851..21a8d0e 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -196,6 +196,7 @@ matrix-intern IN A 172.31.17.150 ; have this for compatibility (like references in CI) public-web-static-intern IN AAAA 2a00:14b0:42:102::17 git-intern IN A 172.31.17.154 +woodpecker-intern IN A 172.31.17.160 penpot-intern IN A 172.31.17.162 forgejo-runner-builder IN A 172.31.17.202 renovate-forgejo IN A 172.31.17.163 @@ -274,6 +275,7 @@ matrix IN CNAME public-reverse-proxy mas IN CNAME public-reverse-proxy element-admin IN CNAME public-reverse-proxy netbox IN CNAME public-reverse-proxy +woodpecker IN CNAME public-reverse-proxy onlyoffice IN CNAME public-reverse-proxy pad IN CNAME public-reverse-proxy pretalx IN CNAME public-reverse-proxy diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml index 15b9b1f..4a2bc6f 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml @@ -129,7 +129,7 @@ groups: # General high disk read and write rate alerts. # Excluding: hypervisor hosts, CI hosts - alert: HostUnusualDiskReadRate - expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"} + expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"} for: 5m labels: severity: warning @@ -137,7 +137,7 @@ groups: summary: Host unusual disk read rate (instance {{ $labels.instance }}) description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}" - alert: HostUnusualDiskWriteRate - expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"} + expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"} for: 2m labels: severity: warning @@ -147,7 +147,7 @@ groups: # CI hosts high disk read and write alerts. # Longer intervals to account for disk intensive CI tasks. - alert: CIHostUnusualDiskReadRate - expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"} + expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"} for: 10m labels: severity: warning @@ -155,7 +155,7 @@ groups: summary: CI host unusual disk read rate for 10 min (instance {{ $labels.instance }}) description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}" - alert: VirtualHostUnusualDiskWriteRate - expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"} + expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"} for: 4m labels: severity: warning diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index e8b8c8e..93968b0 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -70,6 +70,7 @@ map $host $upstream_acme_challenge_host { eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:31820; hacker.tours public-web-static.hosts.hamburg.ccc.de:31820; staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:31820; + woodpecker.hamburg.ccc.de 172.31.17.160:31820; design.hamburg.ccc.de 172.31.17.162:31820; hydra.hamburg.ccc.de 172.31.17.163:31820; ntfy.hamburg.ccc.de ntfy.hosts.hamburg.ccc.de:31820; diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 0a004c9..843c094 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -91,6 +91,7 @@ stream { eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:8443; hacker.tours public-web-static.hosts.hamburg.ccc.de:8443; staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:8443; + woodpecker.hamburg.ccc.de 172.31.17.160:8443; design.hamburg.ccc.de 172.31.17.162:8443; hydra.hamburg.ccc.de 172.31.17.163:8443; cfp.eh22.easterhegg.eu pretalx.hosts.hamburg.ccc.de:8443; diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml index 74991b7..0ee6ef4 100644 --- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml +++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml @@ -294,6 +294,14 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*CCCHH Wiki*)" + - name: Woodpecker + url: "https://woodpecker.hamburg.ccc.de/" + <<: *services_chaosknoten_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*Woodpecker*)" + - name: Zammad url: "https://zammad.hamburg.ccc.de/" <<: *services_chaosknoten_defaults diff --git a/roles/renovate/files/renovate-cleanup.service b/roles/renovate/files/renovate-cleanup.service deleted file mode 100644 index 55c191e..0000000 --- a/roles/renovate/files/renovate-cleanup.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=renovate cleanup (delete docker volume) -Conflicts=renovate.service - -[Service] -Type=oneshot -ExecStart=/usr/bin/docker volume rm renovate diff --git a/roles/renovate/files/renovate-cleanup.timer b/roles/renovate/files/renovate-cleanup.timer deleted file mode 100644 index 510004d..0000000 --- a/roles/renovate/files/renovate-cleanup.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=renovate cleanup (delete docker volume) running daily - -[Timer] -# @daily with 10 minute offset -OnCalendar=*-*-* 00:10 - -[Install] -WantedBy=timers.target diff --git a/roles/renovate/tasks/main.yaml b/roles/renovate/tasks/main.yaml index 4a6c018..f6988ab 100644 --- a/roles/renovate/tasks/main.yaml +++ b/roles/renovate/tasks/main.yaml @@ -16,28 +16,31 @@ mode: "0640" become: true -- name: ensure systemd services and timers exist +- name: ensure systemd service exists ansible.builtin.copy: - src: "{{ item }}" - dest: "/etc/systemd/system/{{ item }}" + src: renovate.service + dest: /etc/systemd/system/renovate.service owner: root group: root mode: "0644" become: true - loop: - - renovate.service - - renovate-cleanup.service - - renovate.timer - - renovate-cleanup.timer notify: - systemd daemon reload -- name: ensure systemd timers are started and enabled +- name: ensure systemd timer exists + ansible.builtin.copy: + src: renovate.timer + dest: /etc/systemd/system/renovate.timer + owner: root + group: root + mode: "0644" + become: true + notify: + - systemd daemon reload + +- name: ensure systemd timer is started and enabled ansible.builtin.systemd_service: - name: "{{ item }}" + name: renovate.timer state: started enabled: true - loop: - - renovate.timer - - renovate-cleanup.timer become: true