CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

Compare commits

base: CCCHH:73e77bde703ce52026e19edd56d482e89afa46ba
Branches Tags
CCCHH:main
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-github-artifact-actions
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:new_ccchh_router
CCCHH:docs-outline-style
CCCHH:alloy
CCCHH:old-dns-zones
..
compare: CCCHH:89d91224200ce4edf5c842f285153454baa6b0b4
Branches Tags
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-github-artifact-actions
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:main
CCCHH:new_ccchh_router
CCCHH:docs-outline-style
CCCHH:alloy
CCCHH:old-dns-zones

1 commit
73e77bde70 ... 89d9122420

Author SHA1 Message Date
June
89d9122420
 		tag plays in playbooks (instead of tasks in roles)
All checks were successful
/ Ansible Lint (push) Successful in 2m23s
Details
/ Ansible Lint (pull_request) Successful in 2m22s
Details
2026-05-18 18:14:51 +02:00
8 changed files with 32 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

2
resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone
View file

@ -196,6 +196,7 @@ matrix-intern IN A 172.31.17.150
; have this for compatibility (like references in CI)
public-web-static-intern IN AAAA 2a00:14b0:42:102::17
git-intern IN A 172.31.17.154
woodpecker-intern IN A 172.31.17.160
penpot-intern IN A 172.31.17.162
forgejo-runner-builder IN A 172.31.17.202
renovate-forgejo IN A 172.31.17.163
@ -274,6 +275,7 @@ matrix IN CNAME public-reverse-proxy
mas IN CNAME public-reverse-proxy
element-admin IN CNAME public-reverse-proxy
netbox IN CNAME public-reverse-proxy
woodpecker IN CNAME public-reverse-proxy
onlyoffice IN CNAME public-reverse-proxy
pad IN CNAME public-reverse-proxy
pretalx IN CNAME public-reverse-proxy

8
resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
View file

@ -129,7 +129,7 @@ groups:
# General high disk read and write rate alerts.
# Excluding: hypervisor hosts, CI hosts
- alert: HostUnusualDiskReadRate
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"}
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"}
for: 5m
labels:
severity: warning
@ -137,7 +137,7 @@ groups:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}"
- alert: HostUnusualDiskWriteRate
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"}
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"}
for: 2m
labels:
severity: warning
@ -147,7 +147,7 @@ groups:
# CI hosts high disk read and write alerts.
# Longer intervals to account for disk intensive CI tasks.
- alert: CIHostUnusualDiskReadRate
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"}
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"}
for: 10m
labels:
severity: warning
@ -155,7 +155,7 @@ groups:
summary: CI host unusual disk read rate for 10 min (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}"
- alert: VirtualHostUnusualDiskWriteRate
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"}
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"}
for: 4m
labels:
severity: warning

1
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -70,6 +70,7 @@ map $host $upstream_acme_challenge_host {
eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:31820;
hacker.tours public-web-static.hosts.hamburg.ccc.de:31820;
staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:31820;
woodpecker.hamburg.ccc.de 172.31.17.160:31820;
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
ntfy.hamburg.ccc.de ntfy.hosts.hamburg.ccc.de:31820;

1
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -91,6 +91,7 @@ stream {
eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:8443;
hacker.tours public-web-static.hosts.hamburg.ccc.de:8443;
staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:8443;
woodpecker.hamburg.ccc.de 172.31.17.160:8443;
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx.hosts.hamburg.ccc.de:8443;

8
resources/external/status/docker_compose/config/services-chaosknoten.yaml vendored
View file

@ -294,6 +294,14 @@ endpoints:
- "[CERTIFICATE_EXPIRATION] > 48h"
- "[BODY] == pat(*CCCHH Wiki*)"
- name: Woodpecker
url: "https://woodpecker.hamburg.ccc.de/"
<<: *services_chaosknoten_defaults
conditions:
- "[STATUS] == 200"
- "[CERTIFICATE_EXPIRATION] > 48h"
- "[BODY] == pat(*Woodpecker*)"
- name: Zammad
url: "https://zammad.hamburg.ccc.de/"
<<: *services_chaosknoten_defaults

7
roles/renovate/files/renovate-cleanup.service
View file

@ -1,7 +0,0 @@
[Unit]
Description=renovate cleanup (delete docker volume)
Conflicts=renovate.service
[Service]
Type=oneshot
ExecStart=/usr/bin/docker volume rm renovate

9
roles/renovate/files/renovate-cleanup.timer
View file

@ -1,9 +0,0 @@
[Unit]
Description=renovate cleanup (delete docker volume) running daily
[Timer]
# @daily with 10 minute offset
OnCalendar=*-*-* 00:10
[Install]
WantedBy=timers.target

29
roles/renovate/tasks/main.yaml
View file

@ -16,28 +16,31 @@
mode: "0640"
become: true
- name: ensure systemd services and timers exist
- name: ensure systemd service exists
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
src: renovate.service
dest: /etc/systemd/system/renovate.service
owner: root
group: root
mode: "0644"
become: true
loop:
- renovate.service
- renovate-cleanup.service
- renovate.timer
- renovate-cleanup.timer
notify:
- systemd daemon reload
- name: ensure systemd timers are started and enabled
- name: ensure systemd timer exists
ansible.builtin.copy:
src: renovate.timer
dest: /etc/systemd/system/renovate.timer
owner: root
group: root
mode: "0644"
become: true
notify:
- systemd daemon reload
- name: ensure systemd timer is started and enabled
ansible.builtin.systemd_service:
name: "{{ item }}"
name: renovate.timer
state: started
enabled: true
loop:
- renovate.timer
- renovate-cleanup.timer
become: true