CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Compare commits

base: CCCHH:a86b34cf34bf108da491f58e0837201a2e963a51
Branches Tags
CCCHH:main
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops
..
compare: CCCHH:93212e224874d8d0699c4f0721da1381b321b743
Branches Tags
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:main
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops

No commits in common. "a86b34cf34bf108da491f58e0837201a2e963a51" and "93212e224874d8d0699c4f0721da1381b321b743" have entirely different histories.
a86b34cf34 ... 93212e2248

10 changed files with 18 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

30
inventories/chaosknoten/hosts.yaml
View file

@ -51,21 +51,6 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
base_config_hosts:
hosts:
ccchoir:
cloud:
grafana:
keycloak:
lists:
mumble:
onlyoffice:
pad:
pretalx:
public-reverse-proxy:
tickets:
wiki:
zammad:
docker_compose_hosts: docker_compose_hosts:
hosts: hosts:
ccchoir: ccchoir:
@ -97,6 +82,21 @@ all:
public_reverse_proxy_hosts: public_reverse_proxy_hosts:
hosts: hosts:
public-reverse-proxy: public-reverse-proxy:
ssh_server_config_hosts:
hosts:
ccchoir:
cloud:
grafana:
keycloak:
lists:
mumble:
onlyoffice:
pad:
pretalx:
public-reverse-proxy:
tickets:
wiki:
zammad:
certbot_hosts: certbot_hosts:
hosts: hosts:
ccchoir: ccchoir:

6
playbooks/deploy.yaml
View file

@ -1,8 +1,8 @@
--- ---
- name: Ensure base config is deployment on base_config_hosts - name: Ensure SSH server config deployment on ssh_server_config_hosts
hosts: base_config_hosts hosts: ssh_server_config_hosts
roles: roles:
- base_config - deploy_ssh_server_config
- name: Ensure deployment of infrastructure authorized keys - name: Ensure deployment of infrastructure authorized keys
hosts: infrastructure_authorized_keys_hosts hosts: infrastructure_authorized_keys_hosts

4
roles/base_config/meta/main.yaml
View file

@ -1,4 +0,0 @@
---
dependencies:
- role: deploy_ssh_server_config
- role: deploy_systemd_journal_config

3
roles/deploy_systemd_journal_config/files/10-ccchh.conf
View file

@ -1,3 +0,0 @@
[Journal]
MaxFileSec=2day
MaxRetentionSec=2week

5
roles/deploy_systemd_journal_config/handlers/main.yaml
View file

@ -1,5 +0,0 @@
- name: Restart `systemd-journald.service`
ansible.builtin.systemd:
name: systemd-journald.service
state: restarted
become: true

18
roles/deploy_systemd_journal_config/tasks/main.yaml
View file

@ -1,18 +0,0 @@
- name: Create 'journald.conf.d' directory if it does not exist
ansible.builtin.file:
path: "/etc/systemd/journald.conf.d"
state: directory
mode: '0644'
owner: root
group: root
become: true
- name: make sure the custom configuration file is deployed
ansible.builtin.copy:
src: "10-ccchh.conf"
dest: "/etc/systemd/journald.conf.d/10-ccchh.conf"
mode: "0644"
owner: root
group: root
become: true
notify: Restart `systemd-journald.service`

1
roles/nginx/defaults/main.yaml
View file

@ -1,6 +1,5 @@
nginx__deploy_redirect_conf: true nginx__deploy_redirect_conf: true
nginx__deploy_tls_conf: true nginx__deploy_tls_conf: true
nginx__deploy_logging_conf: true
nginx__configurations: [ ] nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: "" nginx__custom_nginx_conf: ""

2
roles/nginx/files/logging.conf
View file

@ -1,2 +0,0 @@
error_log syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=warn debug;
access_log syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=info main;

6
roles/nginx/meta/argument_specs.yaml
View file

@ -23,12 +23,6 @@ argument_specs:
type: bool type: bool
required: false required: false
default: true default: true
nginx__deploy_logging_conf:
description: >-
Whether or not to deploy a `logging.conf` to `/etc/nginx/conf.d/logging.conf`.
type: bool
required: false
default: true
nginx__configurations: nginx__configurations:
description: A list of nginx configurations. description: A list of nginx configurations.
type: list type: list

18
roles/nginx/tasks/main/config_deploy.yaml
View file

@ -100,24 +100,6 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing] nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing]
- name: handle the case, where logging.conf should be deployed
when: nginx__deploy_logging_conf
block:
- name: make sure logging.conf is deployed
ansible.builtin.copy:
force: true
dest: /etc/nginx/conf.d/logging.conf
mode: "0644"
owner: root
group: root
src: logging.conf
become: true
notify: Restart `nginx.service`
- name: add logging.conf to nginx__config_files_to_exist
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}" # noqa: jinja[spacing]
- name: make sure all given configuration files are deployed - name: make sure all given configuration files are deployed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ item.content }}" content: "{{ item.content }}"