CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

Compare commits

base: CCCHH:de72c4c5fcbe4f8abfd1afd6316d7809fce5a2a6
Branches Tags
CCCHH:main
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-github-artifact-actions
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:new_ccchh_router
CCCHH:docs-outline-style
CCCHH:alloy
CCCHH:old-dns-zones
..
compare: CCCHH:f270ec1779daeec5b2ef2f65acc9b1332e87bd71
Branches Tags
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-github-artifact-actions
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:main
CCCHH:new_ccchh_router
CCCHH:docs-outline-style
CCCHH:alloy
CCCHH:old-dns-zones

1 commit
de72c4c5fc ... f270ec1779

Author SHA1 Message Date
Renovate
f270ec1779 Update docker.io/pretix/standalone Docker tag to v2026.4
All checks were successful
/ Ansible Lint (pull_request) Successful in 3m10s
Details
/ Ansible Lint (push) Successful in 3m14s
Details
2026-05-10 01:16:07 +00:00
20 changed files with 143 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

20
inventories/chaosknoten/host_vars/auth-dns.yaml
View file

@ -40,3 +40,23 @@ knot__zones:
- domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
- domain: "2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
- domain: "3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
- domain: "4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
- domain: "5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
- domain: "6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
notify_targets: [ "ns-intern.hamburg.ccc.de" ]
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"

10
inventories/chaosknoten/host_vars/lists.sops.yaml
View file

@ -1,8 +1,4 @@
ansible_pull__age_private_key: ENC[AES256_GCM,data:pUFhg492OUXVIlDZ3Z9A/H0doJCuTX0zh9qLU88nz18jMzWmzXhc2kbQkk4QeSTnZ12juiTbpUFW+1cE1bOontIu5qiQgpe3c8s=,iv:bONSyFUibcszUcxBt749aiVVnqLKBuEJmfege0dGaM8=,tag:cvapTnTN62XTR6tQBSe+IQ==,type:str]
secret__lists__hyperkitty_api_key: ENC[AES256_GCM,data:byO7x/r3E9mwxOwiK0Is+Mp+d2uRIBgNsX2YWUg20Cs=,iv:H9ufaS6JlKhkbsG5aM3owR0U10e0JNYX/s3AJagB6kY=,tag:5umAs792BwNF9bMCX69PBw==,type:str]
secret__lists__postgres_password: ENC[AES256_GCM,data:HcH4Lyw9uuuqXGrrXkUqzg==,iv:3adzec+Wnh37LjzwMp7zhWMf9jZzI6EyUmEGS9TUYBg=,tag:8/jZrUzkcM+U3nME6+DSSA==,type:str]
secret__lists__rest_password: ENC[AES256_GCM,data:BMCNEikejiDET0Mdlrzfcg==,iv:U5hVjM/epfzz2m/wXKhYhwFI/3zKX7XS/UMlBqwTZNk=,tag:0n79+5mP7ocY7jVQmWm+WA==,type:str]
secret__lists__web_secret_key: ENC[AES256_GCM,data:3DntszkNw5ciwRUJJdmHTGTpjm9ZMBf9wO3MHAeiXuw=,iv:GqqjRcg0zG193Y04UYIipB8BBk/JUtGvtTCVQ4HCjDw=,tag:aY4d+CPGxMvRz8t983p9sw==,type:str]
sops:
age:
- recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq
@ -14,8 +10,8 @@ sops:
THpvS29mY1BIbktZYkhCYm1NMFdLcXcKBtXXokEi1nSVA099XXNrx3w4Fr1lnLMf
2KTuylUef8RUgHPx1wo5Q7xlYNR48GupHVQxb9VvyDTXOZEiAV7Pdw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-16T11:00:16Z"
mac: ENC[AES256_GCM,data:vwQc2suUJ0KiSsYRcrvsYHNYF2c8SU58LxWoFpzTX5hSDNy8LOWJIa6Ouo8c7gk4gYB0mS/FbmgEo8LOCDvRKamfgrpZQ2wvxI7GdGRjR0LOsS8O2xZ8QZ3BK9DfEfnA5ESgzRzX6Iuc4ZBUGfAQoDDxXrnh2ogWUdYPC81T5qU=,iv:Vi74U97iZAqQ8DDW2p3ncg58l6+mxar4hC5f48AuPAQ=,tag:Jd09hXId+ogV4rB0AWS2NA==,type:str]
lastmodified: "2025-10-20T18:57:27Z"
mac: ENC[AES256_GCM,data:IAM6vn4rI1l6qvPWEcDJ5xoD3I8/GWOr+PmRQ0QdkVMD9Pt7cHtMhHPpYvH3e8MfDPhC2g2uwt9FHsPqpcOXpflme0aF4E9PndGi1Pzi+yh40FSBAzLT3MEQ50vZ2rifzqUe5KSrXByF1WAnZxLTMST+xIlvEZOV0gx6y0G/iHQ=,iv:15MZsyClZ+WLBZgcRSq740LgDakuHAXAb3hAQyLKVSU=,tag:7+lRz4XKKVlkSeDVs4Jy9g==,type:str]
pgp:
- created_at: "2026-04-18T22:36:23Z"
enc: |-
@ -208,4 +204,4 @@ sops:
-----END PGP MESSAGE-----
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
unencrypted_suffix: _unencrypted
version: 3.12.2
version: 3.11.0

2
inventories/chaosknoten/host_vars/lists.yaml
View file

@ -1,4 +1,4 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/lists/docker_compose/compose.yaml.j2') }}"
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/lists/docker_compose/compose.yaml') }}"
docker_compose__configuration_files:
- name: settings_local.py
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/lists/docker_compose/settings_local.py') }}"

16
resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone Normal file
View file

@ -0,0 +1,16 @@
$TTL 7200
@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
2023073001
10800
3600
3600000
86400 )
IN NS auth-dns.hamburg.ccc.de.
IN NS ns.vie.ccc.de.
; 2a00:14b0:4200:3000:122::1
1.0.0.0.0.0.0.0.0.0.0.0 IN PTR turing.hamburg.ccc.de.

15
resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone Normal file
View file

@ -0,0 +1,15 @@
$TTL 7200
@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
2023072900
10800
3600
3600000
86400 )
IN NS auth-dns.hamburg.ccc.de.
IN NS ns.vie.ccc.de.
; 2a00:14b0:4200:3000:123::1
1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de.

15
resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone Normal file
View file

@ -0,0 +1,15 @@
$TTL 7200
@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
2023072900
10800
3600
3600000
86400 )
IN NS auth-dns.hamburg.ccc.de.
IN NS ns.vie.ccc.de.
; 2a00:14b0:4200:3000:124::1
1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de.

15
resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone Normal file
View file

@ -0,0 +1,15 @@
$TTL 7200
@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
2023072900
10800
3600
3600000
86400 )
IN NS auth-dns.hamburg.ccc.de.
IN NS ns.vie.ccc.de.
; 2a00:14b0:4200:3000:125::1
1.0.0.0.0.0.0.0.0.0.0.0 IN PTR public-reverse-proxy.hamburg.ccc.de.

15
resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone Normal file
View file

@ -0,0 +1,15 @@
$TTL 7200
@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. (
2023073001
10800
3600
3600000
86400 )
IN NS auth-dns.hamburg.ccc.de.
IN NS ns.vie.ccc.de.
; 2a00:14b0:4200:3000:126::1
1.0.0.0.0.0.0.0.0.0.0.0 IN PTR chaosknoten.hamburg.ccc.de.

2
resources/chaosknoten/auth-dns/zones/ccchh.net.zone
View file

@ -52,7 +52,7 @@ hmdooris-ccu A 10.31.208.202
buba A 10.31.211.137
buba.z9 A 10.31.211.137
dooris AAAA 2a07:c481:1:d0::1c
_acme-challenge.dooris CNAME 37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de.
_acme-challenge.dooris CNAME 37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de
waybackproxy A 10.31.208.99
yate A 10.31.208.12
staubiv2 A 10.31.210.233

2
resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone
View file

@ -196,6 +196,7 @@ matrix-intern IN A 172.31.17.150
; have this for compatibility (like references in CI)
public-web-static-intern IN AAAA 2a00:14b0:42:102::17
git-intern IN A 172.31.17.154
woodpecker-intern IN A 172.31.17.160
penpot-intern IN A 172.31.17.162
forgejo-runner-builder IN A 172.31.17.202
renovate-forgejo IN A 172.31.17.163
@ -274,6 +275,7 @@ matrix IN CNAME public-reverse-proxy
mas IN CNAME public-reverse-proxy
element-admin IN CNAME public-reverse-proxy
netbox IN CNAME public-reverse-proxy
woodpecker IN CNAME public-reverse-proxy
onlyoffice IN CNAME public-reverse-proxy
pad IN CNAME public-reverse-proxy
pretalx IN CNAME public-reverse-proxy

2
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -32,7 +32,7 @@ services:
- alertmanager_data:/alertmanager
grafana:
image: docker.io/grafana/grafana:13.0.1
image: docker.io/grafana/grafana:12.4.2
container_name: grafana
ports:
- 3000:3000

8
resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
View file

@ -129,7 +129,7 @@ groups:
# General high disk read and write rate alerts.
# Excluding: hypervisor hosts, CI hosts
- alert: HostUnusualDiskReadRate
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"}
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"}
for: 5m
labels:
severity: warning
@ -137,7 +137,7 @@ groups:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}"
- alert: HostUnusualDiskWriteRate
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="chaosknoten"}
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename=~".+", nodename!="forgejo-actions-runner", nodename!="woodpecker", nodename!="chaosknoten"}
for: 2m
labels:
severity: warning
@ -147,7 +147,7 @@ groups:
# CI hosts high disk read and write alerts.
# Longer intervals to account for disk intensive CI tasks.
- alert: CIHostUnusualDiskReadRate
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"}
expr: (sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"}
for: 10m
labels:
severity: warning
@ -155,7 +155,7 @@ groups:
summary: CI host unusual disk read rate for 10 min (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}"
- alert: VirtualHostUnusualDiskWriteRate
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner"}
expr: (sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50) * on(instance) group_left (nodename) node_uname_info{nodename="forgejo-actions-runner", nodename="woodpecker"}
for: 4m
labels:
severity: warning

19
resources/chaosknoten/lists/docker_compose/compose.yaml.j2 → resources/chaosknoten/lists/docker_compose/compose.yaml
View file

@ -12,13 +12,11 @@ services:
depends_on:
- database
environment:
- "DATABASE_URL=postgresql://mailman:{{ secret__lists__postgres_password }}@database/mailmandb"
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
- DATABASE_TYPE=postgres
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
- HYPERKITTY_API_KEY={{ secret__lists__hyperkitty_api_key }}
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
- MTA=postfix
- MAILMAN_REST_USER=restuser
- MAILMAN_REST_PASSWORD={{ secret__lists__rest_password }}
ports:
- "127.0.0.1:8001:8001" # API
- "127.0.0.1:8024:8024" # LMTP - incoming emails
@ -41,15 +39,13 @@ services:
- ./files/templates:/opt/mailman-web/templates
environment:
- DATABASE_TYPE=postgres
- "DATABASE_URL=postgresql://mailman:{{ secret__lists__postgres_password }}@database/mailmandb"
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
- HYPERKITTY_API_KEY={{ secret__lists__hyperkitty_api_key }}
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
- SECRET_KEY={{ secret__lists__web_secret_key }}
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
- MAILMAN_ADMIN_USER=ccchh-admin
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
- MAILMAN_REST_USER=restuser
- MAILMAN_REST_PASSWORD={{ secret__lists__rest_password }}
ports:
- "127.0.0.1:8000:8000" # HTTP
- "127.0.0.1:8080:8080" # uwsgi
@ -61,7 +57,7 @@ services:
environment:
- POSTGRES_DB=mailmandb
- POSTGRES_USER=mailman
- "POSTGRES_PASSWORD={{ secret__lists__postgres_password }}"
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
image: docker.io/library/postgres:12-alpine
volumes:
- /opt/mailman/database:/var/lib/postgresql/data
@ -74,4 +70,5 @@ networks:
ipam:
driver: default
config:
- subnet: 172.19.199.0/24
-
subnet: 172.19.199.0/24

1
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -70,6 +70,7 @@ map $host $upstream_acme_challenge_host {
eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:31820;
hacker.tours public-web-static.hosts.hamburg.ccc.de:31820;
staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:31820;
woodpecker.hamburg.ccc.de 172.31.17.160:31820;
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
ntfy.hamburg.ccc.de ntfy.hosts.hamburg.ccc.de:31820;

1
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -91,6 +91,7 @@ stream {
eh20.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:8443;
hacker.tours public-web-static.hosts.hamburg.ccc.de:8443;
staging.hacker.tours public-web-static.hosts.hamburg.ccc.de:8443;
woodpecker.hamburg.ccc.de 172.31.17.160:8443;
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx.hosts.hamburg.ccc.de:8443;

8
resources/external/status/docker_compose/config/services-chaosknoten.yaml vendored
View file

@ -294,6 +294,14 @@ endpoints:
- "[CERTIFICATE_EXPIRATION] > 48h"
- "[BODY] == pat(*CCCHH Wiki*)"
- name: Woodpecker
url: "https://woodpecker.hamburg.ccc.de/"
<<: *services_chaosknoten_defaults
conditions:
- "[STATUS] == 200"
- "[CERTIFICATE_EXPIRATION] > 48h"
- "[BODY] == pat(*Woodpecker*)"
- name: Zammad
url: "https://zammad.hamburg.ccc.de/"
<<: *services_chaosknoten_defaults

24
resources/z9/dooris/docker_compose/compose.yaml.j2
View file

@ -2,13 +2,21 @@
services:
dooris:
image: git.hamburg.ccc.de/ccchh/dooris:latest
image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
environment:
DOORIS_OPENID_ISSUER: https://id.hamburg.ccc.de/realms/ccchh/
DOORIS_OPENID_CLIENT_ID: dooris
DOORIS_OPENID_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
DOORIS_BASE_URL: https://dooris.ccchh.net
DOORIS_CCUJACK_USER: "dooris"
DOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
network_mode: host
HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
HMDOORIS_CCUJACK_USERNAME: dooris
HMDOORIS_CLIENT_ID: dooris
HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
HMDOORIS_LISTEN: '0.0.0.0:3000'
HMDOORIS_REQUIRES_GROUP: /intern
HMDOORIS_URL: https://dooris.ccchh.net
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
#DEBUG: true
ports:
- "127.0.0.1:3000:3000"
restart: unless-stopped

6
resources/z9/dooris/nginx/dooris.ccchh.net.conf
View file

@ -32,10 +32,6 @@ server {
proxy_set_header Connection "upgrade";
location / {
proxy_pass http://127.0.0.1:8000/;
# Increase size to fix nginx error: "upstream sent too big header while reading response header from upstream"
proxy_buffer_size 64k;
proxy_busy_buffers_size 64k;
proxy_buffers 20 4k;
proxy_pass http://127.0.0.1:3000/;
}
}

1
roles/ansible_pull/templates/ansible-pull.service.j2
View file

@ -6,7 +6,6 @@ OnFailure=ansible-pull-failure-notify.service
[Service]
Type=oneshot
TimeoutStartSec=30min
Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
ExecStartPre=/usr/bin/bash -c 'if [ ! -e /home/chaos/ansible_pull_checkout ]; then git clone --depth 1 "{{ ansible_pull__repo_url }}" /home/chaos/ansible_pull_checkout ; fi'
ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy role install -r /home/chaos/ansible_pull_checkout/requirements.yml

2
roles/deploy_systemd_journal_config/files/10-ccchh.conf
View file

@ -1,5 +1,3 @@
[Journal]
MaxFileSec=2day
MaxRetentionSec=2week
ForwardToSyslog=no