Also supply a dmoain for user content

Incread file upload limit to 1G (from 10MB)
keycloak: allow access form new IPv6 subnet at z9
2025-04-16 16:27:21 +02:00 · 2025-04-16 16:27:02 +02:00 · 2025-02-26 23:48:19 +01:00 · 2025-02-23 23:51:58 +01:00 · 2025-02-23 23:26:36 +01:00 · 2025-02-23 23:23:51 +01:00
8 changed files with 82 additions and 0 deletions
--- a/inventories/chaosknoten/host_vars/chaosknoten.yaml
+++ b/inventories/chaosknoten/host_vars/chaosknoten.yaml
@ -0,0 +1,6 @@
 # Used in deploy_hypervisor playbook.
 hypervisor__template_vm_config:
  - name: STORAGE
    value: nvme0
  - name: BRIDGE
    value: vmbr4
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -171,3 +171,6 @@ netbox_hosts:
  hosts:
    eh22-netbox:
    netbox:
 proxmox_vm_template_hosts:
  hosts:
    chaosknoten:
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@ -6,6 +6,11 @@ all:
    authoritative-dns:
      ansible_host: authoritative-dns.z9.ccchh.net
      ansible_user: chaos
    thinkcccore0:
      ansible_host: thinkcccore0.z9.ccchh.net
 hypervisors:
  hosts:
    thinkcccore0:
 nginx_hosts:
  hosts:
    light:
@ -19,3 +24,6 @@ infrastructure_authorized_keys_hosts:
  hosts:
    light:
    authoritative-dns:
 proxmox_vm_template_hosts:
  hosts:
    thinkcccore0:
--- a/playbooks/deploy_hypervisor.yaml
+++ b/playbooks/deploy_hypervisor.yaml
@ -0,0 +1,61 @@
 - name: Ensure the VM template generation is set up
  hosts: proxmox_vm_template_hosts
  tasks:
    - name: Ensure dependencies are present
      ansible.builtin.apt:
        name:
          - git
          - libguestfs-tools
      become: true
    - name: Ensure /usr/local/{lib,sbin} exist
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
        owner: root
        group: root
        mode: "0755"
      become: true
      loop:
        - "/usr/local/lib/"
        - "/usr/local/sbin/"
    - name: Ensure the pve-template-vm repo is present
      ansible.builtin.git:
        repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
        dest: /usr/local/lib/pve-template-vm
        version: main
        force: true
        depth: 1
        single_branch: true
        track_submodules: true
      become: true
    # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
    - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
      ansible.builtin.file:
        src: /usr/local/lib/pve-template-vm/build-proxmox-template
        dest: /usr/local/sbin/build-proxmox-template
        state: link
        owner: root
        group: root
        mode: '0755'
      become: true
    # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
    - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
      ansible.builtin.cron:
        name: "ansible build proxmox template"
        cron_file: ansible_build_proxmox_template
        minute: 0
        hour: 4
        weekday: 5
        user: root
        job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
              /usr/bin/env \
              {% for item in hypervisor__template_vm_config | default([]) %}\
              {{ item.name }}=\"{{ item.value }}\" \
              {% endfor %}\
              {% endif %}\
              /usr/local/sbin/build-proxmox-template"
      become: true
--- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
@ -43,6 +43,7 @@ server {
    allow 185.161.129.132/32; # z9
    allow 2a07:c480:0:100::/56; # z9
    allow 2a07:c481:1::/48; # z9 new ipv6
    allow 213.240.180.39/32; # stbe home
    allow 2a01:170:118b::1/64; # stbe home
    deny all;
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@ -53,6 +53,7 @@ services:
    restart: unless-stopped
    environment:
      PRETALX_DATA_DIR: /data
      PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
      PRETALX_FILESYSTEM_MEDIA: /public/media
      PRETALX_FILESYSTEM_STATIC: /public/static
      PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@ -71,6 +71,7 @@ map $host $upstream_acme_challenge_host {
    hydra.hamburg.ccc.de 172.31.17.163:31820;
    cfp.eh22.easterhegg.eu 172.31.17.157:31820;
    hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
    hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
    netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
    default "";
 }
--- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
@ -89,6 +89,7 @@ stream {
        hydra.hamburg.ccc.de 172.31.17.163:8443;
        cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
        hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
        hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
        netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
    }
Author	SHA1	Message	Date
Stefan Bethke	9c57fca876	Also supply a dmoain for user content	2025-04-16 16:27:21 +02:00
Stefan Bethke	811b5832da	Incread file upload limit to 1G (from 10MB)	2025-04-16 16:27:02 +02:00
c6ristian	77e1d3bc3e	keycloak: allow access form new IPv6 subnet at z9	2025-02-26 23:48:19 +01:00
June	6b80f5b52a	fix accidentally added personalized ansible_user by removing it	2025-02-23 23:51:58 +01:00
June	41ba73d7c3	dep._hyperv.(playb.): add deps step to vm template generation setup play	2025-02-23 23:26:36 +01:00
June	fd13e5341b	add thinkcccore0 to inventory and enable VM template gen. setup on it	2025-02-23 23:23:51 +01:00
June	ca16e3d55f	dep._hypervisor(playb.): introduce play for setting up vm template gen.	2025-02-23 22:42:58 +01:00