WIP router(host): initial config

inventories/chaosknoten/host_vars/chaosknoten.yaml

@@ -1,6 +0,0 @@
-# Used in deploy_hypervisor playbook.
-hypervisor__template_vm_config:
-  - name: STORAGE
-    value: nvme0
-  - name: BRIDGE
-    value: vmbr4

inventories/chaosknoten/hosts.yaml

@@ -55,6 +55,9 @@ all:
     public-reverse-proxy:
       ansible_host: public-reverse-proxy.hamburg.ccc.de
       ansible_user: chaos
+    router:
+      ansible_host: router.hamburg.ccc.de
+      ansible_user: chaos
     wiki:
       ansible_host: wiki-intern.hamburg.ccc.de
       ansible_user: chaos
@@ -81,6 +84,7 @@ base_config_hosts:
     pad:
     pretalx:
     public-reverse-proxy:
+    router:
     tickets:
     wiki:
     zammad:
@@ -161,6 +165,7 @@ infrastructure_authorized_keys_hosts:
     pad:
     pretalx:
     public-reverse-proxy:
+    router:
     wiki:
     zammad:
 wiki_hosts:
@@ -171,6 +176,3 @@ netbox_hosts:
   hosts:
     eh22-netbox:
     netbox:
-proxmox_vm_template_hosts:
-  hosts:
-    chaosknoten:

inventories/z9/hosts.yaml

@@ -6,11 +6,6 @@ all:
     authoritative-dns:
       ansible_host: authoritative-dns.z9.ccchh.net
       ansible_user: chaos
-    thinkcccore0:
-      ansible_host: thinkcccore0.z9.ccchh.net
-hypervisors:
-  hosts:
-    thinkcccore0:
 nginx_hosts:
   hosts:
     light:
@@ -24,6 +19,3 @@ infrastructure_authorized_keys_hosts:
   hosts:
     light:
     authoritative-dns:
-proxmox_vm_template_hosts:
-  hosts:
-    thinkcccore0:

playbooks/deploy_hypervisor.yaml

@@ -1,61 +0,0 @@
-- name: Ensure the VM template generation is set up
-  hosts: proxmox_vm_template_hosts
-  tasks:
-    - name: Ensure dependencies are present
-      ansible.builtin.apt:
-        name:
-          - git
-          - libguestfs-tools
-      become: true
-
-    - name: Ensure /usr/local/{lib,sbin} exist
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: directory
-        owner: root
-        group: root
-        mode: "0755"
-      become: true
-      loop:
-        - "/usr/local/lib/"
-        - "/usr/local/sbin/"
-
-    - name: Ensure the pve-template-vm repo is present
-      ansible.builtin.git:
-        repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
-        dest: /usr/local/lib/pve-template-vm
-        version: main
-        force: true
-        depth: 1
-        single_branch: true
-        track_submodules: true
-      become: true
-
-    # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
-    - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
-      ansible.builtin.file:
-        src: /usr/local/lib/pve-template-vm/build-proxmox-template
-        dest: /usr/local/sbin/build-proxmox-template
-        state: link
-        owner: root
-        group: root
-        mode: '0755'
-      become: true
-
-    # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
-    - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
-      ansible.builtin.cron:
-        name: "ansible build proxmox template"
-        cron_file: ansible_build_proxmox_template
-        minute: 0
-        hour: 4
-        weekday: 5
-        user: root
-        job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
-              /usr/bin/env \
-              {% for item in hypervisor__template_vm_config | default([]) %}\
-              {{ item.name }}=\"{{ item.value }}\" \
-              {% endfor %}\
-              {% endif %}\
-              /usr/local/sbin/build-proxmox-template"
-      become: true

resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

@@ -22,7 +22,7 @@
 
 services:
   keycloak:
-    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.1
+    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
     pull_policy: always
     restart: unless-stopped
     command: start --optimized
@@ -46,7 +46,7 @@ services:
       - "8080:8080"
 
   db:
-    image: postgres:15.12
+    image: postgres:15.2
     restart: unless-stopped
     networks:
       - keycloak

resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf

@@ -43,7 +43,6 @@ server {
 
     allow 185.161.129.132/32; # z9
     allow 2a07:c480:0:100::/56; # z9
-    allow 2a07:c481:1::/48; # z9 new ipv6
     allow 213.240.180.39/32; # stbe home
     allow 2a01:170:118b::1/64; # stbe home
     deny all;