CCCHH/ansible-infra
CCCHH/ansible-infra
3
2
Fork 0
Code Issues2 Pull requests Wiki Activity Actions

Compare commits

..

No commits in common. "main" and "kc-update" have entirely different histories.
main ... kc-update

8 changed files with 0 additions and 82 deletions
inventories
chaosknoten
host_vars
chaosknoten.yaml
hosts.yaml
z9
hosts.yaml
playbooks
deploy_hypervisor.yaml
resources/chaosknoten
keycloak/nginx
keycloak-admin.hamburg.ccc.de.conf
pretalx/docker_compose
compose.yaml.j2
public-reverse-proxy/nginx
acme_challenge.confnginx.conf

6
inventories/chaosknoten/host_vars/chaosknoten.yaml
View file

@ -1,6 +0,0 @@
# Used in deploy_hypervisor playbook.
hypervisor__template_vm_config:
- name: STORAGE
value: nvme0
- name: BRIDGE
value: vmbr4

3
inventories/chaosknoten/hosts.yaml
View file

@ -171,6 +171,3 @@ netbox_hosts:
hosts: hosts:
eh22-netbox: eh22-netbox:
netbox: netbox:
proxmox_vm_template_hosts:
hosts:
chaosknoten:

8
inventories/z9/hosts.yaml
View file

@ -6,11 +6,6 @@ all:
authoritative-dns: authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos ansible_user: chaos
thinkcccore0:
ansible_host: thinkcccore0.z9.ccchh.net
hypervisors:
hosts:
thinkcccore0:
nginx_hosts: nginx_hosts:
hosts: hosts:
light: light:
@ -24,6 +19,3 @@ infrastructure_authorized_keys_hosts:
hosts: hosts:
light: light:
authoritative-dns: authoritative-dns:
proxmox_vm_template_hosts:
hosts:
thinkcccore0:

61
playbooks/deploy_hypervisor.yaml
View file

@ -1,61 +0,0 @@
- name: Ensure the VM template generation is set up
hosts: proxmox_vm_template_hosts
tasks:
- name: Ensure dependencies are present
ansible.builtin.apt:
name:
- git
- libguestfs-tools
become: true
- name: Ensure /usr/local/{lib,sbin} exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
become: true
loop:
- "/usr/local/lib/"
- "/usr/local/sbin/"
- name: Ensure the pve-template-vm repo is present
ansible.builtin.git:
repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
dest: /usr/local/lib/pve-template-vm
version: main
force: true
depth: 1
single_branch: true
track_submodules: true
become: true
# /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
- name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
ansible.builtin.file:
src: /usr/local/lib/pve-template-vm/build-proxmox-template
dest: /usr/local/sbin/build-proxmox-template
state: link
owner: root
group: root
mode: '0755'
become: true
# This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
- name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
ansible.builtin.cron:
name: "ansible build proxmox template"
cron_file: ansible_build_proxmox_template
minute: 0
hour: 4
weekday: 5
user: root
job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
/usr/bin/env \
{% for item in hypervisor__template_vm_config | default([]) %}\
{{ item.name }}=\"{{ item.value }}\" \
{% endfor %}\
{% endif %}\
/usr/local/sbin/build-proxmox-template"
become: true

1
resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
View file

@ -43,7 +43,6 @@ server {
allow 185.161.129.132/32; # z9 allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9 allow 2a07:c480:0:100::/56; # z9
allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home allow 2a01:170:118b::1/64; # stbe home
deny all; deny all;

1
resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
View file

@ -53,7 +53,6 @@ services:
restart: unless-stopped restart: unless-stopped
environment: environment:
PRETALX_DATA_DIR: /data PRETALX_DATA_DIR: /data
PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de

1
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -71,7 +71,6 @@ map $host $upstream_acme_challenge_host {
hydra.hamburg.ccc.de 172.31.17.163:31820; hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820; cfp.eh22.easterhegg.eu 172.31.17.157:31820;
hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820; netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
default ""; default "";
} }

1
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -89,7 +89,6 @@ stream {
hydra.hamburg.ccc.de 172.31.17.163:8443; hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443; cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443; netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
} }