sophia/ansible-infra

Author	SHA1	Message	Date
June	df32e1cac8	zammad(host): move to latest upstream compose file version (v14.1.1) It hopefully fixes bugs we had in the past, so removing the workarounds and it also comes with default values now, so removing all variables set to those defaults.	2025-10-24 22:57:03 +02:00
June	747e5b2d4c	zammad(host): change to .env configuration Align the compose.yaml to upstreams v11.2.0 version. This is a first step to hopefully then just use the upstreams version directly and not vendor it.	2025-10-24 22:15:48 +02:00
June	3840553f9d	docker_compose(role): add support for deploying optional .env file This is needed for situations, where one wants to use a vendor-provided compose file and configure it using environment variables. Like for example: https://github.com/zammad/zammad-docker-compose	2025-10-24 22:05:54 +02:00
June	839a9b2c0a	renovate: group all digest updates together https://docs.renovatebot.com/presets-group/#groupalldigest	2025-10-24 19:59:35 +02:00
June	37cedb1ad0	renovate: label all PRs with the "renovate" label	2025-10-24 19:28:49 +02:00
June	658a50d19b	renovate: use rebase stale PRs preset to rebase once base branch updated Use this configuration to always have the fast-forward option. https://docs.renovatebot.com/presets-default/#rebasestaleprs	2025-10-24 19:18:04 +02:00
June	b2961c5664	renovate: disable rate-limiting	2025-10-24 18:59:58 +02:00
Renovate	a13d23c7ea	Update actions/checkout action to v5	2025-10-23 13:45:41 +00:00
Renovate	2f8897751b	Pin dependencies	2025-10-23 12:15:38 +00:00
Renovate	a60946b3b8	Update https://github.com/ansible/ansible-lint action to v25	2025-10-22 21:50:08 +00:00
June	8f612d1d9c	renovate: add persistent volume for base (and therefore cache) dir	2025-10-22 19:42:20 +02:00
June	d0d517d97d	renovate: add custom package rule for pretix calendar versioning Add custom package rule accounting for pretix calendar versioning to not have Renovate classify month updates as minor version updates, but major version updates instead.	2025-10-22 16:42:02 +02:00
June	78a6be6f5d	renovate: disable semantic commits	2025-10-22 00:47:05 +02:00
June	43fac32424	use full image source and set version for all Chaosknoten compose images Use a full image source and set and explicit version for all images in Chaosknoten (docker-)compose files. With Renovate now set up, it is feasible to explicitly set versions.	2025-10-21 23:59:56 +02:00
June	282e82728b	renovate: match file compose jinja2 templates (.j2) as well	2025-10-21 23:12:34 +02:00
June	f842723e9a	remove daily schedule for Renovate (for now?)	2025-10-21 23:03:02 +02:00
June	7de516dc43	introduce first Renovate configuration Introduce pretty basic first Renovate configuration with a package rule for grouping all stable non-major dependency updates together.	2025-10-21 02:37:10 +02:00
June	94e1920388	setup ansible-pull for all Chaosknoten hosts Additionally setup ansible-pull for: ccchoir, tickets, keycloak, lists, mumble, pad, public-reverse-proxy, zammad, ntfy	2025-10-20 21:25:56 +02:00
c6ristian	f3902b43b1	update keycloak and nextcloud	2025-10-20 21:11:28 +02:00
June	425d302fa9	zammad(host): fix compose by using different elasticsearch image Also execute manual update steps as outlined here: https://github.com/zammad/zammad-docker-compose/releases/tag/v14.0.0 Note that this is updating only a part of the compose file and other parts still are out-of-date and should be updated (like the Postgres).	2025-10-20 01:36:00 +02:00
June	b46747d251	deploy_ssh_server_config(role): add Debian 13 sshd_config reference	2025-10-17 21:27:29 +02:00
June	2aa55770d9	renovate(host): update keys adding renovate for group_vars/all.sops.yaml	2025-10-17 16:05:04 +02:00
June	8a8fdf5f97	renovate(host): set platform to forgejo	2025-10-17 01:26:18 +02:00
June	cad2f036e5	renovate(host): replace non-working GitHub token with working one Replace the token with one created from a new CCCHH GitHub service account.	2025-10-17 01:18:17 +02:00
June	4b1c64b615	renovate(host): remove deprecated and no longer working logLevel option Remove deprecated and no longer working logLevel config option. Debug output can be enabled by using the LOG_LEVEL environment variable on demand.	2025-10-16 18:08:29 +02:00
June	e76c66d74c	renovate(host): set up Renovate using role and exisiting config Set up Renovate using role and existing config from current Forgejo/GitHub Actions-based deployment.	2025-10-16 17:52:30 +02:00
June	a32998d8da	renovate(host): initialize renovate host	2025-10-16 17:44:23 +02:00
June	8388657d33	renovate(role): introduce first basic Renovate role Sets up Renovate using Docker and systemd service and timer to run regularly. Also add accompanying host group and playbook play.	2025-10-16 17:42:13 +02:00
June	dce4e7c4d4	ansible_pull(role): add git as a dependency to ensure is installed	2025-10-16 09:40:34 +02:00
June	f646cc0bf2	fix creation rules for eh22-wiki, sunders and wiki hosts Also update the keys of the secret files accordingly. This should then fix ansible-pull on these hosts.	2025-10-15 10:45:54 +02:00
June	dea66771e0	ansible_pull(role): ensure SOPS is installed Also add the SOPS community collection as a requirement for this repo.	2025-10-15 02:33:42 +02:00
June	9afbc71801	ansible_pull(role): ensure role and collection dependencies are present	2025-10-15 02:18:07 +02:00
June	1d6d1094bc	setup ansible-pull for 7 more hosts Setup for: cloud, eh22-wiki, grafana, onlyoffice, pretalx, sunders and wiki.	2025-10-15 01:59:29 +02:00
June	eadae7a09b	ansible_pull(role): add failure notifications	2025-10-14 22:20:27 +02:00
June	17fd71f079	define common msmtp configuration for chaosknoten inventory hosts Define common configuration as it is the same for all hosts.	2025-10-14 01:45:44 +02:00
June	afceb886dc	msmtp(role): introduce msmtp role Introduce msmtp role for setting up msmtp for mail sending. Also add accompanying host group and playbook play.	2025-10-14 01:40:46 +02:00
June	18dda95c46	remove max expired key	2025-10-13 22:12:31 +02:00
June	1f394a08dd	refactor .sops.yaml to make it less verbose Make it less verbose by introducing an anchor for the admin_gpg_keys.	2025-10-13 20:51:31 +02:00
June	f943e95e2e	fix ansible_lint issues Use prefix for role variables, have an ending newline at the end of files and use changed_when for command. Also exclude *.sops.yaml files from ansible-lint.	2025-10-13 17:43:00 +02:00
June	9b8e14f3c4	remove duplicate ansible_pull_hosts inventory group entry	2025-10-13 17:37:13 +02:00
June	952fbf85c5	ansible_pull(role): add ExecStartPost step rebooting the hosts, if nec. Add ExecStartPost step rebooting the hosts, if necessary.	2025-10-13 17:23:08 +02:00
June	bd281713f1	netbox(host): setup ansible_pull for host	2025-10-13 16:59:42 +02:00
June	648489ed09	define common ansible_pull configuration for chaosknoten inventory hosts Define common configuration as it should be the same for all hosts, just the ansible_pull__age_private_key needs to be set per host then.	2025-10-13 16:58:30 +02:00
June	434ddfc955	ansible_pull(role): introduce ansible_pull role Introduce ansible_pull role for setting up automatic ansible_pull runs. Also add accompanying host group and playbook play.	2025-10-13 16:56:18 +02:00
June	8cb6ab3d04	reboot(role): intro. reboot role, which handles local conns. gracefully Also use this role instead of plain ansible.builtin.reboot. This is in preparation for using ansible_pull as we don't want to have ansible.builtin.reboot fail local playbook runs.	2025-10-13 16:56:18 +02:00
June	1322bcec58	reverse proxy configuration for element-admin	2025-10-12 20:20:02 +02:00
June	1eaf85501f	reverse proxy configuration for matrix authentication service	2025-10-12 05:28:43 +02:00
June	dec68ab994	sunders(host): initialize sunders host	2025-10-11 20:52:26 +02:00
c6ristian	2ae8692603	grafana: set 2m for DHCP check so that service restart dont create a alert	2025-09-12 13:21:23 +02:00
c6ristian	1355d4d834	grafana: make alerts better for fux	2025-09-09 19:30:53 +02:00

1 2 3 4 5 ...

482 commits