Compare commits

...

391 commits

Author SHA1 Message Date
0a762b32c1
fix(playbook): adjust site playbook to only contain used playbooks 2025-01-20 00:36:41 +01:00
8d6baf9db6
remove!(lvm_self_backup): unused 2025-01-20 00:33:55 +01:00
87c004ded6
remove!(docker_cleanup): unused 2025-01-20 00:32:29 +01:00
74c557069d
remove!(docker_ipv6_nat): unused 2025-01-20 00:31:52 +01:00
aa951a3dab
remove!(unattended_upgrades): unused / integrated in dnf setup 2025-01-20 00:31:10 +01:00
b631f98365
remove!(traefik): unused 2025-01-20 00:30:13 +01:00
7482707008
remove!(penpot): unused
might come back when migrated to quadlet
2025-01-20 00:29:04 +01:00
e33018f745
remove!(gitlab_runner): unused 2025-01-20 00:27:06 +01:00
aa576bf5bc
remove!(gitlab): unused 2025-01-20 00:26:44 +01:00
14e358c5fe
remove!(minio): unused 2025-01-20 00:25:52 +01:00
bf7cab1d94
remove!(epel): unused 2025-01-20 00:25:28 +01:00
160b02a45e
remove!(moby_engine): unused 2025-01-20 00:22:19 +01:00
0d31368132
remove!(camo): unused 2025-01-20 00:21:51 +01:00
d0086c85c3
remove!(owncast): unused 2025-01-20 00:21:17 +01:00
42b72a6764
remove!(minecraft): unused 2025-01-20 00:20:55 +01:00
1eae2bf0df
remove(minecraft_blockmap): unused 2025-01-20 00:20:32 +01:00
5e5e097ff9
remove!(factorio): unused 2025-01-20 00:20:02 +01:00
f8b9813461
remove!(telegraf): unused 2025-01-20 00:19:33 +01:00
1041703c1a
remove!(vikunja): unused 2025-01-20 00:18:58 +01:00
e72f4b0ca3
remove!(static_websites): unused 2025-01-20 00:18:35 +01:00
86e585eb10
feat(role): add standalone saiblog role 2025-01-20 00:17:53 +01:00
a160541b04
refactor!(elementweb): migrate to podman quadlet & rename 2025-01-19 23:34:11 +01:00
a8641d6251
remove!(matrix_webhooks): unused role 2025-01-19 22:10:14 +01:00
962a1c146c
remove!(sliding_sync): unused / deprecated 2025-01-19 22:09:53 +01:00
946d8cfaea
remove!(maubot): unused role 2025-01-19 22:09:26 +01:00
f127cd41fb
refactor!(matrix): migrate to podman quadlet & rename
Merged delegate and synapse together.

THIS IS BREAKING!
2025-01-19 22:09:06 +01:00
7d2c98250b
refactor!(codimd): rename & use podman quadlet 2025-01-19 02:08:02 +01:00
d2e0f53ca0
refactor!(keycloak): use podman quadlet setup 2025-01-18 19:54:13 +01:00
476660fd65
refactor!(mastodon): Migrate to podman quadlet 2025-01-18 17:10:42 +01:00
2e271b6c96
fix(caddy): Increase max udp send/receive buffers to 7,5MB 2025-01-18 17:07:56 +01:00
63fcaeaa17
chore(deps): upgrade mastodon to 4.3.2 2025-01-04 13:29:12 +01:00
f6cd60b995
feat(guides): add fedora 41 setup guide 2025-01-04 13:14:00 +01:00
bcea46ccaa
fix(penpot): asset dir permissions
nginx frontend is badly configured and runs workers with id 33 instead of the created penpot user :/
So we now allow read for all. Should be fine since nginx is serving this anyway
2024-11-09 06:00:14 +01:00
65c327c252
fix(penpot): asset dir permissions 2024-11-09 05:24:05 +01:00
e893715574
fix!(penpot): Upgrade db to v17
needed a newer version for penpot v2
2024-11-09 05:22:09 +01:00
be6c4f8014
fix!(keycloak): Upgrade db to v17
Needed a newer version for keycloak v26
2024-11-09 05:21:39 +01:00
d60dac5ad9
chore(penpot): Upgrade to v2.3.1 2024-11-09 04:09:25 +01:00
6e73369b37
chore(mastodon): Update to 4.3.1 2024-11-09 04:04:00 +01:00
74d77ba38e
Merge remote-tracking branch 'origin/renovate/ansible.utils-5.x' 2024-11-09 04:02:37 +01:00
e263117e52
Merge remote-tracking branch 'origin/renovate/minecraft-image-2024.x' 2024-11-09 04:02:08 +01:00
87a0f67afb
Merge remote-tracking branch 'origin/renovate/community.docker-4.x' 2024-11-09 04:01:58 +01:00
b3cd049787
Merge remote-tracking branch 'origin/renovate/ansible.posix-1.x' 2024-11-09 04:01:48 +01:00
0bc03c546e
Merge remote-tracking branch 'origin/renovate/mastodon-elasticsearch-7.x' 2024-11-09 04:01:31 +01:00
979966c03b
Merge remote-tracking branch 'origin/renovate/devsec.hardening-10.x' 2024-11-09 04:01:19 +01:00
93a9ac54bc
Merge remote-tracking branch 'origin/renovate/gitlab-17.x' 2024-11-09 04:01:05 +01:00
cbf8836bf3
Merge remote-tracking branch 'origin/renovate/traefik-2.x' 2024-11-09 04:00:53 +01:00
f1de5102c4
Merge remote-tracking branch 'origin/renovate/matrix-synapse-1.x' 2024-11-09 04:00:42 +01:00
177dc3c4a1
Merge remote-tracking branch 'origin/renovate/gitlab-runner_image-17.x' 2024-11-09 04:00:31 +01:00
0111e0bf8f
Merge remote-tracking branch 'origin/renovate/keycloak-26.x' 2024-11-09 04:00:19 +01:00
1c918beed3
Merge remote-tracking branch 'origin/renovate/containers.podman-1.x' 2024-11-09 04:00:05 +01:00
408102bc6f
Merge remote-tracking branch 'origin/renovate/community.general-10.x' 2024-11-09 03:59:51 +01:00
44948668df
Merge remote-tracking branch 'origin/renovate/matrix-elementweb-1.x' 2024-11-09 03:59:38 +01:00
9176cf921a
Merge remote-tracking branch 'origin/renovate/fedora.linux_system_roles-1.x' 2024-11-09 03:59:10 +01:00
2e855c8236
Merge remote-tracking branch 'origin/renovate/factorio-2.x' 2024-11-09 03:58:41 +01:00
f4b6ee08a8
refactor(cfg): remove special paths to roles/collections 2024-11-09 03:54:00 +01:00
Renovate Bot
c5fb691d20 automation: Update factorio Docker tag to v2 2024-11-08 17:06:23 +00:00
Renovate Bot
4813f83a68 automation: Update fedora.linux_system_roles to version 1.89.1 2024-11-06 03:05:43 +00:00
Renovate Bot
77afecb05d automation: Update matrix-elementweb Docker tag to v1.11.84 2024-11-05 15:05:25 +00:00
Renovate Bot
e7a359297b automation: Update community.general to version 10 2024-11-04 19:05:59 +00:00
Renovate Bot
dc553bbdb1 automation: Update containers.podman to version 1.16.2 2024-11-03 21:05:41 +00:00
Renovate Bot
c070d3b1dd automation: Update keycloak Docker tag to v26 2024-11-01 11:05:48 +00:00
Renovate Bot
c82f4716b1 automation: Update gitlab-runner_image Docker tag to v17.5.3 2024-10-31 23:05:37 +00:00
Renovate Bot
1d650fc28f automation: Update matrix-synapse Docker tag to v1.118.0 2024-10-29 17:05:43 +00:00
Renovate Bot
2d6840cf10 automation: Update traefik Docker tag to v2.11.13 2024-10-28 19:05:47 +00:00
Renovate Bot
6cd7deaab3 automation: Update gitlab Docker tag to v17.5.1 2024-10-23 12:05:29 +00:00
Renovate Bot
91029790ee automation: Update devsec.hardening to version 10.1.0 2024-10-22 10:05:37 +00:00
Renovate Bot
bae66d83b4 automation: Update mastodon-elasticsearch Docker tag to v7.17.25 2024-10-22 08:04:59 +00:00
Renovate Bot
498c87eff3 automation: Update ansible.posix to version 1.6.2 2024-10-22 04:05:01 +00:00
Renovate Bot
6ada2b257f automation: Update community.docker to version 4 2024-10-20 10:05:47 +00:00
Renovate Bot
5a466a0c66 automation: Update minecraft-image Docker tag to v2024.10.2 2024-10-18 22:05:28 +00:00
3fe405face
chore(mastodon): Update to 4.3.0-rc.1 2024-09-30 19:02:48 +02:00
Renovate Bot
0e3207ebb0 automation: Update ansible.utils to version 5.1.2 2024-09-30 06:05:12 +00:00
7b7f9cfdf5
chore(mastodon): Upgrade to 4.3.0-beta.2 2024-09-18 00:10:44 +02:00
4a5e139976 Merge branch 'renovate/fedora.linux_system_roles-1.x' into 'master'
automation: Update fedora.linux_system_roles to version 1.88.9

See merge request saibotk.de/infrastructure!1287
2024-09-17 22:09:26 +00:00
9f985e9aeb Merge branch 'renovate/traefik-2.x' into 'master'
automation: Update traefik Docker tag to v2.11.9

See merge request saibotk.de/infrastructure!1288
2024-09-17 22:09:15 +00:00
d705c63cbd Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.115.0

See merge request saibotk.de/infrastructure!1289
2024-09-17 22:09:05 +00:00
4046b35b41 Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.12.2

See merge request saibotk.de/infrastructure!1291
2024-09-17 22:08:52 +00:00
b66d2da353 Merge branch 'renovate/gitlab-17.x' into 'master'
automation: Update gitlab Docker tag to v17.3.3

See merge request saibotk.de/infrastructure!1290
2024-09-17 22:08:41 +00:00
Renovate Bot
4432174932 automation: Update community.docker to version 3.12.2 2024-09-17 20:06:32 +00:00
Renovate Bot
af6126abb4 automation: Update gitlab Docker tag to v17.3.3 2024-09-17 18:06:33 +00:00
Renovate Bot
537246153d automation: Update matrix-synapse Docker tag to v1.115.0 2024-09-17 14:05:27 +00:00
Renovate Bot
fdbc8473d0 automation: Update traefik Docker tag to v2.11.9 2024-09-16 22:06:30 +00:00
Renovate Bot
012190c0bf automation: Update fedora.linux_system_roles to version 1.88.9 2024-09-13 16:05:17 +00:00
58a1f63a8e
feat!(mastodon): Upgrade to 4.3 beta
BREAKING!

Requires these new secrets to be set:

mastodon_config:
  ar_enc_deterministic_key: undef
  ar_enc_derivation_salt: undef
  ar_enc_primary_key: undef
2024-09-13 00:16:40 +02:00
3ecd8738ab
feat!(podman): Enable dual stack by default 2024-09-12 23:21:21 +02:00
1f6d3691fc
refactor!(caddy): use /srv as install dir
To be in line with all other roles
2024-09-12 23:19:53 +02:00
9b7da942bc
Merge remote-tracking branch 'origin/renovate/mastodon-4.x' 2024-09-12 23:07:07 +02:00
f66b281cf0
Merge remote-tracking branch 'origin/renovate/mastodon-database-15.x' 2024-09-12 23:03:56 +02:00
848bdf23c0
Merge remote-tracking branch 'origin/renovate/matrix-database-13.x' 2024-09-12 23:03:48 +02:00
4919e091c7
Merge remote-tracking branch 'origin/renovate/matrix-maubot_database-13.x' 2024-09-12 23:03:38 +02:00
78a8d608be
Merge remote-tracking branch 'origin/renovate/matrix-sliding_sync_database-16.x' 2024-09-12 23:03:30 +02:00
a6f16129c8
Merge remote-tracking branch 'origin/renovate/vikunja-database-13.x' 2024-09-12 23:02:52 +02:00
3290cfc44b
Merge remote-tracking branch 'origin/renovate/community.docker-3.x' 2024-09-12 23:02:23 +02:00
0c22f8a910
Merge remote-tracking branch 'origin/renovate/factorio-1.x' 2024-09-12 23:02:05 +02:00
8dd9f3bf5b
Merge remote-tracking branch 'origin/renovate/gitlab-runner_image-17.x' 2024-09-12 23:01:26 +02:00
ad2c122758
Merge remote-tracking branch 'origin/renovate/camo-2.x' 2024-09-12 23:01:16 +02:00
4984f17dad
Merge remote-tracking branch 'origin/renovate/codimd-1.x' 2024-09-12 23:01:07 +02:00
1eb69fcdc3
Merge remote-tracking branch 'origin/renovate/matrix-synapse-1.x' 2024-09-12 23:00:55 +02:00
a222338fe3
Merge remote-tracking branch 'origin/renovate/ansible.utils-5.x' 2024-09-12 23:00:45 +02:00
1d2dca1af0
Merge remote-tracking branch 'origin/renovate/minecraft-image-2024.x' 2024-09-12 23:00:36 +02:00
7307b014b4
Merge remote-tracking branch 'origin/renovate/community.general-9.x' 2024-09-12 23:00:25 +02:00
b53be3b7d2
Merge remote-tracking branch 'origin/renovate/keycloak-25.x' 2024-09-12 23:00:11 +02:00
83d0d6a23a
Merge remote-tracking branch 'origin/renovate/mastodon-elasticsearch-7.x' 2024-09-12 22:59:55 +02:00
bf3b8609f4
Merge remote-tracking branch 'origin/renovate/matrix-elementweb-1.x' 2024-09-12 22:59:36 +02:00
1a7744960d
Merge remote-tracking branch 'origin/renovate/fedora.linux_system_roles-1.x' 2024-09-12 22:59:27 +02:00
44f2fa537a
Merge remote-tracking branch 'origin/renovate/gitlab-17.x' 2024-09-12 22:59:06 +02:00
708335d486
Merge remote-tracking branch 'origin/renovate/ansible.posix-1.x' 2024-09-12 22:58:37 +02:00
d52827bd9a
fix(lint): caddy mark selinux context handler as always changed
Find a better solution in the future, but for now this is fine.
2024-09-12 22:55:00 +02:00
886e83baa8
feat(caddy): add role
Copied from Histalek <3

Based on b17a8f117b/roles/caddy
2024-09-12 22:51:50 +02:00
7c136306d1
feat(podman): add role
Copied from Histalek <3

Based on b17a8f117b/roles/podman
2024-09-12 22:51:03 +02:00
Renovate Bot
22f6a16cd7 automation: Update ansible.posix to version 1.6.0 2024-09-12 02:05:41 +00:00
Renovate Bot
8ca6be6799 automation: Update gitlab Docker tag to v17 2024-09-11 22:06:07 +00:00
Renovate Bot
868e84cfac automation: Update fedora.linux_system_roles to version 1.88.8 2024-09-11 16:06:25 +00:00
Renovate Bot
9f7306059a automation: Update matrix-elementweb Docker tag to v1.11.77 2024-09-10 14:05:33 +00:00
Renovate Bot
2c1f9dbad0 automation: Update mastodon-elasticsearch Docker tag to v7.17.24 2024-09-10 10:05:19 +00:00
Renovate Bot
d59e5ca7a7 automation: Update keycloak Docker tag to v25.0.5 2024-09-10 06:05:47 +00:00
Renovate Bot
522507ea84 automation: Update community.general to version 9.4.0 2024-09-09 18:05:57 +00:00
Renovate Bot
eb76f01504 automation: Update minecraft-image Docker tag to v2024.9.0 2024-09-07 18:05:54 +00:00
Renovate Bot
c54228a28e automation: Update ansible.utils to version 5.1.1 2024-09-05 12:05:06 +00:00
Renovate Bot
76e32bf11f automation: Update matrix-synapse Docker tag to v1.114.0 2024-09-02 18:05:34 +00:00
Renovate Bot
90393f4445 automation: Update codimd Docker tag to v1.10.0 2024-09-02 14:05:28 +00:00
Renovate Bot
90bc265fbd automation: Update camo Docker tag to v2.6.0 2024-08-31 18:05:42 +00:00
Renovate Bot
41b711e21d automation: Update gitlab-runner_image Docker tag to v17.3.1 2024-08-21 18:05:58 +00:00
Renovate Bot
8b9e91b45b automation: Update mastodon Docker tag to v4.2.12 2024-08-19 10:05:20 +00:00
Renovate Bot
30975640da automation: Update factorio Docker tag to v1.1.110 2024-08-16 18:05:26 +00:00
Renovate Bot
d85e909472 automation: Update community.docker to version 3.12.1 2024-08-14 02:06:12 +00:00
61a9b1d6f4
fix(matrix): Synapse DNS oauth check
somehow synapse always has trouble resolving our SSO domain. Seems to be a race condition type of thingy. This should solve it for now.
2024-08-14 03:51:41 +02:00
96a8c8fe1e
fix(lint): add missing collections 2024-08-14 03:34:10 +02:00
Renovate Bot
e5f3c588c3 automation: Update vikunja-database Docker tag to v13.16 2024-08-14 01:15:27 +00:00
Renovate Bot
4d5b33c91d automation: Update matrix-sliding_sync_database Docker tag to v16.4 2024-08-14 01:15:12 +00:00
Renovate Bot
1036663d48 automation: Update matrix-maubot_database Docker tag to v13.16 2024-08-14 01:15:10 +00:00
Renovate Bot
55129aad3b automation: Update matrix-database Docker tag to v13.16 2024-08-14 01:15:09 +00:00
Renovate Bot
768149186a automation: Update mastodon-database Docker tag to v15.8 2024-08-14 01:15:07 +00:00
4f6c65eef5
fix(keycloak): persistent sessions feature typo 2024-08-14 03:13:33 +02:00
8ce37b6416
fix(lint): teamspeak changed_when selinux context
We just ignore this for now.
2024-08-14 02:20:20 +02:00
693184bd7c
refactor!(monitoring): Replace monitoring with monitoring_ng
Not much changed regarding variable names, only the role name changed.
2024-08-14 02:04:32 +02:00
b7195a4d8b
fix(mailcow): backup directory permissions
Sadly mailcow needs global permissions on this folder :(
2024-08-14 01:59:07 +02:00
2e82ca3a9f
feat(keycloak): use persistend sessions & use new options
Replace deprecated PROXY setting, see https://github.com/keycloak/keycloak/issues/29665
2024-08-14 01:08:03 +02:00
2a6ca65968 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.109

See merge request saibotk.de/infrastructure!1250
2024-08-13 23:06:29 +00:00
c5f8df5181 Merge branch 'renovate/community.general-9.x' into 'master'
automation: Update community.general to version 9.2.0

See merge request saibotk.de/infrastructure!1257
2024-08-13 23:06:12 +00:00
17f373145e Merge branch 'renovate/mastodon-elasticsearch-7.x' into 'master'
automation: Update mastodon-elasticsearch Docker tag to v7.17.23

See merge request saibotk.de/infrastructure!1255
2024-08-13 23:05:48 +00:00
d3ddfbed55 Merge branch 'renovate/ansible.utils-5.x' into 'master'
automation: Update ansible.utils to version 5

See merge request saibotk.de/infrastructure!1254
2024-08-13 23:05:37 +00:00
c17480ac0b Merge branch 'renovate/keycloak-25.x' into 'master'
automation: Update keycloak Docker tag to v25

See merge request saibotk.de/infrastructure!1251
2024-08-13 22:54:13 +00:00
f0d82c90d1
fix(luks_ssh): ensure network module is loaded 2024-08-14 00:53:12 +02:00
397156a173
feat!(luks_ssh): Remove all other ssh keys
To do so, we refactored the structure of the `luks_ssh_dracut_authorized_keys` variable to only contain ssh filenames.
2024-08-14 00:53:11 +02:00
ecefb84a4b
refactor!(docker): Remove centos support & fix install on other redhat dists 2024-08-14 00:53:10 +02:00
e7a172877b
refactor!(teamspeak): Use podman quadlet setup
This is mostly equivalent to the awesome role found in @histalek's repository:
bde4d9dacb/roles/teamspeak
2024-08-14 00:53:09 +02:00
6e50428a5c
feat(mailcow): enhance setup tasks
Clone repo, open ports & add backup directory
2024-08-14 00:53:08 +02:00
496f9881a1
chore(cfg): silence python interpreter info log spam 2024-08-14 00:53:03 +02:00
614342117a Merge branch 'renovate/gitlab-runner_image-17.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v17

See merge request saibotk.de/infrastructure!1239
2024-08-13 22:25:18 +00:00
6ca8d47d72 Merge branch 'renovate/monitoring-grafana-11.x' into 'master'
automation: Update monitoring-grafana Docker tag to v11.1.3

See merge request saibotk.de/infrastructure!1259
2024-08-13 22:25:01 +00:00
b7b8d7d0c0 Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024.7.2

See merge request saibotk.de/infrastructure!1247
2024-08-13 22:24:53 +00:00
5342fa9228 Merge branch 'renovate/mastodon-redis-7.x' into 'master'
automation: Update mastodon-redis Docker tag to v7.4

See merge request saibotk.de/infrastructure!1264
2024-08-13 22:24:43 +00:00
fd732e6ca5 Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.73

See merge request saibotk.de/infrastructure!1249
2024-08-13 22:24:32 +00:00
e18f7d5b60 Merge branch 'renovate/devsec.hardening-10.x' into 'master'
automation: Update devsec.hardening to version 10

See merge request saibotk.de/infrastructure!1265
2024-08-13 22:24:11 +00:00
785e284beb Merge branch 'renovate/traefik-2.x' into 'master'
automation: Update traefik Docker tag to v2.11.8

See merge request saibotk.de/infrastructure!1252
2024-08-13 22:23:36 +00:00
542142ef1d Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.12.0

See merge request saibotk.de/infrastructure!1256
2024-08-13 22:22:58 +00:00
1f635936cc Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.11.8

See merge request saibotk.de/infrastructure!1263
2024-08-13 22:22:25 +00:00
b834837e20 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.112.0

See merge request saibotk.de/infrastructure!1258
2024-08-13 22:22:17 +00:00
Renovate Bot
f08a94c3b5 automation: Update community.docker to version 3.12.0 2024-08-07 16:06:07 +00:00
Renovate Bot
cca2148325 automation: Update gitlab Docker tag to v16.11.8 2024-08-07 12:05:26 +00:00
Renovate Bot
1f354f3ccd automation: Update traefik Docker tag to v2.11.8 2024-08-06 20:05:53 +00:00
Renovate Bot
3fb1de20f3 automation: Update devsec.hardening to version 10 2024-08-06 18:06:36 +00:00
Renovate Bot
99ec9f663e automation: Update matrix-elementweb Docker tag to v1.11.73 2024-08-06 12:05:41 +00:00
Renovate Bot
3cc550eb58 automation: Update ansible.utils to version 5 2024-08-05 12:06:07 +00:00
Renovate Bot
1bbca2ecc7 automation: Update matrix-synapse Docker tag to v1.112.0 2024-07-30 18:06:08 +00:00
Renovate Bot
d1bc072df1 automation: Update monitoring-grafana Docker tag to v11.1.3 2024-07-30 16:06:06 +00:00
Renovate Bot
bddc3d35ef automation: Update mastodon-elasticsearch Docker tag to v7.17.23 2024-07-30 16:05:28 +00:00
Renovate Bot
3e7149f26f automation: Update mastodon-redis Docker tag to v7.4 2024-07-30 02:05:55 +00:00
Renovate Bot
e3d7b8cc6c automation: Update minecraft-image Docker tag to v2024.7.2 2024-07-28 20:06:16 +00:00
Renovate Bot
4e2b211103 automation: Update gitlab-runner_image Docker tag to v17 2024-07-25 20:06:07 +00:00
Renovate Bot
da333a3b9e automation: Update keycloak Docker tag to v25 2024-07-18 08:06:52 +00:00
Renovate Bot
14e6531145 automation: Update community.general to version 9.2.0 2024-07-15 08:06:23 +00:00
5e9a04c36b
Merge remote-tracking branch 'origin/renovate/mastodon-4.x' 2024-07-04 17:51:04 +02:00
505e3a4832
fix(lint): ignore unavailable fqcn
We still use an older version of ansible, so thats fine.
2024-07-04 17:50:07 +02:00
Renovate Bot
d448800c8b automation: Update mastodon Docker tag to v4.2.10 2024-07-04 15:18:09 +00:00
2020e45f2b Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.11.5

See merge request saibotk.de/infrastructure!1253
2024-06-27 10:12:03 +00:00
Renovate Bot
240cf05ffb automation: Update gitlab Docker tag to v16.11.5 2024-06-26 12:05:44 +00:00
Renovate Bot
5f1a4e8f95 automation: Update factorio Docker tag to v1.1.109 2024-06-07 16:05:10 +00:00
b407436b85 Merge branch 'renovate/keycloak-24.x' into 'master'
automation: Update keycloak Docker tag to v24.0.4

See merge request saibotk.de/infrastructure!1228
2024-06-01 08:46:36 +00:00
39cca8df89 Merge branch 'renovate/mastodon-database-15.x' into 'master'
automation: Update mastodon-database Docker tag to v15.7

See merge request saibotk.de/infrastructure!1230
2024-06-01 08:46:25 +00:00
00a3666e7f Merge branch 'renovate/matrix-database-13.x' into 'master'
automation: Update matrix-database Docker tag to v13.15

See merge request saibotk.de/infrastructure!1231
2024-06-01 08:46:14 +00:00
f15dd78487 Merge branch 'renovate/matrix-maubot_database-13.x' into 'master'
automation: Update matrix-maubot_database Docker tag to v13.15

See merge request saibotk.de/infrastructure!1232
2024-06-01 08:46:05 +00:00
199ae12a0e Merge branch 'renovate/matrix-sliding_sync_database-16.x' into 'master'
automation: Update matrix-sliding_sync_database Docker tag to v16.3

See merge request saibotk.de/infrastructure!1233
2024-06-01 08:45:56 +00:00
62cb6cc40b Merge branch 'renovate/vikunja-database-13.x' into 'master'
automation: Update vikunja-database Docker tag to v13.15

See merge request saibotk.de/infrastructure!1234
2024-06-01 08:45:36 +00:00
016700f6e4 Merge branch 'renovate/monitoring-grafana-11.x' into 'master'
automation: Update monitoring-grafana Docker tag to v11

See merge request saibotk.de/infrastructure!1236
2024-06-01 08:45:17 +00:00
c0f3f11d84 Merge branch 'renovate/traefik-2.x' into 'master'
automation: Update traefik Docker tag to v2.11.3

See merge request saibotk.de/infrastructure!1243
2024-06-01 08:44:59 +00:00
1902e51c2a Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.67

See merge request saibotk.de/infrastructure!1227
2024-06-01 08:44:45 +00:00
d9f9817b98 Merge branch 'renovate/community.general-9.x' into 'master'
automation: Update community.general to version 9

See merge request saibotk.de/infrastructure!1242
2024-06-01 08:44:32 +00:00
286477f3ce Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.108.0

See merge request saibotk.de/infrastructure!1237
2024-06-01 08:44:15 +00:00
2369c3c508 Merge branch 'renovate/matrix-delegate_nginx-1.x' into 'master'
automation: Update matrix-delegate_nginx Docker tag to v1.27

See merge request saibotk.de/infrastructure!1245
2024-06-01 08:44:02 +00:00
ddbd8df10e Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.10.3

See merge request saibotk.de/infrastructure!1240
2024-06-01 08:43:53 +00:00
4f3dd4a929 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.108

See merge request saibotk.de/infrastructure!1246
2024-06-01 08:43:31 +00:00
beb4746ba1 Merge branch 'renovate/mastodon-4.x' into 'master'
automation: Update mastodon Docker tag to v4.2.9

See merge request saibotk.de/infrastructure!1244
2024-06-01 08:43:19 +00:00
Renovate Bot
d207702d79 automation: Update factorio Docker tag to v1.1.108 2024-05-31 12:05:34 +00:00
Renovate Bot
b41db2b086 automation: Update matrix-delegate_nginx Docker tag to v1.27 2024-05-30 18:06:15 +00:00
Renovate Bot
7bdea970b0 automation: Update mastodon Docker tag to v4.2.9 2024-05-30 14:05:42 +00:00
Renovate Bot
23e7d74433 automation: Update community.general to version 9 2024-05-28 12:05:59 +00:00
Renovate Bot
768b69d89d automation: Update matrix-synapse Docker tag to v1.108.0 2024-05-28 12:05:49 +00:00
Renovate Bot
55eff6a118 automation: Update community.docker to version 3.10.3 2024-05-28 12:05:42 +00:00
e6c4af0a74 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.11.3

See merge request saibotk.de/infrastructure!1229
2024-05-28 10:16:07 +00:00
Renovate Bot
0b461e324f automation: Update matrix-elementweb Docker tag to v1.11.67 2024-05-22 14:05:36 +00:00
Renovate Bot
9d7686dc96 automation: Update gitlab Docker tag to v16.11.3 2024-05-22 10:05:29 +00:00
Renovate Bot
0f5859f392 automation: Update traefik Docker tag to v2.11.3 2024-05-21 20:05:24 +00:00
Renovate Bot
32a8c7d769 automation: Update monitoring-grafana Docker tag to v11 2024-05-14 08:05:50 +00:00
Renovate Bot
a2641c656e automation: Update vikunja-database Docker tag to v13.15 2024-05-10 00:05:37 +00:00
Renovate Bot
7be265ae65 automation: Update matrix-sliding_sync_database Docker tag to v16.3 2024-05-10 00:05:33 +00:00
Renovate Bot
6fef72ae55 automation: Update matrix-maubot_database Docker tag to v13.15 2024-05-10 00:05:32 +00:00
Renovate Bot
4d8e388a11 automation: Update matrix-database Docker tag to v13.15 2024-05-10 00:05:30 +00:00
Renovate Bot
8da84bc8b8 automation: Update mastodon-database Docker tag to v15.7 2024-05-10 00:05:29 +00:00
Renovate Bot
37f4978bc9 automation: Update keycloak Docker tag to v24.0.4 2024-05-08 08:05:49 +00:00
3a3b544af3 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.107

See merge request saibotk.de/infrastructure!1218
2024-05-05 09:55:09 +00:00
886a758548 Merge branch 'renovate/monitoring-grafana-10.x' into 'master'
automation: Update monitoring-grafana Docker tag to v10.4.2

See merge request saibotk.de/infrastructure!1217
2024-05-05 09:54:55 +00:00
08b3b71a85 Merge branch 'renovate/owncast-image-0.x' into 'master'
automation: Update owncast-image Docker tag to v0.1.3

See merge request saibotk.de/infrastructure!1212
2024-05-05 09:54:43 +00:00
a8ac42b80b Merge branch 'renovate/traefik-2.x' into 'master'
automation: Update traefik Docker tag to v2.11.2

See merge request saibotk.de/infrastructure!1216
2024-05-05 09:54:32 +00:00
5db755f5d3 Merge branch 'renovate/ansible.utils-4.x' into 'master'
automation: Update ansible.utils to version 4.1.0

See merge request saibotk.de/infrastructure!1219
2024-05-05 09:54:19 +00:00
8889d05f08 Merge branch 'renovate/keycloak-24.x' into 'master'
automation: Update keycloak Docker tag to v24.0.3

See merge request saibotk.de/infrastructure!1220
2024-05-05 09:54:08 +00:00
339c223f11 Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.9.0

See merge request saibotk.de/infrastructure!1223
2024-05-05 09:53:58 +00:00
19f22434c8 Merge branch 'renovate/community.general-8.x' into 'master'
automation: Update community.general to version 8.6.0

See merge request saibotk.de/infrastructure!1224
2024-05-05 09:53:48 +00:00
dfc1473567 Merge branch 'renovate/camo-2.x' into 'master'
automation: Update camo Docker tag to v2.4.13

See merge request saibotk.de/infrastructure!1222
2024-05-05 09:53:37 +00:00
c1803f7b53 Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.65

See merge request saibotk.de/infrastructure!1214
2024-05-05 09:53:26 +00:00
3593faea83 Merge branch 'renovate/matrix-delegate_nginx-1.x' into 'master'
automation: Update matrix-delegate_nginx Docker tag to v1.26

See merge request saibotk.de/infrastructure!1225
2024-05-05 09:53:12 +00:00
d86dfc91e6 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.11.1

See merge request saibotk.de/infrastructure!1215
2024-05-05 09:53:01 +00:00
4134434c71 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.106.0

See merge request saibotk.de/infrastructure!1210
2024-05-05 09:52:49 +00:00
5333396093 Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024.5.0

See merge request saibotk.de/infrastructure!1211
2024-05-05 09:52:37 +00:00
5056a3233f Merge branch 'renovate/mastodon-elasticsearch-7.x' into 'master'
automation: Update mastodon-elasticsearch Docker tag to v7.17.21

See merge request saibotk.de/infrastructure!1213
2024-05-05 09:52:25 +00:00
f7843bd352 Merge branch 'renovate/gitlab-runner_image-16.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v16.11.1

See merge request saibotk.de/infrastructure!1221
2024-05-05 09:52:15 +00:00
Renovate Bot
865fa9bae0 automation: Update gitlab-runner_image Docker tag to v16.11.1 2024-05-03 18:06:07 +00:00
Renovate Bot
e9106699ee automation: Update minecraft-image Docker tag to v2024.5.0 2024-05-02 16:06:21 +00:00
Renovate Bot
853a5c22e5 automation: Update mastodon-elasticsearch Docker tag to v7.17.21 2024-05-02 10:05:43 +00:00
Renovate Bot
485d344f2a automation: Update matrix-synapse Docker tag to v1.106.0 2024-04-30 14:05:44 +00:00
Renovate Bot
01b52fc2d0 automation: Update gitlab Docker tag to v16.11.1 2024-04-24 14:05:44 +00:00
Renovate Bot
1bd9b841e4 automation: Update matrix-delegate_nginx Docker tag to v1.26 2024-04-24 04:05:49 +00:00
Renovate Bot
f55fec94bd automation: Update matrix-elementweb Docker tag to v1.11.65 2024-04-23 14:05:31 +00:00
Renovate Bot
b91a18cebe automation: Update camo Docker tag to v2.4.13 2024-04-23 00:05:48 +00:00
Renovate Bot
6da9a56924 automation: Update community.general to version 8.6.0 2024-04-22 18:06:01 +00:00
Renovate Bot
933706b91b automation: Update community.docker to version 3.9.0 2024-04-21 16:05:39 +00:00
Renovate Bot
f2a3f4b4bc automation: Update keycloak Docker tag to v24.0.3 2024-04-16 18:06:22 +00:00
Renovate Bot
2caf697a3b automation: Update ansible.utils to version 4.1.0 2024-04-15 14:05:27 +00:00
Renovate Bot
3b27f021c6 automation: Update traefik Docker tag to v2.11.2 2024-04-11 22:05:35 +00:00
Renovate Bot
51eba66c4f automation: Update factorio Docker tag to v1.1.107 2024-04-11 18:05:39 +00:00
Renovate Bot
276e8064b5 automation: Update monitoring-grafana Docker tag to v10.4.2 2024-04-11 16:05:30 +00:00
Renovate Bot
85d4b7c674 automation: Update owncast-image Docker tag to v0.1.3 2024-04-07 22:05:08 +00:00
5c41caeb77 Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.8.1

See merge request saibotk.de/infrastructure!1199
2024-03-30 19:15:40 +00:00
9542bbf4a6 Merge branch 'renovate/camo-2.x' into 'master'
automation: Update camo Docker tag to v2.4.10

See merge request saibotk.de/infrastructure!1200
2024-03-30 19:14:58 +00:00
eb6bac7d10 Merge branch 'renovate/monitoring-grafana-10.x' into 'master'
automation: Update monitoring-grafana Docker tag to v10.4.1

See merge request saibotk.de/infrastructure!1203
2024-03-30 19:14:49 +00:00
e9e00b8803 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.103.0

See merge request saibotk.de/infrastructure!1201
2024-03-30 19:14:32 +00:00
defb9577d4 Merge branch 'renovate/gitlab-runner_image-16.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v16.10.0

See merge request saibotk.de/infrastructure!1205
2024-03-30 19:14:15 +00:00
73196ac008 Merge branch 'renovate/keycloak-24.x' into 'master'
automation: Update keycloak Docker tag to v24.0.2

See merge request saibotk.de/infrastructure!1206
2024-03-30 19:12:16 +00:00
81246ca450 Merge branch 'renovate/community.general-8.x' into 'master'
automation: Update community.general to version 8.5.0

See merge request saibotk.de/infrastructure!1207
2024-03-30 19:12:06 +00:00
e64607df84 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.106

See merge request saibotk.de/infrastructure!1202
2024-03-30 19:11:26 +00:00
4cd57d576f Merge branch 'renovate/mastodon-elasticsearch-7.x' into 'master'
automation: Update mastodon-elasticsearch Docker tag to v7.17.19

See merge request saibotk.de/infrastructure!1208
2024-03-30 19:11:17 +00:00
097a152490 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.10.1

See merge request saibotk.de/infrastructure!1204
2024-03-30 19:11:08 +00:00
38f0a61e03 Merge branch 'renovate/ansible.utils-4.x' into 'master'
automation: Update ansible.utils to version 4

See merge request saibotk.de/infrastructure!1209
2024-03-30 19:10:58 +00:00
30f9a5f9ff Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.63

See merge request saibotk.de/infrastructure!1198
2024-03-30 19:10:32 +00:00
Renovate Bot
96dcab2aec automation: Update matrix-elementweb Docker tag to v1.11.63 2024-03-28 19:05:59 +00:00
Renovate Bot
ac13a53cdb automation: Update ansible.utils to version 4 2024-03-28 17:05:38 +00:00
Renovate Bot
3620647d90 automation: Update gitlab Docker tag to v16.10.1 2024-03-27 17:06:08 +00:00
Renovate Bot
80df2624aa automation: Update factorio Docker tag to v1.1.106 2024-03-26 13:05:16 +00:00
Renovate Bot
547fc8ca40 automation: Update mastodon-elasticsearch Docker tag to v7.17.19 2024-03-26 11:05:30 +00:00
Renovate Bot
6e90ee7840 automation: Update community.general to version 8.5.0 2024-03-25 19:05:18 +00:00
Renovate Bot
24c65bde2d automation: Update keycloak Docker tag to v24.0.2 2024-03-24 23:05:10 +00:00
Renovate Bot
969a58bd16 automation: Update gitlab-runner_image Docker tag to v16.10.0 2024-03-21 23:05:24 +00:00
Renovate Bot
2da2bd1929 automation: Update monitoring-grafana Docker tag to v10.4.1 2024-03-21 15:05:26 +00:00
Renovate Bot
96f1d7633f automation: Update matrix-synapse Docker tag to v1.103.0 2024-03-19 13:05:35 +00:00
Renovate Bot
ec07e514c9 automation: Update camo Docker tag to v2.4.10 2024-03-17 21:04:49 +00:00
Renovate Bot
ecd1b8dc0f automation: Update community.docker to version 3.8.1 2024-03-16 21:04:50 +00:00
ffbffa312f Merge branch 'renovate/gitlab-runner_image-16.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v16.9.1

See merge request saibotk.de/infrastructure!1192
2024-03-10 00:14:45 +00:00
182665819b Merge branch 'renovate/community.general-8.x' into 'master'
automation: Update community.general to version 8.4.0

See merge request saibotk.de/infrastructure!1190
2024-03-10 00:14:36 +00:00
56dc1732e2 Merge branch 'renovate/mastodon-4.x' into 'master'
automation: Update mastodon Docker tag to v4.2.8

See merge request saibotk.de/infrastructure!1188
2024-03-10 00:14:29 +00:00
95cb776b46 Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.59

See merge request saibotk.de/infrastructure!1191
2024-03-10 00:14:20 +00:00
27e4579b4a Merge branch 'renovate/keycloak-24.x' into 'master'
automation: Update keycloak Docker tag to v24

See merge request saibotk.de/infrastructure!1194
2024-03-10 00:14:12 +00:00
6bdcf205d9 Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024.3.0

See merge request saibotk.de/infrastructure!1193
2024-03-10 00:14:00 +00:00
1761532bd0 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.102.0

See merge request saibotk.de/infrastructure!1195
2024-03-10 00:13:10 +00:00
cceac875ae Merge branch 'renovate/monitoring-grafana-10.x' into 'master'
automation: Update monitoring-grafana Docker tag to v10.4.0

See merge request saibotk.de/infrastructure!1196
2024-03-10 00:08:54 +00:00
22d507bdf5 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.9.2

See merge request saibotk.de/infrastructure!1197
2024-03-10 00:08:47 +00:00
f146f9af65
feat(ansible): Adjust configs
This disables cowsay messages.
Enables persistent connections, so that multiple playbooks can reuse the connection.
Enables pipelining for speed, since we are not affected by the limitation described in https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_PIPELINING
this gives us some speed boost.

Additionally the playbook dir was set, so that some commands can benefit from the correct default.
2024-03-10 01:08:05 +01:00
79dabffd40
chore(ansible-config): also define collections path for ansible-lint
This fixes the local ansible-lint run.
2024-03-10 01:08:04 +01:00
1b66ab22e5
feat(dnf): Add role from histalek-de/infrastructure
This was taken from https://git.histalek.de/histalek-de/infrastructure/

<3
2024-03-10 01:08:03 +01:00
0152abb7df
!fix(haveged): Remove direct dependency on epel
So that this can be used on other systems too
2024-03-10 01:08:02 +01:00
bdb4cc72bf
fix(luks_ssh): Only install haveged on older systems
Newer systems do not need it anymore, because this is built in since kernel 5.4.

See https://github.com/jirka-h/haveged
2024-03-10 01:08:01 +01:00
20e150f453
feat(luks_ssh): Update with latest upstream changes
This includes a MOTD and some small adjustments for Fedora etc.

See a35fbc1ec4
2024-03-10 01:08:00 +01:00
db6f516bee
!fix(luks_ssh): Add root account SSH unlock
This has to be done, for sshd being able to read the authorized keys. See https://github.com/gsauthof/dracut-sshd/tree/master?tab=readme-ov-file#faq

So we do this here, note that this will remove the root account password if there is one.
2024-03-10 01:07:59 +01:00
Renovate Bot
5158a26f15 automation: Update gitlab Docker tag to v16.9.2 2024-03-06 19:05:08 +00:00
Renovate Bot
b4ad6cec32 automation: Update monitoring-grafana Docker tag to v10.4.0 2024-03-06 15:05:18 +00:00
Renovate Bot
f297350275 automation: Update matrix-synapse Docker tag to v1.102.0 2024-03-05 17:05:17 +00:00
Renovate Bot
c06cebf49f automation: Update keycloak Docker tag to v24 2024-03-05 09:05:00 +00:00
Renovate Bot
7f1445fc0b automation: Update minecraft-image Docker tag to v2024.3.0 2024-03-02 17:04:50 +00:00
Renovate Bot
088801b2ca automation: Update gitlab-runner_image Docker tag to v16.9.1 2024-02-28 19:04:31 +00:00
Renovate Bot
1b161e3414 automation: Update matrix-elementweb Docker tag to v1.11.59 2024-02-27 15:04:39 +00:00
Renovate Bot
fbc913d8d0 automation: Update community.general to version 8.4.0 2024-02-26 21:04:40 +00:00
e380fe1932 Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.8.0

See merge request saibotk.de/infrastructure!1189
2024-02-26 19:29:50 +00:00
Renovate Bot
59369afa36 automation: Update community.docker to version 3.8.0 2024-02-25 21:05:09 +00:00
Renovate Bot
a81ffdc752 automation: Update mastodon Docker tag to v4.2.8 2024-02-23 15:04:56 +00:00
0e9ad9b9c0
fix(mastodon): Version detection grep expression 2024-02-22 03:58:24 +01:00
72c15a4fd3
fix(gitlab_runner): Wrong docker project directory 2024-02-22 03:43:53 +01:00
45bf9ecf8d
fix(docker-compose): Use docker compose plugin for validation 2024-02-22 03:42:59 +01:00
2efc0e6f3c
fix(docker): Install python-requests library for the docker module
This is the only dependency that the docker module needs.
So we are installing this via the system package manager. Should be fine for now, as there does not seem to be incompatibilities or a specific version being requested.
2024-02-22 03:21:39 +01:00
ddd0effa0d
!remove(docker): Python SDK install & pyhton path workaround
Both is not needed anymore, since ansible docker modules use the api directly.
2024-02-22 01:56:50 +01:00
7469b6bbf4
!chore(docker-compose): Remove deprecated docker-compose python library
Since docker_compose_v2 module is now finally available using the newer plugin, we can retire the hacky install of the docker compose python library.
2024-02-22 01:29:19 +01:00
70341479b1
!chore: Migrate to docker_compose_v2
This now uses the new docker compose plugin.
Because we used docker-compose v1.24.1 to this point due to centos needing to install C toolchains to build never versions, the newest Docker v25 breaks compatibility and we need to use something newer.
2024-02-22 00:37:48 +01:00
5e76d89a2a Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024.2.2

See merge request saibotk.de/infrastructure!1172
2024-02-21 21:34:55 +00:00
8a5600dcc5 Merge branch 'renovate/traefik-2.x' into 'master'
automation: Update traefik Docker tag to v2.11.0

See merge request saibotk.de/infrastructure!1173
2024-02-21 21:34:23 +00:00
a04663278c Merge branch 'renovate/mastodon-database-15.x' into 'master'
automation: Update mastodon-database Docker tag to v15.6

See merge request saibotk.de/infrastructure!1174
2024-02-21 21:34:13 +00:00
046b701dc2 Merge branch 'renovate/matrix-database-13.x' into 'master'
automation: Update matrix-database Docker tag to v13.14

See merge request saibotk.de/infrastructure!1175
2024-02-21 21:34:05 +00:00
4c3fb4957f Merge branch 'renovate/matrix-maubot_database-13.x' into 'master'
automation: Update matrix-maubot_database Docker tag to v13.14

See merge request saibotk.de/infrastructure!1176
2024-02-21 21:33:51 +00:00
a9635a3d3c Merge branch 'renovate/matrix-sliding_sync_database-16.x' into 'master'
automation: Update matrix-sliding_sync_database Docker tag to v16.2

See merge request saibotk.de/infrastructure!1177
2024-02-21 21:33:42 +00:00
ad95c2f9b4 Merge branch 'renovate/vikunja-database-13.x' into 'master'
automation: Update vikunja-database Docker tag to v13.14

See merge request saibotk.de/infrastructure!1178
2024-02-21 21:33:31 +00:00
89145435ad Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.101.0

See merge request saibotk.de/infrastructure!1179
2024-02-21 21:33:12 +00:00
55ded387e2 Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.58

See merge request saibotk.de/infrastructure!1180
2024-02-21 21:32:57 +00:00
f74ef5df54 Merge branch 'renovate/monitoring-grafana-10.x' into 'master'
automation: Update monitoring-grafana Docker tag to v10.3.3

See merge request saibotk.de/infrastructure!1181
2024-02-21 21:31:38 +00:00
502655217f Merge branch 'renovate/gitlab-runner_image-16.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v16.9.0

See merge request saibotk.de/infrastructure!1184
2024-02-21 21:31:19 +00:00
4f33ae7e14 Merge branch 'renovate/camo-2.x' into 'master'
automation: Update camo Docker tag to v2.4.9

See merge request saibotk.de/infrastructure!1186
2024-02-21 21:31:06 +00:00
6611caf3e6 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.9.1

See merge request saibotk.de/infrastructure!1183
2024-02-21 21:30:21 +00:00
4dfd382a75
feat(lvm_self_backup): Add error service when systemd service fails
This is to be notified when the systemd service fails to e.g. unmount the partition.
2024-02-21 22:25:46 +01:00
43535443c2
fix(backup-lvm): ExecStopPost command using bash syntax
This cannot be used in a systemd exec command. Ooopsie
2024-02-21 22:12:19 +01:00
Renovate Bot
bdd885f4ae automation: Update gitlab Docker tag to v16.9.1 2024-02-21 13:05:21 +00:00
Renovate Bot
adc8de3eb8 automation: Update camo Docker tag to v2.4.9 2024-02-17 03:04:37 +00:00
7d1e804ef1 Merge branch 'renovate/mastodon-4.x' into 'master'
automation: Update mastodon Docker tag to v4.2.7

See merge request saibotk.de/infrastructure!1185
2024-02-16 13:08:36 +00:00
Renovate Bot
ae51dcf36b automation: Update mastodon Docker tag to v4.2.7 2024-02-16 13:04:40 +00:00
Renovate Bot
f5295489b2 automation: Update gitlab-runner_image Docker tag to v16.9.0 2024-02-15 21:04:50 +00:00
79e540b790 Merge branch 'renovate/mastodon-4.x' into 'master'
automation: Update mastodon Docker tag to v4.2.6

See merge request saibotk.de/infrastructure!1182
2024-02-14 16:14:24 +00:00
Renovate Bot
91bc864746 automation: Update mastodon Docker tag to v4.2.6 2024-02-14 15:04:50 +00:00
Renovate Bot
4f9b6c4aa2 automation: Update monitoring-grafana Docker tag to v10.3.3 2024-02-13 21:04:53 +00:00
Renovate Bot
896a0c65dc automation: Update matrix-elementweb Docker tag to v1.11.58 2024-02-13 17:04:47 +00:00
Renovate Bot
999b9964f7 automation: Update matrix-synapse Docker tag to v1.101.0 2024-02-13 13:04:43 +00:00
Renovate Bot
9f7a698145 automation: Update vikunja-database Docker tag to v13.14 2024-02-13 01:05:02 +00:00
Renovate Bot
f21ff8c80a automation: Update matrix-sliding_sync_database Docker tag to v16.2 2024-02-13 01:04:57 +00:00
Renovate Bot
50b3dd4913 automation: Update matrix-maubot_database Docker tag to v13.14 2024-02-13 01:04:56 +00:00
Renovate Bot
b13a1ae714 automation: Update matrix-database Docker tag to v13.14 2024-02-13 01:04:54 +00:00
Renovate Bot
b824713e56 automation: Update mastodon-database Docker tag to v15.6 2024-02-13 01:04:53 +00:00
Renovate Bot
738037098a automation: Update traefik Docker tag to v2.11.0 2024-02-12 23:04:54 +00:00
Renovate Bot
826b812657 automation: Update minecraft-image Docker tag to v2024.2.2 2024-02-08 21:04:40 +00:00
c0233ecef5 Merge branch 'renovate/keycloak-23.x' into 'master'
automation: Update keycloak Docker tag to v23.0.6

See merge request saibotk.de/infrastructure!1168
2024-02-07 22:34:11 +00:00
2e637dee4b Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024.2.1

See merge request saibotk.de/infrastructure!1169
2024-02-07 22:33:58 +00:00
67d746a3a3 Merge branch 'renovate/mastodon-elasticsearch-7.x' into 'master'
automation: Update mastodon-elasticsearch Docker tag to v7.17.18

See merge request saibotk.de/infrastructure!1170
2024-02-07 22:33:49 +00:00
6e3957a0b8 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.8.2

See merge request saibotk.de/infrastructure!1171
2024-02-07 22:33:02 +00:00
b3153e2a5b
lvm_self_backup: Fix unmount issues
Somehow unmount fails if the mount is already unmounted, so we just ignore unmounts exit code
2024-02-07 23:32:26 +01:00
dae41f9c7c
lvm_self_backup: Fix snapshot folder 2024-02-07 23:31:02 +01:00
Renovate Bot
f44aefaa9c automation: Update gitlab Docker tag to v16.8.2 2024-02-07 17:04:40 +00:00
Renovate Bot
75adcde834 automation: Update mastodon-elasticsearch Docker tag to v7.17.18 2024-02-06 11:04:51 +00:00
Renovate Bot
9715323cb9 automation: Update minecraft-image Docker tag to v2024.2.1 2024-02-04 01:04:54 +00:00
Renovate Bot
01e83c8b92 automation: Update keycloak Docker tag to v23.0.6 2024-02-02 15:04:56 +00:00
9a39dadbb2
gitlab: Increase memory limits 2024-02-01 16:26:39 +01:00
9f028b1053
mastodon: Update to 4.2.5 2024-02-01 16:24:30 +01:00
c66fa80fe8 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.104

See merge request saibotk.de/infrastructure!1164
2024-02-01 15:23:54 +00:00
856b4f5ee6 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.100.0

See merge request saibotk.de/infrastructure!1166
2024-02-01 15:17:07 +00:00
c09ed61ccb Merge branch 'renovate/vikunja-frontend-0.x' into 'master'
automation: Update vikunja-frontend Docker tag to v0.22.1

See merge request saibotk.de/infrastructure!1161
2024-02-01 15:12:57 +00:00
edf132afa2 Merge branch 'renovate/vikunja-api-0.x' into 'master'
automation: Update vikunja-api Docker tag to v0.22.1

See merge request saibotk.de/infrastructure!1160
2024-02-01 15:12:42 +00:00
6f84f2dd17 Merge branch 'renovate/ansible.utils-3.x' into 'master'
automation: Update ansible.utils to version 3.1.0

See merge request saibotk.de/infrastructure!1165
2024-02-01 15:12:32 +00:00
71b17cea43 Merge branch 'renovate/community.general-8.x' into 'master'
automation: Update community.general to version 8.3.0

See merge request saibotk.de/infrastructure!1163
2024-02-01 15:12:23 +00:00
d5c763f27b Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.7.0

See merge request saibotk.de/infrastructure!1159
2024-02-01 15:12:15 +00:00
878d543752 Merge branch 'renovate/keycloak-23.x' into 'master'
automation: Update keycloak Docker tag to v23.0.5

See merge request saibotk.de/infrastructure!1162
2024-02-01 15:12:02 +00:00
b9421c7e32 Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.57

See merge request saibotk.de/infrastructure!1167
2024-02-01 15:11:50 +00:00
Renovate Bot
f631f1cf55 automation: Update matrix-elementweb Docker tag to v1.11.57 2024-01-31 17:04:44 +00:00
Renovate Bot
52b48241dd automation: Update matrix-synapse Docker tag to v1.100.0 2024-01-30 19:04:57 +00:00
Renovate Bot
c745735bc7 automation: Update ansible.utils to version 3.1.0 2024-01-30 17:04:48 +00:00
Renovate Bot
c59dede68d automation: Update factorio Docker tag to v1.1.104 2024-01-30 15:04:48 +00:00
Renovate Bot
c4d2c4ab33 automation: Update community.general to version 8.3.0 2024-01-29 21:04:38 +00:00
Renovate Bot
c45c7dc606 automation: Update keycloak Docker tag to v23.0.5 2024-01-29 09:05:02 +00:00
Renovate Bot
2ae9cad191 automation: Update vikunja-frontend Docker tag to v0.22.1 2024-01-28 17:04:35 +00:00
Renovate Bot
83efb140fd automation: Update vikunja-api Docker tag to v0.22.1 2024-01-28 17:04:33 +00:00
Renovate Bot
5bd8e5e482 automation: Update community.docker to version 3.7.0 2024-01-27 13:04:44 +00:00
6b370267d0 Merge branch 'renovate/gitlab-runner_image-16.x' into 'master'
automation: Update gitlab-runner_image Docker tag to v16.8.0

See merge request saibotk.de/infrastructure!1153
2024-01-25 22:51:46 +00:00
660fa44fd4 Merge branch 'renovate/community.general-8.x' into 'master'
automation: Update community.general to version 8.2.0

See merge request saibotk.de/infrastructure!1144
2024-01-25 22:51:32 +00:00
807e4032c6 Merge branch 'renovate/keycloak-23.x' into 'master'
automation: Update keycloak Docker tag to v23.0.4

See merge request saibotk.de/infrastructure!1148
2024-01-25 22:51:23 +00:00
c0e8066513 Merge branch 'renovate/matrix-synapse-1.x' into 'master'
automation: Update matrix-synapse Docker tag to v1.99.0

See merge request saibotk.de/infrastructure!1151
2024-01-25 22:51:10 +00:00
7af4bd2538 Merge branch 'renovate/devsec.hardening-9.x' into 'master'
automation: Update devsec.hardening to version 9.0.1

See merge request saibotk.de/infrastructure!1154
2024-01-25 22:50:51 +00:00
98e73ab56a Merge branch 'renovate/matrix-elementweb-1.x' into 'master'
automation: Update matrix-elementweb Docker tag to v1.11.55

See merge request saibotk.de/infrastructure!1145
2024-01-25 22:50:42 +00:00
8620c33e56 Merge branch 'renovate/factorio-1.x' into 'master'
automation: Update factorio Docker tag to v1.1.103

See merge request saibotk.de/infrastructure!1152
2024-01-25 22:50:26 +00:00
18c456f4c5 Merge branch 'renovate/minecraft-image-2024.x' into 'master'
automation: Update minecraft-image Docker tag to v2024

See merge request saibotk.de/infrastructure!1146
2024-01-25 22:50:15 +00:00
899c4bb243 Merge branch 'renovate/community.docker-3.x' into 'master'
automation: Update community.docker to version 3.6.0

See merge request saibotk.de/infrastructure!1155
2024-01-25 22:49:51 +00:00
806910a7df Merge branch 'renovate/mastodon-elasticsearch-7.x' into 'master'
automation: Update mastodon-elasticsearch Docker tag to v7.17.17

See merge request saibotk.de/infrastructure!1156
2024-01-25 22:47:10 +00:00
4a1e11ef28 Merge branch 'renovate/monitoring-grafana-10.x' into 'master'
automation: Update monitoring-grafana Docker tag to v10.3.1

See merge request saibotk.de/infrastructure!1157
2024-01-25 22:46:57 +00:00
edd19c93a5 Merge branch 'renovate/mastodon-4.x' into 'master'
automation: Update mastodon Docker tag to v4.2.4

See merge request saibotk.de/infrastructure!1158
2024-01-25 18:55:50 +00:00
c48f728def Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.8.1

See merge request saibotk.de/infrastructure!1150
2024-01-25 18:55:22 +00:00
Renovate Bot
7908d752cd automation: Update gitlab Docker tag to v16.8.1 2024-01-25 11:05:22 +00:00
Renovate Bot
be6c78bf82 automation: Update mastodon Docker tag to v4.2.4 2024-01-24 15:04:45 +00:00
Renovate Bot
e9159a926b automation: Update monitoring-grafana Docker tag to v10.3.1 2024-01-23 17:06:16 +00:00
Renovate Bot
c39e922aab automation: Update mastodon-elasticsearch Docker tag to v7.17.17 2024-01-23 13:04:51 +00:00
Renovate Bot
81e3aac16f automation: Update community.docker to version 3.6.0 2024-01-21 09:04:53 +00:00
Renovate Bot
e710c63f90 automation: Update minecraft-image Docker tag to v2024 2024-01-20 19:05:13 +00:00
Renovate Bot
56dce855f6 automation: Update factorio Docker tag to v1.1.103 2024-01-19 17:05:05 +00:00
Renovate Bot
6ef5e0681e automation: Update matrix-elementweb Docker tag to v1.11.55 2024-01-19 15:04:55 +00:00
Renovate Bot
b958ae6e90 automation: Update devsec.hardening to version 9.0.1 2024-01-19 11:04:57 +00:00
Renovate Bot
7dfe47e092 automation: Update gitlab-runner_image Docker tag to v16.8.0 2024-01-19 01:05:18 +00:00
Renovate Bot
77425901e7 automation: Update matrix-synapse Docker tag to v1.99.0 2024-01-16 17:04:59 +00:00
d6a10f0802 Merge branch 'renovate/gitlab-16.x' into 'master'
automation: Update gitlab Docker tag to v16.7.2

See merge request saibotk.de/infrastructure!1149
2024-01-12 12:03:04 +00:00
Renovate Bot
b72514d87a automation: Update gitlab Docker tag to v16.7.2 2024-01-11 23:04:53 +00:00
Renovate Bot
2595af6051 automation: Update keycloak Docker tag to v23.0.4 2024-01-08 15:05:07 +00:00
Renovate Bot
6f678b35d3 automation: Update community.general to version 8.2.0 2024-01-01 19:05:13 +00:00
345 changed files with 4964 additions and 12642 deletions

View file

@ -1,14 +1,22 @@
[defaults]
roles_path = ./roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
playbook_dir = ./playbooks
inventory = ./inventory
retry_files_enabled = false
vault_password_file = .vault_pass
retry_files_enabled = False
nocows=True
use_persistent_connections = True
interpreter_python = auto_silent
[connection]
pipelining = True
[ssh_connection]
transfer_method = piped
[privilege_escalation]
become_ask_pass = false
become_ask_pass = False
[galaxy]
role_skeleton = ./.ansible/skeleton/default

View file

@ -2,3 +2,4 @@
# Otherwise ansible-lint always tries to get a vault password and fails.
[defaults]
roles_path = ./roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
collections_path = ./collections:~/.ansible/collections:/usr/share/ansible/collections:/etc/ansible/collections

48
guides/SETUP_FEDORA_41.md Normal file
View file

@ -0,0 +1,48 @@
# Fedora 41 ISO install setup GUI
## Netcup stuff
- Setup Network mappings with hostnames / reverse addresses
- Assign IPv6 address from space
- Enable UEFI Boot
- Set VNC keymap to DE
## Anaconda Setup (GUI)
1. Select English US for installation
2. Change keyboard to de nodeadkeys
3. Choose Fedora Cloud Server and Guest Agents
4. Disk
- Choose Custom config
- Delete all existing paritions
- Choose Btrfs + encrypt
- Click to create automatically
- Done
- Enter disk encryption pw generated via pass
5. Network
- Set hostname
- Edit Interface
- Set IPv6 to Manual
- Enter address as given by provider
- Set Gateway to fe80::1
- Set IPv4 to Automatic (DHCP) addresses only
- Configure DNS Servers on IPv4 to
- 1.1.1.1
- 9.9.9.9
- Configure DNS Servers on IPv6 to
- 2606:4700:4700::1111
- 2620:fe::fe
6. Date/Time: Set to Berlin
- NTP Servers:
- Remove default pool
- Add time.cloudflare.com (only NTS ticked, not pool)
- Add sth1.nts.netnod.se (only NTS ticked, not pool)
7. User Account
- Leave root user disabled
- Add your own user, use temp PW and replace with pass generated when connected via SSH
## Ansible prep
Install python3-libdnf5
Workaround until Ansible version is released with this fix:
https://github.com/ansible/ansible/issues/84206

12
playbooks/caddy.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Install Caddy.
hosts: caddy
roles:
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true

View file

@ -1,29 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure camo
hosts: camo
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- camo
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure HedgeDoc
hosts: codimd
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- codimd
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

5
playbooks/dnf.yml Normal file
View file

@ -0,0 +1,5 @@
- name: Setup dnf.
hosts: dnf
roles:
- role: dnf
become: true

View file

@ -1,27 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Docker IPv6 NAT
hosts: docker_ipv6_nat
roles:
- docker
- docker_compose
- docker_cleanup
- docker_ipv6_nat
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

17
playbooks/elementweb.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Install Element Web.
hosts: elementweb
roles:
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: elementweb
become: true

View file

@ -1,27 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Factorio
hosts: factorio
roles:
- docker
- docker_compose
- docker_cleanup
- factorio
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,29 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure GitLab
hosts: gitlab
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- gitlab
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,36 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure GitLab Runner
hosts: gitlab_runner
roles:
- docker
- docker_compose
- docker_cleanup
- gitlab_runner
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
tasks:
- name: Install docker image prune crontab
ansible.builtin.cron:
name: "Prune unused docker images"
minute: "0"
hour: "*/4"
job: "docker image prune -f"
become: true

17
playbooks/hedgedoc.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Install Hedgedoc.
hosts: hedgedoc
roles:
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: hedgedoc
become: true

View file

@ -1,29 +1,17 @@
---
- name: Install Keycloak.
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Keycloak
hosts: keycloak
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- keycloak
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: keycloak
become: true

View file

@ -1,5 +1,4 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
@ -18,6 +17,12 @@
- name: Install & configure LUKS SSH setup
hosts: luks_ssh
roles:
- haveged
- luks_ssh
tasks:
- name: Install haveged
ansible.builtin.include_role:
name: haveged
when: ansible_kernel is version('5.4', '<')
- name: Install LUKS SSH
ansible.builtin.include_role:
name: luks_ssh

View file

@ -1,25 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure LVM self backup
hosts: lvm_self_backup
roles:
- docker
- lvm_self_backup
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,5 +1,4 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
@ -16,13 +15,10 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Docker & backup cronjob
- name: Install & prepare Mailcow setup & backup cronjob
hosts: mailcow
roles:
- docker
- docker_compose
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
tasks:
- name: Install backup crontab
ansible.builtin.cron:
@ -32,5 +28,45 @@
# yamllint disable-line rule:line-length
job: "MAILCOW_BACKUP_LOCATION=/srv/mailcow-backups /srv/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all --delete-days 2 2>&1 | /usr/bin/logger -t mailcow_data_backup"
become: true
# Manual steps:
# - Open ports / disable postfix
- name: Install git
ansible.builtin.package:
name: "git"
state: "present"
become: true
- name: Clone mailcow # noqa latest[git]
ansible.builtin.git:
repo: "https://github.com/mailcow/mailcow-dockerized"
update: false
dest: "/srv/mailcow-dockerized"
become: true
- name: Create backup directory
ansible.builtin.file:
path: "/srv/mailcow-backups"
owner: "root"
group: "root"
state: directory
mode: "0755"
become: true
- name: Open ports
ansible.posix.firewalld:
state: enabled
permanent: true
immediate: true
zone: public
port: "{{ item }}"
loop:
- "25/tcp"
- "465/tcp"
- "587/tcp"
- "143/tcp"
- "993/tcp"
- "110/tcp"
- "995/tcp"
- "4190/tcp"
- "80/tcp"
- "443/tcp"
become: true

View file

@ -1,29 +1,17 @@
---
- name: Install Mastodon.
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Mastodon
hosts: mastodon
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- mastodon
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: mastodon
become: true

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Matrix
hosts: matrix
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Matrix Delegate
hosts: matrix_delegate
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix_delegate
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Element Web
hosts: matrix_elementweb
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix_elementweb
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Mauboot
hosts: matrix_maubot
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix_maubot
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,27 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2023 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Matrix Sliding Sync
hosts: matrix_sliding_sync
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix_sliding_sync
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Matrix Webhooks
hosts: matrix_webhooks
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- matrix_webhooks
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Minecraft
hosts: minecraft
roles:
- docker
- docker_compose
- docker_cleanup
- minecraft
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure BlockMap
hosts: minecraft
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- minecraft_blockmap
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,29 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure MinIO
hosts: minio
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- minio
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,40 +1,17 @@
---
- name: Install Monitoring Suite with Grafana, Loki and Prometheus.
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure monitoring servers
hosts: monitoring
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- monitoring
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
- name: Install & configure monitoring clients
hosts: all
serial: 1
roles:
- docker
- docker_compose
- docker_cleanup
- telegraf
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: monitoring
become: true

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Owncast
hosts: owncast
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- owncast
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Penpot
hosts: penpot
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- penpot
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

7
playbooks/podman.yml Normal file
View file

@ -0,0 +1,7 @@
- name: Install and configure podman.
hosts: podman
roles:
- role: podman
become: true

1
playbooks/roles Symbolic link
View file

@ -0,0 +1 @@
../roles

17
playbooks/saiblog.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Install Saiblog.
hosts: saiblog
roles:
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: saiblog
become: true

View file

@ -1,63 +1,16 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure unattended upgrades
import_playbook: unattended_upgrades.yml
- name: Install & configure ipv6 NAT for Docker
import_playbook: docker_ipv6_nat.yml
- name: Install & configure backup solution using LVM
import_playbook: lvm_self_backup.yml
- name: Install & configure GitLab
import_playbook: gitlab.yml
- name: Install & configure GitLab Runner
import_playbook: gitlab_runner.yml
- name: Install & configure camo
import_playbook: camo.yml
- name: Install & configure Keycloak
import_playbook: keycloak.yml
- name: Install & configure monitoring
import_playbook: monitoring.yml
- name: Install & configure MinIO
import_playbook: minio.yml
- name: Install & configure Mastodon
import_playbook: mastodon.yml
- name: Install & configure HedgeDoc
import_playbook: codimd.yml
- name: Install & configure Matrix
import_playbook: matrix.yml
- name: Install & configure Matrix Delegate
import_playbook: matrix_delegate.yml
import_playbook: hedgedoc.yml
- name: Install & configure Synapse
import_playbook: synapse.yml
- name: Install & configure Element Web
import_playbook: matrix_elementweb.yml
- name: Install & configure Matrix Webhooks
import_playbook: matrix_webhooks.yml
- name: Install & configure Maubot
import_playbook: matrix_maubot.yml
- name: Install & configure static websites
import_playbook: static_websites.yml
import_playbook: elementweb.yml
- name: Install & configure Saiblog
import_playbook: saiblog.yml
- name: Install & configure Teamspeak
import_playbook: teamspeak.yml
- name: Install & configure Owncast
import_playbook: owncast.yml
- name: Install & configure Factorio
import_playbook: factorio.yml
- name: Install & configure Penpot
import_playbook: penpot.yml
- name: Install & configure Vikunja
import_playbook: vikunja.yml

View file

@ -1,5 +1,4 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
@ -23,5 +22,4 @@
- role: ssh
- role: devsec.hardening.ssh_hardening
become: true
- role: epel
- role: fail2ban

View file

@ -1,30 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure static websites
hosts: static_websites
serial: 1
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- static_websites
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

17
playbooks/synapse.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Install Synapse.
hosts: synapse
roles:
- role: podman
become: true
tags:
- always
- podman
- role: caddy
become: true
tags:
- always
- caddy
- role: synapse
become: true

View file

@ -1,5 +1,4 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2022 Saibotk
@ -20,5 +19,3 @@
hosts: all
roles:
- sys_upgrade
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,28 +1,12 @@
---
- name: Install teamspeak3 server.
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Teamspeak
hosts: teamspeak
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- teamspeak
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
- role: podman
become: true
tags:
- always
- podman
- role: teamspeak
become: true

View file

@ -1,22 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Configure unattended upgrades
hosts: unattended_upgrades
roles:
- unattended_upgrades

View file

@ -1,28 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure Vikunja
hosts: vikunja
roles:
- docker
- docker_compose
- docker_cleanup
- traefik
- vikunja
environment:
PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages

View file

@ -1,12 +1,16 @@
---
collections:
- name: devsec.hardening
version: 9.0.0
version: 10.1.0
- name: community.general
version: 8.1.0
version: 10.0.0
- name: community.docker
version: 3.5.0
version: 4.0.0
- name: ansible.posix
version: 1.5.4
version: 1.6.2
- name: ansible.utils
version: 3.0.0
version: 5.1.2
- name: containers.podman
version: 1.16.2
- name: fedora.linux_system_roles
version: 1.89.1

View file

@ -0,0 +1,18 @@
caddy_install_dir: /srv/caddy
caddy_container_image: docker.io/library/caddy
# renovate: depName=docker.io/library/caddy
caddy_image_tag: "2.8.4-alpine"
caddy_selinux_level: "{{ omit }}"
caddy_memory_high: 0
caddy_memory_low: 128m
caddy_swap_max: -1
caddy_letsencrypt_email: no-reply@example.com
# possible values: ed25519|p256|p384|rsa2048|rsa4096
caddy_letsencrypt_key_type: rsa4096
caddy_letsencrypt_ca_server: https://acme-staging-v02.api.letsencrypt.org/directory
caddy_log_level: warn

View file

@ -0,0 +1,20 @@
- name: Apply new SELinux file context to filesystem.
ansible.builtin.command: "restorecon -irF {{ caddy_install_dir }}"
become: true
changed_when: true
listen: "caddy selinux context changed"
- name: Restart caddy service.
ansible.builtin.systemd:
state: restarted
name: "caddy"
daemon_reload: true
become: true
listen: "caddy service changed"
- name: Reload caddy service.
ansible.builtin.systemd:
state: reloaded
name: "caddy"
become: true
listen: "caddy config changed"

18
roles/caddy/meta/main.yml Normal file
View file

@ -0,0 +1,18 @@
galaxy_info:
author: histalek
description: Deploy Caddy with podman and systemd.
issue_tracker_url: https://git.histalek.de/histalek-de/infrastructure/-/issues
license: GPL-3.0-only
min_ansible_version: "2.14"
platforms:
- name: Fedora
versions:
- "38"
- "39"
- "40"
standalone: true

109
roles/caddy/tasks/main.yml Normal file
View file

@ -0,0 +1,109 @@
- name: Update default SELinux contexts.
community.general.sefcontext:
target: "{{ item }}(/.*)?"
setype: "container_file_t"
selevel: "{{ caddy_selinux_level }}"
state: present
loop:
- "{{ caddy_install_dir }}/config"
- "{{ caddy_install_dir }}/data"
- "{{ caddy_install_dir }}/srv"
become: true
notify: "caddy selinux context changed"
- name: Create caddy directories.
ansible.builtin.file:
path: "{{ caddy_install_dir }}"
state: directory
mode: "0700"
owner: "root"
group: "root"
become: true
- name: Ensure caddy directories and configs exist.
block:
- name: Stat caddy config directory.
ansible.builtin.stat:
path: "{{ caddy_install_dir }}/config"
become: true
register: caddy_stat_config_dir
- name: Create caddy directories.
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
mode: "0700"
loop:
- path: "{{ caddy_install_dir }}/config"
- path: "{{ caddy_install_dir }}/data"
- path: "{{ caddy_install_dir }}/srv"
become: true
- name: Deploy caddy configs.
ansible.builtin.template:
src: Caddyfile.j2
dest: "{{ caddy_install_dir }}/config/Caddyfile"
mode: "0600"
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
become: true
notify: "caddy config changed"
- name: Ensure container image is present on the host.
containers.podman.podman_image:
name: "{{ caddy_container_image }}"
state: present
tag: "{{ caddy_image_tag }}"
become: true
- name: Allow http and https.
ansible.posix.firewalld:
service: "{{ item }}"
zone: public
permanent: true
immediate: true
state: enabled
loop:
- http
- https
become: true
# Ref: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
- name: Set maximum udp send/receive buffer size to around 2,5MB for quic.
ansible.posix.sysctl:
name: "{{ item.name }}"
value: 7500000
sysctl_set: true
state: present
reload: true
loop:
- name: net.core.rmem_max
- name: net.core.wmem_max
become: true
- name: Create caddy container / network file.
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "0644"
loop:
- src: caddy.container.j2
dest: /etc/containers/systemd/caddy.container
- src: caddy.network.j2
dest: /etc/containers/systemd/caddy.network
become: true
notify: "caddy service changed"
- name: Flush handlers.
ansible.builtin.meta: flush_handlers
- name: Start and enable caddy service.
ansible.builtin.systemd:
state: started
enabled: true
name: "caddy"
become: true

View file

@ -0,0 +1,21 @@
{
admin
persist_config off
log {
output stdout
format console
level warn
}
email {{ caddy_letsencrypt_email }}
skip_install_trust
acme_ca {{ caddy_letsencrypt_ca_server }}
key_type {{ caddy_letsencrypt_key_type }}
servers {
# metrics
strict_sni_host
}
}
import /config/*.caddy

View file

@ -0,0 +1,50 @@
{{ ansible_managed | comment }}
[Unit]
Description=Caddy reverse proxy
[Service]
Restart=always
RestartSec=5s
ExecReload=/usr/bin/podman exec \
-w /config \
caddy \
caddy reload
[Container]
Image={{ caddy_container_image }}:{{ caddy_image_tag }}
ContainerName=caddy
Exec=caddy run \
--config /config/Caddyfile \
--adapter caddyfile
AutoUpdate=registry
LogDriver=journald
NoNewPrivileges=true
ReadOnly=true
DropCapability=all
AddCapability=CAP_NET_BIND_SERVICE
UserNS=auto:size=65535
{% if caddy_selinux_level != omit %}
SecurityLabelLevel={{ caddy_selinux_level }}
{% endif %}
Network=caddy.network
PublishPort=80:80/tcp
PublishPort=443:443/tcp
PublishPort=443:443/udp
Volume={{ caddy_install_dir }}/config:/config:ro,U
Volume={{ caddy_install_dir }}/data:/data:U
Volume={{ caddy_install_dir }}/srv:/srv:U
PodmanArgs=--memory={{ caddy_memory_high }}
PodmanArgs=--memory-swap={{ caddy_swap_max }}
PodmanArgs=--memory-reservation={{ caddy_memory_low }}
[Install]
WantedBy=default.target

View file

@ -0,0 +1,6 @@
{{ ansible_managed | comment }}
[Network]
NetworkName=caddy_reverseproxy
Driver=bridge
IPv6=true

View file

@ -1,35 +0,0 @@
Camo
=========
This will setup a [go-camo](https://github.com/cactus/go-camo) content proxy server with their official docker container and traefik.
Requirements
------------
You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
**This role assumes that you have setup traefik with an endpoint called `websecure`.**
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
### Global variables, that are used:
- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
Dependencies
------------
- docker
- docker-compose
- traefik
License
-------
GPL-3.0-only

View file

@ -1,42 +0,0 @@
---
# Default variables for the camo role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# The install location (where the docker-compose file is stored)
camo_install_location: "/srv/camo"
# The camo version that should be used
# renovate: depName=docker.io/cactus4docker/go-camo
camo_version: "2.4.8"
# The domain under which camo should be available using traefik
camo_domain: camo.example.com
# The certresolver that is used by traefik for camo's domain
camo_traefik_certresolver: "letsencrypt_http"
# The HMAC key to be used
camo_key: "{{ lookup('passwordstore', camo_domain + '/hmac-key create=true length=128') }}"
# The maximum allowed response size (in KB). (0 means unlimited)
camo_max_size: 0
# Docker image and version
camo_image: "docker.io/cactus4docker/go-camo"
camo_image_version: "v{{ camo_version }}"

View file

@ -1,45 +0,0 @@
galaxy_info:
author: saibotk
description: "Installs a go-camo image proxy server via Docker."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker
- role: docker_compose
- role: traefik

View file

@ -1,54 +0,0 @@
---
# Tasks file for the camo role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Create install directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0700'
owner: 'root'
group: 'root'
with_items:
- "{{ camo_install_location }}"
become: true
tags:
- camo
- name: Deploy docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml
dest: "{{ camo_install_location }}/docker-compose.yml"
mode: '0600'
owner: 'root'
group: 'root'
validate: docker-compose -f %s config -q
tags:
- docker
- camo
become: true
- name: Compose camo container
community.docker.docker_compose:
state: present
project_src: "{{ camo_install_location }}"
pull: true
remove_orphans: true
tags:
- camo
become: true

View file

@ -1,62 +0,0 @@
{{ ansible_managed | comment }}
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
version: '2'
services:
camo:
image: "{{ camo_image }}:{{ camo_image_version }}"
mem_limit: 64mb
memswap_limit: 128mb
security_opt:
- no-new-privileges
environment:
- "GOCAMO_HMAC={{ camo_key }}"
labels:
- "traefik.enable=true"
- "traefik.http.routers.camo.rule=Host(`{{ camo_domain }}`) && PathPrefix(`/`)"
- "traefik.http.routers.camo.entrypoints=websecure"
- "traefik.http.routers.camo.tls=true"
- "traefik.http.routers.camo.tls.certresolver={{ camo_traefik_certresolver }}"
- "traefik.http.routers.camo.middlewares=camo,compress"
- "traefik.http.middlewares.camo.headers.sslredirect=true"
- "traefik.http.middlewares.camo.headers.stsSeconds=63072000"
- "traefik.http.middlewares.camo.headers.referrerPolicy=no-referrer"
{% if proxy_network is defined %}
- "traefik.docker.network={{ proxy_network }}"
{% endif %}
{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
- "traefik.http.middlewares.camo.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
{% endif %}
command:
- "--max-size={{ camo_max_size }}"
- "--server-name='go-camo v{{ camo_version }}'"
restart: always
{% if proxy_network is defined %}
networks:
{{ proxy_network }}:
{% endif %}
{% if proxy_network is defined %}
networks:
{{ proxy_network }}:
external: true
{% endif %}

View file

@ -1,35 +0,0 @@
HedgeDoc
=========
This will setup a [HedgeDoc](https://github.com/hedgedoc/hedgedoc) server with their official docker container and traefik.
Requirements
------------
You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
**This role assumes that you have setup traefik with an endpoint called `websecure`.**
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
### Global variables, that are used:
- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
Dependencies
------------
- docker
- docker-compose
- traefik
License
-------
GPL-3.0-only

View file

@ -1,66 +0,0 @@
---
# Default variables for the codimd role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Database access variables: Please change/set the password!
codimd_database_user: codimd
codimd_database_password: codimdpass
codimd_database_name: codimd
# Adjust specific data locations, usually you would want to only adjust the "codimd_install_location" (the base path):
codimd_install_location: /srv/codimd
codimd_database_location: "{{ codimd_install_location }}/database"
codimd_uploads_location: "{{ codimd_install_location }}/uploads"
# Should a local uploads directory be created and mounted?
codimd_uploads_local: false
# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
codimd_traefik_certresolver: letsencrypt_http
# The domain under which traefik should make CodiMD reachable
codimd_domain: pad.example.com
# This is where all application related environment variables are defined except the database connection.
# For all possible environment variables look here: https://github.com/codimd/server/blob/master/docs/configuration.md.
# Note: All variables below will automatically be prefixed with "CMD_", eg. "DOMAIN" will automatically become "CMD_DOMAIN".
codimd_options:
ALLOW_FREE_URL: false
DOMAIN: "{{ codimd_domain }}"
EMAIL: false
PROTOCOL_USESSL: true
URL_ADDPORT: false
USECDN: true
# The version of codimd and its postgres server
# (don't upgrade postgres without a backup etc, as it might have introduced breaking changes!)
# renovate: depName=quay.io/hedgedoc/hedgedoc
codimd_version: 1.9.9
# renovate: depName=docker.io/library/postgres
codimd_postgres_version: 11.16
# The image tags that should be used (templated using the versions provided above)
codimd_image_version: "{{ codimd_version }}"
codimd_postgres_image_version: "{{ codimd_postgres_version }}-alpine"
# SELinux level for codimd and the database, which are applied to their data folders and the containers.
# (By default these will be omitted and ignored)
codimd_selinux_level: "{{ omit }}"
codimd_database_selinux_level: "{{ omit }}"

View file

@ -1,45 +0,0 @@
galaxy_info:
author: saibotk
description: "Installs HedgeDoc as a Docker container."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker
- role: docker_compose
- role: traefik

View file

@ -1,90 +0,0 @@
---
# Tasks file for the codimd role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Alexander Wellbrock
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Update default SELinux contexts
community.general.sefcontext:
target: '{{ item.location }}(/.*)?'
setype: "container_file_t"
selevel: "{{ item.selevel | default(omit) }}"
state: present
when: item.when | default(true)
with_items:
- location: "{{ codimd_database_location }}"
selevel: "{{ codimd_database_selinux_level }}"
- location: "{{ codimd_uploads_location }}"
selevel: "{{ codimd_selinux_level }}"
when: "{{ codimd_uploads_local }}"
tags:
- codimd
become: true
- name: Create install directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0700'
owner: 'root'
group: 'root'
with_items:
- "{{ codimd_install_location }}"
tags:
- codimd
become: true
- name: Create data directory
ansible.builtin.file: # noqa risky-file-permissions # Container adjusts permissions on its own
path: "{{ item.location }}"
state: directory
setype: "container_file_t"
selevel: "{{ item.selevel | default(omit) }}"
when: item.when | default(true)
with_items:
- location: "{{ codimd_database_location }}"
selevel: "{{ codimd_database_selinux_level }}"
- location: "{{ codimd_uploads_location }}"
selevel: "{{ codimd_selinux_level }}"
when: "{{ codimd_uploads_local }}"
tags:
- codimd
become: true
- name: Deploy docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml
dest: "{{ codimd_install_location }}/docker-compose.yml"
mode: '0600'
owner: 'root'
group: 'root'
validate: docker-compose -f %s config -q
tags:
- docker
- codimd
become: true
- name: Compose codimd
community.docker.docker_compose:
state: present
project_src: "{{ codimd_install_location }}"
pull: true
remove_orphans: true
tags:
- codimd
become: true

View file

@ -1,105 +0,0 @@
{{ ansible_managed | comment }}
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
version: '2'
services:
database:
image: docker.io/library/postgres:{{ codimd_postgres_image_version }}
mem_limit: 256mb
memswap_limit: 512mb
read_only: true
{% if codimd_database_selinux_level != omit %}
security_opt:
- label=level:{{ codimd_database_selinux_level }}
{% endif %}
tmpfs:
- /run/postgresql:size=512K
- /tmp:size=128K
stop_grace_period: 2m
stop_signal: SIGINT
environment:
- POSTGRES_USER={{ codimd_database_user }}
- POSTGRES_PASSWORD={{ codimd_database_password }}
- POSTGRES_DB={{ codimd_database_name }}
volumes:
- {{ codimd_database_location }}:/var/lib/postgresql/data
networks:
backend:
restart: always
codimd:
image: quay.io/hedgedoc/hedgedoc:{{ codimd_image_version }}
mem_limit: 256mb
memswap_limit: 512mb
restart: always
read_only: true
{% if codimd_selinux_level != omit %}
security_opt:
- label=level:{{ codimd_selinux_level }}
{% endif %}
tmpfs:
- /tmp:size=10M
{% if not codimd_uploads_local %}
- /hedgedoc/public/uploads:size=10M
{% endif %}
environment:
- "CMD_DB_URL=postgres://{{ codimd_database_user }}:{{ codimd_database_password }}@database:5432/{{ codimd_database_name }}"
{% for key, value in codimd_options.items() %}
- "CMD_{{ key }}={{ value }}"
{% endfor %}
labels:
- "traefik.http.routers.codimd.rule=Host(`{{ codimd_domain }}`) && PathPrefix(`/`)"
- "traefik.http.routers.codimd.entrypoints=websecure"
- "traefik.http.routers.codimd.tls=true"
- "traefik.http.routers.codimd.tls.certresolver={{ codimd_traefik_certresolver }}"
- "traefik.http.routers.codimd.middlewares=codimd,compress"
- "traefik.http.routers.codimd.service=codimd"
- "traefik.http.services.codimd.loadbalancer.server.port=3000"
- "traefik.http.middlewares.codimd.headers.sslredirect=true"
- "traefik.http.middlewares.codimd.headers.stsSeconds=63072000"
- "traefik.http.middlewares.codimd.headers.browserXssFilter=true"
- "traefik.http.middlewares.codimd.headers.contentTypeNosniff=true"
- "traefik.enable=true"
{% if proxy_network is defined %}
- "traefik.docker.network={{ proxy_network }}"
{% endif %}
{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
- "traefik.http.middlewares.codimd.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
{% endif %}
{% if codimd_uploads_local %}
volumes:
- {{ codimd_uploads_location }}:/hedgedoc/public/uploads
{% endif %}
networks:
backend:
{% if proxy_network is defined %}
{{ proxy_network }}:
{% endif %}
networks:
backend:
{% if proxy_network is defined %}
{{ proxy_network }}:
external: true
{% endif %}

View file

@ -0,0 +1,31 @@
dnf_install_epel: false
# For more information refer to https://github.com/rpm-software-management/dnf/blob/master/doc/automatic.rst
# [commands]
dnf_install_updates: true
dnf_download_updates: true
# one of 'security', 'all',
dnf_upgrade_type: security
dnf_random_sleep: 300
dnf_network_online_timeout: 60
# [emitters]
dnf_emit_via: stdio
dnf_system_name: "{{ ansible_nodename }}"
# [command]
dnf_command_format: cat
dnf_stdin_format: "{body}"
# [command_email]
dnf_email_command_format: mail -Ssendwait -s {subject} -r {email_from} {email_to}
dnf_email_stdin_format: "{body}"
# [email]
dnf_email_from: root
dnf_email_to: root
dnf_email_host: localhost
# [base]
dnf_base_overrides: {}

27
roles/dnf/meta/main.yml Normal file
View file

@ -0,0 +1,27 @@
galaxy_info:
author: histalek
description: Configure automatic updates with dnf.
issue_tracker_url: https://git.histalek.de/histalek-de/infrastructure/-/issues
license: GPL-3.0-only
min_ansible_version: "2.10"
platforms:
- name: Fedora
versions:
- "32"
- "33"
- "34"
- "35"
- "36"
- name: EL
versions:
- "9"
standalone: true
galaxy_tags: []
dependencies: []

35
roles/dnf/tasks/main.yml Normal file
View file

@ -0,0 +1,35 @@
- name: Install EPEL repository
ansible.builtin.dnf:
name: epel-release
state: present
when: dnf_install_epel
become: true
- name: Install dnf-plugin-tracer.
ansible.builtin.dnf:
name: dnf-plugin-tracer
state: present
when: ansible_facts['distribution'] == "Fedora"
become: true
- name: Install dnf-automatic
ansible.builtin.dnf:
name: dnf-automatic
state: present
become: true
- name: Deploy automatic.conf
ansible.builtin.template:
src: automatic.conf.j2
dest: /etc/dnf/automatic.conf
mode: '0700'
owner: 'root'
group: 'root'
become: true
- name: Start and enable systemd timer for dnf-automatic
ansible.builtin.systemd:
name: dnf-automatic.timer
state: started
enabled: true
become: true

View file

@ -0,0 +1,42 @@
{{ ansible_managed | comment }}
# Ref: https://github.com/rpm-software-management/dnf/blob/master/doc/automatic.rst
[commands]
apply_updates = {{ dnf_install_updates }}
download_updates = {{ dnf_download_updates }}
network_online_timeout = {{ dnf_network_online_timeout }}
random_sleep = {{ dnf_random_sleep }}
upgrade_type = {{ dnf_upgrade_type }}
[emitters]
emit_via = {{ dnf_emit_via }}
system_name = {{ dnf_system_name }}
[command]
command_format = {{ dnf_command_format }}
stdin_format = {{ dnf_stdin_format }}
[command_email]
command_format = {{ dnf_email_command_format }}
email_from = {{ dnf_email_from }}
email_to = {{ dnf_email_to }}
stdin_format = {{ dnf_email_stdin_format }}
[email]
email_from = {{ dnf_email_from }}
email_host = {{ dnf_email_host }}
email_to = {{ dnf_email_to }}
[base]
{% if dnf_base_overrides is mapping %}
{% for key, value in dnf_base_overrides.items() %}
{{ key }}={{ value }}
{% endfor %}
{% endif %}

View file

@ -1,26 +1,17 @@
Docker
=========
# Docker
This will install [Docker](https://www.docker.com/) from their official repository and install the docker python library via pip.
This will install [Docker](https://www.docker.com/) from their official repository.
Requirements
------------
For CentOS: You will need to have the EPEL repository enabled (eg. by installing the `epel-release` package).
Role Variables
--------------
## Role Variables
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
Dependencies
------------
## Dependencies
- epel (for CentOS)
None
License
-------
## License
GPL-3.0-only

View file

@ -27,7 +27,7 @@ docker_apt_architecture_map:
"armv7l": "armhf"
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_edition: "ce"
# The docker package settings
docker_package: "docker-{{ docker_edition }}"
@ -42,11 +42,11 @@ docker_install_repository: true
# The repository settings
# The repository will be added as a repository to allow downloading/installing the package
docker_yum_repository_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
docker_yum_repository_url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/docker-{{ docker_edition }}.repo
docker_yum_repository_destination: /etc/yum.repos.d/docker-{{ docker_edition }}.repo
# Where to fetch the docker repository GPG key from
docker_yum_repository_gpg_key: https://download.docker.com/linux/centos/gpg
docker_yum_repository_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
# The apt repository settings
docker_apt_key_id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
@ -56,16 +56,4 @@ docker_apt_repository: >
https://download.docker.com/linux/{{ ansible_distribution | lower }}
{{ ansible_distribution_release }} stable
# Should the python package for docker be installed via pip?
docker_python_package_install: true
# Where should it be installed? (Note: This will be installed as a standalone without breaking system dependencies)
docker_python_package_path: /opt/ansible-dependencies
# The package states of needed packages to install for the python libraries
docker_python_pip_package_state: "present"
docker_python_virtualenv_package_state: "present"
# The pip package name of the docker library
docker_pip_package: "docker"
docker_pip_package_state: "present"
docker_pip_package_version: "{{ omit }}" # This will be omitted by default, so the latest version will be installed.
docker_requests_python_package: "python-requests"

View file

@ -1,14 +1,11 @@
galaxy_info:
author: saibotk
description: "Installs Docker package from their official repository and installs the docker python package via pip."
description: "Installs Docker package from their official repository."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all

View file

@ -43,16 +43,3 @@
when:
- docker_install_repository
become: true
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python3-pip"
state: "{{ docker_python_pip_package_state }}"
- name: "python3-virtualenv"
state: "{{ docker_python_virtualenv_package_state }}"
when:
- docker_python_package_install
become: true

View file

@ -41,20 +41,7 @@
dest: "{{ docker_yum_repository_destination }}"
owner: root
group: root
mode: '0644'
mode: "0644"
when:
- docker_install_repository
become: true
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python-pip"
state: "{{ docker_python_pip_package_state }}"
- name: "python-virtualenv"
state: "{{ docker_python_virtualenv_package_state }}"
when:
- docker_python_package_install
become: true

View file

@ -1,68 +0,0 @@
---
# Tasks file for the docker role
# Infrastructure
# Ansible instructions to deploy the infrastructure
#
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure old versions of Docker are not installed.
ansible.builtin.package:
name:
- docker
- docker-common
- docker-engine
state: absent
become: true
- name: Ensure buildah & runc are not installed.
ansible.builtin.package:
name:
- buildah
- runc
state: absent
become: true
- name: Add Docker GPG key.
ansible.builtin.rpm_key:
key: "{{ docker_yum_repository_gpg_key }}"
state: present
when:
- docker_install_repository
become: true
- name: Add Docker repository.
ansible.builtin.get_url:
url: "{{ docker_yum_repository_url }}"
dest: "{{ docker_yum_repository_destination }}"
owner: root
group: root
mode: '0644'
when:
- docker_install_repository
become: true
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python3-pip"
state: "{{ docker_python_pip_package_state }}"
- name: "python3-virtualenv"
state: "{{ docker_python_virtualenv_package_state }}"
when:
- docker_python_package_install
become: true

View file

@ -44,13 +44,8 @@
- name: Ensure handlers are notified now to avoid firewall conflicts.
ansible.builtin.meta: flush_handlers
- name: Install docker python package.
ansible.builtin.pip:
name: "{{ docker_pip_package }}"
state: "{{ docker_pip_package_state }}"
virtualenv: "{{ docker_python_package_path }}"
virtualenv_python: "python{{ ansible_python_version | regex_search('\\d+\\.\\d+') }}"
version: "{{ docker_pip_package_version }}"
- name: Install required python requests library
ansible.builtin.package:
name: "{{ docker_requests_python_package }}"
state: present
become: true
changed_when: false
when: docker_python_package_install

View file

@ -1,24 +0,0 @@
docker_cleanup
=========
This will prune unused docker images older than 3 days, to keep the system clean.
Requirements
------------
You will need to have docker installed with its python package to use this role.
Role Variables
--------------
None
Dependencies
------------
- docker
License
-------
GPL-3.0-only

View file

@ -1,43 +0,0 @@
galaxy_info:
author: Christoph Kern
description: "Cleans up the exsting Docker install"
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker

View file

@ -1,25 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Prune docker images older than 3 days
community.docker.docker_prune:
images: true
images_filters:
dangling: false
until: 72h
become: true

View file

@ -1,27 +0,0 @@
docker_compose
=========
This will install the [docker-compose](https://docs.docker.com/compose/) python library via pip and by default choose another install location,
to prevent breaking system-wide pip packages.
Requirements
------------
You will need to have the EPEL repository enabled (eg. by installing the `epel-release` package), if you want to install `docker-compose` via yum.
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
Dependencies
------------
- epel (optional/situational)
License
-------
GPL-3.0-only

View file

@ -1,42 +0,0 @@
---
# Default variables for the docker_compose role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Control if the docker-compose package should be removed (default)
docker_compose_package: "docker-compose"
docker_compose_package_state: "absent"
# Should a docker-compose wrapper script be deployed?
# This will ensure, that you can still use the `docker-compose` command as usual.
docker_compose_install_wrapper: true
docker_compose_wrapper_path: /usr/local/bin/docker-compose
# Should docker-compose be installed via pip to another target?
# This is used to prevent docker-compose from corrupting other system-wide installed pip packages and thus
# the package will be installed standalone in another directory as defined below.
docker_compose_python_package_install: true
docker_compose_python_package_path: /opt/ansible-dependencies
# The package states of needed packages to install for the python libraries
docker_compose_python_pip_package_state: "present"
docker_compose_python_virtualenv_package_state: "present"
# The pip package name of for `docker-compose`
docker_compose_pip_package: "docker-compose"
docker_compose_pip_package_state: "present"
docker_compose_pip_package_version: "1.24.1"

View file

@ -1,21 +0,0 @@
galaxy_info:
author: saibotk
description: "Installs the docker-compose pip package."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- "7"
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies: []

View file

@ -1,32 +0,0 @@
---
# Tasks file for the docker_compose role
# Infrastructure
# Ansible instructions to deploy the infrastructure
#
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python3-pip"
state: "{{ docker_compose_python_pip_package_state }}"
- name: "python3-virtualenv"
state: "{{ docker_compose_python_virtualenv_package_state }}"
when:
- docker_compose_python_package_install
become: true

View file

@ -1,32 +0,0 @@
---
# Tasks file for the docker_compose role
# Infrastructure
# Ansible instructions to deploy the infrastructure
#
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python-pip"
state: "{{ docker_compose_python_pip_package_state }}"
- name: "python-virtualenv"
state: "{{ docker_compose_python_virtualenv_package_state }}"
when:
- docker_compose_python_package_install
become: true

View file

@ -1,32 +0,0 @@
---
# Tasks file for the docker_compose role
# Infrastructure
# Ansible instructions to deploy the infrastructure
#
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure pip & virtualenv are installed.
ansible.builtin.package:
name: "{{ item.name }}"
state: "{{ item.state }}"
loop:
- name: "python3-pip"
state: "{{ docker_compose_python_pip_package_state }}"
- name: "python3-virtualenv"
state: "{{ docker_compose_python_virtualenv_package_state }}"
when:
- docker_compose_python_package_install
become: true

View file

@ -1,64 +0,0 @@
---
# Tasks file for the docker-compose role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure package install state
ansible.builtin.package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
become: true
- name: "Select tasks for {{ ansible_distribution }} {{ ansible_distribution_major_version }}" # noqa name[template]
ansible.builtin.include_tasks: "{{ distro_file }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
loop_control:
loop_var: distro_file
- name: Install docker-compose python package.
ansible.builtin.pip:
name: "{{ docker_compose_pip_package }}"
state: "{{ docker_compose_pip_package_state }}"
virtualenv: "{{ docker_compose_python_package_path }}"
virtualenv_python: "python{{ ansible_python_version | regex_search('\\d+\\.\\d+') }}"
version: "{{ docker_compose_pip_package_version | default(omit) }}"
become: true
changed_when: false
when: docker_compose_python_package_install
- name: Deploy docker-compose wrapper
ansible.builtin.template:
src: bin/docker-compose.j2
dest: "{{ docker_compose_wrapper_path }}"
owner: 'root'
group: 'root'
mode: '0755'
become: true
when:
- docker_compose_install_wrapper
- name: Create symlink in /usr/bin for wrapper
ansible.builtin.file:
src: "{{ docker_compose_wrapper_path }}"
dest: "/usr/bin/docker-compose"
state: link
become: true
when:
- docker_compose_install_wrapper

View file

@ -1,21 +0,0 @@
#!/usr/bin/env bash
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -eo pipefail
exec {{ docker_compose_python_package_path }}/bin/docker-compose "$@"

View file

@ -1,31 +0,0 @@
docker_ipv6_nat
===============
This will install the [docker-ipv6nat](https://github.com/robbertkl/docker-ipv6nat) container to manage IPv6 with ease on a single IP.
The container will automatically create ip6table forwarding rules on demand. To use the functionality, make sure that each container, that exposes a port
also has an `ipv6_enabled: true` user-defined network attached to it, with a ULA IPv6 for the tool to forward to.
**Note: This will enable the kernel module `ipv6nat` if not enabled!**
Requirements
------------
You will need to have docker, docker-compose installed or declared as dependencies with their respective roles.
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
Dependencies
------------
- docker
- docker-compose
License
-------
GPL-3.0-only

View file

@ -1,26 +0,0 @@
---
# Default variables for the docker_ipv6_nat role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# The install location (where the docker-compose.yml file will be deployed)
docker_ipv6_nat_install_location: /srv/docker-ipv6-nat
# The docker image and version/tag to use
docker_ipv6_nat_baseimage: docker.io/robbertkl/ipv6nat
# renovate: depName=docker.io/robbertkl/ipv6nat
docker_ipv6_nat_version: 0.4.4

View file

@ -1,44 +0,0 @@
galaxy_info:
author: saibotk
description: "Deploys a robbertkl/ipv6nat container."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker
- role: docker_compose

View file

@ -1,55 +0,0 @@
---
# Tasks file for the docker_ipv6_nat role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Create install directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0700'
owner: 'root'
group: 'root'
with_items:
- "{{ docker_ipv6_nat_install_location }}"
tags:
- docker-ipv6-nat
become: true
- name: Deploy docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml
dest: "{{ docker_ipv6_nat_install_location }}/docker-compose.yml"
mode: '0600'
owner: 'root'
group: 'root'
validate: docker-compose -f %s config -q
tags:
- docker
- docker-ipv6-nat
become: true
- name: Compose docker-ipv6-nat
community.docker.docker_compose:
state: present
project_src: "{{ docker_ipv6_nat_install_location }}"
pull: true
remove_orphans: true
tags:
- docker
- docker-ipv6-nat
become: true

View file

@ -1,35 +0,0 @@
{{ ansible_managed | comment }}
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
version: '2'
services:
ipv6nat:
image: {{ docker_ipv6_nat_baseimage }}:{{ docker_ipv6_nat_version }}
security_opt:
- label:disable
restart: always
network_mode: "host"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/lib/modules:/lib/modules:ro"
cap_drop:
- ALL
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE

View file

@ -0,0 +1,38 @@
elementweb_install_dir: "/opt/elementweb"
elementweb_domain: element.example.com
elementweb_containerimage: docker.io/vectorim/element-web
# renovate: depName=docker.io/vectorim/element-web
elementweb_image_tag: "v1.11.90"
elementweb_selinux_level: "{{ omit }}"
elementweb_memory_low: 32m
elementweb_memory_high: 0
elementweb_swap_max: -1
# The homeserver URL and display name
elementweb_base_url: "https://matrix.example.com"
elementweb_servername: "example.com"
# Controls whether Element shows the presence feature for all (empty list) or specific servers (key = value list with the key being the server url)
elementweb_enable_presence_by_hs_url: []
# Should users only be allowed to use this instance with the given matrix server?
elementweb_disable_custom_urls: true
# Should Element-Web disable guests? (without sign-in)
elementweb_disable_guests: true
# Should Element-Web disable 3PID login? (Login with Email etc)
elementweb_disable_3pid_login: false
# Integration Server URLs to use (see https://github.com/vector-im/element-web/blob/develop/docs/config.md)
elementweb_integrations_ui_url: "https://scalar.vector.im/"
elementweb_integrations_rest_url: "https://scalar.vector.im/api"
elementweb_integrations_widgets_urls: ["https://scalar.vector.im/api"]
elementweb_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
# Element Web public room directory server(s)
elementweb_roomdir_servers: ["matrix.org"]

View file

@ -0,0 +1,14 @@
- name: Apply new SELinux file context to filesystem.
ansible.builtin.command: "restorecon -irF {{ elementweb_install_dir }}"
become: true
listen: "elementweb selinux context changed"
- name: Restart elementweb service.
ansible.builtin.systemd:
state: restarted
name: elementweb.service
daemon_reload: true
become: true
listen:
- "elementweb service changed"
- "elementweb selinux context changed"

View file

@ -0,0 +1,20 @@
galaxy_info:
author: saibotk
description: Deploy element web with podman and systemd.
issue_tracker_url: https://git.sipsofcode.de/saibotk-de/infrastructure/issues
license: GPL-3.0-only
min_ansible_version: "2.10"
platforms:
- name: Fedora
versions:
- "41"
standalone: true
galaxy_tags: []
dependencies: []

View file

@ -0,0 +1,80 @@
- name: Update default SELinux contexts
community.general.sefcontext:
target: "{{ item.target }}"
setype: "container_file_t"
selevel: "{{ item.selevel }}"
state: present
loop:
- target: "{{ elementweb_install_dir }}/config.json"
selevel: "{{ elementweb_selinux_level }}"
become: true
notify: "elementweb selinux context changed"
- name: Create elementweb directories.
ansible.builtin.file:
path: "{{ elementweb_install_dir }}"
owner: "root"
group: "root"
mode: "0700"
state: directory
become: true
- name: Stat elementweb config file.
ansible.builtin.stat:
path: "{{ elementweb_install_dir }}/config.json"
become: true
register: elementweb_stat_config
- name: Add caddy config file.
block:
- name: Check caddy config dir.
ansible.builtin.stat:
path: "{{ caddy_install_dir }}/config"
become: true
register: caddy_stat_config_dir
- name: Template caddy config for elementweb.
ansible.builtin.template:
src: elementweb.caddy.j2
dest: "{{ caddy_install_dir }}/config/elementweb.caddy"
mode: "0600"
setype: "container_file_t"
selevel: "{{ caddy_selinux_level }}"
owner: "{{ caddy_stat_config_dir.stat.uid }}"
group: "{{ caddy_stat_config_dir.stat.gid }}"
notify: "caddy config changed"
become: true
- name: Create elementweb container file.
ansible.builtin.template:
src: elementweb.container.j2
dest: /etc/containers/systemd/elementweb.container
owner: "root"
group: "root"
mode: "0644"
become: true
notify: "elementweb service changed"
- name: Create elementweb config file.
ansible.builtin.template:
src: config.json.j2
dest: "{{ elementweb_install_dir }}/config.json"
setype: "container_file_t"
selevel: "{{ elementweb_selinux_level }}"
owner: "{{ elementweb_stat_config.stat.uid | default('root') }}"
group: "{{ elementweb_stat_config.stat.gid | default('root') }}"
mode: "0644"
become: true
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Ensure elementweb services are started and enabled.
ansible.builtin.systemd:
state: started
enabled: true
name: "{{ item }}"
daemon_reload: true
loop:
- elementweb.service
become: true

View file

@ -0,0 +1,23 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": {{ elementweb_base_url | string | to_json }},
"server_name": {{ elementweb_servername | string | to_json }}
}
},
"disable_custom_urls": {{ elementweb_disable_custom_urls | to_json }},
"disable_3pid_login": {{ elementweb_disable_3pid_login | to_json }},
"disable_guests": {{ elementweb_disable_guests | to_json }},
"integrations_ui_url": {{ elementweb_integrations_ui_url | string | to_json }},
"integrations_rest_url": {{ elementweb_integrations_rest_url | string | to_json }},
"integrations_widgets_urls": {{ elementweb_integrations_widgets_urls | to_json }},
"integrations_jitsi_widget_url": {{ elementweb_integrations_jitsi_widget_url | string | to_json }},
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"showLabsSettings": true,
{% if elementweb_enable_presence_by_hs_url %}
"enable_presence_by_hs_url": {{ elementweb_enable_presence_by_hs_url | to_json }},
{% endif %}
"roomDirectory": {
"servers": {{ elementweb_roomdir_servers | to_json }}
}
}

View file

@ -0,0 +1,24 @@
{{ ansible_managed | comment }}
{{ elementweb_domain }} {
encode gzip
header {
# enable HSTS
Strict-Transport-Security "max-age=31536000; preload;"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
# Server name removing
-Server
}
reverse_proxy elementweb:8000
}

View file

@ -0,0 +1,41 @@
{{ ansible_managed | comment }}
[Unit]
Description = Element Web
[Service]
Restart = always
RestartSec = 5s
[Container]
Image = {{ elementweb_containerimage }}:{{ elementweb_image_tag }}
ContainerName = elementweb
# AutoUpdate = registry
LogDriver = journald
ReadOnly = true
NoNewPrivileges = true
DropCapability = all
AddCapability = DAC_OVERRIDE
UserNS = auto:size=65535
{% if elementweb_selinux_level != omit %}
SecurityLabelLevel = {{ elementweb_selinux_level }}
{% endif %}
Network = caddy.network
Environment = ELEMENT_WEB_PORT=8000
Volume = {{ elementweb_install_dir }}/config.json:/app/config.json:ro,U
Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /var/run:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /etc/nginx/conf.d:rw,noexec,nosuid,nodev,size=8m,mode=1770,U
PodmanArgs = --memory={{ elementweb_memory_high }}
PodmanArgs = --memory-swap={{ elementweb_swap_max }}
PodmanArgs = --memory-reservation={{ elementweb_memory_low }}
[Install]
WantedBy = default.target

View file

@ -1,24 +0,0 @@
EPEL
=========
Installs the `epel-release` package via yum.
Requirements
------------
None
Role Variables
--------------
None
Dependencies
------------
None, except for a CentOS 7 system.
License
-------
GPL-3.0-only

View file

@ -1,15 +0,0 @@
galaxy_info:
author: saibotk
description: Installs the epel-release package.
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- "7"
galaxy_tags: []
dependencies: []

View file

@ -1,24 +0,0 @@
---
# Tasks file for the epel role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install EPEL repository package
ansible.builtin.yum:
name: epel-release
state: present
become: true

View file

@ -1,27 +0,0 @@
Factorio
=========
This will setup a [Factorio](https://github.com/factoriotools/factorio-docker) gameserver using a docker container.
Requirements
------------
You will need to have docker and docker-compose installed or declared as dependencies with their respective roles.
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
Dependencies
------------
- docker
- docker-compose
License
-------
GPL-3.0-only

View file

@ -1,37 +0,0 @@
---
# Default variables for the factorio role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# The install location (where the docker-compose file is stored)
factorio_install_location: "/srv/factorio"
factorio_data_location: "{{ factorio_install_location }}/data"
# The camo version that should be used
# renovate: depName=docker.io/factoriotools/factorio
factorio_version: "1.1.101"
# Docker image
factorio_image: "docker.io/factoriotools/factorio"
# The factorio server port that should be exposed
factorio_server_port: 34197
# IPv6 ULA config for the bridge network used by docker-ipv6-nat
factorio_ipv6:
enabled: false
subnet: "fd9e:21a7:a92c:2456::/64"

View file

@ -1,44 +0,0 @@
galaxy_info:
author: saibotk
description: "Installs a factorio server via Docker."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker
- role: docker_compose

View file

@ -1,79 +0,0 @@
---
# Tasks file for the factorio role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Update default SELinux contexts
community.general.sefcontext:
target: '{{ item }}(/.*)?'
setype: "container_file_t"
state: present
with_items:
- "{{ factorio_data_location }}"
tags:
- factorio
become: true
- name: Create install directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0700'
owner: 'root'
group: 'root'
with_items:
- "{{ factorio_install_location }}"
become: true
tags:
- factorio
- name: Create data directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0750'
owner: '845'
group: '845'
setype: "container_file_t"
with_items:
- "{{ factorio_data_location }}"
tags:
- factorio
become: true
- name: Deploy docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml
dest: "{{ factorio_install_location }}/docker-compose.yml"
mode: '0600'
owner: 'root'
group: 'root'
validate: docker-compose -f %s config -q
tags:
- docker
- factorio
become: true
- name: Compose factorio container
community.docker.docker_compose:
state: present
project_src: "{{ factorio_install_location }}"
pull: true
remove_orphans: true
tags:
- factorio
become: true

Some files were not shown because too many files have changed in this diff Show more