7916ae309e
opensmtpd: disable TLS for relay
...
Looks like someone broke it.
2025-08-11 12:46:59 +02:00
292ddbb7e7
ocserv: fix firewall config
...
Oops, let’s not drop everything but VPN packets in postrouting.
2025-08-11 12:26:55 +02:00
11e456cff1
ocserv: add playbook for creating client certificates
2025-08-04 16:13:30 +02:00
ec9883ca29
ocserv: reload service on certificate renewal
2025-08-01 15:20:55 +02:00
604ce177e6
apache, nginx: fix service reload on Debian
...
For some unfathomable reason /sbin is not in PATH when running cronjobs.
It shouldn’t hurt on Alpine.
2025-08-01 15:11:23 +02:00
4f9b6a2c53
Enable radvd role for mgmt-gw
...
This is the router for management networks so let it tell that to
hosts on those networks.
2025-07-31 12:16:20 +02:00
0814e628c5
Add radvd role
2025-07-31 12:15:48 +02:00
7ffb1e7699
debian: enable unattended upgrades
2025-07-31 10:07:49 +02:00
polz
c64a3772ef
Role za apache_openidc bi moral delovati na fresh installu
2025-07-30 17:13:19 +02:00
polz
b324daff08
Dodan role za apache
2025-07-30 17:12:38 +02:00
polz
d5b6fe1d92
Role za registrator bi moral delovati na fresh alpine installu
2025-07-30 17:11:37 +02:00
polz
57923a51ad
Busybox date namesto --iso zahteva -I
2025-07-26 06:59:42 +02:00
polz
2888dd841f
Merge branch 'master' of git.fri.uni-lj.si:rc/servers
2025-07-25 17:11:07 +02:00
polz
04c7efe706
Create registrator role
2025-07-25 17:09:43 +02:00
polz
168641b728
rename apache-php to apache_php
2025-07-25 17:01:03 +02:00
polz
29498edf9e
Add role apache_oidc
2025-07-25 17:00:29 +02:00
polz
4ed3bc5d7f
Add roles apache-php and reverse_proxy
2025-07-25 16:56:03 +02:00
458b0d02ee
forgejo: disable useless landing page
2025-07-19 12:25:47 +02:00
d1cf462f64
alpine: drop hints from interface configuration
...
Turns out ifupdown-ng ignores "inet static" and "inet loopback" hints
on iface lines. The interface named "lo" is always used as loopback.
2025-07-16 13:07:15 +02:00
cabf831962
synapse: support server notices
2025-07-15 15:04:52 +02:00
a942662e12
alpine: create network interface include directory
...
So that init script doesn’t complain.
2025-07-15 14:16:10 +02:00
eb70fed7cb
forgejo: make profiles public by default
...
Private profiles are annoying to work with so let’s make it opt-in.
2025-07-01 12:13:31 +02:00
0ef9434dca
Ununlicense
...
Until we actually get permission to distribute this.
2025-07-01 09:30:20 +02:00
a84f211083
nginx: reload on config change
2025-05-18 13:21:02 +02:00
d442940975
ocserv: use numeric ID instead of arbitrary USERNAME for nft chain name
...
Putting a @ in a name is a bad.
2025-05-16 14:26:39 +02:00
245b4a0dcd
ocserv: support UDP
2025-05-16 14:26:26 +02:00
6e72987863
ocserv: only support certificate auth for clients
2025-05-16 14:10:11 +02:00
f9f899fb2e
nginx: unoverride secure defaults
...
Both Alpine and Debian override default nginx ssl_protocols to enable
older TLS versions. Unoverride to return to secure nginx defaults.
2025-05-16 14:01:33 +02:00
bf4fd2c82d
alpine: support non-VM hosts in interfaces template
...
Ignore OOB management interface, allow configuring loopback interface
with NetBox data, and setting MTU.
2025-05-15 14:55:43 +02:00
cbd3f1a7ea
alpine: set inventory_hostname as hostname
...
Instead of dns_name which might not be defined and is wrong in any case.
2025-05-15 10:47:55 +02:00
a8814e6da2
facts: don’t barf on undefined platform
...
Oops.
2025-05-15 09:23:11 +02:00
d162f175a4
facts: get platform info from NetBox
...
Instead of pinging each host to see if it’s Windows. Make sure to set
the platform at least for such hosts.
2025-05-13 13:31:07 +02:00
7cbbf635a8
facts: don’t write passwords to stdout
2025-05-13 11:09:02 +02:00
e6876ff265
windows: don’t disable builtin firewall rules before setting our own
...
Oops.
2025-05-11 14:41:08 +02:00
e30fcf0bd4
windows: set hostname
2025-05-11 13:18:47 +02:00
66298da9c7
windows: set up firewall
2025-05-11 13:13:54 +02:00
91de26af57
Add windows role
...
Set up network interfaces and SSH for Windows hosts.
We can’t gather facts before we know which remote shell to use, so
first run a win_ping to determine if a given host is running Windows.
2025-05-09 17:26:07 +02:00
aa78b407c8
ocserv: disable TLS<1.2
2025-05-08 15:04:38 +02:00
a5eae03cf8
forgejo: don’t enable the testing apk repo
...
Alpine has forgejo in main repo now.
2025-05-08 14:14:14 +02:00
6797f65971
influxdb: fix reverse proxy
...
Like grafana. Also set some buffering options.
2025-05-07 14:13:04 +02:00
7f28f3a366
grafana: fix reverse proxy
...
Can’t get it to bind to IPv6 so use v4 explicitly.
2025-05-07 14:07:11 +02:00
39fec47f87
alpine: don’t set IPv6 gateway
...
Will get it from RA. Also don’t disable SLAAC for IPv4‐only interfaces.
2025-05-07 12:25:43 +02:00
fb8e0189af
dokuwiki: make more readable
...
I think. Maybe.
2025-05-07 12:23:39 +02:00
5667b755ca
netbox: secure the cookie
...
USI says.
2025-05-07 12:21:41 +02:00
7a82e7ca63
Limit inventory lookup to installed servers
2025-05-06 13:26:56 +02:00
4dc089e42c
debian: add MOTD
2025-05-05 17:28:32 +02:00
783f1af3a5
netbox: add redis dependency
2025-04-17 18:22:10 +02:00
8e3772e475
dnsmasq: store leases in sqlite database
...
To avoid dnsmasq writing out the whole leasefile on each request
before replying. This gets slow on high‐latency storage.
Also tweak DNS updates a bit.
2025-04-14 16:41:24 +02:00
b6b4a16fd4
netbox: drop obsolete file
2025-04-12 20:53:00 +02:00
ade6a8e1e2
Add nginx as a role dependency where required
...
This is pretty much anywhere a LE certificate is needed. Similar for
nginx-php for PHP sites. Drop these roles from setup.yml.
2025-04-12 18:51:31 +02:00
