Gašper Fele-Žorž
d448660bf2
Merge branch 'master' of git.fri.uni-lj.si:rc/servers
2025-10-07 15:06:51 +02:00
Gašper Fele-Žorž
adf25f33cb
Fix groups, default in the main grub.cfg for netboot-grub
2025-10-07 15:06:44 +02:00
450e4bb8f7
facts: look up device/VM services
...
Not returned by default since NetBox 4.3.
2025-10-06 17:42:49 +02:00
df3b4dc9c3
dnsmasq: increase maximum allowed number of leases
2025-10-06 16:16:12 +02:00
a26cb97933
netbox: remove housekeeping job
...
No longer necessary.
2025-09-22 10:51:41 +02:00
12ccc9735b
forgejo: extend session lifetime to two weeks
...
Chosen arbitrarily.
2025-09-10 09:59:43 +02:00
d9f60b5511
forgejo: fix config option and re-add missing handler
2025-09-06 10:07:34 +02:00
0c4105f918
Separate forgejo and forgejo-runner roles
...
Also improve forgejo-runner config.
2025-09-05 22:46:00 +02:00
5c796f2ec0
netbox: disable call home
2025-09-02 08:25:44 +02:00
9afaf49651
debian: fix interface file templating
...
Make it work for base Debian and Proxmox installs.
2025-08-14 14:37:36 +02:00
04c5be85c5
debian: don’t update package cache for base packages
...
The repositories might not yet be set up correctly at this point.
2025-08-14 14:21:15 +02:00
e28bb50a9e
debian: improve proxmox detection
...
Assume non-proxmox debians don’t have /etc/pve so we don’t have to
depend on NetBox data.
2025-08-14 10:08:54 +02:00
246178fa5d
frr: don’t BGP peer on disabled interfaces
2025-08-13 17:14:28 +02:00
011a0852bb
proxmox: remove tasks done by debian role
2025-08-13 17:14:20 +02:00
ef69e31357
debian: don’t set up firewall for proxmox hosts
...
Also factor firewall setup into a separate task. There is no good way
to distinguish Debian and Proxmox hosts in Ansible, so we rely on the
cluster_type NetBox variable.
2025-08-13 16:37:47 +02:00
45d3e6c4ec
debian: fix network interface renaming
...
To become one with proxmox.
2025-08-13 16:29:37 +02:00
ea1f8f88d0
proxmox: fix network interface renaming
...
Use systemd .link files which are "relatively futureproof" according
to https://wiki.debian.org/NetworkInterfaceNames .
2025-08-13 16:19:06 +02:00
59c1431f93
proxmox: switch to deb822 source format
...
Debian did, Proxmox did, now we did too. Also enable ceph repository
if ceph-version is set in config context.
2025-08-12 19:29:28 +02:00
937c75e097
ocserv: notify users about certificates about to expire
2025-08-12 10:59:02 +02:00
577c8c8849
ocserv: add emailAddress to user certificates
...
Set to the same value as CN.
2025-08-11 15:47:42 +02:00
7bb27acd2c
opensmtpd: configure root mail alias
...
And add a README.
2025-08-11 14:07:45 +02:00
b64a5880b9
opensmtpd: add support for Debian
2025-08-11 14:04:58 +02:00
7916ae309e
opensmtpd: disable TLS for relay
...
Looks like someone broke it.
2025-08-11 12:46:59 +02:00
292ddbb7e7
ocserv: fix firewall config
...
Oops, let’s not drop everything but VPN packets in postrouting.
2025-08-11 12:26:55 +02:00
11e456cff1
ocserv: add playbook for creating client certificates
2025-08-04 16:13:30 +02:00
ec9883ca29
ocserv: reload service on certificate renewal
2025-08-01 15:20:55 +02:00
604ce177e6
apache, nginx: fix service reload on Debian
...
For some unfathomable reason /sbin is not in PATH when running cronjobs.
It shouldn’t hurt on Alpine.
2025-08-01 15:11:23 +02:00
4f9b6a2c53
Enable radvd role for mgmt-gw
...
This is the router for management networks so let it tell that to
hosts on those networks.
2025-07-31 12:16:20 +02:00
0814e628c5
Add radvd role
2025-07-31 12:15:48 +02:00
7ffb1e7699
debian: enable unattended upgrades
2025-07-31 10:07:49 +02:00
polz
c64a3772ef
Role za apache_openidc bi moral delovati na fresh installu
2025-07-30 17:13:19 +02:00
polz
b324daff08
Dodan role za apache
2025-07-30 17:12:38 +02:00
polz
d5b6fe1d92
Role za registrator bi moral delovati na fresh alpine installu
2025-07-30 17:11:37 +02:00
polz
57923a51ad
Busybox date namesto --iso zahteva -I
2025-07-26 06:59:42 +02:00
polz
2888dd841f
Merge branch 'master' of git.fri.uni-lj.si:rc/servers
2025-07-25 17:11:07 +02:00
polz
04c7efe706
Create registrator role
2025-07-25 17:09:43 +02:00
polz
168641b728
rename apache-php to apache_php
2025-07-25 17:01:03 +02:00
polz
29498edf9e
Add role apache_oidc
2025-07-25 17:00:29 +02:00
polz
4ed3bc5d7f
Add roles apache-php and reverse_proxy
2025-07-25 16:56:03 +02:00
458b0d02ee
forgejo: disable useless landing page
2025-07-19 12:25:47 +02:00
d1cf462f64
alpine: drop hints from interface configuration
...
Turns out ifupdown-ng ignores "inet static" and "inet loopback" hints
on iface lines. The interface named "lo" is always used as loopback.
2025-07-16 13:07:15 +02:00
cabf831962
synapse: support server notices
2025-07-15 15:04:52 +02:00
a942662e12
alpine: create network interface include directory
...
So that init script doesn’t complain.
2025-07-15 14:16:10 +02:00
eb70fed7cb
forgejo: make profiles public by default
...
Private profiles are annoying to work with so let’s make it opt-in.
2025-07-01 12:13:31 +02:00
0ef9434dca
Ununlicense
...
Until we actually get permission to distribute this.
2025-07-01 09:30:20 +02:00
a84f211083
nginx: reload on config change
2025-05-18 13:21:02 +02:00
d442940975
ocserv: use numeric ID instead of arbitrary USERNAME for nft chain name
...
Putting a @ in a name is a bad.
2025-05-16 14:26:39 +02:00
245b4a0dcd
ocserv: support UDP
2025-05-16 14:26:26 +02:00
6e72987863
ocserv: only support certificate auth for clients
2025-05-16 14:10:11 +02:00
f9f899fb2e
nginx: unoverride secure defaults
...
Both Alpine and Debian override default nginx ssl_protocols to enable
older TLS versions. Unoverride to return to secure nginx defaults.
2025-05-16 14:01:33 +02:00
