Gašper Fele-Žorž
f2fbd0c848
Add role proxmox-backup
2024-09-10 14:13:24 +02:00
Gašper Fele-Žorž
b5565b24fd
Add RuntimeDirectory to ssh service
...
Fixes "Missing privilege separation directory: /var/run/sshd"
2024-09-10 14:11:35 +02:00
2e3d7d180d
proxmox: set mail relay
2024-09-10 10:18:40 +02:00
9932064758
synapse: read DB password from secret store
...
Missed this one a while ago.
2024-09-06 16:30:51 +02:00
4fff2fac1b
frr: help zebra keep track of ECMP routes on link flap
...
Seems that this might be resolved in frr master. Or not. For now we
import the workaround from firewall configs.
2024-09-06 15:10:54 +02:00
54240955f1
Update instructions in README
...
To reflect current reality.
2024-09-06 10:41:49 +02:00
Gašper Fele-Žorž
e2edd63efe
proxmox: add dependency for ldap sync script
...
Install python3-ldap3.
2024-09-05 10:56:50 +02:00
a8b83e833b
facts: only look up cluster nodes when deploying to members
...
And not when deploying to virtual machines running on a cluster.
2024-09-04 16:56:56 +02:00
17c8e84498
proxmox: support certificate renewals with ACME
...
Certificates must still be requested manually, this just sets the
domain and opens up port 80/tcp. Nothing listens there except for
certbot during renewals so that’s OK.
2024-09-04 16:54:47 +02:00
1c1dd52325
proxmox: support public services for firewall
...
If no allowed IPs are set for a service, allow connections from anywhere.
2024-09-04 16:44:46 +02:00
6b1d871392
alpine: don’t assume all public services are TCP either
2024-09-04 16:42:13 +02:00
ec4dcd4ffd
frr: don’t use undefined variable
2024-08-28 12:43:17 +02:00
211d4bdb9a
Deconsolidate network setup for proxmox and debian roles
...
They are just different enough to be annoying.
2024-08-28 12:43:14 +02:00
c3d1a6c4b1
proxmox: fix handling empty values in LDAP sync script
...
Don’t put "None" for email and such.
2024-08-20 15:08:57 +02:00
2b4a196e4d
alpine: add whimsy
...
For what is life without it.
2024-08-16 11:48:10 +02:00
312cd8d4b3
alpine: rename network interfaces
...
Mostly relevant for VMs, to match the names with proxmox.
2024-08-16 11:47:38 +02:00
d5db7529dd
netbox: allow registered users to view everything
...
And others nothing. Also clean up. Also enable topology views plugin.
2024-08-15 17:11:29 +02:00
8ba6959065
postgres: store DB password with other secrets
...
Let’s uncomplicate our lives. Also I’m not sure if the ~/.pgpass stuff
ever worked properly or even at all.
2024-08-15 12:58:24 +02:00
3261bc7f98
alpine: don’t hardcode nftables input rule for SSH
...
Instead configure it in NetBox like all other services.
2024-08-14 12:46:23 +02:00
38ff061f81
alpine: don’t set gateway for interface if the gateway is that interface
2024-08-06 15:47:05 +02:00
6e35a7462d
dnsmasq: get DHCP ranges from NetBox
2024-08-05 12:07:39 +02:00
036f7c8b74
Support custom allowed_ips field for services
...
Like allowed_prefixes, but for single IP addresses. Currently used
just for DHCP server to allow (only) packets from relays.
2024-08-03 11:44:03 +02:00
01a27e45ce
dnsmasq: add script for dynamic DNS updates
2024-08-02 12:08:32 +02:00
a3dd4eba65
alpine: don’t assume all services are TCP
2024-07-26 10:14:23 +02:00
b20e9cccff
Add dnsmasq role
2024-07-26 10:13:59 +02:00
02086cdc32
synapse: enable service
2024-07-05 11:27:04 +02:00
3e55bf9774
dokuwiki: add missing handler
2024-07-05 11:04:28 +02:00
e17b5c1b2d
friwall: add missing notify
2024-07-05 11:04:01 +02:00
f10d94612f
Factor out password store retrieval
2024-07-04 15:31:57 +02:00
973522c373
Import friwall role from network ansible scripts
...
To reuse alpine and nginx roles. Probably going to merge repos at some point.
2024-07-04 15:31:53 +02:00
bacfc66f7c
alpine: flush some handlers
2024-07-04 14:55:09 +02:00
92674f58a1
synapse: allow listing public rooms over federation
2024-06-25 18:08:54 +02:00
e101493889
Add synapse role
...
For all the hipster kids.
2024-06-25 10:14:06 +02:00
74cb31e243
netbox: factor out redis role
2024-06-25 00:52:57 +02:00
f1f9d6fa34
alpine: configure network interfaces
2024-06-25 00:40:13 +02:00
c42f9ae1f9
Set become_flags in ansible.cfg
...
Some users don’t have a login shell.
2024-06-24 21:39:34 +02:00
dbdf88fe36
Set become_method in ansible.cfg
2024-06-20 20:47:00 +02:00
2618c1c414
forgejo: enable auto registration for oauth2
2024-06-20 19:46:38 +02:00
4b34370d5d
ceph: set NTP servers
2024-06-19 15:07:59 +02:00
29598ef4bb
Rework service handling
...
Allow running playbooks without NetBox access. Mainly to bootstrap
NetBox itself.
Would prefer not to access network from filter plugins, so maybe do
that at some point also.
2024-06-19 13:33:32 +02:00
38c3464279
alpine: assume one DNS name per host
...
Avoid needless complexity.
2024-06-19 13:14:51 +02:00
393614aa79
alpine: configure unattended upgrades
2024-06-17 09:52:56 +02:00
6a9a4142ce
forgejo: set WAL mode for sqlite
2024-06-17 09:52:36 +02:00
25df98c97b
forgejo: configure some more options
...
Also drop leftover line.
2024-06-06 13:35:57 +02:00
f5e9c7d6dc
alpine: add iproute2 to base packages
...
Too useful too often not to.
2024-06-05 15:40:59 +02:00
398e41732e
alpine: set hostname
...
And configure /etc/hosts accordingly.
2024-06-05 15:40:55 +02:00
fe6c35edf1
alpine: set up firewall
...
Get services from NetBox and enable SSH unconditionally for now.
2024-06-05 15:37:45 +02:00
b3aff08ce3
forgejo: listen on unix socket
...
Instead of 0.0.0.0:3000. Skip installation page, and set config values
and create admin user manually.
2024-06-05 15:00:14 +02:00
22f363d06a
Add postgres role
...
Or rather rip it out of netbox. Improve DB password handling.
2024-06-05 12:54:55 +02:00
af9e30eb3e
Add forgejo role
...
On alpine, with OIDC auth and a podman runner.
2024-06-05 12:05:22 +02:00
