8c97012a8a
🔨 pottwal: Use variable for xmpp domain name
2022-10-06 20:46:24 +02:00
fdc923263f
🍻 pottwal: jabber/prosody: Add deploy cert hook
...
Hook works outside of ansible in personal prosody instance. Hope I
understood the template correctly, docs of dehydrated role are quite
sparse on that.
The dehydrated cert path variable is only available since recent change
c4af7754b2
("✨ Use variables to configure dehydrated
locations").
Link: https://prosody.im/doc/certificates
2022-10-06 20:46:24 +02:00
e9ca246090
:web: pottwal: Prepare reverse proxy for prosody XMPP/Jabber server
...
The container can serve HTTP for yet unknown reasons, but that port is
not yet exposed. Do NOT confuse this with the old static website
jabber.n39.eu which was decoupled from prosody and plain HTML only.
The reverse proxy is used to make the static website available, and to
let dehydrated renew the certs. The certs are used for https to the
static website _and_ for the XMPP server itself!
2022-10-06 20:46:24 +02:00
caf1e0e123
🐳 pottwal: Add container hosting static website for XMPP
2022-10-06 20:46:24 +02:00
bd89c96fbb
🐳 pottwal: Add prosody docker container
...
The service should be moved away from helium.n39.eu into a container.
2022-10-06 20:46:24 +02:00
081ee4dc61
Merge pull request ' ⬆️ fix dependency for unattended-upgrades' ( !84 ) from dkdent/netz39-infra-ansible:fix-unattended-upgrade into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/84
Reviewed-by: tux <tux@netz39.de>
2022-10-05 18:36:39 +00:00
c3934319fc
Merge pull request 'Fix http(s) ingress for Jabber/XMPP server' ( !86 ) from alex/netz39-infra-ansible:holmium into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/86
Reviewed-by: tux <tux@netz39.de>
2022-10-05 18:00:21 +00:00
c0f7994ce4
🔧 holmium: Fix host for jabber server
...
jabber.n39.eu including dehydrated runs on helium, always has.
Fixes: 734fbd1d75
("Call nginx-https-ingress role for holmium")
2022-10-04 08:12:37 +02:00
2c32d746f6
🚨 holmium: Fix indentation
...
yamllint complained:
9:3 error wrong indentation: expected 4 but found 2 (indentation)
12:7 error wrong indentation: expected 8 but found 6 (indentation)
14:9 error wrong indentation: expected 10 but found 8 (indentation)
19:9 error wrong indentation: expected 10 but found 8 (indentation)
23:9 error wrong indentation: expected 10 but found 8 (indentation)
32:9 error wrong indentation: expected 10 but found 8 (indentation)
2022-10-04 08:08:11 +02:00
2efd892bc1
✏️ adress issues from PR discussion
...
- fix typo in role name
- make origin patterns for unattended upgrades less release specific
2022-09-30 22:24:41 +02:00
fa7f16f814
⬆️ fix dependency for unattended-upgrades
...
- resolves https://redmine.n39.eu/issues/722
- role https://github.com/jnv/ansible-role-unattended-upgrades is deprecated
- replacement is https://github.com/hifis-net/ansible-role-unattended-upgrades
2022-09-30 22:24:41 +02:00
0f11db3f64
Merge pull request 'Add missing restart-policy entries for Radon docker containers' ( !85 ) from docker-restart-policy into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/85
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-30 20:22:36 +00:00
6a03e55c16
Add missing restart-policy entries for Radon docker containers
2022-09-30 21:52:25 +02:00
1b952f5386
Merge pull request 'Update to new CleanURI (uritools) version' ( !83 ) from cleanuri into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/83
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-15 20:20:29 +00:00
d874aab674
✨ Add uritools-api to dehydrated
2022-09-15 18:09:16 +02:00
69cce57024
✨ Switch to new CleanURI (uritools) implementation
2022-09-15 18:09:16 +02:00
f4544b2555
✨ Add external CleanURI setup to inventory
2022-09-15 18:09:16 +02:00
3d654427ac
✨ Add host cleanuri-api to HTTPS forwarding
2022-09-15 18:09:16 +02:00
24929a36bc
✨ Add a role to set up cleanuri (uritools)
2022-09-15 18:09:16 +02:00
7b0506c235
Merge pull request ' 🐛 Fix proxy site template' ( !82 ) from fix-apache-template into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/82
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-14 21:29:40 +00:00
b9488e19db
🐛 Fix proxy site template
...
These are errors from a bodged PR (my bad) that has been merged too early.
2022-09-14 23:25:41 +02:00
6452e4a277
Merge pull request ' ⬆️ Bump power-meter-pulse-gateway to 0.3.0' ( !81 ) from power-meter-pulse-gateway-0.3.0 into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/81
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-09 16:15:47 +00:00
8b885729c9
⬆️ Bump power-meter-pulse-gateway to 0.3.0
...
https://github.com/netz39/power-meter-pulse-gateway/releases/tag/v0.3.0
2022-09-09 15:00:23 +02:00
b76ffa2e3e
Merge pull request ' 🎨 Improve configuration for setup-http-site-proxy and merge http-setup-dehydrated' ( !80 ) from condense-roles into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/80
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-08 17:18:34 +00:00
182feeca58
🔥 Remove role setup-http-dehydrated
...
This feature is now provided by setup-http-site-proxy
2022-09-08 15:45:39 +02:00
e3020b6d71
✨ Enable setup-http-site-proxy with missing proxy target
...
If no proxy port is defined, only the dehydrated HTTP endpoint is created
and the HTTPS endpoint returns 404.
2022-09-08 15:43:54 +02:00
c4af7754b2
✨ Use variables to configure dehydrated locations
...
These variables match https://github.com/24367dfa/ansible-role-dehydrated
2022-09-08 15:41:36 +02:00
ac46e1dd7c
Merge pull request ' 🐛 Fix that known_hosts are discarded on container update' ( !77 ) from nodered-known_hosts into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/77
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:36:23 +00:00
a5f9d11f8a
Merge pull request ' 🚚 Move entities-validation service to krypton' ( !78 ) from entities-validation into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/78
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:47 +00:00
a805886cda
Merge pull request ' 🐛 Fix template in setup-http-dehydrated when IPv6 is missing' ( !79 ) from dehydrated-site-v6 into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/79
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:33 +00:00
4da338f0ad
🐛 Fix template in setup-http-dehydrated when IPv6 is missing
2022-09-06 21:02:48 +02:00
feaf052f65
🚚 Move entities validation service from pottwal to krypton
...
This is a service handling member data, so it moves to krypton.
2022-09-06 20:31:27 +02:00
2802784e7a
✨ Add HTTPS ingress to krypton
2022-09-06 20:14:04 +02:00
e22f0a4fb0
🐛 Fix that known_hosts are discarded on container update
2022-09-06 20:02:46 +02:00
8617f84f9d
Merge pull request ' ✨ Allow to mark HTTPS sites as "local"' ( !76 ) from https-ingress-filter into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/76
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:40:28 +00:00
7ad2a5685a
🔧 Define local HTTPS sites
2022-09-06 19:39:51 +02:00
965538141d
✨ Allow to define a host for local access
...
If a host is defined as local, HTTPS traffic will not be forwared.
The LetsEncrypt proxy is still available.
2022-09-06 19:39:51 +02:00
6653129652
🔨 Refactor host statements to objects
2022-09-06 19:39:51 +02:00
e2138d5c3b
Merge pull request ' 🔧 Configure HTTPS ingress for pottwal' ( !73 ) from pottwal-ingress into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/73
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:38 +00:00
6ccca9b552
Merge pull request ' 🔧 Configure HTTPS ingress for radon' ( !67 ) from radon-ingress into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/67
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:14 +00:00
020e5a4dd8
Add call to apache-letsencrypt role
2022-09-06 17:57:10 +02:00
8549d50d03
Add call to penguineer.dehydrated_cron role
2022-09-06 17:57:10 +02:00
664dc648c5
Add ingress for pwr-meter-pulse-gw-19i.svc.n39.eu
2022-09-06 17:57:10 +02:00
0efede818a
Add ingress for rabbitmq.n39.eu
2022-09-06 17:57:10 +02:00
5be0c410b1
Add ingress for nodered.n39.eu
2022-09-06 17:57:10 +02:00
a651aa047f
Add dehydrated role
2022-09-06 17:57:10 +02:00
60e58e6b6a
Add apache role
2022-09-06 17:57:10 +02:00
cc43557511
🔧 Block external access to docker containers
...
This needs to go through ingress now!
2022-09-06 17:55:58 +02:00
76c5cdb3e1
✨ Add roles for ingress and cert management
2022-09-06 17:55:58 +02:00
0d3907d332
Merge pull request ' ✨ Add a role to allow letsencrypt access in Apache2' ( !72 ) from apache-letsencrypt into master
...
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/72
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 15:54:30 +00:00