Commit graph

1114 commits

Author SHA1 Message Date
8c97012a8a 🔨 pottwal: Use variable for xmpp domain name 2022-10-06 20:46:24 +02:00
fdc923263f 🍻 pottwal: jabber/prosody: Add deploy cert hook
Hook works outside of ansible in personal prosody instance. Hope I
understood the template correctly, docs of dehydrated role are quite
sparse on that.

The dehydrated cert path variable is only available since recent change
c4af7754b2 (" Use variables to configure dehydrated
locations").

Link: https://prosody.im/doc/certificates
2022-10-06 20:46:24 +02:00
e9ca246090 :web: pottwal: Prepare reverse proxy for prosody XMPP/Jabber server
The container can serve HTTP for yet unknown reasons, but that port is
not yet exposed.  Do NOT confuse this with the old static website
jabber.n39.eu which was decoupled from prosody and plain HTML only.

The reverse proxy is used to make the static website available, and to
let dehydrated renew the certs.  The certs are used for https to the
static website _and_ for the XMPP server itself!
2022-10-06 20:46:24 +02:00
caf1e0e123 🐳 pottwal: Add container hosting static website for XMPP 2022-10-06 20:46:24 +02:00
bd89c96fbb 🐳 pottwal: Add prosody docker container
The service should be moved away from helium.n39.eu into a container.
2022-10-06 20:46:24 +02:00
tux
081ee4dc61 Merge pull request '⬆️ fix dependency for unattended-upgrades' (!84) from dkdent/netz39-infra-ansible:fix-unattended-upgrade into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/84
Reviewed-by: tux <tux@netz39.de>
2022-10-05 18:36:39 +00:00
tux
c3934319fc Merge pull request 'Fix http(s) ingress for Jabber/XMPP server' (!86) from alex/netz39-infra-ansible:holmium into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/86
Reviewed-by: tux <tux@netz39.de>
2022-10-05 18:00:21 +00:00
c0f7994ce4 🔧 holmium: Fix host for jabber server
jabber.n39.eu including dehydrated runs on helium, always has.

Fixes: 734fbd1d75 ("Call nginx-https-ingress role for holmium")
2022-10-04 08:12:37 +02:00
2c32d746f6 🚨 holmium: Fix indentation
yamllint complained:

  9:3       error    wrong indentation: expected 4 but found 2  (indentation)
  12:7      error    wrong indentation: expected 8 but found 6  (indentation)
  14:9      error    wrong indentation: expected 10 but found 8  (indentation)
  19:9      error    wrong indentation: expected 10 but found 8  (indentation)
  23:9      error    wrong indentation: expected 10 but found 8  (indentation)
  32:9      error    wrong indentation: expected 10 but found 8  (indentation)
2022-10-04 08:08:11 +02:00
2efd892bc1 ✏️ adress issues from PR discussion
- fix typo in role name
- make origin patterns for unattended upgrades less release specific
2022-09-30 22:24:41 +02:00
fa7f16f814 ⬆️ fix dependency for unattended-upgrades
- resolves https://redmine.n39.eu/issues/722
- role https://github.com/jnv/ansible-role-unattended-upgrades is deprecated
- replacement is https://github.com/hifis-net/ansible-role-unattended-upgrades
2022-09-30 22:24:41 +02:00
tux
0f11db3f64 Merge pull request 'Add missing restart-policy entries for Radon docker containers' (!85) from docker-restart-policy into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/85
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-30 20:22:36 +00:00
6a03e55c16 Add missing restart-policy entries for Radon docker containers 2022-09-30 21:52:25 +02:00
tux
1b952f5386 Merge pull request 'Update to new CleanURI (uritools) version' (!83) from cleanuri into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/83
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-15 20:20:29 +00:00
d874aab674 Add uritools-api to dehydrated 2022-09-15 18:09:16 +02:00
69cce57024 Switch to new CleanURI (uritools) implementation 2022-09-15 18:09:16 +02:00
f4544b2555 Add external CleanURI setup to inventory 2022-09-15 18:09:16 +02:00
3d654427ac Add host cleanuri-api to HTTPS forwarding 2022-09-15 18:09:16 +02:00
24929a36bc Add a role to set up cleanuri (uritools) 2022-09-15 18:09:16 +02:00
tux
7b0506c235 Merge pull request '🐛 Fix proxy site template' (!82) from fix-apache-template into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/82
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-14 21:29:40 +00:00
b9488e19db 🐛 Fix proxy site template
These are errors from a bodged PR (my bad) that has been merged too early.
2022-09-14 23:25:41 +02:00
tux
6452e4a277 Merge pull request '⬆️ Bump power-meter-pulse-gateway to 0.3.0' (!81) from power-meter-pulse-gateway-0.3.0 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/81
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-09 16:15:47 +00:00
8b885729c9 ⬆️ Bump power-meter-pulse-gateway to 0.3.0
https://github.com/netz39/power-meter-pulse-gateway/releases/tag/v0.3.0
2022-09-09 15:00:23 +02:00
tux
b76ffa2e3e Merge pull request '🎨 Improve configuration for setup-http-site-proxy and merge http-setup-dehydrated' (!80) from condense-roles into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/80
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-08 17:18:34 +00:00
182feeca58 🔥 Remove role setup-http-dehydrated
This feature is now provided by setup-http-site-proxy
2022-09-08 15:45:39 +02:00
e3020b6d71 Enable setup-http-site-proxy with missing proxy target
If no proxy port is defined, only the dehydrated HTTP endpoint is created
and the HTTPS endpoint returns 404.
2022-09-08 15:43:54 +02:00
c4af7754b2 Use variables to configure dehydrated locations
These variables match https://github.com/24367dfa/ansible-role-dehydrated
2022-09-08 15:41:36 +02:00
tux
ac46e1dd7c Merge pull request '🐛 Fix that known_hosts are discarded on container update' (!77) from nodered-known_hosts into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/77
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:36:23 +00:00
tux
a5f9d11f8a Merge pull request '🚚 Move entities-validation service to krypton' (!78) from entities-validation into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/78
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:47 +00:00
tux
a805886cda Merge pull request '🐛 Fix template in setup-http-dehydrated when IPv6 is missing' (!79) from dehydrated-site-v6 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/79
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:33 +00:00
4da338f0ad 🐛 Fix template in setup-http-dehydrated when IPv6 is missing 2022-09-06 21:02:48 +02:00
feaf052f65 🚚 Move entities validation service from pottwal to krypton
This is a service handling member data, so it moves to krypton.
2022-09-06 20:31:27 +02:00
2802784e7a Add HTTPS ingress to krypton 2022-09-06 20:14:04 +02:00
e22f0a4fb0 🐛 Fix that known_hosts are discarded on container update 2022-09-06 20:02:46 +02:00
tux
8617f84f9d Merge pull request ' Allow to mark HTTPS sites as "local"' (!76) from https-ingress-filter into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/76
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:40:28 +00:00
7ad2a5685a 🔧 Define local HTTPS sites 2022-09-06 19:39:51 +02:00
965538141d Allow to define a host for local access
If a host is defined as local, HTTPS traffic will not be forwared.
The LetsEncrypt proxy is still available.
2022-09-06 19:39:51 +02:00
6653129652 🔨 Refactor host statements to objects 2022-09-06 19:39:51 +02:00
tux
e2138d5c3b Merge pull request '🔧 Configure HTTPS ingress for pottwal' (!73) from pottwal-ingress into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/73
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:38 +00:00
tux
6ccca9b552 Merge pull request '🔧 Configure HTTPS ingress for radon' (!67) from radon-ingress into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/67
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:14 +00:00
020e5a4dd8 Add call to apache-letsencrypt role 2022-09-06 17:57:10 +02:00
8549d50d03 Add call to penguineer.dehydrated_cron role 2022-09-06 17:57:10 +02:00
664dc648c5 Add ingress for pwr-meter-pulse-gw-19i.svc.n39.eu 2022-09-06 17:57:10 +02:00
0efede818a Add ingress for rabbitmq.n39.eu 2022-09-06 17:57:10 +02:00
5be0c410b1 Add ingress for nodered.n39.eu 2022-09-06 17:57:10 +02:00
a651aa047f Add dehydrated role 2022-09-06 17:57:10 +02:00
60e58e6b6a Add apache role 2022-09-06 17:57:10 +02:00
cc43557511 🔧 Block external access to docker containers
This needs to go through ingress now!
2022-09-06 17:55:58 +02:00
76c5cdb3e1 Add roles for ingress and cert management 2022-09-06 17:55:58 +02:00
tux
0d3907d332 Merge pull request ' Add a role to allow letsencrypt access in Apache2' (!72) from apache-letsencrypt into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/72
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 15:54:30 +00:00