Commit graph

957 commits

Author SHA1 Message Date
c0f7994ce4 🔧 holmium: Fix host for jabber server
jabber.n39.eu including dehydrated runs on helium, always has.

Fixes: 734fbd1d75 ("Call nginx-https-ingress role for holmium")
2022-10-04 08:12:37 +02:00
2c32d746f6 🚨 holmium: Fix indentation
yamllint complained:

  9:3       error    wrong indentation: expected 4 but found 2  (indentation)
  12:7      error    wrong indentation: expected 8 but found 6  (indentation)
  14:9      error    wrong indentation: expected 10 but found 8  (indentation)
  19:9      error    wrong indentation: expected 10 but found 8  (indentation)
  23:9      error    wrong indentation: expected 10 but found 8  (indentation)
  32:9      error    wrong indentation: expected 10 but found 8  (indentation)
2022-10-04 08:08:11 +02:00
2efd892bc1 ✏️ adress issues from PR discussion
- fix typo in role name
- make origin patterns for unattended upgrades less release specific
2022-09-30 22:24:41 +02:00
fa7f16f814 ⬆️ fix dependency for unattended-upgrades
- resolves https://redmine.n39.eu/issues/722
- role https://github.com/jnv/ansible-role-unattended-upgrades is deprecated
- replacement is https://github.com/hifis-net/ansible-role-unattended-upgrades
2022-09-30 22:24:41 +02:00
tux
0f11db3f64 Merge pull request 'Add missing restart-policy entries for Radon docker containers' (!85) from docker-restart-policy into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/85
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-30 20:22:36 +00:00
6a03e55c16 Add missing restart-policy entries for Radon docker containers 2022-09-30 21:52:25 +02:00
tux
1b952f5386 Merge pull request 'Update to new CleanURI (uritools) version' (!83) from cleanuri into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/83
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-15 20:20:29 +00:00
d874aab674 Add uritools-api to dehydrated 2022-09-15 18:09:16 +02:00
69cce57024 Switch to new CleanURI (uritools) implementation 2022-09-15 18:09:16 +02:00
f4544b2555 Add external CleanURI setup to inventory 2022-09-15 18:09:16 +02:00
3d654427ac Add host cleanuri-api to HTTPS forwarding 2022-09-15 18:09:16 +02:00
24929a36bc Add a role to set up cleanuri (uritools) 2022-09-15 18:09:16 +02:00
tux
7b0506c235 Merge pull request '🐛 Fix proxy site template' (!82) from fix-apache-template into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/82
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-14 21:29:40 +00:00
b9488e19db 🐛 Fix proxy site template
These are errors from a bodged PR (my bad) that has been merged too early.
2022-09-14 23:25:41 +02:00
tux
6452e4a277 Merge pull request '⬆️ Bump power-meter-pulse-gateway to 0.3.0' (!81) from power-meter-pulse-gateway-0.3.0 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/81
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-09-09 16:15:47 +00:00
8b885729c9 ⬆️ Bump power-meter-pulse-gateway to 0.3.0
https://github.com/netz39/power-meter-pulse-gateway/releases/tag/v0.3.0
2022-09-09 15:00:23 +02:00
tux
b76ffa2e3e Merge pull request '🎨 Improve configuration for setup-http-site-proxy and merge http-setup-dehydrated' (!80) from condense-roles into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/80
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-08 17:18:34 +00:00
182feeca58 🔥 Remove role setup-http-dehydrated
This feature is now provided by setup-http-site-proxy
2022-09-08 15:45:39 +02:00
e3020b6d71 Enable setup-http-site-proxy with missing proxy target
If no proxy port is defined, only the dehydrated HTTP endpoint is created
and the HTTPS endpoint returns 404.
2022-09-08 15:43:54 +02:00
c4af7754b2 Use variables to configure dehydrated locations
These variables match https://github.com/24367dfa/ansible-role-dehydrated
2022-09-08 15:41:36 +02:00
tux
ac46e1dd7c Merge pull request '🐛 Fix that known_hosts are discarded on container update' (!77) from nodered-known_hosts into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/77
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:36:23 +00:00
tux
a5f9d11f8a Merge pull request '🚚 Move entities-validation service to krypton' (!78) from entities-validation into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/78
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:47 +00:00
tux
a805886cda Merge pull request '🐛 Fix template in setup-http-dehydrated when IPv6 is missing' (!79) from dehydrated-site-v6 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/79
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 23:35:33 +00:00
4da338f0ad 🐛 Fix template in setup-http-dehydrated when IPv6 is missing 2022-09-06 21:02:48 +02:00
feaf052f65 🚚 Move entities validation service from pottwal to krypton
This is a service handling member data, so it moves to krypton.
2022-09-06 20:31:27 +02:00
2802784e7a Add HTTPS ingress to krypton 2022-09-06 20:14:04 +02:00
e22f0a4fb0 🐛 Fix that known_hosts are discarded on container update 2022-09-06 20:02:46 +02:00
tux
8617f84f9d Merge pull request ' Allow to mark HTTPS sites as "local"' (!76) from https-ingress-filter into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/76
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:40:28 +00:00
7ad2a5685a 🔧 Define local HTTPS sites 2022-09-06 19:39:51 +02:00
965538141d Allow to define a host for local access
If a host is defined as local, HTTPS traffic will not be forwared.
The LetsEncrypt proxy is still available.
2022-09-06 19:39:51 +02:00
6653129652 🔨 Refactor host statements to objects 2022-09-06 19:39:51 +02:00
tux
e2138d5c3b Merge pull request '🔧 Configure HTTPS ingress for pottwal' (!73) from pottwal-ingress into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/73
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:38 +00:00
tux
6ccca9b552 Merge pull request '🔧 Configure HTTPS ingress for radon' (!67) from radon-ingress into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/67
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 17:11:14 +00:00
020e5a4dd8 Add call to apache-letsencrypt role 2022-09-06 17:57:10 +02:00
8549d50d03 Add call to penguineer.dehydrated_cron role 2022-09-06 17:57:10 +02:00
664dc648c5 Add ingress for pwr-meter-pulse-gw-19i.svc.n39.eu 2022-09-06 17:57:10 +02:00
0efede818a Add ingress for rabbitmq.n39.eu 2022-09-06 17:57:10 +02:00
5be0c410b1 Add ingress for nodered.n39.eu 2022-09-06 17:57:10 +02:00
a651aa047f Add dehydrated role 2022-09-06 17:57:10 +02:00
60e58e6b6a Add apache role 2022-09-06 17:57:10 +02:00
cc43557511 🔧 Block external access to docker containers
This needs to go through ingress now!
2022-09-06 17:55:58 +02:00
76c5cdb3e1 Add roles for ingress and cert management 2022-09-06 17:55:58 +02:00
tux
0d3907d332 Merge pull request ' Add a role to allow letsencrypt access in Apache2' (!72) from apache-letsencrypt into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/72
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 15:54:30 +00:00
tux
b5b6594136 Merge pull request '🚑 Fix that power meter messages are not persistent' (!75) from power-meter-pulse-gateway-0.2.1 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/75
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 15:54:16 +00:00
tux
bd9910a9fb Merge pull request '🔧 Setup Apache proxy pass for sites with invalid URIs' (!74) from apache-slash-decoding into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/74
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-06 15:54:04 +00:00
f3d115874a ⬆️ Bump power-meter-pulse-gateway to 0.2.1 2022-09-06 16:37:43 +02:00
f9197221c8 🔧 Setup Apache proxy pass for sites with invalid URIs
This is a setup according to https://www.rabbitmq.com/management.html#proxy
which solves a problem with RabbitMQ encoding vhost names in a non-standard
way.

As this setting does not hurt other sites, we can introduce it into the
general template.
2022-09-06 15:35:50 +02:00
1fe6526898 Add a role to allow letsencrypt access in Apache2 2022-09-06 14:31:52 +02:00
tux
17d7aa704a Merge pull request '⬆️ Bump clean_uri (uritools) to 0.4.1' (!71) from uritools-0.4.1 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/71
Reviewed-by: dkdent <dkdent@netz39.de>
2022-09-05 21:13:24 +00:00
f16cfe0a55 ⬆️ Bump clean_uri (uritools) to 0.4.1
Security update of a dependency by GitHub Dependabot
2022-09-02 13:24:33 +02:00