Commit graph

627 commits

Author SHA1 Message Date
b2698aa975 Renew SSH key for mg95 2023-01-08 19:49:50 +01:00
4f549c3e7b Merge pull request '🚑 pottwal: Change group of prosody certs dir' (!131) from alex/netz39-infra-ansible:prosody-fixup into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/131
Reviewed-by: Stefan Haun <tux@netz39.de>
2023-01-02 20:26:48 +01:00
0e0e93d880 🚑 pottwal: Change group of prosody certs dir
prosody runs as unpriviledged user inside of its docker container with
this uid/gid:

    root@676f7272aaa6:/etc/prosody# id prosody
    uid=101(prosody) gid=102(prosody) groups=102(prosody),101(ssl-cert)

The certs dir has 0750 permissions and thus the process can not access
it and finds no certs, leading to stream errors for s2s and c2s
connections.  We can not use group name, because the same group has a
different gid on the host.  Numerical is fine (even if ansible needs
this as a string, `chown` seems to know how to handle this).

References: !119
Signed-off-by: Alexander Dahl <alex@netz39.de>
2023-01-02 17:58:56 +01:00
fca99114a4 Merge pull request 'prosody: update configuration' (!119) from alex/netz39-infra-ansible:prosody-config into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/119
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Stefan Haun <tux@netz39.de>
2023-01-02 16:31:08 +01:00
2c85ab8039 Merge pull request '📝 mailmap: Expand alias to real name' (!130) from mailmap into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/130
2022-12-31 11:53:30 +01:00
1e1a95a87c 📝 mailmap: Expand alias to real name
with consent according to
https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/129/files#issuecomment-3445
2022-12-31 10:43:16 +01:00
d79566f613 🔧 pottwal: Mount prosody config read-only
The prosody process only needs to write in the certs subdirectory.
2022-12-22 11:19:33 +01:00
88e14f7ca6 👌 pottwal: Move prosody config to /etc
Configuration is not data.

Suggested-by: Stefan Haun <tux@netz39.de>
2022-12-22 11:19:33 +01:00
1de850826f 👌 pottwal: Add handler for prosody restart
The XMPP server should be restarted after the config has changed.

Suggested-by: Stefan Haun <tux@netz39.de>
2022-12-22 11:19:33 +01:00
55204a1b21 🔧 prosody: Remove legacy TLS options
Connections to server failed after Let's Encrypt certificate renew.
2022-12-22 11:19:33 +01:00
bd8500bf3a 🔧 prosody: Rework configuration for prosody v0.11
The previous configuration was copied over from helium.n39.eu for
prosody v0.9 and did only work more or less by accident.  The new
configuration was done based on the upstream example configuration.

Some modules we used for 0.9 were replaced, some are not necessary
anymore, some modules are new for 0.11.  The list was reviewed carefully
on a test host, and proved to work for several months there.

The VirtualHost 'localhost' is kept, but moved from a separate
configuration file to the main configuration, because it's only one line
and it's part of the example config anyways.
2022-12-22 11:19:33 +01:00
2c0d00bc28 🔧 prosody: Use ansible variable in main config template 2022-12-22 11:19:33 +01:00
fa811dd787 👌 prosody: Use plain file instead of template
No need to run the template engine, if no replacements are done.

Suggested-by: David Kilias <dkdent@netz39.de>
2022-12-22 11:19:33 +01:00
923dfb49df 🍱 prosody: Import existing configuration files
No changes reported by ansible to what's currently deployed.
2022-12-22 11:19:16 +01:00
055ea84b0d Merge pull request 'docker: Improve deployment' (!128) from alex/netz39-infra-ansible:docker into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/128
Reviewed-by: Stefan Haun <tux@netz39.de>
2022-12-22 11:05:38 +01:00
ae7b65cc5f 🔧 Move docker_setup role application to group playbook
To install docker on a host you have to put it into that group in
inventory now, instead of adding the role to each host playbook.  Idea
is to extend the group docker_host playbook by more docker related
things as for example metrics and monitoring.
2022-12-21 19:00:22 +01:00
083bab14e8 🔧 inventory: Introduce new group 'docker_host'
Hosts which have Docker installed and where containers can run.
Might make it easier to deploy a unified setup on each of them.
2022-12-21 18:54:51 +01:00
ab08f1daa1 🎨 inventory: Sort entries
Makes it easier to compare different groups against each other.
2022-12-21 18:54:51 +01:00
bbfa805b02 Merge pull request '🔧 mailmap: Update with new mail addresses' (!129) from mailmap into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/129
Reviewed-by: dkdent <dkdent@netz39.de>
2022-12-21 10:21:31 +01:00
96d52a5692 🔧 mailmap: Update with new mail addresses
Since introduction some commits with wrong mail addresses or names
happened.  Diff:

    --- shortlog-before     2022-12-21 06:45:53.106645799 +0100
    +++ shortlog-after      2022-12-21 06:46:03.478187832 +0100
    @@ -1,7 +1,5 @@
    -    48 Alexander Dahl <alex@netz39.de>
    -     6 Alexander Dahl <post@lespocky.de>
    +    54 Alexander Dahl <alex@netz39.de>
        115 David Kilias <dkdent@netz39.de>
    -     1 MG-5 <mg-95@t-online.de>
    -     2 MG-95 <mg-95@t-online.de>
    +     3 MG-95 <mg-95@t-online.de>
          4 Maximilian Deubel <maximilian.deubel@gmail.com>
        381 Stefan Haun <tux@netz39.de>
2022-12-21 06:47:51 +01:00
07a3f19406 Merge pull request '🐛 Fix origin for unattended-upgrades' (!125) from ua-origin into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/125
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-11-29 17:28:51 +01:00
76072ff274 🐛 Fix origin for unattended-upgrades
Set origin to all, this would do the same as a manual `apt safe-upgrade`.
2022-11-24 16:03:02 +01:00
5c8c62caa5 Merge pull request '⬆️ static-web-server: Bump and change update strategy' (!127) from alex/netz39-infra-ansible:pottwal-sws into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/127
Reviewed-by: Stefan Haun <tux@netz39.de>
2022-11-23 17:39:04 +01:00
844325f81d ⬆️ static-web-server: Bump and change update strategy
With the new release we change to docker image tags without patch level.
Project promises to adhere to semantic versioning, so patch level bumps
should contain compatible bugfixes only.

Link: https://github.com/static-web-server/static-web-server/blob/master/CHANGELOG.md
Link: https://github.com/static-web-server/static-web-server/releases/tag/v2.14.0
2022-11-23 15:41:41 +01:00
199c98659a Merge pull request '🐛 Fix missing grafana container settings' (!126) from fix-grafana-container into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/126
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-11-23 10:49:23 +01:00
28efc2bd4b 🐛 Fix missing grafana container settings
especially restarting the container, e.g. after a Docker update
2022-11-22 21:32:07 +01:00
2a2cf2d4ce Merge pull request '🐢 Show some appreciation' (!122) from gnu-tp into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/122
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-11-22 19:56:49 +01:00
04c68cd410 🐢 Show some appreciation
See http://www.gnuterrypratchett.com/
2022-11-22 18:49:39 +01:00
c6cae71cd3 Merge pull request '🔊 Improve logging for DD24 ddns cron job' (!124) from silent-dd24-cron into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/124
Reviewed-by: Alexander Dahl <alex@netz39.de>
Reviewed-by: dkdent <dkdent@netz39.de>
2022-11-22 18:41:25 +01:00
059b8a0bea 👌 Expand arguments for readability 2022-11-22 18:35:22 +01:00
03dbd132eb 🔊 Send DD24 cron errors to syslog 2022-11-22 18:34:54 +01:00
29ead08db8 🔇 Disable curl transfer logs for DD24 call 2022-11-22 18:34:25 +01:00
fc57052e79 Merge pull request '🚑 Get wiringpi package from local repository' (!123) from wiringpi into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/123
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-11-22 18:32:24 +01:00
4f94574d2a 🔨 Copy wiringpi-latest.deb from local repository 2022-11-22 14:44:30 +01:00
b685d08ccd 🍱 Add wiringpi-latest.deb to files
The download location is not available anymore so we store the file here for now.
2022-11-22 10:54:31 +01:00
208a7f49fc Merge pull request '🚑 Pin Dokuwiki container to specific digest' (!121) from pin-dokuwiki into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/121
Reviewed-by: dkdent <dkdent@netz39.de>
2022-11-18 17:52:52 +01:00
8855f7cc10 🚑 Pin Dokuwiki container to specific digest
There seem to be compatibility issues with container updates within the
same tag. These updates happen every time we run Ansible and are usually
desired, as they can fix security issues (esp. in the base image).

However, if the update cannot be trusted to run without manual intervention,
we have to pin the version and check for updates manually.
2022-11-18 17:12:13 +01:00
ed7106dfcc Merge pull request '⬆️ Update FFMD-DNS to 2022111601' (!120) from update-dns-2022111601 into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/120
Reviewed-by: Alexander Dahl <alex@netz39.de>
Reviewed-by: dkdent <dkdent@netz39.de>
2022-11-18 16:04:55 +01:00
a677be3607 ⬆️ Update FFMD-DNS to 2022111601 2022-11-18 12:25:10 +01:00
871038d84c Merge pull request 'yamllint: Fix some warnings' (!118) from alex/netz39-infra-ansible:yamllint into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/118
Reviewed-by: Stefan Haun <tux@netz39.de>
2022-11-18 10:38:07 +01:00
97c5a75b6d 🚨 Fix "missing document start" warnings
yamllint warned:

host_vars/hobbes.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/krypton.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/localhost/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/platon.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/pottwal.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/radon.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/tau.netz39.de/vars.yml
  1:1       warning  missing document start "---"  (document-start)

host_vars/unicorn.n39.eu/vars.yml
  1:1       warning  missing document start "---"  (document-start)
2022-11-18 09:02:35 +01:00
ec55d5970b 🚨 yamllint: Ignore line-length warnings
We have quite some long lines where it makes no sense to split them.
Those warnings distract more than they help.
2022-11-18 08:58:19 +01:00
d37b6cea82 🚨 Fix "trailing spaces" warnings
yamllint complained:

host-pottwal.yml
  415:1     error    trailing spaces  (trailing-spaces)
2022-11-18 08:50:54 +01:00
54426e75aa 🚨 Fix new-line-at-end-of-file warnings
yamllint warned:

setup-ssh.yml
  24:29     error    no new line character at the end of file  (new-line-at-end-of-file)

host_vars/pottwal.n39.eu/vars.yml
  41:61     error    no new line character at the end of file  (new-line-at-end-of-file)

host_vars/unicorn.n39.eu/vars.yml
  1:40      error    no new line character at the end of file  (new-line-at-end-of-file)
2022-11-18 08:50:33 +01:00
69d98b461d 🚨 Fix "wrong indentation" warnings
yamllint warned:

host-krypton.yml
  32:9      error    wrong indentation: expected 10 but found 8 (indentation)
2022-11-18 08:44:54 +01:00
4a263e3a0d 🚨 Fix "too many blank lines" warnings
yamllint warned:

host-pottwal.yml
  98:1      error    too many blank lines (3 > 2)  (empty-lines)

host-tau.yml
  173:1     error    too many blank lines (1 > 0)  (empty-lines)
2022-11-18 08:44:43 +01:00
9e6f3a2456 Merge pull request 'Improve configuration for unattended-upgrades' (!116) from unattended-upgrades-config into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/116
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Alexander Dahl <alex@netz39.de>
2022-11-17 15:01:26 +01:00
a33b2bed72 Merge pull request 'Mount configuration for InfluxDB from data directory' (!117) from cfg-influxdb into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/117
Reviewed-by: dkdent <dkdent@netz39.de>
2022-11-17 00:16:24 +01:00
039e64040c 🔧 Mount configuration for influxdb from data dir 2022-11-17 00:14:30 +01:00
02ef0e3409 🔧 Write unattended-upgrade actions to syslog 2022-11-16 21:28:39 +01:00