Ansible configuration for the Netz39 infrastructure
Find a file
Stefan Haun cc43557511 🔧 Block external access to docker containers
This needs to go through ingress now!
2022-09-06 17:55:58 +02:00
files Add the Asterisk sound files 2022-08-05 17:23:48 +02:00
roles Merge pull request ' Add a role to allow letsencrypt access in Apache2' (!72) from apache-letsencrypt into master 2022-09-06 15:54:30 +00:00
templates Add template for SIP configuration 2022-08-05 17:23:48 +02:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.yamllint yamllint config and fixes 2020-12-28 22:53:53 +01:00
all.yml Move tasks for all hosts to separate file 2022-07-24 16:49:35 +02:00
ansible.cfg Add ansible.cfg with inventory path 2022-07-24 16:49:35 +02:00
holmium.yml Call nginx-https-ingress role for holmium 2022-08-27 20:32:56 +02:00
inventory.yml Merge pull request 'Pulse-Gateway für 19-Zoll-Raum Verbrauchsmessung' (!65) from pulse-gw-svc into master 2022-08-27 16:19:11 +00:00
krypton.yml Fix container setup 2022-07-05 21:15:32 +02:00
main.yml Call holmium playbook from main 2022-08-27 14:12:11 +02:00
oganesson.yml Add playbook for host oganesson 2022-07-20 21:29:05 +02:00
platon.yml Copy Asterisk sound files 2022-08-05 17:23:48 +02:00
pottwal.yml 🔧 Block external access to docker containers 2022-09-06 17:55:58 +02:00
proxmox.yml Move proxmox specific tasks to separate playbook 2022-07-23 20:42:11 +02:00
radon.yml ⬆️ Bump power-meter-pulse-gateway to 0.2.1 2022-09-06 16:37:43 +02:00
README.md Add section in README to explain HTTPS ingress setup 2022-08-27 23:19:17 +02:00
requirements.yml 👽️ Bump ble-keykeeper-role to 1.1.0 2022-07-29 12:34:30 +02:00
tau.yml Merge pull request 'Add FFMD DNS container to provide secondary DNS server' (!69) from ffmd-dns2 into master 2022-08-30 12:23:49 +00:00
unicorn.yml Bump unicorn to v7.1.65 2022-06-29 23:31:29 +02:00

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible -i inventory.yml all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Call with

ansible-playbook -i inventory.yml --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup-http-site-proxy.

Do not forget to execute all playbooks with relevant changes.