JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
Ansible configuration for the Netz39 infrastructure
412 commits 10 branches 0 tags 1.5 MiB
Jinja 94.7%
Shell 3.8%
Lua 1.5%
Find a file
Alexander Dahl e9ca246090 :web: pottwal: Prepare reverse proxy for prosody XMPP/Jabber server 
The container can serve HTTP for yet unknown reasons, but that port is
not yet exposed.  Do NOT confuse this with the old static website
jabber.n39.eu which was decoupled from prosody and plain HTML only.

The reverse proxy is used to make the static website available, and to
let dehydrated renew the certs.  The certs are used for https to the
static website _and_ for the XMPP server itself!
2022-10-06 20:46:24 +02:00
files Add the Asterisk sound files 2022-08-05 17:23:48 +02:00
roles Add a role to set up cleanuri (uritools) 2022-09-15 18:09:16 +02:00
templates Add template for SIP configuration 2022-08-05 17:23:48 +02:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.yamllint yamllint config and fixes 2020-12-28 22:53:53 +01:00
all.yml ✏️ adress issues from PR discussion 2022-09-30 22:24:41 +02:00
ansible.cfg Add ansible.cfg with inventory path 2022-07-24 16:49:35 +02:00
holmium.yml 🔧 holmium: Fix host for jabber server 2022-10-04 08:12:37 +02:00
inventory.yml Add external CleanURI setup to inventory 2022-09-15 18:09:16 +02:00
krypton.yml 🚚 Move entities validation service from pottwal to krypton 2022-09-06 20:31:27 +02:00
main.yml Call holmium playbook from main 2022-08-27 14:12:11 +02:00
oganesson.yml Add playbook for host oganesson 2022-07-20 21:29:05 +02:00
platon.yml Copy Asterisk sound files 2022-08-05 17:23:48 +02:00
pottwal.yml :web: pottwal: Prepare reverse proxy for prosody XMPP/Jabber server 2022-10-06 20:46:24 +02:00
proxmox.yml Move proxmox specific tasks to separate playbook 2022-07-23 20:42:11 +02:00
radon.yml Add missing restart-policy entries for Radon docker containers 2022-09-30 21:52:25 +02:00
README.md Add section in README to explain HTTPS ingress setup 2022-08-27 23:19:17 +02:00
requirements.yml ✏️ adress issues from PR discussion 2022-09-30 22:24:41 +02:00
tau.yml Merge pull request 'Add FFMD DNS container to provide secondary DNS server' (!69) from ffmd-dns2 into master 2022-08-30 12:23:49 +00:00
unicorn.yml Bump unicorn to v7.1.65 2022-06-29 23:31:29 +02:00

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible -i inventory.yml all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Call with

ansible-playbook -i inventory.yml --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup-http-site-proxy.

Do not forget to execute all playbooks with relevant changes.