8edc26cc74
uau: make reboot configurable
2020-11-15 16:12:44 +01:00
25ef1394f4
partdb: remove role
2020-11-14 11:36:01 +01:00
dfe0804a3d
librenms: comment out broken mysql_user statement
...
The used mysql_user statement seems to be broken. Since the service is
currently running the statement is commented out in order to still be
able to run this role.
2020-11-14 10:59:32 +01:00
6249d9d62f
uau: reboot if needed (e.g. on kernel update)
...
Manually rebooting is tedious and nothing bad happend over the last few
years. Also important VMs are still on manual update.
2020-11-14 10:44:55 +01:00
8ef5789f4a
nextcloud: use list instead of with_items
2020-11-13 21:35:15 +01:00
4e87db5364
dns_extern: use list instead of with_items
2020-11-13 21:34:36 +01:00
770dbc4779
dns_inten: use list instead of with_items
2020-11-13 21:34:04 +01:00
e592ebbf4b
dns_extern: rename from dns-extern
2020-11-13 21:31:44 +01:00
47bea1eb41
dns_intern: rename from dns-intern
2020-11-13 21:31:11 +01:00
3db745797a
partdb: use list instead of with_items
2020-11-13 21:29:56 +01:00
0ea7576e80
hackmd: use list instead of with_items
2020-11-13 18:29:32 +01:00
a5bef39ba4
member_sw: use list instead of with_items
2020-11-13 18:28:53 +01:00
421785c336
coturn: use simple statement instead of with_items
2020-11-13 18:27:52 +01:00
d8ab59accc
web: use list instead of with_items
2020-11-13 18:26:10 +01:00
28c9d8ad3a
prosody: use list instead of with_items
2020-11-13 18:25:34 +01:00
64a557ab85
matirx: use list instead of with_items
2020-11-13 18:25:01 +01:00
b3b5129cc4
mail: use list instead of with_items
2020-11-13 18:24:23 +01:00
cf52cc9932
librenms: use list instead of with_items
2020-11-13 18:23:17 +01:00
6b4dbb9177
drone_runner: rename from drone-runner
2020-11-13 18:20:55 +01:00
989db7f961
bk_dss: rename from bk-dss
2020-11-13 18:19:36 +01:00
7de38a4602
common: use list instead of with_items
2020-11-13 17:39:47 +01:00
364d9428d8
web_plk: new role (on technetium.binary-kitchen.net)
2020-11-13 17:32:43 +01:00
5492048623
jitsi: complete setup
2020-11-12 21:01:18 +01:00
f36e4f491d
member-sw: rename to member_sw
2020-10-12 20:22:27 +02:00
fd3dd75be2
ldap-pam: rename to ldap_pam
2020-10-12 20:20:09 +02:00
ebef95fd2e
root-keys: rename to root_keys
2020-10-06 10:08:29 +02:00
0e4a13aa37
uau: change apt to new syntax
2020-10-05 08:38:50 +02:00
6f2267ce56
gitea: change apt to new syntax
2020-10-05 08:38:36 +02:00
16a66b5731
drone: change apt to new syntax
2020-10-05 08:38:25 +02:00
b519f6de07
gitea: update to version 1.12.5
2020-10-05 08:33:42 +02:00
38bd0328b7
bk-dss: change apt to new syntax
2020-10-05 08:31:16 +02:00
c4101bc585
Nice URLs for dokuwiki
2020-09-12 19:01:28 +02:00
78dc0938bf
Better caching for static dokuwiki images
2020-09-12 18:59:35 +02:00
500a89161d
matrix: rebase config against 1.19.1
2020-09-04 08:42:48 +02:00
e720608d00
gitea: update to version 1.12.4
2020-09-04 08:12:15 +02:00
76e9e6cac5
new host: molybdenum (Telefonzelle)
2020-07-31 21:38:33 +02:00
d2454e27fc
gitea: update to version 1.12.3
2020-07-29 07:35:10 +02:00
6a9c4aedae
gitea: implement fetching binary
2020-06-23 16:32:00 +02:00
22372c931d
Update role acertmgr add var acertmgr_version
...
Defining variable acertmgr_version from role defaults, allows version
string to be overridden. Role defaults are set in connection: local scope.
This also shortens long line to make this role linter compliant
2020-06-22 13:27:26 +02:00
a42b34b3ec
nginx: don't use "== True"
2020-06-20 17:22:23 +02:00
47cccdd42a
cleanup: use systemd module for daemon-reloaed
2020-06-20 14:51:13 +02:00
40e8445679
matrix: increase file size limit
2020-06-20 00:20:48 +02:00
fe10cde96b
acertmgr: ansible style fix
2020-06-20 00:20:19 +02:00
080c3fb495
drone-runner: fix another syntax error
2020-06-20 00:10:46 +02:00
d0d3fe230a
drone-runner: set password, fix syntax error
2020-06-20 00:07:46 +02:00
84de43d428
gitea: disable gravatar, less log spam, persistent sessions
2020-06-19 23:42:22 +02:00
d612d1ac28
nginx: enable gzip for proxied responses
2020-06-19 23:41:50 +02:00
a065fd4bc8
drone: install runner onto bob
2020-06-19 23:41:16 +02:00
fe5bdab253
drone: move onto gitea server and adjust for gitea
2020-06-19 23:39:58 +02:00
c2b529345e
nginx: hide version
2020-06-18 22:39:30 +02:00
488fb29275
gitea: migrate from gogs
2020-06-18 22:34:30 +02:00
7a58869a2f
fix path of acertmgr handler
2020-06-07 15:16:49 +02:00
86bf87405a
new host for drone.io
...
fix path of acertmgr handler
2020-06-07 15:16:25 +02:00
9bb3111efc
matrix: rebase config against 1.14.0
2020-05-30 14:47:22 +02:00
8e5ccda050
prometheus: basic proxmox monitoring
2020-05-25 16:15:29 +02:00
5a2b3559db
jitsi: new role (on host zirconium.binary-kitchen.net)
2020-05-20 09:57:18 +02:00
dcadf88ada
mail: cleanup
2020-05-20 08:37:09 +02:00
3f920c731d
mail: don't apply logrotate settings
2020-05-20 08:36:25 +02:00
d96e3f20ec
mail: fix sieve path name and permissions
2020-05-20 08:35:44 +02:00
5067e5371e
mail: move vault mapping to group_vars
2020-05-20 08:34:22 +02:00
0790c0b737
acertmgr: cleanup
2020-05-18 19:49:59 +02:00
fb215fdd82
mail: make mail_trusted an array
2020-05-18 19:10:32 +02:00
9d6ed20d9f
librenms: update dependencies
2020-05-11 17:42:07 +02:00
35fda6124a
dns-intern: openvpn -> wireguard
2020-05-11 16:16:07 +02:00
088ee7c6bf
matrix: increase max size to 10M
2020-04-09 21:38:29 +02:00
11bd9019d9
matrix: update config and set max_body_size
2020-03-29 11:48:38 +02:00
453537697d
coturn: new role for a TURN server to be used with matrix
2020-03-16 20:18:59 +01:00
a04c216abe
acertmgr: Use latest package from github instead of git checkout
2020-02-17 20:44:21 +01:00
Kishi85
fd04a750a5
Add excludes to logrotate.d config and update to correct paths
2020-02-04 18:35:09 +01:00
Kishi85
4a11950728
Update logrotate configs to preserve last 7 days
2020-02-03 19:37:43 +01:00
786ecd554f
slapd: use root password from vault
2020-02-03 19:08:09 +01:00
3e27ad3bde
dhcpd: use new secret omapi key
2020-02-03 18:38:01 +01:00
f184ca15fe
common: limit syslog retention to 7 days
2020-02-02 20:57:28 +01:00
d97524798b
bk-dss: use ldap_uri instead of ldap_host
2020-01-31 19:55:15 +01:00
66d6af74f0
matrix: reduce logging
2020-01-30 16:31:04 +01:00
1029f41bdc
dhcp: replace ap05 mac addr
2020-01-27 20:35:45 +01:00
611a14fffb
common: set journald retention time to 7days
2020-01-27 20:35:23 +01:00
8a25f21a87
matrix: rebase homeserver.yaml against 1.9.0
2020-01-27 15:28:49 +01:00
9ff516e089
matrix: set proper collation/ctype for DB
2020-01-22 13:12:21 +01:00
84189d95a1
matrix: default name to username
2020-01-20 20:49:00 +01:00
6b82d3d92b
new host: sodium (matrix) and new role matrix
2020-01-20 15:56:29 +01:00
7950c96da2
grafana: new role
2020-01-08 12:08:06 +01:00
f23d71aa6a
new host: strontium (Rocket.Chat)
2020-01-08 12:03:28 +01:00
871add3b0e
dns/dhcp: add ap05 for testing
2019-11-30 22:12:25 +01:00
3ab962ba4d
web: add binary.kitchen to vhost config
2019-11-30 22:11:40 +01:00
ef9e4352d3
slapd: add openssh public key schema
2019-11-28 22:40:51 +01:00
7acbf3d066
web: add more domains to certificates
2019-11-15 16:31:07 +01:00
a4e32cb79b
bk-dss: update to 0.8.4
2019-11-07 22:32:54 +01:00
909c9ebca6
new host: fusilli
2019-10-31 19:43:26 +01:00
91d95b190c
dns-intern: use future-proof pdns config
2019-10-14 18:34:43 +02:00
986392237c
uau: install more updates
2019-10-14 08:15:37 +02:00
b2f56c709b
common: install ipmitool on Proxmox hosts
2019-10-09 21:08:48 +02:00
a86081d6d7
acertmgr: update to version 1.0.0
2019-10-01 08:05:32 +02:00
25fca48dc8
new alias: 3dprinter
2019-09-30 18:50:41 +02:00
411243aeef
new host: noodlehub
2019-09-30 18:44:44 +02:00
133838e586
radius: fix symlinks that break with debian buster
2019-09-23 18:47:23 +02:00
a3675c0cc8
hackmd: new upstream URL and version 1.5.0
2019-09-18 13:08:08 +02:00
fbe1ac33c3
mail: cleanup
2019-09-17 13:29:59 +02:00
e0cbf2b760
common: remove snmpd
2019-09-17 10:16:05 +02:00
939b9ccb4c
partdb: update to debian buster / PHP 7.3
2019-09-17 08:51:03 +02:00
e31abbb8bb
web: switch to PHP 7.3
2019-09-12 13:34:05 +02:00
772df6c630
common: also clear motd on Proxmox hosts
2019-09-12 13:22:19 +02:00
bd06590301
nginx: enable TLSv1.3 (relevant VMs have buster)
2019-09-12 13:09:52 +02:00
fb81c5ce02
common: remove snmp, add acpid (on VMs)
2019-09-12 12:00:59 +02:00
ef7177f0ec
common: set vm.swappiness on Proxmox hosts
2019-09-10 19:14:55 +02:00
3d1a681850
librenms: debian buster
2019-09-09 19:33:47 +02:00
a6a973c034
prosody: make it work with buster
2019-09-09 19:09:44 +02:00
8a2ade46cb
Remove host apfelkuchen
2019-09-07 20:45:11 +02:00
c763264ccd
hackmd: update and fix uploads folder link creation
2019-09-06 16:17:34 +02:00
4c7d472f2f
remove racktables and partially remove snmpd
2019-09-03 13:13:03 +02:00
Kishi85
6945b4918c
mail: Enable subject privacy for the history module
2019-09-03 11:50:08 +02:00
6e593d0feb
gogs: switch to debian buster
2019-08-30 11:20:40 +02:00
Kishi85
6ce23ca253
mail: disable rspamd actions for mail from localhost
2019-07-24 10:11:38 +02:00
Kishi85
83afecfd72
mail: use srs only for forwards and MDA, not for incoming mails
2019-07-24 09:38:01 +02:00
Kishi85
5faf9de93e
mail: fix redis config
2019-07-23 17:23:14 +02:00
Kishi85
5df4457b0e
mail: add postsrsd to stop breaking forwards for SPF domains
2019-07-23 16:06:16 +02:00
43f1633a22
cleanup roles
2019-07-23 12:00:59 +02:00
Kishi85
2153438ec5
mail: allow any sender from our internal networks
2019-07-23 11:29:34 +02:00
85c2a90431
bk-dss: enable admin menu for zaesa
2019-07-22 13:18:46 +02:00
Kishi85
884bbbfbae
mail: use rspamd with automatic learning using sieve + managesieve
2019-07-16 09:37:50 +02:00
4b1952a6e0
uau: minimize diff to default config
2019-07-10 18:43:08 +02:00
5ead59ce14
acertmgr: update to version 0.9.8
2019-07-09 12:39:31 +02:00
f1dec82592
prometheus: only support Debian buster
2019-07-09 12:38:32 +02:00
909e767b36
dhcp/dns: add new hosts and IP ranges
2019-06-27 10:09:39 +02:00
2a417cdee2
acertmgr: update to version 0.9.7
2019-06-18 15:13:05 +02:00
f8daa11de1
nextcloud: first step towards handling php from ansible again
2019-05-20 21:35:58 +02:00
477441585d
owncloud: rename to nextcloud
2019-05-20 20:55:50 +02:00
7f689e1a82
owncloud: rename to nextcloud
2019-05-20 20:55:05 +02:00
06dcb1b082
mail: fix SSL CA settings
2019-05-20 20:09:07 +02:00
4ee7c6ad16
acertmgr: migrate from legacy paths
2019-05-20 19:49:08 +02:00
17f25f2c32
acertmgr: migrate from legacy paths
2019-05-20 19:38:32 +02:00
b6f0b9417d
bk-dss: update to version 0.8.3
2019-05-17 08:29:40 +02:00
8a33cdc4ad
slapd: fix ACLs
2019-05-17 08:25:14 +02:00
b4f95eefc8
bk-dss: fix typo
2019-05-16 15:52:49 +02:00
e99c8d34dd
pvessl: nginx based reverse proxy w/ certs for PVE
2019-05-13 21:46:37 +02:00
c4bcc13ccd
slapd: simplify ACL
2019-05-13 21:45:37 +02:00
45917de310
bk-dss: add new admin
2019-05-13 21:44:27 +02:00
Kishi85
cc7d959435
mail: dovecot verify password by binding to ldap
2019-05-13 21:30:13 +02:00
2abc3819ac
acme-dnskey-generate: handle empty san list
2019-05-13 21:00:50 +02:00
e5ca7f59db
replace hard coded values by variables
2019-05-13 20:22:02 +02:00
00826a8d14
slapd: implement proper ACL
2019-05-13 20:03:20 +02:00
6fec0e62bc
mail: fix aliases
2019-04-23 08:07:35 +02:00
9f3923f494
acertmgr: update to 0.9.5
2019-04-01 18:51:01 +02:00
ad2e2dca6b
dns-intern: move cannelloni to user vlan, add tmp
2019-04-01 18:35:27 +02:00
5c07927012
Remove BKCA for good
2019-03-25 21:08:23 +01:00
50cab2429d
raduis: use LE certificate via dns
2019-03-25 21:08:19 +01:00
c6c91d7256
Migrate LDAP from BKCA to Let's Encrypt
2019-03-25 19:58:06 +01:00
c0070e042b
acertmgr: update to 0.9.4
2019-03-25 19:25:56 +01:00
606851de76
slapd: use LE certificate via dns
2019-03-25 19:05:31 +01:00
3471c0ca34
bk-dss: update to 0.8.2
2019-03-22 13:09:58 +01:00
e72ee8fb74
acertmgr: update to 0.8.2
2019-03-21 22:33:05 +01:00
218ae6c4dd
bk-dss: restart uwsgi on changes ( fixes #28 )
2019-03-18 22:18:43 +01:00
cefabcaa7f
web: no longer server binary-kitchen.space
2019-03-09 18:39:27 +01:00
654c2c0122
cleanup whitespace
2019-03-09 18:38:07 +01:00
e7375cac3e
new host: mpcnc
2019-03-09 18:33:00 +01:00
97cb51efbf
hackmd: increase max upload size
2019-03-07 21:17:19 +01:00
e1e110e704
acertmgr: update to 0.8.1
2019-03-07 15:01:06 +01:00
56df920ec0
bk-dss: update to 0.8.1
2019-02-28 11:17:08 +01:00
7fb5ac8875
acertmgr: fix typo
2019-02-25 18:10:56 +01:00
476df56fcc
acertmgr: rename vars, introduce version
2019-02-25 08:34:21 +01:00
a2e6267ec8
slapd: use base from variables
2019-02-23 23:55:35 +01:00
9bffa36a33
acertmgr: rename from certmgr, run on config change
2019-02-23 23:54:24 +01:00
407409010e
bk-dss: use vault for secret, use tagged version, use correct certificate for ldap
2019-02-23 23:34:23 +01:00
845a9f3c76
dss: remove unused role (replaced by bk-dss)
2019-02-19 09:31:33 +01:00
905f86f2df
gogs: apt repo key location has changed
2019-02-18 19:15:34 +01:00
f576ebe615
common: forgot to remove gentoo prompt from Debian
2019-02-18 18:39:12 +01:00
d5c98eb13c
common: don't use gentoo prompt anymore
2019-02-18 18:35:54 +01:00
41784f514f
Cleanup whitespace
2019-02-13 16:01:32 +01:00
b47be3287a
librenms & racktables: use LE certificates
2019-02-13 15:57:46 +01:00
766ece5b10
acme-dnskey-generate: fix naming inconsistencies
2019-02-13 15:40:12 +01:00
275b9a6071
Cleanup whitespace
2019-02-13 14:28:16 +01:00
cffa318bea
Remove acme.sh client
2019-02-13 14:05:27 +01:00
82b5f9cdf3
dns-intern: sync A/PTR, use RR for radius, fix erx-rz loopback
2019-02-13 13:38:08 +01:00
82181c2eb2
Remove forseti/checkmk
2019-02-13 13:30:16 +01:00
d52b5c0b76
bk-dss: update to current version
2019-02-12 09:45:10 +01:00
fa7fec4a93
certmgr: update to latest version, adjust config
2019-02-11 19:36:35 +01:00
Kishi85
06760bf9f7
Add role to generate dns keys for acme/cermgr
2019-02-11 18:38:41 +01:00
40efa84fcf
dovecot: add logrotate config
2019-02-04 20:31:13 +01:00
8b0be8cc6f
dns: host ffrgb (offloader)
2019-02-04 18:33:06 +01:00
7b53f00a5e
new hosts: maccaroni & spaghetti
2019-01-20 14:47:55 +01:00
Kishi85
3425fdeac9
new host: magnesium (partdb/partkeepr)
2018-12-17 19:25:15 +01:00
5fae8fa02c
dns-intern: update loopback addresses
2018-10-30 12:31:34 +01:00
543ffce274
dhcpd: dhcp for Aruba APs
2018-10-26 18:43:18 +02:00
2f1ed864cd
dns-extern: update documentation
2018-10-22 21:03:18 +02:00
ae65e438dc
dns-extern: role for primary nameserver
2018-10-22 20:58:34 +02:00
Kishi85
e3c7c0cc1b
Change updatepolicy.aliases format
2018-10-22 20:30:12 +02:00
267557f068
common: install software on proxmox
2018-10-15 21:47:26 +02:00
65786edf03
common: run apt task to ensure python-apt is installed
2018-10-15 21:47:03 +02:00
e88a6e5691
further updates wrt changed ntp server
2018-10-15 21:46:30 +02:00
Kishi85
271305ad34
Proxmox handling
2018-10-15 21:08:06 +02:00
67d4340ba6
hackmd: fix owner, persistent upload path, allow anon edits
2018-10-15 18:46:34 +02:00
22c1b0d469
bk-dss: new role to be deployed on LDAP host
2018-10-15 18:25:30 +02:00
32f976a163
hackmd: fix when
2018-10-08 21:46:29 +02:00
4a93fab603
hackmd: update database scheme
2018-10-08 20:29:18 +02:00
9b19d93bf9
hackmd: update version to codimd 1.2.1
2018-10-08 20:28:06 +02:00
ebecd957b2
hackmd: reload systemd before restarting hackmd
2018-10-08 20:14:33 +02:00
e2fd44eb53
prometheus: new role
2018-10-06 22:19:37 +02:00
634b952321
common: update zsh path for FreeBSDH
2018-10-06 22:18:40 +02:00
b6605467fa
dhcpd: new lock IP
2018-10-06 20:37:41 +02:00
1b25547d97
dns: remove old hosts
2018-10-04 21:38:59 +02:00
ca86d25ed5
Fix dovecot ldaps
2018-10-04 21:29:16 +02:00
59cca157e2
web: new domain makerspace-regensburg.de
2018-10-02 18:35:30 +02:00
d434e9e70d
hackmd: only rebuild if changed (properly this time)
2018-09-20 22:57:51 +02:00
9e0e5923a8
dns-intern: renumber RZ
2018-09-20 22:31:12 +02:00
482d67ebb1
Change BKCA to a system CA for migration to Let's Encrypt
2018-09-20 18:55:17 +02:00
1a511a9faf
root-keys: new role to set ssh authorized keys for the root user
2018-09-17 22:03:35 +02:00
0a2f85459d
common: update FreeBSD zsh location
2018-09-16 11:50:45 +02:00
3be1e06242
hackmd: disable anon usage
2018-09-16 11:49:53 +02:00
9f608c886d
Change certificate locations, update powerdns aliases
2018-09-11 13:58:24 +02:00
9dcdbdf983
acme.sh role
2018-09-10 22:52:41 +02:00
b3d3888518
dchpd: don't use global ntp servers
2018-08-27 23:31:29 +02:00
d571ff6827
dns-intern: new hosts
2018-08-27 23:30:49 +02:00
6a73265d79
dhcp: increase lease times
2018-08-21 12:59:41 +02:00
8d7d6f6765
dns-intern: fix typo in hostname
2018-08-21 12:59:22 +02:00
008f64cb08
dns-intern: new host sw03
2018-08-20 15:46:09 +02:00
6c7014e7fc
Set sane default for DMARC_MODERATION_ACTION
2018-07-30 21:32:09 +02:00
9baad14c37
Remove, rename and preserve DKIM headers (mode=3)
2018-07-24 12:21:57 +02:00
74aa02420e
mail: make mailman work with postfix again
2018-07-23 22:36:54 +02:00
6db9b2eafd
dns-intern: new hosts (ap04 and modem)
2018-07-23 21:54:27 +02:00
ede83b43a1
Mailman: Remove (wrong) DKIM headers
2018-07-23 18:47:56 +02:00
bfe0d994d0
common: fix regex
2018-07-17 13:26:45 +02:00
b456e13542
radius: update to freeradius 3 (and no more LDAP)
2018-07-17 10:43:31 +02:00
4204334e3d
Clean cmk server
2018-07-16 21:03:25 +02:00
ff98616d94
new agent ver
2018-07-16 21:02:50 +02:00
2876acf4d6
Check_MK for bacon, new cmk version
2018-07-16 20:52:33 +02:00
e4b07bc43b
dns/dhcp: reserved host mirror
2018-07-08 16:38:16 +02:00
4aa681ff70
common: udpate zsh prompt path
2018-07-06 12:12:29 +02:00
26ed972c00
Check_MK update p33 to p34
2018-06-27 21:09:12 +02:00
66bdb9ec16
dns-intern: style fix
2018-06-27 20:27:00 +02:00
66c36c4896
common: fix network interfaces names
...
(ensXX -> ethX) in consistent way with systems upgraded
from debian 8
2018-06-27 20:04:45 +02:00
0622787e0c
new host: neon, rename dns to dns-intern
2018-06-27 19:35:30 +02:00
8ae92ce745
Add alias for forseti, checkmk.bk
2018-06-13 17:29:37 +02:00
69edc1d5bf
Downloaded file mode 0755 -> 0644
2018-06-13 16:56:19 +02:00
a025bc0301
Merge branch 'master' of git.binary-kitchen.de:moepman/infra
2018-06-13 16:48:27 +02:00
b5b06841d1
Add check_mk tasks and roles
2018-06-13 16:47:18 +02:00
0cafa543aa
run unattented updates on non-critial hosts
2018-06-13 15:08:04 +02:00
4ae4cb8b13
member-sw: install ansible
2018-06-13 14:53:59 +02:00
b570b30ad2
common: prevent normal users from running su
2018-06-13 14:43:13 +02:00
2417bf1302
Add forseti check_mk VM
2018-06-11 21:08:37 +02:00
850f813079
hackmd: fix service file (missing working dir)
2018-06-04 15:59:11 +02:00
b68232cea4
hackmd: improve (csp, hsts, version bump) and start to use vault
2018-06-04 14:00:55 +02:00
197af9ee3f
dns: update IPs
2018-05-14 20:02:18 +02:00
ce8959a1d2
gogs: use debian stretch packages
2018-05-08 23:15:06 +02:00
cc5611ca37
common: use ansible facts to detect KVM VMs
2018-05-02 12:11:31 +02:00
d3a50a75d6
hackmd: SSL, temporary CSP'fix
2018-05-01 11:49:42 +02:00
e24a9ede41
DNS and DHCP update: obazda, garlic
2018-05-01 11:48:55 +02:00
2bebcc16a3
common: install qemu-agent on VMs
2018-05-01 11:47:57 +02:00
2a15de42cf
gogs: style fix
2018-05-01 11:43:51 +02:00
7806c6b9e9
DNS and DHCP updates
2018-05-01 11:43:51 +02:00
95084d6cc6
mail: reduce dovecot logging
2018-04-18 15:07:58 +02:00
b9086690dc
hackmd: LDAP and vhost
2018-04-12 18:30:30 +02:00
344139e75c
hackmd: new role (not finished yet)
2018-04-09 21:28:36 +02:00
67af76cbda
prosody: enable modules to improve user experience (XEP 0065, 0124, 0191, 0352, 0357, 0363)
2018-03-20 12:59:49 +01:00
f13bf4d466
dns: remove host ups2
2018-02-03 22:52:13 +01:00
718657fc15
New host: bowle (punsch replacement)
2018-02-03 22:40:48 +01:00
d281b083bc
dns: remove non working update check
2018-01-23 18:29:16 +01:00
42b741a139
common: install psmisc (for killall)
2018-01-14 19:06:25 +01:00
7a004e4d8f
certmgr: update to current version
2018-01-14 18:40:19 +01:00
f2dca81c28
Update dns & dhcp (remove sushi)
2018-01-11 19:37:57 +01:00
d975523f4d
common: install net-tools (for netstat)
2018-01-10 12:28:20 +01:00
5b5fa52e53
Modify dns for debian stretch.
2017-10-10 09:48:48 +02:00
4db79176e5
Update zsh path for FreeBSD.
2017-10-10 09:46:57 +02:00
bc653331f6
Fix gogs repository url.
2017-10-02 12:15:56 +02:00
19f4984b1b
Make sure less is installed (needed by journalctl).
2017-10-02 12:15:17 +02:00
983189fb46
Make snmpd less verbose on debian Stretch.
2017-10-02 12:14:50 +02:00
683acac84e
Add DHCP options for VoIP phones.
2017-10-02 12:13:04 +02:00
dba3a3fa71
DHCP for schweinshaxn.
2017-09-30 16:44:19 +02:00
99b0279cac
Disable mouse in vim (debian).
2017-09-20 13:24:30 +02:00
47ecaa9a74
New hosts/IPs in dns.
2017-09-18 20:52:22 +02:00
261c053c93
IP, DNS and DHCP for spaghetti (octopi).
2017-09-12 19:41:36 +02:00
b6132e8720
Fetch letsencrypt root cert for certmgr.
2017-09-09 11:25:16 +02:00
008b0efd1b
Modify certmgr for Debian stretch.
2017-09-09 11:23:30 +02:00
c43a927779
Modify nginx for Debian stretch.
2017-09-09 11:22:43 +02:00
fef4ea1c13
Fix dovecot ssl config (no longer worked with Debian stretch).
2017-09-04 15:36:55 +02:00
103512faae
Add php7.0-xml to web role.
2017-09-03 14:37:23 +02:00
afc6b3f57f
Modify librenms and racktables for Debian stretch.
2017-09-03 14:35:56 +02:00
021aa8df96
Add new devices and IPs.
2017-09-03 14:26:05 +02:00
88c23c3693
Clean up, specify eth0 as dhcp interface.
2017-07-07 07:49:17 +02:00
fd6abd2dd2
Modify web role for debian stretch.
2017-07-03 09:49:18 +02:00
313a27e20d
Handle incorrectly enabled hibernation/resume.
2017-07-03 09:48:25 +02:00
7e856c2923
Cleanup (mostly apt: state=present).
2017-07-02 22:17:32 +02:00
c7e4dd4173
Forgot to add opcache.ini.
2017-07-01 16:36:41 +02:00
37aef461cf
Modify owncloud role for debian stretch.
2017-07-01 16:33:15 +02:00
becadd373f
New hosts: nbe-w13b, nbe-tr8, sw01, sw02
2017-07-01 14:25:43 +02:00
438ed4e24e
Reserve DNS/IPs for new network equipment.
2017-06-05 21:39:41 +02:00
05e54ced02
Change mac address of lock.
2017-06-05 21:38:47 +02:00
5feacf313f
Prosody: enable XEP-0313 (for OMEMO).
2017-04-03 12:25:18 +02:00
fa23c6281b
New hosts: ap03, klopi.
2017-03-21 20:45:16 +01:00
1cbb6e7f1d
New host: cannelloni.
2017-03-21 20:45:16 +01:00
bc270519b0
Begin work on directory-self-service role.
2017-03-21 20:45:12 +01:00
1b587c0eec
Switch to nginx-light.
2017-03-01 09:33:49 +01:00
2978ef8177
Fix certmgr actions for cron usage.
2017-02-28 14:48:03 +01:00
e7e49f356f
Use Leti's Encrypt certificates for binary-kitchen.de.
2017-02-28 14:14:33 +01:00
7c01620a0f
Enable certificate manager cron job.
2017-02-28 13:20:48 +01:00
c6a563b1bd
Add (free)radius role.
2017-02-21 20:20:04 +01:00
60561fafea
Update subnet names.
2017-02-21 18:47:11 +01:00
9e77e2cc4b
Add VPN IPs to DNS.
2017-02-21 18:46:47 +01:00
12742d569d
IP/DNS changes.
2017-02-17 21:16:09 +01:00
b00e335278
Make snmpd less verbose.
2017-02-17 11:12:12 +01:00
8405d98926
Remove unused DHCP reservations.
2017-01-30 20:00:58 +01:00
21790f63b0
Unify ldap-server/mirror into slapd.
2017-01-30 20:00:37 +01:00
25e0f52789
Add DHCP reservation for sushi.
2017-01-28 16:44:36 +01:00
59f56d4a32
Add ldap-mirror role.
2017-01-28 16:42:22 +01:00
d1b6a47d46
Disable DNSSEC for resolving.
2017-01-23 20:09:43 +01:00
30fd032a59
Change client network gateways.
2017-01-23 19:26:35 +01:00
46889c110b
Add secondary DNS/DHCP.
2017-01-23 18:47:24 +01:00
df240d2652
Adjust DHCP pools.
2017-01-23 15:27:07 +01:00
f05e808aef
Rename dhcp role to dhcpd.
2017-01-21 17:56:12 +01:00
6ae56bc002
Add DHCP server role.
2017-01-21 17:55:08 +01:00
f3e469bfb6
Fix ldap permissions.
2017-01-17 12:57:40 +01:00
5980848421
Add new hosts to dns.
2017-01-17 12:44:46 +01:00
4bad44c464
Add dns-server role
2017-01-07 15:41:21 +01:00
21aefb8633
Fix zsh prompt for 5.3.1.
2017-01-07 15:10:50 +01:00
b2ef100994
gogs: increase client_max_body_size to 128M
2017-01-03 15:47:53 +01:00
3b1ab3877d
Only create DH param file when using ssl.
2016-11-19 22:24:21 +01:00
8aa3a6c806
Use current acertmgr version.
2016-10-06 09:27:35 +02:00
1a8c57f041
Fix typo.
2016-07-28 12:23:48 +02:00
27ff25bdf7
Add git to software available to members.
2016-07-28 12:21:08 +02:00
a8fdb58d9f
Place librenms to /usr/share/librenms.
2016-07-07 07:03:53 +02:00
3ba596b471
Improve librenms role.
2016-07-06 16:28:16 +02:00
31b4b2e385
Add incomplete librenms role.
2016-07-06 13:26:42 +02:00
b2ca65b0cc
Do not create unnecessary directory for racktables.
2016-07-06 13:24:37 +02:00
54caed7299
Complete RackTables installation.
2016-06-18 14:44:59 +02:00
5bb3a44c71
Add racktables role (unfinished) and apply it.
2016-06-18 13:23:12 +02:00
b83b2f02f1
Prepare nginx to be used without SSL.
2016-06-18 13:21:21 +02:00
89c9e8031c
Add ccc-r.de and ccc-regensburg.de to web.
2016-05-09 20:33:49 +02:00
96fb3a84dc
Allow mail relay from trusted servers, enable ipv6.
2016-04-13 08:59:45 +02:00
c8d0e43743
Configure owncloud vhost even more like upstream suggests.
2016-04-12 17:02:20 +02:00
70c4185053
Add more http headers to the owncloud vhost.
2016-04-12 16:52:27 +02:00
f90df2aae9
Remove static vhost from web.
2016-04-12 09:36:12 +02:00
131a99e96b
Add software to install on member server.
2016-04-11 22:42:21 +02:00
fb36cabe6c
Use current acertmgr version.
2016-04-11 22:41:32 +02:00
79303d999c
Add apt-dater-host to default installed packages.
2016-04-11 22:39:59 +02:00
54a86c3b4f
Enable greylisting for info@ and vorstand@.
2016-04-11 22:39:29 +02:00
171700f752
Set domains for which amavis feels responsible.
2016-04-11 22:39:05 +02:00
b8455c62a7
Fix ACME directories in nginx vhosts.
2016-04-09 23:42:13 +02:00
86df50da48
Add gogs role.
2016-04-09 23:41:41 +02:00
9d1862d7fc
Optimize owncloud settings (APCu, HSTS).
2016-04-09 22:08:43 +02:00
caaf9f5606
Add .space domain for web.
2016-04-09 21:14:57 +02:00
1f679bcbcf
Another round of new mailman vhost settings.
2016-04-09 20:41:17 +02:00
8f70860f8e
Adjust mail role to reality (now with working fcgi).
2016-04-08 20:00:21 +02:00
aaf7ff604e
Unify certmgr configs.
2016-04-08 10:24:23 +02:00
429e212599
Add rsync to common role.
2016-04-08 09:12:19 +02:00
3c9fa5cf2a
Use saslauth for prosody.
2016-04-08 09:07:06 +02:00
63b1ecd671
Add redirect for owncloud to web host.
2016-04-08 07:43:23 +02:00
838a98f7e3
Update mail configs (greylisting, minor fixes).
2016-04-08 07:42:21 +02:00
090fad6a01
Fix web vhost and software dependencies.
2016-04-07 20:51:56 +02:00
eb5a2552a8
FreeBSD has native htop now.
2016-04-07 16:09:04 +02:00
747feab2ad
Add a very basic web role.
2016-04-07 15:51:30 +02:00
ffdfa8f08b
Update postfix TLS settings.
2016-04-07 00:03:27 +02:00
1d2836001e
Fix sa-update key import.
2016-04-06 23:47:14 +02:00
ae42cedb2c
Cleanup mail role.
2016-04-06 22:58:54 +02:00
2319827c79
Fix problems related to postfix running ldap maps in chroot.
2016-04-06 22:40:38 +02:00
88bf7e2f09
Remove unnecessary dovecot settings.
2016-04-06 21:39:41 +02:00
2f8d0729c0
Allow more virtual postfix domains and make aliases configurable.
2016-04-06 21:38:54 +02:00
65f1511913
Fix dovecot auth settings.
2016-04-06 21:20:19 +02:00
34663c35c6
Fix amavis config file paths.
2016-04-06 19:32:14 +02:00
91f2bd73e5
Add Sought ruleset to spamassassin.
2016-04-06 19:30:16 +02:00
b50ed3717c
Enable spamassassin cronjob for mail.
2016-04-06 19:04:45 +02:00
566c1d9fc5
Fix certmgr config templates.
2016-04-06 19:02:54 +02:00
8d7abb4f0c
Fix certificate/CA handling.
2016-04-06 18:00:23 +02:00
ad9f37a966
Adjust php5-fpm config for owncloud.
2016-04-06 10:19:01 +02:00
072a7d9cf8
Add recommended headers to owncloud vhost.
2016-04-06 10:10:06 +02:00
07ca697e63
Deploy sane ldap.conf for ldap clients.
2016-04-06 09:50:00 +02:00
1f11072d0f
Fix owncloud DB creation and add forgotten ldap module.
2016-04-06 09:49:25 +02:00
75aa51d0bb
Fix ntp role issues with included handlers.
2016-04-05 10:33:55 +02:00
3f4f47adfe
Modify owncloud vhost config (cf upstream config).
2016-04-05 09:19:27 +02:00
6e954168db
Add owncloud role.
2016-04-05 08:49:08 +02:00
69b704dac3
Update certmgr version and dependencies.
2016-04-05 08:46:41 +02:00
26951c89a6
Fix nginx handling of acme challenges.
2016-04-05 08:46:38 +02:00
f5146bf438
Fix LDAP and adjust to new schema.
2016-04-01 20:27:29 +02:00
cf3667ddcf
Forgot to add notify statement.
2016-04-01 18:37:47 +02:00
749991b39a
Have ldap-server offer ldaps connections.
2016-04-01 18:37:02 +02:00
157577dfcb
Fix mail-related certificate handling.
2016-04-01 08:10:00 +02:00
4b22d48931
Use officially assigned OID values.
2016-03-30 22:09:15 +02:00
bb814ddfba
Adjust ntp for servers hosted at FAN.
2016-03-30 21:40:40 +02:00
9359a37f3f
Rename ldap-client to ldap-pam.
2016-03-26 14:07:13 +01:00
38e33ab164
Adjust mail to ldap changes.
2016-03-26 10:46:46 +01:00
5d3282d567
Fix ldap-server (confirmed working on debian).
2016-03-24 11:43:40 +01:00
7f8971338c
Move LDAP CA certificate to a better location.
2016-03-23 20:58:17 +01:00
23cfe4486e
Add ldap-server role.
2016-03-23 12:14:18 +01:00
5ce470c9dd
Move nginx ssl config to nginx.conf (from default).
2016-03-13 01:37:26 +01:00
198783d10b
Make mailman https only.
2016-03-09 23:46:37 +01:00
168a158922
Make nginx work with http2.
2016-03-09 22:25:48 +01:00
01f968ecb7
Add dependencies to mail role.
2016-03-09 22:21:56 +01:00
2fe21d0638
Add nginx role.
2016-03-09 22:10:14 +01:00
42e928126d
Empty motd on debian systems.
2016-03-04 13:02:55 +01:00
f70a7dbbdd
Postfix should check the LDAP certficate as well.
2016-03-03 08:19:18 +01:00
1cdb5750dc
Make LDAP CA cert file a variable.
2016-03-03 08:14:43 +01:00
4f5558528e
Adjust ldap-client role for new CA path.
2016-03-03 08:11:14 +01:00
5b463c1631
Add LDAP certificate to common role.
2016-03-03 08:09:26 +01:00
7f5f30bd4f
Switch dovecot to LDAP auth.
2016-03-03 08:02:56 +01:00
056c86a7ea
Enable SSL for mailman vhost.
2016-03-01 07:56:37 +01:00
3eafb60eba
Fix mailman vhost.
2016-02-29 21:55:12 +01:00
e711819e2f
Configure mailman vhost.
2016-02-29 21:29:44 +01:00
3859a3912b
Restart postfix if mailman config changes.
2016-02-29 21:07:45 +01:00
09df61bbe5
Add mailman configuration.
2016-02-29 21:05:21 +01:00
bc22efc8f9
Prepare mailman configuration.
2016-02-29 20:50:14 +01:00
ecf3b91abd
Fix postfix/policyd-spf and a minor typo.
2016-02-29 20:39:14 +01:00
3bfa0391b1
Create certficate config in mail role.
2016-02-28 15:30:57 +01:00
2732c1a4ca
Add certmgr role.
2016-02-28 15:19:21 +01:00
e6f0e45ffc
Add mailman, fix typo.
2016-02-25 08:01:03 +01:00
ec50f7afcb
Use "smtpd_tls_ciphers = medium" for TLS security.
2016-02-23 21:03:12 +01:00
cb54f03a2a
Use gentoo zsh prompt in common role.
2016-02-23 15:01:34 +01:00
942a3d6724
Fix LDAP for mail role.
...
Missing postfix-ldap, use uri instead of host.
2016-02-23 14:57:53 +01:00
9c6e1d1387
Fix ownership of /var/log/dovecot.
2016-02-23 14:56:18 +01:00
2bbe026cd2
Run postmap after relevant files have changed.
2016-02-22 18:07:24 +01:00
04ca9ff769
Create dovecot log dir and fix vmail user for mail role.
2016-02-15 23:48:24 +01:00
5f42f9e70c
Prepare mail role for real ssl certs.
2016-02-15 23:31:05 +01:00
68cdb42b77
Use more variables for mail templates.
2016-02-15 21:30:24 +01:00
fbcac9f826
Add sudo package to common role.
2016-02-15 21:04:37 +01:00
175ee1841b
Add config files and extend tasks for mail role.
2016-02-15 21:04:01 +01:00
fbe164e2db
Enable TLS for LDAP in postfix.
2016-02-15 19:21:17 +01:00
7999a4ec89
Unify action names.
2016-02-15 19:17:28 +01:00
f535c13cba
Add prosody role.
2016-02-11 16:15:38 +01:00
ba1f088be7
Add dnsutils on to common/Debian.
2016-02-01 21:01:52 +01:00
d0f6809dc4
Add more tags.
2016-02-01 20:56:51 +01:00
4b34ce0954
Add very basic mail role.
2016-02-01 20:52:34 +01:00
cb2147d9c1
Change LDAP CA cert path.
2016-01-31 12:15:23 +01:00
0c72c8f8ba
Add very basic and incomplete mail role.
2016-01-26 10:36:33 +01:00
46e42058e7
Rename some LDAP related variables.
2016-01-26 10:35:17 +01:00
ede470acf9
Name includes (useful for ansible 2.0)
2016-01-13 14:19:50 +01:00
ce1d8fcac3
Add/merge group_vars.
2016-01-07 23:28:42 +01:00
c425172e7d
ldap-client: improve naming.
2016-01-04 21:40:59 +01:00
8b41211346
Add ldap-client role.
2016-01-04 20:05:08 +01:00
7ca8e1ad50
Add common role.
2015-12-13 18:54:49 +01:00
f354af18a8
Add ntp role.
2015-12-13 18:51:08 +01:00