Compare commits
No commits in common. "master" and "master" have entirely different histories.
44
README.md
44
README.md
@ -15,26 +15,25 @@ Currently the following hosts are installed:
|
||||
|
||||
### Internal Servers
|
||||
|
||||
| Hostname | OS | Purpose |
|
||||
| --------------------------- | --------- | ----------------------- |
|
||||
| wurst.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| salat.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| weizen.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| bacon.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| aveta.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| aeron.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| sulis.binary.kitchen | Debian 12 | Shell |
|
||||
| nabia.binary.kitchen | Debian 12 | Monitoring |
|
||||
| epona.binary.kitchen | Debian 12 | NetBox |
|
||||
| pizza.binary.kitchen | Debian 11 | OpenHAB * |
|
||||
| pancake.binary.kitchen | Debian 12 | XRDP |
|
||||
| knoedel.binary.kitchen | Debian 12 | SIP-DECT OMM |
|
||||
| schweinshaxn.binary.kitchen | Debian 12 | FreePBX |
|
||||
| bob.binary.kitchen | Debian 12 | Gitea Actions |
|
||||
| lasagne.binary.kitchen | Debian 12 | Home Assistant * |
|
||||
| tschunk.binary.kitchen | Debian 12 | Strichliste |
|
||||
| bowle.binary.kitchen | Debian 12 | Files |
|
||||
| lock-auweg.binary.kitchen | Debian 12 | Doorlock |
|
||||
| Hostname | OS | Purpose |
|
||||
| ------------------------- | --------- | ----------------------- |
|
||||
| wurst.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| salat.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| weizen.binary.kitchen | Proxmox 8 | VM Host |
|
||||
| bacon.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| aveta.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| aeron.binary.kitchen | Debian 12 | DNS, DHCP, LDAP, RADIUS |
|
||||
| sulis.binary.kitchen | Debian 12 | Shell |
|
||||
| nabia.binary.kitchen | Debian 12 | Monitoring |
|
||||
| epona.binary.kitchen | Debian 12 | NetBox |
|
||||
| pizza.binary.kitchen | Debian 11 | OpenHAB * |
|
||||
| pancake.binary.kitchen | Debian 12 | XRDP |
|
||||
| knoedel.binary.kitchen | Debian 12 | SIP-DECT OMM |
|
||||
| bob.binary.kitchen | Debian 12 | Gitea Actions |
|
||||
| lasagne.binary.kitchen | Debian 12 | Home Assistant * |
|
||||
| tschunk.binary.kitchen | Debian 12 | Strichliste |
|
||||
| bowle.binary.kitchen | Debian 12 | Files |
|
||||
| lock-auweg.binary.kitchen | Debian 12 | Doorlock |
|
||||
|
||||
\*: The main application is not managed by ansible but manually installed
|
||||
|
||||
@ -53,7 +52,7 @@ Currently the following hosts are installed:
|
||||
| neon.binary-kitchen.net | Debian 12 | Auth. DNS |
|
||||
| sodium.binary-kitchen.net | Debian 12 | Mattrix |
|
||||
| magnesium.binary-kitchen.net | Debian 12 | TURN |
|
||||
| aluminium.binary-kitchen.net | Debian 12 | Web (div. via Docker) |
|
||||
| aluminium.binary-kitchen.net | Debian 12 | Zammad |
|
||||
| krypton.binary-kitchen.net | Debian 12 | PartDB * |
|
||||
| yttrium.binary-kitchen.net | Debian 12 | Hintervvoidler * |
|
||||
| zirconium.binary-kitchen.net | Debian 12 | Jitsi |
|
||||
@ -63,6 +62,7 @@ Currently the following hosts are installed:
|
||||
| rhodium.binary-kitchen.net | Debian 12 | Event pretix |
|
||||
| palladium.binary-kitchen.net | Debian 12 | Event pretalx |
|
||||
| argentum.binary-kitchen.net | Debian 12 | Event Web * |
|
||||
| cadmium.binary-kitchen.net | Debian 12 | Event NetBox * |
|
||||
| cadmium.binary-kitchen.neti | Debian 12 | Event NetBox * |
|
||||
| barium.binary-kitchen.net | Debian 12 | Workadventure |
|
||||
|
||||
\*: The main application is not managed by ansible but manually installed
|
||||
|
@ -105,8 +105,6 @@ mail_aliases:
|
||||
- "root@binary-kitchen.de moepman@binary-kitchen.de,kishi@binary-kitchen.de"
|
||||
- "seife@binary-kitchen.de anke@binary-kitchen.de"
|
||||
- "siebdruck@binary-kitchen.de anke@binary-kitchen.de"
|
||||
- "therapy-jetzt@binary-kitchen.de darthrain@binary-kitchen.de"
|
||||
- "toepferwerkstatt@binary-kitchen.de anke@binary-kitchen.de,meet_judith@binary-kitchen.de"
|
||||
- "vorstand@binary-kitchen.de anke@binary-kitchen.de,christoph@schindlbeck.eu,ralf@binary-kitchen.de,zaesa@binary-kitchen.de"
|
||||
- "voucher1@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher2@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
@ -120,9 +118,6 @@ mail_aliases:
|
||||
- "voucher10@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher11@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher12@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher13@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher14@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "voucher15@binary-kitchen.de exxess@binary-kitchen.de"
|
||||
- "workshops@binary-kitchen.de timo.schindler@binary-kitchen.de,venti@binary-kitchen.de"
|
||||
- "tickets@eh21.easterhegg.eu orga@eh21.easterhegg.eu"
|
||||
- "hackzuck@eh21.easterhegg.eu kekskruemml@binary-kitchen.de"
|
||||
@ -147,6 +142,12 @@ nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"
|
||||
|
||||
omm_domain: omm.binary.kitchen
|
||||
|
||||
pretalx_domain: fahrplan.eh21.easterhegg.eu
|
||||
pretalx_dbname: pretalx
|
||||
pretalx_dbuser: pretalx
|
||||
pretalx_dbpass: "{{ vault_pretalx_dbpass }}"
|
||||
pretalx_mail: pretalx@binary-kitchen.de
|
||||
|
||||
pretix_domain: pretix.events.binary-kitchen.de
|
||||
pretix_domainx: tickets.eh21.easterhegg.eu
|
||||
pretix_dbname: pretix
|
||||
@ -182,12 +183,13 @@ strichliste_dbname: strichliste
|
||||
strichliste_dbuser: strichliste
|
||||
strichliste_dbpass: "{{ vault_strichliste_dbpass }}"
|
||||
|
||||
therapy_domain: therapy.jetzt
|
||||
therapy_secret: "{{ vault_therapy_secret }}"
|
||||
|
||||
vaultwarden_domain: vault.binary-kitchen.de
|
||||
vaultwarden_dbname: vaultwarden
|
||||
vaultwarden_dbuser: vaultwarden
|
||||
vaultwarden_dbpass: "{{ vault_vaultwarden_dbpass }}"
|
||||
vaultwarden_token: "{{ vault_vaultwarden_token }}"
|
||||
vaultwarden_yubico_secret: "{{ vault_vaultwarden_yubico_secret }}"
|
||||
|
||||
workadventure_domain: wa.binary-kitchen.de
|
||||
|
||||
zammad_domain: requests.binary-kitchen.de
|
||||
|
@ -1,109 +1,109 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38306162656631353365313637393663316134623036643364383033613731356230663464376264
|
||||
3335653933643733613462636638396664363762636561300a376538626636303765613633646633
|
||||
63333534656163663834303039646639646530333532313732643261356262323764616463393832
|
||||
3137306637306565610a653637626438353766323031336665326231626538323637313763373934
|
||||
30303332656263623938666235643866343363363139653861343533313431396235333539333432
|
||||
65613236386434333635636431356236643335316362636530303834353235646337643639333538
|
||||
31643330393433323739343762323937643064313661643265376330633264316137373363303935
|
||||
66346134643432666463383333653735626437666137386135353532393638363834346164643335
|
||||
38393232623130346363636335313866623239373366613864356561636661343537383364373164
|
||||
66643232393262393536623130653332323663363263323036663662316163326466306334363363
|
||||
66306365366566326239346537656562363762373165613063376139383363313038373235303062
|
||||
65326531653635333034653439613563313539633834393562343164613661386532306665663433
|
||||
32663432656664333063376263346439316265646435623533623337333162656138636139303931
|
||||
31333561623838393239313761383665663733366461623830343165336538393362353132306335
|
||||
37396565616435343732626331373735313165333061346435646664376339636438373764643731
|
||||
66356464316336383834646333656164363535373065643665393435393266363432346239663161
|
||||
36393336346433326130303264626234613135626538313938663039386133336233373262363566
|
||||
33386163393936663165643530663865663436663066333231316334306435623966666636633638
|
||||
38616338316137393831303436653562386265373064373163306133346434616238393966623330
|
||||
39396237326461643865336364343263343230626362646162623136353235366431626362313030
|
||||
64633137306231346561353630636533353239373562396665376139303936323836633764616434
|
||||
35376135656338616139376261366637343433333063343864343362613135343364623265313861
|
||||
36303565333830323933333864613534626466373033666235626365346531323631386365323835
|
||||
61613564386466333933613162326431613963333864393362376163313161643165356134343438
|
||||
38396533363565343233643863343432313165386465303336626337333331646664626262643333
|
||||
64343438653335663234653466663239616633653162383630666639613738323734646431623264
|
||||
65343535336637323063366536663433366363626632383536653765373830666235326530636362
|
||||
35303432333832353366363731643863366134626139623435613336626238303837316433623238
|
||||
32313930396432333836346364346436613934316136646533633339323736366135316631363132
|
||||
36623931313137333932313731343936313966653163666261623937363335613035333335356533
|
||||
34633838333635323464633763383765653266663233643836383135336434376364396164333233
|
||||
37616438643234336337313965663034646166373436373530386463663961313362326362353437
|
||||
31313837643535313039653531323765366339373130636565333939643564643533343534376638
|
||||
63616431643531663765366239326135343531333037366264353961346162633633353237613430
|
||||
66666433356530633835666139653932383362376334383762373530666630393764643632363331
|
||||
35316134623064626439633236343938346134383938333832336533373838633466613364653563
|
||||
64626631303435653339356631323137336538633233393962306531626266353766386162363031
|
||||
39363961623033323661643136326435643466303332646234396339653833653937666532336138
|
||||
37646336383963616630333566633537303736656666663635316631383537303035323131393862
|
||||
33343335386235333632656436356465646235313638313634353631393365366166383133636665
|
||||
66363463363339646133353831666631366439646364393239346166343062663866373938396637
|
||||
31386237393065306134653636313933653062353636323963323437663163346366363263313665
|
||||
32306331623637396664636165663434653630636130306133343736313262303635353661373533
|
||||
61313466376365303031376336316431636365633736616535623934653562336636363866356266
|
||||
36336266663562623961396164316266373633383431613564646232643766663733353338623936
|
||||
38663731363262646334653761666562646433353230613838353233373662313938303533303864
|
||||
39316630636637343163643637356634383862363330353233653361646261623038303962613561
|
||||
63373832366661373036383036623563366364636530613063366364323635323937376165376236
|
||||
39663962643939386561623430623031366632646235366463656533643233613138363461656637
|
||||
63323236356438303732653834626138623838323764633639373436666635363834303835366466
|
||||
61306430303831303934316436373136353637373535373664666265313034646630666237636231
|
||||
39376161653134356365363666633634313065323331633261623961633763313734313735633966
|
||||
62643031376566343832343638613939333132353466613163386537386239363337323463396135
|
||||
61393930633138333739626233663432643837643563656662646631306566663437346362613939
|
||||
31363639323335623038356566323836653865653136383161666461656436313933333032336639
|
||||
32333166663935656663643461303466343835303732616263626462316133306239383264353263
|
||||
61313231386262376234316335383334336663326331643733643432366636326561353730623730
|
||||
37313431623561353266303134313064376236626462316339656339353131363765303734356464
|
||||
32336435363932353666336132363333303336323135363535666436646233366335376333383531
|
||||
65363832333534623931326438616237356235626666333934373638373665613738636466383735
|
||||
30333137303630366661343833663437343664303961313831336461393064643331386336663739
|
||||
62623838633936323834653965326161343161356334333030616137343637353138353731363762
|
||||
64623065636336643634333937323636356131373939623130306330313937656566363832663663
|
||||
66313036393135306437353061303438303761303563633566656131653433663030396235323435
|
||||
32346663316636373431663530393435313931663535396564363466353431343633613634383332
|
||||
31326665303563316664356564356535646665653737613038636236323562616231613233633039
|
||||
37643530653639313466313838343630656363653833613161656466376631653266613439626331
|
||||
35363930626534346164353033323039636365363234303435636535623265393635313436666234
|
||||
66623264306430306662303866303735316137383830646136666662346265613662333765656266
|
||||
64613161316162616133316165623863353431376633366262386239346335306634346333316566
|
||||
34396265376130306361343862383631653561616333643665353938666565306335653665373736
|
||||
63626630383232363961393435646334396366663532303132666235646464393662376331333361
|
||||
34663138336365633131633365336664393633376333316161336138393539333564396539343332
|
||||
36626664616263353931616362633638323038356230613937386339653633626465326538383265
|
||||
31646236323435323861666233656437343732343066306562363462363664386234333061396263
|
||||
61316636323234633631306434363665393938323631363563346166333139633436623230353436
|
||||
31303831636638666630376231303130343363393339666230363162383266616135336333386334
|
||||
64313838356466306361383464623037663931353664323336666532316536316362663639353238
|
||||
34616536613730343834633935646330306564643036306330626636653365653361396461316637
|
||||
62636264343737333539646332316562316136343734393063313439663939663935313930333061
|
||||
30343263626638353331336666373964343338343434633639326338633966396131623933346236
|
||||
37373564623238363935313736313165303862356530613164653562653530316630306365646165
|
||||
31326630303038396666343065356261616133373832383661393666383664323161633337376665
|
||||
63393938373830343761326562303730303237393661383561386633383561386437373061396462
|
||||
65376230643131353462613436316561646562356666376462386136336630636165333236636630
|
||||
35653164333437383565396637343762646665333734303764623638323532363164653139333937
|
||||
39313834303531636434366663386435396266663930623733366261656634666531626234386239
|
||||
62613466313636326238303164666332633632333364636331396264396164646639653761373863
|
||||
66653761393734643362306538356263353265616330393635343737363666623962346261366134
|
||||
30393937376265626163376565343364323366383330613832366434313034316164636331653063
|
||||
65356630663634616465363231666163376437353038303934356561666363333663333239313031
|
||||
34356463613963633331646364336431333630633737623766623361336432646339373364303661
|
||||
37656630376137613232306163656430323236306632353837363536376161656365366531313363
|
||||
32623537303439343438656461363233353931356566323963363662303838666465363464353833
|
||||
39386230653962373333643135353533323737343265343334316234613736616639613435616165
|
||||
61373431353463643936613631393461393637356264366665383538653336353535613330376465
|
||||
65616261666463623236313437656232306164643538653562376539613736303761636531613862
|
||||
30323532343339343135356431303866333537346233336266363630346562646237646563313331
|
||||
35393039383436633230653030623637663030393539363163393930616330373166313161346336
|
||||
38373963393834396133363966636638336161666234346564623761303262366336363061343866
|
||||
38356238323366613066323264366337393232343331636532666462613263626332376561616334
|
||||
63373433663562353466353062643965623635643464393238363965636532643439383764626566
|
||||
33646437333365653563393337343537316437323038313339316135303564376161323863303665
|
||||
62373564343036333564646565393738306231646537393636356234613639663466636335393031
|
||||
35623562343566386261376163303939653861623364373433383363316134303236663361613062
|
||||
37346664386162333130323134616264373237393639376533383036323131633963363665633531
|
||||
62663533383666613464386638383965346331643837356331326661303034376163373362386134
|
||||
38353461343233626365
|
||||
63626562396631623335303064393137396262393239366236373634323333343264343335306330
|
||||
3861326430303265376564306139323064356339653039330a613335323233356361303066663139
|
||||
34386465306537666464643736656230356632633239363865386166373834653030363736613834
|
||||
6339303364363166620a626134303835346130386238653232316663346633313631653164336336
|
||||
34653639363635663537356639646333616438336438333463656537326134343531393435663266
|
||||
64366333346130653730613865346134356161373237343539373965623036656231653939303365
|
||||
62326638666431333265343639326461313433656639393839396366633431616435393263336231
|
||||
66303634656536636165636462396637656331666336623734333139316533636664306262326566
|
||||
36616366663933613561336164386463393635636264613737316464666535366361613065363362
|
||||
30316566323663623133346130393032646237353934363531326530396263363130326638393032
|
||||
30633832663134613964323733623230363831636664373661633966366264373766326161623862
|
||||
39396331313231633237313735636261653531313961616230626565623633636638643936326237
|
||||
62333066366439643163336233353361343662326237376332396461393663623761613962333237
|
||||
65633039363636323235356632326563376163386161373362383466346339356463636437646262
|
||||
38313164393036393661336633373265303536316165623330643236313936666139376237366164
|
||||
31373364663136356139356433386132343630396531373961616131343333663463616262373439
|
||||
34393161323334333732383866653463656265393761346533663530613530313062626330356535
|
||||
65393037636665303564316536376531386561366466643961666439326462353864643635353934
|
||||
66616432303966643731386133613430313737356539386331623832656132663461393538363962
|
||||
64313935613063373832343862373734316634663333313835323836386466336663643661656436
|
||||
61353663646165623165663035383461376331373439666433386433376234613163396234373632
|
||||
61646230363163366338653332373834386534333436373737383463363335356436313463626333
|
||||
63393166316663323066323863373830393937353864376366313535663565613031643932383364
|
||||
62623633353662323965393563363261623564396632643662663032613032666162616132336130
|
||||
39376430663833303264306135643832383231623336613734373964653736376235653334333639
|
||||
63376661636561383236633365303031326630356661633062663564396133313633323738333539
|
||||
66303235613562313636343766356263383132643962393232396263393665666334633438383632
|
||||
38646635643030303464396634356161333836376364333361356461346664303563346463333838
|
||||
34356139373233313631653533356633643730663438646630373331313065363136663938306439
|
||||
38336563363966653632613436356530316234326365666438326635313537343665663233363731
|
||||
36646565393937326336626333383863656565323832303937323536346366303839633236663566
|
||||
32373632646463363634363031626635383233656361336532636366653434623562623937656137
|
||||
66303663316165633932643365623732323430376334303036303961396264303664616433356361
|
||||
64366135376232313265376563633163373933343066653939313433366539396163656163346663
|
||||
30626331333034316131343361636364653936373235623562336366336237353966613536316637
|
||||
61343530326139636365613434386263383430626663333932386431313164346532666562346537
|
||||
32623538353365383030396332386133343464643732653038623337353135663964643566396439
|
||||
64633435623763666461356331306539373638383034343735373765373333656562326338613763
|
||||
63633732373765316238633539316665623431616333363364316531306630343735393335616630
|
||||
36613362336566393866623566666430336639376662633233656130653837313161653462346335
|
||||
63396532663633393363626136373161303235613761373235633831393736343630353031613364
|
||||
32353463383934313961313638613533623638383062343936616336646431383935393938623138
|
||||
31383032326365333136666165633832333836346231636332353830336264636235383162356630
|
||||
38316137623935633863363162376239623932373233663663323830363162313665613830623763
|
||||
63656237343662616130326339386231376564613164666163393232653762613932343561343031
|
||||
66386431343139373734626430656139353635636233336236653438353066393732663637323435
|
||||
63303434376634366262646662616162343664666365373934346530343239653330356234373065
|
||||
31373934363731373136346665623334306631626134613334633135666461636462303164653662
|
||||
36323132376532613431653063643965636233373165333639323966663333633563303438396466
|
||||
64633761376164383835613038633630623439643364323232633437386334346138343361306638
|
||||
38626632326137303839306531633536643161656231636662383461373964646333303936343733
|
||||
36333863316162393134646563316235663164613062303734346662386466656461346364356564
|
||||
35326234336439623961383938316136633037343863363933616663366536613866666165376664
|
||||
30306438666365333333636632643832303463356533343033623938653365663732336164303033
|
||||
65653936363839323239306463366533653439663437343536393564336163313962313935636534
|
||||
34346330393637343834323931353762613839366166353139303535376230356466646261363464
|
||||
33386337616230623537376665663835373766316332363433313234326461313935636666363261
|
||||
30653433333436306564653461303165656163363331643536323535623062396561643662323334
|
||||
35626565616538396566363433363732656538313531636632643163633637303339656431346466
|
||||
61353030666638393361613833353532656130643866636135643434366562386363656434323366
|
||||
36343764316136316630353338363735646533346362386266643136626366356331656363393133
|
||||
35636633353662393435346365663432656166646136346331363563363539326162633166393164
|
||||
34303164353632373437613564336266373934396236383962376530613631633932626431333864
|
||||
64623439336638613337383763353531376133343436346330373362313034616166616537636366
|
||||
30306132613333633261326630323038323431643163373365376662623339396136313531366332
|
||||
66663037643036303836376632646132383563316262393438636432666661333836376663666130
|
||||
31316135366562633134306633333834636132623739373131626161633636313737646334376434
|
||||
33376337393630663338643366316465353266346365333830613533393139333235366237323339
|
||||
66346465313462373334316535383633343165373733313230373461366336353664306537306538
|
||||
32653538366565663764353031303763613835366461666163336665656436333563613835653438
|
||||
65376265303131376239616536353933346633393438643466343439643039313236373033323034
|
||||
64316364663139353664653564393262323565646235356431326331343433373639316234363938
|
||||
65633034666532306137353431613732663166323936356433323733376261386161383265663264
|
||||
35643038663565646135343233623530396165336263303931653037393934343833623337343834
|
||||
31343631343563626561393763356463393930616338623861363835343635376238653337653133
|
||||
31393834343536396536363533363739306639646333313836393331306566393534383265613234
|
||||
31623238306531383936343836336466343336396530633033323063346261366633343936316637
|
||||
30343165333861346635623934363537383531323637313461663964353338653639366562306236
|
||||
30363265393038633564626463393166333665396538663639346665353736336134643862663630
|
||||
62393037363963613263313939613865393066323830656362656464643730636535623639636131
|
||||
63343263333134336364323236656639613635323165383164636465353438653134646334643962
|
||||
35306463626336626664383638323865633631346437613139623239663538666363313237323663
|
||||
39323734353363643334343538303635366637373530383832393861346164666666306631643563
|
||||
63306565306337383539636330623933666266353635396238656435373563383830666636616335
|
||||
39386134383938626439366437383138303062333236306436336163393832613532303332303833
|
||||
39323539396235383765613234303765303136653064336361333035643365386232613766356362
|
||||
30656437376537623165626530623365393463626337383139663734396331396363396162383330
|
||||
31663636383037613563346330323063393637616334356439666263623662383666376265313732
|
||||
63343837306336313264313934653836363665616264396662633761363237366437653962626664
|
||||
38383462313435383133613465656435363563373765313361623565636564616236313666633264
|
||||
37393165386163393666376636343963333932346463303661373339303765303938636135323363
|
||||
35663731656431656330336366383330616163353934333564356633613165396463393066396533
|
||||
32396264653265333865643365346233633863333335383735396134663062343166656233613931
|
||||
35633133336337343531313266323663363830353236323035313031646434303761343737633139
|
||||
30343439323330353531633337353365363031666635653364326235316435383835663139376136
|
||||
39343361636662346166363432366162666631366431623563363936336164323836376232326162
|
||||
39316337343436386363643064653337613131346266353636333664373262326563386264303831
|
||||
65343534616464633232373532313865363732663235376534396436333531633261393066313263
|
||||
38316437643232336234343663666536353134626139623138636234396661613261326437303065
|
||||
36383331323061643632323339383530626430343132613039393434333939383065623464646362
|
||||
65303135313962613564666261356533313961323464623535393631613337663366626136343364
|
||||
61363035333636366439313961326462633463616237343133356437303234323363306337343237
|
||||
61376138323336663839623539633866313133346338313165623039336335663666313532636261
|
||||
36383332346636373936366632393364323331303866623533643062666361613133383262383538
|
||||
64343665333761326134303566656638633362643031306535333661623437636139353565623435
|
||||
39323631393132336636653731636264356637373031633037653466383163663865626339323731
|
||||
34623137386338343038373464613832363761643362623434373136376638663537623762646266
|
||||
63306439363039303461
|
||||
|
@ -5,5 +5,3 @@ radius_hostname: radius3.binary.kitchen
|
||||
slapd_hostname: ldap3.binary.kitchen
|
||||
slapd_replica_id: 3
|
||||
slapd_role: slave
|
||||
|
||||
unattended_reboot: "false"
|
||||
|
@ -15,5 +15,3 @@ radius_hostname: radius1.binary.kitchen
|
||||
slapd_hostname: ldap1.binary.kitchen
|
||||
slapd_replica_id: 1
|
||||
slapd_role: slave
|
||||
|
||||
unattended_reboot: "false"
|
||||
|
@ -5,4 +5,4 @@ nfs_exports:
|
||||
- /exports/backup/rz 172.23.9.61(rw,sync,no_subtree_check)
|
||||
- /exports/tank 172.23.0.0/22(rw,sync,no_subtree_check)
|
||||
|
||||
unattended_reboot: "false"
|
||||
uau_reboot: "false"
|
||||
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCNBY95YcFFBeiHM3IDzqKT/X/U09bpAWXwkCWIg6KlZumZg891apx6a0HLDannoBt7YCyYFgl3c1eJ36D08tRcy5c5k/+8Xhq0hq/HWo3EV5sd6Y+8xeTRST6Um8nyxHoSI7xw79yRoteOUDIzPnmDtbLQ2z3vWkA/H1EZQ4IjeQgFhl9vl4EyuAJ47Cdlv1D870BDspgAEoxSbipQEEnPsIctdyySp1R/sNC5tuP6qaoQ6nIDFdgv5rcY8SmgJQ2otlGex18RSBObBjdfyepV71mluqfs6HtVsM9zDvRUwY/FX4wmVc4QPdPLh/2kzEZi0YzefB10tpsuvhaOFI8JqXBDuSFZh3xCzRmKRlmqn50jrvGkYGUWg/GNYNF2rLCltCzg3BJHGaFh9sOtjaKLW+hTJwDtz4LIqNZb6w/2586hzjGCrrZgN24eLEcdp7iTPnkCul+kgOZaa62ytdKjza6/tgKCeUaEwmJTBuKMp/hor/LdLeibYgTtqUoFB7j1Ti2ey7oHly1oiSaKcR/hChgx0sniltRmzJI7KLuUiF+xkpv5Kf4rGl7UjvVxyf3glNh5DL87CfeWkGF3dgsjJdfYIHVJz/Bf6x0aB2TyybF8Exm0R05dhMT6ahZqMqa5d/aUZN+S3MaXw2amHWbMe8VcFpu/AztqrQM8sM+Mw== sprinterfreak"
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
|
@ -8,4 +8,4 @@ root_keys_host:
|
||||
- "# Thomas Schmid"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
|
||||
|
||||
unattended_reboot: "false"
|
||||
uau_reboot: "false"
|
||||
|
@ -8,4 +8,4 @@ root_keys_host:
|
||||
- "# Thomas Schmid"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
|
||||
|
||||
unattended_reboot: "false"
|
||||
uau_reboot: "false"
|
||||
|
@ -4,4 +4,4 @@ root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6uNwYKF3rqleM/HP95M+rsm+gwKY8epdtW2OutneY9 ralf@pluto"
|
||||
|
||||
unattended_reboot: "false"
|
||||
uau_reboot: "false"
|
||||
|
@ -1,4 +0,0 @@
|
||||
---
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
|
@ -4,4 +4,4 @@ root_keys_host:
|
||||
- "# Thomas Schmid"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
|
||||
|
||||
unattended_reboot: "true"
|
||||
uau_reboot: "true"
|
||||
|
4
hosts
4
hosts
@ -8,7 +8,6 @@ epona.binary.kitchen ansible_host=172.23.2.7
|
||||
pizza.binary.kitchen ansible_host=172.23.2.33
|
||||
pancake.binary.kitchen ansible_host=172.23.2.34
|
||||
knoedel.binary.kitchen ansible_host=172.23.2.35
|
||||
schweinshaxn.binary.kitchen ansible_host=172.23.2.36
|
||||
bob.binary.kitchen ansible_host=172.23.2.37
|
||||
lasagne.binary.kitchen ansible_host=172.23.2.38
|
||||
tschunk.binary.kitchen ansible_host=172.23.2.39
|
||||
@ -35,7 +34,10 @@ krypton.binary-kitchen.net
|
||||
yttrium.binary-kitchen.net
|
||||
zirconium.binary-kitchen.net
|
||||
molybdenum.binary-kitchen.net
|
||||
technetium.binary-kitchen.net
|
||||
ruthenium.binary-kitchen.net
|
||||
rhodium.binary-kitchen.net
|
||||
palladium.binary-kitchen.net
|
||||
argentum.binary-kitchen.net
|
||||
cadmium.binary-kitchen.net
|
||||
barium.binary-kitchen.net
|
||||
|
@ -1,3 +1,3 @@
|
||||
---
|
||||
|
||||
authentik_version: 2024.10.5
|
||||
authentik_version: 2024.8.3
|
||||
|
@ -6,9 +6,6 @@
|
||||
- name: Restart authentik
|
||||
service: name=authentik state=restarted
|
||||
|
||||
- name: Restart authentik-reload
|
||||
service: name=authentik-reload state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
|
@ -42,21 +42,9 @@
|
||||
- Reload systemd
|
||||
- Restart authentik
|
||||
|
||||
- name: Systemd unit for authentik-reload
|
||||
template: src=authentik-reload.{{ item }}.j2 dest=/etc/systemd/system/authentik-reload.{{ item }}
|
||||
with_items:
|
||||
- "service"
|
||||
- "timer"
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart authentik-reload
|
||||
|
||||
- name: Start the authentik service
|
||||
service: name=authentik state=started enabled=yes
|
||||
|
||||
- name: Enable auto update timer
|
||||
service: name=authentik-reload.timer state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
|
@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh authentik images
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/bin/systemctl reload-or-restart authentik.service
|
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh authentik images
|
||||
Requires=authentik.service
|
||||
After=authentik.service
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:0/15
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -15,8 +15,8 @@ TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/authentik
|
||||
|
||||
# Update images
|
||||
ExecStartPre=-/usr/bin/docker-compose pull --quiet
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
@ -24,9 +24,5 @@ ExecStart=/usr/bin/docker-compose up
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
|
||||
# Refresh on reload
|
||||
ExecReload=-/usr/bin/docker-compose pull --quiet
|
||||
ExecReload=/usr/bin/docker-compose up -d
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -9,5 +9,3 @@ logrotate_excludes:
|
||||
|
||||
sshd_password_authentication: "no"
|
||||
sshd_permit_root_login: "prohibit-password"
|
||||
|
||||
unattended_reboot: "true"
|
||||
|
@ -4,7 +4,6 @@
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- debian-goodies
|
||||
- dnsutils
|
||||
- fdisk
|
||||
- gnupg2
|
||||
@ -16,7 +15,6 @@
|
||||
- pydf
|
||||
- rsync
|
||||
- sudo
|
||||
- unattended-upgrades
|
||||
- vim-nox
|
||||
- wget
|
||||
- zsh
|
||||
@ -28,12 +26,6 @@
|
||||
- qemu-guest-agent
|
||||
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
|
||||
|
||||
- name: Configure unattended upgrades
|
||||
template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
|
||||
with_items:
|
||||
- 02periodic
|
||||
- 50unattended-upgrades
|
||||
|
||||
- name: Configure misc software
|
||||
copy: src={{ item.src }} dest={{ item.dest }}
|
||||
diff: no
|
||||
|
@ -9,7 +9,6 @@
|
||||
- less
|
||||
- rsync
|
||||
- vim-nox
|
||||
- wget
|
||||
- zsh
|
||||
|
||||
- name: Configure misc software
|
||||
|
@ -6,6 +6,3 @@
|
||||
- name: Configure chrony
|
||||
template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
|
||||
notify: Restart chrony
|
||||
|
||||
- name: Start chrony
|
||||
service: name=chrony state=started enabled=yes
|
||||
|
@ -1,8 +1,9 @@
|
||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
@ -68,7 +69,7 @@ PasswordAuthentication {{ sshd_password_authentication }}
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
KbdInteractiveAuthentication no
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
@ -84,13 +85,13 @@ KbdInteractiveAuthentication no
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the KbdInteractiveAuthentication and
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via KbdInteractiveAuthentication may bypass
|
||||
# the setting of "PermitRootLogin prohibit-password".
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and KbdInteractiveAuthentication to 'no'.
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
@ -108,7 +109,7 @@ PrintMotd no
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS no
|
||||
#PidFile /run/sshd.pid
|
||||
#PidFile /var/run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
@ -1,19 +1,19 @@
|
||||
$ORIGIN binary.kitchen ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2024111500; serial
|
||||
2024100600; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
1h; minimum time-to-live
|
||||
)
|
||||
@ IN NS ns1.binary.kitchen.
|
||||
@ IN NS ns2.binary.kitchen.
|
||||
IN NS ns1.binary.kitchen.
|
||||
IN NS ns2.binary.kitchen.
|
||||
; Subdomains
|
||||
users IN NS ns1.binary.kitchen.
|
||||
users IN NS ns2.binary.kitchen.
|
||||
; External
|
||||
@ IN A 213.166.246.4
|
||||
IN A 213.166.246.4
|
||||
www IN A 213.166.246.4
|
||||
; Aliases
|
||||
3dprinter IN A 172.23.3.251
|
||||
|
@ -9,27 +9,17 @@ newServer({address='127.0.0.1:5300', pool='authdns'})
|
||||
newServer({address='127.0.0.1:5353', pool='resolve'})
|
||||
|
||||
{% if dns_secondary is defined %}
|
||||
-- allow AXFR/IXFR only from secondary
|
||||
-- allow AXFR/IXFR only from slaves
|
||||
addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))
|
||||
{% endif %}
|
||||
|
||||
-- allow NOTIFY only from primary
|
||||
-- allow NOTIFY only from master
|
||||
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))
|
||||
|
||||
-- use auth servers for own zones
|
||||
addAction('binary.kitchen', PoolAction('authdns'))
|
||||
addAction('23.172.in-addr.arpa', PoolAction('authdns'))
|
||||
|
||||
-- function to set RA flag
|
||||
function setRA(dq)
|
||||
dq.dh:setRA(true)
|
||||
return DNSResponseAction.None
|
||||
end
|
||||
|
||||
-- set RA flag for queries to own zones
|
||||
addResponseAction('binary.kitchen', LuaResponseAction(setRA))
|
||||
addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))
|
||||
|
||||
-- use resolver for anything else
|
||||
addAction(AllRule(), PoolAction('resolve'))
|
||||
|
||||
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
|
||||
deploy_key_file: /root/.ssh/id_git_deploy_rsa
|
||||
|
||||
asterisk_user: asterisk
|
||||
asterisk_group: asterisk
|
||||
|
||||
repo_provisioning: gogs@git.binary-kitchen.de:noby/voip-yealink-provisioning.git
|
||||
repo_utilities: gogs@git.binary-kitchen.de:noby/voip-yealink-xml-browser.git
|
||||
|
||||
path_yealink_provisioning: /tftpboot/yealink
|
||||
path_yealink_utilities: /opt/yealink_utilities
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Restart yealink-utilities
|
||||
ansible.builtin.service:
|
||||
name: yealink-utilities
|
||||
state: restarted
|
@ -1,8 +0,0 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Thomas Basler
|
||||
description: Install FreePBX extensions
|
||||
license: None
|
||||
platforms:
|
||||
- name: Debian
|
||||
min_ansible_version: "2.4"
|
@ -1,20 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Generate an OpenSSH keypair for gitea deploy usage
|
||||
community.crypto.openssh_keypair:
|
||||
path: "{{ deploy_key_file }}"
|
||||
|
||||
- name: Wait for confirmation
|
||||
ansible.builtin.pause:
|
||||
prompt: Please confirm that you've distributed the public key to all repositories! Press return to continue. Press Ctrl+c and then "a" to abort
|
||||
|
||||
- name: Install required packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- php-ldap
|
||||
|
||||
- name: Include provisioning tasks
|
||||
ansible.builtin.include_tasks: yealink_provisioning.yml
|
||||
|
||||
- name: Include XML-Utilities tasks
|
||||
ansible.builtin.include_tasks: yealink_utilities.yml
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Clone Yealink Provisioning data
|
||||
ansible.builtin.git: # noqa: latest
|
||||
repo: "{{ repo_provisioning }}"
|
||||
dest: "{{ path_yealink_provisioning }}"
|
||||
force: true
|
||||
accept_hostkey: true
|
||||
key_file: "{{ deploy_key_file }}"
|
@ -1,53 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Install dependencies
|
||||
ansible.builtin.package:
|
||||
name: "python3-venv"
|
||||
state: present
|
||||
|
||||
- name: Check if .gitignore contains "{{ path_yealink_utilities }}"
|
||||
ansible.builtin.command: grep "directory = {{ path_yealink_utilities }}" /root/.gitconfig
|
||||
register: gitignore_check
|
||||
ignore_errors: true
|
||||
|
||||
- name: "Patch /root/.gitconfig"
|
||||
ansible.builtin.command: |-
|
||||
git config --global --add safe.directory {{ path_yealink_utilities }}
|
||||
when: gitignore_check.rc != 0
|
||||
|
||||
- name: Clone Yealink Utilities
|
||||
ansible.builtin.git: # noqa: latest
|
||||
repo: "{{ repo_utilities }}"
|
||||
dest: "{{ path_yealink_utilities }}"
|
||||
force: true
|
||||
accept_hostkey: true
|
||||
key_file: "{{ deploy_key_file }}"
|
||||
|
||||
- name: Ensure directory permissions
|
||||
ansible.builtin.file:
|
||||
path: "{{ path_yealink_utilities }}"
|
||||
state: directory
|
||||
recurse: true
|
||||
owner: "{{ asterisk_user }}"
|
||||
group: "{{ asterisk_group }}"
|
||||
|
||||
- name: Install specified python requirements in indicated (virtualenv)
|
||||
ansible.builtin.pip:
|
||||
requirements: "{{ path_yealink_utilities }}/requirements.txt"
|
||||
virtualenv: "{{ path_yealink_utilities }}/.venv"
|
||||
virtualenv_command: 'python3 -m venv'
|
||||
|
||||
- name: Install systemd unit
|
||||
ansible.builtin.template:
|
||||
src: yealink-utilities.service.j2
|
||||
dest: /etc/systemd/system/yealink-utilities.service
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart yealink-utilities
|
||||
|
||||
- name: Enable yealink-utilities
|
||||
ansible.builtin.service:
|
||||
name: yealink-utilities
|
||||
state: started
|
||||
enabled: true
|
@ -1,17 +0,0 @@
|
||||
[Unit]
|
||||
Description=Yealink XML-Browser
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User={{ asterisk_user }}
|
||||
Group={{ asterisk_group }}
|
||||
Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ path_yealink_utilities }}/.venv/bin"
|
||||
WorkingDirectory={{ path_yealink_utilities }}
|
||||
ExecStart={{ path_yealink_utilities }}/.venv/bin/python3 {{ path_yealink_utilities }}/run.py
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -3,5 +3,5 @@
|
||||
gitea_user: gogs
|
||||
gitea_group: gogs
|
||||
|
||||
gitea_version: 1.22.6
|
||||
gitea_version: 1.22.2
|
||||
gitea_url: https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
|
||||
|
@ -6,9 +6,6 @@
|
||||
- name: Restart hedgedoc
|
||||
service: name=hedgedoc state=restarted
|
||||
|
||||
- name: Restart hedgedoc-reload
|
||||
service: name=hedgedoc-reload state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
|
@ -42,21 +42,9 @@
|
||||
- Reload systemd
|
||||
- Restart hedgedoc
|
||||
|
||||
- name: Systemd unit for hedgedoc-reload
|
||||
template: src=hedgedoc-reload.{{ item }}.j2 dest=/etc/systemd/system/hedgedoc-reload.{{ item }}
|
||||
with_items:
|
||||
- "service"
|
||||
- "timer"
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart hedgedoc-reload
|
||||
|
||||
- name: Start the hedgedoc service
|
||||
service: name=hedgedoc state=started enabled=yes
|
||||
|
||||
- name: Enable auto update timer
|
||||
service: name=hedgedoc-reload.timer state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
|
@ -1,5 +1,4 @@
|
||||
---
|
||||
version: "3.4"
|
||||
version: "3"
|
||||
services:
|
||||
database:
|
||||
image: postgres:13-alpine
|
||||
|
@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh hedgedoc images
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/bin/systemctl reload-or-restart hedgedoc.service
|
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh authentik images
|
||||
Requires=authentik.service
|
||||
After=authentik.service
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:0/15
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -15,8 +15,8 @@ TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/hedgedoc
|
||||
|
||||
# Update images
|
||||
ExecStartPre=-/usr/bin/docker-compose pull --quiet
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
@ -24,9 +24,5 @@ ExecStart=/usr/bin/docker-compose up
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
|
||||
# Refresh on reload
|
||||
ExecReload=-/usr/bin/docker-compose pull --quiet
|
||||
ExecReload=/usr/bin/docker-compose up -d
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -11,7 +11,7 @@
|
||||
- name: Regenerate hosts.conf
|
||||
assemble:
|
||||
src: /etc/icinga2/conf.d/hosts
|
||||
dest: /etc/icinga2/zones.d/master/hosts.conf
|
||||
dest: /etc/icinga2/conf.d/hosts.conf
|
||||
# validate: /usr/sbin/icinga2 daemon -c %s --validate
|
||||
notify: Restart icinga2
|
||||
delegate_to: "{{ icinga_server }}"
|
||||
|
@ -11,7 +11,7 @@
|
||||
- name: Regenerate hosts.conf
|
||||
assemble:
|
||||
src: /etc/icinga2/conf.d/hosts
|
||||
dest: /etc/icinga2/zones.d/master/hosts.conf
|
||||
dest: /etc/icinga2/conf.d/hosts.conf
|
||||
# validate: /usr/sbin/icinga2 daemon -c %s --validate
|
||||
notify: Restart icinga2
|
||||
delegate_to: "{{ icinga_server }}"
|
||||
|
@ -1,8 +1,8 @@
|
||||
{% for disk in disks %}
|
||||
|
||||
vars.disks[" {{ disk }}"] = {
|
||||
vars.disks["disk {{ disk }}"] = {
|
||||
disk_partitions = "{{ disk }}"
|
||||
disk_cfree = "5%"
|
||||
disk_wfree = "10%"
|
||||
disk_cfree = "5%"
|
||||
}
|
||||
{% endfor %}
|
||||
|
@ -1,21 +0,0 @@
|
||||
apply Service "apt" {
|
||||
import "generic-service"
|
||||
|
||||
check_command = "apt"
|
||||
|
||||
command_endpoint = host.vars.agent_endpoint
|
||||
|
||||
assign where host.vars.agent_endpoint && host.vars.os == "Linux"
|
||||
}
|
||||
|
||||
apply Service "disk" for (disk => config in host.vars.disks) {
|
||||
import "generic-service"
|
||||
|
||||
check_command = "disk"
|
||||
|
||||
command_endpoint = host.vars.agent_endpoint
|
||||
|
||||
assign where host.vars.agent_endpoint
|
||||
|
||||
vars += config
|
||||
}
|
@ -62,24 +62,6 @@
|
||||
changed_when: "'for these changes to take effect' in features_result.stdout"
|
||||
notify: Restart icinga2
|
||||
|
||||
# TODO setup as master node
|
||||
# icinga2 node setup --master
|
||||
|
||||
- name: Ensure directory for zone config exists
|
||||
file:
|
||||
path: /etc/icinga2/zones.d/master
|
||||
state: directory
|
||||
owner: "{{ icinga_user }}"
|
||||
group: "{{ icinga_group }}"
|
||||
|
||||
- name: Configure services
|
||||
copy: src=icinga2/zones.d/master/services.conf dest=/etc/icinga2/zones.d/master/services.conf owner={{ icinga_user }} group={{ icinga_group }}
|
||||
notify: Restart icinga2
|
||||
|
||||
- name: Configure zones
|
||||
template: src=icinga2/zones.conf.j2 dest=/etc/icinga2/zones.conf owner={{ icinga_user }} group={{ icinga_group }}
|
||||
notify: Restart icinga2
|
||||
|
||||
- name: Ensure directory for host snippets exists
|
||||
file:
|
||||
path: /etc/icinga2/conf.d/hosts
|
||||
|
@ -1,28 +0,0 @@
|
||||
object Endpoint "{{ ansible_fqdn }}" {
|
||||
}
|
||||
|
||||
object Zone "master" {
|
||||
endpoints = [ "{{ ansible_fqdn }}" ]
|
||||
}
|
||||
|
||||
{% for host in groups['all'] %}
|
||||
{% if host != ansible_fqdn %}
|
||||
object Endpoint "{{ host }}" {
|
||||
host = "{{ host }}"
|
||||
}
|
||||
|
||||
|
||||
object Zone "{{ host }}" {
|
||||
endpoints = [ "{{ host }}" ]
|
||||
parent = "master"
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
object Zone "global-templates" {
|
||||
global = true
|
||||
}
|
||||
|
||||
object Zone "director-global" {
|
||||
global = true
|
||||
}
|
@ -64,7 +64,7 @@
|
||||
- name: Regenerate hosts.conf
|
||||
assemble:
|
||||
src: /etc/icinga2/conf.d/hosts
|
||||
dest: /etc/icinga2/zones.d/master/hosts.conf
|
||||
dest: /etc/icinga2/conf.d/hosts.conf
|
||||
# validate: /usr/sbin/icinga2 daemon -c %s --validate
|
||||
notify: Restart icinga2
|
||||
delegate_to: "{{ icinga_server }}"
|
||||
|
@ -32,7 +32,7 @@
|
||||
"parameters": {
|
||||
"high-availability": [ {
|
||||
"this-server-name": "{{ inventory_hostname.split('.')[0] }}",
|
||||
"mode": "load-balancing",
|
||||
"mode": "hot-standby",
|
||||
"heartbeat-delay": 10000,
|
||||
"max-response-delay": 60000,
|
||||
"max-ack-delay": 5000,
|
||||
@ -42,14 +42,12 @@
|
||||
{
|
||||
"name": "{{ lookup('dig', dhcpd_primary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
||||
"url": "http://{{ dhcpd_primary }}:8000/",
|
||||
"role": "primary",
|
||||
"auto-failover": true
|
||||
"role": "primary"
|
||||
},
|
||||
{
|
||||
"name": "{{ lookup('dig', dhcpd_secondary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
||||
"url": "http://{{ dhcpd_secondary }}:8000/",
|
||||
"role": "secondary",
|
||||
"auto-failover": true
|
||||
"role": "standby"
|
||||
}
|
||||
]
|
||||
} ]
|
||||
@ -135,7 +133,7 @@
|
||||
|
||||
"client-classes": [
|
||||
{
|
||||
"name": "cisco-phone",
|
||||
"name": "voip-phone",
|
||||
"option-data": [
|
||||
{
|
||||
"name": "tftp-server-name",
|
||||
@ -144,16 +142,6 @@
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"name": "yealink-phone",
|
||||
"option-data": [
|
||||
{
|
||||
"name": "tftp-server-name",
|
||||
"data": "tftp://172.23.2.36/yealink/$PN"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"name": "dect-rfp",
|
||||
"option-data": [
|
||||
@ -336,58 +324,28 @@
|
||||
"hostname": "spaghetti"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:15:65:94:df:39",
|
||||
"hostname": "voip01",
|
||||
"client-classes": [ "yealink-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:15:65:94:e2:2d",
|
||||
"hostname": "voip02",
|
||||
"client-classes": [ "yealink-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:15:65:94:df:3a",
|
||||
"hostname": "voip03",
|
||||
"client-classes": [ "yealink-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:15:65:94:de:7f",
|
||||
"hostname": "voip04",
|
||||
"client-classes": [ "yealink-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:15:65:94:e3:39",
|
||||
"hostname": "voip04",
|
||||
"client-classes": [ "yealink-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1D:45:B6:99:2F",
|
||||
// "hostname": "voip01",
|
||||
"client-classes": [ "cisco-phone" ]
|
||||
"hostname": "voip01",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1D:A2:66:B8:3E",
|
||||
// "hostname": "voip02",
|
||||
"client-classes": [ "cisco-phone" ]
|
||||
"hostname": "voip02",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1E:BE:90:FB:DB",
|
||||
// "hostname": "voip03",
|
||||
"client-classes": [ "cisco-phone" ]
|
||||
"hostname": "voip03",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1E:BE:90:FF:06",
|
||||
// "hostname": "voip04",
|
||||
"client-classes": [ "cisco-phone" ]
|
||||
"hostname": "voip04",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -2793,7 +2793,7 @@ background_updates:
|
||||
# marked as protected from quarantine will not be deleted.
|
||||
#
|
||||
media_retention:
|
||||
local_media_lifetime: 180d
|
||||
local_media_lifetime: 90d
|
||||
remote_media_lifetime: 14d
|
||||
|
||||
|
||||
|
@ -2,4 +2,4 @@
|
||||
|
||||
netbox_group: netbox
|
||||
netbox_user: netbox
|
||||
netbox_version: 4.1.8
|
||||
netbox_version: 4.1.3
|
||||
|
4
roles/pretalx/defaults/main.yml
Normal file
4
roles/pretalx/defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
pretalx_user: pretalx
|
||||
pretalx_group: pretalx
|
13
roles/pretalx/handlers/main.yml
Normal file
13
roles/pretalx/handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart pretalx-web
|
||||
service: name=pretalx-web state=restarted
|
||||
|
||||
- name: Restart pretalx-worker
|
||||
service: name=pretalx-worker state=restarted
|
125
roles/pretalx/tasks/main.yml
Normal file
125
roles/pretalx/tasks/main.yml
Normal file
@ -0,0 +1,125 @@
|
||||
---
|
||||
|
||||
- name: Create group
|
||||
group: name={{ pretalx_group }}
|
||||
|
||||
- name: Create user
|
||||
user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }}
|
||||
|
||||
- name: Create pretalx directories
|
||||
file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }}
|
||||
with_items:
|
||||
- /etc/pretalx
|
||||
- /opt/pretalx
|
||||
- /opt/pretalx/data
|
||||
- /opt/pretalx/data/media
|
||||
- /opt/pretalx/static
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- build-essential
|
||||
- gettext
|
||||
- libssl-dev
|
||||
- nodejs
|
||||
- npm
|
||||
- python3-setuptools
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- python3-venv
|
||||
|
||||
- name: Install PostgreSQL
|
||||
apt:
|
||||
name:
|
||||
- postgresql
|
||||
- python3-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Install redis
|
||||
apt: name=redis-server
|
||||
|
||||
- name: Install pretalx
|
||||
pip:
|
||||
name:
|
||||
- gunicorn
|
||||
- pretalx[postgres,redis]
|
||||
- psycopg2-binary
|
||||
virtualenv: /opt/pretalx/venv
|
||||
virtualenv_command: "python3 -m venv"
|
||||
become: true
|
||||
become_user: "{{ pretalx_user }}"
|
||||
register: pretalx_install
|
||||
|
||||
- name: Configure pretalx
|
||||
template:
|
||||
src: pretalx.cfg.j2
|
||||
dest: /etc/pretalx/pretalx.cfg
|
||||
owner: "{{ pretalx_user }}"
|
||||
group: "{{ pretalx_group }}"
|
||||
notify:
|
||||
- Restart pretalx-web
|
||||
- Restart pretalx-worker
|
||||
|
||||
- name: Run migration script
|
||||
command:
|
||||
cmd: "./venv/bin/python3 -m pretalx migrate"
|
||||
chdir: "/opt/pretalx"
|
||||
become: true
|
||||
become_user: "{{ pretalx_user }}"
|
||||
when: pretalx_install.changed
|
||||
|
||||
- name: Run rebuild script
|
||||
command:
|
||||
cmd: "./venv/bin/python3 -m pretalx rebuild"
|
||||
chdir: "/opt/pretalx"
|
||||
become: true
|
||||
become_user: "{{ pretalx_user }}"
|
||||
when: pretalx_install.changed
|
||||
|
||||
- name: Enable pretalx cronjob
|
||||
cron:
|
||||
user: "{{ pretalx_user }}"
|
||||
name: pretalx
|
||||
minute: "*/5"
|
||||
job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null"
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for pretalx
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Install systemd units
|
||||
template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
|
||||
with_items:
|
||||
- pretalx-web
|
||||
- pretalx-worker
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart pretalx-web
|
||||
- Restart pretalx-worker
|
||||
|
||||
- name: Enable services
|
||||
service: name={{ item }} state=started enabled=yes
|
||||
with_items:
|
||||
- pretalx-web
|
||||
- pretalx-worker
|
@ -1,13 +1,13 @@
|
||||
---
|
||||
|
||||
{{ therapy_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ therapy_domain }}.key
|
||||
{{ pretalx_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ pretalx_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ therapy_domain }}.crt
|
||||
- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
18
roles/pretalx/templates/pretalx-web.service.j2
Normal file
18
roles/pretalx/templates/pretalx-web.service.j2
Normal file
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=pretalx web service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ pretalx_user }}
|
||||
Group={{ pretalx_group }}
|
||||
Environment="VIRTUAL_ENV=/opt/pretalx/venv"
|
||||
Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
|
||||
ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \
|
||||
--name pretalx --workers 5 \
|
||||
--max-requests 1200 --max-requests-jitter 50 \
|
||||
--log-level=info --bind=127.0.0.1:8345
|
||||
WorkingDirectory=/opt/pretalx
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
15
roles/pretalx/templates/pretalx-worker.service.j2
Normal file
15
roles/pretalx/templates/pretalx-worker.service.j2
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=pretalx background worker
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ pretalx_user }}
|
||||
Group={{ pretalx_group }}
|
||||
Environment="VIRTUAL_ENV=/opt/pretalx/venv"
|
||||
Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
|
||||
ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info
|
||||
WorkingDirectory=/opt/pretalx
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
27
roles/pretalx/templates/pretalx.cfg.j2
Normal file
27
roles/pretalx/templates/pretalx.cfg.j2
Normal file
@ -0,0 +1,27 @@
|
||||
[filesystem]
|
||||
data = /opt/pretalx/data
|
||||
static = /opt/pretalx/static
|
||||
|
||||
[site]
|
||||
debug = False
|
||||
url = https://{{ pretalx_domain }}
|
||||
|
||||
[database]
|
||||
backend = postgresql
|
||||
name = {{ pretalx_dbname }}
|
||||
user = {{ pretalx_dbuser }}
|
||||
password = {{ pretalx_dbpass }}
|
||||
host =
|
||||
|
||||
[mail]
|
||||
from={{ pretalx_mail }}
|
||||
host={{ mail_server }}
|
||||
tls = True
|
||||
|
||||
[redis]
|
||||
location=redis://127.0.0.1/0
|
||||
sessions=true
|
||||
|
||||
[celery]
|
||||
backend=redis://127.0.0.1/1
|
||||
broker=redis://127.0.0.1/2
|
49
roles/pretalx/templates/vhost.j2
Normal file
49
roles/pretalx/templates/vhost.j2
Normal file
@ -0,0 +1,49 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ pretalx_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ pretalx_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ pretalx_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt;
|
||||
|
||||
add_header Referrer-Policy same-origin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8345;
|
||||
client_max_body_size 32M;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
alias /opt/pretalx/data/media/;
|
||||
expires 7d;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location /static/ {
|
||||
alias /opt/pretalx/static/;
|
||||
access_log off;
|
||||
expires 365d;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
}
|
@ -1,55 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
- docker.io
|
||||
- docker-compose
|
||||
|
||||
- name: Create therapy group
|
||||
group: name=therapy
|
||||
|
||||
- name: Create therapy user
|
||||
user:
|
||||
name: therapy
|
||||
home: /opt/therapy
|
||||
shell: /bin/bash
|
||||
group: therapy
|
||||
groups: docker
|
||||
|
||||
# TODO
|
||||
# checkout source to /opt/therapy/source - currently done manually
|
||||
|
||||
- name: Configure therapy container
|
||||
template: src=docker-compose.yml.j2 dest=/opt/therapy/docker-compose.yml
|
||||
notify: Restart therapy
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ therapy_domain }}.key -out /etc/nginx/ssl/{{ therapy_domain }}.crt -days 730 -subj "/CN={{ therapy_domain }}" creates=/etc/nginx/ssl/{{ therapy_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for therapy
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ therapy_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/therapy
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/therapy dest=/etc/nginx/sites-enabled/therapy state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Systemd unit for therapy
|
||||
template: src=therapy.service.j2 dest=/etc/systemd/system/therapy.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart therapy
|
||||
|
||||
- name: Start the therapy service
|
||||
service: name=therapy state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ therapy_domain }}"
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
version: "3.4"
|
||||
services:
|
||||
server:
|
||||
image: therapy
|
||||
build: ./source
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
THERAPY_SECRET: {{ therapy_secret }}
|
||||
ports:
|
||||
- "127.0.0.1:5000:5000"
|
@ -1,31 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ therapy_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ therapy_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ therapy_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ therapy_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ therapy_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5000;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
3
roles/uau/defaults/main.yml
Normal file
3
roles/uau/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
|
||||
uau_reboot: "true"
|
13
roles/uau/tasks/main.yml
Normal file
13
roles/uau/tasks/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Install unattended upgrades
|
||||
apt:
|
||||
name:
|
||||
- unattended-upgrades
|
||||
- debian-goodies
|
||||
|
||||
- name: Configure unattended upgrades
|
||||
template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
|
||||
with_items:
|
||||
- 02periodic
|
||||
- 50unattended-upgrades
|
@ -2,7 +2,7 @@
|
||||
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
||||
// upgraded.
|
||||
//
|
||||
// Lines below have the format "keyword=value,...". A
|
||||
// Lines below have the format format is "keyword=value,...". A
|
||||
// package will be upgraded only if the values in its metadata match
|
||||
// all the supplied keywords in a line. (In other words, omitted
|
||||
// keywords are wild cards.) The keywords originate from the Release
|
||||
@ -31,7 +31,6 @@ Unattended-Upgrade::Origins-Pattern {
|
||||
// "origin=Debian,codename=${distro_codename}-proposed-updates";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
|
||||
|
||||
// Archive or Suite based matching:
|
||||
// Note that this will silently match a different release after
|
||||
@ -94,11 +93,9 @@ Unattended-Upgrade::Package-Blacklist {
|
||||
// 'mailx' must be installed. E.g. "user@example.com"
|
||||
Unattended-Upgrade::Mail "root";
|
||||
|
||||
// Set this value to one of:
|
||||
// "always", "only-on-error" or "on-change"
|
||||
// If this is not set, then any legacy MailOnlyOnError (boolean) value
|
||||
// is used to chose between "only-on-error" and "on-change"
|
||||
Unattended-Upgrade::MailReport "only-on-error";
|
||||
// Set this value to "true" to get emails only on errors. Default
|
||||
// is to always send a mail if Unattended-Upgrade::Mail is set
|
||||
Unattended-Upgrade::MailOnlyOnError "true";
|
||||
|
||||
// Remove unused automatically installed kernel-related packages
|
||||
// (kernel images, kernel headers and kernel version locked tools).
|
||||
@ -113,7 +110,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
||||
|
||||
// Automatically reboot *WITHOUT CONFIRMATION* if
|
||||
// the file /var/run/reboot-required is found after the upgrade
|
||||
Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}";
|
||||
Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
|
||||
|
||||
// Automatically reboot even if there are users currently logged in
|
||||
// when Unattended-Upgrade::Automatic-Reboot is set to true
|
||||
@ -148,18 +145,3 @@ Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}";
|
||||
// Print debugging information both in unattended-upgrades and
|
||||
// in unattended-upgrade-shutdown
|
||||
// Unattended-Upgrade::Debug "false";
|
||||
|
||||
// Allow package downgrade if Pin-Priority exceeds 1000
|
||||
// Unattended-Upgrade::Allow-downgrade "false";
|
||||
|
||||
// When APT fails to mark a package to be upgraded or installed try adjusting
|
||||
// candidates of related packages to help APT's resolver in finding a solution
|
||||
// where the package can be upgraded or installed.
|
||||
// This is a workaround until APT's resolver is fixed to always find a
|
||||
// solution if it exists. (See Debian bug #711128.)
|
||||
// The fallback is enabled by default, except on Debian's sid release because
|
||||
// uninstallable packages are frequent there.
|
||||
// Disabling the fallback speeds up unattended-upgrades when there are
|
||||
// uninstallable packages at the expense of rarely keeping back packages which
|
||||
// could be upgraded or installed.
|
||||
// Unattended-Upgrade::Allow-APT-Mark-Fallback "true";
|
@ -6,9 +6,6 @@
|
||||
- name: Restart vaultwarden
|
||||
service: name=vaultwarden state=restarted
|
||||
|
||||
- name: Restart vaultwarden-reload
|
||||
service: name=vaultwarden-reload state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
|
@ -42,21 +42,9 @@
|
||||
- Reload systemd
|
||||
- Restart vaultwarden
|
||||
|
||||
- name: Systemd unit for vaultwarden-reload
|
||||
template: src=vaultwarden-reload.{{ item }}.j2 dest=/etc/systemd/system/vaultwarden-reload.{{ item }}
|
||||
with_items:
|
||||
- "service"
|
||||
- "timer"
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart vaultwarden-reload
|
||||
|
||||
- name: Start the vaultwarden service
|
||||
service: name=vaultwarden state=started enabled=yes
|
||||
|
||||
- name: Enable auto update timer
|
||||
service: name=vaultwarden-reload.timer state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
|
@ -1,5 +1,4 @@
|
||||
---
|
||||
version: "3.4"
|
||||
version: "3"
|
||||
services:
|
||||
database:
|
||||
image: postgres:13-alpine
|
||||
|
@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh vaultwarden images
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/bin/systemctl reload-or-restart vaultwarden.service
|
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=Refresh vaultwarden images
|
||||
Requires=vaultwarden.service
|
||||
After=vaultwarden.service
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:0/15
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -15,8 +15,8 @@ TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/vaultwarden
|
||||
|
||||
# Update images
|
||||
ExecStartPre=-/usr/bin/docker-compose pull --quiet
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
@ -24,9 +24,5 @@ ExecStart=/usr/bin/docker-compose up
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
|
||||
# Refresh on reload
|
||||
ExecReload=-/usr/bin/docker-compose pull --quiet
|
||||
ExecReload=/usr/bin/docker-compose up -d
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -42,20 +42,6 @@ www.ccc-r.de:
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
|
||||
fahrplan.eh21.easterhegg.eu:
|
||||
- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
|
||||
www.makerspace-regensburg.de:
|
||||
- path: /etc/nginx/ssl/www.makerspace-regensburg.de.crt
|
||||
user: root
|
||||
|
@ -145,7 +145,7 @@ server {
|
||||
ssl_certificate_key /etc/nginx/ssl/autoconfig.binary-kitchen.de.key;
|
||||
ssl_certificate /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt;
|
||||
|
||||
root /var/www/autoconfig;
|
||||
root /var/www/autconfig;
|
||||
|
||||
default_type text/html;
|
||||
}
|
||||
@ -180,41 +180,6 @@ server {
|
||||
default_type text/html;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name fahrplan.eh21.easterhegg.eu;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://fahrplan.eh21.easterhegg.eu$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name fahrplan.eh21.easterhegg.eu;
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key;
|
||||
ssl_certificate /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt;
|
||||
|
||||
root /var/www/eh21-fahrplan;
|
||||
|
||||
location = / {
|
||||
return 301 https://fahrplan.eh21.easterhegg.eu/eh/;
|
||||
}
|
||||
|
||||
default_type text/html;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -15,7 +15,6 @@
|
||||
- autoconfig
|
||||
- autoconfig/mail
|
||||
- ccc-r
|
||||
- eh21-fahrplan
|
||||
- makerspace-regensburg
|
||||
- kitchen
|
||||
|
||||
@ -31,10 +30,6 @@
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Ensure (EH21 fahrplan) certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key -out /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt -days 730 -subj "/CN=fahrplan.eh21.easterhegg.eu" creates=/etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Ensure (MS-R) certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
|
||||
notify: Restart nginx
|
||||
@ -70,14 +65,3 @@
|
||||
|
||||
- name: Start php8.2-fpm
|
||||
service: name=php8.2-fpm state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ item }}"
|
||||
with_items:
|
||||
- "www.binary-kitchen.de"
|
||||
- "autoconfig.binary-kitchen.de"
|
||||
- "www.ccc-r.de"
|
||||
- "www.makerspace-regensburg.de"
|
||||
- "fahrplan.eh21.easterhegg.eu"
|
||||
|
@ -1,13 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart therapy
|
||||
service: name=therapy state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
- name: Restart workadventure
|
||||
service: name=workadventure state=restarted
|
5
roles/workadventure/meta/main.yml
Normal file
5
roles/workadventure/meta/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
51
roles/workadventure/tasks/main.yml
Normal file
51
roles/workadventure/tasks/main.yml
Normal file
@ -0,0 +1,51 @@
|
||||
---
|
||||
|
||||
# TODO
|
||||
# source code is not yet checked out from git
|
||||
|
||||
- name: Install docker-compose
|
||||
apt: name=docker-compose
|
||||
|
||||
- name: Install git
|
||||
apt: name=git
|
||||
|
||||
- name: Create workadventure group
|
||||
group: name=workadventure
|
||||
|
||||
- name: Create workadventure user
|
||||
user:
|
||||
name: workadventure
|
||||
home: /opt/workadventure
|
||||
shell: /bin/zsh
|
||||
group: workadventure
|
||||
groups: docker
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart workadventure
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for workadventure
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable workadventure
|
||||
service: name=workadventure enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ workadventure_domain }}"
|
15
roles/workadventure/templates/certs.j2
Normal file
15
roles/workadventure/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
76
roles/workadventure/templates/vhost.j2
Normal file
76
roles/workadventure/templates/vhost.j2
Normal file
@ -0,0 +1,76 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/landing/dist;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name play.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/src/front/dist;
|
||||
try_files $uri uri/ /index.html?$args;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name pusher.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8002;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name uploader.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8005;
|
||||
}
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
Description=therapy service using docker compose
|
||||
Description=WorkAdventure service using docker compose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
Before=nginx.service
|
||||
@ -7,13 +7,13 @@ Before=nginx.service
|
||||
[Service]
|
||||
Type=simple
|
||||
|
||||
User=therapy
|
||||
Group=therapy
|
||||
User=workadventure
|
||||
Group=workadventure
|
||||
|
||||
Restart=always
|
||||
TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/therapy
|
||||
WorkingDirectory=/opt/workadventure/source/
|
||||
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
26
site.yml
26
site.yml
@ -6,6 +6,11 @@
|
||||
- common
|
||||
- root_keys
|
||||
|
||||
- name: Setup unattended updates
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, technetium.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
roles:
|
||||
- uau
|
||||
|
||||
- name: Setup Proxmox VE SSL
|
||||
hosts: [salat.binary.kitchen, wurst.binary.kitchen, weizen.binary.kitchen]
|
||||
roles:
|
||||
@ -47,11 +52,6 @@
|
||||
roles:
|
||||
- omm
|
||||
|
||||
- name: Setup FreePBX server
|
||||
hosts: schweinshaxn.binary.kitchen
|
||||
roles:
|
||||
- freepbx
|
||||
|
||||
- name: Setup gitea runner server
|
||||
hosts: bob.binary.kitchen
|
||||
roles:
|
||||
@ -107,8 +107,8 @@
|
||||
- name: Setup web server (dockerized)
|
||||
hosts: fluorine.binary-kitchen.net
|
||||
roles:
|
||||
- 23b
|
||||
- authentik
|
||||
- 23b
|
||||
- hedgedoc
|
||||
- vaultwarden
|
||||
|
||||
@ -128,10 +128,10 @@
|
||||
roles:
|
||||
- coturn
|
||||
|
||||
- name: Setup web server (dockerized)
|
||||
- name: Setup zammad server
|
||||
hosts: aluminium.binary-kitchen.net
|
||||
roles:
|
||||
- therapy
|
||||
- zammad
|
||||
|
||||
- name: Setup jitsi server
|
||||
hosts: zirconium.binary-kitchen.net
|
||||
@ -153,6 +153,11 @@
|
||||
roles:
|
||||
- pretix
|
||||
|
||||
- name: Setup event pretalx server
|
||||
hosts: palladium.binary-kitchen.net
|
||||
roles:
|
||||
- pretalx
|
||||
|
||||
- name: Setup event netbox server
|
||||
hosts: cadmium.binary-kitchen.net
|
||||
roles:
|
||||
@ -162,3 +167,8 @@
|
||||
hosts: argentum.binary-kitchen.net
|
||||
roles:
|
||||
- event_web
|
||||
|
||||
- name: Setup WorkAdventure server
|
||||
hosts: barium.binary-kitchen.net
|
||||
roles:
|
||||
- workadventure
|
||||
|
Loading…
Reference in New Issue
Block a user