freepbx: Install self developed yealink packages

group_vars: remove unused vars
pretalx: remove role (was on palladium.binary-kitchen.net)
2024-11-22 20:21:56 +01:00 · 2024-11-18 16:29:24 +01:00 · 2024-11-18 16:28:04 +01:00 · 2024-11-17 19:32:02 +01:00 · 2024-11-15 19:56:03 +01:00 · 2024-11-14 23:45:57 +01:00
28 changed files with 380 additions and 406 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -146,12 +146,6 @@ nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"

 omm_domain: omm.binary.kitchen

-pretalx_domain: fahrplan.eh21.easterhegg.eu
-pretalx_dbname: pretalx
-pretalx_dbuser: pretalx
-pretalx_dbpass: "{{ vault_pretalx_dbpass }}"
-pretalx_mail: pretalx@binary-kitchen.de
-
 pretix_domain: pretix.events.binary-kitchen.de
 pretix_domainx: tickets.eh21.easterhegg.eu
 pretix_dbname: pretix
@ -196,7 +190,3 @@ vaultwarden_dbuser: vaultwarden
 vaultwarden_dbpass: "{{ vault_vaultwarden_dbpass }}"
 vaultwarden_token: "{{ vault_vaultwarden_token }}"
 vaultwarden_yubico_secret: "{{ vault_vaultwarden_yubico_secret }}"
-
-workadventure_domain: wa.binary-kitchen.de
-
-zammad_domain: requests.binary-kitchen.de
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,110 +1,109 @@
 $ANSIBLE_VAULT;1.1;AES256
-35346137343735356637663033653465666664363730663138663936636632306566313836643132
-6633663564393937323035363563326465366364373961310a643132653066323938333863626264
-66656663646164633538396132363231373430636134313632333834633435336331396338623933
-3832343264356539390a313937393535623838356465313530303836346164313261613537366430
-64393533613662376466363462643262643433663839393166613938616462663732346234363436
-66663837333861303530373036363536376239633764356461303534626233343861343135353234
-61356362353635343737356430666536636339306630613263613933356330366132356661343566
-33306437666461656339653131633537643931333164396463623433633263633139366565636362
-35306339333631623036386134373839303739373230636164653137393439633530366163613636
-65326635396135313530366161373438623365356437353234343537393033356135623862393033
-62643033656331373435316665313933653835653663376432366461363261303131623237623663
-33363238663963363963326531386137613564633338653466393436663438313231313466323433
-32323934343462333264646137366461303333363165303433663130326437353236653336623266
-30653930616465313930303961383538376662386331663430613064306366323035663431656461
-61623735336162636662616232346637653566306433316237613762623133323236353533623833
-61306630376231643266663732343565386465373066643339633136643961656161393738373862
-33353162656331363563343234303538383763303736393661333831366436633533656265343930
-38616462363238613464386439663830663264646133633631646166346130663464633333333730
-33653231303636653638323136663066666465353532383331663163626237656265656463393139
-64363465663732343930613931313363336633363335383564626366383537376634363461616163
-39393630343531313638363230656634623836396366326530616637363334313961366233306233
-35633961303661376663643339613835633563336361646137353466366436373263363138663563
-62356365616664353131663764303730643361613038663833373834336132306265376436616464
-38383937626439303362636432363936313930313339366565353034313339663536373138376438
-34366637363838623064633765653134383230656565373263356164326661326133353634636536
-31383961343066306437623031386461643430326134646537613366623131353161353335313664
-61633834656438366331653966373131656634303135373630363762313765316364343837663431
-32373438616561333634343436366638353439363563656331333263653061613231303733633134
-66386563346535646339303039353962363762663164386436626632623465363833323434343066
-63626466653162616164323831336165646136613530383063353232333464333234316435386266
-62333535373131666434626261333335663762346663313630643136383835376663636136363933
-33623237666537613164623362396537396163373437633537376435356638653533613939663734
-66626564633435663164616365313339386232386562636461653262363332393536353138393730
-33323464376666663236366134366436313237666635356565346235363630363265343535356233
-35653163663962316336323931356436366439653835346138623966366436373066303932346637
-31393932343136633239663238363337626266623163316165646533333363393038383038316664
-34363739613234666466353163643236356238353831636163393763336261353831313136653963
-33636265383634393332373031306261363764303730633466616432316433656166393035653737
-30643231616334366231333761633461653338653633663564643938616163663532333639353830
-64383761306138303736643962386235353366333832616138306237393738396230303633333132
-31373362323261303362613336333130626364646561653335373639333262663735376437376433
-36386236343233373631303633626363336665656131633862633363326233636636373832353937
-39303237393632363337396362323936646333376439373031626330343139373636333062383138
-33333137623066303961376137613361313831636631663865343863633735366433643165643035
-39373565396561326362376435666539386263666635363664633833336536366466613163323134
-39653239653935346262656333306635646535626563323130663838313564383165393961346161
-39616439376435613535336434343364343066353863626363613765303862306663373730346539
-39363136393463333538323266633235643963363663323265313738633037303862633265353236
-64343361316437623732366163326633346462343332333735333936633266623832633939626362
-32333035613963666530663335656562393465323063336330383535326565346536393731333165
-30373733343136306532636666313338626434313334303933636238643034386438386364663932
-35313134633532373466363132623632376666396161333064376538616137656163663633653064
-66623633343939306638643132386139303761646364656163326263313066616535623234323361
-37396366663734373334386131663161346461383938313263346537353836366264616164636262
-64376535373431376465386165613765653732303461356565623965346334376564343439386164
-30393664353461623965303265393338353366616164633739383434623834306166376631643330
-31303866306561366132333532396135653261613935623537366562313433396436343666386535
-37323861343462396163333431663137643232393865643238316338323735366637643666343735
-30663334326332616361623662653133383536326635626434383830633434366330313731356531
-30366562613532643334613430313737633266343237373765366238313833656463646462613666
-32393734356638633966643133383961613332623331633634646439353338303266393366323564
-36353032383030623163323065653833656330363466336466656562373034653061346163366238
-33346534313633333134356665656462346234393230323132626661666362373566383036653937
-66366266333934343263326433326163373730383361653262633966333135316437633835303665
-66663430363039633464636531326135616563636131656265356438313633306236653431656664
-30343733313638363237343131626538643932373931623136323862646366623362306365616131
-37303966343562313730653763633564336435336362656262363735393966633135376236616163
-39626637393865643338623863346666333764616430383038303434626164653861346433333764
-61386131303764383137616334363866363363313165366339636530393362396135306265303464
-63333030306338346633633863306238333334393562373662663562313733643432396462313131
-65333661343031656263623230346230353266303261646131303731636466303863323466356232
-63383835316161306431663962343966366338323138383632326533646461326232356133356265
-39636434376436363439376230633237366536653561616264613665656635636532623330353466
-65366132646536316131323038313263333961656430343661303664366266313861343463303364
-32303662393433353462346464393931393637316537623061343635353938663765646234323431
-38643531653132633763666663623637373431653731383037346262646332393864643431363338
-32343963623364613538656338336365343265383262656139643934333037383930376564343636
-33623835663035313839656333613833396635646537616464376138663262346564383834643933
-30383039633164353730656339616436343330333134323136646664393764343163313536373261
-31646164656166376232653034363864623161326564303337636534653762336337346335373238
-64373062306165616162666362326531643964656366653037663163363964653462346633666434
-35303638623239353934636332373562343962393531346132303032623334333335373734643034
-64646361373066316134613635666435306235313632633633643864373261643065303937323639
-65383663626338303134613532623763626430623864313930366463663632313130383033633831
-66613531623534336461393764623237383231333133336638313637306439633361353039613938
-30613562393635646235336330633933336233363735346534633266633730346236353265333464
-39613132306232653639326336643662353461356439623233316465316232396366616531396464
-63626462383639353434316364363164376639363264646530323038373439643132343264643231
-32656465366265383630626332613636336632656136333330643937633630396663626632333930
-61623661633666316630616632633832613231386235653434663964316533306233383539343637
-38663431666230653736326531353934396562656161616462383466353637363732616636373033
-39643438356632306431386235333532326463646161616466646634633163366233363362343563
-34393631343733326363363737623638383939353266343262633232336633386233346436393333
-31646161613464623137353939613437623835316531343336323833653437363563363462633536
-36313230363131373233623731636363313034366665633737346134366666393634386637626563
-36376135373330396664616435353539333439306434313933333235646363313262336163386263
-65353361363066363234353336623466393331326332316530356636343865663137313737313830
-35633563343064333565373463343234393732333735363963333336646561393764316462643466
-36653162343239373038336134393532386363333638383831333834373030633138633530353336
-63376334666632323130633136613230306135336231666635363036633066323863346138643330
-33623462653638656237646634623431313664336636366330626135653730323239323462383262
-39326431386235363034386138653665353136356536373838636336626430623164353761636662
-32623363663163633433623833633665313662636264656662373061356336383965303731313431
-34373332616336303062363564656137383463353836303134363434356265393361346365343630
-32613933633139643637363136623863663962356166336134656464613362363130333930356230
-63626365353266383137643263636163613932343333363632333936613831616465646437656465
-35636534363461336332626134346239656238643561313935363366343462333639633937303664
-64323739643562343234333739353334663834626438386432663737653366633466666362643138
-64313536306363653562623536646261313639333266643336613932363835356665
+38306162656631353365313637393663316134623036643364383033613731356230663464376264
+3335653933643733613462636638396664363762636561300a376538626636303765613633646633
+63333534656163663834303039646639646530333532313732643261356262323764616463393832
+3137306637306565610a653637626438353766323031336665326231626538323637313763373934
+30303332656263623938666235643866343363363139653861343533313431396235333539333432
+65613236386434333635636431356236643335316362636530303834353235646337643639333538
+31643330393433323739343762323937643064313661643265376330633264316137373363303935
+66346134643432666463383333653735626437666137386135353532393638363834346164643335
+38393232623130346363636335313866623239373366613864356561636661343537383364373164
+66643232393262393536623130653332323663363263323036663662316163326466306334363363
+66306365366566326239346537656562363762373165613063376139383363313038373235303062
+65326531653635333034653439613563313539633834393562343164613661386532306665663433
+32663432656664333063376263346439316265646435623533623337333162656138636139303931
+31333561623838393239313761383665663733366461623830343165336538393362353132306335
+37396565616435343732626331373735313165333061346435646664376339636438373764643731
+66356464316336383834646333656164363535373065643665393435393266363432346239663161
+36393336346433326130303264626234613135626538313938663039386133336233373262363566
+33386163393936663165643530663865663436663066333231316334306435623966666636633638
+38616338316137393831303436653562386265373064373163306133346434616238393966623330
+39396237326461643865336364343263343230626362646162623136353235366431626362313030
+64633137306231346561353630636533353239373562396665376139303936323836633764616434
+35376135656338616139376261366637343433333063343864343362613135343364623265313861
+36303565333830323933333864613534626466373033666235626365346531323631386365323835
+61613564386466333933613162326431613963333864393362376163313161643165356134343438
+38396533363565343233643863343432313165386465303336626337333331646664626262643333
+64343438653335663234653466663239616633653162383630666639613738323734646431623264
+65343535336637323063366536663433366363626632383536653765373830666235326530636362
+35303432333832353366363731643863366134626139623435613336626238303837316433623238
+32313930396432333836346364346436613934316136646533633339323736366135316631363132
+36623931313137333932313731343936313966653163666261623937363335613035333335356533
+34633838333635323464633763383765653266663233643836383135336434376364396164333233
+37616438643234336337313965663034646166373436373530386463663961313362326362353437
+31313837643535313039653531323765366339373130636565333939643564643533343534376638
+63616431643531663765366239326135343531333037366264353961346162633633353237613430
+66666433356530633835666139653932383362376334383762373530666630393764643632363331
+35316134623064626439633236343938346134383938333832336533373838633466613364653563
+64626631303435653339356631323137336538633233393962306531626266353766386162363031
+39363961623033323661643136326435643466303332646234396339653833653937666532336138
+37646336383963616630333566633537303736656666663635316631383537303035323131393862
+33343335386235333632656436356465646235313638313634353631393365366166383133636665
+66363463363339646133353831666631366439646364393239346166343062663866373938396637
+31386237393065306134653636313933653062353636323963323437663163346366363263313665
+32306331623637396664636165663434653630636130306133343736313262303635353661373533
+61313466376365303031376336316431636365633736616535623934653562336636363866356266
+36336266663562623961396164316266373633383431613564646232643766663733353338623936
+38663731363262646334653761666562646433353230613838353233373662313938303533303864
+39316630636637343163643637356634383862363330353233653361646261623038303962613561
+63373832366661373036383036623563366364636530613063366364323635323937376165376236
+39663962643939386561623430623031366632646235366463656533643233613138363461656637
+63323236356438303732653834626138623838323764633639373436666635363834303835366466
+61306430303831303934316436373136353637373535373664666265313034646630666237636231
+39376161653134356365363666633634313065323331633261623961633763313734313735633966
+62643031376566343832343638613939333132353466613163386537386239363337323463396135
+61393930633138333739626233663432643837643563656662646631306566663437346362613939
+31363639323335623038356566323836653865653136383161666461656436313933333032336639
+32333166663935656663643461303466343835303732616263626462316133306239383264353263
+61313231386262376234316335383334336663326331643733643432366636326561353730623730
+37313431623561353266303134313064376236626462316339656339353131363765303734356464
+32336435363932353666336132363333303336323135363535666436646233366335376333383531
+65363832333534623931326438616237356235626666333934373638373665613738636466383735
+30333137303630366661343833663437343664303961313831336461393064643331386336663739
+62623838633936323834653965326161343161356334333030616137343637353138353731363762
+64623065636336643634333937323636356131373939623130306330313937656566363832663663
+66313036393135306437353061303438303761303563633566656131653433663030396235323435
+32346663316636373431663530393435313931663535396564363466353431343633613634383332
+31326665303563316664356564356535646665653737613038636236323562616231613233633039
+37643530653639313466313838343630656363653833613161656466376631653266613439626331
+35363930626534346164353033323039636365363234303435636535623265393635313436666234
+66623264306430306662303866303735316137383830646136666662346265613662333765656266
+64613161316162616133316165623863353431376633366262386239346335306634346333316566
+34396265376130306361343862383631653561616333643665353938666565306335653665373736
+63626630383232363961393435646334396366663532303132666235646464393662376331333361
+34663138336365633131633365336664393633376333316161336138393539333564396539343332
+36626664616263353931616362633638323038356230613937386339653633626465326538383265
+31646236323435323861666233656437343732343066306562363462363664386234333061396263
+61316636323234633631306434363665393938323631363563346166333139633436623230353436
+31303831636638666630376231303130343363393339666230363162383266616135336333386334
+64313838356466306361383464623037663931353664323336666532316536316362663639353238
+34616536613730343834633935646330306564643036306330626636653365653361396461316637
+62636264343737333539646332316562316136343734393063313439663939663935313930333061
+30343263626638353331336666373964343338343434633639326338633966396131623933346236
+37373564623238363935313736313165303862356530613164653562653530316630306365646165
+31326630303038396666343065356261616133373832383661393666383664323161633337376665
+63393938373830343761326562303730303237393661383561386633383561386437373061396462
+65376230643131353462613436316561646562356666376462386136336630636165333236636630
+35653164333437383565396637343762646665333734303764623638323532363164653139333937
+39313834303531636434366663386435396266663930623733366261656634666531626234386239
+62613466313636326238303164666332633632333364636331396264396164646639653761373863
+66653761393734643362306538356263353265616330393635343737363666623962346261366134
+30393937376265626163376565343364323366383330613832366434313034316164636331653063
+65356630663634616465363231666163376437353038303934356561666363333663333239313031
+34356463613963633331646364336431333630633737623766623361336432646339373364303661
+37656630376137613232306163656430323236306632353837363536376161656365366531313363
+32623537303439343438656461363233353931356566323963363662303838666465363464353833
+39386230653962373333643135353533323737343265343334316234613736616639613435616165
+61373431353463643936613631393461393637356264366665383538653336353535613330376465
+65616261666463623236313437656232306164643538653562376539613736303761636531613862
+30323532343339343135356431303866333537346233336266363630346562646237646563313331
+35393039383436633230653030623637663030393539363163393930616330373166313161346336
+38373963393834396133363966636638336161666234346564623761303262366336363061343866
+38356238323366613066323264366337393232343331636532666462613263626332376561616334
+63373433663562353466353062643965623635643464393238363965636532643439383764626566
+33646437333365653563393337343537316437323038313339316135303564376161323863303665
+62373564343036333564646565393738306231646537393636356234613639663466636335393031
+35623562343566386261376163303939653861623364373433383363316134303236663361613062
+37346664386162333130323134616264373237393639376533383036323131633963363665633531
+62663533383666613464386638383965346331643837356331326661303034376163373362386134
+38353461343233626365
--- a/1
+++ b/1
@ -36,7 +36,6 @@ zirconium.binary-kitchen.net
 molybdenum.binary-kitchen.net
 ruthenium.binary-kitchen.net
 rhodium.binary-kitchen.net
-palladium.binary-kitchen.net
 argentum.binary-kitchen.net
 cadmium.binary-kitchen.net
 indium.binary-kitchen.net
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -1,3 +1,3 @@
 ---

-authentik_version: 2024.10.1
+authentik_version: 2024.10.2
--- a/roles/dns_intern/templates/bind/binary.kitchen.zone.j2
+++ b/roles/dns_intern/templates/bind/binary.kitchen.zone.j2
@ -1,19 +1,19 @@
 $ORIGIN binary.kitchen		; base for unqualified names
 $TTL 1h				; default time-to-live
@				IN	SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
-					2024100600; serial
+					2024111500; serial
 					1d; refresh
 					2h; retry
 					4w; expire
 					1h; minimum time-to-live
 				)
-				IN	NS	ns1.binary.kitchen.
-				IN	NS	ns2.binary.kitchen.
+@				IN	NS	ns1.binary.kitchen.
+@				IN	NS	ns2.binary.kitchen.
 ; Subdomains
 users				IN	NS	ns1.binary.kitchen.
 users				IN	NS	ns2.binary.kitchen.
 ; External
-				IN	A	213.166.246.4
+@				IN	A	213.166.246.4
 www				IN	A	213.166.246.4
 ; Aliases
 3dprinter			IN	A	172.23.3.251
--- a/roles/dns_intern/templates/dnsdist.conf.j2
+++ b/roles/dns_intern/templates/dnsdist.conf.j2
@ -9,17 +9,27 @@ newServer({address='127.0.0.1:5300', pool='authdns'})
 newServer({address='127.0.0.1:5353', pool='resolve'})

 {% if dns_secondary is defined %}
-- allow AXFR/IXFR only from slaves
+-- allow AXFR/IXFR only from secondary
 addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))
 {% endif %}

-- allow NOTIFY only from master
+-- allow NOTIFY only from primary
 addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))

 -- use auth servers for own zones
 addAction('binary.kitchen', PoolAction('authdns'))
 addAction('23.172.in-addr.arpa', PoolAction('authdns'))

+-- function to set RA flag
+function setRA(dq)
+  dq.dh:setRA(true)
+  return DNSResponseAction.None
+end
+
+-- set RA flag for queries to own zones
+addResponseAction('binary.kitchen', LuaResponseAction(setRA))
+addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))
+
 -- use resolver for anything else
 addAction(AllRule(), PoolAction('resolve'))

--- a/roles/freepbx/defaults/main.yml
+++ b/roles/freepbx/defaults/main.yml
@ -0,0 +1,19 @@
+---
+
+deploy_key_file: /root/.ssh/id_git_deploy_rsa
+
+asterisk_user: asterisk
+asterisk_group: asterisk
+
+repo_provisioning: gogs@git.binary-kitchen.de:noby/voip-yealink-provisioning.git
+repo_phonebook: gogs@git.binary-kitchen.de:noby/voip-yealink-phonebook.git
+repo_xml_browser: gogs@git.binary-kitchen.de:noby/voip-yealink-xml-browser.git
+
+path_yealink_provisioning: /tftpboot/yealink
+path_yealink_phonebook: /var/www/html/yealink_phonebook
+path_yealink_xml_browser: /opt/yealink_xml_browser
+
+composer_path: "{{ path_yealink_phonebook }}/composer"
+composer_keep_updated: false
+composer_version: ''
+composer_version_branch: '--2'
--- a/roles/freepbx/handlers/main.yml
+++ b/roles/freepbx/handlers/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart yealink-xml-browser
+  ansible.builtin.service:
+    name: yealink-xml-browser
+    state: restarted
--- a/roles/freepbx/meta/main.yml
+++ b/roles/freepbx/meta/main.yml
@ -0,0 +1,8 @@
+---
+galaxy_info:
+  author: Thomas Basler
+  description: Install FreePBX extensions
+  license: None
+  platforms:
+    - name: Debian
+  min_ansible_version: "2.4"
--- a/roles/freepbx/tasks/main.yml
+++ b/roles/freepbx/tasks/main.yml
@ -0,0 +1,18 @@
+---
+
+- name: Generate an OpenSSH keypair for gitea deploy usage
+  community.crypto.openssh_keypair:
+    path: "{{ deploy_key_file }}"
+
+- name: Wait for confirmation
+  ansible.builtin.pause:
+    prompt: Please confirm that you've distributed the public key to all repositories! Press return to continue. Press Ctrl+c and then "a" to abort
+
+- name: Include provisioning tasks
+  ansible.builtin.include_tasks: yealink_provisioning.yml
+
+- name: Include phonebook tasks
+  ansible.builtin.include_tasks: yealink_phonebook.yml
+
+- name: Include XML-Browser tasks
+  ansible.builtin.include_tasks: yealink_xml_browser.yml
--- a/roles/freepbx/tasks/yealink_phonebook.yml
+++ b/roles/freepbx/tasks/yealink_phonebook.yml
@ -0,0 +1,74 @@
+---
+
+- name: Check if requested version parameters are valid
+  fail:
+    msg: You cannot request a specific version AND keep the composer up to date.
+      Set either composer_version or composer_keep_updated, but not both.
+  when: composer_version != '' and composer_keep_updated
+
+- name: Set php_executable variable to a default if not defined.
+  ansible.builtin.set_fact:
+    php_executable: php
+  when: php_executable is not defined
+
+- name: Safe Directory
+  command: git config --global --add safe.directory {{ path_yealink_phonebook }}
+  check_mode: no
+
+- name: Clone Phonebook generation script
+  ansible.builtin.git: # noqa: latest
+    repo: "{{ repo_phonebook }}"
+    dest: "{{ path_yealink_phonebook }}"
+    force: true
+    accept_hostkey: true
+    key_file: "{{ deploy_key_file }}"
+
+- name: Change directory owner
+  ansible.builtin.file:
+    path: "{{ path_yealink_phonebook }}"
+    recurse: yes
+    owner: "{{ asterisk_user }}"
+    group: "{{ asterisk_group }}"
+
+- name: Check if Composer is installed.
+  ansible.builtin.stat:
+    path: "{{ composer_path }}"
+  register: composer_bin
+
+- name: Get Composer installer signature.
+  ansible.builtin.uri:
+    url: https://composer.github.io/installer.sig
+    return_content: true
+  check_mode: false
+  register: composer_installer_signature
+  when: not composer_bin.stat.exists
+
+- name: Download Composer installer.
+  ansible.builtin.get_url:
+    url: https://getcomposer.org/installer
+    dest: /tmp/composer-installer.php
+    mode: "0755"
+    checksum: "sha384:{{ composer_installer_signature.content }}"
+  when: not composer_bin.stat.exists
+
+- name: Run Composer installer.
+  ansible.builtin.command: >
+    {{ php_executable }} composer-installer.php {% if composer_version_branch %} {{ composer_version_branch }}{% elif composer_version %} --version={{ composer_version }}{% endif %}
+    chdir=/tmp
+  when: not composer_bin.stat.exists
+  become: true
+  become_user: asterisk
+
+- name: Move Composer into globally-accessible location.
+  ansible.builtin.command: >
+    mv /tmp/composer.phar {{ composer_path }}
+    creates={{ composer_path }}
+  when: not composer_bin.stat.exists
+
+- name: Install dependencies
+  community.general.composer:
+    command: update
+    composer_executable: "{{ composer_path }}"
+    working_dir: "{{ path_yealink_phonebook }}"
+  become: true
+  become_user: asterisk
--- a/roles/freepbx/tasks/yealink_provisioning.yml
+++ b/roles/freepbx/tasks/yealink_provisioning.yml
@ -0,0 +1,9 @@
+---
+
+- name: Clone Yealink Provisioning data
+  ansible.builtin.git: # noqa: latest
+    repo: "{{ repo_provisioning }}"
+    dest: "{{ path_yealink_provisioning }}"
+    force: true
+    accept_hostkey: true
+    key_file: "{{ deploy_key_file }}"
--- a/roles/freepbx/tasks/yealink_xml_browser.yml
+++ b/roles/freepbx/tasks/yealink_xml_browser.yml
@ -0,0 +1,32 @@
+---
+
+- name: Install dependencies
+  ansible.builtin.package:
+    name: "python3-venv"
+    state: present
+
+- name: Clone Yealink XML-Browser
+  ansible.builtin.git: # noqa: latest
+    repo: "{{ repo_xml_browser }}"
+    dest: "{{ path_yealink_xml_browser }}"
+    force: true
+    accept_hostkey: true
+    key_file: "{{ deploy_key_file }}"
+
+- name: Install specified python requirements in indicated (virtualenv)
+  ansible.builtin.pip:
+    requirements: "{{ path_yealink_xml_browser }}/requirements.txt"
+    virtualenv: "{{ path_yealink_xml_browser }}/.venv"
+    virtualenv_command: 'python3 -m venv'
+
+- name: Install systemd unit
+  template: src=yealink-xml-browser.service.j2 dest=/lib/systemd/system/yealink-xml-browser.service
+  notify:
+  - Reload systemd
+  - Restart yealink-xml-browser
+
+- name: Enable yealink-xml-browser
+  ansible.builtin.service:
+    name: yealink-xml-browser
+    state: started
+    enabled: yes
--- a/roles/freepbx/templates/yealink-xml-browser.service.j2
+++ b/roles/freepbx/templates/yealink-xml-browser.service.j2
@ -0,0 +1,17 @@
+[Unit]
+Description=Yealink XML-Browser
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User={{ asterisk_user }}
+Group={{ asterisk_group }}
+Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ path_yealink_xml_browser }}/.venv/bin"
+WorkingDirectory={{ path_yealink_xml_browser }}
+ExecStart={{ path_yealink_xml_browser }}/.venv/bin/python3 {{ path_yealink_xml_browser }}/main.py
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/netbox/defaults/main.yml
+++ b/roles/netbox/defaults/main.yml
@ -2,4 +2,4 @@

 netbox_group: netbox
 netbox_user: netbox
-netbox_version: 4.1.5
+netbox_version: 4.1.6
--- a/roles/pretalx/defaults/main.yml
+++ b/roles/pretalx/defaults/main.yml
@ -1,4 +0,0 @@
---
-
-pretalx_user: pretalx
-pretalx_group: pretalx
--- a/roles/pretalx/handlers/main.yml
+++ b/roles/pretalx/handlers/main.yml
@ -1,13 +0,0 @@
---
-
- name: Run acertmgr
-  command: /usr/bin/acertmgr
-
- name: Reload systemd
-  systemd: daemon_reload=yes
-
- name: Restart pretalx-web
-  service: name=pretalx-web state=restarted
-
- name: Restart pretalx-worker
-  service: name=pretalx-worker state=restarted
--- a/roles/pretalx/meta/main.yml
+++ b/roles/pretalx/meta/main.yml
@ -1,5 +0,0 @@
---
-
-dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }
--- a/roles/pretalx/tasks/main.yml
+++ b/roles/pretalx/tasks/main.yml
@ -1,125 +0,0 @@
---
-
- name: Create group
-  group: name={{ pretalx_group }}
-
- name: Create user
-  user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }}
-
- name: Create pretalx directories
-  file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }}
-  with_items:
-  - /etc/pretalx
-  - /opt/pretalx
-  - /opt/pretalx/data
-  - /opt/pretalx/data/media
-  - /opt/pretalx/static
-
- name: Install dependencies
-  apt:
-    name:
-    - build-essential
-    - gettext
-    - libssl-dev
-    - nodejs
-    - npm
-    - python3-setuptools
-    - python3-dev
-    - python3-pip
-    - python3-venv
-
- name: Install PostgreSQL
-  apt:
-    name:
-    - postgresql
-    - python3-psycopg2
-
- name: Configure PostgreSQL user
-  postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }}
-  become: true
-  become_user: postgres
-
- name: Configure PostgreSQL database
-  postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }}
-  become: true
-  become_user: postgres
-
- name: Install redis
-  apt: name=redis-server
-
- name: Install pretalx
-  pip:
-    name:
-    - gunicorn
-    - pretalx[postgres,redis]
-    - psycopg2-binary
-    virtualenv: /opt/pretalx/venv
-    virtualenv_command: "python3 -m venv"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  register: pretalx_install
-
- name: Configure pretalx
-  template:
-    src: pretalx.cfg.j2
-    dest: /etc/pretalx/pretalx.cfg
-    owner: "{{ pretalx_user }}"
-    group: "{{ pretalx_group }}"
-  notify:
-  - Restart pretalx-web
-  - Restart pretalx-worker
-
- name: Run migration script
-  command:
-    cmd: "./venv/bin/python3 -m pretalx migrate"
-    chdir: "/opt/pretalx"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  when: pretalx_install.changed
-
- name: Run rebuild script
-  command:
-    cmd: "./venv/bin/python3 -m pretalx rebuild"
-    chdir: "/opt/pretalx"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  when: pretalx_install.changed
-
- name: Enable pretalx cronjob
-  cron:
-    user: "{{ pretalx_user }}"
-    name: pretalx
-    minute: "*/5"
-    job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null"
-
- name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt
-  notify: Restart nginx
-
- name: Configure certificate manager for pretalx
-  template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf
-  notify: Run acertmgr
-
- name: Configure vhost
-  template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx
-  notify: Restart nginx
-
- name: Enable vhost
-  file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link
-  notify: Restart nginx
-
- name: Install systemd units
-  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
-  with_items:
-  - pretalx-web
-  - pretalx-worker
-  notify:
-  - Reload systemd
-  - Restart pretalx-web
-  - Restart pretalx-worker
-
- name: Enable services
-  service: name={{ item }} state=started enabled=yes
-  with_items:
-  - pretalx-web
-  - pretalx-worker
--- a/roles/pretalx/templates/certs.j2
+++ b/roles/pretalx/templates/certs.j2
@ -1,15 +0,0 @@
---
-
-{{ pretalx_domain }}:
- path: /etc/nginx/ssl/{{ pretalx_domain }}.key
-  user: root
-  group: root
-  perm: '400'
-  format: key
-  action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt
-  user: root
-  group: root
-  perm: '400'
-  format: crt,ca
-  action: '/usr/sbin/service nginx restart'
--- a/roles/pretalx/templates/pretalx-web.service.j2
+++ b/roles/pretalx/templates/pretalx-web.service.j2
@ -1,18 +0,0 @@
-[Unit]
-Description=pretalx web service
-After=network.target
-
-[Service]
-User={{ pretalx_user }}
-Group={{ pretalx_group }}
-Environment="VIRTUAL_ENV=/opt/pretalx/venv"
-Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
-ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \
-                      --name pretalx --workers 5 \
-                      --max-requests 1200  --max-requests-jitter 50 \
-                      --log-level=info --bind=127.0.0.1:8345
-WorkingDirectory=/opt/pretalx
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx-worker.service.j2
+++ b/roles/pretalx/templates/pretalx-worker.service.j2
@ -1,15 +0,0 @@
-[Unit]
-Description=pretalx background worker
-After=network.target
-
-[Service]
-User={{ pretalx_user }}
-Group={{ pretalx_group }}
-Environment="VIRTUAL_ENV=/opt/pretalx/venv"
-Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
-ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info
-WorkingDirectory=/opt/pretalx
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx.cfg.j2
+++ b/roles/pretalx/templates/pretalx.cfg.j2
@ -1,27 +0,0 @@
-[filesystem]
-data = /opt/pretalx/data
-static = /opt/pretalx/static
-
-[site]
-debug = False
-url = https://{{ pretalx_domain }}
-
-[database]
-backend = postgresql
-name = {{ pretalx_dbname }}
-user = {{ pretalx_dbuser }}
-password = {{ pretalx_dbpass }}
-host =
-
-[mail]
-from={{ pretalx_mail }}
-host={{ mail_server }}
-tls = True
-
-[redis]
-location=redis://127.0.0.1/0
-sessions=true
-
-[celery]
-backend=redis://127.0.0.1/1
-broker=redis://127.0.0.1/2
--- a/roles/pretalx/templates/vhost.j2
+++ b/roles/pretalx/templates/vhost.j2
@ -1,49 +0,0 @@
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name {{ pretalx_domain }};
-
-	location /.well-known/acme-challenge {
-		default_type "text/plain";
-		alias /var/www/acme-challenge;
-	}
-
-	location / {
-		return 301 https://{{ pretalx_domain }}$request_uri;
-	}
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name {{ pretalx_domain }};
-
-	ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key;
-	ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt;
-
-	add_header Referrer-Policy same-origin;
-	add_header X-Content-Type-Options nosniff;
-
-	location / {
-		proxy_pass http://localhost:8345;
-		client_max_body_size 32M;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto https;
-		proxy_set_header Host $http_host;
-	}
-
-	location /media/ {
-		alias /opt/pretalx/data/media/;
-		expires 7d;
-		access_log off;
-	}
-
-	location /static/ {
-		alias /opt/pretalx/static/;
-		access_log off;
-		expires 365d;
-		add_header Cache-Control "public";
-	}
-}
--- a/roles/web/files/certs
+++ b/roles/web/files/certs
@ -42,6 +42,20 @@ www.ccc-r.de:
  format: key
  action: '/usr/sbin/service nginx restart'

+fahrplan.eh21.easterhegg.eu:
+- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+
 www.makerspace-regensburg.de:
 - path: /etc/nginx/ssl/www.makerspace-regensburg.de.crt
  user: root
--- a/roles/web/files/vhost
+++ b/roles/web/files/vhost
@ -145,7 +145,7 @@ server {
 	ssl_certificate_key /etc/nginx/ssl/autoconfig.binary-kitchen.de.key;
 	ssl_certificate /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt;

-	root /var/www/autconfig;
+	root /var/www/autoconfig;

 	default_type text/html;
 }
@ -180,6 +180,41 @@ server {
 	default_type text/html;
 }

+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name fahrplan.eh21.easterhegg.eu;
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://fahrplan.eh21.easterhegg.eu$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name fahrplan.eh21.easterhegg.eu;
+
+	ssl_certificate_key /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key;
+	ssl_certificate /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt;
+
+	root /var/www/eh21-fahrplan;
+
+	location = / {
+		return 301 https://fahrplan.eh21.easterhegg.eu/eh/;
+	}
+
+	default_type text/html;
+}
+
+
 server {
 	listen 80;
 	listen [::]:80;
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@ -15,6 +15,7 @@
  - autoconfig
  - autoconfig/mail
  - ccc-r
+  - eh21-fahrplan
  - makerspace-regensburg
  - kitchen

@ -30,6 +31,10 @@
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
  notify: Restart nginx

+- name: Ensure (EH21 fahrplan) certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key -out /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt -days 730 -subj "/CN=fahrplan.eh21.easterhegg.eu" creates=/etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
+  notify: Restart nginx
+
 - name: Ensure (MS-R) certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
  notify: Restart nginx
@ -65,3 +70,14 @@

 - name: Start php8.2-fpm
  service: name=php8.2-fpm state=started enabled=yes
+
+- name: Enable monitoring
+  include_role: name=icinga-monitor tasks_from=http
+  vars:
+    vhost: "{{ item }}"
+  with_items:
+  - "www.binary-kitchen.de"
+  - "autoconfig.binary-kitchen.de"
+  - "www.ccc-r.de"
+  - "www.makerspace-regensburg.de"
+  - "fahrplan.eh21.easterhegg.eu"
--- a/site.yml
+++ b/site.yml
@ -7,7 +7,7 @@
  - root_keys

 - name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
+  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
  roles:
  - uau

@ -153,11 +153,6 @@
  roles:
  - pretix

- name: Setup event pretalx server
-  hosts: palladium.binary-kitchen.net
-  roles:
-  - pretalx
-
 - name: Setup event netbox server
  hosts: cadmium.binary-kitchen.net
  roles:
Author	SHA1	Message	Date
Thomas Basler	288a23b412	freepbx: Install self developed yealink packages	2024-11-22 20:21:56 +01:00
Markus Hauschild	583f6d3e82	group_vars: remove unused vars	2024-11-18 16:29:24 +01:00
Markus Hauschild	10f7450bc6	pretalx: remove role (was on palladium.binary-kitchen.net)	2024-11-18 16:28:04 +01:00
Markus Hauschild	9179a8a1f6	dns_intern: set RA flag on answers from auth for own zones	2024-11-17 19:32:02 +01:00
Markus Hauschild	29d008ca04	dns_intern: fix broken dns delegation use "@" instead of "" to prevent this from happening again	2024-11-15 19:56:03 +01:00
Markus Hauschild	744aed3b60	authentik: bump to version 2024.10.2	2024-11-14 23:45:57 +01:00
Markus Hauschild	1e664169bd	web: add monitoring	2024-11-11 20:04:38 +01:00
Markus Hauschild	d5edf48ea1	web: fix typo	2024-11-11 20:04:27 +01:00
Markus Hauschild	19d2545f1f	web: new vhost fahrplan.eh21.easterhegg.eu this will serve a static dump of the fahrplan and replace the pretalx instance	2024-11-11 19:23:50 +01:00
Markus Hauschild	b3038ec3dd	netbox: bump to version 4.1.6	2024-11-11 18:26:10 +01:00