kea: added reservation for chromecast keller video

kea: added reservation for chromecast workshop audio
kea: added reservation for wled flux
2025-01-06 21:46:32 +01:00 · 2025-01-06 20:58:49 +01:00 · 2025-01-06 20:57:01 +01:00 · 2025-01-04 14:04:56 +01:00 · 2025-01-03 14:40:30 +01:00 · 2025-01-03 14:27:14 +01:00
41 changed files with 300 additions and 80 deletions
--- a/README.md
+++ b/README.md
@ -15,25 +15,26 @@ Currently the following hosts are installed:

 ### Internal Servers

-| Hostname                  | OS        | Purpose                 |
-| ------------------------- | --------- | ----------------------- |
-| wurst.binary.kitchen      | Proxmox 8 | VM Host                 |
-| salat.binary.kitchen      | Proxmox 8 | VM Host                 |
-| weizen.binary.kitchen     | Proxmox 8 | VM Host                 |
-| bacon.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| aveta.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| aeron.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| sulis.binary.kitchen      | Debian 12 | Shell                   |
-| nabia.binary.kitchen      | Debian 12 | Monitoring              |
-| epona.binary.kitchen      | Debian 12 | NetBox                  |
-| pizza.binary.kitchen      | Debian 11 | OpenHAB *               |
-| pancake.binary.kitchen    | Debian 12 | XRDP                    |
-| knoedel.binary.kitchen    | Debian 12 | SIP-DECT OMM            |
-| bob.binary.kitchen        | Debian 12 | Gitea Actions           |
-| lasagne.binary.kitchen    | Debian 12 | Home Assistant *        |
-| tschunk.binary.kitchen    | Debian 12 | Strichliste             |
-| bowle.binary.kitchen      | Debian 12 | Files                   |
-| lock-auweg.binary.kitchen | Debian 12 | Doorlock                |
+| Hostname                    | OS        | Purpose                 |
+| --------------------------- | --------- | ----------------------- |
+| wurst.binary.kitchen        | Proxmox 8 | VM Host                 |
+| salat.binary.kitchen        | Proxmox 8 | VM Host                 |
+| weizen.binary.kitchen       | Proxmox 8 | VM Host                 |
+| bacon.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| aveta.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| aeron.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| sulis.binary.kitchen        | Debian 12 | Shell                   |
+| nabia.binary.kitchen        | Debian 12 | Monitoring              |
+| epona.binary.kitchen        | Debian 12 | NetBox                  |
+| pizza.binary.kitchen        | Debian 11 | OpenHAB *               |
+| pancake.binary.kitchen      | Debian 12 | XRDP                    |
+| knoedel.binary.kitchen      | Debian 12 | SIP-DECT OMM            |
+| schweinshaxn.binary.kitchen | Debian 12 | FreePBX                 |
+| bob.binary.kitchen          | Debian 12 | Gitea Actions           |
+| lasagne.binary.kitchen      | Debian 12 | Home Assistant *        |
+| tschunk.binary.kitchen      | Debian 12 | Strichliste             |
+| bowle.binary.kitchen        | Debian 12 | Files                   |
+| lock-auweg.binary.kitchen   | Debian 12 | Doorlock                |

 \*: The main application is not managed by ansible but manually installed

@ -63,6 +64,5 @@ Currently the following hosts are installed:
 | palladium.binary-kitchen.net  | Debian 12 | Event pretalx           |
 | argentum.binary-kitchen.net   | Debian 12 | Event Web *             |
 | cadmium.binary-kitchen.net    | Debian 12 | Event NetBox *          |
-| indium.binary-kitchen.net     | Debian 12 | Igel CAM *              |

 \*: The main application is not managed by ansible but manually installed
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -106,6 +106,7 @@ mail_aliases:
 - "seife@binary-kitchen.de	anke@binary-kitchen.de"
 - "siebdruck@binary-kitchen.de	anke@binary-kitchen.de"
 - "therapy-jetzt@binary-kitchen.de	darthrain@binary-kitchen.de"
+- "toepferwerkstatt@binary-kitchen.de	anke@binary-kitchen.de,meet_judith@binary-kitchen.de"
 - "vorstand@binary-kitchen.de	anke@binary-kitchen.de,christoph@schindlbeck.eu,ralf@binary-kitchen.de,zaesa@binary-kitchen.de"
 - "voucher1@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher2@binary-kitchen.de	exxess@binary-kitchen.de"
--- a/host_vars/aeron.binary.kitchen
+++ b/host_vars/aeron.binary.kitchen
@ -6,4 +6,4 @@ slapd_hostname: ldap3.binary.kitchen
 slapd_replica_id: 3
 slapd_role: slave

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/bacon.binary.kitchen
+++ b/host_vars/bacon.binary.kitchen
@ -16,4 +16,4 @@ slapd_hostname: ldap1.binary.kitchen
 slapd_replica_id: 1
 slapd_role: slave

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/bowle.binary.kitchen
+++ b/host_vars/bowle.binary.kitchen
@ -5,4 +5,4 @@ nfs_exports:
 - /exports/backup/rz 172.23.9.61(rw,sync,no_subtree_check)
 - /exports/tank 172.23.0.0/22(rw,sync,no_subtree_check)

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/lasagne.binary.kitchen
+++ b/host_vars/lasagne.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/pizza.binary.kitchen
+++ b/host_vars/pizza.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/ruthenium.binary-kitchen.net
+++ b/host_vars/ruthenium.binary-kitchen.net
@ -4,4 +4,4 @@ root_keys_host:
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6uNwYKF3rqleM/HP95M+rsm+gwKY8epdtW2OutneY9 ralf@pluto"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/schweinshaxn.binary.kitchen
+++ b/host_vars/schweinshaxn.binary.kitchen
@ -0,0 +1,4 @@
+---
+
+root_keys_host:
+- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
--- a/host_vars/tschunk.binary.kitchen
+++ b/host_vars/tschunk.binary.kitchen
@ -4,4 +4,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "true"
+unattended_reboot: "true"
--- a/2
+++ b/2
@ -8,6 +8,7 @@ epona.binary.kitchen ansible_host=172.23.2.7
 pizza.binary.kitchen ansible_host=172.23.2.33
 pancake.binary.kitchen ansible_host=172.23.2.34
 knoedel.binary.kitchen ansible_host=172.23.2.35
+schweinshaxn.binary.kitchen ansible_host=172.23.2.36
 bob.binary.kitchen ansible_host=172.23.2.37
 lasagne.binary.kitchen ansible_host=172.23.2.38
 tschunk.binary.kitchen ansible_host=172.23.2.39
@ -38,4 +39,3 @@ ruthenium.binary-kitchen.net
 rhodium.binary-kitchen.net
 argentum.binary-kitchen.net
 cadmium.binary-kitchen.net
-indium.binary-kitchen.net
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -1,3 +1,3 @@
 ---

-authentik_version: 2024.10.2
+authentik_version: 2024.12.1
--- a/roles/authentik/templates/authentik.service.j2
+++ b/roles/authentik/templates/authentik.service.j2
@ -15,8 +15,6 @@ TimeoutStartSec=1200

 WorkingDirectory=/opt/authentik

-# Make sure no old containers are running
-ExecStartPre=/usr/bin/docker-compose down -v
 # Update images
 ExecStartPre=-/usr/bin/docker-compose pull --quiet

--- a/roles/authentik/templates/docker-compose.yml.j2
+++ b/roles/authentik/templates/docker-compose.yml.j2
@ -45,8 +45,10 @@ services:
    ports:
      - "127.0.0.1:9000:9000"
    depends_on:
-      - postgresql
-      - redis
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:{{ authentik_version }}
    restart: unless-stopped
@ -71,5 +73,7 @@ services:
      - ./certs:/certs
      - ./custom-templates:/templates
    depends_on:
-      - postgresql
-      - redis
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -9,3 +9,5 @@ logrotate_excludes:

 sshd_password_authentication: "no"
 sshd_permit_root_login: "prohibit-password"
+
+unattended_reboot: "true"
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@ -4,6 +4,7 @@
  apt:
    name:
    - apt-transport-https
+    - debian-goodies
    - dnsutils
    - fdisk
    - gnupg2
@ -15,6 +16,7 @@
    - pydf
    - rsync
    - sudo
+    - unattended-upgrades
    - vim-nox
    - wget
    - zsh
@ -26,6 +28,12 @@
    - qemu-guest-agent
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"

+- name: Configure unattended upgrades
+  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
+  with_items:
+  - 02periodic
+  - 50unattended-upgrades
+
 - name: Configure misc software
  copy: src={{ item.src }} dest={{ item.dest }}
  diff: no
--- a/roles/common/tasks/Proxmox.yml
+++ b/roles/common/tasks/Proxmox.yml
@ -9,6 +9,7 @@
    - less
    - rsync
    - vim-nox
+    - wget
    - zsh

 - name: Configure misc software
--- a/roles/common/tasks/chrony.yml
+++ b/roles/common/tasks/chrony.yml
@ -6,3 +6,6 @@
 - name: Configure chrony
  template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
  notify: Restart chrony
+
+- name: Start chrony
+  service: name=chrony state=started enabled=yes
--- a/roles/common/templates/02periodic.j2
+++ b/roles/common/templates/02periodic.j2
--- a/roles/common/templates/50unattended-upgrades.j2
+++ b/roles/common/templates/50unattended-upgrades.j2
@ -113,7 +113,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true";

 // Automatically reboot *WITHOUT CONFIRMATION* if
 //  the file /var/run/reboot-required is found after the upgrade
-Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
+Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}";

 // Automatically reboot even if there are users currently logged in
 // when Unattended-Upgrade::Automatic-Reboot is set to true
--- a/roles/freepbx/defaults/main.yml
+++ b/roles/freepbx/defaults/main.yml
@ -0,0 +1,12 @@
+---
+
+deploy_key_file: /root/.ssh/id_git_deploy_rsa
+
+asterisk_user: asterisk
+asterisk_group: asterisk
+
+repo_provisioning: gogs@git.binary-kitchen.de:noby/voip-yealink-provisioning.git
+repo_utilities: gogs@git.binary-kitchen.de:noby/voip-yealink-xml-browser.git
+
+path_yealink_provisioning: /tftpboot/yealink
+path_yealink_utilities: /opt/yealink_utilities
--- a/roles/freepbx/handlers/main.yml
+++ b/roles/freepbx/handlers/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart yealink-utilities
+  ansible.builtin.service:
+    name: yealink-utilities
+    state: restarted
--- a/roles/freepbx/meta/main.yml
+++ b/roles/freepbx/meta/main.yml
@ -0,0 +1,8 @@
+---
+galaxy_info:
+  author: Thomas Basler
+  description: Install FreePBX extensions
+  license: None
+  platforms:
+    - name: Debian
+  min_ansible_version: "2.4"
--- a/roles/freepbx/tasks/main.yml
+++ b/roles/freepbx/tasks/main.yml
@ -0,0 +1,20 @@
+---
+
+- name: Generate an OpenSSH keypair for gitea deploy usage
+  community.crypto.openssh_keypair:
+    path: "{{ deploy_key_file }}"
+
+- name: Wait for confirmation
+  ansible.builtin.pause:
+    prompt: Please confirm that you've distributed the public key to all repositories! Press return to continue. Press Ctrl+c and then "a" to abort
+
+- name: Install required packages
+  ansible.builtin.apt:
+    name:
+      - php-ldap
+
+- name: Include provisioning tasks
+  ansible.builtin.include_tasks: yealink_provisioning.yml
+
+- name: Include XML-Utilities tasks
+  ansible.builtin.include_tasks: yealink_utilities.yml
--- a/roles/freepbx/tasks/yealink_provisioning.yml
+++ b/roles/freepbx/tasks/yealink_provisioning.yml
@ -0,0 +1,9 @@
+---
+
+- name: Clone Yealink Provisioning data
+  ansible.builtin.git: # noqa: latest
+    repo: "{{ repo_provisioning }}"
+    dest: "{{ path_yealink_provisioning }}"
+    force: true
+    accept_hostkey: true
+    key_file: "{{ deploy_key_file }}"
--- a/roles/freepbx/tasks/yealink_utilities.yml
+++ b/roles/freepbx/tasks/yealink_utilities.yml
@ -0,0 +1,53 @@
+---
+
+- name: Install dependencies
+  ansible.builtin.package:
+    name: "python3-venv"
+    state: present
+
+- name: Check if .gitignore contains "{{ path_yealink_utilities }}"
+  ansible.builtin.command: grep "directory = {{ path_yealink_utilities }}" /root/.gitconfig
+  register: gitignore_check
+  ignore_errors: true
+
+- name: "Patch /root/.gitconfig"
+  ansible.builtin.command: |-
+    git config --global --add safe.directory {{ path_yealink_utilities }}
+  when: gitignore_check.rc != 0
+
+- name: Clone Yealink Utilities
+  ansible.builtin.git: # noqa: latest
+    repo: "{{ repo_utilities }}"
+    dest: "{{ path_yealink_utilities }}"
+    force: true
+    accept_hostkey: true
+    key_file: "{{ deploy_key_file }}"
+
+- name: Ensure directory permissions
+  ansible.builtin.file:
+    path: "{{ path_yealink_utilities }}"
+    state: directory
+    recurse: true
+    owner: "{{ asterisk_user }}"
+    group: "{{ asterisk_group }}"
+
+- name: Install specified python requirements in indicated (virtualenv)
+  ansible.builtin.pip:
+    requirements: "{{ path_yealink_utilities }}/requirements.txt"
+    virtualenv: "{{ path_yealink_utilities }}/.venv"
+    virtualenv_command: 'python3 -m venv'
+
+- name: Install systemd unit
+  ansible.builtin.template:
+    src: yealink-utilities.service.j2
+    dest: /etc/systemd/system/yealink-utilities.service
+    mode: "0644"
+  notify:
+    - Reload systemd
+    - Restart yealink-utilities
+
+- name: Enable yealink-utilities
+  ansible.builtin.service:
+    name: yealink-utilities
+    state: started
+    enabled: true
--- a/roles/freepbx/templates/yealink-utilities.service.j2
+++ b/roles/freepbx/templates/yealink-utilities.service.j2
@ -0,0 +1,17 @@
+[Unit]
+Description=Yealink XML-Browser
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User={{ asterisk_user }}
+Group={{ asterisk_group }}
+Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ path_yealink_utilities }}/.venv/bin"
+WorkingDirectory={{ path_yealink_utilities }}
+ExecStart={{ path_yealink_utilities }}/.venv/bin/python3 {{ path_yealink_utilities }}/run.py
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -3,5 +3,5 @@
 gitea_user: gogs
 gitea_group: gogs

-gitea_version: 1.22.3
+gitea_version: 1.22.6
 gitea_url: https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
--- a/roles/hedgedoc/templates/hedgedoc.service.j2
+++ b/roles/hedgedoc/templates/hedgedoc.service.j2
@ -15,8 +15,6 @@ TimeoutStartSec=1200

 WorkingDirectory=/opt/hedgedoc

-# Make sure no old containers are running
-ExecStartPre=/usr/bin/docker-compose down -v
 # Update images
 ExecStartPre=-/usr/bin/docker-compose pull --quiet

--- a/roles/indium_dummy/meta/main.yml
+++ b/roles/indium_dummy/meta/main.yml
@ -1,5 +0,0 @@
---
-
-dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }
--- a/roles/indium_dummy/tasks/main.yml
+++ b/roles/indium_dummy/tasks/main.yml
@ -1 +0,0 @@
---
--- a/roles/kea/templates/kea/kea-dhcp4.conf.j2
+++ b/roles/kea/templates/kea/kea-dhcp4.conf.j2
@ -32,7 +32,7 @@
            "parameters": {
                "high-availability": [ {
                    "this-server-name": "{{ inventory_hostname.split('.')[0] }}",
-                    "mode": "hot-standby",
+                    "mode": "load-balancing",
                    "heartbeat-delay": 10000,
                    "max-response-delay": 60000,
                    "max-ack-delay": 5000,
@ -42,12 +42,14 @@
                        {
                            "name": "{{ lookup('dig', dhcpd_primary+'/PTR', '@'+dns_primary).split('.')[0] }}",
                            "url": "http://{{ dhcpd_primary }}:8000/",
-                            "role": "primary"
+                            "role": "primary",
+                            "auto-failover": true
                        },
                        {
                            "name": "{{ lookup('dig', dhcpd_secondary+'/PTR', '@'+dns_primary).split('.')[0] }}",
                            "url": "http://{{ dhcpd_secondary }}:8000/",
-                            "role": "standby"
+                            "role": "secondary",
+                            "auto-failover": true
                        }
                    ]
                } ]
@ -292,6 +294,26 @@
                    "hostname": "cannelloni"
                },

+                {
+                    "hw-address": "7c:d9:5c:3f:ca:70",
+                    "hostname": "cc-keller-video"
+                },
+
+                {
+                    "hw-address": "54:60:09:f6:49:52",
+                    "hostname": "cc-wohnzimmer-audio"
+                },
+
+                {
+                    "hw-address": "30:fd:38:ce:5a:01",
+                    "hostname": "cc-wohnzimmer-video"
+                },
+
+                {
+                    "hw-address": "54:60:09:f4:da:1c",
+                    "hostname": "cc-workshop-audio"
+                },
+
                {
                    "hw-address": "b8:27:eb:1d:b9:bf",
                    "ip-address": "172.23.3.240",
@ -419,6 +441,16 @@
                    "hw-address": "dc:a6:32:bf:e2:3e",
                    "ip-address": "172.23.4.251",
                    "hostname": "openhabgw1"
+                },
+
+                {
+                    "hw-address": "40:f5:20:28:c7:9b",
+                    "hostname": "wled-flux"
+                },
+
+                {
+                    "hw-address": "08:f9:e0:e4:51:30",
+                    "hostname": "wled-stairs"
                }
            ]
        },
--- a/roles/netbox/defaults/main.yml
+++ b/roles/netbox/defaults/main.yml
@ -2,4 +2,4 @@

 netbox_group: netbox
 netbox_user: netbox
-netbox_version: 4.1.6
+netbox_version: 4.1.8
--- a/roles/uau/defaults/main.yml
+++ b/roles/uau/defaults/main.yml
@ -1,3 +0,0 @@
---
-
-uau_reboot: "true"
--- a/roles/uau/tasks/main.yml
+++ b/roles/uau/tasks/main.yml
@ -1,13 +0,0 @@
---
-
- name: Install unattended upgrades
-  apt:
-    name:
-    - unattended-upgrades
-    - debian-goodies
-
- name: Configure unattended upgrades
-  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
-  with_items:
-  - 02periodic
-  - 50unattended-upgrades
--- a/roles/vaultwarden/templates/vaultwarden.service.j2
+++ b/roles/vaultwarden/templates/vaultwarden.service.j2
@ -15,8 +15,6 @@ TimeoutStartSec=1200

 WorkingDirectory=/opt/vaultwarden

-# Make sure no old containers are running
-ExecStartPre=/usr/bin/docker-compose down -v
 # Update images
 ExecStartPre=-/usr/bin/docker-compose pull --quiet

--- a/roles/web/files/certs
+++ b/roles/web/files/certs
@ -28,6 +28,20 @@ autoconfig.binary-kitchen.de:
  format: key
  action: '/usr/sbin/service nginx restart'

+door.binary-kitchen.de:
+- path: /etc/nginx/ssl/door.binary-kitchen.de.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/door.binary-kitchen.de.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+
 www.ccc-r.de:
 - path: /etc/nginx/ssl/www.ccc-r.de.crt
  user: root
--- a/roles/web/files/vhost
+++ b/roles/web/files/vhost
@ -244,3 +244,51 @@ server {

 	default_type text/html;
 }
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name door.binary-kitchen.de;
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://door.binary-kitchen.de$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name door.binary-kitchen.de;
+
+	ssl_certificate_key /etc/nginx/ssl/door.binary-kitchen.de.key;
+	ssl_certificate /etc/nginx/ssl/door.binary-kitchen.de.crt;
+
+	root /var/www/kitchen-doorbot;
+
+	client_max_body_size 32M;
+
+	index index.php;
+
+	location / {
+		try_files $uri $uri/ @rewrite;
+	}
+	location @rewrite {
+		rewrite ^/(.*)$ /index.php?path=$1 last;
+	}
+
+	location ~ \.php(?:$|/) {
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_pass unix:/var/run/php/php8.2-fpm-www.sock;
+		fastcgi_intercept_errors on;
+	}
+}
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@ -3,6 +3,7 @@
 - name: Install dependencies
  apt:
    name:
+    - php-curl
    - php-fpm
    - php-ldap
    - php-sqlite3
@ -18,6 +19,7 @@
  - eh21-fahrplan
  - makerspace-regensburg
  - kitchen
+  - kitchen-doorbot

 - name: Ensure (BK) certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.binary-kitchen.de.key -out /etc/nginx/ssl/www.binary-kitchen.de.crt -days 730 -subj "/CN=www.binary-kitchen.de" creates=/etc/nginx/ssl/www.binary-kitchen.de.crt
@ -27,6 +29,10 @@
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/autoconfig.binary-kitchen.de.key -out /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt -days 730 -subj "/CN=autoconfig.binary-kitchen.de" creates=/etc/nginx/ssl/autoconfig.binary-kitchen.de.crt
  notify: Restart nginx

+- name: Ensure (BK doorbot) certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/door.binary-kitchen.de.key -out /etc/nginx/ssl/door.binary-kitchen.de.crt -days 730 -subj "/CN=door.binary-kitchen.de" creates=/etc/nginx/ssl/door.binary-kitchen.de.crt
+  notify: Restart nginx
+
 - name: Ensure (CCC-R) certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
  notify: Restart nginx
@ -78,6 +84,7 @@
  with_items:
  - "www.binary-kitchen.de"
  - "autoconfig.binary-kitchen.de"
+  - "door.binary-kitchen.de"
  - "www.ccc-r.de"
  - "www.makerspace-regensburg.de"
  - "fahrplan.eh21.easterhegg.eu"
--- a/roles/xrdp_apphost/defaults/main.yml
+++ b/roles/xrdp_apphost/defaults/main.yml
@ -31,8 +31,8 @@ xrdp_applications:
    salt: "{{ vault_xrdp_apphost_lightburn_salt }}"
    git_config_folder: /home/lightburn/.config/LightBurn/

-    checksum: sha256:c366f542a32b93e2e0f9e9b03c3cba4dcedecbadec09d94a053c19dae2f69cc8
-    version: 1.5.03
+    checksum: sha256:369eeccf3b3631e095324645631a516f311616486342075e056a83fdb9877c4a
+    version: 1.7.04

  Estlcam:
    user: estlcam
@ -52,7 +52,7 @@ xrdp_applications:
    version_base: 2.7.2
    version: 2.7.2+linux-x64-GTK3-202402291307

-lightburn_url: https://github.com/LightBurnSoftware/deployment/releases/download/{{ xrdp_applications.LightBurn.version }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
+lightburn_url: https://release.lightburnsoftware.com/LightBurn/Release/LightBurn-v{{ xrdp_applications.LightBurn.version }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
 lightburn_target: /home/{{ xrdp_applications.LightBurn.user }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run

 slicer_url: https://github.com/prusa3d/PrusaSlicer/releases/download/version_{{ xrdp_applications.Slicer.version_base }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
--- a/site.yml
+++ b/site.yml
@ -6,11 +6,6 @@
  - common
  - root_keys

- name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
-  roles:
-  - uau
-
 - name: Setup Proxmox VE SSL
  hosts: [salat.binary.kitchen, wurst.binary.kitchen, weizen.binary.kitchen]
  roles:
@ -52,6 +47,11 @@
  roles:
  - omm

+- name: Setup FreePBX server
+  hosts: schweinshaxn.binary.kitchen
+  roles:
+  - freepbx
+
 - name: Setup gitea runner server
  hosts: bob.binary.kitchen
  roles:
@ -158,11 +158,6 @@
  roles:
 # - netbox

- name: Setup igelcam server
-  hosts: indium.binary-kitchen.net
-  roles:
-  - indium_dummy
-
 - name: Setup event web server
  hosts: argentum.binary-kitchen.net
  roles:
Author	SHA1	Message	Date
Thomas Basler	4de2ae7e1a	kea: added reservation for chromecast keller video	2025-01-06 21:46:32 +01:00
Thomas Basler	4aabb72831	kea: added reservation for chromecast workshop audio	2025-01-06 20:58:49 +01:00
Thomas Basler	464e80c35e	kea: added reservation for wled flux	2025-01-06 20:57:01 +01:00
Thomas Basler	7b196dd94f	kea: added reservation for chromecast wohnzimmer audio	2025-01-04 14:04:56 +01:00
Thomas Basler	aad0591c16	web: Require curl for mastodon bot	2025-01-03 14:40:30 +01:00
Markus Hauschild	37f6ab1e3e	authentik: bump to version 2024.12.1	2025-01-03 14:27:14 +01:00
Thomas Basler	05f664e900	Add vhost for mastodon bot	2025-01-03 14:02:44 +01:00
Thomas Basler	7577f13c76	kea: added reservation for chromecast wohnzimmer video	2025-01-03 14:02:32 +01:00
Thomas Basler	898052c28f	kea: added reservation for wled stairs	2025-01-03 14:02:32 +01:00
Thomas Basler	f8fdd47bd4	xrdp_apphost: Upgrade LightBurn from 1.5.03 to 1.7.04	2025-01-03 14:02:02 +01:00
Markus Hauschild	8a3e5ba9a8	decommission host indium.binary-kitchen.net	2024-12-26 21:35:45 +01:00
Markus Hauschild	394e2e8026	netbox: bump to version 4.1.8	2024-12-18 11:41:00 +01:00
Markus Hauschild	62d33f4652	gitea: bump to version 1.22.6	2024-12-18 11:35:11 +01:00
Markus Hauschild	bf72143ee4	authentik: bump to version 2024.10.5	2024-12-18 11:33:18 +01:00
Markus Hauschild	3c37b9f2d9	new mail alias: toepferwerkstatt@binary-kitchen.de	2024-12-12 21:58:31 +01:00
Markus Hauschild	ebdde070da	README: fix formatting	2024-12-11 15:04:49 +01:00
Markus Hauschild	60f4024cf1	new host: schweinshaxn.binary.kitchen (FreePBX)	2024-12-11 15:03:58 +01:00
Thomas Basler	5174aead5f	freepbx: Install additional required packages	2024-12-11 14:51:45 +01:00
Thomas Basler	3d91267020	freepbx: Cleanup and only use flask based application	2024-12-11 14:51:45 +01:00
Thomas Basler	e3a79a0307	freepbx: Install self developed yealink packages	2024-12-11 14:51:45 +01:00
Markus Hauschild	4f1790d815	kea: remove whitespace	2024-11-25 21:24:35 +01:00
Markus Hauschild	8927eab887	gitea: bump to version 1.22.4	2024-11-25 21:19:25 +01:00
Markus Hauschild	21a0f13094	kea: fix HA by using pri/sec in LB mode	2024-11-25 21:18:47 +01:00
Markus Hauschild	da13a7a3d2	authentik: bump to version 2024.10.4	2024-11-22 17:09:31 +01:00
Markus Hauschild	f4642e7a03	netbox: bump to version 4.1.7	2024-11-22 17:09:06 +01:00
Markus Hauschild	e45e331b03	don't destroy containers before starting the service	2024-11-20 18:17:47 +01:00
Markus Hauschild	92000b5fbe	common: minor updates	2024-11-20 18:16:06 +01:00
Markus Hauschild	3fa13d41c2	common: integrate unattended upgrades	2024-11-20 18:15:36 +01:00