decommission host indium.binary-kitchen.net

netbox: bump to version 4.1.8
gitea: bump to version 1.22.6
2024-12-26 21:35:45 +01:00 · 2024-12-18 11:41:00 +01:00 · 2024-12-18 11:35:11 +01:00 · 2024-12-18 11:33:18 +01:00 · 2024-12-12 21:58:31 +01:00 · 2024-12-11 15:04:49 +01:00
82 changed files with 779 additions and 642 deletions
--- a/README.md
+++ b/README.md
@ -15,25 +15,26 @@ Currently the following hosts are installed:
 ### Internal Servers
-| Hostname                  | OS        | Purpose                 |
+| Hostname                    | OS        | Purpose                 |
-| ------------------------- | --------- | ----------------------- |
+| --------------------------- | --------- | ----------------------- |
-| wurst.binary.kitchen      | Proxmox 8 | VM Host                 |
+| wurst.binary.kitchen        | Proxmox 8 | VM Host                 |
-| salat.binary.kitchen      | Proxmox 8 | VM Host                 |
+| salat.binary.kitchen        | Proxmox 8 | VM Host                 |
-| weizen.binary.kitchen     | Proxmox 8 | VM Host                 |
+| weizen.binary.kitchen       | Proxmox 8 | VM Host                 |
-| bacon.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| bacon.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| aveta.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| aveta.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| aeron.binary.kitchen      | Debian 12 | DNS, DHCP, LDAP, RADIUS |
+| aeron.binary.kitchen        | Debian 12 | DNS, DHCP, LDAP, RADIUS |
-| sulis.binary.kitchen      | Debian 12 | Shell                   |
+| sulis.binary.kitchen        | Debian 12 | Shell                   |
-| nabia.binary.kitchen      | Debian 12 | Monitoring              |
+| nabia.binary.kitchen        | Debian 12 | Monitoring              |
-| epona.binary.kitchen      | Debian 12 | NetBox                  |
+| epona.binary.kitchen        | Debian 12 | NetBox                  |
-| pizza.binary.kitchen      | Debian 11 | OpenHAB *               |
+| pizza.binary.kitchen        | Debian 11 | OpenHAB *               |
-| pancake.binary.kitchen    | Debian 12 | XRDP                    |
+| pancake.binary.kitchen      | Debian 12 | XRDP                    |
-| knoedel.binary.kitchen    | Debian 12 | SIP-DECT OMM            |
+| knoedel.binary.kitchen      | Debian 12 | SIP-DECT OMM            |
-| bob.binary.kitchen        | Debian 12 | Gitea Actions           |
+| schweinshaxn.binary.kitchen | Debian 12 | FreePBX                 |
-| lasagne.binary.kitchen    | Debian 12 | Home Assistant *        |
+| bob.binary.kitchen          | Debian 12 | Gitea Actions           |
-| tschunk.binary.kitchen    | Debian 12 | Strichliste             |
+| lasagne.binary.kitchen      | Debian 12 | Home Assistant *        |
-| bowle.binary.kitchen      | Debian 12 | Files                   |
+| tschunk.binary.kitchen      | Debian 12 | Strichliste             |
-| lock-auweg.binary.kitchen | Debian 12 | Doorlock                |
+| bowle.binary.kitchen        | Debian 12 | Files                   |
 | lock-auweg.binary.kitchen   | Debian 12 | Doorlock                |
 \*: The main application is not managed by ansible but manually installed
@ -52,7 +53,7 @@ Currently the following hosts are installed:
 | neon.binary-kitchen.net       | Debian 12 | Auth. DNS               |
 | sodium.binary-kitchen.net     | Debian 12 | Mattrix                 |
 | magnesium.binary-kitchen.net  | Debian 12 | TURN                    |
-| aluminium.binary-kitchen.net  | Debian 12 | Zammad                  |
+| aluminium.binary-kitchen.net  | Debian 12 | Web (div. via Docker)   |
 | krypton.binary-kitchen.net    | Debian 12 | PartDB *                |
 | yttrium.binary-kitchen.net    | Debian 12 | Hintervvoidler *        |
 | zirconium.binary-kitchen.net  | Debian 12 | Jitsi                   |
@ -62,7 +63,6 @@ Currently the following hosts are installed:
 | rhodium.binary-kitchen.net    | Debian 12 | Event pretix            |
 | palladium.binary-kitchen.net  | Debian 12 | Event pretalx           |
 | argentum.binary-kitchen.net   | Debian 12 | Event Web *             |
-| cadmium.binary-kitchen.neti   | Debian 12 | Event NetBox *          |
+| cadmium.binary-kitchen.net    | Debian 12 | Event NetBox *          |
 | barium.binary-kitchen.net     | Debian 12 | Workadventure           |
 \*: The main application is not managed by ansible but manually installed
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -105,6 +105,8 @@ mail_aliases:
 - "root@binary-kitchen.de	moepman@binary-kitchen.de,kishi@binary-kitchen.de"
 - "seife@binary-kitchen.de	anke@binary-kitchen.de"
 - "siebdruck@binary-kitchen.de	anke@binary-kitchen.de"
 - "therapy-jetzt@binary-kitchen.de	darthrain@binary-kitchen.de"
 - "toepferwerkstatt@binary-kitchen.de	anke@binary-kitchen.de,meet_judith@binary-kitchen.de"
 - "vorstand@binary-kitchen.de	anke@binary-kitchen.de,christoph@schindlbeck.eu,ralf@binary-kitchen.de,zaesa@binary-kitchen.de"
 - "voucher1@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher2@binary-kitchen.de	exxess@binary-kitchen.de"
@ -118,6 +120,9 @@ mail_aliases:
 - "voucher10@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher11@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher12@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher13@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher14@binary-kitchen.de	exxess@binary-kitchen.de"
 - "voucher15@binary-kitchen.de	exxess@binary-kitchen.de"
 - "workshops@binary-kitchen.de	timo.schindler@binary-kitchen.de,venti@binary-kitchen.de"
 - "tickets@eh21.easterhegg.eu	orga@eh21.easterhegg.eu"
 - "hackzuck@eh21.easterhegg.eu	kekskruemml@binary-kitchen.de"
@ -142,12 +147,6 @@ nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"
 omm_domain: omm.binary.kitchen
 pretalx_domain: fahrplan.eh21.easterhegg.eu
 pretalx_dbname: pretalx
 pretalx_dbuser: pretalx
 pretalx_dbpass: "{{ vault_pretalx_dbpass }}"
 pretalx_mail: pretalx@binary-kitchen.de
 pretix_domain: pretix.events.binary-kitchen.de
 pretix_domainx: tickets.eh21.easterhegg.eu
 pretix_dbname: pretix
@ -183,13 +182,12 @@ strichliste_dbname: strichliste
 strichliste_dbuser: strichliste
 strichliste_dbpass: "{{ vault_strichliste_dbpass }}"
 therapy_domain: therapy.jetzt
 therapy_secret: "{{ vault_therapy_secret }}"
 vaultwarden_domain: vault.binary-kitchen.de
 vaultwarden_dbname: vaultwarden
 vaultwarden_dbuser: vaultwarden
 vaultwarden_dbpass: "{{ vault_vaultwarden_dbpass }}"
 vaultwarden_token: "{{ vault_vaultwarden_token }}"
 vaultwarden_yubico_secret: "{{ vault_vaultwarden_yubico_secret }}"
 workadventure_domain: wa.binary-kitchen.de
 zammad_domain: requests.binary-kitchen.de
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,109 +1,109 @@
 $ANSIBLE_VAULT;1.1;AES256
-63626562396631623335303064393137396262393239366236373634323333343264343335306330
+38306162656631353365313637393663316134623036643364383033613731356230663464376264
-3861326430303265376564306139323064356339653039330a613335323233356361303066663139
+3335653933643733613462636638396664363762636561300a376538626636303765613633646633
-34386465306537666464643736656230356632633239363865386166373834653030363736613834
+63333534656163663834303039646639646530333532313732643261356262323764616463393832
-6339303364363166620a626134303835346130386238653232316663346633313631653164336336
+3137306637306565610a653637626438353766323031336665326231626538323637313763373934
-34653639363635663537356639646333616438336438333463656537326134343531393435663266
+30303332656263623938666235643866343363363139653861343533313431396235333539333432
-64366333346130653730613865346134356161373237343539373965623036656231653939303365
+65613236386434333635636431356236643335316362636530303834353235646337643639333538
-62326638666431333265343639326461313433656639393839396366633431616435393263336231
+31643330393433323739343762323937643064313661643265376330633264316137373363303935
-66303634656536636165636462396637656331666336623734333139316533636664306262326566
+66346134643432666463383333653735626437666137386135353532393638363834346164643335
-36616366663933613561336164386463393635636264613737316464666535366361613065363362
+38393232623130346363636335313866623239373366613864356561636661343537383364373164
-30316566323663623133346130393032646237353934363531326530396263363130326638393032
+66643232393262393536623130653332323663363263323036663662316163326466306334363363
-30633832663134613964323733623230363831636664373661633966366264373766326161623862
+66306365366566326239346537656562363762373165613063376139383363313038373235303062
-39396331313231633237313735636261653531313961616230626565623633636638643936326237
+65326531653635333034653439613563313539633834393562343164613661386532306665663433
-62333066366439643163336233353361343662326237376332396461393663623761613962333237
+32663432656664333063376263346439316265646435623533623337333162656138636139303931
-65633039363636323235356632326563376163386161373362383466346339356463636437646262
+31333561623838393239313761383665663733366461623830343165336538393362353132306335
-38313164393036393661336633373265303536316165623330643236313936666139376237366164
+37396565616435343732626331373735313165333061346435646664376339636438373764643731
-31373364663136356139356433386132343630396531373961616131343333663463616262373439
+66356464316336383834646333656164363535373065643665393435393266363432346239663161
-34393161323334333732383866653463656265393761346533663530613530313062626330356535
+36393336346433326130303264626234613135626538313938663039386133336233373262363566
-65393037636665303564316536376531386561366466643961666439326462353864643635353934
+33386163393936663165643530663865663436663066333231316334306435623966666636633638
-66616432303966643731386133613430313737356539386331623832656132663461393538363962
+38616338316137393831303436653562386265373064373163306133346434616238393966623330
-64313935613063373832343862373734316634663333313835323836386466336663643661656436
+39396237326461643865336364343263343230626362646162623136353235366431626362313030
-61353663646165623165663035383461376331373439666433386433376234613163396234373632
+64633137306231346561353630636533353239373562396665376139303936323836633764616434
-61646230363163366338653332373834386534333436373737383463363335356436313463626333
+35376135656338616139376261366637343433333063343864343362613135343364623265313861
-63393166316663323066323863373830393937353864376366313535663565613031643932383364
+36303565333830323933333864613534626466373033666235626365346531323631386365323835
-62623633353662323965393563363261623564396632643662663032613032666162616132336130
+61613564386466333933613162326431613963333864393362376163313161643165356134343438
-39376430663833303264306135643832383231623336613734373964653736376235653334333639
+38396533363565343233643863343432313165386465303336626337333331646664626262643333
-63376661636561383236633365303031326630356661633062663564396133313633323738333539
+64343438653335663234653466663239616633653162383630666639613738323734646431623264
-66303235613562313636343766356263383132643962393232396263393665666334633438383632
+65343535336637323063366536663433366363626632383536653765373830666235326530636362
-38646635643030303464396634356161333836376364333361356461346664303563346463333838
+35303432333832353366363731643863366134626139623435613336626238303837316433623238
-34356139373233313631653533356633643730663438646630373331313065363136663938306439
+32313930396432333836346364346436613934316136646533633339323736366135316631363132
-38336563363966653632613436356530316234326365666438326635313537343665663233363731
+36623931313137333932313731343936313966653163666261623937363335613035333335356533
-36646565393937326336626333383863656565323832303937323536346366303839633236663566
+34633838333635323464633763383765653266663233643836383135336434376364396164333233
-32373632646463363634363031626635383233656361336532636366653434623562623937656137
+37616438643234336337313965663034646166373436373530386463663961313362326362353437
-66303663316165633932643365623732323430376334303036303961396264303664616433356361
+31313837643535313039653531323765366339373130636565333939643564643533343534376638
-64366135376232313265376563633163373933343066653939313433366539396163656163346663
+63616431643531663765366239326135343531333037366264353961346162633633353237613430
-30626331333034316131343361636364653936373235623562336366336237353966613536316637
+66666433356530633835666139653932383362376334383762373530666630393764643632363331
-61343530326139636365613434386263383430626663333932386431313164346532666562346537
+35316134623064626439633236343938346134383938333832336533373838633466613364653563
-32623538353365383030396332386133343464643732653038623337353135663964643566396439
+64626631303435653339356631323137336538633233393962306531626266353766386162363031
-64633435623763666461356331306539373638383034343735373765373333656562326338613763
+39363961623033323661643136326435643466303332646234396339653833653937666532336138
-63633732373765316238633539316665623431616333363364316531306630343735393335616630
+37646336383963616630333566633537303736656666663635316631383537303035323131393862
-36613362336566393866623566666430336639376662633233656130653837313161653462346335
+33343335386235333632656436356465646235313638313634353631393365366166383133636665
-63396532663633393363626136373161303235613761373235633831393736343630353031613364
+66363463363339646133353831666631366439646364393239346166343062663866373938396637
-32353463383934313961313638613533623638383062343936616336646431383935393938623138
+31386237393065306134653636313933653062353636323963323437663163346366363263313665
-31383032326365333136666165633832333836346231636332353830336264636235383162356630
+32306331623637396664636165663434653630636130306133343736313262303635353661373533
-38316137623935633863363162376239623932373233663663323830363162313665613830623763
+61313466376365303031376336316431636365633736616535623934653562336636363866356266
-63656237343662616130326339386231376564613164666163393232653762613932343561343031
+36336266663562623961396164316266373633383431613564646232643766663733353338623936
-66386431343139373734626430656139353635636233336236653438353066393732663637323435
+38663731363262646334653761666562646433353230613838353233373662313938303533303864
-63303434376634366262646662616162343664666365373934346530343239653330356234373065
+39316630636637343163643637356634383862363330353233653361646261623038303962613561
-31373934363731373136346665623334306631626134613334633135666461636462303164653662
+63373832366661373036383036623563366364636530613063366364323635323937376165376236
-36323132376532613431653063643965636233373165333639323966663333633563303438396466
+39663962643939386561623430623031366632646235366463656533643233613138363461656637
-64633761376164383835613038633630623439643364323232633437386334346138343361306638
+63323236356438303732653834626138623838323764633639373436666635363834303835366466
-38626632326137303839306531633536643161656231636662383461373964646333303936343733
+61306430303831303934316436373136353637373535373664666265313034646630666237636231
-36333863316162393134646563316235663164613062303734346662386466656461346364356564
+39376161653134356365363666633634313065323331633261623961633763313734313735633966
-35326234336439623961383938316136633037343863363933616663366536613866666165376664
+62643031376566343832343638613939333132353466613163386537386239363337323463396135
-30306438666365333333636632643832303463356533343033623938653365663732336164303033
+61393930633138333739626233663432643837643563656662646631306566663437346362613939
-65653936363839323239306463366533653439663437343536393564336163313962313935636534
+31363639323335623038356566323836653865653136383161666461656436313933333032336639
-34346330393637343834323931353762613839366166353139303535376230356466646261363464
+32333166663935656663643461303466343835303732616263626462316133306239383264353263
-33386337616230623537376665663835373766316332363433313234326461313935636666363261
+61313231386262376234316335383334336663326331643733643432366636326561353730623730
-30653433333436306564653461303165656163363331643536323535623062396561643662323334
+37313431623561353266303134313064376236626462316339656339353131363765303734356464
-35626565616538396566363433363732656538313531636632643163633637303339656431346466
+32336435363932353666336132363333303336323135363535666436646233366335376333383531
-61353030666638393361613833353532656130643866636135643434366562386363656434323366
+65363832333534623931326438616237356235626666333934373638373665613738636466383735
-36343764316136316630353338363735646533346362386266643136626366356331656363393133
+30333137303630366661343833663437343664303961313831336461393064643331386336663739
-35636633353662393435346365663432656166646136346331363563363539326162633166393164
+62623838633936323834653965326161343161356334333030616137343637353138353731363762
-34303164353632373437613564336266373934396236383962376530613631633932626431333864
+64623065636336643634333937323636356131373939623130306330313937656566363832663663
-64623439336638613337383763353531376133343436346330373362313034616166616537636366
+66313036393135306437353061303438303761303563633566656131653433663030396235323435
-30306132613333633261326630323038323431643163373365376662623339396136313531366332
+32346663316636373431663530393435313931663535396564363466353431343633613634383332
-66663037643036303836376632646132383563316262393438636432666661333836376663666130
+31326665303563316664356564356535646665653737613038636236323562616231613233633039
-31316135366562633134306633333834636132623739373131626161633636313737646334376434
+37643530653639313466313838343630656363653833613161656466376631653266613439626331
-33376337393630663338643366316465353266346365333830613533393139333235366237323339
+35363930626534346164353033323039636365363234303435636535623265393635313436666234
-66346465313462373334316535383633343165373733313230373461366336353664306537306538
+66623264306430306662303866303735316137383830646136666662346265613662333765656266
-32653538366565663764353031303763613835366461666163336665656436333563613835653438
+64613161316162616133316165623863353431376633366262386239346335306634346333316566
-65376265303131376239616536353933346633393438643466343439643039313236373033323034
+34396265376130306361343862383631653561616333643665353938666565306335653665373736
-64316364663139353664653564393262323565646235356431326331343433373639316234363938
+63626630383232363961393435646334396366663532303132666235646464393662376331333361
-65633034666532306137353431613732663166323936356433323733376261386161383265663264
+34663138336365633131633365336664393633376333316161336138393539333564396539343332
-35643038663565646135343233623530396165336263303931653037393934343833623337343834
+36626664616263353931616362633638323038356230613937386339653633626465326538383265
-31343631343563626561393763356463393930616338623861363835343635376238653337653133
+31646236323435323861666233656437343732343066306562363462363664386234333061396263
-31393834343536396536363533363739306639646333313836393331306566393534383265613234
+61316636323234633631306434363665393938323631363563346166333139633436623230353436
-31623238306531383936343836336466343336396530633033323063346261366633343936316637
+31303831636638666630376231303130343363393339666230363162383266616135336333386334
-30343165333861346635623934363537383531323637313461663964353338653639366562306236
+64313838356466306361383464623037663931353664323336666532316536316362663639353238
-30363265393038633564626463393166333665396538663639346665353736336134643862663630
+34616536613730343834633935646330306564643036306330626636653365653361396461316637
-62393037363963613263313939613865393066323830656362656464643730636535623639636131
+62636264343737333539646332316562316136343734393063313439663939663935313930333061
-63343263333134336364323236656639613635323165383164636465353438653134646334643962
+30343263626638353331336666373964343338343434633639326338633966396131623933346236
-35306463626336626664383638323865633631346437613139623239663538666363313237323663
+37373564623238363935313736313165303862356530613164653562653530316630306365646165
-39323734353363643334343538303635366637373530383832393861346164666666306631643563
+31326630303038396666343065356261616133373832383661393666383664323161633337376665
-63306565306337383539636330623933666266353635396238656435373563383830666636616335
+63393938373830343761326562303730303237393661383561386633383561386437373061396462
-39386134383938626439366437383138303062333236306436336163393832613532303332303833
+65376230643131353462613436316561646562356666376462386136336630636165333236636630
-39323539396235383765613234303765303136653064336361333035643365386232613766356362
+35653164333437383565396637343762646665333734303764623638323532363164653139333937
-30656437376537623165626530623365393463626337383139663734396331396363396162383330
+39313834303531636434366663386435396266663930623733366261656634666531626234386239
-31663636383037613563346330323063393637616334356439666263623662383666376265313732
+62613466313636326238303164666332633632333364636331396264396164646639653761373863
-63343837306336313264313934653836363665616264396662633761363237366437653962626664
+66653761393734643362306538356263353265616330393635343737363666623962346261366134
-38383462313435383133613465656435363563373765313361623565636564616236313666633264
+30393937376265626163376565343364323366383330613832366434313034316164636331653063
-37393165386163393666376636343963333932346463303661373339303765303938636135323363
+65356630663634616465363231666163376437353038303934356561666363333663333239313031
-35663731656431656330336366383330616163353934333564356633613165396463393066396533
+34356463613963633331646364336431333630633737623766623361336432646339373364303661
-32396264653265333865643365346233633863333335383735396134663062343166656233613931
+37656630376137613232306163656430323236306632353837363536376161656365366531313363
-35633133336337343531313266323663363830353236323035313031646434303761343737633139
+32623537303439343438656461363233353931356566323963363662303838666465363464353833
-30343439323330353531633337353365363031666635653364326235316435383835663139376136
+39386230653962373333643135353533323737343265343334316234613736616639613435616165
-39343361636662346166363432366162666631366431623563363936336164323836376232326162
+61373431353463643936613631393461393637356264366665383538653336353535613330376465
-39316337343436386363643064653337613131346266353636333664373262326563386264303831
+65616261666463623236313437656232306164643538653562376539613736303761636531613862
-65343534616464633232373532313865363732663235376534396436333531633261393066313263
+30323532343339343135356431303866333537346233336266363630346562646237646563313331
-38316437643232336234343663666536353134626139623138636234396661613261326437303065
+35393039383436633230653030623637663030393539363163393930616330373166313161346336
-36383331323061643632323339383530626430343132613039393434333939383065623464646362
+38373963393834396133363966636638336161666234346564623761303262366336363061343866
-65303135313962613564666261356533313961323464623535393631613337663366626136343364
+38356238323366613066323264366337393232343331636532666462613263626332376561616334
-61363035333636366439313961326462633463616237343133356437303234323363306337343237
+63373433663562353466353062643965623635643464393238363965636532643439383764626566
-61376138323336663839623539633866313133346338313165623039336335663666313532636261
+33646437333365653563393337343537316437323038313339316135303564376161323863303665
-36383332346636373936366632393364323331303866623533643062666361613133383262383538
+62373564343036333564646565393738306231646537393636356234613639663466636335393031
-64343665333761326134303566656638633362643031306535333661623437636139353565623435
+35623562343566386261376163303939653861623364373433383363316134303236663361613062
-39323631393132336636653731636264356637373031633037653466383163663865626339323731
+37346664386162333130323134616264373237393639376533383036323131633963363665633531
-34623137386338343038373464613832363761643362623434373136376638663537623762646266
+62663533383666613464386638383965346331643837356331326661303034376163373362386134
-63306439363039303461
+38353461343233626365
--- a/host_vars/aeron.binary.kitchen
+++ b/host_vars/aeron.binary.kitchen
@ -5,3 +5,5 @@ radius_hostname: radius3.binary.kitchen
 slapd_hostname: ldap3.binary.kitchen
 slapd_replica_id: 3
 slapd_role: slave
 unattended_reboot: "false"
--- a/host_vars/bacon.binary.kitchen
+++ b/host_vars/bacon.binary.kitchen
@ -15,3 +15,5 @@ radius_hostname: radius1.binary.kitchen
 slapd_hostname: ldap1.binary.kitchen
 slapd_replica_id: 1
 slapd_role: slave
 unattended_reboot: "false"
--- a/host_vars/bowle.binary.kitchen
+++ b/host_vars/bowle.binary.kitchen
@ -5,4 +5,4 @@ nfs_exports:
 - /exports/backup/rz 172.23.9.61(rw,sync,no_subtree_check)
 - /exports/tank 172.23.0.0/22(rw,sync,no_subtree_check)
-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/indium.binary-kitchen.net
+++ b/host_vars/indium.binary-kitchen.net
@ -0,0 +1,5 @@
 ---
 root_keys_host:
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCNBY95YcFFBeiHM3IDzqKT/X/U09bpAWXwkCWIg6KlZumZg891apx6a0HLDannoBt7YCyYFgl3c1eJ36D08tRcy5c5k/+8Xhq0hq/HWo3EV5sd6Y+8xeTRST6Um8nyxHoSI7xw79yRoteOUDIzPnmDtbLQ2z3vWkA/H1EZQ4IjeQgFhl9vl4EyuAJ47Cdlv1D870BDspgAEoxSbipQEEnPsIctdyySp1R/sNC5tuP6qaoQ6nIDFdgv5rcY8SmgJQ2otlGex18RSBObBjdfyepV71mluqfs6HtVsM9zDvRUwY/FX4wmVc4QPdPLh/2kzEZi0YzefB10tpsuvhaOFI8JqXBDuSFZh3xCzRmKRlmqn50jrvGkYGUWg/GNYNF2rLCltCzg3BJHGaFh9sOtjaKLW+hTJwDtz4LIqNZb6w/2586hzjGCrrZgN24eLEcdp7iTPnkCul+kgOZaa62ytdKjza6/tgKCeUaEwmJTBuKMp/hor/LdLeibYgTtqUoFB7j1Ti2ey7oHly1oiSaKcR/hChgx0sniltRmzJI7KLuUiF+xkpv5Kf4rGl7UjvVxyf3glNh5DL87CfeWkGF3dgsjJdfYIHVJz/Bf6x0aB2TyybF8Exm0R05dhMT6ahZqMqa5d/aUZN+S3MaXw2amHWbMe8VcFpu/AztqrQM8sM+Mw== sprinterfreak"
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
--- a/host_vars/lasagne.binary.kitchen
+++ b/host_vars/lasagne.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/pizza.binary.kitchen
+++ b/host_vars/pizza.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/ruthenium.binary-kitchen.net
+++ b/host_vars/ruthenium.binary-kitchen.net
@ -4,4 +4,4 @@ root_keys_host:
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6uNwYKF3rqleM/HP95M+rsm+gwKY8epdtW2OutneY9 ralf@pluto"
-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/schweinshaxn.binary.kitchen
+++ b/host_vars/schweinshaxn.binary.kitchen
@ -0,0 +1,4 @@
 ---
 root_keys_host:
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
--- a/host_vars/tschunk.binary.kitchen
+++ b/host_vars/tschunk.binary.kitchen
@ -4,4 +4,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
-uau_reboot: "true"
+unattended_reboot: "true"
--- a/4
+++ b/4
@ -8,6 +8,7 @@ epona.binary.kitchen ansible_host=172.23.2.7
 pizza.binary.kitchen ansible_host=172.23.2.33
 pancake.binary.kitchen ansible_host=172.23.2.34
 knoedel.binary.kitchen ansible_host=172.23.2.35
 schweinshaxn.binary.kitchen ansible_host=172.23.2.36
 bob.binary.kitchen ansible_host=172.23.2.37
 lasagne.binary.kitchen ansible_host=172.23.2.38
 tschunk.binary.kitchen ansible_host=172.23.2.39
@ -34,10 +35,7 @@ krypton.binary-kitchen.net
 yttrium.binary-kitchen.net
 zirconium.binary-kitchen.net
 molybdenum.binary-kitchen.net
 technetium.binary-kitchen.net
 ruthenium.binary-kitchen.net
 rhodium.binary-kitchen.net
 palladium.binary-kitchen.net
 argentum.binary-kitchen.net
 cadmium.binary-kitchen.net
 barium.binary-kitchen.net
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -1,3 +1,3 @@
 ---
-authentik_version: 2024.8.3
+authentik_version: 2024.10.5
--- a/roles/authentik/handlers/main.yml
+++ b/roles/authentik/handlers/main.yml
@ -6,6 +6,9 @@
 - name: Restart authentik
  service: name=authentik state=restarted
 - name: Restart authentik-reload
  service: name=authentik-reload state=restarted
 - name: Restart nginx
  service: name=nginx state=restarted
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@ -42,9 +42,21 @@
  - Reload systemd
  - Restart authentik
 - name: Systemd unit for authentik-reload
  template: src=authentik-reload.{{ item }}.j2 dest=/etc/systemd/system/authentik-reload.{{ item }}
  with_items:
  - "service"
  - "timer"
  notify:
  - Reload systemd
  - Restart authentik-reload
 - name: Start the authentik service
  service: name=authentik state=started enabled=yes
 - name: Enable auto update timer
  service: name=authentik-reload.timer state=started enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
--- a/roles/authentik/templates/authentik-reload.service.j2
+++ b/roles/authentik/templates/authentik-reload.service.j2
@ -0,0 +1,7 @@
 [Unit]
 Description=Refresh authentik images
 [Service]
 Type=oneshot
 ExecStart=/bin/systemctl reload-or-restart authentik.service
--- a/roles/authentik/templates/authentik-reload.timer.j2
+++ b/roles/authentik/templates/authentik-reload.timer.j2
@ -0,0 +1,10 @@
 [Unit]
 Description=Refresh authentik images
 Requires=authentik.service
 After=authentik.service
 [Timer]
 OnCalendar=*:0/15
 [Install]
 WantedBy=timers.target
--- a/roles/authentik/templates/authentik.service.j2
+++ b/roles/authentik/templates/authentik.service.j2
@ -15,8 +15,8 @@ TimeoutStartSec=1200
 WorkingDirectory=/opt/authentik
-# Make sure no old containers are running
+# Update images
-ExecStartPre=/usr/bin/docker-compose down -v
+ExecStartPre=-/usr/bin/docker-compose pull --quiet
 # Compose up
 ExecStart=/usr/bin/docker-compose up
@ -24,5 +24,9 @@ ExecStart=/usr/bin/docker-compose up
 # Compose down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose down -v
 # Refresh on reload
 ExecReload=-/usr/bin/docker-compose pull --quiet
 ExecReload=/usr/bin/docker-compose up -d
 [Install]
 WantedBy=multi-user.target
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -9,3 +9,5 @@ logrotate_excludes:
 sshd_password_authentication: "no"
 sshd_permit_root_login: "prohibit-password"
 unattended_reboot: "true"
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@ -4,6 +4,7 @@
  apt:
    name:
    - apt-transport-https
    - debian-goodies
    - dnsutils
    - fdisk
    - gnupg2
@ -15,6 +16,7 @@
    - pydf
    - rsync
    - sudo
    - unattended-upgrades
    - vim-nox
    - wget
    - zsh
@ -26,6 +28,12 @@
    - qemu-guest-agent
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
 - name: Configure unattended upgrades
  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
  with_items:
  - 02periodic
  - 50unattended-upgrades
 - name: Configure misc software
  copy: src={{ item.src }} dest={{ item.dest }}
  diff: no
--- a/roles/common/tasks/Proxmox.yml
+++ b/roles/common/tasks/Proxmox.yml
@ -9,6 +9,7 @@
    - less
    - rsync
    - vim-nox
    - wget
    - zsh
 - name: Configure misc software
--- a/roles/common/tasks/chrony.yml
+++ b/roles/common/tasks/chrony.yml
@ -6,3 +6,6 @@
 - name: Configure chrony
  template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
  notify: Restart chrony
 - name: Start chrony
  service: name=chrony state=started enabled=yes
--- a/roles/common/templates/02periodic.j2
+++ b/roles/common/templates/02periodic.j2
--- a/roles/common/templates/50unattended-upgrades.j2
+++ b/roles/common/templates/50unattended-upgrades.j2
@ -2,7 +2,7 @@
 // Unattended-Upgrade::Origins-Pattern controls which packages are
 // upgraded.
 //
-// Lines below have the format format is "keyword=value,...".  A
+// Lines below have the format "keyword=value,...".  A
 // package will be upgraded only if the values in its metadata match
 // all the supplied keywords in a line.  (In other words, omitted
 // keywords are wild cards.) The keywords originate from the Release
@ -31,6 +31,7 @@ Unattended-Upgrade::Origins-Pattern {
 //      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
        // Archive or Suite based matching:
        // Note that this will silently match a different release after
@ -65,7 +66,7 @@ Unattended-Upgrade::Package-Blacklist {
 };
 // This option allows you to control if on a unclean dpkg exit
-// unattended-upgrades will automatically run
+// unattended-upgrades will automatically run 
 //   dpkg --force-confold --configure -a
 // The default is true, to ensure updates keep getting installed
 //Unattended-Upgrade::AutoFixInterruptedDpkg "true";
@ -93,9 +94,11 @@ Unattended-Upgrade::Package-Blacklist {
 // 'mailx' must be installed. E.g. "user@example.com"
 Unattended-Upgrade::Mail "root";
-// Set this value to "true" to get emails only on errors. Default
+// Set this value to one of:
-// is to always send a mail if Unattended-Upgrade::Mail is set
+//    "always", "only-on-error" or "on-change"
-Unattended-Upgrade::MailOnlyOnError "true";
+// If this is not set, then any legacy MailOnlyOnError (boolean) value
 // is used to chose between "only-on-error" and "on-change"
 Unattended-Upgrade::MailReport "only-on-error";
 // Remove unused automatically installed kernel-related packages
 // (kernel images, kernel headers and kernel version locked tools).
@ -110,7 +113,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true";
 // Automatically reboot *WITHOUT CONFIRMATION* if
 //  the file /var/run/reboot-required is found after the upgrade
-Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
+Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}";
 // Automatically reboot even if there are users currently logged in
 // when Unattended-Upgrade::Automatic-Reboot is set to true
@ -145,3 +148,18 @@ Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
 // Print debugging information both in unattended-upgrades and
 // in unattended-upgrade-shutdown
 // Unattended-Upgrade::Debug "false";
 // Allow package downgrade if Pin-Priority exceeds 1000
 // Unattended-Upgrade::Allow-downgrade "false";
 // When APT fails to mark a package to be upgraded or installed try adjusting
 // candidates of related packages to help APT's resolver in finding a solution
 // where the package can be upgraded or installed.
 // This is a workaround until APT's resolver is fixed to always find a
 // solution if it exists. (See Debian bug #711128.)
 // The fallback is enabled by default, except on Debian's sid release because
 // uninstallable packages are frequent there.
 // Disabling the fallback speeds up unattended-upgrades when there are
 // uninstallable packages at the expense of rarely keeping back packages which
 // could be upgraded or installed.
 // Unattended-Upgrade::Allow-APT-Mark-Fallback "true";
--- a/roles/common/templates/sshd_config.j2
+++ b/roles/common/templates/sshd_config.j2
@ -1,9 +1,8 @@
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
@ -69,7 +68,7 @@ PasswordAuthentication {{ sshd_password_authentication }}
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
-ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
 # Kerberos options
 #KerberosAuthentication no
@ -85,13 +84,13 @@ ChallengeResponseAuthentication no
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
+# be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
+# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
+# the setting of "PermitRootLogin prohibit-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
+# and KbdInteractiveAuthentication to 'no'.
 UsePAM yes
 #AllowAgentForwarding yes
@ -109,7 +108,7 @@ PrintMotd no
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS no
-#PidFile /var/run/sshd.pid
+#PidFile /run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
--- a/roles/dns_intern/templates/bind/binary.kitchen.zone.j2
+++ b/roles/dns_intern/templates/bind/binary.kitchen.zone.j2
@ -1,19 +1,19 @@
 $ORIGIN binary.kitchen		; base for unqualified names
 $TTL 1h				; default time-to-live
@				IN	SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
-					2024100600; serial
+					2024111500; serial
 					1d; refresh
 					2h; retry
 					4w; expire
 					1h; minimum time-to-live
 				)
-				IN	NS	ns1.binary.kitchen.
+@				IN	NS	ns1.binary.kitchen.
-				IN	NS	ns2.binary.kitchen.
+@				IN	NS	ns2.binary.kitchen.
 ; Subdomains
 users				IN	NS	ns1.binary.kitchen.
 users				IN	NS	ns2.binary.kitchen.
 ; External
-				IN	A	213.166.246.4
+@				IN	A	213.166.246.4
 www				IN	A	213.166.246.4
 ; Aliases
 3dprinter			IN	A	172.23.3.251
--- a/roles/dns_intern/templates/dnsdist.conf.j2
+++ b/roles/dns_intern/templates/dnsdist.conf.j2
@ -9,17 +9,27 @@ newServer({address='127.0.0.1:5300', pool='authdns'})
 newServer({address='127.0.0.1:5353', pool='resolve'})
 {% if dns_secondary is defined %}
-- allow AXFR/IXFR only from slaves
+-- allow AXFR/IXFR only from secondary
 addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))
 {% endif %}
-- allow NOTIFY only from master
+-- allow NOTIFY only from primary
 addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))
 -- use auth servers for own zones
 addAction('binary.kitchen', PoolAction('authdns'))
 addAction('23.172.in-addr.arpa', PoolAction('authdns'))
 -- function to set RA flag
 function setRA(dq)
  dq.dh:setRA(true)
  return DNSResponseAction.None
 end
 -- set RA flag for queries to own zones
 addResponseAction('binary.kitchen', LuaResponseAction(setRA))
 addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))
 -- use resolver for anything else
 addAction(AllRule(), PoolAction('resolve'))
--- a/roles/freepbx/defaults/main.yml
+++ b/roles/freepbx/defaults/main.yml
@ -0,0 +1,12 @@
 ---
 deploy_key_file: /root/.ssh/id_git_deploy_rsa
 asterisk_user: asterisk
 asterisk_group: asterisk
 repo_provisioning: gogs@git.binary-kitchen.de:noby/voip-yealink-provisioning.git
 repo_utilities: gogs@git.binary-kitchen.de:noby/voip-yealink-xml-browser.git
 path_yealink_provisioning: /tftpboot/yealink
 path_yealink_utilities: /opt/yealink_utilities
--- a/roles/freepbx/handlers/main.yml
+++ b/roles/freepbx/handlers/main.yml
@ -0,0 +1,10 @@
 ---
 - name: Reload systemd
  ansible.builtin.systemd:
    daemon_reload: true
 - name: Restart yealink-utilities
  ansible.builtin.service:
    name: yealink-utilities
    state: restarted
--- a/roles/freepbx/meta/main.yml
+++ b/roles/freepbx/meta/main.yml
@ -0,0 +1,8 @@
 ---
 galaxy_info:
  author: Thomas Basler
  description: Install FreePBX extensions
  license: None
  platforms:
    - name: Debian
  min_ansible_version: "2.4"
--- a/roles/freepbx/tasks/main.yml
+++ b/roles/freepbx/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: Generate an OpenSSH keypair for gitea deploy usage
  community.crypto.openssh_keypair:
    path: "{{ deploy_key_file }}"
 - name: Wait for confirmation
  ansible.builtin.pause:
    prompt: Please confirm that you've distributed the public key to all repositories! Press return to continue. Press Ctrl+c and then "a" to abort
 - name: Install required packages
  ansible.builtin.apt:
    name:
      - php-ldap
 - name: Include provisioning tasks
  ansible.builtin.include_tasks: yealink_provisioning.yml
 - name: Include XML-Utilities tasks
  ansible.builtin.include_tasks: yealink_utilities.yml
--- a/roles/freepbx/tasks/yealink_provisioning.yml
+++ b/roles/freepbx/tasks/yealink_provisioning.yml
@ -0,0 +1,9 @@
 ---
 - name: Clone Yealink Provisioning data
  ansible.builtin.git: # noqa: latest
    repo: "{{ repo_provisioning }}"
    dest: "{{ path_yealink_provisioning }}"
    force: true
    accept_hostkey: true
    key_file: "{{ deploy_key_file }}"
--- a/roles/freepbx/tasks/yealink_utilities.yml
+++ b/roles/freepbx/tasks/yealink_utilities.yml
@ -0,0 +1,53 @@
 ---
 - name: Install dependencies
  ansible.builtin.package:
    name: "python3-venv"
    state: present
 - name: Check if .gitignore contains "{{ path_yealink_utilities }}"
  ansible.builtin.command: grep "directory = {{ path_yealink_utilities }}" /root/.gitconfig
  register: gitignore_check
  ignore_errors: true
 - name: "Patch /root/.gitconfig"
  ansible.builtin.command: |-
    git config --global --add safe.directory {{ path_yealink_utilities }}
  when: gitignore_check.rc != 0
 - name: Clone Yealink Utilities
  ansible.builtin.git: # noqa: latest
    repo: "{{ repo_utilities }}"
    dest: "{{ path_yealink_utilities }}"
    force: true
    accept_hostkey: true
    key_file: "{{ deploy_key_file }}"
 - name: Ensure directory permissions
  ansible.builtin.file:
    path: "{{ path_yealink_utilities }}"
    state: directory
    recurse: true
    owner: "{{ asterisk_user }}"
    group: "{{ asterisk_group }}"
 - name: Install specified python requirements in indicated (virtualenv)
  ansible.builtin.pip:
    requirements: "{{ path_yealink_utilities }}/requirements.txt"
    virtualenv: "{{ path_yealink_utilities }}/.venv"
    virtualenv_command: 'python3 -m venv'
 - name: Install systemd unit
  ansible.builtin.template:
    src: yealink-utilities.service.j2
    dest: /etc/systemd/system/yealink-utilities.service
    mode: "0644"
  notify:
    - Reload systemd
    - Restart yealink-utilities
 - name: Enable yealink-utilities
  ansible.builtin.service:
    name: yealink-utilities
    state: started
    enabled: true
--- a/roles/freepbx/templates/yealink-utilities.service.j2
+++ b/roles/freepbx/templates/yealink-utilities.service.j2
@ -0,0 +1,17 @@
 [Unit]
 Description=Yealink XML-Browser
 After=syslog.target
 After=network.target
 [Service]
 RestartSec=2s
 Type=simple
 User={{ asterisk_user }}
 Group={{ asterisk_group }}
 Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ path_yealink_utilities }}/.venv/bin"
 WorkingDirectory={{ path_yealink_utilities }}
 ExecStart={{ path_yealink_utilities }}/.venv/bin/python3 {{ path_yealink_utilities }}/run.py
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -3,5 +3,5 @@
 gitea_user: gogs
 gitea_group: gogs
-gitea_version: 1.22.2
+gitea_version: 1.22.6
 gitea_url: https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
--- a/roles/hedgedoc/handlers/main.yml
+++ b/roles/hedgedoc/handlers/main.yml
@ -6,6 +6,9 @@
 - name: Restart hedgedoc
  service: name=hedgedoc state=restarted
 - name: Restart hedgedoc-reload
  service: name=hedgedoc-reload state=restarted
 - name: Restart nginx
  service: name=nginx state=restarted
--- a/roles/hedgedoc/tasks/main.yml
+++ b/roles/hedgedoc/tasks/main.yml
@ -42,9 +42,21 @@
  - Reload systemd
  - Restart hedgedoc
 - name: Systemd unit for hedgedoc-reload
  template: src=hedgedoc-reload.{{ item }}.j2 dest=/etc/systemd/system/hedgedoc-reload.{{ item }}
  with_items:
  - "service"
  - "timer"
  notify:
  - Reload systemd
  - Restart hedgedoc-reload
 - name: Start the hedgedoc service
  service: name=hedgedoc state=started enabled=yes
 - name: Enable auto update timer
  service: name=hedgedoc-reload.timer state=started enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
--- a/roles/hedgedoc/templates/docker-compose.yml.j2
+++ b/roles/hedgedoc/templates/docker-compose.yml.j2
@ -1,4 +1,5 @@
-version: "3"
+---
 version: "3.4"
 services:
  database:
    image: postgres:13-alpine
--- a/roles/hedgedoc/templates/hedgedoc-reload.service.j2
+++ b/roles/hedgedoc/templates/hedgedoc-reload.service.j2
@ -0,0 +1,7 @@
 [Unit]
 Description=Refresh hedgedoc images
 [Service]
 Type=oneshot
 ExecStart=/bin/systemctl reload-or-restart hedgedoc.service
--- a/roles/hedgedoc/templates/hedgedoc-reload.timer.j2
+++ b/roles/hedgedoc/templates/hedgedoc-reload.timer.j2
@ -0,0 +1,10 @@
 [Unit]
 Description=Refresh authentik images
 Requires=authentik.service
 After=authentik.service
 [Timer]
 OnCalendar=*:0/15
 [Install]
 WantedBy=timers.target
--- a/roles/hedgedoc/templates/hedgedoc.service.j2
+++ b/roles/hedgedoc/templates/hedgedoc.service.j2
@ -15,8 +15,8 @@ TimeoutStartSec=1200
 WorkingDirectory=/opt/hedgedoc
-# Make sure no old containers are running
+# Update images
-ExecStartPre=/usr/bin/docker-compose down -v
+ExecStartPre=-/usr/bin/docker-compose pull --quiet
 # Compose up
 ExecStart=/usr/bin/docker-compose up
@ -24,5 +24,9 @@ ExecStart=/usr/bin/docker-compose up
 # Compose down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose down -v
 # Refresh on reload
 ExecReload=-/usr/bin/docker-compose pull --quiet
 ExecReload=/usr/bin/docker-compose up -d
 [Install]
 WantedBy=multi-user.target
--- a/roles/icinga-monitor/tasks/disk.yml
+++ b/roles/icinga-monitor/tasks/disk.yml
@ -11,7 +11,7 @@
 - name: Regenerate hosts.conf
  assemble:
    src: /etc/icinga2/conf.d/hosts
-    dest: /etc/icinga2/conf.d/hosts.conf
+    dest: /etc/icinga2/zones.d/master/hosts.conf
 #   validate: /usr/sbin/icinga2 daemon -c %s --validate
  notify: Restart icinga2
  delegate_to: "{{ icinga_server }}"
--- a/roles/icinga-monitor/tasks/http.yml
+++ b/roles/icinga-monitor/tasks/http.yml
@ -11,7 +11,7 @@
 - name: Regenerate hosts.conf
  assemble:
    src: /etc/icinga2/conf.d/hosts
-    dest: /etc/icinga2/conf.d/hosts.conf
+    dest: /etc/icinga2/zones.d/master/hosts.conf
 #   validate: /usr/sbin/icinga2 daemon -c %s --validate
  notify: Restart icinga2
  delegate_to: "{{ icinga_server }}"
--- a/roles/icinga-monitor/templates/disk.j2
+++ b/roles/icinga-monitor/templates/disk.j2
@ -1,8 +1,8 @@
 {% for disk in disks %}
-  vars.disks["disk {{ disk }}"] = {
+  vars.disks[" {{ disk }}"] = {
    disk_partitions = "{{ disk }}"
    disk_wfree = "10%"
    disk_cfree = "5%"
    disk_wfree = "10%"
  }
 {% endfor %}
--- a/roles/icinga/files/icinga2/zones.d/master/services.conf
+++ b/roles/icinga/files/icinga2/zones.d/master/services.conf
@ -0,0 +1,21 @@
 apply Service "apt" {
  import "generic-service"
  check_command = "apt"
  command_endpoint = host.vars.agent_endpoint
  assign where host.vars.agent_endpoint && host.vars.os == "Linux"
 }
 apply Service "disk" for (disk => config in host.vars.disks) {
  import "generic-service"
  check_command = "disk"
  command_endpoint = host.vars.agent_endpoint
  assign where host.vars.agent_endpoint
  vars += config
 }
--- a/roles/icinga/tasks/main.yml
+++ b/roles/icinga/tasks/main.yml
@ -62,6 +62,24 @@
  changed_when: "'for these changes to take effect' in features_result.stdout"
  notify: Restart icinga2
 # TODO setup as master node
 # icinga2 node setup --master
 - name: Ensure directory for zone config exists
  file:
    path: /etc/icinga2/zones.d/master
    state: directory
    owner: "{{ icinga_user }}"
    group: "{{ icinga_group }}"
 - name: Configure services
  copy: src=icinga2/zones.d/master/services.conf dest=/etc/icinga2/zones.d/master/services.conf owner={{ icinga_user }} group={{ icinga_group }}
  notify: Restart icinga2
 - name: Configure zones
  template: src=icinga2/zones.conf.j2 dest=/etc/icinga2/zones.conf owner={{ icinga_user }} group={{ icinga_group }}
  notify: Restart icinga2
 - name: Ensure directory for host snippets exists
  file:
    path: /etc/icinga2/conf.d/hosts
--- a/roles/icinga/templates/icinga2/zones.conf.j2
+++ b/roles/icinga/templates/icinga2/zones.conf.j2
@ -0,0 +1,28 @@
 object Endpoint "{{ ansible_fqdn }}" {
 }
 object Zone "master" {
 	endpoints = [ "{{ ansible_fqdn }}" ]
 }
 {% for host in groups['all'] %}
 {% if host != ansible_fqdn %}
 object Endpoint "{{ host }}" {
 	host  = "{{ host }}"
 }
 object Zone "{{ host }}" {
 	endpoints = [ "{{ host }}" ]
 	parent = "master"
 }
 {% endif %}
 {% endfor %}
 object Zone "global-templates" {
 	global = true
 }
 object Zone "director-global" {
 	global = true
 }
--- a/roles/icinga_agent/tasks/main.yml
+++ b/roles/icinga_agent/tasks/main.yml
@ -64,7 +64,7 @@
 - name: Regenerate hosts.conf
  assemble:
    src: /etc/icinga2/conf.d/hosts
-    dest: /etc/icinga2/conf.d/hosts.conf
+    dest: /etc/icinga2/zones.d/master/hosts.conf
 #   validate: /usr/sbin/icinga2 daemon -c %s --validate
  notify: Restart icinga2
  delegate_to: "{{ icinga_server }}"
--- a/roles/kea/templates/kea/kea-dhcp4.conf.j2
+++ b/roles/kea/templates/kea/kea-dhcp4.conf.j2
@ -32,7 +32,7 @@
            "parameters": {
                "high-availability": [ {
                    "this-server-name": "{{ inventory_hostname.split('.')[0] }}",
-                    "mode": "hot-standby",
+                    "mode": "load-balancing",
                    "heartbeat-delay": 10000,
                    "max-response-delay": 60000,
                    "max-ack-delay": 5000,
@ -42,12 +42,14 @@
                        {
                            "name": "{{ lookup('dig', dhcpd_primary+'/PTR', '@'+dns_primary).split('.')[0] }}",
                            "url": "http://{{ dhcpd_primary }}:8000/",
-                            "role": "primary"
+                            "role": "primary",
                            "auto-failover": true
                        },
                        {
                            "name": "{{ lookup('dig', dhcpd_secondary+'/PTR', '@'+dns_primary).split('.')[0] }}",
                            "url": "http://{{ dhcpd_secondary }}:8000/",
-                            "role": "standby"
+                            "role": "secondary",
                            "auto-failover": true
                        }
                    ]
                } ]
@ -133,7 +135,7 @@
    "client-classes": [
        {
-            "name": "voip-phone",
+            "name": "cisco-phone",
            "option-data": [
                {
                    "name": "tftp-server-name",
@ -142,6 +144,16 @@
            ]
        },
        {
            "name": "yealink-phone",
            "option-data": [
                {
                    "name": "tftp-server-name",
                    "data": "tftp://172.23.2.36/yealink/$PN"
                }
            ]
        },
        {
            "name": "dect-rfp",
            "option-data": [
@ -325,27 +337,57 @@
                },
                {
-                    "hw-address": "00:1D:45:B6:99:2F",
+                    "hw-address": "00:15:65:94:df:39",
                    "hostname": "voip01",
-                    "client-classes": [ "voip-phone" ]
+                    "client-classes": [ "yealink-phone" ]
                },
                {
                    "hw-address": "00:15:65:94:e2:2d",
                    "hostname": "voip02",
                    "client-classes": [ "yealink-phone" ]
                },
                {
                    "hw-address": "00:15:65:94:df:3a",
                    "hostname": "voip03",
                    "client-classes": [ "yealink-phone" ]
                },
                {
                    "hw-address": "00:15:65:94:de:7f",
                    "hostname": "voip04",
                    "client-classes": [ "yealink-phone" ]
                },
                {
                    "hw-address": "00:15:65:94:e3:39",
                    "hostname": "voip04",
                    "client-classes": [ "yealink-phone" ]
                },
                {
                    "hw-address": "00:1D:45:B6:99:2F",
 //                  "hostname": "voip01",
                    "client-classes": [ "cisco-phone" ]
                },
                {
                    "hw-address": "00:1D:A2:66:B8:3E",
-                    "hostname": "voip02",
+//                  "hostname": "voip02",
-                    "client-classes": [ "voip-phone" ]
+                    "client-classes": [ "cisco-phone" ]
                },
                {
                    "hw-address": "00:1E:BE:90:FB:DB",
-                    "hostname": "voip03",
+//                  "hostname": "voip03",
-                    "client-classes": [ "voip-phone" ]
+                    "client-classes": [ "cisco-phone" ]
                },
                {
                    "hw-address": "00:1E:BE:90:FF:06",
-                    "hostname": "voip04",
+//                  "hostname": "voip04",
-                    "client-classes": [ "voip-phone" ]
+                    "client-classes": [ "cisco-phone" ]
                }
            ]
        },
--- a/roles/matrix/templates/matrix-synapse/homeserver.yaml.j2
+++ b/roles/matrix/templates/matrix-synapse/homeserver.yaml.j2
@ -2793,7 +2793,7 @@ background_updates:
 # marked as protected from quarantine will not be deleted.
 #
 media_retention:
-    local_media_lifetime: 90d
+    local_media_lifetime: 180d
    remote_media_lifetime: 14d
--- a/roles/netbox/defaults/main.yml
+++ b/roles/netbox/defaults/main.yml
@ -2,4 +2,4 @@
 netbox_group: netbox
 netbox_user: netbox
-netbox_version: 4.1.3
+netbox_version: 4.1.8
--- a/roles/pretalx/defaults/main.yml
+++ b/roles/pretalx/defaults/main.yml
@ -1,4 +0,0 @@
 ---
 pretalx_user: pretalx
 pretalx_group: pretalx
--- a/roles/pretalx/handlers/main.yml
+++ b/roles/pretalx/handlers/main.yml
@ -1,13 +0,0 @@
 ---
 - name: Run acertmgr
  command: /usr/bin/acertmgr
 - name: Reload systemd
  systemd: daemon_reload=yes
 - name: Restart pretalx-web
  service: name=pretalx-web state=restarted
 - name: Restart pretalx-worker
  service: name=pretalx-worker state=restarted
--- a/roles/pretalx/tasks/main.yml
+++ b/roles/pretalx/tasks/main.yml
@ -1,125 +0,0 @@
 ---
 - name: Create group
  group: name={{ pretalx_group }}
 - name: Create user
  user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }}
 - name: Create pretalx directories
  file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }}
  with_items:
  - /etc/pretalx
  - /opt/pretalx
  - /opt/pretalx/data
  - /opt/pretalx/data/media
  - /opt/pretalx/static
 - name: Install dependencies
  apt:
    name:
    - build-essential
    - gettext
    - libssl-dev
    - nodejs
    - npm
    - python3-setuptools
    - python3-dev
    - python3-pip
    - python3-venv
 - name: Install PostgreSQL
  apt:
    name:
    - postgresql
    - python3-psycopg2
 - name: Configure PostgreSQL user
  postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }}
  become: true
  become_user: postgres
 - name: Configure PostgreSQL database
  postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }}
  become: true
  become_user: postgres
 - name: Install redis
  apt: name=redis-server
 - name: Install pretalx
  pip:
    name:
    - gunicorn
    - pretalx[postgres,redis]
    - psycopg2-binary
    virtualenv: /opt/pretalx/venv
    virtualenv_command: "python3 -m venv"
  become: true
  become_user: "{{ pretalx_user }}"
  register: pretalx_install
 - name: Configure pretalx
  template:
    src: pretalx.cfg.j2
    dest: /etc/pretalx/pretalx.cfg
    owner: "{{ pretalx_user }}"
    group: "{{ pretalx_group }}"
  notify:
  - Restart pretalx-web
  - Restart pretalx-worker
 - name: Run migration script
  command:
    cmd: "./venv/bin/python3 -m pretalx migrate"
    chdir: "/opt/pretalx"
  become: true
  become_user: "{{ pretalx_user }}"
  when: pretalx_install.changed
 - name: Run rebuild script
  command:
    cmd: "./venv/bin/python3 -m pretalx rebuild"
    chdir: "/opt/pretalx"
  become: true
  become_user: "{{ pretalx_user }}"
  when: pretalx_install.changed
 - name: Enable pretalx cronjob
  cron:
    user: "{{ pretalx_user }}"
    name: pretalx
    minute: "*/5"
    job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null"
 - name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt
  notify: Restart nginx
 - name: Configure certificate manager for pretalx
  template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf
  notify: Run acertmgr
 - name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx
  notify: Restart nginx
 - name: Enable vhost
  file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link
  notify: Restart nginx
 - name: Install systemd units
  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
  with_items:
  - pretalx-web
  - pretalx-worker
  notify:
  - Reload systemd
  - Restart pretalx-web
  - Restart pretalx-worker
 - name: Enable services
  service: name={{ item }} state=started enabled=yes
  with_items:
  - pretalx-web
  - pretalx-worker
--- a/roles/pretalx/templates/pretalx-web.service.j2
+++ b/roles/pretalx/templates/pretalx-web.service.j2
@ -1,18 +0,0 @@
 [Unit]
 Description=pretalx web service
 After=network.target
 [Service]
 User={{ pretalx_user }}
 Group={{ pretalx_group }}
 Environment="VIRTUAL_ENV=/opt/pretalx/venv"
 Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
 ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \
                      --name pretalx --workers 5 \
                      --max-requests 1200  --max-requests-jitter 50 \
                      --log-level=info --bind=127.0.0.1:8345
 WorkingDirectory=/opt/pretalx
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx-worker.service.j2
+++ b/roles/pretalx/templates/pretalx-worker.service.j2
@ -1,15 +0,0 @@
 [Unit]
 Description=pretalx background worker
 After=network.target
 [Service]
 User={{ pretalx_user }}
 Group={{ pretalx_group }}
 Environment="VIRTUAL_ENV=/opt/pretalx/venv"
 Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
 ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info
 WorkingDirectory=/opt/pretalx
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx.cfg.j2
+++ b/roles/pretalx/templates/pretalx.cfg.j2
@ -1,27 +0,0 @@
 [filesystem]
 data = /opt/pretalx/data
 static = /opt/pretalx/static
 [site]
 debug = False
 url = https://{{ pretalx_domain }}
 [database]
 backend = postgresql
 name = {{ pretalx_dbname }}
 user = {{ pretalx_dbuser }}
 password = {{ pretalx_dbpass }}
 host =
 [mail]
 from={{ pretalx_mail }}
 host={{ mail_server }}
 tls = True
 [redis]
 location=redis://127.0.0.1/0
 sessions=true
 [celery]
 backend=redis://127.0.0.1/1
 broker=redis://127.0.0.1/2
--- a/roles/pretalx/templates/vhost.j2
+++ b/roles/pretalx/templates/vhost.j2
@ -1,49 +0,0 @@
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ pretalx_domain }};
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://{{ pretalx_domain }}$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name {{ pretalx_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt;
 	add_header Referrer-Policy same-origin;
 	add_header X-Content-Type-Options nosniff;
 	location / {
 		proxy_pass http://localhost:8345;
 		client_max_body_size 32M;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto https;
 		proxy_set_header Host $http_host;
 	}
 	location /media/ {
 		alias /opt/pretalx/data/media/;
 		expires 7d;
 		access_log off;
 	}
 	location /static/ {
 		alias /opt/pretalx/static/;
 		access_log off;
 		expires 365d;
 		add_header Cache-Control "public";
 	}
 }
--- a/roles/workadventure/handlers/main.yml
+++ b/roles/workadventure/handlers/main.yml
@ -1,13 +1,13 @@
 ---
 - name: Run acertmgr
  command: /usr/bin/acertmgr
 - name: Reload systemd
  systemd: daemon_reload=yes
 - name: Restart therapy
  service: name=therapy state=restarted
 - name: Restart nginx
  service: name=nginx state=restarted
- name: Restart workadventure
+- name: Run acertmgr
-  service: name=workadventure state=restarted
+  command: /usr/bin/acertmgr
--- a/roles/therapy/meta/main.yml
+++ b/roles/therapy/meta/main.yml
--- a/roles/therapy/tasks/main.yml
+++ b/roles/therapy/tasks/main.yml
@ -0,0 +1,55 @@
 ---
 - name: Install packages
  apt:
    name:
    - docker.io
    - docker-compose
 - name: Create therapy group
  group: name=therapy
 - name: Create therapy user
  user:
    name: therapy
    home: /opt/therapy
    shell: /bin/bash
    group: therapy
    groups: docker
 # TODO
 # checkout source to /opt/therapy/source - currently done manually
 - name: Configure therapy container
  template: src=docker-compose.yml.j2 dest=/opt/therapy/docker-compose.yml
  notify: Restart therapy
 - name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ therapy_domain }}.key -out /etc/nginx/ssl/{{ therapy_domain }}.crt -days 730 -subj "/CN={{ therapy_domain }}" creates=/etc/nginx/ssl/{{ therapy_domain }}.crt
  notify: Restart nginx
 - name: Configure certificate manager for therapy
  template: src=certs.j2 dest=/etc/acertmgr/{{ therapy_domain }}.conf
  notify: Run acertmgr
 - name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/therapy
  notify: Restart nginx
 - name: Enable vhost
  file: src=/etc/nginx/sites-available/therapy dest=/etc/nginx/sites-enabled/therapy state=link
  notify: Restart nginx
 - name: Systemd unit for therapy
  template: src=therapy.service.j2 dest=/etc/systemd/system/therapy.service
  notify:
  - Reload systemd
  - Restart therapy
 - name: Start the therapy service
  service: name=therapy state=started enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ therapy_domain }}"
--- a/roles/therapy/templates/certs.j2
+++ b/roles/therapy/templates/certs.j2
@ -1,13 +1,13 @@
 ---
-{{ pretalx_domain }}:
+{{ therapy_domain }}:
- path: /etc/nginx/ssl/{{ pretalx_domain }}.key
+- path: /etc/nginx/ssl/{{ therapy_domain }}.key
  user: root
  group: root
  perm: '400'
  format: key
  action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt
+- path: /etc/nginx/ssl/{{ therapy_domain }}.crt
  user: root
  group: root
  perm: '400'
--- a/roles/therapy/templates/docker-compose.yml.j2
+++ b/roles/therapy/templates/docker-compose.yml.j2
@ -0,0 +1,12 @@
 ---
 version: "3.4"
 services:
  server:
    image: therapy
    build: ./source
    restart: unless-stopped
    command: server
    environment:
      THERAPY_SECRET: {{ therapy_secret }}
    ports:
      - "127.0.0.1:5000:5000"
--- a/roles/workadventure/templates/workadventure.service.j2
+++ b/roles/workadventure/templates/workadventure.service.j2
@ -1,5 +1,5 @@
 [Unit]
-Description=WorkAdventure service using docker compose
+Description=therapy service using docker compose
 Requires=docker.service
 After=docker.service
 Before=nginx.service
@ -7,13 +7,13 @@ Before=nginx.service
 [Service]
 Type=simple
-User=workadventure
+User=therapy
-Group=workadventure
+Group=therapy
 Restart=always
 TimeoutStartSec=1200
-WorkingDirectory=/opt/workadventure/source/
+WorkingDirectory=/opt/therapy
 # Make sure no old containers are running
 ExecStartPre=/usr/bin/docker-compose down -v
--- a/roles/therapy/templates/vhost.j2
+++ b/roles/therapy/templates/vhost.j2
@ -0,0 +1,31 @@
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ therapy_domain }};
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://{{ therapy_domain }}$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name {{ therapy_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ therapy_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ therapy_domain }}.crt;
 	location / {
 		proxy_pass http://localhost:5000;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto $scheme;
 	}
 }
--- a/roles/uau/defaults/main.yml
+++ b/roles/uau/defaults/main.yml
@ -1,3 +0,0 @@
 ---
 uau_reboot: "true"
--- a/roles/uau/tasks/main.yml
+++ b/roles/uau/tasks/main.yml
@ -1,13 +0,0 @@
 ---
 - name: Install unattended upgrades
  apt:
    name:
    - unattended-upgrades
    - debian-goodies
 - name: Configure unattended upgrades
  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
  with_items:
  - 02periodic
  - 50unattended-upgrades
--- a/roles/vaultwarden/handlers/main.yml
+++ b/roles/vaultwarden/handlers/main.yml
@ -6,6 +6,9 @@
 - name: Restart vaultwarden
  service: name=vaultwarden state=restarted
 - name: Restart vaultwarden-reload
  service: name=vaultwarden-reload state=restarted
 - name: Restart nginx
  service: name=nginx state=restarted
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@ -42,9 +42,21 @@
  - Reload systemd
  - Restart vaultwarden
 - name: Systemd unit for vaultwarden-reload
  template: src=vaultwarden-reload.{{ item }}.j2 dest=/etc/systemd/system/vaultwarden-reload.{{ item }}
  with_items:
  - "service"
  - "timer"
  notify:
  - Reload systemd
  - Restart vaultwarden-reload
 - name: Start the vaultwarden service
  service: name=vaultwarden state=started enabled=yes
 - name: Enable auto update timer
  service: name=vaultwarden-reload.timer state=started enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
--- a/roles/vaultwarden/templates/docker-compose.yml.j2
+++ b/roles/vaultwarden/templates/docker-compose.yml.j2
@ -1,4 +1,5 @@
-version: "3"
+---
 version: "3.4"
 services:
  database:
    image: postgres:13-alpine
--- a/roles/vaultwarden/templates/vaultwarden-reload.service.j2
+++ b/roles/vaultwarden/templates/vaultwarden-reload.service.j2
@ -0,0 +1,7 @@
 [Unit]
 Description=Refresh vaultwarden images
 [Service]
 Type=oneshot
 ExecStart=/bin/systemctl reload-or-restart vaultwarden.service
--- a/roles/vaultwarden/templates/vaultwarden-reload.timer.j2
+++ b/roles/vaultwarden/templates/vaultwarden-reload.timer.j2
@ -0,0 +1,10 @@
 [Unit]
 Description=Refresh vaultwarden images
 Requires=vaultwarden.service
 After=vaultwarden.service
 [Timer]
 OnCalendar=*:0/15
 [Install]
 WantedBy=timers.target
--- a/roles/vaultwarden/templates/vaultwarden.service.j2
+++ b/roles/vaultwarden/templates/vaultwarden.service.j2
@ -15,8 +15,8 @@ TimeoutStartSec=1200
 WorkingDirectory=/opt/vaultwarden
-# Make sure no old containers are running
+# Update images
-ExecStartPre=/usr/bin/docker-compose down -v
+ExecStartPre=-/usr/bin/docker-compose pull --quiet
 # Compose up
 ExecStart=/usr/bin/docker-compose up
@ -24,5 +24,9 @@ ExecStart=/usr/bin/docker-compose up
 # Compose down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose down -v
 # Refresh on reload
 ExecReload=-/usr/bin/docker-compose pull --quiet
 ExecReload=/usr/bin/docker-compose up -d
 [Install]
 WantedBy=multi-user.target
--- a/roles/web/files/certs
+++ b/roles/web/files/certs
@ -42,6 +42,20 @@ www.ccc-r.de:
  format: key
  action: '/usr/sbin/service nginx restart'
 fahrplan.eh21.easterhegg.eu:
 - path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: '/usr/sbin/service nginx restart'
 - path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key
  user: root
  group: root
  perm: '400'
  format: key
  action: '/usr/sbin/service nginx restart'
 www.makerspace-regensburg.de:
 - path: /etc/nginx/ssl/www.makerspace-regensburg.de.crt
  user: root
--- a/roles/web/files/vhost
+++ b/roles/web/files/vhost
@ -145,7 +145,7 @@ server {
 	ssl_certificate_key /etc/nginx/ssl/autoconfig.binary-kitchen.de.key;
 	ssl_certificate /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt;
-	root /var/www/autconfig;
+	root /var/www/autoconfig;
 	default_type text/html;
 }
@ -180,6 +180,41 @@ server {
 	default_type text/html;
 }
 server {
 	listen 80;
 	listen [::]:80;
 	server_name fahrplan.eh21.easterhegg.eu;
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://fahrplan.eh21.easterhegg.eu$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name fahrplan.eh21.easterhegg.eu;
 	ssl_certificate_key /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key;
 	ssl_certificate /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt;
 	root /var/www/eh21-fahrplan;
 	location = / {
 		return 301 https://fahrplan.eh21.easterhegg.eu/eh/;
 	}
 	default_type text/html;
 }
 server {
 	listen 80;
 	listen [::]:80;
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@ -15,6 +15,7 @@
  - autoconfig
  - autoconfig/mail
  - ccc-r
  - eh21-fahrplan
  - makerspace-regensburg
  - kitchen
@ -30,6 +31,10 @@
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
  notify: Restart nginx
 - name: Ensure (EH21 fahrplan) certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key -out /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt -days 730 -subj "/CN=fahrplan.eh21.easterhegg.eu" creates=/etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
  notify: Restart nginx
 - name: Ensure (MS-R) certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
  notify: Restart nginx
@ -65,3 +70,14 @@
 - name: Start php8.2-fpm
  service: name=php8.2-fpm state=started enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ item }}"
  with_items:
  - "www.binary-kitchen.de"
  - "autoconfig.binary-kitchen.de"
  - "www.ccc-r.de"
  - "www.makerspace-regensburg.de"
  - "fahrplan.eh21.easterhegg.eu"
--- a/roles/workadventure/meta/main.yml
+++ b/roles/workadventure/meta/main.yml
@ -1,5 +0,0 @@
 ---
 dependencies:
 - { role: acertmgr }
 - { role: nginx, nginx_ssl: True }
--- a/roles/workadventure/tasks/main.yml
+++ b/roles/workadventure/tasks/main.yml
@ -1,51 +0,0 @@
 ---
 # TODO
 # source code is not yet checked out from git
 - name: Install docker-compose
  apt: name=docker-compose
 - name: Install git
  apt: name=git
 - name: Create workadventure group
  group: name=workadventure
 - name: Create workadventure user
  user:
    name: workadventure
    home: /opt/workadventure
    shell: /bin/zsh
    group: workadventure
    groups: docker
 - name: Install systemd unit
  template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
  notify:
  - Reload systemd
  - Restart workadventure
 - name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
  notify: Restart nginx
 - name: Configure certificate manager for workadventure
  template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
  notify: Run acertmgr
 - name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
  notify: Restart nginx
 - name: Enable vhost
  file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
  notify: Restart nginx
 - name: Enable workadventure
  service: name=workadventure enabled=yes
 - name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ workadventure_domain }}"
--- a/roles/workadventure/templates/certs.j2
+++ b/roles/workadventure/templates/certs.j2
@ -1,15 +0,0 @@
 ---
 {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
 - path: /etc/nginx/ssl/{{ workadventure_domain }}.key
  user: root
  group: root
  perm: '400'
  format: key
  action: '/usr/sbin/service nginx restart'
 - path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: '/usr/sbin/service nginx restart'
--- a/roles/workadventure/templates/vhost.j2
+++ b/roles/workadventure/templates/vhost.j2
@ -1,76 +0,0 @@
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name {{ workadventure_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
 	location / {
 		root /opt/workadventure/source/landing/dist;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name play.{{ workadventure_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
 	location / {
 		root /opt/workadventure/source/src/front/dist;
 		try_files $uri uri/ /index.html?$args;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name pusher.{{ workadventure_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
 	location / {
 		proxy_pass http://localhost:8002;
 		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "Upgrade";
 		proxy_set_header Host $host;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name uploader.{{ workadventure_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
 	location / {
 		proxy_pass http://localhost:8005;
 	}
 }
--- a/site.yml
+++ b/site.yml
@ -6,11 +6,6 @@
  - common
  - root_keys
 - name: Setup unattended updates
  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, technetium.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, barium.binary-kitchen.net]
  roles:
  - uau
 - name: Setup Proxmox VE SSL
  hosts: [salat.binary.kitchen, wurst.binary.kitchen, weizen.binary.kitchen]
  roles:
@ -52,6 +47,11 @@
  roles:
  - omm
 - name: Setup FreePBX server
  hosts: schweinshaxn.binary.kitchen
  roles:
  - freepbx
 - name: Setup gitea runner server
  hosts: bob.binary.kitchen
  roles:
@ -107,8 +107,8 @@
 - name: Setup web server (dockerized)
  hosts: fluorine.binary-kitchen.net
  roles:
  - authentik
  - 23b
  - authentik
  - hedgedoc
  - vaultwarden
@ -128,10 +128,10 @@
  roles:
  - coturn
- name: Setup zammad server
+- name: Setup web server (dockerized)
  hosts: aluminium.binary-kitchen.net
  roles:
-  - zammad
+  - therapy
 - name: Setup jitsi server
  hosts: zirconium.binary-kitchen.net
@ -153,11 +153,6 @@
  roles:
  - pretix
 - name: Setup event pretalx server
  hosts: palladium.binary-kitchen.net
  roles:
  - pretalx
 - name: Setup event netbox server
  hosts: cadmium.binary-kitchen.net
  roles:
@ -167,8 +162,3 @@
  hosts: argentum.binary-kitchen.net
  roles:
  - event_web
 - name: Setup WorkAdventure server
  hosts: barium.binary-kitchen.net
  roles:
  - workadventure
Author	SHA1	Message	Date
Markus Hauschild	8a3e5ba9a8	decommission host indium.binary-kitchen.net	2024-12-26 21:35:45 +01:00
Markus Hauschild	394e2e8026	netbox: bump to version 4.1.8	2024-12-18 11:41:00 +01:00
Markus Hauschild	62d33f4652	gitea: bump to version 1.22.6	2024-12-18 11:35:11 +01:00
Markus Hauschild	bf72143ee4	authentik: bump to version 2024.10.5	2024-12-18 11:33:18 +01:00
Markus Hauschild	3c37b9f2d9	new mail alias: toepferwerkstatt@binary-kitchen.de	2024-12-12 21:58:31 +01:00
Markus Hauschild	ebdde070da	README: fix formatting	2024-12-11 15:04:49 +01:00
Markus Hauschild	60f4024cf1	new host: schweinshaxn.binary.kitchen (FreePBX)	2024-12-11 15:03:58 +01:00
Thomas Basler	5174aead5f	freepbx: Install additional required packages	2024-12-11 14:51:45 +01:00
Thomas Basler	3d91267020	freepbx: Cleanup and only use flask based application	2024-12-11 14:51:45 +01:00
Thomas Basler	e3a79a0307	freepbx: Install self developed yealink packages	2024-12-11 14:51:45 +01:00
Markus Hauschild	4f1790d815	kea: remove whitespace	2024-11-25 21:24:35 +01:00
Markus Hauschild	8927eab887	gitea: bump to version 1.22.4	2024-11-25 21:19:25 +01:00
Markus Hauschild	21a0f13094	kea: fix HA by using pri/sec in LB mode	2024-11-25 21:18:47 +01:00
Markus Hauschild	da13a7a3d2	authentik: bump to version 2024.10.4	2024-11-22 17:09:31 +01:00
Markus Hauschild	f4642e7a03	netbox: bump to version 4.1.7	2024-11-22 17:09:06 +01:00
Markus Hauschild	e45e331b03	don't destroy containers before starting the service	2024-11-20 18:17:47 +01:00
Markus Hauschild	92000b5fbe	common: minor updates	2024-11-20 18:16:06 +01:00
Markus Hauschild	3fa13d41c2	common: integrate unattended upgrades	2024-11-20 18:15:36 +01:00
Markus Hauschild	583f6d3e82	group_vars: remove unused vars	2024-11-18 16:29:24 +01:00
Markus Hauschild	10f7450bc6	pretalx: remove role (was on palladium.binary-kitchen.net)	2024-11-18 16:28:04 +01:00
Markus Hauschild	9179a8a1f6	dns_intern: set RA flag on answers from auth for own zones	2024-11-17 19:32:02 +01:00
Markus Hauschild	29d008ca04	dns_intern: fix broken dns delegation use "@" instead of "" to prevent this from happening again	2024-11-15 19:56:03 +01:00
Markus Hauschild	744aed3b60	authentik: bump to version 2024.10.2	2024-11-14 23:45:57 +01:00
Markus Hauschild	1e664169bd	web: add monitoring	2024-11-11 20:04:38 +01:00
Markus Hauschild	d5edf48ea1	web: fix typo	2024-11-11 20:04:27 +01:00
Markus Hauschild	19d2545f1f	web: new vhost fahrplan.eh21.easterhegg.eu this will serve a static dump of the fahrplan and replace the pretalx instance	2024-11-11 19:23:50 +01:00
Markus Hauschild	b3038ec3dd	netbox: bump to version 4.1.6	2024-11-11 18:26:10 +01:00
Markus Hauschild	8285085468	gitea: bump to version 1.22.3	2024-11-11 18:25:35 +01:00
Markus Hauschild	7a82e453e9	workadventure: remove role (decommission barium.binary-kitchen.net)	2024-11-11 18:24:35 +01:00
Markus Hauschild	a3dddac6d0	vaultwareden: bump compose version	2024-11-09 15:33:09 +01:00
Markus Hauschild	d7c0716f4a	hedgedoc: enable automatic updates of docker images	2024-11-09 15:30:49 +01:00
Markus Hauschild	44f9505bef	vaultwarden: enable automatic updates of docker images	2024-11-06 19:11:29 +01:00
Markus Hauschild	338c12c687	authentik: split handling or service and reload timer	2024-11-06 19:08:10 +01:00
Markus Hauschild	405b5c5385	authentik: maybe don't try to detach the container for now seems oneshot won't work properly, even without Restart=always	2024-11-05 22:27:53 +01:00
Markus Hauschild	e2a071d69f	authentik: bump to version 2024.10.1	2024-11-05 22:18:46 +01:00
Markus Hauschild	d7aab43f06	authentik: enable automatic updates of docker images	2024-11-05 22:18:12 +01:00
Markus Hauschild	e1c900ad65	authentik: bump to version 2024.10.0	2024-11-04 17:47:48 +01:00
Markus Hauschild	baf02e790f	kea: add options for new yealink voip phones	2024-11-02 17:24:22 +01:00
Markus Hauschild	2d139167ea	indium: new temp. host for igel livestreaming	2024-10-31 14:42:10 +01:00
Markus Hauschild	933e25ca6a	therapy: new role to be deployed on aluminium	2024-10-31 14:37:42 +01:00
Markus Hauschild	eb4a5d1d13	netbox: bump to version 4.1.5	2024-10-30 20:18:14 +01:00
Markus Hauschild	df069adc5e	icinga: add apt and disk service definitions	2024-10-28 19:53:06 +01:00
Markus Hauschild	c2b8944756	icinga: move host config into zones in order to support agents	2024-10-28 00:30:16 +01:00
Markus Hauschild	4715798c3f	remove technetium.binary-kitchen.net	2024-10-28 00:28:32 +01:00
Markus Hauschild	750157ef76	group_vars: add more voucher aliases	2024-10-28 00:25:29 +01:00
Markus Hauschild	20c13ddbdc	icinga: add TODO	2024-10-27 22:27:58 +01:00
Markus Hauschild	62bc168983	matrix: increase local media lifetime	2024-10-21 20:02:23 +02:00
Markus Hauschild	d72fc4ceaa	uau: rebase against Debian 12	2024-10-21 20:01:44 +02:00
Markus Hauschild	68fee1e0d7	common: rebase against Debian 12	2024-10-21 20:01:06 +02:00
Markus Hauschild	2ea069f94e	netbox: bump to version 4.1.4	2024-10-21 19:06:31 +02:00
`@ -1,3 +1,3 @@`
	`---`	`---`

	`authentik_version: 2024.8.3`	`authentik_version: 2024.10.5`