freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
458 commits 1 branch 0 tags 947 KiB
Commit graph

42 commits

Author SHA1 Message Date
prisma dd8a62c21e kumpir: add plugins from zuckerwatte. 2019-09-26 23:02:42 +02:00
prisma01 b91112516d
Introduce Kumpir, our new www server, add wordpress role (#26) 
* Introduce Kumpir, our new www server, add wordpress role

* move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook

* set server type to services

* fix typo

* rename service-wordpress to service-nginx-wordpress

* Add service-nginx-etherpad role

* Add ed25519 keypair for system_users when supported.

* Revert "Add ed25519 keypair for system_users when supported."

This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534.

* Change generated keys format to ed25519

* fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default

* Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
 2019-09-26 22:13:13 +02:00
prisma b1a3bf3df8 linse/dehydrated fix domain for deploycert 2019-09-09 22:53:57 +02:00
prisma 2130b6a333 lins/dehydrated: added ffwi.org + ffmz.org to wildcard ssl, changed order. 2019-09-09 22:29:17 +02:00
prisma01 7611fb9d76
add dehydrated role with pdns-api.sh support (#25) 
* add dehydrated role with pdns-api.sh support

* Minor changes to Readme

* Remove Meta

* move dehydrated to linse

* Remove Zuckerwatte from PR (nothing to do with dehydrated)

* Add other domains to dehydrated config, added hook_chain

* Add authorized keys for cert user, add structures in /home/cert/ for checking out certs

* Send dehydrated ouput to /dev/null

* user authorized_keys module, add kumpir key

* Fix typo. Use \\n for each ssh-key

* remove unnecessary .ssh creation (done by authorized_key module)

* Added wrapper script to execute two hooks: pdns_api.sh + deploy certificates

* Remove challengetype variable, as only dns-01 is supported anyway.

* Add freifunk-mainz.de domain

* fix cert deploy script.
 2019-09-08 20:44:26 +02:00
Julian Labus a97e0a6bab Role pdns-api: add ipv6 address to pdns_limit_api_access 2019-09-02 15:40:08 +02:00
prisma01 417b60a0ac
Add role that allows access to powerdns api for certian ips via reverse proxy (#24) 
* Add role that allows access to powerdns api for certian ips via reverse proxy

* Remove unneeded variables, remove systemd handlers.

* Allow a list of access ips. Make this mandatory.
 2019-08-31 22:24:44 +02:00
Sebastian Schmachtel d7c7a1e484 Added Unfi Server to ansible. 
Squashed commit of the following:

commit 3ba76f9e3c02e4a343c0af62ce0327dee6f2f109
Author: Julian Labus <julian@labus-online.de>
Date:   Thu Aug 22 13:18:05 2019 +0200

    make unifi.yml executable

commit 36002be43a7c1af76660682469dc7efcc06fac5f
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 13:10:32 2019 +0200

    Changed magic < 255

commit c26bbac23620455653d8e21bf512c48493362d43
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 12:05:42 2019 +0200

    Ergänzug um Installation von UNMS

commit 220ba24e471f8139d775eec1d4b3da46e8befdf7
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 12:01:38 2019 +0200

    moved service-nginx-unifi into service-unifi

commit 570f5673c47b72e959e6da8940a9cbcbf1e496bf
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:40:27 2019 +0200

    remove lean_delivery.java from unifi playbook. already in dependencies of service-unifi

commit 4775cff44d53e07b720e8760f0e4ece1460e0717
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:38:44 2019 +0200

    adjusted readme, remove galaxy info, removed unit test

commit 75711495fcb40f618cd65029ceda6b3cfed7e581
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:32:59 2019 +0200

    fix type in unifi inventory

commit 513b4f6b8f3d1426e58a19ece6514e467916d680
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:32:44 2019 +0200

    move service-unifi back to correct location

commit ea32af8275fd7e6c34281e02eeb2323cbea55f64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:31:42 2019 +0200

    move service-unifi to temp directory

commit 87698c8d84a66cbf844e923c6dd41de87cba7759
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 02:09:17 2019 +0200

    Move host definition to inentory

commit b469c3f6307dbed9f40310c590abc0c672487973
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 01:52:19 2019 +0200

    Add unifi.yml to site.yml, remove wireguard role from unifi.yml

commit 77fa3aa0eb04b01a7b10dd66cede41b09e0aa5c0
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Wed Aug 14 21:17:49 2019 +0200

    Add unifi to wireguard

commit c63b850ddd470aa43d8ec25663f086180157673d
Author: Julian Labus <julian@labus-online.de>
Date:   Tue Aug 13 08:35:53 2019 +0200

    Add wireguard_networks for host unifi

commit 21341ad359fcfe9a9e4735ca50750f1bd5ea2ab6
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 22:49:17 2019 +0200

    Add unms nginx vhost

commit 0c0dff99b6ddbf8c5a354cce040b649c43948d64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:44:30 2019 +0200

    Add java role to gitignore

commit 4fa292b5e5528b732e71dfd204ce53878cc3ee7e
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:43:50 2019 +0200

    minor changes

commit 25ab40e85e8b2fd6eb4a770e4c26a82894db3622
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:17:39 2019 +0200

    move java repo to requirements.yml, replace duplicated serice-nginx with service-nginx + dependency

commit d9aa004149da7ac3893b698d4dcb329236a521fe
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 00:52:24 2019 +0200

    Added unif host: Added java role, service-unifi role, service-nginx-unifi added unifi host
 2019-08-22 14:49:55 +02:00
Julian Labus fc8bdfb63e
Inventory: use default Debian repo on Ingwer 2019-05-31 13:56:18 +02:00
Julian Labus 168f26aa14
Inventory: replace 127.0.0.1 with localhost for MySQL connections 2019-05-23 13:33:19 +02:00
Julian Labus 912cff7f5a
Playbooks: move vars from dns.yml to host_vars 2019-05-22 10:10:45 +02:00
Julian Labus 3a77c2901f
Remove dashes from group_vars names 2019-05-22 09:18:40 +02:00
Tobias Hachmer 0c6cec55e3
Add linse.freifunk-mwu.de 
* Update Playbook dns.yml to manage linse as the external dns master server
 2019-03-22 20:34:54 +01:00
Tobias Hachmer d194d6e936
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00
Tobias Hachmer 869dd5b62a
Migrate internal DNS master to PowerDNS 
* Add playbook dns to manage internal dns master servers
 * Add role to manage PowerDNS Admin Web Frontend for PowerDNS
 * Move dns zone related data from mesh list to a simpler dict with a simple zone list
 * Update role service-bind-slave
 * Update Readme.md
 * Add requirements.yml
 * Update .gitignore
 2019-03-20 19:43:11 +01:00
Tobias Hachmer e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose. 
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
 * add host kichererbse.freifunk-mwu.de
 * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
 * use new loopback and anycast networks
 * add role wireguard
 * add role wireguard as dependency for roles network-routing + service-bird
 * add playbook 'mesh-services'
 2019-03-19 15:23:12 +01:00
Julian Labus 483f49bba4
Inventory: add new domain dom0 2019-03-18 15:20:54 +01:00
Julian Labus 78916057d6
Inventory: fix DHCP ranges on gateway lotuswurzel 
lotuswurzel was using the first /23 net which is used for static server 
IPs
 2019-03-18 11:38:44 +01:00
Julian Labus 9b4dec1cf6
Inventory: add new domains 
dom1: mainz
dom2: wiesbaden
dom3: bingen
dom4: rheingau
dom5: taunus
dom6: limburg
dom7: wielrod
 2019-03-02 18:13:41 +01:00
Julian Labus 721b278d3b
Roles: improve multidomain support 2019-03-02 18:12:56 +01:00
Julian Labus 9a36b84a5f
Inventory: fix tunnel_ipv6_network for ffrl-a-ak-ber 2018-11-05 16:56:01 +01:00
Julian Labus f29da08ba1
Inventory: fix FFRL BGP sessions for Wasserfloh 2018-11-04 02:45:03 +01:00
Sebastian Schmachtel 9f42eaf942 Inventory: added Wasserfloh Gateway 2018-11-03 21:58:58 +01:00
Julian Labus c86408d352
inventory: add suesskartoffel to ffmwu-monitoring 2018-09-20 11:34:37 +02:00
Julian Labus b7d6bdea39
Inventory: add gateway spinat 2018-09-12 11:37:14 +02:00
Julian Labus 09d6d96bb2
inventory: add ffmwu_server_type to all gateway hosts 2018-08-07 11:21:39 +02:00
Tobias Hachmer 88bee34235 Restructure and update role for firmware build server 
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
 2018-07-24 17:09:02 +02:00
Tobias Hachmer 6904d9fb25 Role server-basic: add template for standard apt sources 2018-03-04 19:51:35 +01:00
Tobias Hachmer ba83cecc17 Inventory: add gateway lotuswurzel 2018-02-28 17:18:54 +01:00
Julian Labus ce47909a2c
Inventory: add gateway ingwer.freifunk-mwu.de 2018-02-28 11:16:05 +01:00
Tobias Hachmer 071bdb40d4 Role service-tinc: rework passwordstore lookup 2017-11-12 20:39:33 +01:00
Tobias Hachmer 78a141305d Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate 2017-11-12 20:27:12 +01:00
Tobias Hachmer e020ea0854 Inventory host_vars: use single file instead of subfolder 2017-11-11 21:19:15 +01:00
Tobias Hachmer 9e3a9562cb Inventory: add new gateway uffschnitt.freifunk-mwu.de 2017-11-07 06:22:09 +01:00
Tobias Hachmer 3270b5cc3e Inventory: clean up & rename role ffmwu-prereq to test-prerequisites 
Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.
 2017-09-05 11:25:13 +02:00
kaba a001d5b8b5 extrasahne 2016-12-07 15:17:02 +01:00
kaba 7ea7290b4f safeguard not to disrupt manually managed systems 2016-11-28 17:00:44 +01:00
kaba 1ec708a20b safeguard not to disrupt manually managed systemscat 2016-11-28 16:51:05 +01:00
Tobias Hachmer 54e55358a4 Inventory: add public key of maesto to host milchreis 2016-10-27 10:52:47 +02:00
ka-ba 40fe1d7fb5 fastd config differ for gates and for other meshing servers 2016-10-12 20:24:56 +02:00
ka-ba 1a96ad9ef7 set up meshing server (only local test for now) up to fastd - still missing: batman 2016-09-14 16:39:21 +02:00
ka-ba 33bfb4c427 allow additional ssh keys on specific hosts 2016-07-18 14:59:42 +02:00