prisma01
b91112516d
Introduce Kumpir, our new www server, add wordpress role ( #26 )
...
* Introduce Kumpir, our new www server, add wordpress role
* move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook
* set server type to services
* fix typo
* rename service-wordpress to service-nginx-wordpress
* Add service-nginx-etherpad role
* Add ed25519 keypair for system_users when supported.
* Revert "Add ed25519 keypair for system_users when supported."
This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534.
* Change generated keys format to ed25519
* fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default
* Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
2019-09-26 22:13:13 +02:00
Julian Labus
f218785e7c
Role service-prometheus: update versions
2019-09-17 15:08:42 +02:00
Julian Labus
7ee0c2f881
Role service-prometheus: update versions
2019-09-13 14:51:39 +02:00
prisma01
7611fb9d76
add dehydrated role with pdns-api.sh support ( #25 )
...
* add dehydrated role with pdns-api.sh support
* Minor changes to Readme
* Remove Meta
* move dehydrated to linse
* Remove Zuckerwatte from PR (nothing to do with dehydrated)
* Add other domains to dehydrated config, added hook_chain
* Add authorized keys for cert user, add structures in /home/cert/ for checking out certs
* Send dehydrated ouput to /dev/null
* user authorized_keys module, add kumpir key
* Fix typo. Use \\n for each ssh-key
* remove unnecessary .ssh creation (done by authorized_key module)
* Added wrapper script to execute two hooks: pdns_api.sh + deploy certificates
* Remove challengetype variable, as only dns-01 is supported anyway.
* Add freifunk-mainz.de domain
* fix cert deploy script.
2019-09-08 20:44:26 +02:00
Tobias Hachmer
b564d8113c
Role network-loopback: fix typo in task name
2019-09-03 21:26:20 +02:00
Julian Labus
12774ae19c
Role pdns-api: always allow localhost
2019-09-02 15:40:08 +02:00
prisma01
417b60a0ac
Add role that allows access to powerdns api for certian ips via reverse proxy ( #24 )
...
* Add role that allows access to powerdns api for certian ips via reverse proxy
* Remove unneeded variables, remove systemd handlers.
* Allow a list of access ips. Make this mandatory.
2019-08-31 22:24:44 +02:00
Julian Labus
8863e21995
Role service-prometheus: update version
2019-08-28 19:14:15 +02:00
Julian Labus
d344f3045c
Role service-dhcpd: add Option 43
...
provide UniFi Controller IP via Option 43
2019-08-22 21:26:11 +02:00
Julian Labus
ca2939dedb
Role service-nginx-unms: update vhost
...
adjust vhost config according to recommended settings
https://help.ubnt.com/hc/en-us/articles/115015690207-UNMS-Reverse-Proxy#3
2019-08-22 15:34:45 +02:00
Sebastian Schmachtel
d7c7a1e484
Added Unfi Server to ansible.
...
Squashed commit of the following:
commit 3ba76f9e3c02e4a343c0af62ce0327dee6f2f109
Author: Julian Labus <julian@labus-online.de>
Date: Thu Aug 22 13:18:05 2019 +0200
make unifi.yml executable
commit 36002be43a7c1af76660682469dc7efcc06fac5f
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 13:10:32 2019 +0200
Changed magic < 255
commit c26bbac23620455653d8e21bf512c48493362d43
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 12:05:42 2019 +0200
Ergänzug um Installation von UNMS
commit 220ba24e471f8139d775eec1d4b3da46e8befdf7
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 12:01:38 2019 +0200
moved service-nginx-unifi into service-unifi
commit 570f5673c47b72e959e6da8940a9cbcbf1e496bf
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 11:40:27 2019 +0200
remove lean_delivery.java from unifi playbook. already in dependencies of service-unifi
commit 4775cff44d53e07b720e8760f0e4ece1460e0717
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 11:38:44 2019 +0200
adjusted readme, remove galaxy info, removed unit test
commit 75711495fcb40f618cd65029ceda6b3cfed7e581
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 11:32:59 2019 +0200
fix type in unifi inventory
commit 513b4f6b8f3d1426e58a19ece6514e467916d680
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 11:32:44 2019 +0200
move service-unifi back to correct location
commit ea32af8275fd7e6c34281e02eeb2323cbea55f64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 11:31:42 2019 +0200
move service-unifi to temp directory
commit 87698c8d84a66cbf844e923c6dd41de87cba7759
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 02:09:17 2019 +0200
Move host definition to inentory
commit b469c3f6307dbed9f40310c590abc0c672487973
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Thu Aug 22 01:52:19 2019 +0200
Add unifi.yml to site.yml, remove wireguard role from unifi.yml
commit 77fa3aa0eb04b01a7b10dd66cede41b09e0aa5c0
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Wed Aug 14 21:17:49 2019 +0200
Add unifi to wireguard
commit c63b850ddd470aa43d8ec25663f086180157673d
Author: Julian Labus <julian@labus-online.de>
Date: Tue Aug 13 08:35:53 2019 +0200
Add wireguard_networks for host unifi
commit 21341ad359fcfe9a9e4735ca50750f1bd5ea2ab6
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Mon Aug 12 22:49:17 2019 +0200
Add unms nginx vhost
commit 0c0dff99b6ddbf8c5a354cce040b649c43948d64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Mon Aug 12 21:44:30 2019 +0200
Add java role to gitignore
commit 4fa292b5e5528b732e71dfd204ce53878cc3ee7e
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Mon Aug 12 21:43:50 2019 +0200
minor changes
commit 25ab40e85e8b2fd6eb4a770e4c26a82894db3622
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Mon Aug 12 21:17:39 2019 +0200
move java repo to requirements.yml, replace duplicated serice-nginx with service-nginx + dependency
commit d9aa004149da7ac3893b698d4dcb329236a521fe
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date: Mon Aug 12 00:52:24 2019 +0200
Added unif host: Added java role, service-unifi role, service-nginx-unifi added unifi host
2019-08-22 14:49:55 +02:00
Julian Labus
876c93737d
Role service-nginx-meshviewer: add additional domains
...
Our meshes structure only supports two domains (internal/external).
This adds a list called `meshviewer_additional_domains` which will be
prefixed with `map.` and redirected to the main Meshviewer domain.
2019-07-16 16:15:32 +02:00
Julian Labus
fb2c6cb07a
Role service-prometheus: bump versions
2019-07-12 14:53:18 +02:00
Julian Labus
2f258ac672
Role service-yanic: adjust for latest config changes
2019-06-23 12:56:46 +02:00
Julian Labus
07a9169656
Role service-domain-director: update to latest version
2019-06-04 10:45:27 +02:00
Julian Labus
3e8bc8d37c
Role service-prometheus: query kea-exporter
2019-05-31 13:45:36 +02:00
Julian Labus
6a4498c436
Role service-dhcpd: add kea-exporter
2019-05-31 13:45:16 +02:00
Julian Labus
37d0739a76
Role server-basic: add python3-pip
2019-05-31 13:44:01 +02:00
Julian Labus
3a77c2901f
Remove dashes from group_vars names
2019-05-22 09:18:40 +02:00
Julian Labus
e16b92563d
Role service-nginx-firmware: strip ' (legacy)' from domain_name
2019-05-21 16:57:39 +02:00
Julian Labus
fed89c5910
Role service-fastd-mesh: remove reference to old systemd timer
2019-05-21 16:56:38 +02:00
Julian Labus
1f3b87013d
Role users: add public keys from n0trax
2019-05-16 11:42:17 +02:00
Julian Labus
5c42743d3f
Role service-domain-director: update domains.geojson
...
add Partenheim to Domain Mainz
2019-05-10 11:11:50 +02:00
Julian Labus
d4e6eb6ed3
Role service-domain-director: switch to dry-run
2019-05-10 11:09:38 +02:00
Julian Labus
552c1f2729
Role service-yanic: restart yanic and respondd
2019-05-05 19:06:22 +02:00
Julian Labus
3c010e2c5f
Role service-yanic: use wireguard interfaces for respondd on servers
2019-05-04 19:53:34 +02:00
Julian Labus
e17f378f0b
Role service-yanic: query link-local and site-local multicast address
2019-05-04 17:57:52 +02:00
Julian Labus
d035daf6d9
Role service-yanic: join link-local multicast on fastd interfaces
2019-05-04 17:56:42 +02:00
Julian Labus
b35c731813
Role service-yanic: switch to own fork
...
Should be reverted after the respondd branch is merged
2019-05-04 17:55:23 +02:00
Julian Labus
b1cc085e8d
Role service-nginx-meshviewer: add domain servers
2019-05-02 16:40:19 +02:00
Julian Labus
c728b0509b
Role service-yanic: add respondd
2019-05-02 16:00:02 +02:00
Julian Labus
07bcfca54d
Remove Role service-respondd
...
superseded by yanic respondd
2019-05-02 15:57:52 +02:00
Julian Labus
c29a24233e
Role service-domain-director: set switch time
...
Thu 02 May 2019 09:00:00 AM CEST
2019-04-25 14:31:55 +02:00
Julian Labus
6b64aa17a0
Role service-prometheus: bump versions
2019-04-17 10:44:37 +02:00
Tobias Hachmer
5cc55db92c
Role server-basic: enable unattended upgrade for Archive Unstable
2019-04-11 22:03:07 +02:00
Julian Labus
b2373c17ac
service-fastd-mesh: use fastd-limiter and "on verify" to limit peers
2019-04-10 12:56:35 +02:00
Tobias Hachmer
ecdcb4c294
Role server-basic: enable unattended upgrade for PowerDNS packages
2019-04-09 21:30:44 +02:00
Julian Labus
04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS
2019-04-05 19:53:19 +02:00
Julian Labus
ac64eddfb1
service-prometheus: update versions
2019-04-05 09:29:11 +02:00
Julian Labus
4bdaaf2dae
service-prometheus: update internal domain for ICMP targets
2019-04-05 09:28:45 +02:00
Julian Labus
f194880f4c
service-fastd-mesh: enable redis-server
2019-04-04 20:21:31 +02:00
Julian Labus
a825a9bed0
service-fastd-mesh: add fastd-limiter (dry run)
...
new limits are not yet used by fastd
2019-04-04 11:56:45 +02:00
Tobias Hachmer
8a898bf339
Role pdns_admin: update version
2019-04-01 20:32:29 +02:00
Julian Labus
71d1889a49
Role service-fastd-mesh: allow fastd-exporter access from all gateways
2019-03-29 16:40:17 +01:00
Tobias Hachmer
f701d77dfd
Role service-bird: suffix legacy ipv6 bgp peers with '_legacy', also
2019-03-25 20:33:08 +01:00
Tobias Hachmer
6cc9776c66
Use link-local IPv6 address for BGP Peering
2019-03-25 20:22:55 +01:00
Julian Labus
59045bc400
Roles network-*: enable forwarding
...
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
2019-03-25 10:13:01 +01:00
Julian Labus
6239a876bb
Role network-fastd: set mtu
2019-03-24 23:14:06 +01:00
Julian Labus
dc1f469265
Role wireguard: set mtu and link-local address
2019-03-24 22:22:19 +01:00
Tobias Hachmer
13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load
2019-03-24 20:20:57 +01:00