Commit graph

344 commits

Author SHA1 Message Date
prisma01
b91112516d
Introduce Kumpir, our new www server, add wordpress role (#26)
* Introduce Kumpir, our new www server, add wordpress role

* move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook

* set server type to services

* fix typo

* rename service-wordpress to service-nginx-wordpress

* Add service-nginx-etherpad role

* Add ed25519 keypair for system_users when supported.

* Revert "Add ed25519 keypair for system_users when supported."

This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534.

* Change generated keys format to ed25519

* fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default

* Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
2019-09-26 22:13:13 +02:00
Julian Labus
f218785e7c
Role service-prometheus: update versions 2019-09-17 15:08:42 +02:00
Julian Labus
7ee0c2f881
Role service-prometheus: update versions 2019-09-13 14:51:39 +02:00
prisma01
7611fb9d76
add dehydrated role with pdns-api.sh support (#25)
* add dehydrated role with pdns-api.sh support

* Minor changes to Readme

* Remove Meta

* move dehydrated to linse

* Remove Zuckerwatte from PR (nothing to do with dehydrated)

* Add other domains to dehydrated config, added hook_chain

* Add authorized keys for cert user, add structures in /home/cert/ for checking out certs

* Send dehydrated ouput to /dev/null

* user authorized_keys module, add kumpir key

* Fix typo. Use \\n for each ssh-key

* remove unnecessary .ssh creation (done by authorized_key module)

* Added wrapper script to execute two hooks: pdns_api.sh + deploy certificates

* Remove challengetype variable, as only dns-01 is supported anyway.

* Add freifunk-mainz.de domain

* fix cert deploy script.
2019-09-08 20:44:26 +02:00
Tobias Hachmer
b564d8113c
Role network-loopback: fix typo in task name 2019-09-03 21:26:20 +02:00
Julian Labus
12774ae19c Role pdns-api: always allow localhost 2019-09-02 15:40:08 +02:00
prisma01
417b60a0ac
Add role that allows access to powerdns api for certian ips via reverse proxy (#24)
* Add role that allows access to powerdns api for certian ips via reverse proxy

* Remove unneeded variables, remove systemd handlers.

* Allow a list of access ips. Make this mandatory.
2019-08-31 22:24:44 +02:00
Julian Labus
8863e21995
Role service-prometheus: update version 2019-08-28 19:14:15 +02:00
Julian Labus
d344f3045c
Role service-dhcpd: add Option 43
provide UniFi Controller IP via Option 43
2019-08-22 21:26:11 +02:00
Julian Labus
ca2939dedb
Role service-nginx-unms: update vhost
adjust vhost config according to recommended settings
https://help.ubnt.com/hc/en-us/articles/115015690207-UNMS-Reverse-Proxy#3
2019-08-22 15:34:45 +02:00
Sebastian Schmachtel
d7c7a1e484 Added Unfi Server to ansible.
Squashed commit of the following:

commit 3ba76f9e3c02e4a343c0af62ce0327dee6f2f109
Author: Julian Labus <julian@labus-online.de>
Date:   Thu Aug 22 13:18:05 2019 +0200

    make unifi.yml executable

commit 36002be43a7c1af76660682469dc7efcc06fac5f
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 13:10:32 2019 +0200

    Changed magic < 255

commit c26bbac23620455653d8e21bf512c48493362d43
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 12:05:42 2019 +0200

    Ergänzug um Installation von UNMS

commit 220ba24e471f8139d775eec1d4b3da46e8befdf7
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 12:01:38 2019 +0200

    moved service-nginx-unifi into service-unifi

commit 570f5673c47b72e959e6da8940a9cbcbf1e496bf
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:40:27 2019 +0200

    remove lean_delivery.java from unifi playbook. already in dependencies of service-unifi

commit 4775cff44d53e07b720e8760f0e4ece1460e0717
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:38:44 2019 +0200

    adjusted readme, remove galaxy info, removed unit test

commit 75711495fcb40f618cd65029ceda6b3cfed7e581
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:32:59 2019 +0200

    fix type in unifi inventory

commit 513b4f6b8f3d1426e58a19ece6514e467916d680
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:32:44 2019 +0200

    move service-unifi back to correct location

commit ea32af8275fd7e6c34281e02eeb2323cbea55f64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 11:31:42 2019 +0200

    move service-unifi to temp directory

commit 87698c8d84a66cbf844e923c6dd41de87cba7759
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 02:09:17 2019 +0200

    Move host definition to inentory

commit b469c3f6307dbed9f40310c590abc0c672487973
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Thu Aug 22 01:52:19 2019 +0200

    Add unifi.yml to site.yml, remove wireguard role from unifi.yml

commit 77fa3aa0eb04b01a7b10dd66cede41b09e0aa5c0
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Wed Aug 14 21:17:49 2019 +0200

    Add unifi to wireguard

commit c63b850ddd470aa43d8ec25663f086180157673d
Author: Julian Labus <julian@labus-online.de>
Date:   Tue Aug 13 08:35:53 2019 +0200

    Add wireguard_networks for host unifi

commit 21341ad359fcfe9a9e4735ca50750f1bd5ea2ab6
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 22:49:17 2019 +0200

    Add unms nginx vhost

commit 0c0dff99b6ddbf8c5a354cce040b649c43948d64
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:44:30 2019 +0200

    Add java role to gitignore

commit 4fa292b5e5528b732e71dfd204ce53878cc3ee7e
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:43:50 2019 +0200

    minor changes

commit 25ab40e85e8b2fd6eb4a770e4c26a82894db3622
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 21:17:39 2019 +0200

    move java repo to requirements.yml, replace duplicated serice-nginx with service-nginx + dependency

commit d9aa004149da7ac3893b698d4dcb329236a521fe
Author: Sebastian Schmachtel <prisma_freifunk@oimel.net>
Date:   Mon Aug 12 00:52:24 2019 +0200

    Added unif host: Added java role, service-unifi role, service-nginx-unifi added unifi host
2019-08-22 14:49:55 +02:00
Julian Labus
876c93737d
Role service-nginx-meshviewer: add additional domains
Our meshes structure only supports two domains (internal/external).
This adds a list called `meshviewer_additional_domains` which will be
prefixed with `map.` and redirected to the main Meshviewer domain.
2019-07-16 16:15:32 +02:00
Julian Labus
fb2c6cb07a
Role service-prometheus: bump versions 2019-07-12 14:53:18 +02:00
Julian Labus
2f258ac672
Role service-yanic: adjust for latest config changes 2019-06-23 12:56:46 +02:00
Julian Labus
07a9169656
Role service-domain-director: update to latest version 2019-06-04 10:45:27 +02:00
Julian Labus
3e8bc8d37c
Role service-prometheus: query kea-exporter 2019-05-31 13:45:36 +02:00
Julian Labus
6a4498c436
Role service-dhcpd: add kea-exporter 2019-05-31 13:45:16 +02:00
Julian Labus
37d0739a76
Role server-basic: add python3-pip 2019-05-31 13:44:01 +02:00
Julian Labus
3a77c2901f
Remove dashes from group_vars names 2019-05-22 09:18:40 +02:00
Julian Labus
e16b92563d
Role service-nginx-firmware: strip ' (legacy)' from domain_name 2019-05-21 16:57:39 +02:00
Julian Labus
fed89c5910
Role service-fastd-mesh: remove reference to old systemd timer 2019-05-21 16:56:38 +02:00
Julian Labus
1f3b87013d
Role users: add public keys from n0trax 2019-05-16 11:42:17 +02:00
Julian Labus
5c42743d3f
Role service-domain-director: update domains.geojson
add Partenheim to Domain Mainz
2019-05-10 11:11:50 +02:00
Julian Labus
d4e6eb6ed3
Role service-domain-director: switch to dry-run 2019-05-10 11:09:38 +02:00
Julian Labus
552c1f2729
Role service-yanic: restart yanic and respondd 2019-05-05 19:06:22 +02:00
Julian Labus
3c010e2c5f
Role service-yanic: use wireguard interfaces for respondd on servers 2019-05-04 19:53:34 +02:00
Julian Labus
e17f378f0b
Role service-yanic: query link-local and site-local multicast address 2019-05-04 17:57:52 +02:00
Julian Labus
d035daf6d9
Role service-yanic: join link-local multicast on fastd interfaces 2019-05-04 17:56:42 +02:00
Julian Labus
b35c731813
Role service-yanic: switch to own fork
Should be reverted after the respondd branch is merged
2019-05-04 17:55:23 +02:00
Julian Labus
b1cc085e8d
Role service-nginx-meshviewer: add domain servers 2019-05-02 16:40:19 +02:00
Julian Labus
c728b0509b
Role service-yanic: add respondd 2019-05-02 16:00:02 +02:00
Julian Labus
07bcfca54d
Remove Role service-respondd
superseded by yanic respondd
2019-05-02 15:57:52 +02:00
Julian Labus
c29a24233e
Role service-domain-director: set switch time
Thu 02 May 2019 09:00:00 AM CEST
2019-04-25 14:31:55 +02:00
Julian Labus
6b64aa17a0
Role service-prometheus: bump versions 2019-04-17 10:44:37 +02:00
Tobias Hachmer
5cc55db92c
Role server-basic: enable unattended upgrade for Archive Unstable 2019-04-11 22:03:07 +02:00
Julian Labus
b2373c17ac
service-fastd-mesh: use fastd-limiter and "on verify" to limit peers 2019-04-10 12:56:35 +02:00
Tobias Hachmer
ecdcb4c294
Role server-basic: enable unattended upgrade for PowerDNS packages 2019-04-09 21:30:44 +02:00
Julian Labus
04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS 2019-04-05 19:53:19 +02:00
Julian Labus
ac64eddfb1
service-prometheus: update versions 2019-04-05 09:29:11 +02:00
Julian Labus
4bdaaf2dae
service-prometheus: update internal domain for ICMP targets 2019-04-05 09:28:45 +02:00
Julian Labus
f194880f4c
service-fastd-mesh: enable redis-server 2019-04-04 20:21:31 +02:00
Julian Labus
a825a9bed0
service-fastd-mesh: add fastd-limiter (dry run)
new limits are not yet used by fastd
2019-04-04 11:56:45 +02:00
Tobias Hachmer
8a898bf339
Role pdns_admin: update version 2019-04-01 20:32:29 +02:00
Julian Labus
71d1889a49
Role service-fastd-mesh: allow fastd-exporter access from all gateways 2019-03-29 16:40:17 +01:00
Tobias Hachmer
f701d77dfd
Role service-bird: suffix legacy ipv6 bgp peers with '_legacy', also 2019-03-25 20:33:08 +01:00
Tobias Hachmer
6cc9776c66
Use link-local IPv6 address for BGP Peering 2019-03-25 20:22:55 +01:00
Julian Labus
59045bc400
Roles network-*: enable forwarding
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
2019-03-25 10:13:01 +01:00
Julian Labus
6239a876bb
Role network-fastd: set mtu 2019-03-24 23:14:06 +01:00
Julian Labus
dc1f469265
Role wireguard: set mtu and link-local address 2019-03-24 22:22:19 +01:00
Tobias Hachmer
13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load 2019-03-24 20:20:57 +01:00