Commit Graph

51 Commits

Author SHA1 Message Date
Fritz Grimpen d5a03479af New certbot role covering standalone and webroot setups 2021-02-02 21:49:20 +00:00
Fritz Grimpen cba94e7929 Manage secrets outside Ansible 2021-02-02 18:29:48 +00:00
Fritz Grimpen c2ea9c6600 Hacky mediawiki role 2021-02-02 18:27:37 +00:00
genofire 058910b93a Finish the mail setup. Closes #10. 2021-02-01 02:45:58 +01:00
genofire 060ba82d42 Perform daily backups. Close #22 2021-01-31 20:25:31 +01:00
genofire 03c34b1216 s6-svscan lost its -s flag with the 2.10.0 release 2021-01-31 19:20:46 +01:00
genofire 07a61ac55f Add mlmmj map 2021-01-31 19:18:31 +01:00
genofire c49a79fe20 Update gitea submodule? 2021-01-31 19:17:40 +01:00
genofire 98a412c27b Renew Let's Encrypt certificates 2021-01-31 19:16:27 +01:00
genofire 925499223e Use correct handlers 2021-01-04 23:33:42 +01:00
Geno 68c6b53f68 gitea update 2020-12-14 23:53:27 +01:00
genofire 531b7ef276 Reenable redis dependency 2020-10-27 21:09:38 +01:00
genofire c18f53b8ea Add rspamd support.
Postfix uses the Rspamd proxy as spam filtering milter
and HAProxy exposes the Rspamd webinterface through HTTPS.

Updates #10
2020-10-26 23:46:16 +01:00
genofire 28fbdff74b Make HAProxy use its new chroot jail in /var/run/haproxy.
Fixes #19
2020-10-26 23:31:57 +01:00
genofire 97daf854d0 Add the missing sender_access map to Postfix's configuration.
Updates #18
2020-10-24 19:34:42 +02:00
genofire 0a6b680cda Write a role to setup a Redis instance.
The role expects two parameters:

  * `redis_instance`: the instance name
  * `redis_client_group`: the group allowed to access the instance's unix socket

Fixes #17
Updates #10
2020-10-24 14:07:10 +02:00
genofire 593d8deddf Only delete old service databases after a *successful* update 2020-10-24 05:25:49 +02:00
genofire 36e65e6fe3 Install and configure nsd and unbound on emma.ccchb.de
Fixes #15
2020-10-23 19:37:15 +02:00
genofire 8ea37c14df Wait for readiness.
Fixes #16.
2020-10-23 19:28:36 +02:00
genofire 7d811568e5 Make use of the Hetzner NTP servers.
Fixes #14 (again)
2020-10-23 19:12:55 +02:00
genofire 4addf597cc Install OpenNTPD on mail servers
Fixes #14
2020-10-23 19:03:23 +02:00
genofire 9110d9df82 Add a Postfix role and apply it to emma
Changes #10
2020-10-23 03:32:54 +02:00
genofire 372f5265d7 Add a Dovecot role
Changes #10
2020-10-21 16:18:30 +02:00
genofire 4dfd89dff1 Add Let's Encrypt support to HAProxy.
Closes #13
2020-10-21 16:10:23 +02:00
genofire 4696d140aa Use s6-log's native readiness notification support.
Fixes #9
2020-10-20 14:08:28 +02:00
genofire d3f447dce4 Tag the /var/log/haproxy tmpfs as a late file system.
Fixes #8
2020-10-19 14:21:11 +02:00
genofire cb8403a0d3 Create a tmpfs at /var/log/haproxy.
Fixes #6.
2020-10-16 15:55:54 +02:00
genofire 6031ddc028 Apply a 16 or 56 bit mask to source IP addresses 2020-10-03 04:00:30 +02:00
genofire dd16e9281d Make HAProxy happy (overwrite log type) 2020-10-03 03:19:12 +02:00
genofire 3609982b4c Enable HAProxy service 2020-10-03 03:14:01 +02:00
genofire 02fdf86327 Add SNI support as requested in #1 2020-10-03 03:04:44 +02:00
genofire 276cff4373 Add HAProxy role. Fixes #4 2020-10-03 02:30:41 +02:00
genofire 45f8337144 use current template version of gitea 2020-09-18 16:22:28 +00:00
genofire c6fee04ba6 roles/gitea-ccchb: make menu black 2020-09-18 16:10:02 +00:00
genofire 5378e6f7f9 gitea: add logo 2020-09-18 15:47:42 +00:00
genofire e5afb434a5 move ansible-role-gitea to fork 2020-09-18 13:02:21 +00:00
genofire 1b35ee4de3 roles/user_mgmt: fix state for ssh_keys 2020-09-18 11:17:02 +00:00
genofire 48541be6dd roles/debian: fix networking disable 2020-09-18 11:16:42 +00:00
genofire bff7609ec4 add gitea 2020-09-18 11:15:57 +00:00
Geno a771624793 roles/user_mgmt: improve by using state and default values 2020-09-17 14:12:22 +00:00
Geno dee5a45271 roles/user_mgmt: for add/delete users and ssh_keys 2020-09-17 12:55:13 +00:00
Crest 53f795faf6 Autostart the enabled bhyve guests 2020-09-17 02:38:24 +02:00
Geno d39eb49c37 roles: Add nextcloud (for debian) 2020-09-17 00:16:55 +00:00
Geno fcf03aaea7 roles: Add php (for debian) 2020-09-17 00:16:36 +00:00
Geno 1bcada7ffe roles: Add nginx (for debian) 2020-09-17 00:16:19 +00:00
Geno 2803c0aaea Add default setup for debian (HACKY/WIP) 2020-09-17 00:14:54 +00:00
Crest 2bae7c9cc1 Run bhyve guests under s6 supervision 2020-09-14 03:52:49 +02:00
Crest e03c04873c Create (multiple) ZFS volumes per guest 2020-09-14 01:25:20 +02:00
Crest 05ec7f2022 Use ansible ipath to derive /31 and /127 from the guest index 2020-09-14 01:24:17 +02:00
Crest 82df9558cd Split bhyve into network, storage and s6 2020-09-14 00:40:21 +02:00