Commit graph

398 commits

Author SHA1 Message Date
Sam A. 2fa5bf4982
Merge branch 'main' into watchtower 2022-11-23 19:51:58 +01:00
Víðir Valberg Guðmundsson 78b15ddcc4 Pin restic backup. 2022-11-22 23:13:01 +01:00
Víðir Valberg Guðmundsson d6766e601a Upgrade portainer to 2.16.2. 2022-11-22 22:52:23 +01:00
Víðir Valberg Guðmundsson cbc209c381 Set keycloak path to the old path. 2022-11-22 22:52:08 +01:00
Víðir Valberg Guðmundsson f040880c26 Pin rallly. 2022-11-22 22:47:22 +01:00
Víðir Valberg Guðmundsson 394e158c51 Make sure to always restart membersystem if it goes down. 2022-11-22 22:39:34 +01:00
Víðir Valberg Guðmundsson 14d97ee7a6 Upgrade keycloak to 20.0.1 2022-11-22 22:38:05 +01:00
Sam A. fc7ca37b07
Make TCP the default allowed firewall protocol
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
2022-11-22 21:40:21 +01:00
Sam A. 71cc3e2241
Fix firewall ports format 2022-11-22 21:22:23 +01:00
Sam A. d53c6d41dc Merge pull request 'Firewall (UFW)' (#107) from samsapti/ansible:main into main
Reviewed-on: data.coop/ansible#107
2022-11-22 20:05:00 +00:00
Sam A. 9852a42470
Upgrade Element to 1.11.8 2022-11-22 18:59:34 +01:00
Sam A. efbdcc9a5a
Add missing postfix network to Nextcloud container 2022-11-22 17:45:13 +01:00
Sam A. e0c0163aae
Add cron container to Nextcloud 2022-11-22 17:40:55 +01:00
Sam A. fe4b3ede81
Add Redis memcache to Nextcloud 2022-11-22 17:15:59 +01:00
Sam A. 8180a736f7
Use Alpine-based nginx-proxy Docker image 2022-11-22 16:53:34 +01:00
reynir 728cffc453 Expose mastodon streaming api (#124)
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
Reviewed-on: data.coop/ansible#124
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-22 13:38:46 +00:00
Víðir Valberg Guðmundsson 31a73f48fb Upgrade and pin nginx-proxy and acme-companion. 2022-11-22 14:37:31 +01:00
Víðir Valberg Guðmundsson d467084fb7 Bump mastodon sidekiq threads to 32. 2022-11-22 09:36:36 +01:00
Sam A. 20b977eacb
Upgrade Nextcloud to version 25 2022-11-21 23:42:20 +01:00
Sam A. e917636d05
Upgrade Nextcloud to 24 2022-11-21 23:37:07 +01:00
Sam A. 1ebfab5abf
Upgrade one major version at a time, 23 now 2022-11-21 23:31:22 +01:00
Sam A. 12effe5673
Upgrade Nextcloud to 25.x.x 2022-11-21 21:34:07 +01:00
Sam A. c9ab9f0c66
Watchtower doesn't need external_services network 2022-11-19 18:20:10 +01:00
Sam A. e5dcfea003
Pin Watchtower version 2022-11-19 18:19:43 +01:00
Sam A. 27b918b46b
Remove labels 2022-11-18 21:07:12 +01:00
Sam A. 5d26e1cdea
Fix mount point for Watchtower
The auth file created by the registry login task doesn't need to be
stored in a non-default path.
2022-11-18 20:58:22 +01:00
Sam A. a4a06d8a58
Upgrade Watchtower and disable filter by enable label 2022-11-18 18:59:00 +01:00
Víðir Valberg Guðmundsson 2c9dce8600 Upgrade gitea to 1.17.3. 2022-11-17 20:50:38 +01:00
Víðir Valberg Guðmundsson 4bc69b49bb Upgrade mastodon to 4.0.2 2022-11-17 20:40:59 +01:00
reynir bcbe0a8285 Set up vhost for both {riot,element}.data.coop (#121)
A fix for #115.

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: data.coop/ansible#121
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-16 19:13:45 +00:00
reynir a92d840ce0 Merge pull request 'Add root keys for all users' (#120) from fix-root-keys into main
Reviewed-on: data.coop/ansible#120
2022-11-16 15:24:44 +00:00
Reynir Björnsson 5a54eb6b1e Flatten the list 2022-11-16 16:24:22 +01:00
Reynir Björnsson c802777867 Add root keys for all users
And not just the last user.
2022-11-16 16:10:10 +01:00
Reynir Björnsson a03263b1f5 riot/element: expose port 8080
nginx-proxy uses this information to determine if the (in nginx
parlance) server is up.
2022-11-16 13:45:58 +01:00
Sam A. 52ead4fee5
Remove volume_root_folder from vars.yml
It is defined later in the docker role already.
2022-11-15 20:52:38 +01:00
Sam A. 58dbf9ff22
Allow only TCP traffic on specified ports 2022-11-15 20:42:18 +01:00
Sam A. ba44677cf3
Avoid conflicts with built-in function name keys 2022-11-15 20:28:34 +01:00
Sam A. fc0c0c5036
Always update password and overwrite keys 2022-11-15 19:57:17 +01:00
valberg 5b2e2c0f60 Merge pull request 'Lock account 'graffen'' (#102) from lock-graffen into main
Reviewed-on: data.coop/ansible#102
2022-11-13 12:28:38 +00:00
Sam A. 42e1900715
Delete unused secrets 2022-11-12 23:06:45 +01:00
Sam A. d597a956ff
Add installation of community modules to deploy.sh 2022-11-12 19:41:57 +01:00
Sam A. 5f718e1027
Add firewall setup with UFW 2022-11-12 19:41:55 +01:00
Reynir Björnsson 536441d24b Fix 2022.slides, and use git.data.coop repo
The ocaml-git fix has been released, and don't call the container
new-new.data.coop_website D:
2022-11-12 19:30:38 +01:00
Sam A. bf60417904
Fix FIDO2 authentication in Passit 2022-11-12 19:21:58 +01:00
Víðir Valberg Guðmundsson aecb929dbb Add a way to only run the base role. 2022-11-11 22:16:22 +01:00
valberg f905696264 Add admin user (#108)
Welcome aboard!
2022-11-11 18:05:10 +00:00
Sam A. d4f8fbcebe
Add Sam as admin user 2022-11-11 18:33:18 +01:00
Víðir Valberg Guðmundsson 0e7cc20bce Update portainer to use the ee version. 2022-11-10 21:15:42 +01:00
valberg 57f05d7d81 Merge pull request 'Security hardening: Don't expose unnecessary ports to the public' (#106) from samsapti/ansible:main into main
Reviewed-on: data.coop/ansible#106
2022-11-10 19:19:00 +00:00
Sam A. cc2fab6ad7
Ports and domain fixes 2022-11-10 19:32:39 +01:00