Commit graph

291 commits

Author SHA1 Message Date
Sam A. 5a63e8e1a8 Vagrant-based testing environment (#111)
Co-authored-by: Sam A. <samsapti@noreply@git.data.coop>
Co-committed-by: Sam A. <samsapti@noreply@git.data.coop>
2022-11-25 13:07:09 +00:00
Víðir Valberg Guðmundsson 124d8660db Moved membersystem image. 2022-11-25 00:16:10 +01:00
Víðir Valberg Guðmundsson 78b15ddcc4 Pin restic backup. 2022-11-22 23:13:01 +01:00
Víðir Valberg Guðmundsson d6766e601a Upgrade portainer to 2.16.2. 2022-11-22 22:52:23 +01:00
Víðir Valberg Guðmundsson cbc209c381 Set keycloak path to the old path. 2022-11-22 22:52:08 +01:00
Víðir Valberg Guðmundsson f040880c26 Pin rallly. 2022-11-22 22:47:22 +01:00
Víðir Valberg Guðmundsson 394e158c51 Make sure to always restart membersystem if it goes down. 2022-11-22 22:39:34 +01:00
Víðir Valberg Guðmundsson 14d97ee7a6 Upgrade keycloak to 20.0.1 2022-11-22 22:38:05 +01:00
Sam A. fc7ca37b07
Make TCP the default allowed firewall protocol
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
2022-11-22 21:40:21 +01:00
Sam A. 71cc3e2241
Fix firewall ports format 2022-11-22 21:22:23 +01:00
Sam A. d53c6d41dc Merge pull request 'Firewall (UFW)' (#107) from samsapti/ansible:main into main
Reviewed-on: data.coop/ansible#107
2022-11-22 20:05:00 +00:00
Sam A. 9852a42470
Upgrade Element to 1.11.8 2022-11-22 18:59:34 +01:00
Sam A. efbdcc9a5a
Add missing postfix network to Nextcloud container 2022-11-22 17:45:13 +01:00
Sam A. e0c0163aae
Add cron container to Nextcloud 2022-11-22 17:40:55 +01:00
Sam A. fe4b3ede81
Add Redis memcache to Nextcloud 2022-11-22 17:15:59 +01:00
Sam A. 8180a736f7
Use Alpine-based nginx-proxy Docker image 2022-11-22 16:53:34 +01:00
reynir 728cffc453 Expose mastodon streaming api (#124)
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
Reviewed-on: data.coop/ansible#124
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-22 13:38:46 +00:00
Víðir Valberg Guðmundsson 31a73f48fb Upgrade and pin nginx-proxy and acme-companion. 2022-11-22 14:37:31 +01:00
Víðir Valberg Guðmundsson d467084fb7 Bump mastodon sidekiq threads to 32. 2022-11-22 09:36:36 +01:00
Sam A. 20b977eacb
Upgrade Nextcloud to version 25 2022-11-21 23:42:20 +01:00
Sam A. e917636d05
Upgrade Nextcloud to 24 2022-11-21 23:37:07 +01:00
Sam A. 1ebfab5abf
Upgrade one major version at a time, 23 now 2022-11-21 23:31:22 +01:00
Sam A. 12effe5673
Upgrade Nextcloud to 25.x.x 2022-11-21 21:34:07 +01:00
Víðir Valberg Guðmundsson 2c9dce8600 Upgrade gitea to 1.17.3. 2022-11-17 20:50:38 +01:00
Víðir Valberg Guðmundsson 4bc69b49bb Upgrade mastodon to 4.0.2 2022-11-17 20:40:59 +01:00
reynir bcbe0a8285 Set up vhost for both {riot,element}.data.coop (#121)
A fix for #115.

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: data.coop/ansible#121
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-16 19:13:45 +00:00
Reynir Björnsson 5a54eb6b1e Flatten the list 2022-11-16 16:24:22 +01:00
Reynir Björnsson c802777867 Add root keys for all users
And not just the last user.
2022-11-16 16:10:10 +01:00
Reynir Björnsson a03263b1f5 riot/element: expose port 8080
nginx-proxy uses this information to determine if the (in nginx
parlance) server is up.
2022-11-16 13:45:58 +01:00
Sam A. 58dbf9ff22
Allow only TCP traffic on specified ports 2022-11-15 20:42:18 +01:00
Sam A. ba44677cf3
Avoid conflicts with built-in function name keys 2022-11-15 20:28:34 +01:00
Sam A. fc0c0c5036
Always update password and overwrite keys 2022-11-15 19:57:17 +01:00
Sam A. 5f718e1027
Add firewall setup with UFW 2022-11-12 19:41:55 +01:00
Reynir Björnsson 536441d24b Fix 2022.slides, and use git.data.coop repo
The ocaml-git fix has been released, and don't call the container
new-new.data.coop_website D:
2022-11-12 19:30:38 +01:00
Sam A. bf60417904
Fix FIDO2 authentication in Passit 2022-11-12 19:21:58 +01:00
Víðir Valberg Guðmundsson 0e7cc20bce Update portainer to use the ee version. 2022-11-10 21:15:42 +01:00
Sam A. cc2fab6ad7
Ports and domain fixes 2022-11-10 19:32:39 +01:00
Víðir Valberg Guðmundsson a81862fd8b Small fixes for rallly. 2022-11-09 20:58:32 +01:00
Víðir Valberg Guðmundsson e85b119bfe Small fixes to get rallly working. 2022-11-09 20:41:41 +01:00
Víðir Valberg Guðmundsson dcb2e8be05 Upgrade mastodon to 3.5.3. 2022-11-09 20:29:31 +01:00
Sam A. dc51b62872
Capitalization fix 2022-11-09 20:18:08 +01:00
Sam A. dd6b29bccd
Add secrets and env file for Rally 2022-11-09 20:18:07 +01:00
Sam A. f71d534afe
Add Rallly 2022-11-09 20:17:58 +01:00
Víðir Valberg Guðmundsson b043b95353 Point backup at decibytes server. 2022-11-08 20:45:03 +01:00
Jesper Hess 74883a564d
Add handler to restart nginx container when adding nextcloud VHost config 2022-09-02 12:23:19 +02:00
Reynir Björnsson f0979ec654 nextcloud: Raise upload limit to 1GB 2022-08-31 20:10:42 +02:00
Víðir Valberg Guðmundsson 73adef15f9 Fixing watchtower and membersystem. 2022-08-09 19:47:40 +02:00
Víðir Valberg Guðmundsson 9f3a6c67ff Use latest tag for membersystem docker image. 2022-08-09 14:46:48 +02:00
Víðir Valberg Guðmundsson e68145bc5e Add membersystem to ansible. 2022-08-09 13:54:12 +02:00
Reynir Björnsson 326393aadb Add 2022 slides 2022-08-07 13:28:38 +02:00
Víðir Valberg Guðmundsson a6420830e4 Remove thelounge. 2022-07-23 15:48:49 +02:00
Víðir Valberg Guðmundsson e806ffc3ad Remove fider and tt-rss. 2022-07-23 15:46:30 +02:00
Víðir Valberg Guðmundsson 7b60ae1c28 Switch from ouroboros to watchtower. Close #82. 2022-07-23 15:42:51 +02:00
reynir 09b05bf657 Add new-new.data.coop using unipi! (#99)
This exposes the contents of the git repository at https://git.data.coop/halfd/new-website using the MirageOS unikernel [unipi](https://github.com/roburio/unipi).

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: data.coop/ansible#99
2022-07-23 12:46:26 +00:00
Reynir Björnsson 442bb4ad58 Add apt preferences file for dell repo
Deny all packages from dell repo that exist elsewhere

Fixes #95
2022-07-22 20:41:34 +02:00
Jesper Hess a8287a712b Add restart policy to OpenLDAP containers 2022-07-22 18:02:41 +00:00
Jesper Hess ed9c742aed Bump Synapse version -> 1.63.1 and Element -> 1.11.0 2022-07-22 18:02:06 +00:00
Jesper Hess b07cf84dd3
Matrix: Workaround for incorrect db locale
Related to: #92
2022-07-22 15:14:01 +02:00
Jesper Hess 997779d627 Add Dell apt signing key 2022-07-22 12:37:39 +00:00
Jesper Hess c6a3cb5150 move tags into main.yml instead 2022-07-22 12:37:39 +00:00
Jesper Hess 964a6c0793 Add some more useful ansible tags
- do-full-system-upgrade
- setup-users
- install-base-packages
2022-07-22 12:37:39 +00:00
Jesper Hess 70dff33044 Install Dell OpenManage 2022-07-22 12:37:39 +00:00
Jesper Hess 57f6e9ad4f Add Dell OpenManage APT repo 2022-07-22 12:37:39 +00:00
Jesper Hess 515861c206 Fix config for default matrix server in element
Fixes: #88
2022-07-22 12:36:53 +00:00
Sam A. 2e3cd4c8b0
Update Docker image for nginx-proxy LE companion 2022-06-23 22:14:30 +02:00
Víðir Valberg Guðmundsson 1417c9dbf6 Upgrade gitea from 1.15.7 to 1.16.8. 2022-05-24 19:45:49 +02:00
valberg 40afe51998 Merge pull request 'gitea: require email confirmation on registration' (#74) from gitea-require-email-confirmation into master
Reviewed-on: data.coop/ansible#74
2022-05-08 19:19:13 +00:00
Víðir Valberg Guðmundsson 29971520d5 Rename smtp hostname to smtp.data.coop. 2022-05-08 13:58:21 +02:00
Víðir Valberg Guðmundsson e74753cab4 Mastodon! 2022-05-07 22:53:18 +02:00
Reynir Björnsson 0aeb0fef96 gitea: require email confirmation on registration 2022-04-07 14:35:21 +01:00
Reynir Björnsson 3791e1351a Install mosh 2022-01-31 10:57:24 +00:00
Reynir Björnsson 5d745e0cde Allow for multiple ssh keys
This required restructuring users.yml.
2022-01-28 13:15:14 +00:00
Reynir Björnsson 54a38114d6 gitea: Enable notify emails 2022-01-28 13:13:12 +00:00
benjaoming 17d4513b97 Add security and password policy customization
I need someone with a functional Docker setup to help test this :)

Tip from a new user that we are requiring stupid password stuff

https://www.bbc.com/news/technology-40875534
2022-01-24 09:53:59 +00:00
Reynir Björnsson 36534604c1 Add dummy user and pass
It seems perhaps it is required by gitea before it will enable email
2022-01-24 09:39:03 +00:00
Reynir Björnsson d73cc9e28f Gitea mail typo: smpt_port -> smtp_host 2022-01-24 09:25:44 +00:00
Reynir Björnsson 554024f2b2 Gitea mail: add crucial configuration 2022-01-24 09:19:54 +00:00
Reynir Björnsson ac455beac0 Add quotes
Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: GITEA__mailer__ENABLED
2022-01-24 09:07:49 +00:00
valberg 1680ab0fc9 gitea-enhancements (#70) 2022-01-23 19:01:32 +00:00
valberg 499bd20ad1 Merge pull request 'Refactor allowed_sender_domains and allow more domains' (#69) from reynir/ansible:postfix-allowed_sender_domains into master
Reviewed-on: data.coop/ansible#69
2022-01-23 16:38:30 +00:00
Reynir Björnsson e3156c7c01 Gitea: setup mailer, raise LOGIN_REMEMBER_DAYS 2022-01-20 13:48:04 +00:00
Reynir Björnsson 6e57f1d0c2 Refactor allowed_sender_domains and allow more
A new object 'postfix' is created with a list of allowed_sender_domains.
Any services that expect to send mail this way should add its sender
domain to that list.
2022-01-20 13:36:48 +00:00
Jesper Hess 04b3fb4baa
Upgrade gitea -> v1.15.7 2021-12-14 16:24:02 +01:00
Reynir Björnsson 9e0fcfc4a7 Define referenced variable nextcloud.volume_folder 2021-11-23 13:49:50 +01:00
Reynir Björnsson 68c82a785b Upgrade synapse to v1.47.1 2021-11-23 13:12:15 +01:00
Jesper Hess 682e205c0b Bump OpenLDAP to 1.5.0 and phpLDAPAdmin to 0.9.0 2021-10-11 18:53:22 +02:00
Jesper Hess e64c858df8 Bump portainer version to 2.9.1 2021-10-11 18:52:39 +02:00
Jesper Hess c0bd431d3c Change default sender domain to @services.data.coop so as not to cause issues with our @data.coop emails 2021-10-10 18:03:09 +02:00
Jesper Hess a5a2d38b0c Bump Synapse to v1.44.0 and Element to v1.9.0 2021-10-10 15:25:54 +02:00
Jesper Hess c34d9fcb90 Add Hedgedoc
- Add Hedgedoc as a replacement for CodiMD.
- Integrate it with the new SSO system
2021-10-09 22:42:35 +02:00
Jesper Hess 270b7aa0e1 Merge branch 'master' into keycloak 2021-10-09 12:19:45 +00:00
Jesper Hess b6c2db6434
Switch NextCloud to docker_compose in Ansible + upgrade to v22 2021-10-09 14:13:18 +02:00
Jesper Hess 2af5165349
Upgrade portainer to 2.9.0 2021-10-07 20:59:38 +02:00
Jesper Hess ca6c3a96a1
Comment out the KEYCLOAK_USER and KEYCLOAK_PASSWORD since they mess up things after first run 2021-10-07 20:58:31 +02:00
Jesper Hess e6ee76ddde Merge branch 'master' into keycloak 2021-10-07 11:31:07 +00:00
Jesper Hess 2c8482a5ab Merge branch 'master' into element.v1.8.4 2021-10-07 11:26:42 +00:00
Jesper Hess 3999db2eff
Add keycloak service 2021-10-07 13:20:30 +02:00
Reynir Björnsson 43f39c981d Bump element to v1.8.4
See https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
2021-09-14 15:30:08 +02:00
Jesper Hess b39df6003b
Disable Matrix registrations and move Matrix secrets to Ansible vault.
Fixes #46
2021-07-03 09:12:18 +02:00
Jesper Hess 0ef4f972ed
Update Element -> 1.7.29 & Synapse -> 1.34.0 2021-05-28 06:23:46 +02:00