Commit graph

301 commits

Author SHA1 Message Date
Sam A. c6269636cd
Merge branch 'main' into vagrant 2022-11-22 22:10:27 +01:00
Sam A. fc7ca37b07
Make TCP the default allowed firewall protocol
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
2022-11-22 21:40:21 +01:00
Sam A. 71cc3e2241
Fix firewall ports format 2022-11-22 21:22:23 +01:00
Sam A. d53c6d41dc Merge pull request 'Firewall (UFW)' (#107) from samsapti/ansible:main into main
Reviewed-on: #107
2022-11-22 20:05:00 +00:00
Sam A. 9852a42470
Upgrade Element to 1.11.8 2022-11-22 18:59:34 +01:00
Sam A. efbdcc9a5a
Add missing postfix network to Nextcloud container 2022-11-22 17:45:13 +01:00
Sam A. e0c0163aae
Add cron container to Nextcloud 2022-11-22 17:40:55 +01:00
Sam A. fe4b3ede81
Add Redis memcache to Nextcloud 2022-11-22 17:15:59 +01:00
Sam A. 8180a736f7
Use Alpine-based nginx-proxy Docker image 2022-11-22 16:53:34 +01:00
reynir 728cffc453 Expose mastodon streaming api (#124)
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
Reviewed-on: #124
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-22 13:38:46 +00:00
Víðir Valberg Guðmundsson 31a73f48fb Upgrade and pin nginx-proxy and acme-companion. 2022-11-22 14:37:31 +01:00
Víðir Valberg Guðmundsson d467084fb7 Bump mastodon sidekiq threads to 32. 2022-11-22 09:36:36 +01:00
Sam A. 20b977eacb
Upgrade Nextcloud to version 25 2022-11-21 23:42:20 +01:00
Sam A. e917636d05
Upgrade Nextcloud to 24 2022-11-21 23:37:07 +01:00
Sam A. 1ebfab5abf
Upgrade one major version at a time, 23 now 2022-11-21 23:31:22 +01:00
Sam A. 12effe5673
Upgrade Nextcloud to 25.x.x 2022-11-21 21:34:07 +01:00
Sam A. a67d82ad88
Some improvements
- Always use the new port if the VM is already provisioned
- We're not using a multi-VM setup, so no need to define VM "datacoop"
- Increase minimum required Vagrant version
- Add static IP for hopefully implementing some sort of DNS in the
  future
- Hardcode registry domain to use the real registry in Vagrant
2022-11-18 23:35:20 +01:00
Sam A. d48e684647
Remove notify 2022-11-17 22:17:51 +01:00
Sam A. 6e383d6afa
Simplify SSH configuration
Now that the Vagrantfile supplies SSH port information to Ansible, we no
longer need to figure it out in Ansible. Also, since gather_facts (which
requires an SSH connection) is set to true in playbook.yml, one needs to
supply --extra-vars "ansible_port=22" on the commandline when
provisioning for the first time on real hardware, because the port is
hardcoded in the inventory file.
2022-11-17 22:15:26 +01:00
Víðir Valberg Guðmundsson 2c9dce8600 Upgrade gitea to 1.17.3. 2022-11-17 20:50:38 +01:00
Víðir Valberg Guðmundsson 4bc69b49bb Upgrade mastodon to 4.0.2 2022-11-17 20:40:59 +01:00
Víðir Valberg Guðmundsson 9a5d780f2b Keep ansible "clean" and do ssh port magic in Vagrantfile. 2022-11-17 08:53:45 +01:00
Sam A. 57ca1e9233
Create separate role for SSH and Vagrant
- Added a separate role that first configures SSH, and after that
  gathers the ansible_virtualization_role fact, due to gathering facts
  requiring an SSH connection
- Renamed ssl_certs_enabled to letsencrypt_enabled and moved that
  and the vagrant variable to the be supplied directly to the last two
  roles in playbook.yml
- Added tags base_only and setup_services to the new role
  ssh_and_vagrant so that it will always be run before anything else
  when using deploy.sh
2022-11-16 20:31:44 +01:00
reynir bcbe0a8285 Set up vhost for both {riot,element}.data.coop (#121)
A fix for #115.

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #121
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-16 19:13:45 +00:00
reynir a92d840ce0 Merge pull request 'Add root keys for all users' (#120) from fix-root-keys into main
Reviewed-on: #120
2022-11-16 15:24:44 +00:00
Reynir Björnsson 5a54eb6b1e Flatten the list 2022-11-16 16:24:22 +01:00
Reynir Björnsson c802777867 Add root keys for all users
And not just the last user.
2022-11-16 16:10:10 +01:00
Reynir Björnsson a03263b1f5 riot/element: expose port 8080
nginx-proxy uses this information to determine if the (in nginx
parlance) server is up.
2022-11-16 13:45:58 +01:00
Víðir Valberg Guðmundsson 253a21432e Add ssl_certs_enabled variable and use it to avoid ssl certs when running on vagrant 2022-11-15 22:06:53 +00:00
Sam A. a6cb0a8e65 Remove state: latest 2022-11-15 22:06:53 +00:00
Sam A. c676d69fc0 Naming changes 2022-11-15 22:06:53 +00:00
Sam A. c74cc4413a Simplify config and rename some files 2022-11-15 22:06:53 +00:00
Sam A. 50fa65d55e Don't use local config for Docker registry login
It doesn't work when deploying in Vagrant :(
2022-11-15 22:06:53 +00:00
Sam A. eeecfca7ef Vagrant: Use same Ubuntu version as in production 2022-11-15 22:06:53 +00:00
Sam A. 1744cf7585 Fix SSH port logic again 2022-11-15 22:06:53 +00:00
Sam A. b310e191f8 Some Vagrant fixes
Only install Dell OpenManage if not running in a VM, and fix SSH port
logic.
2022-11-15 22:06:53 +00:00
Sam A. b56690a33e Make Ansible setup testable in Vagrant
Added logic to change the sshd port if not already configured,
configued Vagrantfile to work properly and fixed a couple of deploy
errors.
2022-11-15 22:06:53 +00:00
Sam A. 52ead4fee5
Remove volume_root_folder from vars.yml
It is defined later in the docker role already.
2022-11-15 20:52:38 +01:00
Sam A. 58dbf9ff22
Allow only TCP traffic on specified ports 2022-11-15 20:42:18 +01:00
Sam A. ba44677cf3
Avoid conflicts with built-in function name keys 2022-11-15 20:28:34 +01:00
Sam A. fc0c0c5036
Always update password and overwrite keys 2022-11-15 19:57:17 +01:00
valberg 5b2e2c0f60 Merge pull request 'Lock account 'graffen'' (#102) from lock-graffen into main
Reviewed-on: #102
2022-11-13 12:28:38 +00:00
Sam A. 42e1900715
Delete unused secrets 2022-11-12 23:06:45 +01:00
Sam A. d597a956ff
Add installation of community modules to deploy.sh 2022-11-12 19:41:57 +01:00
Sam A. 5f718e1027
Add firewall setup with UFW 2022-11-12 19:41:55 +01:00
Reynir Björnsson 536441d24b Fix 2022.slides, and use git.data.coop repo
The ocaml-git fix has been released, and don't call the container
new-new.data.coop_website D:
2022-11-12 19:30:38 +01:00
Sam A. bf60417904
Fix FIDO2 authentication in Passit 2022-11-12 19:21:58 +01:00
Víðir Valberg Guðmundsson aecb929dbb Add a way to only run the base role. 2022-11-11 22:16:22 +01:00
valberg f905696264 Add admin user (#108)
Welcome aboard!
2022-11-11 18:05:10 +00:00
Sam A. d4f8fbcebe
Add Sam as admin user 2022-11-11 18:33:18 +01:00