Commit graph

399 commits

Author SHA1 Message Date
Sam A. d9de1efc9a
Pin Gitea to 1.17 instead of 1.17.3
Gitea's "minor" version change seems to be the one that occasionally
introduces breaking changes, so let's not update that automatically.
Only keep the patch-releases automatically updated.
2022-11-23 20:02:30 +01:00
Sam A. 2fa5bf4982
Merge branch 'main' into watchtower 2022-11-23 19:51:58 +01:00
Víðir Valberg Guðmundsson 78b15ddcc4 Pin restic backup. 2022-11-22 23:13:01 +01:00
Víðir Valberg Guðmundsson d6766e601a Upgrade portainer to 2.16.2. 2022-11-22 22:52:23 +01:00
Víðir Valberg Guðmundsson cbc209c381 Set keycloak path to the old path. 2022-11-22 22:52:08 +01:00
Víðir Valberg Guðmundsson f040880c26 Pin rallly. 2022-11-22 22:47:22 +01:00
Víðir Valberg Guðmundsson 394e158c51 Make sure to always restart membersystem if it goes down. 2022-11-22 22:39:34 +01:00
Víðir Valberg Guðmundsson 14d97ee7a6 Upgrade keycloak to 20.0.1 2022-11-22 22:38:05 +01:00
Sam A. fc7ca37b07
Make TCP the default allowed firewall protocol
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
2022-11-22 21:40:21 +01:00
Sam A. 71cc3e2241
Fix firewall ports format 2022-11-22 21:22:23 +01:00
Sam A. d53c6d41dc Merge pull request 'Firewall (UFW)' (#107) from samsapti/ansible:main into main
Reviewed-on: data.coop/ansible#107
2022-11-22 20:05:00 +00:00
Sam A. 9852a42470
Upgrade Element to 1.11.8 2022-11-22 18:59:34 +01:00
Sam A. efbdcc9a5a
Add missing postfix network to Nextcloud container 2022-11-22 17:45:13 +01:00
Sam A. e0c0163aae
Add cron container to Nextcloud 2022-11-22 17:40:55 +01:00
Sam A. fe4b3ede81
Add Redis memcache to Nextcloud 2022-11-22 17:15:59 +01:00
Sam A. 8180a736f7
Use Alpine-based nginx-proxy Docker image 2022-11-22 16:53:34 +01:00
reynir 728cffc453 Expose mastodon streaming api (#124)
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
Reviewed-on: data.coop/ansible#124
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-22 13:38:46 +00:00
Víðir Valberg Guðmundsson 31a73f48fb Upgrade and pin nginx-proxy and acme-companion. 2022-11-22 14:37:31 +01:00
Víðir Valberg Guðmundsson d467084fb7 Bump mastodon sidekiq threads to 32. 2022-11-22 09:36:36 +01:00
Sam A. 20b977eacb
Upgrade Nextcloud to version 25 2022-11-21 23:42:20 +01:00
Sam A. e917636d05
Upgrade Nextcloud to 24 2022-11-21 23:37:07 +01:00
Sam A. 1ebfab5abf
Upgrade one major version at a time, 23 now 2022-11-21 23:31:22 +01:00
Sam A. 12effe5673
Upgrade Nextcloud to 25.x.x 2022-11-21 21:34:07 +01:00
Sam A. c9ab9f0c66
Watchtower doesn't need external_services network 2022-11-19 18:20:10 +01:00
Sam A. e5dcfea003
Pin Watchtower version 2022-11-19 18:19:43 +01:00
Sam A. 27b918b46b
Remove labels 2022-11-18 21:07:12 +01:00
Sam A. 5d26e1cdea
Fix mount point for Watchtower
The auth file created by the registry login task doesn't need to be
stored in a non-default path.
2022-11-18 20:58:22 +01:00
Sam A. a4a06d8a58
Upgrade Watchtower and disable filter by enable label 2022-11-18 18:59:00 +01:00
Víðir Valberg Guðmundsson 2c9dce8600 Upgrade gitea to 1.17.3. 2022-11-17 20:50:38 +01:00
Víðir Valberg Guðmundsson 4bc69b49bb Upgrade mastodon to 4.0.2 2022-11-17 20:40:59 +01:00
reynir bcbe0a8285 Set up vhost for both {riot,element}.data.coop (#121)
A fix for #115.

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: data.coop/ansible#121
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-16 19:13:45 +00:00
reynir a92d840ce0 Merge pull request 'Add root keys for all users' (#120) from fix-root-keys into main
Reviewed-on: data.coop/ansible#120
2022-11-16 15:24:44 +00:00
Reynir Björnsson 5a54eb6b1e Flatten the list 2022-11-16 16:24:22 +01:00
Reynir Björnsson c802777867 Add root keys for all users
And not just the last user.
2022-11-16 16:10:10 +01:00
Reynir Björnsson a03263b1f5 riot/element: expose port 8080
nginx-proxy uses this information to determine if the (in nginx
parlance) server is up.
2022-11-16 13:45:58 +01:00
Sam A. 52ead4fee5
Remove volume_root_folder from vars.yml
It is defined later in the docker role already.
2022-11-15 20:52:38 +01:00
Sam A. 58dbf9ff22
Allow only TCP traffic on specified ports 2022-11-15 20:42:18 +01:00
Sam A. ba44677cf3
Avoid conflicts with built-in function name keys 2022-11-15 20:28:34 +01:00
Sam A. fc0c0c5036
Always update password and overwrite keys 2022-11-15 19:57:17 +01:00
valberg 5b2e2c0f60 Merge pull request 'Lock account 'graffen'' (#102) from lock-graffen into main
Reviewed-on: data.coop/ansible#102
2022-11-13 12:28:38 +00:00
Sam A. 42e1900715
Delete unused secrets 2022-11-12 23:06:45 +01:00
Sam A. d597a956ff
Add installation of community modules to deploy.sh 2022-11-12 19:41:57 +01:00
Sam A. 5f718e1027
Add firewall setup with UFW 2022-11-12 19:41:55 +01:00
Reynir Björnsson 536441d24b Fix 2022.slides, and use git.data.coop repo
The ocaml-git fix has been released, and don't call the container
new-new.data.coop_website D:
2022-11-12 19:30:38 +01:00
Sam A. bf60417904
Fix FIDO2 authentication in Passit 2022-11-12 19:21:58 +01:00
Víðir Valberg Guðmundsson aecb929dbb Add a way to only run the base role. 2022-11-11 22:16:22 +01:00
valberg f905696264 Add admin user (#108)
Welcome aboard!
2022-11-11 18:05:10 +00:00
Sam A. d4f8fbcebe
Add Sam as admin user 2022-11-11 18:33:18 +01:00
Víðir Valberg Guðmundsson 0e7cc20bce Update portainer to use the ee version. 2022-11-10 21:15:42 +01:00
valberg 57f05d7d81 Merge pull request 'Security hardening: Don't expose unnecessary ports to the public' (#106) from samsapti/ansible:main into main
Reviewed-on: data.coop/ansible#106
2022-11-10 19:19:00 +00:00