PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
97 commits 1 branch 0 tags 306 KiB
Commit graph

97 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Kleinendorst
23166bc220 Run hardening and Docker role 2024-11-19 13:20:45 +01:00
Thomas Kleinendorst
c1150eeba1 Add comment on hosts file 2024-11-19 12:59:01 +01:00
Thomas Kleinendorst
af7f1148af Update required roles and collections 2024-11-19 12:58:46 +01:00
Thomas Kleinendorst
f392a34c24 Add instructions on DNS address 2024-11-19 12:35:58 +01:00
Thomas Kleinendorst
41b3c27d71 Update actual and wedding versions 2024-11-07 10:55:27 +01:00
Thomas Kleinendorst
4054f1a02e Add Postgres monitoring for Prometheus 2024-10-21 09:43:27 +02:00
Thomas Kleinendorst
653aef8c38 Update wedding container version 2024-10-19 16:00:41 +02:00
Thomas Kleinendorst
7a05fb79d6 Update wedding container version 2024-10-14 11:41:41 +02:00
Thomas Kleinendorst
2c84b17afe Update container versions 2024-10-11 11:20:56 +02:00
Thomas Kleinendorst
86ca04bc32 Fix bug with container_volumes 2024-10-11 11:20:48 +02:00
Thomas Kleinendorst
7b352e02ea Remove the wedding DDNS target 
It's now exposed via cloudflared and not via an
external address to the router.
 2024-10-07 09:28:18 +02:00
Thomas Kleinendorst
a225fc39db Fix bug with container volumes 
The variable probably couldn't be altered because it came
in as a variable to the role.
 2024-10-06 18:17:20 +02:00
Thomas Kleinendorst
cfb228cada Add secure postgres deployment 2024-10-06 17:45:04 +02:00
Thomas Kleinendorst
2b1518a5c3 Remove Nginx setup for public wedding container 2024-10-05 12:58:39 +02:00
Thomas Kleinendorst
ea8e387a1c Add cloudflared role 2024-10-05 12:58:04 +02:00
Thomas Kleinendorst
fa78dc7a83 Update versions 2024-10-05 12:31:55 +02:00
Thomas Kleinendorst
2e32262690 Change wedding external address 2024-10-04 18:38:39 +02:00
Thomas Kleinendorst
752f187e0b Allow multiple DDNS addresses 
This code could probably be optimized a bit more.
 2024-10-04 17:16:58 +02:00
Thomas Kleinendorst
6d828ea401 Add an internally working version of wedding 
Working on the internal network that is.
 2024-10-04 16:51:53 +02:00
Thomas Kleinendorst
388bdc025e Allow specifiying the external port on role 2024-10-04 16:51:10 +02:00
Thomas Kleinendorst
4e0e8c271a Fix podman container role on empty volumes 
Still some improvments could be made, such as handling
the variable not being present.
 2024-10-04 16:50:35 +02:00
Thomas Kleinendorst
71499b2610 Bind hostname to 172.0.1.1 and use FQDN in config 
This makes that we see better labels in Grafana and that we don't
need to expose the address externally.
 2024-09-23 12:23:05 +02:00
Thomas Kleinendorst
3c0b5ebdab Add Grafana as scrape target 2024-09-19 13:31:59 +02:00
Thomas Kleinendorst
1ec2428fa9 Update the Actual version 2024-09-18 15:34:33 +02:00
Thomas Kleinendorst
ca3da210d2 Enable processes node collector 
I downloaded a Grafana dashboard which makes use
of the metrics collected here. After applying the change
this works wonderfully.
 2024-09-18 15:34:24 +02:00
Thomas Kleinendorst
b2acd918b5 Add Grafana running in Podman 2024-09-18 14:33:20 +02:00
Thomas Kleinendorst
79913e9d03 Add and configure Alertmanager 2024-09-16 13:16:25 +02:00
Thomas Kleinendorst
c4fd9047f7 Add node exporter installation to monitoring 2024-09-16 11:33:05 +02:00
Thomas Kleinendorst
da250bc2be Add basic Prometheus role 2024-09-16 10:53:58 +02:00
Thomas Kleinendorst
11140291b4 Update pi-hole and changedetection versions 2024-09-02 12:35:55 +02:00
Thomas Kleinendorst
b91d862c34 Update the actual version 2024-08-19 14:11:05 +02:00
Thomas Kleinendorst
0f17f6491e Add hook which reloads nginx config on cert change 2024-07-20 15:49:10 +02:00
Thomas Kleinendorst
b379a977cb Alter nginx signing key 
The new key's address is mentioned in the Nginx official documentation:
https://nginx.org/en/linux_packages.html#Debian.
 2024-07-04 11:14:26 +02:00
Thomas Kleinendorst
465517ef56 Update the actual version to 24.7.0 2024-07-03 12:27:44 +02:00
Thomas Kleinendorst
08cf93276d Move "podman-restart" to the podman-container role 2024-06-05 17:00:11 +02:00
Thomas Kleinendorst
d92299e66c Add comment on the podman_image task 2024-06-05 16:55:31 +02:00
Thomas Kleinendorst
fd2052767d Properly recreate systemd unit on container update 2024-06-05 16:53:00 +02:00
Thomas Kleinendorst
4fb455c6b4 Deduplicate Podman container logic with new role 2024-06-05 12:57:41 +02:00
Thomas Kleinendorst
bcf920053c Allow removal of Podman container on version bump 
Before this change it was necessary to remove the container manually.
With these changes it will automatically detect when a new version
should be deployed and the role will automatically remove the old
container.
 2024-06-03 13:47:22 +02:00
Thomas Kleinendorst
86d75b8de0 Update the actual version (to 24.5.0) 
There is also a problem with the configuration in that it's hard to
upgrade running containers, I added a note explaining this.
 2024-05-06 10:54:06 +02:00
Thomas Kleinendorst
2014745501 Add changedetection as a hosted service 2024-04-28 15:50:14 +02:00
Thomas Kleinendorst
743af73974 Fix problems with earlier nginx role rename 2024-04-28 15:22:01 +02:00
Thomas Kleinendorst
131991ec22 Create generic rule for simple nginx reverse proxy 2024-04-28 15:13:05 +02:00
Thomas Kleinendorst
a84542a786 Rename reverse-proxy (role) > nginx 2024-04-28 14:56:26 +02:00
Thomas Kleinendorst
b1ff2515e1 Start podman restart service in user role 2024-04-23 17:12:06 +02:00
Thomas Kleinendorst
16c78c0d00 Copy ansible user's authorized_keys for new users 
This allows logging in directly via SSH to the newly added users.
I also removed the XDG_RUNTIME_DIR variable in ~/.zshrc because
this variable is already correctly loaded when loggin in directly via
SSH.
 2024-04-17 16:00:58 +02:00
Thomas Kleinendorst
5d32ed57b4 Add user systemd config to pi-hole container 2024-04-16 17:17:34 +02:00
Thomas Kleinendorst
462e202737 Register actual container as systemd service 
This service is scoped to the user only but ensures that the container
is started on system boot.
 2024-04-16 17:04:45 +02:00
Thomas Kleinendorst
6a2c50686b Use FQDN for inventory file 
Note the comment, this will only work when the Pi is setup.
 2024-04-15 20:56:23 +02:00
Thomas Kleinendorst
77f20aad28 Set hostname in pi-hole container 
The hostname is reported in the pi-hole dashboard, this looks a bit
nicer than a randomly generated id.
 2024-04-15 20:56:02 +02:00