Commit graph

176 commits

Author SHA1 Message Date
Aine aab55d5b5c
Update borgmatic 1.7.13 -> 1.7.14 2023-06-06 23:53:18 +03:00
Aine 63473482ba
Update grafana 9.5.2 -> 9.5.3 2023-06-06 23:50:38 +03:00
Slavi Pantaleev 37165ef202 Upgrade Traefik (v2.10.1-0 -> v2.10.1-1) 2023-06-02 10:44:31 +03:00
Slavi Pantaleev cfedf675ee Upgrade Traefik (v2.9.10-2 -> v2.10.1-0) 2023-05-28 21:27:03 +03:00
Aine 788fa0e766
update prometheus-node-exporter 1.5.0 -> 1.6.0 2023-05-27 15:59:54 +00:00
Aine d475a4906d
update ntfy 2.4.0 -> 2.5.0 2023-05-18 20:51:15 +00:00
Aine c8dbb437b9
fix prometheus postgres exporter role name 2023-05-17 18:29:22 +00:00
Slavi Pantaleev cd116d3bc6
Merge pull request #2689 from moan0s/postgres-exporter
Move postgres-exporter repo
2023-05-17 21:21:17 +03:00
Slavi Pantaleev 017a795105 Upgrade aux (v1.0.0-0 -> v1.0.0-1) 2023-05-17 21:19:47 +03:00
Julian-Samuel Gebühr 98d8723694 Move postgres-exporter repo 2023-05-17 14:58:22 +02:00
Aine e435c6bb55
update borgmatic 1.7.12 -> 1.7.13 2023-05-16 19:48:09 +00:00
Slavi Pantaleev 62c92578b5 Upgrade Postgres (minor versions upgrade) 2023-05-15 06:57:56 +03:00
Aine 25a4af1d3b
Update prometheus v2.43.0 -> 2.44.0 2023-05-14 22:20:29 +00:00
Slavi Pantaleev 1b9a29fba6 Upgrade Grafana (v9.5.1-0 -> v9.5.2-0) 2023-05-11 09:42:19 +03:00
Slavi Pantaleev f102d75e13 Upgrade backup-borg (v1.2.4-1.7.12-1 -> v1.2.4-1.7.12-2) 2023-05-11 09:42:13 +03:00
Aine 76d50a85fb
Update jitsi stable-8319 -> stable-8615 2023-05-02 11:02:52 +00:00
Slavi Pantaleev d4676f2c7c Upgrade com.devture.ansible.role.timesync to pinned tag (v1.0.0-0) 2023-04-29 08:21:02 +03:00
Slavi Pantaleev a4e6f91ebb Upgrade com.devture.ansible.role.systemd_service_manager (v1.0.0-0 -> v1.0.0-1) 2023-04-27 17:55:51 +03:00
Slavi Pantaleev f0e5a00802 Upgrade backup-borg (v1.2.4-1.7.12-0 -> v1.2.4-1.7.12-1) 2023-04-27 17:55:39 +03:00
Aine b74ddf1c6b
update grafana (2.4.7 -> 2.5.1); update ntfy (2.3.1 -> 2.4.0) 2023-04-26 21:35:04 +00:00
Slavi Pantaleev c62896b97e Upgrade Traefik (v2.9.10-1 -> v2.9.10-2) 2023-04-18 10:59:02 +03:00
Slavi Pantaleev 66930c9d75 Upgrade systemd_docker_base, container_socket_proxy, Traefik
These roles now obey
`devture_systemd_docker_base_container_image_pull_method` and `devture_systemd_docker_base_container_network_creation_method`
and can work on systems which don't have the Docker SDK for Python
installed by avoiding the various Ansible Docker modules and using raw
`docker` commands for pulling images and creating networks.
2023-04-18 10:41:55 +03:00
Aine 2f11bf39c3
Update borgmatic 1.7.11 -> 1.7.12 2023-04-14 06:05:24 +00:00
Slavi Pantaleev 2649d9d8bb Fix lint-reported errors 2023-04-08 08:10:22 +03:00
Slavi Pantaleev 45c92ba7db Upgrade Traefik (2.9.9 -> 2.9.10) 2023-04-07 08:09:57 +03:00
Aine 8f43385f16
add borgmatic cli 2023-04-04 21:05:02 +00:00
Aine df5df0b386
Update borgmatic 1.7.10 -> 1.7.11 2023-04-04 11:24:14 +00:00
Slavi Pantaleev 1d00d15482 Switch to exported Jitsi role 2023-04-03 08:53:46 +03:00
Slavi Pantaleev 6538b707fe Auto-sort roles in requirements.yml with agru 2023-03-31 17:09:07 +03:00
Aine f68038c1db
Update ntfy 2.3.0 -> 2.3.1 2023-03-31 11:05:41 +00:00
Aine 39c8817aaa
fix typo 2023-03-30 07:46:41 +00:00
Aine cc40984b03
Update requirements.yml 2023-03-30 07:44:14 +00:00
Slavi Pantaleev 82a484c62f Upgrade Grafana (v9.4.7-0 -> v9.4.7-1) 2023-03-28 12:24:37 +03:00
Aine 3d3212725e
Update borgmatic 1.7.9 -> 1.7.10 2023-03-28 08:01:39 +00:00
Slavi Pantaleev 6732901c70 Upgrade com.devture.ansible.role.systemd_service_manager 2023-03-28 10:54:47 +03:00
Aine 34a03cf732
safely integrate agru, format justfile, format requirements.yml 2023-03-25 17:47:13 +02:00
Slavi Pantaleev e60febc9ca Use git for fetching the geerlingguy.docker role
With this change, all dependency roles are downloaded
using the same mechanism (git), which makes life simpler for tools like
https://gitlab.com/etke.cc/int/agru
2023-03-25 08:56:12 +02:00
Aine e04894de7c
Update borg 1.2.3 -> 1.2.4 2023-03-24 07:54:06 +00:00
Slavi Pantaleev 6b3ab052f6 Upgrade prometheus_node_exporter (v1.5.0-6 -> v1.5.0-7) 2023-03-23 11:02:27 +02:00
Aine 1a23016570
Update grafana v9.4.3 -> v9.4.7 2023-03-22 16:54:39 +00:00
Slavi Pantaleev c222391e77 Upgrade Traefik (v2.9.8-2 -> v2.9.9-0) 2023-03-22 07:46:53 +02:00
Slavi Pantaleev 7a7c75c6a4 Upgrade prometheus_postgres_exporter (v0.11.1-2 -> v0.12.0-0) 2023-03-22 07:43:54 +02:00
Slavi Pantaleev 4a009480ae
Merge pull request #2593 from etkecc/patch-197
Update prometheus v2.42.0 -> v2.43.0
2023-03-21 20:14:43 +02:00
Aine 045542be76
Update redis 7.0.9 -> 7.0.10 2023-03-21 18:03:53 +00:00
Aine 5c0cc0168c
Update prometheus v2.42.0 -> v2.43.0 2023-03-21 17:59:58 +00:00
Slavi Pantaleev 14b8efcad2 Replace matrix-prometheus with an external Prometheus role 2023-03-21 07:38:12 +02:00
Slavi Pantaleev d351213486 Upgrade prometheus_node_exporter (v1.5.0-4 -> v1.5.0-6) 2023-03-21 07:29:21 +02:00
Slavi Pantaleev 220d80ac3a Move matrix-aux outside of this playbook 2023-03-20 11:06:27 +02:00
Aine b01e7b1ae5
update ntfy 2.1.2 -> 2.2.0 2023-03-18 19:29:20 +00:00
Aine 88dc5e0de0
migrate prometheus-node-exporter's var 2023-03-18 10:26:29 +02:00
Aine ff6e7f0ac5
Update borgmatic 1.7.8 -> 1.7.9 2023-03-16 21:03:55 +00:00
Slavi Pantaleev d6975e4ab8 Upgrade com.devture.ansible.role.postgres 2023-03-16 14:57:40 +02:00
Aine 122a834a7f
update prometheus-node-exporter 1.5.0-2 -> 1.5.0-3 2023-03-10 20:23:13 +00:00
Slavi Pantaleev 70af9a4481 Upgrade Traefik (v2.9.8-1 -> v2.9.8-2) - not using unprivileged ports anymore 2023-03-09 08:56:58 +02:00
Slavi Pantaleev 26fdae3797 Upgrade com.devture.ansible.role.container_socket_proxy 2023-03-06 10:29:58 +02:00
Slavi Pantaleev bf2b540807 Harden Traefik security by accessing the Docker API through docker-socket-proxy
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
2023-03-06 09:11:02 +02:00
Aine 6a6761cb88
Update ntfy 2.1.1 -> 2.1.2 2023-03-05 10:17:07 +00:00
Aine e588f5eaec
update grafana 9.4.2 -> 9.4.3 2023-03-03 07:47:47 +00:00
Slavi Pantaleev 8acfcf8bf1
Merge pull request #2537 from etkecc/patch-185
update borgmatic 1.7.7 -> 1.7.8
2023-03-03 09:35:43 +02:00
Slavi Pantaleev 70b67b12bc Upgrade com.devture.ansible.role.postgres_backup 2023-03-03 09:04:13 +02:00
Slavi Pantaleev 0dcfc74fc8 Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-03-03 09:00:30 +02:00
Slavi Pantaleev 49b7d805ee Upgrade com.devture.ansible.role.traefik 2023-03-03 09:00:30 +02:00
Aine bb19de4a5f
update borgmatic 1.7.7 -> 1.7.8 2023-03-03 06:21:26 +00:00
Aine 47cfec726f
update grafana 9.4.1 -> 9.4.2 2023-03-03 06:18:52 +00:00
Slavi Pantaleev 849248b165 Upgrade Etherpad role (v1.8.18-1 -> v1.8.18-2) 2023-03-02 23:00:18 +02:00
Slavi Pantaleev 795c335395 Upgrade Etherpad role (v1.8.18-0 -> v1.8.18-1) 2023-03-02 22:58:45 +02:00
Slavi Pantaleev 124fbeda04 Switch to using an external Etherpad role
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
2023-03-02 22:50:13 +02:00
Slavi Pantaleev ae76db4d77 Upgrade com.devture.ansible.role.traefik_certs_dumper for wait time increase (60 -> 180 sec.) 2023-03-02 16:06:11 +02:00
Aine 4cd9e65d6d
update ntfy 2.1.0 -> 2.1.1 2023-03-01 20:09:54 +00:00
Slavi Pantaleev adc18251a9 Upgrade com.devture.ansible.role.traefik (2.9.6 -> 2.9.8) 2023-03-01 12:47:55 +02:00
Slavi Pantaleev a4b401c4da Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
2023-03-01 12:32:30 +02:00
Slavi Pantaleev 468bed653e Upgrade Redis (v7.0.7-0 -> v7.0.9-0) 2023-03-01 10:30:09 +02:00
Aine 0aede060f3
Update grafana 9.3.6 -> 9.4.1 2023-02-28 13:18:21 +00:00
Slavi Pantaleev e6ba7cc2c9 Upgrade com.devture.ansible.role.traefik 2023-02-27 16:32:37 +02:00
Slavi Pantaleev d5910d0421 Upgrade com.devture.ansible.role.docker_sdk_for_python
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2522
2023-02-27 08:27:41 +02:00
Slavi Pantaleev 31857ea9bb Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-02-26 19:49:01 +02:00
Slavi Pantaleev 7c622bd249 Upgrade com.devture.ansible.role.traefik 2023-02-26 19:12:10 +02:00
Aine e625e9aa5b
fix postgres version detection in the borg role 2023-02-26 10:41:40 +00:00
Aine 252e542bc5
Update ntfy 2.0.1 -> 2.1.0 2023-02-26 08:19:51 +00:00
Slavi Pantaleev 53f8a0c6ae Upgrade com.devture.ansible.role.traefik 2023-02-24 20:27:15 +02:00
Slavi Pantaleev 84c5b44bea Upgrade com.devture.ansible.role.docker_sdk_for_python 2023-02-22 16:09:16 +02:00
Aine cbc8f0c6e6
Update borgmatic 1.7.6 -> 1.7.7 2023-02-21 10:14:53 +00:00
Slavi Pantaleev 8e592fb0c1 Upgrade grafana role (v9.3.6-1 -> v9.3.6-2) 2023-02-20 16:53:19 +02:00
Slavi Pantaleev a758301bf6 Upgrade geerlingguy.docker (6.0.4 -> 6.1.0) 2023-02-19 10:20:40 +02:00
Slavi Pantaleev 0da308e24d Upgrade com.devture.ansible.role.traefik 2023-02-19 10:20:13 +02:00
Aine 886d1cddd0
Update ntfy v2.0.0-1 -> v2.0.1-0 2023-02-18 19:10:23 +00:00
Slavi Pantaleev 154d077ec7 Upgrade ntfy (v2.0.0-0 -> v2.0.0-1) 2023-02-17 16:24:10 +02:00
Slavi Pantaleev 990a6369e1 Switch to using an external Redis role 2023-02-17 16:23:59 +02:00
Slavi Pantaleev 964aa0e84d Switch to using an external Ntfy role
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.

The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.

The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2023-02-17 09:54:33 +02:00
Slavi Pantaleev 7c5826f1c3 Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role
Wiring happens via `group_vars/matrix_servers` now.
2023-02-15 10:52:25 +02:00
Slavi Pantaleev 1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev 266195ab45 Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0)
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
2023-02-13 12:26:49 +02:00
Slavi Pantaleev 65730b84d3 Upgrade backup_borg (v1.2.3-1.7.5-0 -> v1.2.3-1.7.5-1) 2023-02-13 11:51:11 +02:00
Slavi Pantaleev 78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev c289996cd9 Upgrade com.devture.ansible.role.traefik 2023-02-09 10:16:41 +02:00
Slavi Pantaleev a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Slavi Pantaleev 1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Slavi Pantaleev 8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
Slavi Pantaleev f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00