ivo/sce
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
31 commits 1 branch 0 tags 92 KiB
Commit graph

24 commits

Author SHA1 Message Date
Ivo C.S. Wingelaar
25fb8d345d
Add Woodpecker agent role 2024-11-17 14:02:38 +01:00
Ivo C.S. Wingelaar
4560ccbbb7
Add Woodpecker server role 2024-11-17 14:02:01 +01:00
Ivo C.S. Wingelaar
272d0aa82b
Make cert location configurable for nginx site 
This is slight hack that I want to fix in the future. It is motivated by
the fact that the certbot certificate is valid for all domains that are
requested, instead of a certificate-per-domain.
 2024-10-20 11:16:08 +02:00
Ivo C.S. Wingelaar
f9d480335f
Use HTTP/2 for nginx 2024-10-19 19:53:28 +02:00
Ivo C.S. Wingelaar
2b1ce0b56c
Bump Forgejo version 2024-10-19 19:47:44 +02:00
Ivo C.S. Wingelaar
2b66d830d9
Add expansion of domains during certificate renewal 2024-10-19 19:47:03 +02:00
Ivo C.S. Wingelaar
3934bffbd1
Add backup restoration logic to NFS role 
Passing the `backup_nfs_restore` variable will restore that timestamp.
 2024-10-13 20:12:26 +02:00
Ivo C.S. Wingelaar
11f20db2d2
Fix typo 2024-10-13 19:37:48 +02:00
Ivo C.S. Wingelaar
8ff8832f85
Add simple NFS backup role 2024-10-13 19:34:14 +02:00
Ivo C.S. Wingelaar
3416eb490c
Add additional proxy headers to nginx config 
This is required to have better log output.
 2024-10-13 18:03:16 +02:00
Ivo C.S. Wingelaar
82713dabce
Make user for podman containers configurable 2024-10-13 14:44:30 +02:00
Ivo C.S. Wingelaar
f916260c90
Make nginx_htpasswd required 2024-10-13 14:38:42 +02:00
Ivo C.S. Wingelaar
120968ee54
Rename variable to follow linting conventions 2024-10-13 14:36:30 +02:00
Ivo C.S. Wingelaar
d0746b2f1b
Rename configure_firewall role 2024-10-13 13:35:16 +02:00
Ivo C.S. Wingelaar
5542a21301
Fix more ansible-lint errors 2024-10-13 13:31:08 +02:00
Ivo C.S. Wingelaar
d3c09406bf
Add simple Forgejo installation 2024-10-13 13:18:19 +02:00
Ivo C.S. Wingelaar
07dcb47e14
Fix ansible-lint failures 2024-10-13 11:40:12 +02:00
Ivo C.S. Wingelaar
33a9eef0fa
Add basic nginx role 
This role installs a distribution-provided nginx and does some basic
configuration on it. It acts as a reverse proxy for the containers
that does the TLS offloading and provides an optional HTTP basic
authentication page for services that aren't ready to be exposed yet.
 2024-10-13 11:33:33 +02:00
Ivo C.S. Wingelaar
99053b7f3e
Add transfer role from the Certbot container 
This role will install logic to transfer the (renewed) certificates
from the Certbot container to a directory easily accessible by a
distribution-installed nginx.
 2024-10-12 21:42:33 +02:00
Ivo C.S. Wingelaar
4da71eadec
Add basic rootless Certbot role 
This automatically renews Let's Encrypt certificates, but does nothing
further with them. You need additional logic to use them for example
with nginx.
 2024-10-12 21:41:00 +02:00
Ivo C.S. Wingelaar
67681b6fdc
Add firewall configuration role 
This role is intended for simple port forwarding via `nftables` rules.
 2024-10-10 22:12:08 +02:00
Ivo C.S. Wingelaar
25d72229d8
Make sure sce_cfg_group is a system group 2024-10-07 03:26:07 +02:00
Ivo C.S. Wingelaar
65ec7e94d0
Ensure systemd user service manager is enabled 
This is required to have the rootless containers start at boot.
 2024-10-07 03:20:30 +02:00
Ivo C.S. Wingelaar
37ac2e0403
Add install of basic Podman configuration 2024-10-07 03:10:05 +02:00