272d0aa82b
Make cert location configurable for nginx site
...
This is slight hack that I want to fix in the future. It is motivated by
the fact that the certbot certificate is valid for all domains that are
requested, instead of a certificate-per-domain.
2024-10-20 11:16:08 +02:00
f9d480335f
Use HTTP/2 for nginx
2024-10-19 19:53:28 +02:00
2b1ce0b56c
Bump Forgejo version
2024-10-19 19:47:44 +02:00
2b66d830d9
Add expansion of domains during certificate renewal
2024-10-19 19:47:03 +02:00
d00ffe54e4
Add restoration example playbook
2024-10-13 20:13:16 +02:00
3934bffbd1
Add backup restoration logic to NFS role
...
Passing the `backup_nfs_restore` variable will restore that timestamp.
2024-10-13 20:12:26 +02:00
63c767f116
Add two example playbooks
2024-10-13 19:44:09 +02:00
11f20db2d2
Fix typo
2024-10-13 19:37:48 +02:00
8ff8832f85
Add simple NFS backup role
2024-10-13 19:34:14 +02:00
3416eb490c
Add additional proxy headers to nginx config
...
This is required to have better log output.
2024-10-13 18:03:16 +02:00
82713dabce
Make user for podman containers configurable
2024-10-13 14:44:30 +02:00
f916260c90
Make nginx_htpasswd required
2024-10-13 14:38:42 +02:00
120968ee54
Rename variable to follow linting conventions
2024-10-13 14:36:30 +02:00
c13796dd22
Add stub CHANGELOG file to please the linter
...
Currently, the churn in the code is expected to be too high to have a
meaningfull CHANGELOG.
2024-10-13 14:33:08 +02:00
38ff10d0e0
Add minimum required Ansible version
2024-10-13 13:41:16 +02:00
dff271d063
Add additional tags to galaxy.yml
2024-10-13 13:37:54 +02:00
40208a88b9
Fix indentation errors in galaxy.yml
2024-10-13 13:36:41 +02:00
d0746b2f1b
Rename configure_firewall role
2024-10-13 13:35:16 +02:00
5542a21301
Fix more ansible-lint errors
2024-10-13 13:31:08 +02:00
d3c09406bf
Add simple Forgejo installation
2024-10-13 13:18:19 +02:00
07dcb47e14
Fix ansible-lint failures
2024-10-13 11:40:12 +02:00
33a9eef0fa
Add basic nginx role
...
This role installs a distribution-provided nginx and does some basic
configuration on it. It acts as a reverse proxy for the containers
that does the TLS offloading and provides an optional HTTP basic
authentication page for services that aren't ready to be exposed yet.
2024-10-13 11:33:33 +02:00
99053b7f3e
Add transfer role from the Certbot container
...
This role will install logic to transfer the (renewed) certificates
from the Certbot container to a directory easily accessible by a
distribution-installed nginx.
2024-10-12 21:42:33 +02:00
4da71eadec
Add basic rootless Certbot role
...
This automatically renews Let's Encrypt certificates, but does nothing
further with them. You need additional logic to use them for example
with nginx.
2024-10-12 21:41:00 +02:00
67681b6fdc
Add firewall configuration role
...
This role is intended for simple port forwarding via `nftables` rules.
2024-10-10 22:12:08 +02:00
25d72229d8
Make sure sce_cfg_group is a system group
2024-10-07 03:26:07 +02:00
65ec7e94d0
Ensure systemd user service manager is enabled
...
This is required to have the rootless containers start at boot.
2024-10-07 03:20:30 +02:00
37ac2e0403
Add install of basic Podman configuration
2024-10-07 03:10:05 +02:00
9d01453d9f
Initial commit
2024-10-07 02:09:52 +02:00
