noc.git
5 years agotorwaechter: additional hotplug fixes
Michael Gebetsroither [Sun, 15 Sep 2019 17:56:39 +0000 (19:56 +0200)]
torwaechter: additional hotplug fixes

5 years agotorwaechter: add all necessary files for tuer_core to run under procd
Michael Gebetsroither [Sun, 15 Sep 2019 15:42:02 +0000 (17:42 +0200)]
torwaechter: add all necessary files for tuer_core to run under procd

5 years agotorwaechter: small fix to make /run available
Michael Gebetsroither [Sun, 15 Sep 2019 15:41:25 +0000 (17:41 +0200)]
torwaechter: small fix to make /run available

there is a tmpfs mounted on that later on

5 years agotorwaechter: add additional tools
Michael Gebetsroither [Sun, 15 Sep 2019 15:39:17 +0000 (17:39 +0200)]
torwaechter: add additional tools

rsync, lsblk

5 years agotorwaechter: upgrade to openwrt 18.06.4
Michael Gebetsroither [Sat, 14 Sep 2019 23:30:37 +0000 (01:30 +0200)]
torwaechter: upgrade to openwrt 18.06.4

5 years agodocumentation of hack to make door_daemon run on openwrt based torwaechter
Michael Gebetsroither [Fri, 13 Sep 2019 23:03:12 +0000 (01:03 +0200)]
documentation of hack to make door_daemon run on openwrt based torwaechter

5 years agoMerge PR#66: VM bootstraping improvements
nicoo [Fri, 2 Aug 2019 23:06:32 +0000 (01:06 +0200)]
Merge PR#66: VM bootstraping improvements

5 years agoMerge PR#64: added fixes for ansible 2.8
nicoo [Fri, 2 Aug 2019 22:57:44 +0000 (00:57 +0200)]
Merge PR#64: added fixes for ansible 2.8

5 years agomake sure facts from previous installs are removed before reinstalling a machine
Christian Pointner [Tue, 16 Jul 2019 20:42:24 +0000 (22:42 +0200)]
make sure facts from previous installs are removed before reinstalling a machine

5 years agonicer loop labels
Christian Pointner [Tue, 16 Jul 2019 20:36:39 +0000 (22:36 +0200)]
nicer loop labels

5 years agopreseed: add option to allow installation using dhcp
Christian Pointner [Tue, 16 Jul 2019 20:15:39 +0000 (22:15 +0200)]
preseed: add option to allow installation using dhcp

5 years agopreseed: debian buster names interfaces differently than stretch and in a way that...
Christian Pointner [Tue, 16 Jul 2019 20:14:47 +0000 (22:14 +0200)]
preseed: debian buster names interfaces differently than stretch and in a way that is incompatible with our vm network interface scheme. This patch fixes the problem by making the name policy for network interfaces configurable

5 years agovm/define: the vm autostart flag survives even if the vm is undefined so we need...
Christian Pointner [Tue, 16 Jul 2019 20:10:55 +0000 (22:10 +0200)]
vm/define: the vm autostart flag survives even if the vm is undefined so we need a way to force disabling autostart

5 years agovm/host: add missing dependencies
Christian Pointner [Tue, 16 Jul 2019 20:05:38 +0000 (22:05 +0200)]
vm/host: add missing dependencies

5 years agofix wrong deprecation warning for group-names
Christian Pointner [Tue, 16 Jul 2019 20:18:39 +0000 (22:18 +0200)]
fix wrong deprecation warning for group-names

5 years agoadded fixes for ansible 2.8
Christian Pointner [Sat, 6 Jul 2019 00:24:24 +0000 (02:24 +0200)]
added fixes for ansible 2.8

5 years agoMerge pull request #63 from realraum/sack-workaround
Christian Pointner [Mon, 17 Jun 2019 21:39:27 +0000 (23:39 +0200)]
Merge pull request #63 from realraum/sack-workaround

ansible/base: Workaround SACK DoS ([NFLX-2019-001])

5 years agoansible/base: Workaround [NFLX-2019-001] (CVE-2019-1147{7,8,9})
nicoo [Mon, 17 Jun 2019 21:04:15 +0000 (17:04 -0400)]
ansible/base: Workaround [NFLX-2019-001] (CVE-2019-1147{7,8,9})

Disable Selective Acknowledgement (SACK)

[NFLX-2019-001]: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

5 years agoMerge PR#62: vault/gpg: show long key-ids
nicoo [Mon, 25 Feb 2019 17:47:14 +0000 (18:47 +0100)]
Merge PR#62: vault/gpg: show long key-ids

5 years agovault/gpg: show long key-ids
Christian Pointner [Wed, 13 Feb 2019 14:17:36 +0000 (15:17 +0100)]
vault/gpg: show long key-ids

5 years agoMerge pull request #58 from realraum/accesspoints/no-roaming-for-iot-wifi
Christian Pointner [Wed, 6 Feb 2019 18:16:05 +0000 (19:16 +0100)]
Merge pull request #58 from realraum/accesspoints/no-roaming-for-iot-wifi

don't force roaming on iot wifi

5 years agoMerge PR#57: preseed: fix partman syntax
nicoo [Wed, 6 Feb 2019 17:36:47 +0000 (18:36 +0100)]
Merge PR#57: preseed: fix partman syntax

5 years agodon't force roaming on iot wifi
Christian Pointner [Sat, 2 Feb 2019 02:04:01 +0000 (03:04 +0100)]
don't force roaming on iot wifi

5 years agopreseed: fix partman syntax
Christian Pointner [Sat, 2 Feb 2019 01:29:38 +0000 (02:29 +0100)]
preseed: fix partman syntax

5 years agoMerge pull request #56 from realraum/update-vm-config
Christian Pointner [Sat, 2 Feb 2019 01:47:24 +0000 (02:47 +0100)]
Merge pull request #56 from realraum/update-vm-config

Playbook for updating a VM's configuration

5 years agovm-update: Gather facts before running vm/network
nicoo [Tue, 29 Jan 2019 14:00:37 +0000 (15:00 +0100)]
vm-update: Gather facts before running vm/network

That role needs the fact `ansible_distribution` & such.

5 years agoRefactor VM definition playbook and template to a separate role
nicoo [Tue, 29 Jan 2019 13:16:32 +0000 (14:16 +0100)]
Refactor VM definition playbook and template to a separate role

5 years agovm-update: Use post_tasks rather than explicit flush_handlers
nicoo [Mon, 28 Jan 2019 15:41:23 +0000 (16:41 +0100)]
vm-update: Use post_tasks rather than explicit flush_handlers

5 years agoMake `run_installer` default to no in the libvirt template
nicoo [Mon, 28 Jan 2019 15:40:09 +0000 (16:40 +0100)]
Make `run_installer` default to no in the libvirt template

5 years agoansible/host_vars: Add installation metadata for the metrics VM
nicoo [Thu, 24 Jan 2019 19:08:30 +0000 (20:08 +0100)]
ansible/host_vars: Add installation metadata for the metrics VM

5 years agoansible: Add vm-update playbook
nicoo [Thu, 24 Jan 2019 19:06:38 +0000 (20:06 +0100)]
ansible: Add vm-update playbook

This playbook updates the domain definition for an existing VM,
allowing to upgrade to newer features (like virtio-rng) without
reinstalling.

5 years agoMerge PR#55: disable facts gathering for usb-install playbook
nicoo [Thu, 24 Jan 2019 12:09:12 +0000 (13:09 +0100)]
Merge PR#55: disable facts gathering for usb-install playbook

5 years agodisable facts gathering for usb-install playbook
Christian Pointner [Wed, 23 Jan 2019 18:29:05 +0000 (19:29 +0100)]
disable facts gathering for usb-install playbook

5 years agoremove useless empty file
Christian Pointner [Thu, 17 Jan 2019 10:13:44 +0000 (11:13 +0100)]
remove useless empty file

5 years agoMerge PR#54: Friendly loop indexes when setting adduser options
nicoo [Sat, 12 Jan 2019 23:39:01 +0000 (00:39 +0100)]
Merge PR#54: Friendly loop indexes when setting adduser options

Reviewed-by: equinox0815

5 years agoansible/base: Friendly loop indexes when setting adduser options
nicoo [Sat, 12 Jan 2019 23:13:41 +0000 (00:13 +0100)]
ansible/base: Friendly loop indexes when setting adduser options

5 years agoMerge pull request #53 from realraum/install/serial
Christian Pointner [Sat, 12 Jan 2019 23:25:57 +0000 (00:25 +0100)]
Merge pull request #53 from realraum/install/serial

make kernel command line options configurable

5 years agojinja2 != python ...
Christian Pointner [Sat, 12 Jan 2019 23:22:37 +0000 (00:22 +0100)]
jinja2 != python ...

5 years agonot need to set a default for install.kernel_cmdline because is skipped if the varaib...
Christian Pointner [Sat, 12 Jan 2019 23:19:33 +0000 (00:19 +0100)]
not need to set a default for install.kernel_cmdline because is skipped if the varaibled is undefined

5 years agoansible: Make install.kernel_cmdline a list
nicoo [Sat, 12 Jan 2019 23:02:33 +0000 (00:02 +0100)]
ansible: Make install.kernel_cmdline a list

Not all kernel command-line parameters look like key=value.

5 years agoansible/base: Use map + join rather than a complicated loop
nicoo [Sat, 12 Jan 2019 22:53:59 +0000 (23:53 +0100)]
ansible/base: Use map + join rather than a complicated loop

5 years agovga=off is deprecated
Christian Pointner [Fri, 11 Jan 2019 00:26:36 +0000 (01:26 +0100)]
vga=off is deprecated

5 years agocall update-grub after changing config
Christian Pointner [Fri, 11 Jan 2019 00:13:36 +0000 (01:13 +0100)]
call update-grub after changing config

5 years agomake kernel command line options configurable.
Christian Pointner [Thu, 10 Jan 2019 00:07:16 +0000 (01:07 +0100)]
make kernel command line options configurable.

fixes #51

5 years agoMerge pull request #52 from realraum/preseed/disk-selection
Christian Pointner [Sat, 12 Jan 2019 22:47:06 +0000 (23:47 +0100)]
Merge pull request #52 from realraum/preseed/disk-selection

preseed/install: make disk selection work with udev device paths

5 years agoMerge pull request #50 from realraum/ansible/openwrt-image-links
Christian Pointner [Sat, 12 Jan 2019 22:46:23 +0000 (23:46 +0100)]
Merge pull request #50 from realraum/ansible/openwrt-image-links

add support for symlinks on openwrt/image role

5 years agoMerge pull request #49 from realraum/ansible/lint
Christian Pointner [Sat, 12 Jan 2019 22:46:07 +0000 (23:46 +0100)]
Merge pull request #49 from realraum/ansible/lint

add ansible-lint for roles

5 years agopreseed/install: make disk selection work with udev device paths
Christian Pointner [Wed, 9 Jan 2019 01:08:47 +0000 (02:08 +0100)]
preseed/install: make disk selection work with udev device paths

5 years agoansible: added support for symlinks on openwrt/image role
Christian Pointner [Sat, 29 Dec 2018 05:03:31 +0000 (06:03 +0100)]
ansible: added support for symlinks on openwrt/image role

5 years agomove call to ansible lint to /ansible/lint.sh
Christian Pointner [Sun, 23 Dec 2018 21:20:07 +0000 (22:20 +0100)]
move call to ansible lint to /ansible/lint.sh

5 years agofix wording in generic linter playbook
Christian Pointner [Sun, 23 Dec 2018 21:17:25 +0000 (22:17 +0100)]
fix wording in generic linter playbook

5 years agoupdated ansible/Readme.md again...
Christian Pointner [Sun, 23 Dec 2018 14:22:05 +0000 (15:22 +0100)]
updated ansible/Readme.md again...

5 years agoupdated ansible/Readme.md
Christian Pointner [Sun, 23 Dec 2018 14:20:49 +0000 (15:20 +0100)]
updated ansible/Readme.md

5 years agoadd some info about ansible-lint
Christian Pointner [Sun, 23 Dec 2018 14:12:56 +0000 (15:12 +0100)]
add some info about ansible-lint

5 years agofix ansible syntax
Christian Pointner [Sun, 23 Dec 2018 13:52:22 +0000 (14:52 +0100)]
fix ansible syntax

5 years agosome more linter fixes
Christian Pointner [Sun, 23 Dec 2018 13:49:41 +0000 (14:49 +0100)]
some more linter fixes

5 years agoadd all roles to linter
Christian Pointner [Sun, 23 Dec 2018 13:29:02 +0000 (14:29 +0100)]
add all roles to linter

5 years agouse pushd/popd to change to ansible dir
Christian Pointner [Sun, 23 Dec 2018 13:25:51 +0000 (14:25 +0100)]
use pushd/popd to change to ansible dir

5 years agoansible-lint: fix base role
Christian Pointner [Sun, 23 Dec 2018 13:21:11 +0000 (14:21 +0100)]
ansible-lint: fix base role

5 years agoadded ansible linter config
Christian Pointner [Sun, 23 Dec 2018 13:17:02 +0000 (14:17 +0100)]
added ansible linter config

5 years agotry to fix pip in travis
Christian Pointner [Sun, 23 Dec 2018 13:10:41 +0000 (14:10 +0100)]
try to fix pip in travis

5 years agoadded ansible-lint to travis
Christian Pointner [Sun, 23 Dec 2018 13:06:34 +0000 (14:06 +0100)]
added ansible-lint to travis

5 years agoMerge PR#48: replace command module running mktemp with tempfile module
nicoo [Sat, 22 Dec 2018 23:34:52 +0000 (00:34 +0100)]
Merge PR#48: replace command module running mktemp with tempfile module

5 years agoreplace command module running mktemp with tempfile module
Christian Pointner [Sat, 22 Dec 2018 00:02:43 +0000 (01:02 +0100)]
replace command module running mktemp with tempfile module

5 years agoMerge pull request #47 from realraum/net/congestion-control
Christian Pointner [Fri, 21 Dec 2018 18:14:00 +0000 (19:14 +0100)]
Merge pull request #47 from realraum/net/congestion-control

base: Set congestion control option

5 years agoubuntu xenial install hew kernel by default
Christian Pointner [Thu, 20 Dec 2018 22:02:48 +0000 (23:02 +0100)]
ubuntu xenial install hew kernel by default

5 years agoctf has been moved
Christian Pointner [Tue, 18 Dec 2018 23:07:29 +0000 (00:07 +0100)]
ctf has been moved

5 years agoansible/base: Drop network_modules variable
nicoo [Tue, 18 Dec 2018 01:29:36 +0000 (02:29 +0100)]
ansible/base: Drop network_modules variable

5 years agoansible/base: Add network tasks, set congestion control options
nicoo [Mon, 17 Dec 2018 16:09:02 +0000 (17:09 +0100)]
ansible/base: Add network tasks, set congestion control options

5 years agoansible: Split base role into separate task files
nicoo [Mon, 17 Dec 2018 15:14:47 +0000 (16:14 +0100)]
ansible: Split base role into separate task files

It was becoming difficult to find things in there.

5 years agoMerge PR#46: add fgenesis ssh key to tuergit
nicoo [Tue, 11 Dec 2018 11:19:21 +0000 (12:19 +0100)]
Merge PR#46: add fgenesis ssh key to tuergit

5 years agoMerge PR#44: added new ctf host
nicoo [Tue, 11 Dec 2018 11:16:36 +0000 (12:16 +0100)]
Merge PR#44: added new ctf host

5 years agoadd fgenesis ssh key to tuergit
Christian Pointner [Mon, 10 Dec 2018 21:23:27 +0000 (22:23 +0100)]
add fgenesis ssh key to tuergit

5 years agoctf: Move host vars from inventory to host_vars/ & document them
nicoo [Sat, 8 Dec 2018 09:51:48 +0000 (10:51 +0100)]
ctf: Move host vars from inventory to host_vars/ & document them

5 years agoMerge PR#45: Preseed fixes
nicoo [Sat, 8 Dec 2018 09:46:23 +0000 (10:46 +0100)]
Merge PR#45: Preseed fixes

5 years agopreseed: fix hostname and domain setting
Christian Pointner [Sat, 8 Dec 2018 00:14:26 +0000 (01:14 +0100)]
preseed: fix hostname and domain setting

5 years agopreseed: don't load firmware for unknown hardware
Christian Pointner [Fri, 7 Dec 2018 22:56:37 +0000 (23:56 +0100)]
preseed: don't load firmware for unknown hardware

5 years agoaccesspoints are now deployed using ansible
Christian Pointner [Sat, 8 Dec 2018 03:16:15 +0000 (04:16 +0100)]
accesspoints are now deployed using ansible

5 years agoadded new ctf host
Christian Pointner [Wed, 5 Dec 2018 22:01:48 +0000 (23:01 +0100)]
added new ctf host

5 years agowhitespace-only fix
Christian Pointner [Sun, 2 Dec 2018 08:28:45 +0000 (09:28 +0100)]
whitespace-only fix

5 years agoMerge PR#43: nicer handling for ssh keys
nicoo [Fri, 30 Nov 2018 23:11:53 +0000 (00:11 +0100)]
Merge PR#43: nicer handling for ssh keys

5 years agonicer template to generate authorized keys for openwrt
Christian Pointner [Fri, 30 Nov 2018 21:36:19 +0000 (22:36 +0100)]
nicer template to generate authorized keys for openwrt

5 years agoadd filter plugin to generate ssh key list
Christian Pointner [Fri, 30 Nov 2018 20:01:19 +0000 (21:01 +0100)]
add filter plugin to generate ssh key list

5 years agointroduce ssh_users_root
Christian Pointner [Fri, 30 Nov 2018 07:03:55 +0000 (08:03 +0100)]
introduce ssh_users_root

5 years agoMerge PR#41: updated preseed templates for ubuntu xenial and bionic
nicoo [Fri, 30 Nov 2018 19:04:47 +0000 (20:04 +0100)]
Merge PR#41: updated preseed templates for ubuntu xenial and bionic

5 years agoadd support for netplan on ubuntu bionic
Christian Pointner [Wed, 28 Nov 2018 01:20:44 +0000 (02:20 +0100)]
add support for netplan on ubuntu bionic

fixes #42

5 years agovm/network: ubuntu bionic uses netplan...
Christian Pointner [Wed, 28 Nov 2018 00:40:14 +0000 (01:40 +0100)]
vm/network: ubuntu bionic uses netplan...

5 years agoupdated preseed templates for ubuntu xenial and bionic
Christian Pointner [Mon, 26 Nov 2018 23:38:53 +0000 (00:38 +0100)]
updated preseed templates for ubuntu xenial and bionic

5 years agofix role name for openwrt/image
Christian Pointner [Mon, 26 Nov 2018 22:42:25 +0000 (23:42 +0100)]
fix role name for openwrt/image

5 years agoMerge pull request #39 from realraum/openwrt/roles-rename
Christian Pointner [Mon, 26 Nov 2018 22:37:51 +0000 (23:37 +0100)]
Merge pull request #39 from realraum/openwrt/roles-rename

Rename openwrt-image role to openwrt/image

5 years agoMerge pull request #38 from realraum/gpg/nicoo
Christian Pointner [Mon, 26 Nov 2018 22:37:30 +0000 (23:37 +0100)]
Merge pull request #38 from realraum/gpg/nicoo

gpg: Remove my old key from the keyring

5 years agoMerge pull request #37 from realraum/files-vs-artifacts
Christian Pointner [Mon, 26 Nov 2018 22:37:05 +0000 (23:37 +0100)]
Merge pull request #37 from realraum/files-vs-artifacts

Files vs artifacts

5 years agoShip default /etc/htoprc in access points & base
nicoo [Mon, 26 Nov 2018 22:31:24 +0000 (23:31 +0100)]
Ship default /etc/htoprc in access points & base

5 years agobase: Refactor deployment of default config files
nicoo [Mon, 26 Nov 2018 22:30:58 +0000 (23:30 +0100)]
base: Refactor deployment of default config files

5 years agoaccesspoints: Extract htop config to a common file
nicoo [Mon, 26 Nov 2018 22:17:38 +0000 (23:17 +0100)]
accesspoints: Extract htop config to a common file

5 years agoRename openwrt-image role to openwrt/image
nicoo [Mon, 26 Nov 2018 22:10:54 +0000 (23:10 +0100)]
Rename openwrt-image role to openwrt/image

5 years agogpg: Remove my old key from the keyring
nicoo [Mon, 26 Nov 2018 21:59:46 +0000 (22:59 +0100)]
gpg: Remove my old key from the keyring

0x772B11B4F2DC80E1212B3F41B0739AAD91B7CDC0 was removed.

5 years agoFix permissions on files/torwaechter/update-keys-from-stdin.sh
nicoo [Mon, 26 Nov 2018 21:46:22 +0000 (22:46 +0100)]
Fix permissions on files/torwaechter/update-keys-from-stdin.sh

5 years agoansible: Split files and artifact directories
nicoo [Mon, 26 Nov 2018 21:45:10 +0000 (22:45 +0100)]
ansible: Split files and artifact directories

- artifacts are assets generated by Ansible, not under version control
- files are static assets under version control

5 years agofixed renaming of gnocci host_vars directories
Christian Pointner [Mon, 26 Nov 2018 21:44:59 +0000 (22:44 +0100)]
fixed renaming of gnocci host_vars directories