nicoo [Sat, 16 Jun 2018 18:16:57 +0000 (20:16 +0200)]
base: Make managed ntpd optional
nicoo [Sat, 16 Jun 2018 18:16:21 +0000 (20:16 +0200)]
base: Configure openntpd
nicoo [Sat, 16 Jun 2018 18:14:45 +0000 (20:14 +0200)]
base: Install OpenNTPd rather than ntp.org
nicoo [Sun, 17 Jun 2018 13:49:06 +0000 (15:49 +0200)]
gnocci.org: Do not assume we want OpenNTPd
We probably do not want it, for a sync server.
nicoo [Sun, 17 Jun 2018 13:48:23 +0000 (15:48 +0200)]
Update gnocci TODOs
Christian Pointner [Sun, 17 Jun 2018 10:32:35 +0000 (12:32 +0200)]
Merge pull request #20 from realraum/vm-improvements
Improvements in VM handling
nicoo [Sun, 17 Jun 2018 09:59:41 +0000 (11:59 +0200)]
localconfig: Rely on ansible_port to configure SSH port
nicoo [Wed, 13 Jun 2018 22:18:51 +0000 (00:18 +0200)]
vm-install: Remove hosts from known hosts in the playbook
This avoid relying on localconfig being used.
nicoo [Wed, 13 Jun 2018 22:29:10 +0000 (00:29 +0200)]
base: Use with_dict for editing adduser.conf
nicoo [Wed, 13 Jun 2018 19:07:03 +0000 (21:07 +0200)]
vm/grub: Cleanup (use dictionary iteration)
nicoo [Wed, 13 Jun 2018 17:36:28 +0000 (19:36 +0200)]
vm/install: Handle non-22000 SSH ports
nicoo [Wed, 13 Jun 2018 17:34:36 +0000 (19:34 +0200)]
vm/install: Bake authorized_keys in the initrd
This is less error-prone than cramming the SSH keys into the preseed.
Also, support setting VM-specific SSH keys.
nicoo [Wed, 13 Jun 2018 16:50:01 +0000 (18:50 +0200)]
vm-install: Apply VM configuration roles
nicoo [Wed, 13 Jun 2018 01:54:52 +0000 (03:54 +0200)]
vm/install: Group conditional when destroying existing VMs
nicoo [Wed, 13 Jun 2018 01:54:11 +0000 (03:54 +0200)]
vm/install: Bake the preseed file into the initrd
nicoo [Wed, 13 Jun 2018 01:51:16 +0000 (03:51 +0200)]
vm/guest: Provide a root shell on the (virtual) serial console
Christian Pointner [Fri, 8 Jun 2018 19:24:50 +0000 (21:24 +0200)]
Merge pull request #18 from realraum/rng
Provide entropy on the virtualization platforms
nicoo [Fri, 8 Jun 2018 19:19:32 +0000 (21:19 +0200)]
vm/guest: Ensure no other rngd configuration lines are present
nicoo [Fri, 8 Jun 2018 17:18:27 +0000 (19:18 +0200)]
Add vm/guest role for configuring VMs, make it setup rngd
nicoo [Fri, 8 Jun 2018 17:06:28 +0000 (19:06 +0200)]
vm/host: Install haveged on VM hosts
Christian Pointner [Sun, 3 Jun 2018 13:42:31 +0000 (15:42 +0200)]
ansible: torwaechter is already part of the dynamically generated ssh config
Christian Pointner [Sat, 2 Jun 2018 02:06:08 +0000 (04:06 +0200)]
torwaechter is moved to new mgmt vlan
Christian Pointner [Sat, 2 Jun 2018 01:19:41 +0000 (03:19 +0200)]
new mgmt vlan is established
Christian Pointner [Fri, 1 Jun 2018 23:26:54 +0000 (01:26 +0200)]
new IP-IP Tunnel from mur.at is done
Christian Pointner [Fri, 1 Jun 2018 23:11:57 +0000 (01:11 +0200)]
added gnocci roadmap
Bernhard Tittelbach [Tue, 22 May 2018 20:35:44 +0000 (22:35 +0200)]
new ssh pubkey
nicoo [Mon, 21 May 2018 12:02:28 +0000 (14:02 +0200)]
roles/openwrt-image: Pin the LEDE release signing key
This addresses a security issue where an attacker with a key that GnuPG
considers valid (but doesn't claim to be LEDE's) can get their signature
accepted on malicious files.
This should also solve the issue equinox had with key validity.
Christian Pointner [Mon, 21 May 2018 11:32:08 +0000 (13:32 +0200)]
disable parsing of gpg options file
Christian Pointner [Mon, 21 May 2018 01:02:51 +0000 (03:02 +0200)]
unarchive seems to do its job now?!
Christian Pointner [Mon, 21 May 2018 00:59:22 +0000 (02:59 +0200)]
make fstab handling for openwrt safe
Christian Pointner [Mon, 21 May 2018 00:45:46 +0000 (02:45 +0200)]
revamped temporary directories
Christian Pointner [Mon, 21 May 2018 00:11:06 +0000 (02:11 +0200)]
Merge pull request #16 from realraum/openwrt-image
Role for building OpenWrt images
nicoo [Mon, 21 May 2018 00:09:49 +0000 (02:09 +0200)]
Merge PR#12: add initial vm installer role
nicoo [Mon, 21 May 2018 00:01:13 +0000 (02:01 +0200)]
roles/openwrt-image: Cache downloaded files
Christian Pointner [Sun, 20 May 2018 23:52:24 +0000 (01:52 +0200)]
move openwrt image config to host_vars
nicoo [Sun, 20 May 2018 23:23:09 +0000 (01:23 +0200)]
tuer: Add sftp support
nicoo [Sun, 20 May 2018 23:12:26 +0000 (01:12 +0200)]
tuer: Add missing packages
nicoo [Sun, 20 May 2018 22:57:18 +0000 (00:57 +0200)]
roles/openwrt-image: Fixup directory modes
Christian Pointner [Sun, 20 May 2018 22:55:26 +0000 (00:55 +0200)]
added uci system settings
nicoo [Sun, 20 May 2018 22:22:56 +0000 (00:22 +0200)]
tuer: Add stuff for tuergit
nicoo [Sun, 20 May 2018 21:36:14 +0000 (23:36 +0200)]
fixup! roles/openwrt-image: Add support for setting file modes
nicoo [Wed, 16 May 2018 21:02:17 +0000 (23:02 +0200)]
tuer: Add AuthorizedKeys script for tuerctl
nicoo [Wed, 16 May 2018 21:00:17 +0000 (23:00 +0200)]
tuer: Replace dropbear with openssh-server
This is a work-in-progress, the configuration is currently broken...
We use /etc/ssh/authorized_keys.d so non-root users cannot edit
authorized keys.
nicoo [Wed, 16 May 2018 20:58:51 +0000 (22:58 +0200)]
fixup! roles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 19:36:44 +0000 (21:36 +0200)]
roles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 19:33:13 +0000 (21:33 +0200)]
roles/openwrt-image: Support configuring mountpoints
nicoo [Wed, 16 May 2018 19:32:27 +0000 (21:32 +0200)]
roles/openwrt-image: Natively support UCI configuration
nicoo [Wed, 16 May 2018 19:28:16 +0000 (21:28 +0200)]
tuer: Make installed binaries executable
nicoo [Sun, 6 May 2018 11:39:03 +0000 (13:39 +0200)]
roles/openwrt-image: Add support for setting file modes
nicoo [Sun, 6 May 2018 11:38:40 +0000 (13:38 +0200)]
roles/openwrt-image: Refactor openwrt-mixins
nicoo [Sun, 6 May 2018 11:14:09 +0000 (13:14 +0200)]
tuer: Disallow all password auth
Christian Pointner [Fri, 4 May 2018 22:05:31 +0000 (00:05 +0200)]
fix localconfig ssh user for openwrt hosts
Christian Pointner [Fri, 4 May 2018 21:06:13 +0000 (23:06 +0200)]
ansible: add todo message for nicoo
Christian Pointner [Fri, 4 May 2018 20:56:50 +0000 (22:56 +0200)]
ansible: copy resulting openwrt image to correct location
Christian Pointner [Fri, 4 May 2018 19:14:48 +0000 (21:14 +0200)]
cosmetic changes
nicoo [Fri, 4 May 2018 00:51:06 +0000 (02:51 +0200)]
Tuer firmware (WIP)
Christian Pointner [Tue, 24 Apr 2018 19:31:16 +0000 (21:31 +0200)]
ansible: vm/network role improvments
Christian Pointner [Tue, 24 Apr 2018 00:20:37 +0000 (02:20 +0200)]
added support for ubuntu/xenial to vm/install role
nicoo [Sun, 22 Apr 2018 21:24:58 +0000 (23:24 +0200)]
tuer: Avoid polluting the user's homedir with go crap
nicoo [Sun, 22 Apr 2018 21:16:23 +0000 (23:16 +0200)]
tuer: Build go binaries
nicoo [Thu, 19 Apr 2018 13:59:57 +0000 (15:59 +0200)]
Ansible playbook for building a torwaechter image (WIP)
nicoo [Thu, 19 Apr 2018 13:56:43 +0000 (15:56 +0200)]
Initial role for building OpenWRT images
nicoo [Sun, 22 Apr 2018 21:13:29 +0000 (23:13 +0200)]
Add torwaechter to inventory
Christian Pointner [Sun, 22 Apr 2018 19:25:17 +0000 (21:25 +0200)]
adapt vm install role to new inventory naming scheme
Christian Pointner [Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)]
ansible: merge master to vm-install branch
nicoo [Sun, 22 Apr 2018 15:49:32 +0000 (17:49 +0200)]
Merge PR#15: ansible: first proposal for nicer inventory names
nicoo [Sun, 22 Apr 2018 15:45:37 +0000 (17:45 +0200)]
Merge PR#14: ansible: Use variables for SSH keys
nicoo [Sun, 22 Apr 2018 15:43:15 +0000 (17:43 +0200)]
roles/vm-*: Move to roles/vm/*
Christian Pointner [Sun, 22 Apr 2018 11:59:37 +0000 (13:59 +0200)]
ansible: first proposl for nicer inventory names
Christian Pointner [Sun, 22 Apr 2018 10:46:07 +0000 (12:46 +0200)]
ansible: use variables for ssh keys
Christian Pointner [Sun, 22 Apr 2018 01:59:46 +0000 (03:59 +0200)]
installer role works now but still has issues
Christian Pointner [Sat, 21 Apr 2018 21:56:18 +0000 (23:56 +0200)]
add initial vm installer role
nicoo [Sat, 21 Apr 2018 20:22:17 +0000 (22:22 +0200)]
Merge PR#11: ansible vault: set trust-model to always
nicoo [Sat, 21 Apr 2018 20:18:03 +0000 (22:18 +0200)]
Merge PR#10: ansible: enable facts caching
Christian Pointner [Sat, 21 Apr 2018 20:17:25 +0000 (22:17 +0200)]
ignore all inside .cache/
Christian Pointner [Sat, 21 Apr 2018 20:15:28 +0000 (22:15 +0200)]
ansible: make facts cahing directory hidden
Christian Pointner [Sat, 21 Apr 2018 20:09:32 +0000 (22:09 +0200)]
ansible: set trust-model to always for vault handling scripts
Christian Pointner [Sat, 21 Apr 2018 20:01:22 +0000 (22:01 +0200)]
ansible: enable facts caching
nicoo [Sat, 21 Apr 2018 19:52:50 +0000 (21:52 +0200)]
Merge PR#9: Ansible syntax cleanup and Documentation
Christian Pointner [Sat, 21 Apr 2018 19:39:30 +0000 (21:39 +0200)]
ansible: fix some typos
Christian Pointner [Sat, 21 Apr 2018 19:31:26 +0000 (21:31 +0200)]
ansible: spell checking
Christian Pointner [Sat, 21 Apr 2018 19:23:42 +0000 (21:23 +0200)]
ansible: updated vault readme
Christian Pointner [Sat, 21 Apr 2018 19:21:17 +0000 (21:21 +0200)]
ansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:14:11 +0000 (21:14 +0200)]
ansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:06:59 +0000 (21:06 +0200)]
ansible: add some docs on how to use this
Christian Pointner [Sat, 21 Apr 2018 18:55:52 +0000 (20:55 +0200)]
ansible: file names and locations cleanup
Christian Pointner [Sat, 21 Apr 2018 18:19:17 +0000 (20:19 +0200)]
ansible: cleanup yaml syntax
Nicolas Braud-Santoni [Sat, 21 Apr 2018 17:45:31 +0000 (19:45 +0200)]
Merge pull request #8 from realraum/remove-grml-debs
remove grml etc/scripts packages as we now deploy zsh config via ansible
Christian Pointner [Sat, 21 Apr 2018 17:37:41 +0000 (19:37 +0200)]
remove grml etc/scripts packages as we now deploy zsh config via ansible
Christian Pointner [Sat, 21 Apr 2018 17:29:03 +0000 (19:29 +0200)]
ansible: base role now applies on all hosts without changes
Christian Pointner [Sat, 21 Apr 2018 17:08:30 +0000 (19:08 +0200)]
ansible: fix reserved variable warning
Nicolas Braud-Santoni [Sat, 21 Apr 2018 16:59:07 +0000 (18:59 +0200)]
Merge pull request #5 from realraum/ansible-fixup
Make Ansible-based automation work
nicoo [Sat, 21 Apr 2018 16:58:47 +0000 (18:58 +0200)]
ansible/role/localconfig: Minor cleanup
nicoo [Sat, 21 Apr 2018 16:55:21 +0000 (18:55 +0200)]
Revert "ansible/ssh: Update key for nicoo"
This reverts commit
458d4134631a83d88cc3cccb99eb0fe184920aa8.
My smartcard is currently dead, so I cannot use `nicoo@card.pub`
Christian Pointner [Sat, 21 Apr 2018 16:43:06 +0000 (18:43 +0200)]
add safeguard for overwriting ssh config
Christian Pointner [Sat, 21 Apr 2018 16:38:11 +0000 (18:38 +0200)]
added workaround for ansible bug
Christian Pointner [Sat, 21 Apr 2018 15:53:30 +0000 (17:53 +0200)]
added (not yet finished) localconfig role
Christian Pointner [Thu, 22 Mar 2018 22:08:52 +0000 (23:08 +0100)]
realraum is spelled with small letters
nicoo [Tue, 20 Mar 2018 21:36:19 +0000 (22:36 +0100)]
Add pictures of core network locations
nicoo [Tue, 20 Mar 2018 21:36:01 +0000 (22:36 +0100)]
Add (start of) Network documentation