Christian Pointner [Sun, 3 Jun 2018 13:42:31 +0000 (15:42 +0200)]
ansible: torwaechter is already part of the dynamically generated ssh config
Christian Pointner [Sat, 2 Jun 2018 02:06:08 +0000 (04:06 +0200)]
torwaechter is moved to new mgmt vlan
Christian Pointner [Sat, 2 Jun 2018 01:19:41 +0000 (03:19 +0200)]
new mgmt vlan is established
Christian Pointner [Fri, 1 Jun 2018 23:26:54 +0000 (01:26 +0200)]
new IP-IP Tunnel from mur.at is done
Christian Pointner [Fri, 1 Jun 2018 23:11:57 +0000 (01:11 +0200)]
added gnocci roadmap
Bernhard Tittelbach [Tue, 22 May 2018 20:35:44 +0000 (22:35 +0200)]
new ssh pubkey
nicoo [Mon, 21 May 2018 12:02:28 +0000 (14:02 +0200)]
roles/openwrt-image: Pin the LEDE release signing key
This addresses a security issue where an attacker with a key that GnuPG
considers valid (but doesn't claim to be LEDE's) can get their signature
accepted on malicious files.
This should also solve the issue equinox had with key validity.
Christian Pointner [Mon, 21 May 2018 11:32:08 +0000 (13:32 +0200)]
disable parsing of gpg options file
Christian Pointner [Mon, 21 May 2018 01:02:51 +0000 (03:02 +0200)]
unarchive seems to do its job now?!
Christian Pointner [Mon, 21 May 2018 00:59:22 +0000 (02:59 +0200)]
make fstab handling for openwrt safe
Christian Pointner [Mon, 21 May 2018 00:45:46 +0000 (02:45 +0200)]
revamped temporary directories
Christian Pointner [Mon, 21 May 2018 00:11:06 +0000 (02:11 +0200)]
Merge pull request #16 from realraum/openwrt-image
Role for building OpenWrt images
nicoo [Mon, 21 May 2018 00:09:49 +0000 (02:09 +0200)]
Merge PR#12: add initial vm installer role
nicoo [Mon, 21 May 2018 00:01:13 +0000 (02:01 +0200)]
roles/openwrt-image: Cache downloaded files
Christian Pointner [Sun, 20 May 2018 23:52:24 +0000 (01:52 +0200)]
move openwrt image config to host_vars
nicoo [Sun, 20 May 2018 23:23:09 +0000 (01:23 +0200)]
tuer: Add sftp support
nicoo [Sun, 20 May 2018 23:12:26 +0000 (01:12 +0200)]
tuer: Add missing packages
nicoo [Sun, 20 May 2018 22:57:18 +0000 (00:57 +0200)]
roles/openwrt-image: Fixup directory modes
Christian Pointner [Sun, 20 May 2018 22:55:26 +0000 (00:55 +0200)]
added uci system settings
nicoo [Sun, 20 May 2018 22:22:56 +0000 (00:22 +0200)]
tuer: Add stuff for tuergit
nicoo [Sun, 20 May 2018 21:36:14 +0000 (23:36 +0200)]
fixup! roles/openwrt-image: Add support for setting file modes
nicoo [Wed, 16 May 2018 21:02:17 +0000 (23:02 +0200)]
tuer: Add AuthorizedKeys script for tuerctl
nicoo [Wed, 16 May 2018 21:00:17 +0000 (23:00 +0200)]
tuer: Replace dropbear with openssh-server
This is a work-in-progress, the configuration is currently broken...
We use /etc/ssh/authorized_keys.d so non-root users cannot edit
authorized keys.
nicoo [Wed, 16 May 2018 20:58:51 +0000 (22:58 +0200)]
fixup! roles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 19:36:44 +0000 (21:36 +0200)]
roles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 19:33:13 +0000 (21:33 +0200)]
roles/openwrt-image: Support configuring mountpoints
nicoo [Wed, 16 May 2018 19:32:27 +0000 (21:32 +0200)]
roles/openwrt-image: Natively support UCI configuration
nicoo [Wed, 16 May 2018 19:28:16 +0000 (21:28 +0200)]
tuer: Make installed binaries executable
nicoo [Sun, 6 May 2018 11:39:03 +0000 (13:39 +0200)]
roles/openwrt-image: Add support for setting file modes
nicoo [Sun, 6 May 2018 11:38:40 +0000 (13:38 +0200)]
roles/openwrt-image: Refactor openwrt-mixins
nicoo [Sun, 6 May 2018 11:14:09 +0000 (13:14 +0200)]
tuer: Disallow all password auth
Christian Pointner [Fri, 4 May 2018 22:05:31 +0000 (00:05 +0200)]
fix localconfig ssh user for openwrt hosts
Christian Pointner [Fri, 4 May 2018 21:06:13 +0000 (23:06 +0200)]
ansible: add todo message for nicoo
Christian Pointner [Fri, 4 May 2018 20:56:50 +0000 (22:56 +0200)]
ansible: copy resulting openwrt image to correct location
Christian Pointner [Fri, 4 May 2018 19:14:48 +0000 (21:14 +0200)]
cosmetic changes
nicoo [Fri, 4 May 2018 00:51:06 +0000 (02:51 +0200)]
Tuer firmware (WIP)
Christian Pointner [Tue, 24 Apr 2018 19:31:16 +0000 (21:31 +0200)]
ansible: vm/network role improvments
Christian Pointner [Tue, 24 Apr 2018 00:20:37 +0000 (02:20 +0200)]
added support for ubuntu/xenial to vm/install role
nicoo [Sun, 22 Apr 2018 21:24:58 +0000 (23:24 +0200)]
tuer: Avoid polluting the user's homedir with go crap
nicoo [Sun, 22 Apr 2018 21:16:23 +0000 (23:16 +0200)]
tuer: Build go binaries
nicoo [Thu, 19 Apr 2018 13:59:57 +0000 (15:59 +0200)]
Ansible playbook for building a torwaechter image (WIP)
nicoo [Thu, 19 Apr 2018 13:56:43 +0000 (15:56 +0200)]
Initial role for building OpenWRT images
nicoo [Sun, 22 Apr 2018 21:13:29 +0000 (23:13 +0200)]
Add torwaechter to inventory
Christian Pointner [Sun, 22 Apr 2018 19:25:17 +0000 (21:25 +0200)]
adapt vm install role to new inventory naming scheme
Christian Pointner [Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)]
ansible: merge master to vm-install branch
nicoo [Sun, 22 Apr 2018 15:49:32 +0000 (17:49 +0200)]
Merge PR#15: ansible: first proposal for nicer inventory names
nicoo [Sun, 22 Apr 2018 15:45:37 +0000 (17:45 +0200)]
Merge PR#14: ansible: Use variables for SSH keys
nicoo [Sun, 22 Apr 2018 15:43:15 +0000 (17:43 +0200)]
roles/vm-*: Move to roles/vm/*
Christian Pointner [Sun, 22 Apr 2018 11:59:37 +0000 (13:59 +0200)]
ansible: first proposl for nicer inventory names
Christian Pointner [Sun, 22 Apr 2018 10:46:07 +0000 (12:46 +0200)]
ansible: use variables for ssh keys
Christian Pointner [Sun, 22 Apr 2018 01:59:46 +0000 (03:59 +0200)]
installer role works now but still has issues
Christian Pointner [Sat, 21 Apr 2018 21:56:18 +0000 (23:56 +0200)]
add initial vm installer role
nicoo [Sat, 21 Apr 2018 20:22:17 +0000 (22:22 +0200)]
Merge PR#11: ansible vault: set trust-model to always
nicoo [Sat, 21 Apr 2018 20:18:03 +0000 (22:18 +0200)]
Merge PR#10: ansible: enable facts caching
Christian Pointner [Sat, 21 Apr 2018 20:17:25 +0000 (22:17 +0200)]
ignore all inside .cache/
Christian Pointner [Sat, 21 Apr 2018 20:15:28 +0000 (22:15 +0200)]
ansible: make facts cahing directory hidden
Christian Pointner [Sat, 21 Apr 2018 20:09:32 +0000 (22:09 +0200)]
ansible: set trust-model to always for vault handling scripts
Christian Pointner [Sat, 21 Apr 2018 20:01:22 +0000 (22:01 +0200)]
ansible: enable facts caching
nicoo [Sat, 21 Apr 2018 19:52:50 +0000 (21:52 +0200)]
Merge PR#9: Ansible syntax cleanup and Documentation
Christian Pointner [Sat, 21 Apr 2018 19:39:30 +0000 (21:39 +0200)]
ansible: fix some typos
Christian Pointner [Sat, 21 Apr 2018 19:31:26 +0000 (21:31 +0200)]
ansible: spell checking
Christian Pointner [Sat, 21 Apr 2018 19:23:42 +0000 (21:23 +0200)]
ansible: updated vault readme
Christian Pointner [Sat, 21 Apr 2018 19:21:17 +0000 (21:21 +0200)]
ansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:14:11 +0000 (21:14 +0200)]
ansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:06:59 +0000 (21:06 +0200)]
ansible: add some docs on how to use this
Christian Pointner [Sat, 21 Apr 2018 18:55:52 +0000 (20:55 +0200)]
ansible: file names and locations cleanup
Christian Pointner [Sat, 21 Apr 2018 18:19:17 +0000 (20:19 +0200)]
ansible: cleanup yaml syntax
Nicolas Braud-Santoni [Sat, 21 Apr 2018 17:45:31 +0000 (19:45 +0200)]
Merge pull request #8 from realraum/remove-grml-debs
remove grml etc/scripts packages as we now deploy zsh config via ansible
Christian Pointner [Sat, 21 Apr 2018 17:37:41 +0000 (19:37 +0200)]
remove grml etc/scripts packages as we now deploy zsh config via ansible
Christian Pointner [Sat, 21 Apr 2018 17:29:03 +0000 (19:29 +0200)]
ansible: base role now applies on all hosts without changes
Christian Pointner [Sat, 21 Apr 2018 17:08:30 +0000 (19:08 +0200)]
ansible: fix reserved variable warning
Nicolas Braud-Santoni [Sat, 21 Apr 2018 16:59:07 +0000 (18:59 +0200)]
Merge pull request #5 from realraum/ansible-fixup
Make Ansible-based automation work
nicoo [Sat, 21 Apr 2018 16:58:47 +0000 (18:58 +0200)]
ansible/role/localconfig: Minor cleanup
nicoo [Sat, 21 Apr 2018 16:55:21 +0000 (18:55 +0200)]
Revert "ansible/ssh: Update key for nicoo"
This reverts commit
458d4134631a83d88cc3cccb99eb0fe184920aa8.
My smartcard is currently dead, so I cannot use `nicoo@card.pub`
Christian Pointner [Sat, 21 Apr 2018 16:43:06 +0000 (18:43 +0200)]
add safeguard for overwriting ssh config
Christian Pointner [Sat, 21 Apr 2018 16:38:11 +0000 (18:38 +0200)]
added workaround for ansible bug
Christian Pointner [Sat, 21 Apr 2018 15:53:30 +0000 (17:53 +0200)]
added (not yet finished) localconfig role
Christian Pointner [Thu, 22 Mar 2018 22:08:52 +0000 (23:08 +0100)]
realraum is spelled with small letters
nicoo [Tue, 20 Mar 2018 21:36:19 +0000 (22:36 +0100)]
Add pictures of core network locations
nicoo [Tue, 20 Mar 2018 21:36:01 +0000 (22:36 +0100)]
Add (start of) Network documentation
Christian Pointner [Wed, 29 Nov 2017 20:58:48 +0000 (21:58 +0100)]
added license, fixes #7
nicoo [Fri, 17 Nov 2017 13:49:14 +0000 (14:49 +0100)]
ansible: Allow SSH for git@vex.realraum.at
nicoo [Fri, 17 Nov 2017 13:22:41 +0000 (14:22 +0100)]
ansible/role/base: Fixup the sshd_allowusers mess
nicoo [Fri, 17 Nov 2017 13:15:08 +0000 (14:15 +0100)]
Merge branch 'master' into ansible-fixup
Bernhard Tittelbach [Wed, 15 Nov 2017 18:02:09 +0000 (19:02 +0100)]
fixes issue #6
nicoo [Wed, 15 Nov 2017 03:32:15 +0000 (04:32 +0100)]
Merge PR#4: doc/ACME: Document cert. acquisition for LAN services
No review seems forthcoming, and this is already deployed.
nicoo [Wed, 25 Oct 2017 19:25:26 +0000 (21:25 +0200)]
doc/ACME: Document cert. acquisition for LAN services
nicoo [Wed, 15 Nov 2017 03:29:47 +0000 (04:29 +0100)]
doc/Servers: Specify that VMs aren't listed
nicoo [Wed, 15 Nov 2017 01:53:42 +0000 (02:53 +0100)]
ansible: Manage vex too
nicoo [Wed, 15 Nov 2017 00:43:33 +0000 (01:43 +0100)]
ansible/roles/base: Light refactoring
nicoo [Wed, 15 Nov 2017 00:31:42 +0000 (01:31 +0100)]
ansible: Only allow SSH from group SSH on wuerfel
nicoo [Wed, 15 Nov 2017 00:30:32 +0000 (01:30 +0100)]
ansible: Allow SSH for extra users on ctf
nicoo [Tue, 14 Nov 2017 23:53:14 +0000 (00:53 +0100)]
ansible: Allow SSH for extra users on athsdisc
nicoo [Tue, 14 Nov 2017 23:51:17 +0000 (00:51 +0100)]
ansible/roles/base: Set XDG_RUNTIME_DIR as required by systemd
nicoo [Tue, 14 Nov 2017 23:50:07 +0000 (00:50 +0100)]
ansible/roles/base: Fix mode on ZSH files and install a zprofile
nicoo [Tue, 14 Nov 2017 23:30:52 +0000 (00:30 +0100)]
ansible/roles/base: Install python-apt
It's required to be able to run Ansible's apt module in check mode.
nicoo [Tue, 14 Nov 2017 23:26:40 +0000 (00:26 +0100)]
ansible: Don't attempt to manage the alix boxes for now
nicoo [Tue, 14 Nov 2017 23:23:16 +0000 (00:23 +0100)]
ansible/roles/base: Remove unnecessary filter delimiters
Those trigger a warning in Ansible 2.4 and later
nicoo [Tue, 14 Nov 2017 23:22:11 +0000 (00:22 +0100)]
ansible: Set a longer connection timeout
My smartcard can only perform so many signatures per second
nicoo [Tue, 14 Nov 2017 23:01:30 +0000 (00:01 +0100)]
ansible/hosts: Drop tools.mgmt.realraum.at (VM decomissioned)