Slavi Pantaleev
cfedf675ee
Upgrade Traefik (v2.9.10-2 -> v2.10.1-0)
2023-05-28 21:27:03 +03:00
Aine
788fa0e766
update prometheus-node-exporter 1.5.0 -> 1.6.0
2023-05-27 15:59:54 +00:00
Aine
d475a4906d
update ntfy 2.4.0 -> 2.5.0
2023-05-18 20:51:15 +00:00
Aine
c8dbb437b9
fix prometheus postgres exporter role name
2023-05-17 18:29:22 +00:00
Slavi Pantaleev
cd116d3bc6
Merge pull request #2689 from moan0s/postgres-exporter
...
Move postgres-exporter repo
2023-05-17 21:21:17 +03:00
Slavi Pantaleev
017a795105
Upgrade aux (v1.0.0-0 -> v1.0.0-1)
2023-05-17 21:19:47 +03:00
Julian-Samuel Gebühr
98d8723694
Move postgres-exporter repo
2023-05-17 14:58:22 +02:00
Aine
e435c6bb55
update borgmatic 1.7.12 -> 1.7.13
2023-05-16 19:48:09 +00:00
Slavi Pantaleev
62c92578b5
Upgrade Postgres (minor versions upgrade)
2023-05-15 06:57:56 +03:00
Aine
25a4af1d3b
Update prometheus v2.43.0 -> 2.44.0
2023-05-14 22:20:29 +00:00
Slavi Pantaleev
1b9a29fba6
Upgrade Grafana (v9.5.1-0 -> v9.5.2-0)
2023-05-11 09:42:19 +03:00
Slavi Pantaleev
f102d75e13
Upgrade backup-borg (v1.2.4-1.7.12-1 -> v1.2.4-1.7.12-2)
2023-05-11 09:42:13 +03:00
Aine
76d50a85fb
Update jitsi stable-8319 -> stable-8615
2023-05-02 11:02:52 +00:00
Slavi Pantaleev
d4676f2c7c
Upgrade com.devture.ansible.role.timesync to pinned tag (v1.0.0-0)
2023-04-29 08:21:02 +03:00
Slavi Pantaleev
a4e6f91ebb
Upgrade com.devture.ansible.role.systemd_service_manager (v1.0.0-0 -> v1.0.0-1)
2023-04-27 17:55:51 +03:00
Slavi Pantaleev
f0e5a00802
Upgrade backup-borg (v1.2.4-1.7.12-0 -> v1.2.4-1.7.12-1)
2023-04-27 17:55:39 +03:00
Aine
b74ddf1c6b
update grafana (2.4.7 -> 2.5.1); update ntfy (2.3.1 -> 2.4.0)
2023-04-26 21:35:04 +00:00
Slavi Pantaleev
c62896b97e
Upgrade Traefik (v2.9.10-1 -> v2.9.10-2)
2023-04-18 10:59:02 +03:00
Slavi Pantaleev
66930c9d75
Upgrade systemd_docker_base, container_socket_proxy, Traefik
...
These roles now obey
`devture_systemd_docker_base_container_image_pull_method` and `devture_systemd_docker_base_container_network_creation_method`
and can work on systems which don't have the Docker SDK for Python
installed by avoiding the various Ansible Docker modules and using raw
`docker` commands for pulling images and creating networks.
2023-04-18 10:41:55 +03:00
Aine
2f11bf39c3
Update borgmatic 1.7.11 -> 1.7.12
2023-04-14 06:05:24 +00:00
Slavi Pantaleev
2649d9d8bb
Fix lint-reported errors
2023-04-08 08:10:22 +03:00
Slavi Pantaleev
45c92ba7db
Upgrade Traefik (2.9.9 -> 2.9.10)
2023-04-07 08:09:57 +03:00
Aine
8f43385f16
add borgmatic cli
2023-04-04 21:05:02 +00:00
Aine
df5df0b386
Update borgmatic 1.7.10 -> 1.7.11
2023-04-04 11:24:14 +00:00
Slavi Pantaleev
1d00d15482
Switch to exported Jitsi role
2023-04-03 08:53:46 +03:00
Slavi Pantaleev
6538b707fe
Auto-sort roles in requirements.yml with agru
2023-03-31 17:09:07 +03:00
Aine
f68038c1db
Update ntfy 2.3.0 -> 2.3.1
2023-03-31 11:05:41 +00:00
Aine
39c8817aaa
fix typo
2023-03-30 07:46:41 +00:00
Aine
cc40984b03
Update requirements.yml
2023-03-30 07:44:14 +00:00
Slavi Pantaleev
82a484c62f
Upgrade Grafana (v9.4.7-0 -> v9.4.7-1)
2023-03-28 12:24:37 +03:00
Aine
3d3212725e
Update borgmatic 1.7.9 -> 1.7.10
2023-03-28 08:01:39 +00:00
Slavi Pantaleev
6732901c70
Upgrade com.devture.ansible.role.systemd_service_manager
2023-03-28 10:54:47 +03:00
Aine
34a03cf732
safely integrate agru, format justfile, format requirements.yml
2023-03-25 17:47:13 +02:00
Slavi Pantaleev
e60febc9ca
Use git for fetching the geerlingguy.docker role
...
With this change, all dependency roles are downloaded
using the same mechanism (git), which makes life simpler for tools like
https://gitlab.com/etke.cc/int/agru
2023-03-25 08:56:12 +02:00
Aine
e04894de7c
Update borg 1.2.3 -> 1.2.4
2023-03-24 07:54:06 +00:00
Slavi Pantaleev
6b3ab052f6
Upgrade prometheus_node_exporter (v1.5.0-6 -> v1.5.0-7)
2023-03-23 11:02:27 +02:00
Aine
1a23016570
Update grafana v9.4.3 -> v9.4.7
2023-03-22 16:54:39 +00:00
Slavi Pantaleev
c222391e77
Upgrade Traefik (v2.9.8-2 -> v2.9.9-0)
2023-03-22 07:46:53 +02:00
Slavi Pantaleev
7a7c75c6a4
Upgrade prometheus_postgres_exporter (v0.11.1-2 -> v0.12.0-0)
2023-03-22 07:43:54 +02:00
Slavi Pantaleev
4a009480ae
Merge pull request #2593 from etkecc/patch-197
...
Update prometheus v2.42.0 -> v2.43.0
2023-03-21 20:14:43 +02:00
Aine
045542be76
Update redis 7.0.9 -> 7.0.10
2023-03-21 18:03:53 +00:00
Aine
5c0cc0168c
Update prometheus v2.42.0 -> v2.43.0
2023-03-21 17:59:58 +00:00
Slavi Pantaleev
14b8efcad2
Replace matrix-prometheus with an external Prometheus role
2023-03-21 07:38:12 +02:00
Slavi Pantaleev
d351213486
Upgrade prometheus_node_exporter (v1.5.0-4 -> v1.5.0-6)
2023-03-21 07:29:21 +02:00
Slavi Pantaleev
220d80ac3a
Move matrix-aux outside of this playbook
2023-03-20 11:06:27 +02:00
Aine
b01e7b1ae5
update ntfy 2.1.2 -> 2.2.0
2023-03-18 19:29:20 +00:00
Aine
88dc5e0de0
migrate prometheus-node-exporter's var
2023-03-18 10:26:29 +02:00
Aine
ff6e7f0ac5
Update borgmatic 1.7.8 -> 1.7.9
2023-03-16 21:03:55 +00:00
Slavi Pantaleev
d6975e4ab8
Upgrade com.devture.ansible.role.postgres
2023-03-16 14:57:40 +02:00
Aine
122a834a7f
update prometheus-node-exporter 1.5.0-2 -> 1.5.0-3
2023-03-10 20:23:13 +00:00
Slavi Pantaleev
70af9a4481
Upgrade Traefik (v2.9.8-1 -> v2.9.8-2) - not using unprivileged ports anymore
2023-03-09 08:56:58 +02:00
Slavi Pantaleev
26fdae3797
Upgrade com.devture.ansible.role.container_socket_proxy
2023-03-06 10:29:58 +02:00
Slavi Pantaleev
bf2b540807
Harden Traefik security by accessing the Docker API through docker-socket-proxy
...
With these changes, we:
- install https://github.com/Tecnativa/docker-socket-proxy via the
https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role
- make Traefik access the Docker API via TCP by connecting to this
socket proxy
- .. which allows us to run the Traefik container with less privileges
(non-`root`, dropped capabilities)
2023-03-06 09:11:02 +02:00
Aine
6a6761cb88
Update ntfy 2.1.1 -> 2.1.2
2023-03-05 10:17:07 +00:00
Aine
e588f5eaec
update grafana 9.4.2 -> 9.4.3
2023-03-03 07:47:47 +00:00
Slavi Pantaleev
8acfcf8bf1
Merge pull request #2537 from etkecc/patch-185
...
update borgmatic 1.7.7 -> 1.7.8
2023-03-03 09:35:43 +02:00
Slavi Pantaleev
70b67b12bc
Upgrade com.devture.ansible.role.postgres_backup
2023-03-03 09:04:13 +02:00
Slavi Pantaleev
0dcfc74fc8
Upgrade com.devture.ansible.role.traefik_certs_dumper
2023-03-03 09:00:30 +02:00
Slavi Pantaleev
49b7d805ee
Upgrade com.devture.ansible.role.traefik
2023-03-03 09:00:30 +02:00
Aine
bb19de4a5f
update borgmatic 1.7.7 -> 1.7.8
2023-03-03 06:21:26 +00:00
Aine
47cfec726f
update grafana 9.4.1 -> 9.4.2
2023-03-03 06:18:52 +00:00
Slavi Pantaleev
849248b165
Upgrade Etherpad role (v1.8.18-1 -> v1.8.18-2)
2023-03-02 23:00:18 +02:00
Slavi Pantaleev
795c335395
Upgrade Etherpad role (v1.8.18-0 -> v1.8.18-1)
2023-03-02 22:58:45 +02:00
Slavi Pantaleev
124fbeda04
Switch to using an external Etherpad role
...
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
2023-03-02 22:50:13 +02:00
Slavi Pantaleev
ae76db4d77
Upgrade com.devture.ansible.role.traefik_certs_dumper for wait time increase (60 -> 180 sec.)
2023-03-02 16:06:11 +02:00
Aine
4cd9e65d6d
update ntfy 2.1.0 -> 2.1.1
2023-03-01 20:09:54 +00:00
Slavi Pantaleev
adc18251a9
Upgrade com.devture.ansible.role.traefik (2.9.6 -> 2.9.8)
2023-03-01 12:47:55 +02:00
Slavi Pantaleev
a4b401c4da
Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
2023-03-01 12:32:30 +02:00
Slavi Pantaleev
468bed653e
Upgrade Redis (v7.0.7-0 -> v7.0.9-0)
2023-03-01 10:30:09 +02:00
Aine
0aede060f3
Update grafana 9.3.6 -> 9.4.1
2023-02-28 13:18:21 +00:00
Slavi Pantaleev
e6ba7cc2c9
Upgrade com.devture.ansible.role.traefik
2023-02-27 16:32:37 +02:00
Slavi Pantaleev
d5910d0421
Upgrade com.devture.ansible.role.docker_sdk_for_python
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2522
2023-02-27 08:27:41 +02:00
Slavi Pantaleev
31857ea9bb
Upgrade com.devture.ansible.role.traefik_certs_dumper
2023-02-26 19:49:01 +02:00
Slavi Pantaleev
7c622bd249
Upgrade com.devture.ansible.role.traefik
2023-02-26 19:12:10 +02:00
Aine
e625e9aa5b
fix postgres version detection in the borg role
2023-02-26 10:41:40 +00:00
Aine
252e542bc5
Update ntfy 2.0.1 -> 2.1.0
2023-02-26 08:19:51 +00:00
Slavi Pantaleev
53f8a0c6ae
Upgrade com.devture.ansible.role.traefik
2023-02-24 20:27:15 +02:00
Slavi Pantaleev
84c5b44bea
Upgrade com.devture.ansible.role.docker_sdk_for_python
2023-02-22 16:09:16 +02:00
Aine
cbc8f0c6e6
Update borgmatic 1.7.6 -> 1.7.7
2023-02-21 10:14:53 +00:00
Slavi Pantaleev
8e592fb0c1
Upgrade grafana role (v9.3.6-1 -> v9.3.6-2)
2023-02-20 16:53:19 +02:00
Slavi Pantaleev
a758301bf6
Upgrade geerlingguy.docker (6.0.4 -> 6.1.0)
2023-02-19 10:20:40 +02:00
Slavi Pantaleev
0da308e24d
Upgrade com.devture.ansible.role.traefik
2023-02-19 10:20:13 +02:00
Aine
886d1cddd0
Update ntfy v2.0.0-1 -> v2.0.1-0
2023-02-18 19:10:23 +00:00
Slavi Pantaleev
154d077ec7
Upgrade ntfy (v2.0.0-0 -> v2.0.0-1)
2023-02-17 16:24:10 +02:00
Slavi Pantaleev
990a6369e1
Switch to using an external Redis role
2023-02-17 16:23:59 +02:00
Slavi Pantaleev
964aa0e84d
Switch to using an external Ntfy role
...
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.
The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.
The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2023-02-17 09:54:33 +02:00
Slavi Pantaleev
7c5826f1c3
Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role
...
Wiring happens via `group_vars/matrix_servers` now.
2023-02-15 10:52:25 +02:00
Slavi Pantaleev
1006b8d899
Replace matrix-grafana with an external role
2023-02-15 10:32:24 +02:00
Slavi Pantaleev
266195ab45
Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0)
...
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
2023-02-13 12:26:49 +02:00
Slavi Pantaleev
65730b84d3
Upgrade backup_borg (v1.2.3-1.7.5-0 -> v1.2.3-1.7.5-1)
2023-02-13 11:51:11 +02:00
Slavi Pantaleev
78c35136b2
Replace matrix-backup-borg with an external role
2023-02-13 10:53:11 +02:00
Slavi Pantaleev
c289996cd9
Upgrade com.devture.ansible.role.traefik
2023-02-09 10:16:41 +02:00
Slavi Pantaleev
a5683a6449
Upgrade com.devture.ansible.role.traefik and rename some variables
2023-02-09 10:12:09 +02:00
Slavi Pantaleev
1338963b6c
Add support for obtaining additional SSL certificates via Traefik
2023-02-08 18:47:19 +02:00
Slavi Pantaleev
c07630ed51
Add com.devture.ansible.role.traefik_certs_dumper role
...
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Slavi Pantaleev
8155f780e5
Add support for reverse-proxying Matric (Client & Federation) via Traefik
2023-02-06 13:08:11 +02:00
Slavi Pantaleev
f983604695
Initial work on Traefik support
...
This gets us started on adding a Traefik role and hooking Traefik:
- directly to services which support Traefik - we only have a few of
these right now, but the list will grow
- to matrix-nginx-proxy for most services that integrate with
matrix-nginx-proxy right now
Traefik usage should be disabled by default for now and nothing should
change for people just yet.
Enabling these experiments requires additional configuration like this:
```yaml
devture_traefik_ssl_email_address: '.....'
matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
matrix_coturn_enabled: false
```
What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev
946bbe9734
Upgrade prometheus_node_exporter (v1.5.0-1 -> v1.5.0-2)
2023-02-06 09:54:34 +02:00
Slavi Pantaleev
5de5b5c62c
Upgrade prometheus_postgres_exporter (v0.11.1-1 -> v0.11.1-2)
2023-02-06 09:49:15 +02:00
Slavi Pantaleev
045ed94d43
Upgrade prometheus_postgres_exporter (v0.11.1-0 -> v0.11.1-1)
2023-02-05 10:54:51 +02:00