Commit Graph

336 Commits

Author SHA1 Message Date
Slavi Pantaleev
c222391e77 Upgrade Traefik (v2.9.8-2 -> v2.9.9-0) 2023-03-22 07:46:53 +02:00
Slavi Pantaleev
7a7c75c6a4 Upgrade prometheus_postgres_exporter (v0.11.1-2 -> v0.12.0-0) 2023-03-22 07:43:54 +02:00
Slavi Pantaleev
4a009480ae
Merge pull request #2593 from etkecc/patch-197
Update prometheus v2.42.0 -> v2.43.0
2023-03-21 20:14:43 +02:00
Aine
045542be76
Update redis 7.0.9 -> 7.0.10 2023-03-21 18:03:53 +00:00
Aine
5c0cc0168c
Update prometheus v2.42.0 -> v2.43.0 2023-03-21 17:59:58 +00:00
Slavi Pantaleev
14b8efcad2 Replace matrix-prometheus with an external Prometheus role 2023-03-21 07:38:12 +02:00
Slavi Pantaleev
d351213486 Upgrade prometheus_node_exporter (v1.5.0-4 -> v1.5.0-6) 2023-03-21 07:29:21 +02:00
Slavi Pantaleev
220d80ac3a Move matrix-aux outside of this playbook 2023-03-20 11:06:27 +02:00
Aine
b01e7b1ae5
update ntfy 2.1.2 -> 2.2.0 2023-03-18 19:29:20 +00:00
Aine
88dc5e0de0
migrate prometheus-node-exporter's var 2023-03-18 10:26:29 +02:00
Aine
ff6e7f0ac5
Update borgmatic 1.7.8 -> 1.7.9 2023-03-16 21:03:55 +00:00
Slavi Pantaleev
d6975e4ab8 Upgrade com.devture.ansible.role.postgres 2023-03-16 14:57:40 +02:00
Aine
122a834a7f
update prometheus-node-exporter 1.5.0-2 -> 1.5.0-3 2023-03-10 20:23:13 +00:00
Slavi Pantaleev
70af9a4481 Upgrade Traefik (v2.9.8-1 -> v2.9.8-2) - not using unprivileged ports anymore 2023-03-09 08:56:58 +02:00
Slavi Pantaleev
26fdae3797 Upgrade com.devture.ansible.role.container_socket_proxy 2023-03-06 10:29:58 +02:00
Slavi Pantaleev
bf2b540807 Harden Traefik security by accessing the Docker API through docker-socket-proxy
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
2023-03-06 09:11:02 +02:00
Aine
6a6761cb88
Update ntfy 2.1.1 -> 2.1.2 2023-03-05 10:17:07 +00:00
Aine
e588f5eaec
update grafana 9.4.2 -> 9.4.3 2023-03-03 07:47:47 +00:00
Slavi Pantaleev
8acfcf8bf1
Merge pull request #2537 from etkecc/patch-185
update borgmatic 1.7.7 -> 1.7.8
2023-03-03 09:35:43 +02:00
Slavi Pantaleev
70b67b12bc Upgrade com.devture.ansible.role.postgres_backup 2023-03-03 09:04:13 +02:00
Slavi Pantaleev
0dcfc74fc8 Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-03-03 09:00:30 +02:00
Slavi Pantaleev
49b7d805ee Upgrade com.devture.ansible.role.traefik 2023-03-03 09:00:30 +02:00
Aine
bb19de4a5f
update borgmatic 1.7.7 -> 1.7.8 2023-03-03 06:21:26 +00:00
Aine
47cfec726f
update grafana 9.4.1 -> 9.4.2 2023-03-03 06:18:52 +00:00
Slavi Pantaleev
849248b165 Upgrade Etherpad role (v1.8.18-1 -> v1.8.18-2) 2023-03-02 23:00:18 +02:00
Slavi Pantaleev
795c335395 Upgrade Etherpad role (v1.8.18-0 -> v1.8.18-1) 2023-03-02 22:58:45 +02:00
Slavi Pantaleev
124fbeda04 Switch to using an external Etherpad role
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
2023-03-02 22:50:13 +02:00
Slavi Pantaleev
ae76db4d77 Upgrade com.devture.ansible.role.traefik_certs_dumper for wait time increase (60 -> 180 sec.) 2023-03-02 16:06:11 +02:00
Aine
4cd9e65d6d
update ntfy 2.1.0 -> 2.1.1 2023-03-01 20:09:54 +00:00
Slavi Pantaleev
adc18251a9 Upgrade com.devture.ansible.role.traefik (2.9.6 -> 2.9.8) 2023-03-01 12:47:55 +02:00
Slavi Pantaleev
a4b401c4da Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
2023-03-01 12:32:30 +02:00
Slavi Pantaleev
468bed653e Upgrade Redis (v7.0.7-0 -> v7.0.9-0) 2023-03-01 10:30:09 +02:00
Aine
0aede060f3
Update grafana 9.3.6 -> 9.4.1 2023-02-28 13:18:21 +00:00
Slavi Pantaleev
e6ba7cc2c9 Upgrade com.devture.ansible.role.traefik 2023-02-27 16:32:37 +02:00
Slavi Pantaleev
d5910d0421 Upgrade com.devture.ansible.role.docker_sdk_for_python
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2522
2023-02-27 08:27:41 +02:00
Slavi Pantaleev
31857ea9bb Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-02-26 19:49:01 +02:00
Slavi Pantaleev
7c622bd249 Upgrade com.devture.ansible.role.traefik 2023-02-26 19:12:10 +02:00
Aine
e625e9aa5b
fix postgres version detection in the borg role 2023-02-26 10:41:40 +00:00
Aine
252e542bc5
Update ntfy 2.0.1 -> 2.1.0 2023-02-26 08:19:51 +00:00
Slavi Pantaleev
53f8a0c6ae Upgrade com.devture.ansible.role.traefik 2023-02-24 20:27:15 +02:00
Slavi Pantaleev
84c5b44bea Upgrade com.devture.ansible.role.docker_sdk_for_python 2023-02-22 16:09:16 +02:00
Aine
cbc8f0c6e6
Update borgmatic 1.7.6 -> 1.7.7 2023-02-21 10:14:53 +00:00
Slavi Pantaleev
8e592fb0c1 Upgrade grafana role (v9.3.6-1 -> v9.3.6-2) 2023-02-20 16:53:19 +02:00
Slavi Pantaleev
a758301bf6 Upgrade geerlingguy.docker (6.0.4 -> 6.1.0) 2023-02-19 10:20:40 +02:00
Slavi Pantaleev
0da308e24d Upgrade com.devture.ansible.role.traefik 2023-02-19 10:20:13 +02:00
Aine
886d1cddd0
Update ntfy v2.0.0-1 -> v2.0.1-0 2023-02-18 19:10:23 +00:00
Slavi Pantaleev
154d077ec7 Upgrade ntfy (v2.0.0-0 -> v2.0.0-1) 2023-02-17 16:24:10 +02:00
Slavi Pantaleev
990a6369e1 Switch to using an external Redis role 2023-02-17 16:23:59 +02:00
Slavi Pantaleev
964aa0e84d Switch to using an external Ntfy role
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.

The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.

The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2023-02-17 09:54:33 +02:00
Slavi Pantaleev
7c5826f1c3 Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role
Wiring happens via `group_vars/matrix_servers` now.
2023-02-15 10:52:25 +02:00
Slavi Pantaleev
1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev
266195ab45 Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0)
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
2023-02-13 12:26:49 +02:00
Slavi Pantaleev
65730b84d3 Upgrade backup_borg (v1.2.3-1.7.5-0 -> v1.2.3-1.7.5-1) 2023-02-13 11:51:11 +02:00
Slavi Pantaleev
78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev
c289996cd9 Upgrade com.devture.ansible.role.traefik 2023-02-09 10:16:41 +02:00
Slavi Pantaleev
a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Slavi Pantaleev
1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev
c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Slavi Pantaleev
8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
Slavi Pantaleev
f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev
946bbe9734 Upgrade prometheus_node_exporter (v1.5.0-1 -> v1.5.0-2) 2023-02-06 09:54:34 +02:00
Slavi Pantaleev
5de5b5c62c Upgrade prometheus_postgres_exporter (v0.11.1-1 -> v0.11.1-2) 2023-02-06 09:49:15 +02:00
Slavi Pantaleev
045ed94d43 Upgrade prometheus_postgres_exporter (v0.11.1-0 -> v0.11.1-1) 2023-02-05 10:54:51 +02:00
Slavi Pantaleev
be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev
e43ba65dd3 Upgrade prometheus_node_exporter (v1.5.0-0 -> v1.5.0-1) 2023-01-27 08:46:16 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev
c27021b29b Upgrade com.devture.ansible.role.timesync 2023-01-17 14:51:00 +02:00
Slavi Pantaleev
f64745c6ac Upgrade com.devture.ansible.role.timesync
Related to https://github.com/devture/com.devture.ansible.role.timesync
2023-01-17 14:47:57 +02:00
Slavi Pantaleev
4c5d945ad3 Upgrade com.devture.ansible.role.postgres 2023-01-13 18:12:22 +02:00
Slavi Pantaleev
c874830de3 Upgrade com.devture.ansible.role.postgres
The new version uses the corresponding container image when running
vacuum, not the latest Postgres version.
2023-01-13 09:42:04 +02:00
Slavi Pantaleev
d018677293 Upgrade geerlingguy.docker (6.0.3 -> 6.0.4) 2022-12-30 18:12:38 +02:00
Slavi Pantaleev
4589f94053 Upgrade Postgres (minor versions upgrade) 2022-12-02 19:17:35 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev
b25385dffd Upgrade com.devture.ansible.role.postgres 2022-11-29 20:16:29 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
4bb3a38de6 Upgrade com.devture.ansible.role.postgres 2022-11-27 11:24:53 +02:00
Slavi Pantaleev
04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev
7c2a7a8eb6 Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00
Slavi Pantaleev
54cacc927e Upgrade com.devture.ansible.role.docker_sdk_for_python 2022-11-23 14:33:07 +02:00
Slavi Pantaleev
ccfaefa4d2 Add service groups 2022-11-23 11:45:47 +02:00
Slavi Pantaleev
93d4f8d425 Replace matrix-common-after systemd service management with com.devture.ansible.role.systemd_service_manager 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
d8f2141eb0 Install Docker via geerlingguy.docker Galaxy role 2022-11-22 09:01:26 +02:00
Slavi Pantaleev
5ff59eb31a Upgrade com.devture.ansible.role.playbook_state_preserver 2022-11-05 06:56:10 +02:00
Slavi Pantaleev
04c6c11561 Install ntpd/systemd-timesync via com.devture.ansible.role.timesync 2022-11-04 16:34:23 +02:00
Slavi Pantaleev
c3a7237de7 Initial work on using externally defined roles 2022-11-04 14:58:28 +02:00