Ansible configuration for the Netz39 infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tux 1b952f5386 Merge pull request 'Update to new CleanURI (uritools) version' (!83) from cleanuri into master 2 weeks ago
files Add the Asterisk sound files 2 months ago
roles Add a role to set up cleanuri (uritools) 2 weeks ago
templates Add template for SIP configuration 2 months ago
.editorconfig Add EditorConfig configuration file 9 months ago
.yamllint yamllint config and fixes 2 years ago Add section in README to explain HTTPS ingress setup 1 month ago
all.yml Move tasks for all hosts to separate file 2 months ago
ansible.cfg Add ansible.cfg with inventory path 2 months ago
holmium.yml Add host cleanuri-api to HTTPS forwarding 2 weeks ago
inventory.yml Add external CleanURI setup to inventory 2 weeks ago
krypton.yml 🚚 Move entities validation service from pottwal to krypton 3 weeks ago
main.yml Call holmium playbook from main 1 month ago
oganesson.yml Add playbook for host oganesson 2 months ago
platon.yml Copy Asterisk sound files 2 months ago
pottwal.yml Add uritools-api to dehydrated 2 weeks ago
proxmox.yml Move proxmox specific tasks to separate playbook 2 months ago
radon.yml ⬆️ Bump power-meter-pulse-gateway to 0.3.0 3 weeks ago
requirements.yml 👽️ Bump ble-keykeeper-role to 1.1.0 2 months ago
tau.yml Merge pull request 'Add FFMD DNS container to provide secondary DNS server' (!69) from ffmd-dns2 into master 1 month ago
unicorn.yml Bump unicorn to v7.1.65 3 months ago

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible -i inventory.yml all --list-hosts


ansible-galaxy install -r requirements.yml

Call with

ansible-playbook -i inventory.yml --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of
  2. Create an external CNAME from this domain to
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup-http-site-proxy.

Do not forget to execute all playbooks with relevant changes.