Compare revisions

3309633c · 3309633c · 3309633c · 3309633c · 3309633c · 3309633c
--- a/verwaltung/docker_gitea/tasks/main.yml
+++ b/verwaltung/docker_gitea/tasks/main.yml
 ---
 # Get secrets 
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: /srv/gitea/mysql_root_pw, length: 24 }
    - { path: /srv/gitea/mysql_user_pw, length: 12 }

--- a/verwaltung/docker_jameica/templates/docker-compose.yml
+++ b/verwaltung/docker_jameica/templates/docker-compose.yml
@@ -36,7 +36,7 @@ services:
  nginx:
-    image: nginx:1.19
+    image: nginx:1.25
    restart: always
    depends_on:
      - vnc

--- a/verwaltung/docker_mysql/tasks/main.yml
+++ b/verwaltung/docker_mysql/tasks/main.yml
 ---
 # Get secrets
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: /srv/mysql/mysql_root_pw, length: 24 }
    - { path: /srv/mysql/mysql_user_pw, length: 12 }

--- a/verwaltung/docker_nextcloud/tasks/main.yml
+++ b/verwaltung/docker_nextcloud/tasks/main.yml
 ---
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: /srv/nextcloud/nextcloud_admin_pass,  length: 24 }
    - { path: /srv/nextcloud/mysql_admin_pass,  length: 24 }

--- a/verwaltung/docker_nextcloud/templates/docker-compose.yml
+++ b/verwaltung/docker_nextcloud/templates/docker-compose.yml
@@ -42,6 +42,9 @@ services:
      MYSQL_HOST: mysql
      NEXTCLOUD_ADMIN_USER: "admin"
      NEXTCLOUD_ADMIN_PASSWORD: "{{nextcloud_admin_pass}}"
+      OVERWRITEPROTOCOL: https
+      OVERWRITECLIURL: https://{{ domain }}
+      OVERWRITEHOST: {{ domain }}
    labels:
      - traefik.enable=true
      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)

--- a/verwaltung/jameica/tasks/main.yml
+++ b/verwaltung/jameica/tasks/main.yml
@@ -12,7 +12,7 @@
      - openjdk-11-jre
 # Get secrets 
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: /srv/mysql/mysql_user_pw, length: 12 }

--- a/webserver/docker_dokuwiki/templates/Dockerfile
+++ b/webserver/docker_dokuwiki/templates/Dockerfile
-FROM php:7.4.33-apache-bullseye
+FROM php:8.2.8-apache-bookworm
 # php-gd modul für dw2pdf plugin
 RUN apt-get update && apt-get install -y \

--- a/webserver/docker_dokuwiki/templates/sendmail_plenum.py
+++ b/webserver/docker_dokuwiki/templates/sendmail_plenum.py
@@ -30,7 +30,7 @@ def do_work():
        # There are no topics - just exit
        if (len(topics) == 0):
-            exit()
+            return True
        # calculate date of next tuesday
        d = datetime.date.today()

--- a/webserver/docker_gitlab/templates/conf/gitlab.rb
+++ b/webserver/docker_gitlab/templates/conf/gitlab.rb
@@ -1426,17 +1426,27 @@ nginx['proxy_set_headers'] = {
 ################################################################################
 # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
+logging['svlogd_size'] = 200 * 1024 * 1024
 # logging['svlogd_num'] = 30 # keep 30 rotated log files
+logging['svlogd_num'] = 30
 # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
+logging['svlogd_timeout'] = 24 * 60 * 60
 # logging['svlogd_filter'] = "gzip" # compress logs with gzip
+logging['svlogd_filter'] = "gzip"
 # logging['svlogd_udp'] = nil # transmit log messages via UDP
 # logging['svlogd_prefix'] = nil # custom prefix for log messages
 # logging['logrotate_frequency'] = "daily" # rotate logs daily
+logging['logrotate_frequency'] = "daily"
 # logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
+logging['logrotate_maxsize'] = "200M"
 # logging['logrotate_size'] = nil # do not rotate by size by default
+logging['logrotate_size'] = "50M"
 # logging['logrotate_rotate'] = 30 # keep 30 rotated logs
+logging['logrotate_rotate'] = 30
 # logging['logrotate_compress'] = "compress" # see 'man logrotate'
+logging['logrotate_compress'] = "compress"
 # logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
+logging['logrotate_method'] = "copytruncate"
 # logging['logrotate_postrotate'] = nil # no postrotate command by default
 # logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
@@ -1458,7 +1468,7 @@ nginx['proxy_set_headers'] = {
 ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
 ##! You can disable built in logrotate feature.
 ################################################################################
-# logrotate['enable'] = true
+logrotate['enable'] = true
 # logrotate['log_directory'] = "/var/log/gitlab/logrotate"
 ################################################################################

--- a/webserver/docker_icinga/tasks/main.yml
+++ b/webserver/docker_icinga/tasks/main.yml
 ---
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
    - { path: "{{ basedir }}/icinga_admin_pass",  length: 12 }

--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
-object Host "warpfire" {
+object Host "wz-router" {
  import "generic-host"
  address = "192.168.0.1"
@@ -7,11 +7,77 @@ object Host "warpfire" {
  groups = [ "network" ]
 }
-object Host "switch-sw01-hp" {
+object Host "wz-sw-core" {
  import "generic-host"
-  address = "192.168.0.100"
+  address = "192.168.0.2"
  groups = [ "network" ]
 }
+object Host "wz-sw-access" {
+  import "generic-host"
+  address = "192.168.0.3"
+  # Keine Notifications, da der Switch aus ist wenn die Zone geschlossen ist 
+  vars.enable_nofitications = false
+  groups = [ "network" ]
+}
+object Host "wz-sw-dach" {
+  import "generic-host"
+  address = "192.168.0.4"
+  groups = [ "network" ]
+}
+object Host "wz-ap-dach" {
+  import "generic-host"
+  address = "192.168.0.13"
+  groups = [ "network" ]
+}
+object Host "wz-ap-eingang" {
+  import "generic-host"
+  address = "192.168.0.14"
+  groups = [ "network" ]
+}
+object Host "wz-ap-lounge" {
+  import "generic-host"
+  address = "192.168.0.10"
+  groups = [ "network" ]
+}
+object Host "wz-ap-vortrag" {
+  import "generic-host"
+  address = "192.168.0.12"
+  groups = [ "network" ]
+}
+object Host "wz-ap-werkstatt" {
+  import "generic-host"
+  address = "192.168.0.11"
+  groups = [ "network" ]
+}
+object Host "eq3max-cube" {
+  import "generic-host"
+  address = "{{ eq3max.cube_host }}"
+  groups = [ "network" ]
+}
--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
@@ -6,7 +6,7 @@ apply Notification "matrix" to Host {
  interval = 4h
-  assign where host.address 
+  assign where host.address && host.vars.enable_nofitications != false
 }
@@ -17,6 +17,6 @@ apply Notification "matrix" to Service {
  interval = 4h
-  assign where service.name
+  assign where service.name && service.vars.enable_nofitications != false
 }
--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
@@ -151,6 +151,8 @@ apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" {
  assign where host.address && host.vars.is_dnsserver == "True"
 }
+  {% if mail_domains[maildomain].dmarc is defined %}
 apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
  import "generic-service"
@@ -166,7 +168,7 @@ apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
  assign where host.address && host.vars.is_dnsserver == "True"
 }
+  {% endif %}
  {% if mail_domains[maildomain].dkim is defined %}
  {% for entry in mail_domains[maildomain].dkim %}
@@ -179,7 +181,7 @@ apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].mail
  vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}"
  vars.dig_record_type = "TXT"
-  vars.dig_expected_address = "{{ entry.value }}"
+  vars.dig_expected_address = "{{ entry.value | replace("\"","\\\"") }}"
  vars.dig_arguments = "+tcp"
  groups = [ "mail" ]

--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_homematic.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_homematic.conf
+apply Service "homematic-exporter" {
+  import "generic-service"
+  check_command = "http"
+  enable_perfdata = false
+  vars.http_address = "{{ hostvars['ogg'].int_ip4 }}"
+  vars.http_port = 8010
+  vars.http_uri = "/metrics"
+  groups = [ "exporter", "homematic" ]
+  assign where host.name == "ogg"
+}
+{% for device in homematic.devices_heizung %}
+apply Service "{{ device.name }}_homematic_lowbat" {
+  import "generic-service"
+  check_command = "check_metric_value"
+  enable_perfdata = true
+  vars.metric_url = "http://{{ hostvars['ogg'].int_ip4 }}:8010/metrics"
+  vars.metric_name = "homematic_lowbat"
+  vars.metric_labelname = "device"
+  vars.metric_labelvalue = "{{ device.id }}:0"
+  vars.metric_operator = "gt"
+  vars.metric_warn = "0"
+  vars.metric_crit = "0"
+  assign where host.name == "ogg"
+}
+{% endfor %}
\ No newline at end of file
--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
@@ -9,4 +9,49 @@ apply Service "warpfire-admin" {
  vars.http_port = 80
  assign where host.name == "warpfire"
 }
\ No newline at end of file
+apply Service "wz-uplink-globe" {
+  import "generic-service"
+  check_command = "ping4"
+  vars.ping_address = "212.124.34.242"
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl = "20"
+  vars.ping_cpl = "50"
+  assign where host.name == "wz-router"
+}
+apply Service "wz-uplink-webdiscount-1" {
+  import "generic-service"
+  check_command = "ping4"
+  vars.ping_address = "212.3.64.45"
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl = "20"
+  vars.ping_cpl = "50"
+  assign where host.name == "wz-router"
+}
+apply Service "wz-uplink-webdiscount-2" {
+  import "generic-service"
+  check_command = "ping4"
+  vars.ping_address = "212.3.80.222"
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl= "20"
+  vars.ping_cpl = "50"
+  assign where host.name == "wz-router"
+}
--- a/webserver/docker_mail/tasks/main.yaml
+++ b/webserver/docker_mail/tasks/main.yaml
@@ -69,6 +69,13 @@
    - mailu/overrides/postfix/postfix.cf
  register: config
+- name: "set local dns record"
+  become: true
+  blockinfile:
+    path: /etc/hosts
+    create: yes
+    block: |
+      {{ ext_ip4 }} mailserver.warpzone.ms
 # - name: deploy LogRotate configs
 #   template:

--- a/webserver/docker_mail/templates/docker-compose.yml
+++ b/webserver/docker_mail/templates/docker-compose.yml
@@ -48,7 +48,7 @@ services:
      - "traefik.http.routers.{{ servicename }}.tls"
      - "traefik.http.routers.{{ servicename }}.tls.certresolver=letsencrypt"
      - "traefik.http.routers.{{ servicename }}.tls.domains[0].main={{ domain }}"
-      - "traefik.http.routers.{{ servicename }}.tls.domains[0].sans={{ mailserver }}"
+      - "traefik.http.routers.{{ servicename }}.tls.domains[0].sans={{ mailserver }},imap.warpzone.ms,smtp.warpzone.ms"
      - "traefik.http.routers.{{ servicename }}.service={{ servicename }}"
      - "traefik.http.services.{{ servicename }}.loadbalancer.server.port=80"
    networks:
@@ -185,7 +185,7 @@ services:
      - "{{ basedir }}/mailman-web:/opt/mailman-web-data:rw,z"
  mailman-nginx:
-    image: nginx:1.19
+    image: nginx:1.25
    restart: always
    depends_on:
      - mailman-web

--- a/webserver/docker_mail/templates/mailu.env
+++ b/webserver/docker_mail/templates/mailu.env
@@ -3,7 +3,10 @@
 ###################################
 # Set Version 
-MAILU_VERSION=2.0.4
+MAILU_VERSION=2.0.16
+# enable IPv6
+SUBNET6=fd00:dead:beef:25::/64
 # Autocreate Admin User 
 INITIAL_ADMIN_ACCOUNT=mailadmin
@@ -24,9 +27,6 @@ SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://roundcube:{{ roundcube_db_pass }}@db/r
 # Common configuration variables
 ###################################
-# Set mailu version 
-MAILU_VERSION=2.0
 # Set to a randomly generated 16 bytes string
 SECRET_KEY={{ mailu_secret_key }}

--- a/webserver/docker_matrix/tasks/main.yml
+++ b/webserver/docker_matrix/tasks/main.yml
@@ -5,6 +5,7 @@
   - { path: /srv/shared/noreply_email_pass, length: -1 }
   - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
   - { path: /srv/matrix/postgres_user_pass,  length: 24 }
+   - { path: /srv/matrix/admin_access_token,  length: -1 } # Get in Element fo an Admin User: Settings > Help > Advanced 
 - name: create folder struct for matrix
@@ -31,7 +32,9 @@
 - name: Konfig-Dateien erstellen
-  template: src={{ item }} dest=/srv/matrix/{{ item }}
+  template: 
+    src: "{{ item }}" 
+    dest: "/srv/matrix/{{ item }}"
  with_items:
    - docker-compose.yml
    - rest_auth_provider.py
@@ -41,6 +44,15 @@
  register: configs
+- name: Script-Dateien erstellen 
+  template: 
+    src: "{{ item }}" 
+    dest: "/srv/matrix/{{ item }}"
+    mode: "ug+rwx"
+  with_items:
+    - purgemediacache.sh
 - name: stop matrix docker
  docker_compose:
    project_src: /srv/matrix/

--- a/webserver/docker_matrix/templates/docker-compose.yml
+++ b/webserver/docker_matrix/templates/docker-compose.yml
@@ -68,6 +68,21 @@ services:
      - default
      - web
+  purgemediacache:
+    image: jsonfry/curl-cron:latest 
+    restart: always
+    depends_on:
+      - synapse
+    volumes:
+      - /srv/matrix/purgemediacache.sh:/curl.sh
+    environment:
+      CRON_SCHEDULE: "0 7 * * *"
+    networks:
+      - default
 networks:
  web:
    external: true
No results found