Dustin C. Hatch 572022b557 restic: Trust dch-root-ca certificate ...

Since the MinIO server that Restic uses to store snapshots has a
certificate signed by the DCH CA, we need to trust the root certificate
in order to communicate with it.  Existing servers already had this CA
trusted by the `pyrocufflink.yml` playbook, but new servers are not
(usually) AD domain members anymore, so we need to be explicit now.

2025-03-29 09:34:17 -05:00

.certs @ 0322911067

public-web: Add Tabitha's new SSH key

2024-03-15 10:29:03 -05:00

certs

r/webites: Add apps.du5t1n.xyz F-Droid repo

2024-11-05 06:47:02 -06:00

ci

pyrocufflink-dns: Drop group

2024-02-22 10:23:19 -06:00

deploy

kubernetes: Manage worker nodes

2024-11-24 10:33:21 -06:00

group_vars

unifi: Fix Promtail log scrape paths

2025-03-29 09:28:48 -05:00

host_vars

gw1/squid: Allow Unifi controller to internal repos

2025-03-29 08:01:50 -05:00

migration

hosts: Add loki1.p.b

2024-11-05 06:54:27 -06:00

passwords/kojiweb_secret

hosts: Add koji0.pyrocufflink.blue

2018-08-12 10:27:20 -05:00

plugins

inventory: Exclude test machines by default

2025-02-14 10:04:48 -06:00

pulumi

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

roles

r/useproxy: Configure dnf to use proxy

2025-03-29 09:30:08 -05:00

scripts

scripts: Add VM host maintenance scripts

2024-08-23 09:43:24 -05:00

vars

applyConfigPolicy: Configure SSH user certificate

2024-11-25 21:17:44 -06:00

vault

chromie: Set MinIO root password

2024-09-02 21:24:59 -05:00

.gitignore

callbacks: Add ntfy callback plugin

2025-02-01 17:36:58 -06:00

.gitmodules

certs: Add certificates submodule

2020-02-22 16:28:06 -06:00

.vault-secret.sh

vault-secret: Get key from Bitwarden

2023-04-23 20:05:00 -05:00

alertmanager.yml

r/alertmanager: Deploy AlertManager

2022-08-10 22:18:53 -05:00

ansible.cfg

Introduce dynamic inventory

2025-02-08 15:29:58 -06:00

ansible.yml

ansible: Install Ansible

2018-04-08 12:20:03 -05:00

aria2.yml

aria2: Deploy aria2 download manager

2018-08-19 14:17:48 -05:00

auto-updates.yml

auto-updates: Install and configure dnf-automatic

2024-06-12 06:25:17 -05:00

base.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

bitwarden_rs.yml

bitwarden_rs: Deploy Bitwarden_rs using Docker

2019-09-19 19:27:29 -05:00

blackbox-exporter.yml

r/blackbox-exporter: Deploy blackbox_exporter

2022-08-10 22:18:53 -05:00

bootstrap.yml

bootstrap: Import useproxy playbook

2025-03-19 07:46:28 -05:00

btop.yml

btop: Install btop and run it on the console

2024-09-01 09:24:53 -05:00

burp-client.yml

burp-client: Switch from cron to systemd timer

2023-05-23 09:51:07 -05:00

burp-server.yml

burp-{client,server}: PBs to deploy BURP

2018-08-08 20:14:25 -05:00

certbot.yml

certbot: Playbook to deploy certbot

2018-06-13 22:23:27 -05:00

chrony.yml

chrony: Add role/PB for chrony

2025-03-16 16:37:19 -05:00

clouds.yaml

inventory: Configure for HostVDS openstack

2025-01-26 13:08:59 -06:00

collectd.yml

collect: Import dyngroups.yml playbook

2022-12-19 10:20:57 -06:00

create-dc.sh

create-dc: Add PB for creating new DCs

2024-06-23 10:43:15 -05:00

create-dc.yml

create-dc: Add PB for creating new DCs

2024-06-23 10:43:15 -05:00

datavol.yml

datavol: Support creating btrfs subvolumes

2024-09-01 08:59:28 -05:00

dch-gw.yml

dch-gw: Initial commit

2018-03-27 20:44:43 -05:00

dch-proxy.yml

r/dch-proxy: Update and clean up

2024-08-24 11:46:28 -05:00

dch-root-ca-r2.crt

fixup-dch-root-ca-r2

2024-06-12 18:56:41 -05:00

dch-root-ca.crt

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

dch-root-ca.yml

dch-root-ca: Add PB to trust DCH Root CA

2024-08-12 22:22:50 -05:00

dch-vpn.yml

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

deploy.sh

kubernetes: Manage worker nodes

2024-11-24 10:33:21 -06:00

dhcpcd.yml

dhcpcd: Install and configure dhcpcd

2018-03-13 23:19:50 -05:00

dhcpd.yml

dhcpd: Install and configure ISC DHCPD

2018-03-27 20:44:43 -05:00

docker.yml

roles/docker: Install and set up Docker daemon

2019-09-19 19:27:12 -05:00

domain-controller.yml

domain-controller: Configure local AD authentication

2018-03-11 18:16:17 -05:00

dyngroups.yml

dyngroups: Always run all tasks

2024-01-09 18:18:34 -06:00

facts.yml

facts: Do not collect facts in first play

2023-10-27 17:40:50 -05:00

fileserver.yml

fileserver: Configure Apache ~user directories

2019-01-04 20:52:23 -06:00

firewalld.yml

firewalld: Playbook to bootstrap firewalld

2018-01-29 15:11:07 -06:00

frigate.yml

r/frigate-exporter: Deploy Prometheus exporter

2024-10-21 20:27:31 -05:00

gitea.yml

r/gitea: use sshd_config.d

2023-11-13 17:45:21 -06:00

grafana.yml

grafana: Redirect HTTP to HTTPS

2022-08-10 21:55:54 -05:00

graylog.yml

graylog: Add PB to deploy Graylog server

2019-10-28 18:47:09 -05:00

hassdb.yml

hassdb: Fix playbook

2020-08-29 14:22:17 -05:00

homeassistant.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

host-setup.yml

host-setup: Import users playbook

2025-03-16 17:17:00 -05:00

hostname.yml

hostname: Also write /etc/hosts

2018-04-08 10:11:43 -05:00

hosts

hosts: Add Unifi controllers to needproxy group

2025-03-19 07:50:52 -05:00

hosts.gw

chrony: Add role/PB for chrony

2025-03-16 16:37:19 -05:00

hosts.pyrocufflink.yml

Introduce dynamic inventory

2025-02-08 15:29:58 -06:00

hostvds.openstack.yml

inventory: Configure for HostVDS openstack

2025-01-26 13:08:59 -06:00

jellyfin.yml

jellyfin: Deploy Jellyfin media server

2023-09-12 13:38:35 -05:00

jenkins-slave.yml

jenkins-slave: Apply ssh-hostkeys role

2018-04-08 12:32:02 -05:00

journal2ntfy.yml

journal2ntfy: Script to send log messagess via ntfy

2023-05-17 14:51:21 -05:00

koji-builder.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-hub.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-web.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

kube-root-ca.crt

metrics: Scrape metrics from Kubernetes API server

2023-05-22 21:21:08 -05:00

kubernetes.yml

kubernetes: Manage worker nodes

2024-11-24 10:33:21 -06:00

loki.yml

r/loki-caddy: Caddy reverse proxy for Loki

2024-11-05 06:54:27 -06:00

metricspi.yml

metricspi: Apply victoria-metrics-nginx role

2022-08-12 13:14:41 -05:00

minio-backups.yml

minio-backups: Deploy MinIO for backups

2024-09-01 08:59:28 -05:00

minio.yml

minio: Install and configure MinIO

2023-05-09 21:37:46 -05:00

motioneye.yml

motioneye: Deploy motionEye camera software

2020-10-03 11:29:39 -05:00

named-server.yml

named-server: Playbook to deploy BIND

2018-01-29 15:10:04 -06:00

net-ifaces.yml

net-ifaces: PB to apply net-ifaces role

2018-07-23 17:35:10 -05:00

network.yml

network: Playbook to configure networking

2018-03-27 20:44:43 -05:00

newvm.sh

newvm: Add host to some groups by default

2025-03-16 16:37:19 -05:00

nextcloud.yml

nextcloud: Move database to db0

2024-09-02 21:03:33 -05:00

ntp.yml

ntp: Initial PB and role to set up ntpd

2018-04-22 11:19:22 -05:00

nut.yml

nut-monitor: Configure upsmon

2024-01-19 20:50:03 -06:00

postgresql.yml

r/postgresql-data: Manage users and databases

2025-02-01 17:36:58 -06:00

promtail.yml

promtail: Role/Playbook to deploy Promtail

2024-02-22 19:23:31 -06:00

protonvpn.yml

pyrocufflink-dns: Cloudflare over ProtonVPN

2020-09-06 11:06:58 -05:00

Pulumi.prod.yaml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

Pulumi.yaml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

pxe.yml

r/netboot/basementhud: Configure NBD export

2022-08-15 17:18:48 -05:00

pyproject.toml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

pyrocufflink.yml

pyrocufflink: Trust DCH Root CA R2

2024-06-12 18:40:17 -05:00

radius.yml

radius: PB to configure RADIUS servers

2018-05-06 13:09:18 -05:00

radvd.yml

radvd: Install and configure radvd

2018-03-27 20:44:43 -05:00

raid-array.yml

raid-array: Create udev rules to auto re-add disks

2024-11-05 06:52:20 -06:00

remount.yml

remount: Do not remount SquashFS volumes

2022-08-12 13:40:06 -05:00

repohost.yml

r/repohost: Configure Yum package repo host

2023-11-07 20:51:10 -06:00

restic.yml

restic: Trust dch-root-ca certificate

2025-03-29 09:34:17 -05:00

rngd.yml

rngd: PB to set up rngd

2018-08-13 20:25:22 -05:00

samba-dc.yml

samba-dc: Gather facts for all DCs

2024-06-23 10:43:15 -05:00

serterm.yml

r/serterm: Deploy serial terminal multiplexer

2024-11-10 13:15:08 -06:00

site.yml

site: Import UniFi playbook

2025-03-16 17:17:00 -05:00

smtp-relay.yml

smtp-relay: PB to deploy Postfix SMTP relay

2018-04-15 11:38:51 -05:00

squid.yml

squid: Add role and PB to deploy Squid

2018-08-12 16:00:32 -05:00

ssh-host-certs.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

ssh-user-ca.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

synapse.yml

roles/synapse: Add cert role dependency

2021-01-31 15:38:18 -06:00

systemd-networkd.yml

r/systemd-networkd: Role to configure networkd

2021-10-10 16:09:15 -05:00

systemd-resolved.yml

r/systemd-resolved: Manage systemd resolver daemon

2022-08-12 14:35:14 -05:00

taiga.yml

taiga: Add playbook for Taiga

2019-09-19 19:51:45 -05:00

unifi.yml

unifi: Switch from nginx to Caddy

2025-03-16 17:17:00 -05:00

useproxy.yml

r/useproxy: Configure system-wide proxy

2024-08-12 18:47:04 -05:00

users.yml

users: Do not create users on domain members

2025-02-25 21:03:59 -06:00

uv.lock

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

victoria-metrics.yml

r/vmalert: Deploy vmalert

2022-08-11 21:40:19 -05:00

vmhost.yml

vmhost: Allow host provisioner to log in

2025-02-08 16:49:14 -06:00

wait-for-host.yml

wait-for-host: PB to wait for a host to come up

2024-07-02 20:44:29 -05:00

websites.yml

r/webites: Add apps.du5t1n.xyz F-Droid repo

2024-11-05 06:47:02 -06:00

wheelhost.yml

wheelhost: Publish wheels built by Jenkins

2019-03-22 10:19:27 -05:00

zabbix-agent.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix-server.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zezere.yml

zezere: role/playbook to deploy Zezere

2021-07-05 09:34:25 -05:00

zigbee2mqtt.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

zwavejs2mqtt.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

Description

Ansible configuration policy for the private network/home lab of Dustin C. Hatch

http://dustin.hatch.name/

7.7 MiB

Languages

Jinja 86.2%

Python 6.6%

Shell 4.6%

Groovy 2.6%