* Install HC Vault on both Debian and Ubuntu in the same way
* Fix the branching for userspace install vs package manager install
Signed-off-by: Matej Focko <me@mfocko.xyz>
When setting facts to outputs of some other tasks or variables, they need
to be correctly templated and quoted, otherwise they're taken as is,
i.e., as text.
Signed-off-by: Matej Focko <me@mfocko.xyz>
Helix is included in the default repositories (Fedora and EPEL for EL
derivates), therefore there is no need to use the Copr repository.
Signed-off-by: Matej Focko <me@mfocko.xyz>
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# On branch main
# Your branch is ahead of 'origin/main' by 3 commits.
# (use "git push" to publish your local commits)
#
# Changes to be committed:
# modified: roles/editor_helix/tasks/install_fedora-family.yml
#
# Changes not staged for commit:
# modified: group_vars/servers/vars
# modified: inventory
# modified: playbooks/playground.yml
# modified: roles/cockpit/defaults/main.yml
# modified: roles/cockpit/tasks/install.yml
# modified: roles/cockpit/tasks/main.yml
#
# Untracked files:
# ansible-navigator.log
# playbooks/print_facts.yml
# tasks/
#
When upgrading packages to their latest version, decide which Ansible
module to use based on the ‹pkg_mgr› Ansible fact instead of the
distribution.
This approach is more robust, and more correct, as the package managers
are shared between some of the distributions.
Signed-off-by: Matej Focko <me@mfocko.xyz>
As the previous way of connecting to the VPN and obtaining Kerberos
ticket is not safe (keeping both password and TOTP together), it has not
been used for a long time.
Refactor the aliases to allow for safer, yet somewhat automated way of
connecting and obtaining Kerberos ticket.
Signed-off-by: Matej Focko <me@mfocko.xyz>
Storing data for Forgejo and Vaultwarden in the postgres database results
in a rather wonky behavior during restarts of the VPS and potential
restarts of the postgres itself.
Based on some observations Forgejo is capable of recovering from such
issues, but Vaultwarden falls into a retry loop trying to reconnect to
the database while failing on resolving the hostname / connecting, e.g.,
[2024-11-27 16:52:43.646][r2d2][ERROR] connection to server at "host.containers.internal" (XXX.XXX.XXX.XXX), port 5432 failed: Connection refused
Therefore adjust the quadlet definitions to require and boot containers
»after« the postgres is running to minimalize the possible issues.
Signed-off-by: Matej Focko <me@mfocko.xyz>
This variable was not required when running from the user-space, but
after migrating to quadlets, I had to define it.
Just to satisfy the requirements, I set it to 1. Based on some docs I
have managed to find, it appears that the default is 10. Given the
amount of users of my deployment and the fact it's running on the VPS,
setting it to 8.
Signed-off-by: Matej Focko <me@mfocko.xyz>