36d6baaecb
fix: missing task in wg
2026-05-29 21:54:25 +02:00
5f2c82d296
fix: use ansible_facts['getent_passwd'] to silence INJECT_FACTS_AS_VARS deprecation
2026-05-29 21:54:03 +02:00
dbc7ca203a
fix: minor taks name typo
2026-05-29 21:50:39 +02:00
a8545fc501
fix(podman): use Type=notify + service-container so systemd sees pod crashes
...
The previous Type=oneshot + RemainAfterExit=true pattern made systemd
freeze pod units in 'active (exited)' as soon as 'podman play kube'
returned, so crash-looping containers were invisible to
'systemctl --user --failed' and Restart=on-failure never fired.
For every podman-pod role (immich, fdroid, ntfy, gitea, qfieldcloud,
unifi, matrix, uptime_kuma):
- switch units to Type=notify + NotifyAccess=all
- run 'podman kube play --service-container=true' so the unit's main
PID stays alive as long as the pod
- use 'podman kube down' for ExecStop
- add TimeoutStartSec=180 to cover slow first-boot image pulls
Pod manifests: flip every container's restartPolicy from Always to
Never. systemd is now the single owner of the restart loop: container
exits -> pod dies -> service container dies -> unit fails ->
Restart=on-failure restarts everything cleanly. With Always, podman
retried internally and hid the failure from systemd.
CLAUDE.md updated to document the new canonical template and the
'restartPolicy: Never' requirement.
2026-05-29 21:49:13 +02:00
29d9f27052
fix: ntfy probe without curl available
2026-05-29 21:41:04 +02:00
b04939d3d0
fix: use ansible_facts['kernel'] to avoid deprecation warning
2026-05-29 21:35:54 +02:00
ff3133f8e7
feat: wireguard role allow multiple endpoints
2026-05-29 21:32:08 +02:00
4ae7721070
fix: secure pg + fix old way of sharing podman network
2026-05-29 21:31:07 +02:00
ffeff6556b
fix: restart dhcpd on nas restart
2026-05-29 21:29:14 +02:00
436fba0d39
Merge branch 'main' of github.com:cdesiles/ansible-playbooks
2026-05-29 21:28:41 +02:00
92deb854d2
fix: enhance tooling
2026-05-29 21:27:25 +02:00
05e7ee3956
fix: tls for static web
2026-05-29 21:27:00 +02:00
aea450dc9d
feat: nginx certbot
2026-05-29 21:26:17 +02:00
1d00432061
fix: podman integration
2026-05-29 21:24:58 +02:00
7904275754
nfs: minor tweak
2026-05-22 00:07:24 +02:00
305b8324db
feat: sys autoupdate
2026-05-08 23:47:21 +02:00
48e87f7cb1
zsh: enhance configuration with alacritty
2026-05-05 22:58:56 +02:00
4ac40b9898
fix: nginx defaults override on archlinux
2026-05-05 22:56:08 +02:00
488be1280c
fix: dhcpd startup dependency
2026-05-05 22:54:56 +02:00
de165f5e1c
fix: review archlinux install details
2026-04-11 22:55:03 +02:00
f9397ad38c
feat: allow sshd to bind on multiple networks
2026-04-11 22:54:35 +02:00
ac40c23d06
feat: more base tools
2026-04-11 22:53:19 +02:00
6fc7879648
fix: uptime-kuma reverse proxy config
2026-04-11 22:53:06 +02:00
c4136ba5d2
fix: ntfy
2026-04-11 22:52:29 +02:00
4d60c6ea34
fix: zshrc to take p10k theme
2026-04-11 22:51:28 +02:00
ae33184aa0
fix: zsh role add fzf support and p10k settings tweaks
2026-04-11 22:41:10 +02:00
61c88045f7
feat: add more tooling
2026-03-17 23:13:02 +01:00
525868caaf
fix: wireguard on archlinux
2026-03-17 23:10:08 +01:00
a6878c0b7d
fix: dhcpd ipv4 service
2026-03-17 23:09:29 +01:00
e209a93a78
feat: BREAKING unbound configuration
2026-03-17 23:08:44 +01:00
6393ff6ed3
fix: force images pull and change default ports
2026-02-14 21:02:51 +01:00
23c7da84bb
fix: minor doc
2026-02-03 22:11:35 +01:00
34da95f8be
fix: ntfy timezone
2026-02-03 22:08:48 +01:00
321a14a108
fix: increase unbound ttl&cache
2026-02-03 22:08:20 +01:00
1f758deb82
feat: add dhcpd server role
2026-02-03 22:07:40 +01:00
5fb027c446
fix: open wg port only in server mode
2026-01-22 07:31:45 +01:00
94dfe36c46
fix: add dig to test our dns setup
2026-01-18 13:46:37 +01:00
5a880d5d5a
fix: unbound idempotency
2026-01-18 13:46:16 +01:00
8d3db69172
fix: wireguard config failfast
2026-01-18 13:21:37 +01:00
aa5de65d30
fix: unbound ipv6 localhost
2026-01-18 13:21:15 +01:00
c79c445a23
chore: ansible-lint review (almost done)
2026-01-04 11:21:15 +01:00
3e469fa25e
fix: unbound interface naming
2025-12-24 17:09:22 +01:00
08364cf2c8
fix: unbound boot ordering
2025-12-24 16:47:38 +01:00
f385efca84
doc: lint & enhancements
2025-12-23 09:11:16 +01:00
229f9f6b5d
fix: user systemd
2025-12-23 09:08:43 +01:00
1349ce9c19
fix: defaulting to nginx vars
2025-12-21 22:26:24 +01:00
10f4eb5817
fix: podman connect
2025-12-21 22:25:57 +01:00
c197f28013
fix: using a bridge to link podman pods to host s services
2025-12-21 22:25:11 +01:00
b2a3ae6783
feat: add gitea support
2025-12-21 22:24:22 +01:00
10e58eb990
fix: podman user called by systemd
2025-12-20 23:14:26 +01:00
Clément Désiles