Creates /opt/gitea-backups/ on the Gitea server and runs `gitea dump`
to produce a tar.gz archive of all repositories, MySQL database, config,
LFS data, and attachments. Retains last 5 backups and supports optional
fetch to Ansible controller via -e fetch_backup=true.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove hiveops (192.168.200.112) and odoo (192.168.200.61) from inventory
- Remove hiveops host_vars
- Remove hiveops/odoo DNS records from pihole-dns.yml and configure-directlx-dev-dns.yml
- Remove decommissioned domains (incident, mgmt, release, browser, hiveops) from local DNS playbook
- Add KAFKA-LOCALHOST-FIX.md documenting the localhost:9092 admin client issue and fix
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Configure registry.directlx.dev to route through Nginx Proxy Manager
(192.168.200.71) for SSL/TLS termination, instead of direct access to
Docker registry at 192.168.200.200:5000.
Changes:
- Updated Pi-hole DNS to route registry.directlx.dev → NPM (192.168.200.71)
- Added gitea.directlx.dev to DNS records (previously missing)
- Created comprehensive NPM configuration guide with Docker-specific Nginx config
- Created Docker registry usage documentation with HTTPS examples
- Added local DNS configuration playbooks and documentation
Benefits:
- HTTPS encryption for Docker registry traffic
- Consistent SSL certificate management via Let's Encrypt
- No insecure-registry configuration needed on Docker clients
- Centralized proxy management through NPM
Next step: Configure NPM proxy host following docs/NPM-REGISTRY-SETUP.md
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit resolves connectivity issues for www.directlx.dev by:
1. Add nginx firewall configuration (host_vars/nginx.yml)
- Allow ports 80/tcp (HTTP) and 443/tcp (HTTPS)
- Enables NPM to proxy traffic to nginx backend
2. Add www.directlx.dev DNS record via Pi-hole
- Configure playbooks/configure-directlx-dev-dns.yml
- Route www.directlx.dev → NPM (192.168.200.71)
- NPM then proxies to nginx (192.168.200.65)
Problem: After firewall changes, nginx server only allowed SSH (port 22),
blocking HTTP/HTTPS from NPM. Additionally, Pi-hole had no DNS record for
www.directlx.dev subdomain.
Solution: Applied firewall rules and DNS configuration to complete the
proxy chain: Browser → Pi-hole DNS → NPM → nginx.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Created reusable Ansible playbook for creating PostgreSQL users with
flexible privilege options (superuser, createdb, createrole). Features
include auto-generated secure passwords, credential file export, and
comprehensive documentation with examples.
Files added:
- playbooks/create-postgres-user.yml - Automated user creation
- docs/POSTGRES-USER-MANAGEMENT.md - Usage guide and examples
Initial use case: Created hiveops superuser for HiveOps application.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed from invalid '--vacuum=time:30d' to correct '--vacuum-time=30d'
This command now properly compresses and removes old journal logs.
Test result: Freed 1.9GB on proxmox-00
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Remove document separators (---) between plays in multi-play playbooks.
Ansible expects multiple plays to be in a single YAML document, not
separated by document delimiters.
Fixed files:
- remediate-storage-critical-issues.yml
- remediate-docker-storage.yml
- remediate-stopped-containers.yml
- configure-storage-monitoring.yml
All playbooks now pass ansible-playbook --syntax-check validation.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Pi-hole v6 uses pihole.toml hosts array instead of custom.list.
Updated playbook to modify toml config directly via Python script.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- playbooks/pihole-dns.yml: Configure local DNS records
- templates/pihole-custom-list.j2: DNS records template
Domain: lab.directlx.dev
Records for all infrastructure hosts with short and FQDN names.
Usage: ansible-playbook playbooks/pihole-dns.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- ansible.cfg: Set remote_user to dlxadmin
- inventory: Add infrastructure, application hosts with IPs
- group_vars/all.yml: Set ansible_user to dlxadmin
- playbooks/site.yml: Enable common role
- roles/common: Baseline configuration role
- Package installation (Debian/RedHat/Arch)
- Timezone and locale setup
- User management with SSH keys
- SSH hardening
- UFW firewall and security settings
- scripts/create-user.sh: Create ansible user on servers
- USAGE.md: Project usage documentation
- HOSTS.md: Infrastructure host inventory
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests SSH connectivity and displays basic host info (OS, version).
Usage: ansible-playbook playbooks/ping.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Set up standard directory layout with:
- ansible.cfg with sensible defaults
- YAML inventory with example groups
- Main site playbook template
- Directories for roles, group_vars, host_vars, files, templates
- .gitignore for secrets, vault files, and SSH keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
directlx