Merge pull request #14985 from rocky-linux/develop

Merge Downward Changes
2024-11-25 14:41:28 +00:00 · 2021-04-02 18:02:13 -07:00 · 2021-04-02 18:02:13 -07:00 · be269f8608
commit be269f8608
parent 1f61b87d03 1b9674d3ea
21 changed files with 536 additions and 66 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,3 @@
 warn_list:
  - internal-error
  - syntax-check
--- a/ansible/inventories/production/hosts.ini
+++ b/ansible/inventories/production/hosts.ini
@ -104,3 +104,6 @@ matterbridge.rockylinux.org ansible_host=10.100.xx.xx
 [matomo]
 matomo.rockylinux.org ansible_host=10.100.xx.xx
 [bugtracker]
 bugs.rockylinux.org ansible_host=10.100.xx.xx
--- a/ansible/playbooks/files/etc/systemd/system/noggin.service
+++ b/ansible/playbooks/files/etc/systemd/system/noggin.service
@ -0,0 +1,16 @@
 [Unit]
 Description=noggin
 After=network-online.target
 Wants=network-online.target
 [Service]
 Environment=FLASK_APP=/opt/noggin/noggin/noggin/app.py
 Environment=NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
 Environment=FLASK_DEBUG=1
 User=noggin
 WorkingDirectory=/opt/noggin/noggin
 ExecStart=/bin/bash /opt/noggin/start_noggin.sh
 PrivateTmp=true
 [Install]
 WantedBy=multi-user.target
--- a/ansible/playbooks/init-rocky-bugzilla.yml
+++ b/ansible/playbooks/init-rocky-bugzilla.yml
@ -1,8 +1,13 @@
 ---
 # Installs the mantis bug tracker
 - name: Configure MantisBT
-  hosts: "{{ host }}"
+  hosts: "bugtracker"
  become: true
  vars_files:
  - vars/common.yml
  - vars/vaults/encpass.yml
  - vars/vaults/mantis.yml
  - vars/mantis.yml
  handlers:
    - import_tasks: handlers/main.yml
@ -20,11 +25,31 @@
        success_msg: "We are not able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
  roles:
    - role: rockylinux.ipagetcert
      state: present
  tasks:
    - name: Deploy Mantis
      import_tasks: tasks/mantis.yml
  post_tasks:
    - name: Open firewalld ports
      ansible.posix.firewalld:
        service: "{{ item }}"
        permanent: true
        immediate: true
        state: enabled
      with_items:
        - http
        - https
    - name: Ensure httpd is enabled and running
      service:
        name: httpd
        enabled: true
        state: started
    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run
--- a/ansible/playbooks/init-rocky-noggin.yml
+++ b/ansible/playbooks/init-rocky-noggin.yml
@ -0,0 +1,34 @@
 ---
 # (Re)deploys the noggin theme
 - name: Deploy Noggin
  hosts: "idp"
  become: true
  handlers:
    - import_tasks: handlers/main.yml
  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible
    - name: Verify if we can run ansible
      assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are not able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
  tasks:
    - name: Deploy Noggin
      import_tasks: "tasks/noggin.yml"
  post_tasks:
    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
--- a/ansible/playbooks/init-rocky-repo-servers.yml
+++ b/ansible/playbooks/init-rocky-repo-servers.yml
@ -0,0 +1,34 @@
 ---
 # Preps a system to be a repository
 - name: Configure repository system
  hosts: "{{ host }}"
  become: true
  handlers:
    - import_tasks: handers/main.yml
  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible
    - name: Verify if we can run ansible
      assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are not able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
  tasks:
    - name: Configure repository system
      import_tasks: tasks/repository.yml
  post_tasks:
    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
--- a/ansible/playbooks/role-rocky-wikijs.yml
+++ b/ansible/playbooks/role-rocky-wikijs.yml
@ -0,0 +1,69 @@
 ---
 # WikiJS
 - name: Install and manage Wikijs
  hosts: wiki
  become: false
  vars_files:
    - vars/vaults/hostman.yml
    - vars/vaults/wikijs.yml
    - vars/wikijs.yml
  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
    - import_tasks: handlers/main.yml
  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible
    - name: Verify if we can run ansible
      assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
    - name: Install SELinux packages
      become: true
      package:
        name: python3-policycoreutils.noarch
        state: present
  roles:
    - role: rockylinux.ipagetcert
      become: true
      state: present
      tags: ['certs']
    - role: rockylinux.wikijs
      tags: ['wikijs']
      become: true
    # Define variables in vars/wikijs.yml
    - role: nginxinc.nginx_core.nginx
      tags: ['nginx']
      become: true
    - role: nginxinc.nginx_core.nginx_config
      tags: ['nginx']
      become: true
  post_tasks:
    - name: Open firewalld ports
      become: true
      ansible.posix.firewalld:
        port: "{{ item.port }}"
        permanent: "{{ item.permanent }}"
        state: "{{ item.state }}"
        immediate: yes
      loop: "{{ firewall_rules }}"
    - name: Touching run file that ansible has ran here
      become: true
      file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
--- a/ansible/playbooks/tasks/grub.yml
+++ b/ansible/playbooks/tasks/grub.yml
@ -1,54 +1,4 @@
 ---
- name: Reset grub link if we are EFI
+- name: Add kernel boot options to all kernels and default config
-  set_fact:
+  command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
-    grub_config_path_link: "{{ grub_config_path_efi }}"
+  changed_when: "1 != 1"
  when:
    - efi_installed.stat.isdir is defined
    - efi_installed.stat.isdir
    - grub_config_path_efi is defined
  tags:
    - efi
 - name: Create grub.d directory
  file:
    name: /etc/default/grub.d
    owner: root
    group: root
    mode: '0755'
    state: directory
    recurse: true
  tags:
    - grub
    - kernel
    - harden
 - name: Append /etc/default/grub file
  lineinfile:
    path: /etc/default/grub
    line: for x in $(ls /etc/default/grub.d) ; do source /etc/default/grub.d/$x ; done
    state: present
  tags:
    - grub
    - kernel
    - harden
 - name: Command line defaults
  copy:
    dest: "/etc/default/grub.d/99-rocky.cfg"
    owner: root
    group: root
    mode: '0644'
    content: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT {{ grub_boot_options }}"'
  tags:
    - grub
    - kernel
    - harden
 - name: Rebuild grub
  command: "/usr/sbin/grub2-mkconfig -o {{ grub_config_path_link }}"
  register: grub_command_result
  changed_when: "grub_command_result.rc == 0"
  tags:
    - grub
    - kernel
    - harden
--- a/ansible/playbooks/tasks/mantis.yml
+++ b/ansible/playbooks/tasks/mantis.yml
@ -32,6 +32,11 @@
    mode: '0644'
    remote_src: true
 - name: Generate crypto salt
  shell: "set -o pipefail && cat /dev/urandom | head -c 64 | base64 --wrap=0"
  changed_when: "1 != 1"
  register: cryptosalt_string
 - name: Configure mantis
  template:
    src: "var/www/mantis/config/config_inc.php.j2"
@ -40,6 +45,22 @@
    group: apache
    mode: '0640'
 - name: Deploy plugins from Mantis GitHub
  git:
    repo: "https://github.com/mantisbt-plugins/{{ item }}.git"
    dest: "/var/www/mantisbt-{{ mantis_version }}/plugins/{{ item }}"
    update: true
    version: master
  with_items:
    - Snippets
 - name: Deploy custom libravatar plugin
  git:
    repo: "https://github.com/nazunalika/mantisbt-libravatar.git"
    dest: "/var/www/mantisbt-{{ mantis_version }}/plugins/Libravatar"
    update: true
    version: main
 - name: Configure httpd
  template:
    src: "etc/httpd/conf.d/mantis.conf.j2"
@ -47,3 +68,25 @@
    owner: root
    group: root
    mode: '0644'
 - name: Database import template
  template:
    src: "tmp/mantis_import.sql.j2"
    dest: "/tmp/mantis_import.sql.j2"
    owner: root
    group: root
    mode: '0600'
 # We will need to generate this
 # name: Import database if required
 # community.general.postgresql_db:
 #   name: "{{ mantis_db_name }}"
 #   target: /tmp/mantis_import.sql
 #   owner: "{{ mantis_db_user }}"
 #   state: restore
 #   login_host: "{{ mantis_db_host }}"
 #   login_user: "{{ mantis_db_user }}"
 #   login_password: "{{ mantis_db_pass }}"
 - name: Patch up some pages
  import_tasks: mantispatch.yml
--- a/ansible/playbooks/tasks/mantispatch.yml
+++ b/ansible/playbooks/tasks/mantispatch.yml
@ -0,0 +1,25 @@
 ---
 # Patch up various pieces of mantis to customize it. We do not rely on local
 # bug tracker accounts. We are doing regex instead of just replacing the
 # file as a whole. Should make it easier to deal with upgrades in theory.
 - name: Change signup_page.php to Account Services
  replace:
    path: "/var/www/mantisbt-{{ mantis_version }}/{{ item }}"
    regexp: 'signup_page.php'
    replace: 'https://accounts.rockylinux.org'
  with_items:
    - core/print_api.php
    - lost_pwd_page.php
    - login_page.php
 - name: Change special signup_page.php reference
  replace:
    path: "/var/www/mantisbt-{{ mantis_version }}/core/layout_api.php"
    regexp: "' . helper_mantis_url( 'signup_page.php' ) . '"
    replace: 'https://accounts.rockylinux.org'
 - name: Remove LDAP from checks for signup button
  lineinfile:
    path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
    state: absent
    regex: 'LDAP != config_get_global'
--- a/ansible/playbooks/tasks/noggin.yml
+++ b/ansible/playbooks/tasks/noggin.yml
@ -0,0 +1,88 @@
 ---
 - name: Ensure python is installed
  yum:
    name:
      - python3
      - python3-pip
    state: present
 - name: Ensure noggin user exists
  user:
    name: noggin
    comment: "Noggin FAS"
 - name: Create noggin directory
  file:
    path: /opt/noggin
    state: directory
    mode: '0700'
    owner: noggin
    group: noggin
 - name: Deploy noggin
  git:
    repo: https://github.com/fedora-infra/noggin.git
    dest: /opt/noggin/noggin
    update: true
    version: main
  become: true
  become_user: noggin
 - name: Noggin user must install poetry
  pip:
    name: poetry
    executable: pip3
  become: true
  become_user: noggin
 - name: Remove any pycache
  file:
    path: "/home/noggin/.cache/pypoetry"
    state: absent
 - name: Noggin installation
  command: "/home/noggin/.local/bin/poetry install --no-dev --extras deploy"
  become: true
  become_user: noggin
  changed_when: "1 != 1"
  args:
    chdir: "/opt/noggin/noggin"
 - name: Get the noggin poetry virtualenv
  shell:
    cmd: "poetry env list | awk '{print $1}'"
    chdir: "/opt/noggin/noggin"
  become: true
  become_user: noggin
  changed_when: "1 != 1"
  register: virtualenv_location
 - name: Deploy start up script
  template:
    src: "opt/noggin/start_noggin.sh.j2"
    dest: "/opt/noggin/start_noggin.sh"
    mode: '0750'
    user: noggin
    group: noggin
 - name: Deploy systemd unit
  copy:
    src: "etc/systemd/system/noggin.service"
    dest: "/etc/systemd/system/noggin.service"
    owner: root
    group: root
    mode: '0644'
 - name: Deploy noggin configuration
  template:
    src: "opt/noggin/noggin.cfg.j2"
    dest: "/opt/noggin/noggin.cfg"
    owner: noggin
    group: noggin
    mode: '0600'
 # The only way to run it properly, at least on EL8, is we need this line
 - name: Add missing create_app call
  lineinfile:
    path: "/opt/noggin/noggin/noggin/app.py"
    line: "app = create_app()"
--- a/ansible/playbooks/tasks/repository.yml
+++ b/ansible/playbooks/tasks/repository.yml
@ -0,0 +1,2 @@
 ---
 # no tasks yet
--- a/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb
+++ b/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb
@ -136,3 +136,6 @@ gitlab_rails['db_password'] = '{{ gitlab_external_db_password }}'
 {% if gitlab_trusted_proxies %}
 gitlab_rails['trusted_proxies'] = '{{ gitlab_trusted_proxies | map("to_json") | join(", ") }}'
 {% endif %}
 gitlab_rails['gravatar_enabled'] = true
 gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"
--- a/ansible/playbooks/templates/opt/noggin/noggin.cfg
+++ b/ansible/playbooks/templates/opt/noggin/noggin.cfg
@ -0,0 +1,23 @@
 TEMPLATES_AUTO_RELOAD = False
 FREEIPA_SERVERS = []
 FREEIPA_CACERT = '/etc/ipa/ca.crt'
 FREEIPA_ADMIN_USER = 'userman'
 FREEIPA_ADMIN_PASSWORD = '{{ rocky_ldap_userman_pw }}'
 THEME = "rocky"
 FERNET_SECRET = b'NOTASECRET='
 SECRET_KEY = b'NOTASECRET='
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = True
 USER_DEFAULTS = {
    "locale": "en-US",
    "timezone": "UTC",
    "status_note": "active",
 }
 REGISTRATION_OPEN = True
 ACTIVATION_TOKEN_EXPIRATION = 30
 PASSWORD_RESET_EXPIRATION = 10
 MAIL_DEFAULT_SENDER = "Account Services <identitymanagement@rockylinux.org>"
 MAIL_SUPPRESS_SEND = False
 AVATAR_SERVICE_URL = "https://seccdn.libravatar.org/"
 AVATAR_DEFAULT_TYPE = "retro"
 FEDORA_MESSAGING_ENABLED = False
--- a/ansible/playbooks/templates/opt/noggin/start_noggin.sh.j2
+++ b/ansible/playbooks/templates/opt/noggin/start_noggin.sh.j2
@ -0,0 +1,14 @@
 #!/bin/bash
 export PATH=/home/noggin/.local/bin:/home/noggin/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
 export NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
 export FLASK_DEBUG=1
 export FLASK_APP=/opt/noggin/noggin/noggin/app.py
 source /home/noggin/.cache/pypoetry/virtualenvs/{{ virtualenv_location.stdout }}/bin/activate
 cd /opt/noggin/noggin
 #/home/noggin/.local/bin/poetry run flask run -h 0.0.0.0
 # --certfile=/etc/pki/tls/certs/noggin.crt \
 # --keyfile=/etc/pki/tls/private/noggin.key \
 gunicorn -w 3 \
 --env NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg \
 --bind tcp://0.0.0.0:5000 \
 noggin.app:app
--- a/ansible/playbooks/templates/tmp/mantis_import.sql.j2
+++ b/ansible/playbooks/templates/tmp/mantis_import.sql.j2
@ -0,0 +1 @@
 # Empty
--- a/ansible/playbooks/templates/var/www/mantis/config/config_inc.php.j2
+++ b/ansible/playbooks/templates/var/www/mantis/config/config_inc.php.j2
@ -1,5 +1,5 @@
 <?php
-$g_hostname               = 'build-a-box.labs.angelsofclockwork.net';
+$g_hostname               = '{{ mantis_db_host }}';
 $g_db_type                = 'pgsql';
 $g_database_name          = '{{ mantis_db_name }}';
 $g_db_username            = '{{ mantis_db_user }}';
@ -7,13 +7,14 @@ $g_db_password            = '{{ mantis_db_pass }}';
 $g_default_timezone       = 'UTC';
-$g_crypto_master_salt     = 'DDQF2sdgdPycpzfWNSOt4KelQlz7h0kb9HHxaUFpYXk=';
+$g_crypto_master_salt     = '{{ cryptosalt_string.stdout }}';
 # Added
 $g_login_method          = 'LDAP';
 $g_ldap_server           = '{{ rocky_ipaserver_lb }}';
 $g_ldap_port             = '389';
 $g_ldap_root_dn          = '{{ rocky_ldap_user_basedn }}';
-$g_ldap_organization     = '(objectClass=posixAccount)';
+#$g_ldap_organization     = '(objectClass=posixAccount)';
 $g_ldap_protocol_version = 3;
 $g_ldap_network_timeout  = 30;
 $g_ldap_follow_referrals = ON;
@ -32,9 +33,14 @@ $g_allow_file_upload     = ON;
 $g_file_upload_method    = DATABASE; # or DISK
 $g_dropzone_enabled      = ON;
 $g_show_realname         = ON;
 $g_show_avatar           = ON;
 $g_allowed_files         = 'log,patch,txt';
-$g_disallowed_files      = 'exe,tar,tgz,tar.gz,pl,sh';
+$g_disallowed_files      = 'exe,pl,sh,py,c,cpp,rar,zip,rpm';
 $g_window_title          = 'Rocky Bugzilla';
-$g_allow_signup          = OFF;
+$g_allow_signup          = ON;
 $g_allow_anonymous_login = ON;
 $g_anonymous_account     = 'anonymous';
 $g_enable_email_notification = ON;
 # Cookie problems
 $g_allow_permanent_cookie = OFF;
--- a/ansible/playbooks/vars/common.yml
+++ b/ansible/playbooks/vars/common.yml
@ -9,3 +9,5 @@ rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
 rocky_ipaserver_lb: "ipa-lb.rockylinux.org"
 # This will need to be vaulted
 rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
 rocky_ldap_userman_dn: "uid=userman,cn=users,cn=accounts,dc=rockylinux,dc=org"
 rocky_ldap_userman_pw: "{{ ipa_userman_password }}"
--- a/ansible/playbooks/vars/mantis.yml
+++ b/ansible/playbooks/vars/mantis.yml
@ -1,7 +1,7 @@
 ---
 # mantis vars
-mantis_version: 2.24.2
+mantis_version: 2.25.0
-mantis_checksum: "sha256:c1b483c8395a0fb1249bcc50ada203db584d819f4f6f606b1d1eec42c5205cb8"
+mantis_checksum: "sha256:d8973d3677ecb2ccbfee95e2267b3128049fbdcc59aa1f007686a342d93a4c0a"
 mantis_pkg:
  - php
  - php-ldap
@ -11,8 +11,21 @@ mantis_pkg:
  - php-mbstring
  - php-curl
  - openldap
-mantis_db_name: mantis
+  - php-json
 mantis_db_host: db.rockylinux.org
 mantis_db_name: mantisdb
 mantis_db_user: mantis
-#mantis_db_pass: ThisIsNotThePassword!
+mantis_binder_user: "{{ rocky_ldap_bind_dn }}"
-mantis_binder_user: "uid=mantis_binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
+mantis_binder_pass: "{{ rocky_ldap_bind_pw }}"
-#mantis_binder_pass: ThisIsNotThePassword!
+
 # Vault
 # mantis_db_pass: ThisIsNotThePassword!
 ipa_getcert_requested_hostnames:
  - name: "{{ ansible_fqdn }}"
    owner: apache
    key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
    cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
    postcmd: "/bin/systemctl reload httpd"
    cnames:
      - "bugs.rockylinux.org"
--- a/ansible/playbooks/vars/wikijs.yml
+++ b/ansible/playbooks/vars/wikijs.yml
@ -0,0 +1,109 @@
 ---
 # wikijs vars
 firewall_rules:
  - port: 443/tcp
    permanent: true
    state: enabled
  - port: 9100/tcp
    permanent: true
    state: enabled
 tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
 tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
 tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
 ipa_getcert_requested_hostnames:
  - name: "{{ ansible_fqdn }}"
    owner: nginx
    key_location: "{{ tls_key }}"
    cert_location: "{{ tls_cert }}"
    postcmd: "/bin/systemctl reload nginx"
 wikijs_dbtype: postgres
 wikijs_db:
  host: "db.rockylinux.org"
  port: 5432
  user: wikijs
  password: " {{ _wikijs_db_rw_pass }} "
  dbname: wikijs_db
  ssl: true
 ####################
 ### NGINX CONFIG ###
 ####################
 # no demo config/template
 nginx_config_html_demo_template_enable: false
 nginx_config_selinux: true
 nginx_config_selinux_enforcing: true
 nginx_config_start: true
 nginx_config_debug_output: true
 nginx_config_debug_tasks: true
 # nginx_config_cleanup: true
 nginx_config_http_template_enable: true
 nginx_config_main_template_enable: true
 nginx_config_http_template:
  default:
    template_file: http/default.conf.j2
    conf_file_name: default.conf
    conf_file_location: /etc/nginx/conf.d/
    servers:
      redirect_https:
        listen:
          v6:
            ip: '[::]'  # Wrap in square brackets for IPv6 addresses
            port: 80
            opts: ['default_server']
          v4:
            ip: ''  # Wrap in square brackets for IPv6 addresses
            port: 80
            opts: ['default_server']
        server_name: "{{ ansible_fqdn }}"
        error_page: /usr/share/nginx/html
        access_log:
          - name: main
            location: /var/log/nginx/access.log
        error_log:
          location: /var/log/nginx/error.log
          level: warn
        root: "{{ wikijs_dir }}"
        https_redirect: $host
      wikijs_server:
        listen:
          v6:
            ip: '[::]'  # Wrap in square brackets for IPv6 addresses
            port: 443
            ssl: true
            opts: ['http2', 'default_server']
          v4:
            ip: ''  # Wrap in square brackets for IPv6 addresses
            port: 443
            ssl: true
            opts: ['http2', 'default_server']
        ssl:
          cert: "{{ tls_cert }}"
          key: "{{ tls_key }}"
        server_name: "{{ ansible_fqdn }}"
        error_page: /usr/share/nginx/html
        access_log:
          - name: main
            location: /var/log/nginx/access.log
        error_log:
          location: /var/log/nginx/error.log
          level: warn
        root: "{{ wikijs_dir }}"
        web_server:
          locations:
            default:
              location: /
              custom_options:
                - "proxy_pass http://localhost:3000/;"
          http_demo_conf: false
--- a/ansible/roles/requirements.yml
+++ b/ansible/roles/requirements.yml
@ -3,7 +3,7 @@
 roles:
  - name: geerlingguy.mysql
  # monitoring
-  - name: cloudalchemy.node-exporter
+  - name: cloudalchemy.node_exporter
  - name: cloudalchemy.prometheus
  - name: cloudalchemy.alertmanager
  - name: cloudalchemy.grafana
@ -30,6 +30,11 @@ roles:
  - name: rockylinux.matterbridge
    src: https://github.com/NeilHanlon/ansible-role-matterbridge
    version: master
  - name: rockylinux.wikijs
    src: https://git.rockylinux.org/infrastructure/public/ansible/ansible-role-wikijs.git
    scm: git
    version: develop
  - name: riemers.gitlab-runner
 collections:
  # freeipa
@ -43,6 +48,8 @@ collections:
  - name: netbox.netbox
  - name: community.aws
  - name: containers.podman
  - name: nginxinc.nginx_core
    version: 0.3.0
 # - name: rockylinux.taiga
 #   source: https://github.com/rocky-linux/taiga-ansible.git
 #   type: git