merge: restore recovered pre-rebase state

README.md

@@ -0,0 +1,7 @@
+# os-upgrade-automation
+
+
+## Structure
+- playbook/ (roles, vars, inventories)
+- group_vars/vault.yml excluded (use sops/age)
+

container-caddy.service

@@ -0,0 +1,39 @@
+# container-caddy.service
+# autogenerated by Podman 4.9.5
+# Fri Aug  8 21:19:46 UTC 2025
+
+[Unit]
+Description=Podman container-caddy.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	--replace \
+	-d \
+	--name caddy \
+	--network host \
+	-v /srv/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \
+	-v caddy-data:/data \
+	-v caddy-config:/config docker.io/caddy:2-alpine
+ExecStop=/usr/bin/podman stop \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+	-f \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target

container-gitea.service

@@ -0,0 +1,46 @@
+# container-gitea.service
+# autogenerated by Podman 4.9.5
+# Fri Aug  8 21:19:46 UTC 2025
+
+[Unit]
+Description=Podman container-gitea.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	--replace \
+	-d \
+	--name gitea \
+	-p 3000:3000 \
+	-v /srv/gitea:/data:Z \
+	-e GITEA__server__ROOT_URL=https://git.pp1l.de/ \
+	-e GITEA__server__DISABLE_SSH=true \
+	-e GITEA__database__DB_TYPE=sqlite3 \
+	-e GITEA__database__PATH=/data/gitea/gitea.db \
+	-e GITEA__security__INSTALL_LOCK=true \
+	-e GITEA__security__INTERNAL_TOKEN=changeme-internal-token \
+	-e GITEA__security__SECRET_KEY=changeme-secret \
+	-e USER_UID=1000 \
+	-e USER_GID=1000 docker.io/gitea/gitea:1.21
+ExecStop=/usr/bin/podman stop \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+	-f \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target

container-woodpecker-agent.service

@@ -0,0 +1,41 @@
+# container-woodpecker-agent.service
+# autogenerated by Podman 4.9.5
+# Fri Aug  8 21:19:47 UTC 2025
+
+[Unit]
+Description=Podman container-woodpecker-agent.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	--replace \
+	-d \
+	--name woodpecker-agent \
+	--network host \
+	-v /var/run/podman/podman.sock:/var/run/docker.sock \
+	-e WOODPECKER_SERVER=127.0.0.1:9000 \
+	-e WOODPECKER_AGENT_SECRET=changeme-agent-secret \
+	-e WOODPECKER_BACKEND=docker \
+	-e WOODPECKER_HEALTHCHECK_ADDR=:3001 docker.io/woodpeckerci/woodpecker-agent:latest
+ExecStop=/usr/bin/podman stop \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+	-f \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target

container-woodpecker-server.service

@@ -0,0 +1,50 @@
+# container-woodpecker-server.service
+# autogenerated by Podman 4.9.5
+# Fri Aug  8 21:19:46 UTC 2025
+
+[Unit]
+Description=Podman container-woodpecker-server.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	--replace \
+	-d \
+	--name woodpecker-server \
+	-p 8000:8000 \
+	-p 9000:9000 \
+	-v /srv/woodpecker:/var/lib/woodpecker:Z \
+	-e WOODPECKER_OPEN=false \
+	-e WOODPECKER_ADMIN=automation,PurePowerPh1l \
+	-e WOODPECKER_HOST=https://ci.pp1l.de \
+	-e WOODPECKER_SERVER_ADDR=:8000 \
+	-e WOODPECKER_SERVER_HOST=ci.pp1l.de \
+	-e WOODPECKER_GITEA=true \
+	-e WOODPECKER_GITEA_URL=https://git.pp1l.de \
+	-e WOODPECKER_GITEA_CLIENT=bfc43bbd-77a0-4312-9e4b-c63660917b9a \
+	-e WOODPECKER_GITEA_SECRET=gto_km5pahwrtvdun7kxfp3mxmia5vkpemgzcgzxijlocvrjyax2lsnq \
+	-e WOODPECKER_AGENT_SECRET=changeme-agent-secret \
+	-e WOODPECKER_DATABASE_DRIVER=sqlite3 \
+	-e WOODPECKER_DATABASE_DATASOURCE=/var/lib/woodpecker/woodpecker.sqlite docker.io/woodpeckerci/woodpecker-server:latest
+ExecStop=/usr/bin/podman stop \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+	-f \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target

playbook/group_vars/vault.example.yml

@@ -0,0 +1,10 @@
+# Beispiel für geheime Variablen (nicht committen als vault.yml)
+# Kopiere diese Datei nach vault.yml und fülle Werte aus.
+# Empfohlen: Verschlüsselung (Ansible Vault oder sops/age).
+---
+upgrade_api_token: "<token>"
+notification_webhook: "<url>"
+ssh_private_key: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  <key>
+  -----END OPENSSH PRIVATE KEY-----