Commit graph

1320 commits

Author SHA1 Message Date
f063b09540
Enable gitea federation 2023-01-29 17:45:39 +00:00
360a250b4a Merge branch 'renovate/ghcr.io-goauthentik-server-2023.x' into 'master'
Update ghcr.io/goauthentik/server Docker tag to v2023.1.2

See merge request sys/infrastructure!100
2023-01-28 22:03:15 +00:00
c0b179c312 Merge branch 'renovate/gitea-gitea-1.x' into 'master'
Update gitea/gitea Docker tag to v1.18.3

See merge request sys/infrastructure!102
2023-01-28 22:02:58 +00:00
4fd3945c47
Add robots.txt for gitea 2023-01-28 15:32:34 +00:00
848c0f03e1 Update gitea/gitea Docker tag to v1.18.3 2023-01-27 18:01:57 +00:00
a443d56a1c
Add a gitea deployment
Yep, it's that time of year _again_
2023-01-27 17:28:45 +00:00
5e9c5f7683
Version pihole settings 2023-01-24 20:15:21 +00:00
66c900f76e Update ghcr.io/goauthentik/server Docker tag to v2023.1.2 2023-01-23 16:01:09 +00:00
7edf6899f3
Update nextcloud to 25.0.3 2023-01-19 22:43:09 +00:00
37af66e944 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.75.0

See merge request sys/infrastructure!98
2023-01-19 22:28:59 +00:00
81d2194d5a Update ghcr.io/goauthentik/server Docker tag to v2023 2023-01-18 16:01:52 +00:00
23eccb6d73 Update matrixdotorg/synapse Docker tag to v1.75.0 2023-01-17 14:02:10 +00:00
d7ae77247b
Setup NTP on tang 2023-01-16 09:11:15 +00:00
4ba92cb08f Update dependency yamllint to v1.29.0 2023-01-10 18:01:24 +00:00
ad50176ee9
Add internal alias to pihole 2023-01-08 18:36:03 +00:00
5753cd2cf1
Provision my pi with ansible now
It's insanely slow, but works
2023-01-08 17:59:22 +00:00
e8ac8b304e Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.74.0

See merge request sys/infrastructure!94
2023-01-06 09:00:01 +00:00
bd929f28e5 Update ghcr.io/goauthentik/server Docker tag to v2022.12.2 2023-01-05 10:01:45 +00:00
905f0f2b08 Update vaultwarden/server Docker tag to v1.27.0 2022-12-24 18:01:58 +00:00
49372f7c8e Update matrixdotorg/synapse Docker tag to v1.74.0 2022-12-20 18:02:55 +00:00
6d5570b0f2
Update YOURLS' mariadb to 10.10 2022-12-13 09:14:06 +00:00
b6705788e6
Update nextcloud's mariadb to 10.6
This is the latest it supports
2022-12-13 09:14:06 +00:00
167b8bd140
Keep GitLab backups for 2 weeks 2022-12-13 09:14:06 +00:00
7c168fd28c
Update plausible to 1.5
Update Clickhouse at the same time
2022-12-13 09:14:06 +00:00
6fc6366c33
Update nextcloud to 25.0.2 2022-12-13 09:14:06 +00:00
6c2c87e43e Merge branch 'renovate/ghcr.io-goauthentik-server-2022.x' into 'master'
Update ghcr.io/goauthentik/server Docker tag to v2022.11.3

See merge request sys/infrastructure!77
2022-12-13 08:55:08 +00:00
55764ada6c Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.73.0

See merge request sys/infrastructure!79
2022-12-13 08:54:50 +00:00
e86ed81102
Decommission decker server
It's been replaced by prometheus running internally, and uptimerobot checking.
2022-12-09 19:04:54 +00:00
f1c9e10d9a
Use IPv4 on blackbox
The docker networks they're running on are v4 only at the moment, so the DNS resolution passes by the connection fails.
2022-12-06 20:46:43 +00:00
2fb21223aa Update matrixdotorg/synapse Docker tag to v1.73.0 2022-12-06 14:01:43 +00:00
bb4361e25f
Use a blackbox with custom DNS rather than proxy
This makes timing information more relevant and should improve reliability
2022-12-06 10:04:23 +00:00
772cf7536a
Run prometheus stack as docker user 2022-12-05 21:17:23 +00:00
53c969f2b8
Make prometheus config files read only 2022-12-05 21:12:55 +00:00
3e5b00d176
Add alertmanager 2022-12-05 21:10:41 +00:00
60514d191a
Exclude python stats for HA 2022-12-05 20:36:57 +00:00
ed7faf4678
Scrape healthchecks.io with prometheus and use it for outbound monitoring of prometheus scrapes 2022-12-05 14:41:48 +00:00
8e3b381b8d
Remove unused prometheus network 2022-12-04 22:12:55 +00:00
75862dbaf9
Setup blackbox for some HTTP monitoring 2022-12-04 22:11:49 +00:00
9d4eceab29 Update ghcr.io/goauthentik/server Docker tag to v2022.11.3 2022-12-03 14:02:05 +00:00
e89f13b8a9
Add collabora 2022-12-02 22:37:42 +00:00
ebfe057658
Add support for public dashboards in Grafana 2022-12-01 13:48:36 +00:00
41a853db55
Define tmpfs for website /tmp
This is needed for imagemagick to function correctly without consuming all disk space on the system
2022-11-30 14:08:10 +00:00
d5c08bd493 Update redis Docker tag to v7 2022-11-21 16:02:19 +00:00
8f78f24ea8
Unpin redis minor version on website 2022-11-21 15:21:33 +00:00
8076c62198 Merge branch 'renovate/vabene1111-recipes-1.x' into 'master'
Update vabene1111/recipes Docker tag to v1.4.5

See merge request sys/infrastructure!90
2022-11-21 14:51:06 +00:00
c388e6bbe1
Add more nginx processes for mastodon 2022-11-20 23:21:09 +00:00
406d9dbf09
Reduce mastodon streaming threads and run 1 thread per core 2022-11-20 23:00:58 +00:00
9b69b419a7
Reduce sidekiq threads on GitLab 2022-11-20 23:00:33 +00:00
a51854f48c
Shuffle around cron jobs to run earlier at night 2022-11-20 22:52:00 +00:00
3ec359ed0e
Deploy me a mastodon 2022-11-18 09:12:28 +00:00
88e3eee059
Prune containers more regularly 2022-11-17 20:37:24 +00:00
a1a153977e
Only keep 2 package versions
3 is the default
2022-11-17 20:36:58 +00:00
c91b1ba871
Allow website to handle traffic to second domain 2022-11-16 14:56:17 +00:00
330e7e9305
Clear pacman cache 2022-11-14 09:04:53 +00:00
a8b8c88f27 Update vabene1111/recipes Docker tag to v1.4.5 2022-11-09 14:01:00 +00:00
77e83fec6d
Fix synapse-admin URL
It no longer supports being run on a subdirectory with the stock container
2022-11-07 13:57:14 +00:00
b513858893
Update nextcloud to 25.0.1 2022-11-07 09:03:40 +00:00
2bbd1c681b
Allow proxying to any ports
On the assumption they're HTTP, it's probably fine to route to anything. We're not trying to act as a firewall
2022-11-06 22:16:48 +00:00
b9283ec445
Set port for HTTP proxies 2022-11-06 21:55:05 +00:00
041f791b60
Add squid as a forwarding proxy so containers are exposed through a VPN
Implementation isn't perfect, but as `qbittorrent` already had an outbound VPN connection, it makes sense to just reuse it.
2022-11-06 18:26:09 +00:00
fc577f21b8
Update Traefik to 2.9 2022-11-01 20:50:30 +00:00
4c8d5ffe44
Remove all references to traefik pages 2022-11-01 20:30:16 +00:00
d81ed290d7
Put the new website live 2022-10-30 12:04:15 +00:00
08afdd951e
Add hosting for new website
Top sneaky
2022-10-29 18:09:30 +01:00
8dd1f6cddf
Add nextcloud email config 2022-10-26 14:23:08 +01:00
0d24bd7e0c
Use correct location for nextcloud config file 2022-10-26 14:10:26 +01:00
d0cef763e1
Update Nextcloud to 25 2022-10-26 14:09:47 +01:00
27069281dc Update renovate/renovate Docker tag to v34 2022-10-25 14:05:25 +01:00
bfacd3b6df Merge branch 'renovate/wallabag-wallabag-2.x' into 'master'
Update wallabag/wallabag Docker tag to v2.5.2

See merge request sys/infrastructure!50
2022-10-25 08:46:19 +01:00
d4053908ab Update renovate/renovate Docker tag to v33 2022-10-23 08:02:08 +01:00
f90e167774 Update wallabag/wallabag Docker tag to v2.5.2 2022-10-21 14:01:20 +01:00
4e77f0165a
Use persistent storage for tt-rss
Otherwise the container fails to find the cache directory due to how updates are handled.
2022-10-17 13:44:06 +01:00
c0a4c35e5b Merge branch 'renovate/ansible-lint-5.x' into 'master'
Update dependency ansible-lint to v5.4.0

See merge request sys/infrastructure!40
2022-10-17 13:43:39 +01:00
d13d49447e Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.5

See merge request sys/infrastructure!45
2022-10-17 13:33:41 +01:00
cecf9f03a2 Update vaultwarden/server Docker tag to v1.26.0 2022-10-15 18:09:57 +01:00
ed2414954e Update louislam/uptime-kuma Docker tag to v1.18.5 2022-10-10 20:01:07 +01:00
7adda6ed1c
Update nextcloud to 24.0.6 2022-10-09 19:41:17 +01:00
2188c59372 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.4

See merge request sys/infrastructure!44
2022-10-09 19:33:07 +01:00
58730fcbeb
Move pages hosting to GitLab pages 2022-10-09 18:26:49 +01:00
491061d900
Remove shenanigans
It's not enabled, and it's 1 less container to deal with
2022-10-09 17:40:22 +01:00
77bc6947ab Update louislam/uptime-kuma Docker tag to v1.18.4 2022-10-09 10:01:04 +01:00
6d890a6991
Setup slides domain 2022-10-08 17:37:28 +01:00
41582f50db
Set up GitLab pages 2022-10-08 15:51:37 +01:00
2dc13c6f40
Update nebula to 1.6.1 2022-10-05 08:42:01 +01:00
521e6320fd Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.68.0

See merge request sys/infrastructure!39
2022-10-04 13:42:30 +01:00
681cff5ea7 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.2

See merge request sys/infrastructure!42
2022-10-04 13:40:52 +01:00
62aab30dc8 Update louislam/uptime-kuma Docker tag to v1.18.2 2022-10-04 12:01:00 +01:00
81b302459e Update vabene1111/recipes Docker tag to v1.4.4 2022-09-30 16:01:02 +01:00
d4830ae9c2 Update dependency ansible-lint to v5.4.0 2022-09-29 10:01:27 +01:00
b32b7ca629 Update matrixdotorg/synapse Docker tag to v1.68.0 2022-09-27 14:01:34 +01:00
02d5b2d8d3
Upgrade sanoid 2022-09-26 19:32:55 +01:00
67b890d639 Merge branch 'renovate/vabene1111-recipes-1.x' into 'master'
Update vabene1111/recipes Docker tag to v1.4.2

See merge request sys/infrastructure!37
2022-09-26 13:56:40 +01:00
5be1078639 Update vabene1111/recipes Docker tag to v1.4.2 2022-09-23 18:01:17 +01:00
bcc2bfd417 Update ghcr.io/goauthentik/server Docker tag to v2022.9.0 2022-09-23 12:01:29 +01:00
cf6cc7de7a
Add email to tandoor 2022-09-22 09:13:28 +01:00
356e04c005
Fewer workers / threads for authentik 2022-09-22 08:52:41 +01:00
92fdfd252a
Add email to authentik 2022-09-22 08:47:01 +01:00
98f2eea59b
Add email to plausible 2022-09-22 08:37:00 +01:00
9098fec232
Disable erlang multi-node distribution 2022-09-22 08:23:30 +01:00
2b590a55c9 Update vabene1111/recipes Docker tag to v1.4.1 2022-09-21 20:01:33 +01:00
71732b7b7c
Don't keep quite so many backups
This results in a huge index which some smaller VMs can't handle
2022-09-21 08:48:05 +01:00
eccefcd7e0
Replace Cloudflare's DNS with Quad9 where it makes sense 2022-09-18 19:55:35 +01:00
60e9454efe
Disable authentik startup analytics 2022-09-18 18:55:24 +01:00
f49b26c6f0
Deploy authentik
Not integrated into other services quite yet. But it's there
2022-09-18 18:49:17 +01:00
4f0ee78b7e
Update grafana to use mailgun 2022-09-18 15:27:58 +01:00
8300d6dbf3
Update commento to use mailgun 2022-09-18 15:01:16 +01:00
63c1bc29db
Update nextcloud to 24.0.5 2022-09-18 14:35:39 +01:00
259ab3aae8 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.67.0

See merge request sys/infrastructure!32
2022-09-18 14:22:13 +01:00
128689aed3 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.0

See merge request sys/infrastructure!33
2022-09-18 14:20:38 +01:00
218d6a48cf
Use mailgun for GitLab emails 2022-09-16 17:43:01 +01:00
5f8a4d7b78
Use supercronic to schedule renovate
This makes it easier to restart, and makes more creative scheduling possible
2022-09-13 20:01:37 +01:00
7575a57e6b Update matrixdotorg/synapse Docker tag to v1.67.0 2022-09-13 11:14:16 +01:00
c7d5056f2a
Scrape homeassistant metrics into prometheus 2022-09-06 21:29:11 +01:00
aa1cef4739 Update louislam/uptime-kuma Docker tag to v1.18.0 2022-09-05 11:03:55 +01:00
0b69388f2c
Remove tmpfs mounts for tt-rss
These don't get created with the correct user permissions, and so breaks
2022-08-29 10:37:13 +01:00
cc3f980d34
Deploy tandoor 2022-08-24 22:17:29 +01:00
10f43bc38d
Prioritise OS-drive's snapraid content file over ZFS
Reads are much faster as it's SSD based, and it avoids unnecessary reads on the pool
2022-08-24 15:24:36 +01:00
dcc3055e93
Use official distribution of tt-rss
The previous one hasn't been updated in about a year. This one requires a couple extra containers, but is officially supported and maintained.
2022-08-24 15:23:21 +01:00
475215f33a
Run as many CI jobs as there are cores 2022-08-17 20:03:37 +01:00
73f165c521
Revert "Update traefik to 2.8"
This reverts commit a695818355.

This causes problems with traefik-pages
2022-08-16 10:17:53 +01:00
4eab0d4f01
Don't mount docker socket to traefik
It was already configured to use the proxy, and was running as non-root
anyway, so likely didn't have access to it in the first place.
2022-08-16 09:38:27 +01:00
8b21b9e6f2
Monitor decker Traefik with prometheus 2022-08-14 15:04:55 +01:00
461cd8fe3c
Update config version of nextcloud 2022-08-14 14:50:14 +01:00
4ccde9cfaf Merge branch 'renovate/lscr.io-linuxserver-nextcloud-24.x' into 'master'
Update dependency lscr.io/linuxserver/nextcloud to v24.0.4

See merge request sys/infrastructure!29
2022-08-14 14:37:13 +01:00
b8953745a6 Update dependency lscr.io/linuxserver/nextcloud to v24.0.4 2022-08-12 09:47:44 +00:00
7577b35755 Update dependency matrixdotorg/synapse to v1.64.0 2022-08-02 10:42:13 +00:00
a695818355
Update traefik to 2.8 2022-08-01 15:02:09 +01:00
9a89dddda3 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update dependency matrixdotorg/synapse to v1.63.1

See merge request sys/infrastructure!27
2022-08-01 14:36:14 +01:00
84e27c9d61 Merge branch 'renovate/vaultwarden-server-1.x' into 'master'
Update dependency vaultwarden/server to v1.25.2

See merge request sys/infrastructure!28
2022-08-01 14:35:33 +01:00
6d7a147b74
Don't bind docker socket in CI
Use dind instead, as it's more secure and isolated

https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker
2022-07-28 17:47:02 +01:00
4311382033 Update dependency vaultwarden/server to v1.25.2 2022-07-27 20:03:05 +00:00
8734ad8ce1 Update dependency matrixdotorg/synapse to v1.63.1 2022-07-20 13:50:49 +00:00
e65b3ec605
Update nextcloud to 24.0.2 2022-06-28 19:28:46 +01:00
6844bbfe99 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update dependency louislam/uptime-kuma to v1.17.1

See merge request sys/infrastructure!25
2022-06-28 19:13:55 +01:00
7b38760196 Update dependency matrixdotorg/synapse to v1.61.1 2022-06-28 14:41:39 +00:00
c502ee57f7
Set nginx to use automatic number of workers
See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6895
2022-06-27 17:52:06 +01:00
9632f9aa90 Update dependency louislam/uptime-kuma to v1.17.1 2022-06-23 08:23:24 +00:00
cf763d07f2
Stop capturing logs for containers I don't care about 2022-06-20 21:25:13 +01:00
0d5913ce3c
Disable any hub integrations 2022-06-18 22:09:59 +01:00
df28b56857
Update traefik to 2.7 2022-06-18 22:09:49 +01:00
f1835aecdd Merge branch 'renovate/vaultwarden-server-1.x' into 'master'
Update dependency vaultwarden/server to v1.25.0

See merge request sys/infrastructure!20
2022-06-18 21:53:52 +01:00
fd6a8be593 Merge branch 'renovate/wallabag-wallabag-2.x' into 'master'
Update dependency wallabag/wallabag to v2.5.1

See merge request sys/infrastructure!23
2022-06-18 21:43:45 +01:00
7b779f6ff7 Update dependency matrixdotorg/synapse to v1.61.0 2022-06-14 11:45:06 +00:00
c54ce7b209
For migrate grafana plugins 2022-06-13 21:52:40 +01:00
5b586f2608
Add container to extract TLS certs from traefik into standard format
Disable its network access, just in case
2022-06-13 21:18:45 +01:00
f8e4e6302d Update dependency wallabag/wallabag to v2.5.1 2022-06-09 08:05:42 +00:00
4ba1ab0a28
Update yourls mariadb to 10.8 2022-06-06 22:33:26 +01:00
b62f8001bb
Deploy commento++ 2022-06-05 15:44:49 +01:00
14de6fee84
Use socket proxy for DB backups 2022-06-04 23:03:41 +01:00
a15c300856
Ensure forrest saves DB backups to the correct place 2022-06-04 22:24:53 +01:00
0fd891f988 Update dependency louislam/uptime-kuma to v1.16.1 2022-05-29 05:48:38 +00:00
c159a157c3
Update download location for qbittorrent 2022-05-25 08:46:37 +01:00
0c11079246
Update geerlingguy.docker to fix issue installing on Arch
https://github.com/geerlingguy/ansible-role-docker/issues/346
2022-05-25 08:35:12 +01:00
565e1a156c
Update nextcloud to 24.0.1 2022-05-24 20:22:18 +01:00
1015a0ebc1 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update dependency matrixdotorg/synapse to v1.59.1

See merge request sys/infrastructure!16
2022-05-24 20:12:51 +01:00
07f19ec509 Update dependency vaultwarden/server to v1.25.0 2022-05-23 18:01:20 +00:00
284bed5e90 Update dependency wallabag/wallabag to v2.5.0 2022-05-21 20:38:08 +00:00
6116eed775
Use external DNS for monitoring
This avoids potential issues with host DNS jitters
2022-05-19 09:39:30 +01:00
6a60e7284e Update dependency matrixdotorg/synapse to v1.59.1 2022-05-18 12:16:59 +00:00
b23b5e130e
Keep a few frequent backups in case of screw ups 2022-05-17 18:09:03 +01:00
e176ba371c
Move my settings out of default 2022-05-17 18:09:03 +01:00
f2290aafa6
Reduce usage and reliance on downsampled snapshots
Keep more at a lower resolution, as really those are the most useful
2022-05-17 18:09:03 +01:00
82040a5c85
Move qbittorrent to be a LXC 2022-05-16 22:02:01 +01:00
1c14c10b74
Allow 2 cores per runner job for concurrency
Allowing 2 clear cores runs fewer jobs, but should run them a lot faster
2022-05-07 12:34:57 +01:00
306d2368c1
Update dependency wallabag/wallabag to v2.4.3 2022-05-07 12:21:21 +01:00
8eae7b69e0
Pin versions of galaxy requirements 2022-05-07 12:21:21 +01:00
26b4b18737
Update synapse to 1.58.1 2022-05-07 11:38:46 +01:00
15b56971a1
Update uptime-kuma to 1.15.1 2022-05-07 11:37:49 +01:00
d7056861b9
Keep data for a bit longer
Don't ask me why I did this...
2022-05-07 11:34:46 +01:00
2c7e4e5532
Unpin fork of proxmox-nag-removal 2022-05-04 22:32:33 +01:00
51779a1f7e
Use released version of ntp role
Now https://github.com/geerlingguy/ansible-role-ntp/pull/110 has
shipped.
2022-04-27 08:40:17 +01:00
588152461e
Pin to released version of ansible-role-snapraid
Now https://github.com/IronicBadger/ansible-role-snapraid/pull/9 has
been merged.
2022-04-27 08:39:24 +01:00
208c605f05
Update uptime-kuma to 1.15.0 2022-04-26 20:40:33 +01:00
679cd5eba1
Update synapse to 1.57.1 2022-04-26 20:39:16 +01:00
b8c5d40c73
Update nextcloud to 23.0.4 2022-04-26 20:39:05 +01:00
54b8191754
Update uptime-kuma to 1.13.1 2022-03-24 22:20:29 +00:00
72c54029cd
Update synapse to 1.55.2 2022-03-24 22:13:52 +00:00
793506492f
No shenanigans by default
This causes strange problems with nextcloud
2022-03-23 19:30:22 +00:00
cccfa8bf51
Remove version prefix from nextcloud tag
Apparently that's not needed anymore
2022-03-22 21:22:07 +00:00
e0df63e3c9
Update nextcloud to 23.0.3 2022-03-22 21:19:43 +00:00
81116998b1
Fix symbolic link for yamllint config 2022-03-18 19:44:57 +00:00
b8736e1c65
Create VPN for port 53 2022-03-18 19:44:06 +00:00
bd49c1c869
Update renovate to v32 2022-03-18 18:06:07 +00:00
ffe9a13ff1
Update uptime-kuma to 1.12.1 2022-03-13 15:59:37 +00:00
5d136a8a2f
Update synapse to 1.54 2022-03-13 15:59:24 +00:00
2093f72602
Add a skeleton k8s deployment setup
DNS will come later
2022-03-07 21:58:17 +00:00
293aed0fd3
Enable GitLab registry 2022-02-25 21:48:13 +00:00
997fb0e600
Update synapse to 1.52 2022-02-21 21:50:30 +00:00
7ad6e81981
Update nextcloud to 23.0.2 2022-02-21 21:50:18 +00:00
7a05e154a6
Update uptime-kuma 2022-02-21 21:50:07 +00:00
c34b9e48f4
Add support for building docker containers on CI
This is easier than dind
2022-02-14 09:09:28 +00:00
6b63c2685b
Add an additional domain for matrix
I'll migrate over to this eventually. But doing a hard migration has just wasted my entire evening...
2022-02-13 20:54:46 +00:00
722b964bc9
Add Google Search Console integration to Plausible 2022-02-13 16:43:09 +00:00
a075b8f252
Update Vaultwarden to 1.24 2022-02-08 08:56:28 +00:00
4562b60517
Update Traefik to 2.6 2022-02-08 08:55:50 +00:00
af0eb65cce
Update synapse to 1.51 2022-02-08 08:55:41 +00:00
5df4a2c79a
Rotate nebula keys
Turns out they expired last night...
2022-01-30 21:00:38 +00:00
b91072b0da
Create a pages user for user with status checks 2022-01-29 22:18:07 +00:00
a5d9463f80
Ensure webdav pages is also accessible to Traefik 2022-01-29 22:11:19 +00:00
f07b5d9b7b
Migrate include: to include_tasks 2022-01-22 20:21:32 +00:00
106a89d72f
Use groups to manage sudo access rather than editing sudoers file 2022-01-22 20:10:16 +00:00
7e6e630808
Don't provision occ script on every machine
It only makes sense on 1
2022-01-21 22:28:13 +00:00
6db0500e1b
Provision remote f2b key with ansible 2022-01-21 22:11:49 +00:00
e8d4244946
Restart nebula, rather than reloading it
Reloading doesn't actually work it seems
2022-01-21 21:52:48 +00:00
af396a21cb
Provision a new caseyon Linode 2022-01-21 21:52:21 +00:00
188b7c9dd6
Install wireguard tools before provisioning config 2022-01-21 20:29:34 +00:00
c1319a134a
Forget snapshots in groups by host
By default, it includes the path, which means path changes result in very old snapshots

https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
9404f71dc6
Remove old DB backups dir from backups 2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases 2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs 2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik 2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed 2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
cf0e718bfb
Migrate decker services to linode
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma 2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove 2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14 2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14 2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14 2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14 2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14 2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14 2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository 2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7 2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12 2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file 2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault 2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault 2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault 2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars 2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file 2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23 2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1 2021-12-15 20:21:01 +00:00
9834a45ec5
Update uptime-kuma to 1.11.1 2021-12-15 20:20:50 +00:00
699673c3b5
Update Synapse to 1.49.0 2021-12-15 20:19:51 +00:00
9e899d0f52
Update nebula to 1.5.2 2021-12-15 20:18:25 +00:00
bbfd872a24
Mount the whole host into the restic LXC, so I can backup PVE config 2021-12-11 13:17:58 +00:00
4452cc4eeb
Update synapse to 1.47.1 2021-11-23 22:04:42 +00:00
eed75d8648
Mount homeassistant data into restic for external backup 2021-11-21 21:53:35 +00:00
47bcbd855e
Update nextcloud to 22.2.3 2021-11-16 21:04:54 +00:00
5c0987de4d
Update uptime-kuma 2021-11-15 20:26:29 +00:00
e1205564cb
Update nebula to 1.5.0 2021-11-15 20:26:20 +00:00
ccaff503da
Move decker from AMS to Paris
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
2021-11-06 16:45:09 +00:00
64695c3be1
Don't pipe dat ainto curl for healthchecks
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
2021-11-04 16:46:59 +00:00
ef22a43293
Update uptime-kuma to fix security issue 2021-10-29 21:52:09 +01:00
1b4d5de701
Rename plausible embed router
There's nothing really "bare" about it
2021-10-29 20:47:02 +01:00
0cb2a70d24
Upgrade Plausible to 1.4 2021-10-29 20:46:28 +01:00
090745456f
Update vaultwarden to 1.23.0 2021-10-23 16:24:42 +01:00
41fadd892e
Update uptime-kuma 2021-10-23 16:24:29 +01:00
4cdaba4692
Swap certificates for wildcards 2021-10-18 21:59:10 +01:00
ebb571bf20
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
2021-10-15 12:39:16 +01:00
6cc7d0b89e
Update synapse 2021-10-14 18:34:49 +01:00
31208856c2
Pin uptime-kuma version
It's pretty important now
2021-10-14 18:34:00 +01:00
6f0d4b60df
Run more web processes for tt-rss 2021-10-03 16:45:18 +01:00
c867efbe3b
Use alternative container registries where available 2021-10-03 16:26:10 +01:00
3727dd473c
Update synapse to 1.43 2021-10-01 21:17:13 +01:00
7fd176466d
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
2021-10-01 20:52:07 +01:00
4293d030d4
Don't lint globally installed roles 2021-09-27 14:50:08 +01:00
4db474034e
Ignore my VMs from a fail2ban 2021-09-27 14:49:56 +01:00
7e2d01c612
Change domain
Now there's a status page, we can consider it public
2021-09-25 21:34:18 +01:00
3daf939b32
Update uptime-kuma container
Now does user management itself
2021-09-25 21:08:42 +01:00
8a37a9d41b
Move uptime-kuma to decker 2021-09-25 21:03:56 +01:00
a135aae5f3
Provision new VM
This will be used for monitoring
2021-09-25 16:59:23 +01:00
48934ad2c5
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
83ed8879dc
Correctly set smtp user for GitLab
The user and from are different in my case.
2021-09-19 22:34:40 +01:00
178ca6b2c4
Add privatebin config
Disable super long expirations, among other things
2021-09-19 19:29:05 +01:00
d70f450e2d
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
2021-09-07 22:04:23 +01:00
0a8167c839
Remove stray expose
Traefik picks up the port just fine
2021-09-07 21:04:19 +01:00
eedba465c4
Update synapse 2021-09-07 21:04:04 +01:00
a866938207
Fix hostname of restic server 2021-09-06 21:07:10 +01:00
2db8ca5059
Add basic auth to dokku 2021-09-05 23:11:28 +01:00
a278443850
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
6e25403b3d
Update synapse to 1.41.1 2021-08-31 19:08:38 +01:00
86e9d12ce6
Update nextcloud to 22.1.1 2021-08-31 19:03:19 +01:00
c2cd2e6e34
Add backups for grimes 2021-08-30 21:50:55 +01:00
07b2ea2ccb
Add the ability to exclude certain paths from backup 2021-08-30 21:49:58 +01:00
259b0ca7a6
Use upstream telegraf role
https://github.com/rossmcdonald/telegraf/pull/54 shipped
2021-08-30 21:22:26 +01:00
dcbe6e8e72
Use upstream version of ansible-role-snapraid
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
2021-08-30 21:21:58 +01:00
95216b32c4
Consolidate server blocks 2021-08-24 14:31:12 +01:00
453a374801
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
f14e723d40
Fix service name on ingress
It's not alpine
2021-08-24 11:52:35 +01:00
601b916b43
Remove deprecated clients from wireguard server
I use nebula now for all that
2021-08-24 11:14:04 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
ecb946bab4
Remove nginx version from headers 2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00