Commit graph

1502 commits

Author SHA1 Message Date
670ad78d44
Add wireguard config for glinet router
All checks were successful
/ terraform (push) Successful in 44s
/ ansible (push) Successful in 1m34s
2024-04-23 22:19:57 +01:00
8929a22ce5
Use LSIO docker socket proxy
All checks were successful
/ terraform (push) Successful in 53s
/ ansible (push) Successful in 1m31s
2024-04-23 19:52:48 +01:00
ee96e6ab08
Rename forrest role to prometheus
Some checks failed
/ ansible (push) Failing after 1m35s
/ terraform (push) Failing after 12m54s
Makes organising much simpler
2024-04-21 19:47:02 +01:00
ffbba254fb
Remove redundant quotes 2024-04-21 18:11:57 +01:00
c472411801
Deploy uptime-kuma 2024-04-21 18:11:39 +01:00
7564911da3
Add IPv6 to blackbox
Some checks failed
/ terraform (push) Failing after 3s
/ ansible (push) Failing after 2s
This is needed to monitor private services
2024-04-20 18:12:38 +01:00
7ff44ee238
Add IPv6 to proxmox internal network 2024-04-20 18:00:08 +01:00
7c8d224c4a
Add headscale ACLs
Some checks failed
/ ansible (push) Failing after 39s
/ terraform (push) Failing after 46s
Tags are managed entirely server side, so there's no priv esc issues.

This lets my devices do what they want, and server style devices can't do anything.
2024-04-20 15:46:21 +01:00
7bc0ebeb26 Update traefik Docker tag to v2.11
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 17:43:05 +01:00
33f9c544fd
Remove /tt-rss/ path from URL
Some checks failed
/ terraform (push) Failing after 3s
/ ansible (push) Failing after 2s
2024-04-15 17:33:36 +01:00
b6583cc823
Update Nextcloud version in config
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 15:28:16 +01:00
9c02017fed
Unpin tandoor 2024-04-15 15:28:16 +01:00
91ec56717f Update dependency artis3n.tailscale to v4.4.4
Some checks failed
/ terraform (push) Failing after 16s
/ ansible (push) Failing after 13s
2024-04-15 15:07:14 +01:00
3318656730 Update dependency geerlingguy.ntp to v2.4.0
Some checks failed
/ ansible (push) Failing after 24s
/ terraform (push) Failing after 31s
2024-04-15 15:06:23 +01:00
9d98d88089 Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.4
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 15:02:53 +01:00
67af033fcd Update dependency dokku_bot.ansible_dokku to v2024
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 14:36:50 +01:00
5330fdc56f Update ghcr.io/goauthentik/server Docker tag to v2024
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 14:11:11 +01:00
2e0b562f5d Update matrixdotorg/synapse Docker tag to v1.104.0
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 13:58:20 +01:00
989a804bad Update wallabag/wallabag Docker tag to v2.6.9
Some checks failed
/ terraform (push) Failing after 51s
/ ansible (push) Failing after 46s
2024-04-03 12:00:18 +01:00
8424b3211b
Allow ingress to serve as tailscale exit node
All checks were successful
/ terraform (push) Successful in 38s
/ ansible (push) Successful in 1m46s
2024-03-28 23:30:24 +00:00
5157940f20
Stop exposing homeassistant
All checks were successful
/ terraform (push) Successful in 58s
/ ansible (push) Successful in 1m52s
2024-03-23 11:54:26 +00:00
eb6fe3a23b
Allow forrest to access internal services
All checks were successful
/ terraform (push) Successful in 36s
/ ansible (push) Successful in 1m36s
This is mostly for monitoring
2024-03-22 18:13:25 +00:00
b2656bdf43
Make vaultwarden VPN only
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m36s
The first service to go dark...
2024-03-21 23:20:27 +00:00
0295507d0b
Increase frequency of snapshots
Some checks failed
/ terraform (push) Failing after 34s
/ ansible (push) Successful in 1m34s
2024-03-19 21:31:27 +00:00
f88d224168
Allow only exposing services over Tailscale
Some checks failed
/ terraform (push) Failing after 41s
/ ansible (push) Successful in 1m41s
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
451a114262
Add IPv6 support for internal DNS overrides
CoreDNS 1.11.2 finally shipped!
2024-03-07 20:02:39 +00:00
119b3212a9
Remove robots.txt for gitea
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m30s
2024-03-04 08:38:16 +00:00
5aae711cb8 Update vaultwarden/server Docker tag to v1.30.5
All checks were successful
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m45s
2024-03-04 08:33:59 +00:00
f552332598 Update lscr.io/linuxserver/mastodon Docker tag to v4.2.8
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-03-04 08:33:51 +00:00
82451784a8
Deploy slides hosting
All checks were successful
/ terraform (push) Successful in 50s
/ ansible (push) Successful in 1m49s
2024-03-03 21:39:22 +00:00
000f3d3348
Add HSTS to all nginx requests 2024-03-03 21:37:07 +00:00
0dcc3f7c30
Use regular version of nginx on Arch
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m30s
`nginx-mainline` requires modules be recompiled each time, and isn't handled automatically. It's still a very new and maintained release.
2024-02-29 19:46:32 +00:00
8a1e21c79d
Ensure headscale sees the correct IP
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m48s
2024-02-29 17:41:29 +00:00
998d798797
Set maintenance window for nextcloud
All checks were successful
/ terraform (push) Successful in 26s
/ ansible (push) Successful in 1m37s
2024-02-21 21:57:03 +00:00
11a93dac55
Update nextcloud version in config 2024-02-21 21:52:58 +00:00
97da6edc13 Update dependency ansible-lint to v24
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m36s
2024-02-21 21:47:29 +00:00
d66708b10b Update dependency artis3n.tailscale to v4.4.2
All checks were successful
/ terraform (push) Successful in 24s
/ ansible (push) Successful in 1m34s
2024-02-21 21:43:33 +00:00
7d64518840 Update matrixdotorg/synapse Docker tag to v1.101.0
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-21 21:43:15 +00:00
26bcf09fea Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.2
Some checks failed
/ terraform (push) Has been cancelled
/ ansible (push) Has been cancelled
2024-02-21 21:42:50 +00:00
808e72553b
Add the basics of some edge caching
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-21 21:42:16 +00:00
b513c88774 Update vaultwarden/server Docker tag to v1.30.3
All checks were successful
/ ansible (push) Successful in 1m33s
/ terraform (push) Successful in 27s
2024-02-19 14:13:02 +00:00
7741fbc163 Update vabene1111/recipes Docker tag to v1.5.13
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 1m34s
2024-02-19 14:07:32 +00:00
45cf930d14 Update lscr.io/linuxserver/mastodon Docker tag to v4.2.7
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m54s
2024-02-17 08:00:21 +00:00
58c48261e7
Consolidate vikunja container
All checks were successful
/ terraform (push) Successful in 53s
/ ansible (push) Successful in 1m51s
2024-02-12 14:12:17 +00:00
91a247868b
Add routes from forrest to tailscale network
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m35s
2024-02-07 22:12:08 +00:00
df43be6f9b
Set private_ip for some other machines
All checks were successful
/ terraform (push) Successful in 36s
/ ansible (push) Successful in 1m39s
2024-02-07 19:27:48 +00:00
b6eca40ae0
Allow tailscale IP in more places 2024-02-07 18:21:16 +00:00
6c1c245c23 Update matrixdotorg/synapse Docker tag to v1.100.0
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 1m38s
2024-02-02 13:38:12 +00:00
379d4a26fa Update vabene1111/recipes Docker tag to v1.5.12
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-02 13:38:00 +00:00
f1a2694f1a Update lscr.io/linuxserver/mastodon Docker tag to v4.2.5
Some checks failed
/ terraform (push) Successful in 29s
/ ansible (push) Has been cancelled
2024-02-02 13:37:05 +00:00
02847355a7
Install tailscale
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m34s
Install, not configure
2024-02-01 19:41:47 +00:00
29cac09b48
Remove explicit port for headscale 2024-02-01 18:32:53 +00:00
dba0262801
Remove website tmpfs
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m36s
The server's disk is probably fast enough, and container restarts will nuke that storage anyway
2024-02-01 18:15:51 +00:00
0c6528f9ca
Restrict access to headscale OIDC and API
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m33s
2024-01-31 21:40:43 +00:00
dfa8328e7b
Move gateway logs to separate file 2024-01-31 21:06:19 +00:00
53c758a781
Monitor headscale with prometheus
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m38s
2024-01-27 17:40:02 +00:00
b51677b795
Back up headscale config
All checks were successful
/ terraform (push) Successful in 48s
/ ansible (push) Successful in 1m51s
2024-01-27 15:04:53 +00:00
2ceeaf091d
Deploy headscale
Some checks failed
/ terraform (push) Failing after 11m20s
/ ansible (push) Failing after 11m6s
2024-01-27 14:18:37 +00:00
06784563a7
Don't resolve ipv6
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m36s
Something about this setup doesn't like it, so I'll disable v6 for now
2024-01-26 21:43:04 +00:00
4f6f4143ce Update matrixdotorg/synapse Docker tag to v1.99.0
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m46s
2024-01-22 09:15:38 +00:00
5292785cd9 Update wallabag/wallabag Docker tag to v2.6.8
Some checks are pending
/ terraform (push) Has started running
/ ansible (push) Successful in 1m38s
2024-01-22 09:11:27 +00:00
d297674fb5 Update vabene1111/recipes Docker tag to v1.5.11
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m51s
2024-01-22 08:42:36 +00:00
88f0828153
Use primary Quad9 servers
All checks were successful
/ terraform (push) Successful in 47s
/ ansible (push) Successful in 1m39s
DNSSEC and malware blocking is probably useful, just in case
2024-01-21 23:19:49 +00:00
cfc3de61b4
Add fallback quad9 address
This aids availability, along with a healthcheck
2024-01-21 23:05:25 +00:00
c6bae0f797
Do simple endsWith matching for docker view
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m42s
This saves the need for a regex
2024-01-14 22:27:02 +00:00
4c5936b2aa
Disable Grafana analytics
All checks were successful
/ terraform (push) Successful in 32s
/ ansible (push) Successful in 1m41s
2024-01-14 15:30:12 +00:00
9d685d85aa
Update website deployment to unify containers
All checks were successful
/ terraform (push) Successful in 1m9s
/ ansible (push) Successful in 2m17s
2024-01-14 14:22:19 +00:00
ac166c3874
Start resolved to support mDNS
All checks were successful
/ terraform (push) Successful in 34s
/ ansible (push) Successful in 1m44s
2024-01-10 13:28:45 +00:00
06b9197c5b
Sync terraform state to restic
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m47s
This allows it to be backed up easily
2024-01-09 19:56:06 +00:00
4a69df1d6c
Ignore ansible-lint for nebula install block
All checks were successful
/ terraform (push) Successful in 1m28s
/ ansible (push) Successful in 1m48s
I'm smarter than it is
2024-01-08 21:49:38 +00:00
f33d19e156
Move AdGuardHome configuration to Terraform
https://git.theorangeone.net/systems/adguardhome
2024-01-08 21:45:28 +00:00
ed59458f39
Add backups to tang
Some checks failed
/ terraform (push) Successful in 1m21s
/ ansible (push) Failing after 1m37s
2024-01-08 19:20:55 +00:00
616d20e23b
Tweak some AGH settings
Some checks failed
/ terraform (push) Successful in 1m15s
/ ansible (push) Failing after 1m59s
2024-01-08 19:01:46 +00:00
383a57d1f2
Use DoH endpoint fot quad9
Seems latency is much lower
2024-01-08 18:21:03 +00:00
c8211d4756
Use Debian repo version of nginx
Some checks failed
/ terraform (push) Successful in 1m3s
/ ansible (push) Failing after 1m53s
It's older, and doesn't have `stream` compiled in, but the repo one can't link to any of the installed modules, which is a non-starter.
2024-01-04 14:17:36 +00:00
57ad143268
Set password for homeassistant SMB mount
Some checks failed
/ terraform (push) Successful in 38s
/ ansible (push) Failing after 1m40s
It had an IP restriction, but still
2024-01-03 21:23:49 +00:00
16e9952b2f
Replace custom restic logs with runitor 2024-01-03 21:09:07 +00:00
f5154d1683
Use CoreDNS to do recursive CNAME aliasing for AGH
Some checks failed
/ terraform (push) Successful in 47s
/ ansible (push) Failing after 1m38s
2024-01-02 17:48:47 +00:00
3ed7074af6
Rename coredns role 2024-01-02 17:02:34 +00:00
5581bbc01a
Replace pihole with adguardhome
All checks were successful
/ terraform (push) Successful in 1m13s
/ ansible (push) Successful in 2m19s
AGH is much simpler to install and manage, and does DoH natively.
2024-01-01 15:48:14 +00:00
56bfe544e4
nginx HTTPS redirect on ipv6 2023-12-31 22:49:11 +00:00
83543fe081
Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.1
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m49s
2023-12-28 21:39:28 +00:00
0e0d0c9b82
walker doesn't have a traefik anymore
All checks were successful
/ terraform (push) Successful in 1m8s
/ ansible (push) Successful in 2m15s
2023-12-26 22:31:12 +00:00
026d8db13e
Be root when generating dhparams
All checks were successful
/ terraform (push) Successful in 37s
/ ansible (push) Successful in 1m50s
This is needed to write to the destination
2023-12-24 19:44:30 +00:00
593a945c5c
Install nginx from package manager if available 2023-12-24 19:44:30 +00:00
bd15946f3b
Update Nebula 2023-12-24 19:44:30 +00:00
f4b96afcfa
Deploy ntfy
All checks were successful
/ terraform (push) Successful in 1m15s
/ ansible (push) Successful in 2m22s
2023-12-23 16:40:53 +00:00
c0c7f393e3
Only pin to minor versions of gitea
All checks were successful
/ terraform (push) Successful in 32s
/ ansible (push) Successful in 1m48s
2023-12-21 16:43:18 +00:00
5fd952be4c
Only pin to minor version of Authentik 2023-12-21 16:42:02 +00:00
1e798ac5ce
Don't require role variables to be prefixed 2023-12-21 16:38:24 +00:00
39899cd1e0
Use certbot to issue certificates 2023-12-21 16:38:07 +00:00
8e1a203df2
Add helper map for better websocket support 2023-12-21 16:38:07 +00:00
a3baf8be1e
Use nginx as reverse proxy on walker, removing traefik
SSL coming soon
2023-12-21 16:38:07 +00:00
a7eb372899
Fix HTTPS redirect hostname 2023-12-21 14:58:19 +00:00
80a770f399
Add include files before main nginx config 2023-12-21 14:58:04 +00:00
ef432642dd
Unify nginx module tasks
Some checks failed
/ terraform (push) Successful in 1m8s
/ ansible (push) Failing after 2m0s
2023-12-20 22:35:11 +00:00
b32a63bd72
Add helpful includes
Along with ensuring there are dhparams
2023-12-20 22:29:42 +00:00
2336e4dd5b
Add brotli
All checks were successful
/ terraform (push) Successful in 1m5s
/ ansible (push) Successful in 2m19s
2023-12-17 18:12:33 +00:00
46eda36515
Fully block Server header
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m46s
2023-12-16 21:57:19 +00:00
cfb498d7c6
Only add HTTPS redirect when it's needed
All checks were successful
/ terraform (push) Successful in 1m3s
/ ansible (push) Successful in 2m7s
2023-12-16 18:13:49 +00:00
48efcf4d91
Use mainline nginx release on Arch 2023-12-16 18:03:01 +00:00
930cf87084
gzip as much as makes sense 2023-12-16 17:58:15 +00:00
92052a3d0a
Unify nginx configuration
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
2023-12-16 17:47:04 +00:00
943c141d59
Ensure ingress proxy doesn't terminate connections
All checks were successful
/ terraform (push) Successful in 1m6s
/ ansible (push) Successful in 2m16s
This mostly works around a weird issues with Jellyfin
2023-12-14 22:08:02 +00:00
2ff2128330
Set pihole temp unit 2023-12-14 22:04:14 +00:00
b33e19e152
Remove unnecessary extra variable definitions
The world could do with a bit less YAML!
2023-12-14 22:03:23 +00:00
7ad5d6e51e
Deploy coredns as a proxy to Docker's internal DNS 2023-12-14 21:04:26 +00:00
7381c1f10a
Update nextcloud version in config.php
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m41s
2023-12-13 17:48:46 +00:00
18fd0631e1 Update lscr.io/linuxserver/nextcloud Docker tag to v28
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m37s
2023-12-13 17:38:40 +00:00
05eee3f4de Update gitea/gitea Docker tag to v1.21.2
Some checks failed
/ terraform (push) Successful in 31s
/ ansible (push) Has been cancelled
2023-12-13 17:37:11 +00:00
e0f7b47961 Update lscr.io/linuxserver/mastodon Docker tag to v4.2.3
All checks were successful
/ terraform (push) Successful in 1m4s
/ ansible (push) Successful in 2m6s
2023-12-05 18:00:28 +00:00
c0df505f70
Disable browser updates for nextcloud
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m36s
2023-12-04 09:39:14 +00:00
aecd7c0a18
Upgrade nextcloud version in config 2023-12-04 09:38:43 +00:00
b9c5c7ce01 Update lscr.io/linuxserver/nextcloud Docker tag to v27.1.4
All checks were successful
/ terraform (push) Successful in 26s
/ ansible (push) Successful in 1m34s
2023-12-04 09:35:32 +00:00
e815fcb2be
Pin all redis versions to 7
All checks were successful
/ terraform (push) Successful in 28s
/ ansible (push) Successful in 1m34s
Keeps them all in sync
2023-12-04 09:22:51 +00:00
ad7bd24fec Update dependency ansible-lint to v6.22.1
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 2m38s
2023-12-04 09:10:46 +00:00
85352014ab Update matrixdotorg/synapse Docker tag to v1.97.0
Some checks failed
/ terraform (push) Successful in 27s
/ ansible (push) Has been cancelled
2023-12-04 09:09:07 +00:00
01eb469ac8 Update vabene1111/recipes Docker tag to v1.5.10
Some checks failed
/ terraform (push) Successful in 26s
/ ansible (push) Has been cancelled
2023-12-03 14:00:28 +00:00
461ec71b12
Update gitea branding path
All checks were successful
/ terraform (push) Successful in 32s
/ ansible (push) Successful in 1m46s
2023-11-27 19:19:58 +00:00
2fe093668d Update ghcr.io/goauthentik/server Docker tag to v2023.10.4
All checks were successful
/ terraform (push) Successful in 26s
/ ansible (push) Successful in 1m36s
2023-11-27 08:37:21 +00:00
58c14c7f94 Update vaultwarden/server Docker tag to v1.30.1
All checks were successful
/ terraform (push) Successful in 26s
/ ansible (push) Successful in 1m36s
2023-11-27 08:35:50 +00:00
d0a994198c Update gitea/gitea Docker tag to v1.21.1
All checks were successful
/ terraform (push) Successful in 1m4s
/ ansible (push) Successful in 2m7s
2023-11-26 18:00:27 +00:00
5e8918221f Update gitea/gitea Docker tag to v1.21.0
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m38s
2023-11-19 18:04:14 +00:00
0d970d276d Update matrixdotorg/synapse Docker tag to v1.96.1
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m37s
2023-11-19 17:59:53 +00:00
8666933bfb
Revert "Use OIDC to log in to tt-rss"
All checks were successful
/ terraform (push) Successful in 1m5s
/ ansible (push) Successful in 2m11s
OIDC breaks any kind of API integration, which is very annoying

This reverts commit 66ddef96e2.
2023-11-18 21:57:16 +00:00
3df1e1d46b
Update Nextcloud version in config.php
All checks were successful
/ terraform (push) Successful in 24s
/ ansible (push) Successful in 1m41s
2023-11-13 18:22:42 +00:00
e3da2710a7 Update lscr.io/linuxserver/nextcloud Docker tag to v27.1.3
All checks were successful
/ terraform (push) Successful in 28s
/ ansible (push) Successful in 1m39s
2023-11-13 18:22:06 +00:00
19febd9c35 Update matrixdotorg/synapse Docker tag to v1.95.1
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m41s
2023-11-13 18:19:38 +00:00
f0c0b6d4b4 Update vaultwarden/server Docker tag to v1.30.0
All checks were successful
/ terraform (push) Successful in 28s
/ ansible (push) Successful in 1m41s
2023-11-13 18:17:52 +00:00
d76ff190b3 Update dependency yamllint to v1.33.0
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 1m36s
2023-11-13 18:15:52 +00:00
a4958e619a Update ghcr.io/goauthentik/server Docker tag to v2023.10.3
All checks were successful
/ terraform (push) Successful in 28s
/ ansible (push) Successful in 1m45s
2023-11-13 18:15:28 +00:00
e4b2318c82
Monitor authentik
All checks were successful
/ terraform (push) Successful in 37s
/ ansible (push) Successful in 1m42s
2023-11-12 21:25:02 +00:00
dfef31cbfa
Deploy minio
My own S3, for various things
2023-11-12 21:23:54 +00:00
38840402b9
Disable repo units I don't use by default
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m41s
2023-11-12 18:28:01 +00:00
5f31a39804
Ensure Nextcloud can talk to local servers
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m40s
Needed for Authentik
2023-11-08 19:51:16 +00:00
66ddef96e2
Use OIDC to log in to tt-rss 2023-11-08 19:46:16 +00:00
935b099c4f
Decommission upload
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m38s
It was never really used for anything, and I want to replace it with something better eventually
2023-11-07 21:17:21 +00:00
dbbfe55975
Deploy authentik
_again_.
2023-11-07 21:17:21 +00:00
48dbaeed99
Deploy remark42
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m43s
To soon replace Commento
2023-11-06 21:29:28 +00:00
5fb605231d
Allow pings to ingress
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m50s
This makes testing connections much simpler
2023-11-05 21:48:25 +00:00
dd1558bafa
Set sensible permissions on nftables config 2023-11-05 21:43:16 +00:00
b0347fc037
Remove redundant quotes 2023-11-05 21:43:02 +00:00
64f5763571
Ensure nginx role is actually installed
Some checks failed
/ terraform (push) Successful in 33s
/ ansible (push) Failing after 1m36s
2023-11-05 21:37:33 +00:00
f1ac40f432
Reduce pihole cache size
Some checks failed
/ terraform (push) Successful in 1m9s
/ ansible (push) Failing after 2m11s
This is still a lot of records, and pihole complains with values any larger
2023-11-05 13:22:05 +00:00
850278ab19
Allow nebula through firewall
Some checks failed
/ terraform (push) Successful in 1m6s
/ ansible (push) Failing after 2m8s
2023-11-03 18:06:36 +00:00
b1284877a3
Update blackbox configuration for not following redirects
Some checks failed
/ terraform (push) Successful in 30s
/ ansible (push) Failing after 1m23s
2023-11-01 22:14:35 +00:00
6b4285a264
Let alertmanager run as its own user
It's already not-root, and can't access the filesystem anyway
2023-11-01 22:13:37 +00:00
3ed786336e
Remove wireguard_53
Some checks failed
/ terraform (push) Successful in 34s
/ ansible (push) Failing after 1m25s
I never used it - no reason to maintain it
2023-10-26 21:50:22 +01:00
9f83efa53b
Use nftables for firewall on ingress
See ya never, iptables!
2023-10-26 21:34:06 +01:00
54e2205e48
Don't bother renaming speedtest metrics
Some checks failed
/ terraform (push) Successful in 32s
/ ansible (push) Failing after 1m20s
2023-10-23 22:09:25 +01:00