|
|
d5c7d94ac8
|
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
|
2022-01-15 23:44:06 +00:00 |
|
|
|
1348eb8b1c
|
Prefent yourls redirect page being indexed
|
2022-01-11 21:20:23 +00:00 |
|
|
|
c5215e330b
|
Update yamllint to fix dependency issue
I think this still validates everything we need it to
|
2022-01-11 20:51:12 +00:00 |
|
|
|
02cfd37a02
|
Update uptime-kuma
|
2022-01-08 12:18:25 +00:00 |
|
|
|
1a74e05a7c
|
Create a dedicated machine for renovate
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
|
2022-01-01 22:59:13 +00:00 |
|
|
|
78b0161585
|
Install renovate
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
|
2022-01-01 18:23:32 +00:00 |
|
|
|
b81f250d02
|
Update clickhouse config to reference new tables to remove
|
2021-12-29 17:34:07 +00:00 |
|
|
|
062c4a25fb
|
Keep just 2 weeks of backrest logs
That's ample
|
2021-12-28 12:57:57 +00:00 |
|
|
|
711d78bfd3
|
Only try and rotate the log files
Previously, this was also rotating the compressed logs, for some reason
|
2021-12-28 12:57:08 +00:00 |
|
|
|
3a7d2194cc
|
Update tt-rss DB to postgres 14
|
2021-12-22 22:39:46 +00:00 |
|
|
|
66c48c4a69
|
Remove old domain for vaultwarden
It's been long enough
|
2021-12-22 15:41:14 +00:00 |
|
|
|
e6ecffdf62
|
Update vaultwarden DB to postgres 14
|
2021-12-22 15:33:40 +00:00 |
|
|
|
ec9ca428a3
|
Update synapse DB to postgres 14
|
2021-12-22 15:24:37 +00:00 |
|
|
|
fbdbc8afb5
|
Update quassel DB to postgres 14
|
2021-12-22 13:17:01 +00:00 |
|
|
|
da41fcd7bc
|
Update grafana DB to postgres 14
|
2021-12-22 13:10:06 +00:00 |
|
|
|
6681ad43fb
|
Update plausible DB to postgres 14
|
2021-12-22 12:57:49 +00:00 |
|
|
|
31b7811b1f
|
Use new clickhouse docker repository
|
2021-12-22 12:01:25 +00:00 |
|
|
|
b6a0fdfd1d
|
Unpin the version of yourls
It's a very simple, non-critical application, which I keep forgetting to update
|
2021-12-21 21:48:41 +00:00 |
|
|
|
1c645fa106
|
Update yourls mariadb to 10.7
|
2021-12-21 21:40:56 +00:00 |
|
|
|
c5beb223be
|
Update clickhouse to 21.12
|
2021-12-21 21:31:53 +00:00 |
|
|
|
0734ff42d8
|
Move grafana variables to vault file
|
2021-12-21 20:22:47 +00:00 |
|
|
|
7b6675a9d0
|
Move gitlab variables to single vault
|
2021-12-21 20:12:05 +00:00 |
|
|
|
4cbc15fe0b
|
Move gitlab runner secrets to dedicated vault
|
2021-12-21 20:00:54 +00:00 |
|
|
|
66662594d0
|
Extract plausible secrets to dedicated vault
|
2021-12-21 19:57:43 +00:00 |
|
|
|
8d40a49780
|
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
|
2021-12-20 21:17:25 +00:00 |
|
|
|
b50659ab5d
|
Update nextcloud to 23
|
2021-12-19 21:18:09 +00:00 |
|
|
|
a5329665c0
|
Update vaultwarden to 1.23.1
|
2021-12-15 20:21:01 +00:00 |
|
|
|
9834a45ec5
|
Update uptime-kuma to 1.11.1
|
2021-12-15 20:20:50 +00:00 |
|
|
|
699673c3b5
|
Update Synapse to 1.49.0
|
2021-12-15 20:19:51 +00:00 |
|
|
|
9e899d0f52
|
Update nebula to 1.5.2
|
2021-12-15 20:18:25 +00:00 |
|
|
|
4452cc4eeb
|
Update synapse to 1.47.1
|
2021-11-23 22:04:42 +00:00 |
|
|
|
eed75d8648
|
Mount homeassistant data into restic for external backup
|
2021-11-21 21:53:35 +00:00 |
|
|
|
47bcbd855e
|
Update nextcloud to 22.2.3
|
2021-11-16 21:04:54 +00:00 |
|
|
|
5c0987de4d
|
Update uptime-kuma
|
2021-11-15 20:26:29 +00:00 |
|
|
|
e1205564cb
|
Update nebula to 1.5.0
|
2021-11-15 20:26:20 +00:00 |
|
|
|
ef22a43293
|
Update uptime-kuma to fix security issue
|
2021-10-29 21:52:09 +01:00 |
|
|
|
1b4d5de701
|
Rename plausible embed router
There's nothing really "bare" about it
|
2021-10-29 20:47:02 +01:00 |
|
|
|
0cb2a70d24
|
Upgrade Plausible to 1.4
|
2021-10-29 20:46:28 +01:00 |
|
|
|
090745456f
|
Update vaultwarden to 1.23.0
|
2021-10-23 16:24:42 +01:00 |
|
|
|
41fadd892e
|
Update uptime-kuma
|
2021-10-23 16:24:29 +01:00 |
|
|
|
4cdaba4692
|
Swap certificates for wildcards
|
2021-10-18 21:59:10 +01:00 |
|
|
|
ebb571bf20
|
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
|
2021-10-15 12:39:16 +01:00 |
|
|
|
6cc7d0b89e
|
Update synapse
|
2021-10-14 18:34:49 +01:00 |
|
|
|
31208856c2
|
Pin uptime-kuma version
It's pretty important now
|
2021-10-14 18:34:00 +01:00 |
|
|
|
6f0d4b60df
|
Run more web processes for tt-rss
|
2021-10-03 16:45:18 +01:00 |
|
|
|
c867efbe3b
|
Use alternative container registries where available
|
2021-10-03 16:26:10 +01:00 |
|
|
|
3727dd473c
|
Update synapse to 1.43
|
2021-10-01 21:17:13 +01:00 |
|
|
|
7fd176466d
|
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
|
2021-10-01 20:52:07 +01:00 |
|
|
|
4db474034e
|
Ignore my VMs from a fail2ban
|
2021-09-27 14:49:56 +01:00 |
|
|
|
7e2d01c612
|
Change domain
Now there's a status page, we can consider it public
|
2021-09-25 21:34:18 +01:00 |
|
|
|
3daf939b32
|
Update uptime-kuma container
Now does user management itself
|
2021-09-25 21:08:42 +01:00 |
|
|
|
a135aae5f3
|
Provision new VM
This will be used for monitoring
|
2021-09-25 16:59:23 +01:00 |
|
|
|
48934ad2c5
|
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
|
2021-09-19 22:48:48 +01:00 |
|
|
|
83ed8879dc
|
Correctly set smtp user for GitLab
The user and from are different in my case.
|
2021-09-19 22:34:40 +01:00 |
|
|
|
178ca6b2c4
|
Add privatebin config
Disable super long expirations, among other things
|
2021-09-19 19:29:05 +01:00 |
|
|
|
d70f450e2d
|
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
|
2021-09-07 22:04:23 +01:00 |
|
|
|
0a8167c839
|
Remove stray expose
Traefik picks up the port just fine
|
2021-09-07 21:04:19 +01:00 |
|
|
|
eedba465c4
|
Update synapse
|
2021-09-07 21:04:04 +01:00 |
|
|
|
a278443850
|
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
|
2021-09-04 22:41:30 +01:00 |
|
|
|
6e25403b3d
|
Update synapse to 1.41.1
|
2021-08-31 19:08:38 +01:00 |
|
|
|
86e9d12ce6
|
Update nextcloud to 22.1.1
|
2021-08-31 19:03:19 +01:00 |
|
|
|
07b2ea2ccb
|
Add the ability to exclude certain paths from backup
|
2021-08-30 21:49:58 +01:00 |
|
|
|
95216b32c4
|
Consolidate server blocks
|
2021-08-24 14:31:12 +01:00 |
|
|
|
453a374801
|
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.
Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
|
2021-08-24 14:21:51 +01:00 |
|
|
|
f14e723d40
|
Fix service name on ingress
It's not alpine
|
2021-08-24 11:52:35 +01:00 |
|
|
|
edc5c325b7
|
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
|
2021-08-23 19:56:04 +01:00 |
|
|
|
ecb946bab4
|
Remove nginx version from headers
|
2021-08-23 16:12:34 +01:00 |
|
|
|
93cba46dd1
|
Redirect to HTTPS at the edge
|
2021-08-23 16:10:37 +01:00 |
|
|
|
a54d373526
|
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
|
2021-08-22 22:35:09 +01:00 |
|
|
|
8fabd11e31
|
Remove unnecessary pve role
no-subscription is handled by the nag removal role
|
2021-08-22 15:20:27 +01:00 |
|
|
|
f0a3585592
|
Use distribution name in repo URL
|
2021-08-22 14:44:34 +01:00 |
|
|
|
0874158a91
|
Update traefik to 2.5
|
2021-08-22 11:16:37 +01:00 |
|
|
|
c04e8b628a
|
Update synapse to 1.40.0
|
2021-08-22 11:16:19 +01:00 |
|
|
|
c99afdd446
|
Disable gzip on qbittorrent egress
It's mostly used over the internal network, so the additional gzip isn't going to gain anything when the disk is the bottleneck
|
2021-08-21 16:46:21 +01:00 |
|
|
|
55e3b81f06
|
Install release version of gitlab-dater onto GitLab server
Rather than than hacky development one I was using before
|
2021-08-10 22:51:12 +01:00 |
|
|
|
e421657619
|
Ensure restic gets the correct permissions when it's updated
Yes it's weird to modify the system package like this, but it's very handy.
See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
|
2021-08-10 08:45:59 +01:00 |
|
|
|
ab46c30df2
|
Start graphing some speeds
|
2021-08-07 10:59:42 +01:00 |
|
|
|
d0e472b51a
|
Update synapse to 1.39.0
|
2021-08-06 18:20:48 +01:00 |
|
|
|
11bf501d8a
|
Update nextcloud to 22.1.0
|
2021-08-06 18:20:38 +01:00 |
|
|
|
9755974647
|
Update vaultwarden to 1.22.2
|
2021-08-06 18:17:22 +01:00 |
|
|
|
f3bc72d2ba
|
Provision uptime-kuma
|
2021-07-31 16:43:12 +01:00 |
|
|
|
1399529a47
|
Move stray storage to tank
|
2021-07-17 20:32:26 +01:00 |
|
|
|
8f831c8191
|
Update synapse to 1.37.1
|
2021-07-11 20:20:56 +01:00 |
|
|
|
501fe81979
|
Update nextcloud to v22
|
2021-07-11 20:20:48 +01:00 |
|
|
|
3daf3ef8ed
|
Pin clickhouse to 21.6
21.7 doesn't work
|
2021-07-11 16:11:09 +01:00 |
|
|
|
b2d226300b
|
Update nextcloud to 21.0.3
|
2021-07-04 21:17:03 +01:00 |
|
|
|
19eb233ffa
|
Update vaultwarden to 1.22.1
|
2021-07-03 11:27:27 +01:00 |
|
|
|
797c44a27d
|
Use proxy protocol v2
Apparently it's better for chaining, and may be faster anyway
|
2021-07-01 22:28:25 +01:00 |
|
|
|
b6adc53746
|
Revert "Capture stderr in logs, too"
This reverts commit 8696f6d93f.
Yeah, this doesn't work. Syntax and intention.
|
2021-06-28 08:33:08 +01:00 |
|
|
|
41a8fe3b4d
|
Use logrotate for backrest logging rather than nuking immediately
Just in case something goes wrong with healthchecks
|
2021-06-27 10:58:01 +01:00 |
|
|
|
8696f6d93f
|
Capture stderr in logs, too
|
2021-06-27 10:53:13 +01:00 |
|
|
|
40e785de38
|
Add yet more metric sources
|
2021-06-26 12:52:55 +01:00 |
|
|
|
32f17908ad
|
Collect metrics on disk usage
|
2021-06-26 12:36:00 +01:00 |
|
|
|
b82e87c04b
|
Remove unnecessary which
`cron` doesn't need a full path
|
2021-06-25 20:57:19 +01:00 |
|
|
|
9296c88ae4
|
Remove date from DB backups
|
2021-06-20 15:23:15 +01:00 |
|
|
|
e3502ae1e0
|
Provision dokku server
|
2021-06-20 12:12:34 +01:00 |
|
|
|
b20ffb27c4
|
Remove gotify
Never used it
|
2021-06-12 19:00:39 +01:00 |
|
|
|
4e5fa59c58
|
Add redis
This isn't really used as a cache, but it is for a couple bits, so nice to enable it anyway, and it might become so in future
|
2021-06-12 18:53:50 +01:00 |
|
|
|
290b147821
|
Thin out synapse config
Previously it was the vast majority of code in the whole repo. Now we only define the necessary keys, and rely much more on defaults, which is nice!
|
2021-06-12 18:49:29 +01:00 |
|
|
|
47e546d51a
|
Add synapse-admin
Useful to see what's going on on the server
|
2021-06-12 18:09:18 +01:00 |
|
