4562b60517
Update Traefik to 2.6
2022-02-08 08:55:50 +00:00
af0eb65cce
Update synapse to 1.51
2022-02-08 08:55:41 +00:00
5df4a2c79a
Rotate nebula keys
...
Turns out they expired last night...
2022-01-30 21:00:38 +00:00
b91072b0da
Create a pages user for user with status checks
2022-01-29 22:18:07 +00:00
a5d9463f80
Ensure webdav pages is also accessible to Traefik
2022-01-29 22:11:19 +00:00
f07b5d9b7b
Migrate include:
to include_tasks
2022-01-22 20:21:32 +00:00
106a89d72f
Use groups to manage sudo access rather than editing sudoers file
2022-01-22 20:10:16 +00:00
7e6e630808
Don't provision occ script on every machine
...
It only makes sense on 1
2022-01-21 22:28:13 +00:00
6db0500e1b
Provision remote f2b key with ansible
2022-01-21 22:11:49 +00:00
e8d4244946
Restart nebula, rather than reloading it
...
Reloading doesn't actually work it seems
2022-01-21 21:52:48 +00:00
af396a21cb
Provision a new casey
on Linode
2022-01-21 21:52:21 +00:00
188b7c9dd6
Install wireguard tools before provisioning config
2022-01-21 20:29:34 +00:00
c1319a134a
Forget snapshots in groups by host
...
By default, it includes the path, which means path changes result in very old snapshots
https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
...
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
9404f71dc6
Remove old DB backups dir from backups
2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases
2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs
2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik
2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
...
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed
2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
...
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
...
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
cf0e718bfb
Migrate decker services to linode
...
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
...
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
...
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma
2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
...
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
...
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove
2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
...
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
...
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14
2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
...
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14
2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14
2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14
2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14
2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14
2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository
2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
...
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7
2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12
2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file
2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault
2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault
2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault
2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars
2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
...
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file
2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
...
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
...
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
...
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23
2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1
2021-12-15 20:21:01 +00:00
9834a45ec5
Update uptime-kuma to 1.11.1
2021-12-15 20:20:50 +00:00
699673c3b5
Update Synapse to 1.49.0
2021-12-15 20:19:51 +00:00
9e899d0f52
Update nebula to 1.5.2
2021-12-15 20:18:25 +00:00
bbfd872a24
Mount the whole host into the restic LXC, so I can backup PVE config
2021-12-11 13:17:58 +00:00
4452cc4eeb
Update synapse to 1.47.1
2021-11-23 22:04:42 +00:00
eed75d8648
Mount homeassistant data into restic for external backup
2021-11-21 21:53:35 +00:00
47bcbd855e
Update nextcloud to 22.2.3
2021-11-16 21:04:54 +00:00
5c0987de4d
Update uptime-kuma
2021-11-15 20:26:29 +00:00
e1205564cb
Update nebula to 1.5.0
2021-11-15 20:26:20 +00:00
ccaff503da
Move decker from AMS to Paris
...
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
2021-11-06 16:45:09 +00:00
64695c3be1
Don't pipe dat ainto curl for healthchecks
...
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
2021-11-04 16:46:59 +00:00
ef22a43293
Update uptime-kuma to fix security issue
2021-10-29 21:52:09 +01:00
1b4d5de701
Rename plausible embed router
...
There's nothing really "bare" about it
2021-10-29 20:47:02 +01:00
0cb2a70d24
Upgrade Plausible to 1.4
2021-10-29 20:46:28 +01:00
090745456f
Update vaultwarden to 1.23.0
2021-10-23 16:24:42 +01:00
41fadd892e
Update uptime-kuma
2021-10-23 16:24:29 +01:00
4cdaba4692
Swap certificates for wildcards
2021-10-18 21:59:10 +01:00
ebb571bf20
Increase GC frequenc to work around restic's high memory usage
...
https://github.com/restic/restic/issues/1988
2021-10-15 12:39:16 +01:00
6cc7d0b89e
Update synapse
2021-10-14 18:34:49 +01:00
31208856c2
Pin uptime-kuma version
...
It's pretty important now
2021-10-14 18:34:00 +01:00
6f0d4b60df
Run more web processes for tt-rss
2021-10-03 16:45:18 +01:00
c867efbe3b
Use alternative container registries where available
2021-10-03 16:26:10 +01:00
3727dd473c
Update synapse to 1.43
2021-10-01 21:17:13 +01:00
7fd176466d
Update nextcloud to 22.2.0
...
Required quite some hacks around federatedfilesharing app not wanting to update
2021-10-01 20:52:07 +01:00
4293d030d4
Don't lint globally installed roles
2021-09-27 14:50:08 +01:00
4db474034e
Ignore my VMs from a fail2ban
2021-09-27 14:49:56 +01:00
7e2d01c612
Change domain
...
Now there's a status page, we can consider it public
2021-09-25 21:34:18 +01:00
3daf939b32
Update uptime-kuma container
...
Now does user management itself
2021-09-25 21:08:42 +01:00
8a37a9d41b
Move uptime-kuma to decker
2021-09-25 21:03:56 +01:00
a135aae5f3
Provision new VM
...
This will be used for monitoring
2021-09-25 16:59:23 +01:00
48934ad2c5
Apply gzip to everything
...
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
83ed8879dc
Correctly set smtp user for GitLab
...
The user and from are different in my case.
2021-09-19 22:34:40 +01:00
178ca6b2c4
Add privatebin config
...
Disable super long expirations, among other things
2021-09-19 19:29:05 +01:00
d70f450e2d
Change forget resolution to 30d
...
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
2021-09-07 22:04:23 +01:00
0a8167c839
Remove stray expose
...
Traefik picks up the port just fine
2021-09-07 21:04:19 +01:00
eedba465c4
Update synapse
2021-09-07 21:04:04 +01:00
a866938207
Fix hostname of restic server
2021-09-06 21:07:10 +01:00
2db8ca5059
Add basic auth to dokku
2021-09-05 23:11:28 +01:00
a278443850
Use auto
on nginx configs
...
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
6e25403b3d
Update synapse to 1.41.1
2021-08-31 19:08:38 +01:00
86e9d12ce6
Update nextcloud to 22.1.1
2021-08-31 19:03:19 +01:00
c2cd2e6e34
Add backups for grimes
2021-08-30 21:50:55 +01:00
07b2ea2ccb
Add the ability to exclude certain paths from backup
2021-08-30 21:49:58 +01:00
259b0ca7a6
Use upstream telegraf
role
...
https://github.com/rossmcdonald/telegraf/pull/54 shipped
2021-08-30 21:22:26 +01:00
dcbe6e8e72
Use upstream version of ansible-role-snapraid
...
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
2021-08-30 21:21:58 +01:00
95216b32c4
Consolidate server blocks
2021-08-24 14:31:12 +01:00
453a374801
Replace ingress proxy with nginx
...
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.
Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
f14e723d40
Fix service name on ingress
...
It's not alpine
2021-08-24 11:52:35 +01:00
601b916b43
Remove deprecated clients from wireguard server
...
I use nebula now for all that
2021-08-24 11:14:04 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
...
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
ecb946bab4
Remove nginx version from headers
2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge
2021-08-23 16:10:37 +01:00
a54d373526
Replace edge proxy with nginx
...
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00
23fc7bbb12
Use slightly less memory for ZFS
2021-08-22 15:58:49 +01:00
1d5616a36f
Update roles so they support newer Debian versions
...
I'm monitoring the PRs, don't worry
2021-08-22 15:22:11 +01:00
8fabd11e31
Remove unnecessary pve role
...
no-subscription is handled by the nag removal role
2021-08-22 15:20:27 +01:00
f0a3585592
Use distribution name in repo URL
2021-08-22 14:44:34 +01:00
0874158a91
Update traefik to 2.5
2021-08-22 11:16:37 +01:00
c04e8b628a
Update synapse to 1.40.0
2021-08-22 11:16:19 +01:00
c99afdd446
Disable gzip on qbittorrent egress
...
It's mostly used over the internal network, so the additional gzip isn't going to gain anything when the disk is the bottleneck
2021-08-21 16:46:21 +01:00
55e3b81f06
Install release version of gitlab-dater
onto GitLab server
...
Rather than than hacky development one I was using before
2021-08-10 22:51:12 +01:00
e421657619
Ensure restic gets the correct permissions when it's updated
...
Yes it's weird to modify the system package like this, but it's very handy.
See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
2021-08-10 08:45:59 +01:00
ab46c30df2
Start graphing some speeds
2021-08-07 10:59:42 +01:00
d0e472b51a
Update synapse to 1.39.0
2021-08-06 18:20:48 +01:00
11bf501d8a
Update nextcloud to 22.1.0
2021-08-06 18:20:38 +01:00
9755974647
Update vaultwarden to 1.22.2
2021-08-06 18:17:22 +01:00
f3bc72d2ba
Provision uptime-kuma
2021-07-31 16:43:12 +01:00
1399529a47
Move stray storage to tank
2021-07-17 20:32:26 +01:00
8f831c8191
Update synapse to 1.37.1
2021-07-11 20:20:56 +01:00
501fe81979
Update nextcloud to v22
2021-07-11 20:20:48 +01:00
3daf3ef8ed
Pin clickhouse to 21.6
...
21.7 doesn't work
2021-07-11 16:11:09 +01:00
b2d226300b
Update nextcloud to 21.0.3
2021-07-04 21:17:03 +01:00
19eb233ffa
Update vaultwarden to 1.22.1
2021-07-03 11:27:27 +01:00
797c44a27d
Use proxy protocol v2
...
Apparently it's better for chaining, and may be faster anyway
2021-07-01 22:28:25 +01:00
b6adc53746
Revert "Capture stderr in logs, too"
...
This reverts commit 8696f6d93f
.
Yeah, this doesn't work. Syntax and intention.
2021-06-28 08:33:08 +01:00
41a8fe3b4d
Use logrotate for backrest logging rather than nuking immediately
...
Just in case something goes wrong with healthchecks
2021-06-27 10:58:01 +01:00
8696f6d93f
Capture stderr in logs, too
2021-06-27 10:53:13 +01:00
1c07534c40
Stop resetting dokku hostname to default
2021-06-26 21:27:39 +01:00
40e785de38
Add yet more metric sources
2021-06-26 12:52:55 +01:00
32f17908ad
Collect metrics on disk usage
2021-06-26 12:36:00 +01:00
77d2b82761
Add healthchecks for snapraid
2021-06-26 11:45:56 +01:00
18603d726e
Add username to proxmox-nag-removal role
...
Makes it obviously not one of mine
2021-06-25 22:47:21 +01:00
09a010f28e
Version snapraid config
...
Using fork of role at https://github.com/IronicBadger/ansible-role-snapraid/pull/7
2021-06-25 22:43:26 +01:00
b82e87c04b
Remove unnecessary which
...
`cron` doesn't need a full path
2021-06-25 20:57:19 +01:00
50c5ed68e3
Install some dokku plugins
2021-06-22 22:57:02 +01:00
83c84abc62
Use dokku role to install it
...
I also switched the host to debian, as the arch install didn't quite work.
2021-06-22 22:08:01 +01:00
9296c88ae4
Remove date from DB backups
2021-06-20 15:23:15 +01:00
bb5bbf16f5
Remove alpine special case
...
https://github.com/ansible-collections/community.general/pull/1722 has shipped.
2021-06-20 12:43:59 +01:00
8948437b66
Use official extension
2021-06-20 12:39:58 +01:00
e3502ae1e0
Provision dokku server
2021-06-20 12:12:34 +01:00
b20ffb27c4
Remove gotify
...
Never used it
2021-06-12 19:00:39 +01:00
4e5fa59c58
Add redis
...
This isn't really used as a cache, but it is for a couple bits, so nice to enable it anyway, and it might become so in future
2021-06-12 18:53:50 +01:00
290b147821
Thin out synapse config
...
Previously it was the vast majority of code in the whole repo. Now we only define the necessary keys, and rely much more on defaults, which is nice!
2021-06-12 18:49:29 +01:00
47e546d51a
Add synapse-admin
...
Useful to see what's going on on the server
2021-06-12 18:09:18 +01:00
3485f8e1f0
Actually version the ingress haproxy config
2021-06-12 17:32:47 +01:00
33fcf1a9e5
Fix matrix federation
...
Apparently this has been broken since like March...
It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00