f90ae0b1b4
Use port 53053 for coredns docker proxy
...
Otherwise it causes annoying issues with systemd-resolved and mdns
2024-05-04 12:19:00 +01:00
c93c7b5c16
Use external DNS for uptime-kuma
...
Keep the AGH logs cleaner
2024-04-29 18:42:17 +01:00
2a799d6b03
Scrape Uptime Kuma with prometheus
2024-04-29 14:28:58 +01:00
afa926c767
Remove blackbox monitoring
...
Uptime-Kuma is great
2024-04-29 14:12:21 +01:00
5481554e15
Only install compose on debian
...
The rest will get it through the system package manager
2024-04-27 17:42:24 +01:00
6c8cab3ce7
Update louislam/uptime-kuma Docker tag to v1.23.13
2024-04-25 10:00:20 +01:00
b0d950584d
Update lscr.io/linuxserver/nextcloud Docker tag to v29
2024-04-24 16:00:25 +01:00
670ad78d44
Add wireguard config for glinet router
2024-04-23 22:19:57 +01:00
8929a22ce5
Use LSIO docker socket proxy
2024-04-23 19:52:48 +01:00
ee96e6ab08
Rename forrest role to prometheus
...
Makes organising much simpler
2024-04-21 19:47:02 +01:00
ffbba254fb
Remove redundant quotes
2024-04-21 18:11:57 +01:00
c472411801
Deploy uptime-kuma
2024-04-21 18:11:39 +01:00
7564911da3
Add IPv6 to blackbox
...
This is needed to monitor private services
2024-04-20 18:12:38 +01:00
7ff44ee238
Add IPv6 to proxmox internal network
2024-04-20 18:00:08 +01:00
7c8d224c4a
Add headscale ACLs
...
Tags are managed entirely server side, so there's no priv esc issues.
This lets my devices do what they want, and server style devices can't do anything.
2024-04-20 15:46:21 +01:00
7bc0ebeb26
Update traefik Docker tag to v2.11
2024-04-15 17:43:05 +01:00
33f9c544fd
Remove /tt-rss/ path from URL
2024-04-15 17:33:36 +01:00
b6583cc823
Update Nextcloud version in config
2024-04-15 15:28:16 +01:00
9c02017fed
Unpin tandoor
2024-04-15 15:28:16 +01:00
91ec56717f
Update dependency artis3n.tailscale to v4.4.4
2024-04-15 15:07:14 +01:00
3318656730
Update dependency geerlingguy.ntp to v2.4.0
2024-04-15 15:06:23 +01:00
9d98d88089
Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.4
2024-04-15 15:02:53 +01:00
67af033fcd
Update dependency dokku_bot.ansible_dokku to v2024
2024-04-15 14:36:50 +01:00
5330fdc56f
Update ghcr.io/goauthentik/server Docker tag to v2024
2024-04-15 14:11:11 +01:00
2e0b562f5d
Update matrixdotorg/synapse Docker tag to v1.104.0
2024-04-15 13:58:20 +01:00
989a804bad
Update wallabag/wallabag Docker tag to v2.6.9
2024-04-03 12:00:18 +01:00
8424b3211b
Allow ingress
to serve as tailscale exit node
2024-03-28 23:30:24 +00:00
5157940f20
Stop exposing homeassistant
2024-03-23 11:54:26 +00:00
eb6fe3a23b
Allow forrest to access internal services
...
This is mostly for monitoring
2024-03-22 18:13:25 +00:00
b2656bdf43
Make vaultwarden VPN only
...
The first service to go dark...
2024-03-21 23:20:27 +00:00
0295507d0b
Increase frequency of snapshots
2024-03-19 21:31:27 +00:00
f88d224168
Allow only exposing services over Tailscale
...
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
451a114262
Add IPv6 support for internal DNS overrides
...
CoreDNS 1.11.2 finally shipped!
2024-03-07 20:02:39 +00:00
119b3212a9
Remove robots.txt for gitea
2024-03-04 08:38:16 +00:00
5aae711cb8
Update vaultwarden/server Docker tag to v1.30.5
2024-03-04 08:33:59 +00:00
f552332598
Update lscr.io/linuxserver/mastodon Docker tag to v4.2.8
2024-03-04 08:33:51 +00:00
82451784a8
Deploy slides hosting
2024-03-03 21:39:22 +00:00
000f3d3348
Add HSTS to all nginx requests
2024-03-03 21:37:07 +00:00
0dcc3f7c30
Use regular version of nginx on Arch
...
`nginx-mainline` requires modules be recompiled each time, and isn't handled automatically. It's still a very new and maintained release.
2024-02-29 19:46:32 +00:00
8a1e21c79d
Ensure headscale sees the correct IP
2024-02-29 17:41:29 +00:00
998d798797
Set maintenance window for nextcloud
2024-02-21 21:57:03 +00:00
11a93dac55
Update nextcloud version in config
2024-02-21 21:52:58 +00:00
97da6edc13
Update dependency ansible-lint to v24
2024-02-21 21:47:29 +00:00
d66708b10b
Update dependency artis3n.tailscale to v4.4.2
2024-02-21 21:43:33 +00:00
7d64518840
Update matrixdotorg/synapse Docker tag to v1.101.0
2024-02-21 21:43:15 +00:00
26bcf09fea
Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.2
2024-02-21 21:42:50 +00:00
808e72553b
Add the basics of some edge caching
2024-02-21 21:42:16 +00:00
b513c88774
Update vaultwarden/server Docker tag to v1.30.3
2024-02-19 14:13:02 +00:00
7741fbc163
Update vabene1111/recipes Docker tag to v1.5.13
2024-02-19 14:07:32 +00:00
45cf930d14
Update lscr.io/linuxserver/mastodon Docker tag to v4.2.7
2024-02-17 08:00:21 +00:00
58c48261e7
Consolidate vikunja container
2024-02-12 14:12:17 +00:00
91a247868b
Add routes from forrest to tailscale network
2024-02-07 22:12:08 +00:00
df43be6f9b
Set private_ip
for some other machines
2024-02-07 19:27:48 +00:00
b6eca40ae0
Allow tailscale IP in more places
2024-02-07 18:21:16 +00:00
6c1c245c23
Update matrixdotorg/synapse Docker tag to v1.100.0
2024-02-02 13:38:12 +00:00
379d4a26fa
Update vabene1111/recipes Docker tag to v1.5.12
2024-02-02 13:38:00 +00:00
f1a2694f1a
Update lscr.io/linuxserver/mastodon Docker tag to v4.2.5
2024-02-02 13:37:05 +00:00
02847355a7
Install tailscale
...
Install, not configure
2024-02-01 19:41:47 +00:00
29cac09b48
Remove explicit port for headscale
2024-02-01 18:32:53 +00:00
dba0262801
Remove website tmpfs
...
The server's disk is probably fast enough, and container restarts will nuke that storage anyway
2024-02-01 18:15:51 +00:00
0c6528f9ca
Restrict access to headscale OIDC and API
2024-01-31 21:40:43 +00:00
dfa8328e7b
Move gateway logs to separate file
2024-01-31 21:06:19 +00:00
53c758a781
Monitor headscale with prometheus
2024-01-27 17:40:02 +00:00
b51677b795
Back up headscale config
2024-01-27 15:04:53 +00:00
2ceeaf091d
Deploy headscale
2024-01-27 14:18:37 +00:00
06784563a7
Don't resolve ipv6
...
Something about this setup doesn't like it, so I'll disable v6 for now
2024-01-26 21:43:04 +00:00
4f6f4143ce
Update matrixdotorg/synapse Docker tag to v1.99.0
2024-01-22 09:15:38 +00:00
5292785cd9
Update wallabag/wallabag Docker tag to v2.6.8
2024-01-22 09:11:27 +00:00
d297674fb5
Update vabene1111/recipes Docker tag to v1.5.11
2024-01-22 08:42:36 +00:00
88f0828153
Use primary Quad9 servers
...
DNSSEC and malware blocking is probably useful, just in case
2024-01-21 23:19:49 +00:00
cfc3de61b4
Add fallback quad9 address
...
This aids availability, along with a healthcheck
2024-01-21 23:05:25 +00:00
c6bae0f797
Do simple endsWith
matching for docker view
...
This saves the need for a regex
2024-01-14 22:27:02 +00:00
4c5936b2aa
Disable Grafana analytics
2024-01-14 15:30:12 +00:00
9d685d85aa
Update website deployment to unify containers
2024-01-14 14:22:19 +00:00
ac166c3874
Start resolved to support mDNS
2024-01-10 13:28:45 +00:00
06b9197c5b
Sync terraform state to restic
...
This allows it to be backed up easily
2024-01-09 19:56:06 +00:00
4a69df1d6c
Ignore ansible-lint for nebula install block
...
I'm smarter than it is
2024-01-08 21:49:38 +00:00
f33d19e156
Move AdGuardHome configuration to Terraform
...
https://git.theorangeone.net/systems/adguardhome
2024-01-08 21:45:28 +00:00
ed59458f39
Add backups to tang
2024-01-08 19:20:55 +00:00
616d20e23b
Tweak some AGH settings
2024-01-08 19:01:46 +00:00
383a57d1f2
Use DoH endpoint fot quad9
...
Seems latency is much lower
2024-01-08 18:21:03 +00:00
c8211d4756
Use Debian repo version of nginx
...
It's older, and doesn't have `stream` compiled in, but the repo one can't link to any of the installed modules, which is a non-starter.
2024-01-04 14:17:36 +00:00
57ad143268
Set password for homeassistant SMB mount
...
It had an IP restriction, but still
2024-01-03 21:23:49 +00:00
16e9952b2f
Replace custom restic logs with runitor
2024-01-03 21:09:07 +00:00
f5154d1683
Use CoreDNS to do recursive CNAME aliasing for AGH
2024-01-02 17:48:47 +00:00
3ed7074af6
Rename coredns role
2024-01-02 17:02:34 +00:00
5581bbc01a
Replace pihole with adguardhome
...
AGH is much simpler to install and manage, and does DoH natively.
2024-01-01 15:48:14 +00:00
56bfe544e4
nginx HTTPS redirect on ipv6
2023-12-31 22:49:11 +00:00
83543fe081
Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.1
2023-12-28 21:39:28 +00:00
0e0d0c9b82
walker
doesn't have a traefik
anymore
2023-12-26 22:31:12 +00:00
026d8db13e
Be root when generating dhparams
...
This is needed to write to the destination
2023-12-24 19:44:30 +00:00
593a945c5c
Install nginx from package manager if available
2023-12-24 19:44:30 +00:00
bd15946f3b
Update Nebula
2023-12-24 19:44:30 +00:00
f4b96afcfa
Deploy ntfy
2023-12-23 16:40:53 +00:00
c0c7f393e3
Only pin to minor versions of gitea
2023-12-21 16:43:18 +00:00
5fd952be4c
Only pin to minor version of Authentik
2023-12-21 16:42:02 +00:00
1e798ac5ce
Don't require role variables to be prefixed
2023-12-21 16:38:24 +00:00
39899cd1e0
Use certbot to issue certificates
2023-12-21 16:38:07 +00:00
8e1a203df2
Add helper map for better websocket support
2023-12-21 16:38:07 +00:00
a3baf8be1e
Use nginx as reverse proxy on walker, removing traefik
...
SSL coming soon
2023-12-21 16:38:07 +00:00