Commit graph

1312 commits

Author SHA1 Message Date
8696f6d93f
Capture stderr in logs, too 2021-06-27 10:53:13 +01:00
40e785de38
Add yet more metric sources 2021-06-26 12:52:55 +01:00
32f17908ad
Collect metrics on disk usage 2021-06-26 12:36:00 +01:00
b82e87c04b
Remove unnecessary which
`cron` doesn't need a full path
2021-06-25 20:57:19 +01:00
9296c88ae4
Remove date from DB backups 2021-06-20 15:23:15 +01:00
e3502ae1e0
Provision dokku server 2021-06-20 12:12:34 +01:00
b20ffb27c4
Remove gotify
Never used it
2021-06-12 19:00:39 +01:00
4e5fa59c58
Add redis
This isn't really used as a cache, but it is for a couple bits, so nice to enable it anyway, and it might become so in future
2021-06-12 18:53:50 +01:00
290b147821
Thin out synapse config
Previously it was the vast majority of code in the whole repo. Now we only define the necessary keys, and rely much more on defaults, which is nice!
2021-06-12 18:49:29 +01:00
47e546d51a
Add synapse-admin
Useful to see what's going on on the server
2021-06-12 18:09:18 +01:00
3485f8e1f0
Actually version the ingress haproxy config 2021-06-12 17:32:47 +01:00
33fcf1a9e5
Fix matrix federation
Apparently this has been broken since like March...

It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
94e4592db6
Update synapse to 1.35.1 2021-06-12 16:46:16 +01:00
5d4817e840
Move some larger gitlab storage off tank
Means they'll be backed up less, but they're less important anyway
2021-06-07 20:24:59 +01:00
3c3f69a776
Remove unnecessary influxdb instance
Never used it anyway
2021-06-03 20:50:54 +01:00
d59e86a8e8
Remove unnecessary private_ip var from forrest
It was redundant
2021-06-03 20:47:33 +01:00
f1f2c620b0
Replace DHCP on PVE for static IPs
So much easier to deal with!
2021-06-03 20:47:08 +01:00
d751a023da
Promote GitLab to main git. domain 2021-06-02 19:49:28 +01:00
6c23180591
Remove gitea
I use GitLab now
2021-06-02 19:27:09 +01:00
9c2ebd60e8
Remove duplicati
We're a restic shop now!
2021-06-02 19:18:21 +01:00
51b3ffd33a
Allow containers to be cached on CI
There's an existing task to clean them up, and being out of date by a week isn't the end of the world
2021-06-01 21:51:18 +01:00
a867df04a5
Add a GitLab runner
Woo CI!
2021-06-01 19:29:21 +01:00
64ebaa67d0
Setup email for gitlab
Not super useful, but nice to enable it
2021-05-30 21:30:03 +01:00
e6d029e22e
Fix typo
D'oh!
2021-05-30 13:56:06 +01:00
bf5c95fbe2
Stop running everything at midnight 2021-05-30 13:55:44 +01:00
69abafd8c8
Put GitLab on a real domain 2021-05-29 16:21:47 +01:00
9118938fea
Remove some GitLab constraints
I don't need things that constrained. The defaults are probably fine, and better tested.
2021-05-29 15:44:01 +01:00
f063af2478
Reconfigure gitlab on machine start 2021-05-29 11:21:20 +01:00
c7bde8b3dd
Init a GitLab server
Some day i'll make up my mind on which server to use, honest!
2021-05-28 22:49:48 +01:00
5ac5e2f8ab
Stagger backup times 2021-05-23 20:37:41 +01:00
ee55100016
Update gitea 2021-05-21 21:57:16 +01:00
e6dbe08ce0
Update nextcloud 2021-05-21 21:48:15 +01:00
420ef3b95c
Update synapse 2021-05-21 21:47:32 +01:00
830bd862d9
Update nebula 2021-05-21 21:34:13 +01:00
48e07d2a7e
Rename more bitwarden things
Serving on both domains currently, i'll migrate clients and fix that
2021-05-18 22:18:05 +01:00
a124bff473
Add scheduling for backup and forgetting
Only forget on 1 machine
2021-05-16 15:34:37 +01:00
91725d5876
Add forget and prune commands 2021-05-16 14:39:44 +01:00
5f6dc6e177
Support backing up clickhouse to file
It's janky, but it works
2021-05-16 12:25:32 +01:00
b4936f5780
Revert "Store DB files compressed"
This reverts commit f4a289ae98.

Incremental backups work much better with plaintext
2021-05-16 11:16:25 +01:00
7fc67ca8d4
Put files in the root of the role 2021-05-08 16:47:25 +01:00
f4a289ae98
Store DB files compressed
Means external backups can still be compressed a bit
2021-05-08 16:45:08 +01:00
26cd35785c
Fix DB backup location 2021-05-08 16:45:08 +01:00
48c88347a9
Add some healthchecks integration to backup 2021-05-08 16:45:08 +01:00
781aa93892
Add some restic wrapper things 2021-05-08 16:45:08 +01:00
407e59ec5a
Use variables in prometheus config
Also replace grimes with walker
2021-05-05 18:12:42 +01:00
9b31efbf43
Destroy grimes
And the entire Linode integration
2021-05-05 18:11:14 +01:00
3da14e67dd
Replace minio with webdav for upload
Also made sure it all ran as the correct user
2021-05-04 14:08:08 +01:00
f62a1e8374
Replace minio with webdav
Much simpler and easier, and lower resources
2021-05-04 11:25:52 +01:00
fe748bfda7
Set permissions on media dir 2021-05-02 12:04:58 +01:00
4a0f7b701b
Install jellyfin through Ansible 2021-05-02 12:04:48 +01:00
a669e34f57
Update bitwarden_rs to vaultwarden
I'll do the full rename of everything another time
2021-05-01 23:00:37 +01:00
f2d3cb0835
Add a bash script to backup all database containers as text 2021-04-25 21:39:21 +01:00
c048e6d20e
Provision walker 2021-04-24 21:59:53 +01:00
03affd269f
FLoC Block
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
2021-04-18 22:30:26 +01:00
9ad64b444a
Update gotify 2021-04-16 22:19:27 +01:00
cd31c5f8a5
Update gitea 2021-04-16 22:12:08 +01:00
5d9ee7190d
Swap out deluge for qbittorrent
Just run on arch instead of docker, too. Much simpler.
2021-04-16 21:49:00 +01:00
943087b6ad
Fix the stupid postgres path for plausible
A lay over from when it was at home
2021-04-15 18:28:24 +01:00
5dc3db5dce
Remove need for geoip database
Apparently partial functionality is built-in to the container now
2021-04-15 18:21:18 +01:00
a25c0751fb
Update Plausible
Also required updating Clickhouse, due to syntax errors in migrations. It's also nice it's alpine now, and newer
2021-04-15 18:11:44 +01:00
4eec3292a6
Update wallabag 2021-04-11 12:54:59 +01:00
b6f23b31a9
Stop unnecessarily restarting tt-rss 2021-04-11 12:52:48 +01:00
3ce4626e29
Update synapse 2021-04-11 12:52:10 +01:00
62373bf352
Update nextcloud to 21.0.1 2021-04-11 12:48:02 +01:00
796375446e
Update gitea to 1.13.7 2021-04-11 12:42:15 +01:00
1c424cb2ef
Update some IP addresses
I really need to stop using these external addresses somewhen...
2021-04-07 22:11:24 +01:00
22d43c16a7
Correctly redirect http traffic to https
Bug caused by https://github.com/traefik/traefik/issues/8035
2021-04-06 11:56:05 +01:00
f0193b5807
Scale up bitwarden slightly
Should be able to handle a bit more, faster
2021-04-02 12:32:33 +01:00
e0311111af
Update bitwarden
Send functionality, woohoo!
2021-03-29 08:23:48 +01:00
ad6bab108a
Keep backups for slightly longer
This makes my occasional syncs less likely to do bad things
2021-03-28 19:47:34 +01:00
3c8d9fe940
Block all ports 2021-03-28 16:28:07 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
ac186f42e0
Keep fewer fail2ban logs 2021-03-28 13:06:01 +01:00
6973fb536f
Add fail2ban for traefik
Remote action coming soon
2021-03-28 13:05:38 +01:00
8398a2df21
Use endpoint middleware rather than hacky router 2021-03-27 23:34:34 +00:00
a5af5bea6c
Force bitwarden to use public DNS
It doesn't like creating icons for local IP spaces, so my overriden DNS doesn't play well
2021-03-27 18:45:06 +00:00
1d997d3c33
Remove separate private and protected IP 2021-03-27 18:42:06 +00:00
116e1adb50
Disable Traefik pilot on dashboard 2021-03-24 23:14:01 +00:00
36f6bd62bb
Update gitea to 1.13.6 2021-03-24 22:57:45 +00:00
5084bfecdf
Ignore PVE interface from f2b jails 2021-03-24 22:35:28 +00:00
e67e4565d3
Remove expose_ssh and support SSH listening on nebula and PVE
No more wireguard SSH for me
2021-03-24 22:19:29 +00:00
3c06eb748d
Update gitea to 1.13.5 2021-03-23 17:22:13 +00:00
ece0c841b2
Fix compose version
Mostly fix quotes, but also standardize
2021-03-21 18:51:38 +00:00
d4477c4bea
Add bitwarden_rs 2021-03-21 18:47:20 +00:00
f6559ff1bd
Remove collabora
It doesn't seem to like being run inside LXC. I barely used it, anyway.
2021-03-12 23:35:39 +00:00
3eb286c9bd
Move envrironment variables to docker
Using the `TTRSS_` prefix to follow upstream standard rather than container's

https://github.com/lunik1/docker-tt-rss/issues/3
2021-03-06 12:11:08 +00:00
8d136f0b55
Set default phone region for Nextcloud 2021-03-06 11:19:11 +00:00
9d6ed88e13
Monitor proxmox stats 2021-03-05 22:14:21 +00:00
d43d3433fa
Collect SMART metrics for disks 2021-03-05 20:50:08 +00:00
6b95b75fc2
Move telegraf to host
This makes metric collection for SMART much simpler. I'll still be using the prometheus node exporter for actual system metrics, though.
2021-03-05 20:39:11 +00:00
aa3da3cf10
Upgrade gitea to 1.13.3 2021-03-05 20:05:51 +00:00
89dbbc71e5
Move files into application directories 2021-03-05 14:40:17 +00:00
8e977edba1
Ignore go metrics 2021-03-05 14:27:33 +00:00
b264e5cbcc
Monitor traefik with prometheus rather than influxdb 2021-03-04 16:37:53 +00:00
2e05ed08fa
Use hostname rather than fqdn 2021-03-04 16:06:43 +00:00
aba81f79bc
Add telegraf
And input to ping and output via prometheus
2021-03-04 15:16:54 +00:00
914676d209
Add prometheus for metrics 2021-03-04 14:53:03 +00:00
fe2450d43b
Add grafana docker network and restrict port binds 2021-03-04 14:39:40 +00:00
155bc837a8
Update synapse to 1.28 2021-03-02 12:31:07 +00:00
9d5c7e56e8
Move nextcloud things back to tank 2021-03-02 12:26:23 +00:00
21a2532f8a
Update nextcloud to 21 2021-03-02 12:03:13 +00:00
63d156c0a0
Stop always restarting whoami
whoami never sets `config_file`, so it's shadowed by whatever set it before
2021-02-27 22:09:24 +00:00
1413efdd19
Copy feed icons and DB to tank 2021-02-27 22:08:01 +00:00
a2fe3ca37a
Fix TT-RSS config
It needs to be environment variables now, but there's a bug where it doesn't read docker ones for some reason
2021-02-27 21:29:24 +00:00
b3a72eb8f1
Add influxdb server for metrics 2021-02-14 16:24:45 +00:00
ec0c78e6d9
Read emails from secrets 2021-02-14 12:29:14 +00:00
872471ef52
Setup email for grafana 2021-02-14 12:19:51 +00:00
f7a0877e72
Exclude nebula from fail2ban 2021-02-14 11:39:01 +00:00
d8f2a83dfe
Move grafana data back to pool 2021-02-14 11:33:46 +00:00
385917ba4e
Decrease find time
Hopefully reduce false-positive catches
2021-02-14 11:22:32 +00:00
3014e5d052
Provision privatebin 2021-02-12 23:32:31 +00:00
47df8164fa
Define timezone as variable 2021-02-10 09:12:42 +00:00
635f55d7bf
Update gitea to 1.13.2 2021-02-09 17:36:06 +00:00
149d01165f
Restore dockerized grafana setup
It's stil on a separate machine, but in docker to allow more applications to be run easier and tied together.
2021-02-09 09:16:52 +00:00
44a3fd4bc5
Only chown when the repos change
This keeps claiming it's changing things, even when nothing should have changed
2021-02-07 16:14:56 +00:00
870ac50c58
Update compose path to not be absolute
This relies on `which` to find the correct binary instead
2021-02-07 15:59:18 +00:00
a95ceb348f
Install docker from binary on debian distros
This is because the repos are usually super out of date, or at least can stray quite a bit
2021-02-07 15:56:25 +00:00
c4999d7b25
Use ansible collections for things 2021-02-07 13:02:14 +00:00
e8496ddced
Deploy deluge in docker
Makes version managing so much easier!
2021-02-01 17:24:36 +00:00
54eee03524
Fix YAML linting and service name 2021-01-31 17:27:44 +00:00
c7fba8107a
Move grafana to forrest 2021-01-31 16:52:24 +00:00
058290b321
Keep track of IPs for PVE hosts
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
9023b269eb
Allow PVE VMs to access nebula hosts via ingress 2021-01-31 12:19:33 +00:00
643d843bfb
Enable unsafe routing to PVE network over nebula 2021-01-30 22:59:56 +00:00
da301eb7dd
Provision remaining nebula instances 2021-01-30 20:47:11 +00:00
08ff5dcf94
Provision nebula certs using Ansible 2021-01-30 20:06:31 +00:00
92815a6f76
Add platform-agnostic installation of nebula 2021-01-30 19:10:52 +00:00
723372dd09
Name keys after hostname 2021-01-30 18:16:28 +00:00
703b3b194f
Make index read-only so it's not always reowned 2021-01-29 21:52:22 +00:00
062742bc5e
Update synapse 2021-01-29 21:44:34 +00:00
e1f3572a7c
Set pages install directory correctly 2021-01-29 21:35:01 +00:00
c5050381fc
Update plausible to v1.2 2021-01-29 21:34:44 +00:00
698804ff38
Remove gitlab 2021-01-28 19:54:03 +00:00
89a6c7680c
Decommission walker
Kimsufi is just too annoying of a host. Everything has either been moved off, killed, or has further plans.
2021-01-28 18:56:39 +00:00
b339cb0e2d
Move upload to grimes 2021-01-28 14:04:55 +00:00
909f693cba
Fix location of zpool command
TIL lookups are executed on the host
2021-01-26 22:02:58 +00:00
3de14efd9e
Remove heimdall
I've literally not used it since setting it up
2021-01-26 21:53:52 +00:00
a44a79031a
Init some skeleton nebula stuff 2021-01-25 21:53:04 +00:00
0ecd884a9a
Deploy yourls 2021-01-22 21:29:27 +00:00
2a8f715eca
Add redis cache for gitea 2021-01-22 18:59:52 +00:00
cc847a069c
Resolve zpool location
Hopefully this means they actually run
2021-01-22 15:29:41 +00:00
a2c6d7c276
Swap out alpine for debian on ingress
Mostly for future nebula deployment
2021-01-22 14:53:02 +00:00
0f9802a46c
Install duplicati on PVE docker machine
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
f6c176d2f0
Ensure duplicati base is always updated 2021-01-20 21:30:25 +00:00
fce8cf3768
Update nextcloud 2021-01-20 20:58:28 +00:00
76eeeec260
Update wallabag 2021-01-20 20:39:27 +00:00
3321b852a5
Update traefik to v2.4 2021-01-20 20:33:57 +00:00
700360eb96
Update synapse 2021-01-20 20:20:09 +00:00
3e8a3b2c6b
Update gotify 2021-01-20 20:02:01 +00:00
48c507e0c3
Up page sizes for gitea stuff
Screw paginating!
2021-01-19 21:20:00 +00:00
26905e245b
Hide heatmap on gitea
It's kinda useless at this scale
2021-01-19 17:42:10 +00:00
41915ec69c
Replace gitlab with gitea
Leave gitlab in place for a bit in case I need to get at data
2021-01-18 20:14:38 +00:00
f9187109c7
Correct router name for pages 2021-01-17 20:03:02 +00:00
ac4a93e0ed
Setup DNS for pages 2021-01-17 12:49:23 +00:00
b992df0313
Fix variable name for traefik conditional provider 2021-01-16 23:30:09 +00:00
604202fdce
Add traefik pages
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA 2021-01-13 22:12:58 +00:00
969674772c
Snapshot PVE root pool too 2021-01-10 13:23:36 +00:00
7672d99aa8
Remove homeassistant configuration
It's now in its own VM, and i'll deal with version control using the git integration there directly I suspect.
2021-01-10 13:12:19 +00:00
b40266b276
Add roles to handle PVE nag and repos 2021-01-09 23:21:35 +00:00
d87ec89887
Persist arc size
Modprobe only loads the module, it doesn't ensure the ARC value persists correctly.
2021-01-09 22:25:29 +00:00
0c6e9969bc
Give myself passwordless sudo access to zfs stuff
This is needed for syncoid pulls
2021-01-09 21:36:09 +00:00
c3053e9378
Fix location for sanoid install
This makes it sync up with where the systemd services expect them to be
2021-01-09 21:28:16 +00:00
decf5176f7
Use systemd rather than cron for sanoid
It's more reliable and easier to get logs
2021-01-09 20:57:47 +00:00
57d9c9d288
Allow configuring of pools to scrub 2021-01-09 20:52:51 +00:00
721bdf60b3
Fix quotes 2021-01-09 18:32:16 +00:00
1b72afdd29
Remove scrutiny role
SMART checks are handeld by PVE / something else in future
2021-01-09 18:30:28 +00:00
0506a78d02
Listen on public port
Makes connection so much easier
2021-01-09 18:25:08 +00:00
8fe8788458
Move ARC size to defaults so it can be easily changed 2021-01-09 18:24:52 +00:00
c38ecfebd7
Update gateway to point to ingress instance 2021-01-09 18:17:54 +00:00
fef7f2c2b4
Move docker containers to new PVE container 2021-01-09 18:02:17 +00:00
0355b6b214
Remove jellyfin docker config
It'll be replaced by something else later, don't worry.
2021-01-09 17:17:12 +00:00
2300426f0f
Move default variables into role defaults rather than group vars 2020-12-28 16:23:12 +00:00
422062ae63
Fix lint warning around missing mode
This only applies to directories https://stackoverflow.com/a/29793833
2020-12-28 16:16:35 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host 2020-12-28 15:55:45 +00:00
4f1e54baab
Actually enable timer 2020-12-28 15:14:50 +00:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines 2020-12-27 22:39:33 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
This makes future composition possible
2020-12-22 15:53:03 +00:00
0353887590
Add override to ensure ZFS starts before docker
Stolen with love from 7dda0bc7cb
2020-12-21 21:37:46 +00:00
30cb9e52e7
Install and provision wireguard client on ingress server 2020-12-21 18:24:35 +00:00
44fb8f5380
Set some image resizing preferences
This stops the thumbnailing being quite as intensive
2020-12-11 17:39:58 +00:00
2bfad84071
Pin wallabag to newer version
2.4.0 came out *finally*
2020-12-11 17:39:35 +00:00
5a808e90e0
Update synapse 2020-12-11 17:36:06 +00:00
af1b7f754c
Update nextcloud to 20.0.3 2020-12-11 17:35:50 +00:00
08bb8f22ca
Add feediron plugin for tt-rss 2020-11-25 13:16:13 +00:00
b5d676b6fe
Install fever plugin for tt-rss
Had to chown the directory afterwards, as git wouldn't play nice with `become_user`
2020-11-25 13:00:06 +00:00
48762bcfcd
Remove redundant quoting 2020-11-25 11:41:26 +00:00
a35ee7c824
Change base URL to default so the tracker script still uses disguised domain 2020-11-25 11:40:54 +00:00
2b291548f9
Just do plain path replacement 2020-11-25 11:38:47 +00:00
a81e2793f8
Add a secondary domain for plausible less likely to match blockers
Might change things, might not. But it's a fun experiment to try anyway.

Using a custom middleware to override the path due to https://github.com/plausible/analytics/pull/340
2020-11-25 11:11:29 +00:00
e8d3a72ea8
Update nextcloud to 20.0.2 2020-11-22 15:40:23 +00:00
1d8f54c778
Update synapse 2020-11-22 15:32:17 +00:00
3ddfd77bdf
Stop running synapse as root 2020-11-22 15:08:08 +00:00
310feaf332
Use correct args to build synapse DB 2020-11-22 15:07:34 +00:00
367de37fab
Actually disable unnecessary logging rather than change level
Also disable even more of them
2020-11-12 23:01:32 +00:00
2a4b3ec3e6
Increase timeout for SSH sessions
Stll check relatively often the client is still there, but check many times so the connection stays open a decent amount of time. Especially useful for long-running commands.
2020-11-08 22:04:30 +00:00
f5c7c094d3
Fix gotify container name
Gotify != duplicati
2020-11-08 11:07:57 +00:00
5c1f17e2aa
Update synapse 2020-10-28 18:22:30 +00:00
0fc57049e4
Update nextcloud to 20.0.1 2020-10-28 15:22:49 +00:00
f450d4a8f2
Pin jellyfin version 2020-10-27 17:38:10 +00:00
f414781182
Use new whoami container 2020-10-27 16:13:14 +00:00
c63506d2bc
Pin traefik to patch version 2020-10-27 16:13:14 +00:00
6ae8d0febe
Pin plausible versions 2020-10-27 16:13:14 +00:00
ff72f5a25e
Move nextcloud data dir to ZFS 2020-10-24 14:26:30 +01:00
5eb3870fbe
Set mode on fail2ban filter and jail 2020-10-24 12:10:54 +01:00
8932ac828f
Add geoip database for plausible 2020-10-24 12:10:37 +01:00
47ad40bb52
Remove watchtower, and do updates manually from now on
Keeps @IronicBadger happy!
2020-10-22 18:07:48 +01:00
efd22010b7
Use new LSIO mod which does more 2020-10-19 17:29:28 +01:00
a46525aa80
Move configuration for custom port to Traefik config rather than custom container expose
Still a work-around for https://github.com/plausible/analytics/pull/237
2020-10-18 22:31:23 +01:00
0ca3f36f7a
Move some more nextcloud components to ZFS 2020-10-18 18:02:48 +01:00
bedbb0f5f4
Fix service to restart 2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module 2020-10-16 19:16:42 +01:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs 2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8.
2020-10-16 19:16:42 +01:00
30baed441e
Mount external files into nextcloud
Means some bits can live outside the nextcloud dir
2020-10-10 18:01:27 +01:00
b8ea056455
Remove netdata
Don't use it anyway
2020-10-09 23:39:55 +01:00
6852b84406
Change watchtower to run daily
A holdover until less of the containers are using `:latest`
2020-10-09 23:20:07 +01:00
5496744428
Remove web-rng 2020-10-09 23:11:53 +01:00
f7afaacbdc
Move website to be hosted on GitLab pages 2020-10-09 21:35:57 +01:00
7f09db5d20
Add heimdall 2020-10-07 14:09:23 +01:00
e9f61070f8
Update nextcloud to version 20
Using the new LSIO tags for version specific pins! 🎉
2020-10-07 09:18:32 +01:00
0a9deb3d9e
Update plausible environment so it's compatible with v1
Read the changelog, folks!
2020-10-06 21:48:34 +01:00
93ccb686e7
Drive watchtower config from environment 2020-10-06 09:10:26 +01:00
413ff4dad9
Add script to update containers
This is an attended update, which is better. Eventually replace watchtower
2020-10-06 08:44:01 +01:00
2c4e1e0414
Pin Plausible to major version 2020-10-05 18:43:12 +01:00
29c9e14f62
Remove haproxy chroot
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
4c40faf21d
Move clickhouse off ZFS
For some reason, they really don't play well together!
2020-10-03 17:18:11 +01:00
68bda30cb2
Add nginx container for getting access to files via rclone 2020-10-03 11:41:38 +01:00
64788eb602
Move transcodes to tempfs
Means I can remove the scratch disk
2020-10-02 18:12:15 +01:00
191374b812
Move deluge onto walker
Stop torrent traffic being limitted by home broadband
2020-10-02 18:11:34 +01:00
6cfaa3a03a
Update traefik 2020-10-02 09:20:33 +01:00
aee9507ec0
Update synapse 2020-10-02 09:13:41 +01:00
addd4f351c
Update nextcloud base 2020-10-02 09:13:34 +01:00
285f7b8a31
Update Gotify 2020-10-02 09:13:13 +01:00
a799ad9657
Scale gitlab up a tiny bit 2020-10-01 19:46:04 +01:00
4742552839
Add notes site 2020-09-30 18:49:36 +01:00
4e7c5ffd67
Add docker mod to scale worker processes to a sane value 2020-09-28 20:14:41 +01:00
07b0650618
Remove statping
It's buggy as all hell, super slow, and doesn't really get used for monitoring
2020-09-27 14:17:46 +01:00
5079599b9d
Require TLS 1.2 2020-09-27 12:36:49 +01:00
d93920c2b6
Move home-assistant stuff to ZFS 2020-09-27 11:31:05 +01:00
a303bed27f
Define app data dir in variable 2020-09-26 21:15:44 +01:00
24d11deeae
Update ansible-lint
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
cc43910be6
Fix scrutiny so it picks up which task to run correctly 2020-09-26 17:10:07 +01:00
3c21c5670c
Replace postgres with mariadb
Its' recommended, and might hopefully fix my annoying auth issues!
2020-09-26 14:49:38 +01:00
40488f62b7
Also set user id for collector container
Else it chowns the DB, and doesn't run correctly
2020-09-24 22:18:34 +01:00
fd83820faa
Install scrutiny 2020-09-21 21:16:00 +01:00
a67361b9b5
Explicitly define bed lights 2020-09-19 16:16:24 +01:00
2bbc7c715f
Add GZIP compression to projects which don't natively support it 2020-09-18 12:42:36 +01:00
092f12459e
Fix XML formatting
This caused clickhouse to crash hard!
2020-09-18 12:21:15 +01:00
782b008cd3
Fix name of config so they're not constantly changed with each run of ansible
derp!
2020-09-18 12:11:44 +01:00
62e629187b
Clean up indent 2020-09-18 12:10:53 +01:00
4ad2bdc77a
Change clickhouse connection to unified variable 2020-09-17 15:18:01 +01:00
a8438c4c2a
Add grafana image renderer 2020-09-13 10:47:59 +01:00
809a977c63
Also update nextcloud config file 2020-09-12 23:15:08 +01:00
9cea8743e9
Update gotify 2020-09-12 22:54:49 +01:00
4c92fba2b9
Change gitlab trusted proxies to be docker IP space
Else it becomes `127.0.0.1`, which is obviously not right
2020-09-12 20:03:22 +01:00
6ad9fa070f
Update nextcloud 2020-09-11 21:30:20 +01:00
1ecfc5b7fa
Update traefik 2020-09-10 20:16:23 +01:00
59a447023b
Update nextcloud base 2020-09-09 20:43:52 +01:00
c220f19545
Move scratch disk under /mnt
Mounting disks is hard!
2020-09-08 21:17:51 +01:00
2db72623ad
Remove DB backups for containers on ZFS
Snapshots are a better backup
2020-09-08 20:41:47 +01:00
b47de7e70b
Disable healthchecks for GitLab pages
Because of everything we have disabled, Docker considers the container unhealthy
2020-09-05 23:08:58 +01:00
8c4397d39a
Set rails trusted proxies 2020-09-05 22:29:16 +01:00
2af3241bd2
GZIP compress gitlab pages 2020-09-05 20:52:18 +01:00
19b2330832
Disable logrotate for pages
Logs are in a tempfs anyway, and it's just another process to be running
2020-09-05 20:36:45 +01:00
ea54d1be69
Expose pages sites 2020-09-05 20:33:57 +01:00
0a1b541974
Remove compression middleware for gitlab
This is already handled by the application
2020-09-05 18:27:56 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik 2020-09-05 18:27:04 +01:00
0289342e2c
Remove goaccess container 2020-09-05 17:29:40 +01:00
4c1ccfc4e4
Only clear containers weekly
This will be more helpful now, as repeat CI jobs won't need to re-download containers as often
2020-09-05 17:01:54 +01:00
af9c66785e
Decrease watchtower polling rate to 10 minutes
Doesn't need to be that intensive
2020-09-05 17:01:30 +01:00
77113246b0
Remove remaining gitea configuration
Goodbye old friend
2020-09-05 16:56:27 +01:00
c1dc26ce35
Install gitlab pages daemon
I'll deal with traefik domains later
2020-09-05 16:50:56 +01:00
e579edc758
Use lsyncd to push files to gitlab pages server
Server itself in future commit
2020-09-05 16:24:47 +01:00
1487915bbc
Also disable thread log 2020-09-02 20:12:31 +01:00
c47ff494e0
Revert "Disable docker healthchecks"
Turns out it really just takes that long to start up!

This reverts commit 61ed3db887.
2020-09-01 21:50:03 +01:00
61ed3db887
Disable docker healthchecks
Makes traefik take *ages* to detect the container is actually running. Let it 502 if it has to
2020-09-01 20:12:52 +01:00
3bc1d75d9e
Ensure the correct IP is detected 2020-09-01 20:12:16 +01:00
acef6246d0
Replace gitea with gitlab
Leave gitea in place for a bit in case I need to change back suddenly
2020-09-01 19:47:39 +01:00
84d529be2f
Update synapse 2020-08-31 18:47:37 +01:00
3b7493ae8f
Set default theme to dark and assign default proxy 2020-08-30 21:11:29 +01:00
1ed078ef23
Fix SSH port for gitlab 2020-08-30 21:08:04 +01:00
4610d5ced2
Update nextcloud to 19.0.2 2020-08-30 20:28:49 +01:00
3d76c48bbf
Use postgres on homeassistant 2020-08-30 16:58:27 +01:00
ec751ffa1a
Add influxdb to monitor traefik 2020-08-30 15:58:03 +01:00
17f0e22962
Migrate grafana to postgres 2020-08-30 14:53:08 +01:00
8efb3e0d69
Expose gitlab SSH 2020-08-30 11:22:15 +01:00
796c694170
Run duplicati as root
This ensures it has all the right permissions to access all the right files. Host is mounted read-only, so there's no real security risk.
2020-08-30 11:15:08 +01:00
5940b6970a
Move gitlab to ZFS pool 2020-08-30 10:19:57 +01:00
0ce15cb4d8
Add gitlab 2020-08-29 23:56:14 +01:00
da90b12643
Modify clickhouse settings so it's not a resource whore
This means it can be moved back to ZFS!
2020-08-28 14:20:13 +01:00
c6791e4098
Remove stray vault file from removing todoist-github 2020-08-28 14:17:45 +01:00
8a7cc5e57e
Move clickhouse back to old disk
It does a stupid number of writes, and the snapshots are massive! Until i've worked out why it writes so much, move it to a less critical disk
2020-08-27 14:16:12 +01:00
9a8995f1f8
Use single cron job for pruning and taking snapshots
Less to manage, and less lock contention
2020-08-26 13:02:50 +01:00
1f70a46c35
Add custom clickhouse config
This changes the default log level to warning, to ensure the log file isn't being hammered
2020-08-26 08:54:37 +01:00
3edc34759d
Mount clickhouse logs on tmpfs
WHO LOGS TRACE BY DEFAULT?!
2020-08-25 22:05:10 +01:00
742412259c
Mount transcodes on scratch disk
Don't want them getting caught by sanoid!
2020-08-25 14:30:26 +01:00
4feff3d247
Move jellyfin to ZFS 2020-08-25 14:17:57 +01:00
6808e86a6d
Update nextcloud base 2020-08-24 14:30:11 +01:00
922b688615
Bump ZFS usage to 50% RAM
It's a lot, but should be dealable on most machines
2020-08-23 14:15:09 +01:00
f531d4f915
Move plausible onto ZFS 2020-08-22 12:19:47 +01:00
9ffdd4d711
Move grafana to ZFS
Don't need to create the directory anymore really
2020-08-22 12:07:44 +01:00
f517831435
Install synapse config to right place 2020-08-22 12:03:04 +01:00
67dfe6a8a0
Remove todoist-github
It's got some pretty big bugs, and isn't running anyway
2020-08-22 12:01:24 +01:00
07d5c4fa72
Move quassel to ZFS 2020-08-22 11:59:10 +01:00
3dc8ee16b5
Move wallabag to ZFS 2020-08-22 11:51:51 +01:00
ff7ec46e77
Move synapse to ZFS 2020-08-22 11:42:03 +01:00
037d719906
Migrate deluge data to ZFS pool 2020-08-22 11:20:38 +01:00
8d2c6dfb68
Move gitea to ZFS 2020-08-21 16:02:56 +01:00
bc5d6d512b
Move calibre to ZFS pool 2020-08-21 15:34:04 +01:00
2866cd0602
Move TT-RSS into ZFS pool 2020-08-21 15:33:46 +01:00
35266e975d
Drive sanoid changes from YAML 2020-08-20 21:47:12 +01:00
1bcb8f22b1
Fully resolve path to sanoid
Apparently cron didn't like just `sanoid`
2020-08-20 21:24:33 +01:00
a2e021ac43
Install ZFS on home server 🎉 2020-08-19 21:34:23 +01:00
63ec7c671a
Manually install sanoid
Makes the foundation for a future external role
2020-08-19 18:40:17 +01:00
fcd4dbf657
Fix casing
Turns out it's a lower case "l"
2020-08-19 17:59:56 +01:00
2ef836b2e9
Remove synapse helper scripts
They're not maintained, and actually highly advised against
2020-08-18 20:39:23 +01:00
efc7a5d7fb
Allow arc to be 20% RAM usage 2020-08-18 13:47:48 +01:00
cbbd7bf83d
Update synapse 2020-08-18 13:13:25 +01:00
6716b418d7
Ensure cron tasks are run as the right user
Looks like by default they're installed as the current user, not root. Bad ansible documentation!
2020-08-17 22:29:02 +01:00
af22e89a73
Update nextcloud base 2020-08-17 13:57:53 +01:00
bf4e90d053
Update synapse 2020-08-17 13:57:44 +01:00
150a34be2f
Provide cron flag to sanoid 2020-08-17 13:49:07 +01:00
0902dd001e
Expose grafana 2020-08-07 12:03:45 +01:00
9d014cfa1c
Install grafana and link it to HA 2020-08-07 11:52:15 +01:00
301ac37868
Remove legacy integrations 2020-08-06 17:05:19 +01:00
55f79b4a51
Remove socks proxy 2020-08-05 20:56:12 +01:00
384a07b513
Run plausible migrations on startup 2020-08-04 22:07:45 +01:00
6ceea80ee7
Fix website restart 2020-08-04 20:54:34 +01:00
4b7830567b
Add postgres backups for plausible 2020-08-04 19:49:21 +01:00
7c0d78ee9d
Remove folding-at-home
New server location isn't especially ventilated, so heat is an issue.

I'm sorry.
2020-08-04 19:41:01 +01:00
c435ad1ba8
Ensure plausible is restarted on error 2020-08-04 19:38:01 +01:00
969b0bd8d9
Update traefik
Fixes GHSA-6qq8-5wq3-86rp
2020-07-30 21:46:44 +01:00
ed00a0d40e
Update gitea 2020-07-29 18:26:13 +01:00
a6047da465
Use default port 2020-07-28 20:31:32 +01:00
91effbcac5
Add ZFS scrub cron job 2020-07-26 22:17:28 +01:00
6e58b07519
Remove unnecessary quotes 2020-07-26 18:22:43 +01:00
ebbd2a4015
Install zfs and sanoid 2020-07-26 18:03:09 +01:00
5cb1a470ab
Bump plausible pool size 2020-07-26 15:40:03 +01:00
f77cd1216f
Move upload server to walker 2020-07-24 17:14:39 +01:00
3c7c0ec3fa
GZIP plausible traffic
Plausible doesn't gzip for itself. Funnily enough the tracker is actually too small to be compressed by Traefik!
2020-07-22 12:18:49 +01:00
9ee4e1c14b
Add plausible analytics 2020-07-21 20:55:44 +01:00
74d40ac915
Update traefik 2020-07-18 13:29:20 +01:00
005cc528b6
Update nextcloud to 19.0.1 2020-07-17 14:48:50 +01:00
7a38207ef0
Update traefik 2020-07-15 14:53:36 +01:00
b7aebfaabd
Move statping to new machine
Also update it to the latest version. It's probably still buggy AF, but it'll do for what I need it to rigth now.
2020-07-14 19:35:55 +01:00
52e8f34198
Pin jellyfin to latest
It can update itself just fine
2020-07-13 18:09:33 +01:00
9d962c324b
Update synapse 2020-07-13 18:04:20 +01:00
bb5a5b61bd
Update traefik 2020-07-13 18:04:11 +01:00
dd8523ebdd
Update gitea 2020-07-13 18:02:51 +01:00
eed13e3727
Setup offsite storage service
My own lil' S3
2020-07-12 21:01:06 +01:00
3c49c80ff1
Ensure traefik only listens on wireguard network 2020-07-12 19:29:18 +01:00
9c0682ef9b
Restrict SSH connections to wireguard cidr
Except on home server, still handy to connect on same network.
2020-07-12 17:53:02 +01:00
e5e308fafa
Remove firewall role
firewalld does not play nice with docker!
2020-07-12 17:04:13 +01:00
f2d7d63e2d
Update nextcloud base 2020-07-10 16:15:13 +01:00
dc2b51db6b
Update synapse 2020-07-10 16:02:06 +01:00
ba486a26e4
Update duplicati 2020-07-09 19:27:53 +01:00
13a70b27a4
Add RGB LED controller 2020-07-06 20:48:57 +01:00
82bffc3538
Setup firewalld 2020-07-03 21:53:31 +01:00
fba284f9a9
Change primary gitea domain to the one I actually use 2020-07-02 19:42:51 +01:00
1c99477ce9
Move nextcloud config into root 2020-07-02 18:44:27 +01:00
c80d4b7e04
Move tt-rss config out of config directory 2020-07-02 18:24:26 +01:00
689c0cecd9
Set permissions on nextcloud data dir 2020-07-02 17:52:53 +01:00
452118e2a9
Update synapse 2020-07-02 17:41:22 +01:00
86a398d6b4
Replace docker-compose restart hack with shell handler hack
The docker-compose integration would start 2 of the same container, which does bad things to things like databases!
2020-06-28 20:13:12 +01:00
71086ca291
Do HA person management through web UI 2020-06-28 19:35:39 +01:00
e2ca9ad4a9
Don't use host hack to connect to influx
Just bind to internal port like a sane person
2020-06-28 19:16:22 +01:00
9f09554053
Set some sysctl settings so zeroconf works for HA
https://stackoverflow.com/a/46890741
2020-06-28 17:35:49 +01:00
bf2a5e9320
Add Tado and Arlo integrations 2020-06-27 21:00:18 +01:00
e4aba817cc
Fix influxdb comms
Stupid host network mode and DNS
2020-06-27 21:00:07 +01:00
cfd46ea752
I'm probably where my phone is 2020-06-27 19:53:21 +01:00
fe5a5984c3
Remove container names from containers
They're not needed for anything, and caused annoying weird issues when cycling containers
2020-06-27 17:45:28 +01:00
681d591176
Add ESPHome 2020-06-27 16:45:00 +01:00
c89715c52b
Add influxdb for homeassistant storage 2020-06-27 16:34:41 +01:00
93b4bef05d
Add home-assistant 2020-06-27 16:16:52 +01:00
e5cbae81f4
Switch from Emby to Jellyfin
Merge remote-tracking branch 'origin/jellyfin'
2020-06-25 21:39:19 +01:00
e051db5e71
Remove obsolete middleware 2020-06-24 18:48:39 +01:00
7119d5877f
Only expose deluge to internal network
And VPN
2020-06-24 18:48:30 +01:00
dd12b795b5
Remove pihole
Internal VPN server is working just perfectly instead
2020-06-24 18:46:13 +01:00
7d61282d19
Set depends_on where needed 2020-06-24 18:35:20 +01:00
7a3643f3c2
Persist mirror caches outside container 2020-06-24 18:21:14 +01:00
df54decc99
Mirror dotfiles repo 2020-06-24 16:47:31 +01:00
82a3c85263
Install git-mirror container
This also moves the canonical home of this repo to my gitea instance!
2020-06-24 16:27:13 +01:00
5f9b337c7a
Update gitea 2020-06-24 14:26:12 +01:00
2ab8928985
Update nextcloud base 2020-06-24 14:26:05 +01:00
319c96512e
Change default theme to original
Black and green looks odd
2020-06-22 21:03:08 +01:00
913ee4759f
Quote value to silence errors 2020-06-18 21:18:47 +01:00
9ba9593127
Remove debug log level for deluge 2020-06-18 20:50:04 +01:00
f878866f10
Update yamllint 2020-06-18 20:49:12 +01:00
9f59b30f1e
Update synapse 2020-06-18 20:34:23 +01:00
7f62ed43d4
Update gitea to 1.12 2020-06-18 20:33:09 +01:00
624d1b5425
Set HSTS header for nextcloud 2020-06-13 21:14:23 +01:00
ca188ab1b4
Rename middleware
It's not actually applying a HSTS header
2020-06-13 21:09:48 +01:00
d7b6abaf58
Update to nextcloud 19 2020-06-13 21:06:33 +01:00
a22f555878
Unpin the versions of things I don't care about too much
If they update and break, it's not the end of the world, however unlikely it may be
2020-06-13 19:38:42 +01:00
a3d19eba94
Update synapse 2020-06-13 19:27:53 +01:00
3969b23cd0
Keep using fancy index
Repairs breaking change from 0f036dd6d7
2020-06-11 19:24:53 +01:00
e1ae11e388
Update quassel base 2020-06-10 13:54:18 +01:00
26aba92483
DIal back emby update
Apparently that was a pre-release
2020-06-10 13:53:47 +01:00
e54ec1312c
Replace onlyoffice with collabora 2020-06-07 21:09:02 +01:00
0724ae9238
Update redis 2020-06-07 15:09:20 +01:00
61a50435c9
Update emby 2020-06-05 19:11:49 +01:00
fa41b09d83
Update deluge base 2020-06-05 17:36:09 +01:00
15720fded8
Update quassel base 2020-06-05 17:35:56 +01:00
1f9ea561df
Update calibre 2020-06-05 17:35:37 +01:00
0a13b8e34d
Update nextcloud base 2020-05-31 13:30:37 +01:00
d41d1b0d6c
Update gitea 2020-05-31 13:26:47 +01:00
605ae4f8b8
Make sure media is owned correctly 2020-05-30 15:35:55 +01:00
e5d77f23fd
Update deluge base 2020-05-29 15:37:49 +01:00
249045e4cd
Update synapse 2020-05-29 15:37:39 +01:00
cd076b871c
Update duplicati base 2020-05-29 15:36:40 +01:00
f59c625058
Move nextcloud DB to SSD
Speeeeeeeeed
2020-05-28 20:20:33 +01:00
28cdaefb05
Update nextcloud base 2020-05-27 16:17:32 +01:00
adc7611242
Only bind duplicati to wireguard interface 2020-05-25 17:38:26 +01:00
986fc50fde
Set hostname for duplicati so it's picked up correctly in the UI
This shouldn't have any negative impact. Hopefully...
2020-05-25 17:32:44 +01:00
851f750948
Move duplicati to its own role so it can be installed on grimes 2020-05-25 17:25:58 +01:00
b45d399734
Mount entire host inside duplicati 2020-05-25 17:01:29 +01:00
7dd31c0556
Allow nextcloud to be reached over internal SSL
This removes the need for a custom config, and means traefik is proxying HTTP2, which is nice
2020-05-24 19:21:17 +01:00
eac381a90a
Decrease resource limit on FaH
It's getting hot
2020-05-24 18:37:57 +01:00
d2269de4ad
Claenup docker util scripts 2020-05-23 18:25:00 +01:00
ceca641e2f
Remove deprecated options 2020-05-23 11:47:31 +01:00
c92f924faa
Harden host key 2020-05-23 11:45:53 +01:00
2fe6cf7c93
Install mobile key 2020-05-23 11:23:45 +01:00
20d5020f6b
Manually use file lookup so the terminal output looks nicer 2020-05-23 11:18:48 +01:00
09418cffb0
Provision SSH keys with ansible now 2020-05-23 11:04:50 +01:00
7e534e52e1
Merge SSH into base role 2020-05-23 10:58:09 +01:00
16881048e2
Update duplicati 2020-05-23 10:35:59 +01:00
892ac4e950
Update synapse 2020-05-22 22:34:37 +01:00
cd255f7ca2
Remove docker-rclone-mount
Seems there's some issues where having this attached which makes the duplicati container delete all its RO mounts.
2020-05-22 21:09:40 +01:00
7fbfbbb699
Ansiblize rclone mounts configs 2020-05-22 12:04:43 +01:00
251d52f1de
Add rclone mounts 2020-05-22 11:47:45 +01:00
9b9af7e90d
Set nextcloud trusted proxy to docker host IP 2020-05-21 18:11:51 +01:00
fc7b57eab9
Modify some things and cleanup gitea config 2020-05-21 17:58:38 +01:00
1c8d80e12d
Revert "Add a redis cache to gitea"
This reverts commit c0c396f008.

Causes weird stability issues as the process received sig 15 and
restarts, which is strange!
2020-05-21 12:03:45 +01:00
c0c396f008
Add a redis cache to gitea 2020-05-19 21:49:09 +01:00
b9e6e8801e
Mount a directory for restore testing
And for actual restores, should the time come...
2020-05-18 12:08:10 +01:00
9850f73a17
Deploy web-rng
https://github.com/RealOrangeOne/web-rng
2020-05-17 18:04:44 +01:00
600bc4bb58
Ensure sysctl change is persisted
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
2020-05-16 16:15:58 +01:00
f207b2eedd
Update quassel base 2020-05-14 14:16:19 +01:00
1a51624f5f
Update nextcloud base 2020-05-14 14:16:11 +01:00
98f478a1ca
Update pihole to v5 2020-05-14 14:15:36 +01:00
825b7926af
Update duplicati base 2020-05-14 14:15:28 +01:00
851c6b167c
Remove yourls
Mariadb update broke it, but I never use it anyway.
2020-05-14 13:54:59 +01:00
6f7f7aae94
Remove TOR proxy
Wasn't actually using it, proxying through `grimes`
2020-05-12 20:43:19 +01:00
112e8ce985
Install some wireguard tools 2020-05-11 11:59:46 +01:00
93e5ce5bac
Reduce polling interval slightly so things update quicker 2020-05-10 22:20:03 +01:00
eb65e8808d
Update gitea 2020-05-10 19:38:00 +01:00
40cf931f14
Update deluge base 2020-05-10 19:37:48 +01:00
8f32d74095
Update gotify 2020-05-10 19:29:36 +01:00
2d655a3da0
Remove unnecessary strings 2020-05-10 19:23:41 +01:00
d693240eb4
Just hardcode to bash
I'm not resetting my login shell again!
2020-05-10 19:19:42 +01:00
f156bd6860
Use which to get path to bash 2020-05-09 21:06:03 +01:00
59868fc331
Install git on all hosts 2020-05-09 21:03:43 +01:00
52ae01d29f
Add user to docker group 2020-05-09 20:48:46 +01:00
59a721b243
Create user 2020-05-09 20:47:41 +01:00
5289206f14
Remove unnecessary quotes 2020-05-09 20:11:08 +01:00
1f0e33acc8
Remove fail2ban
Keeps getting hit by stats. I should fix that at some point
2020-05-09 20:09:36 +01:00
f3126e34b9
Update haproxy config for use on arch 2020-05-09 20:08:27 +01:00
059cb585db
Use OS-agnostic package install for haproxy 2020-05-09 20:08:14 +01:00
095c8c4562
Use sysctl to enable p2p comms 2020-05-09 20:07:19 +01:00
f6214f1495
Replace nginx with static server 2020-05-09 17:14:16 +01:00
bb5e489f8c
Remove the explicit enable of TLS in Traefik
Much cleaner config!
2020-05-08 22:16:24 +01:00
19fc0c0957
Add shorter URLs for upload 2020-05-08 21:45:27 +01:00
2f523075ae
Add upload server 2020-05-08 21:27:32 +01:00
2618f38c52
Update nextcloud base 2020-05-06 16:28:19 +01:00
f511f0d604
Alllow librespeed to be accessed over home network 2020-05-06 16:18:47 +01:00
56ebe2ad01
Use basic-auth to protect librespeed rather than whitelist 2020-05-06 16:11:29 +01:00
aad14a4ceb
Update calibre 2020-05-05 22:30:03 +01:00
5db68b7658
Update quassel base 2020-05-05 22:29:57 +01:00
54ec7f2332
Add a basic SOCKS proxy 2020-05-05 21:55:14 +01:00
bc545b742a
Redirect 0rng.one to website 2020-05-01 21:26:48 +01:00
ae7ee2dd81
Update deluge base 2020-04-30 21:57:10 +01:00
59e5a13cd0
Update nextcloud base 2020-04-30 21:53:34 +01:00
0256570f1c
Update traefik 2020-04-30 21:50:18 +01:00
ceeba55a83
Migrate from emby to jellyfin 2020-04-30 21:45:03 +01:00
974e0e8467
Enable services
Not just during reload
2020-04-28 20:48:15 +01:00
61136f69af
Update quassel base 2020-04-28 20:45:10 +01:00
bd8e41a1aa
Update gotify 2020-04-28 20:45:02 +01:00
68a684c7f6
Set gitea SSH domain to alias 2020-04-28 20:31:29 +01:00
957d4d7b69
Only use a single domain for YOURLS 2020-04-26 16:33:05 +01:00
bfce9e1cbf
Host statping outside home 2020-04-26 15:37:28 +01:00
7c6abc33fe
Host website outside home 2020-04-26 14:26:48 +01:00
92c85904bd
Rename role for intersect docker applications 2020-04-26 13:56:26 +01:00
05c7690b83
Make grimes a docker host 2020-04-26 13:44:06 +01:00
50cb5a56fc
OpenSSH is called something different on Arch 2020-04-26 12:16:18 +01:00
051ec43769
wg-quick can't be reloaed
This might break things!
2020-04-26 12:05:45 +01:00
4aa5a7d5a8
Use package so it's OS agnostic 2020-04-26 11:25:01 +01:00
3e523bd04b
Remove traefik subdomain 2020-04-25 12:15:28 +01:00
6695e60f8e
Update nextcloud 2020-04-24 22:12:49 +01:00
6a862f9fb3
Always restart watchtower 2020-04-24 21:38:00 +01:00
2ddde6c129
Fix task names of new roles 2020-04-23 21:54:04 +01:00
5585fb0b12
Convert watchtower into its own role 2020-04-23 21:51:01 +01:00
81ef4ad67a
Rename base role to common 2020-04-23 21:38:16 +01:00
b11ca7fe21
Convert netdata into its own role 2020-04-23 21:32:18 +01:00
975ba9a2ed
Remove netdata domain 2020-04-23 21:16:48 +01:00
89ba23719c
Move traefik into its own role 2020-04-23 20:49:43 +01:00
9962d9103f
Extract docker cleanup stuff into its own role 2020-04-23 20:17:54 +01:00
7a296c63a2
Update YOURLS 2020-04-23 17:31:43 +01:00
eba4b8226f
Update synapse 2020-04-23 17:31:21 +01:00
221bdf62ef
update quassel base 2020-04-23 17:31:11 +01:00
7113802df7
Update nextcloud base 2020-04-23 17:31:03 +01:00
303283f73e
Remove portainer 2020-04-19 21:42:57 +01:00
d87b91d5aa
Update some LSIO container bases 2020-04-18 22:53:15 +01:00
ff8beea3c4
Massively increase timeouts to prevent websocket issues 2020-04-17 23:04:20 +01:00
d2ca5a51be
Revert "Update statping and move to new container"
This reverts commit 880054eb2d.

Statping 0.90 is buggy AF, see https://github.com/statping/statping/issues/456
2020-04-17 22:10:40 +01:00
1da3ca95e7
Stop using unstable repos to install wireguard
It's in backports now, which is much easier to install from!
2020-04-17 09:08:10 +01:00
880054eb2d
Update statping and move to new container 2020-04-15 21:17:01 +01:00
853dfbf9a1
Update nextcloud base 2020-04-15 18:26:06 +01:00
be15714cca
Update quassel base 2020-04-13 19:37:16 +01:00
4f5a99263f
Remove cgit landing pages
I can use an org to make the URLs in gitea slightly nicer, which will do for now
2020-04-11 17:37:05 +01:00
17f5aa921b
Sort items in main.yml 2020-04-11 17:23:28 +01:00
df017b3ee6
Add a server-side analytics page 2020-04-10 12:33:51 +01:00
8185ad979d
Update deluge base 2020-04-10 11:35:54 +01:00
d0c36adba8
Self host my website 🎉 2020-04-10 11:31:01 +01:00
92d33a0fa7
Update emby 2020-04-09 08:45:09 +01:00
30e47836fa
Update nextcloud 2020-04-09 08:43:42 +01:00
9de6c4a515
Update quassel base 2020-04-06 19:44:39 +01:00
091fd9045b
Update emby base 2020-04-04 22:35:39 +01:00
0e79f4a7ba
Fuck isolation! 2020-04-04 11:41:41 +01:00
0ef3901ee6
Update emby 2020-04-04 11:16:57 +01:00
7b0cc0893d
Add shorter domain for whoami container 2020-04-03 23:59:07 +01:00
7322adc52a
Remove py3 suffix
It's all python3
2020-04-03 11:29:42 +01:00
94a62ba724
Update synapse 2020-04-03 11:26:56 +01:00
be068a774a
Add my user to dockeruser group
Makes debugging things so much easier!
2020-04-02 09:05:32 +01:00
f7f417b780
Update gitea 2020-04-01 19:54:25 +01:00
d91746ebeb
Update nextcloud base 2020-04-01 19:46:00 +01:00
f32e0bfe59
Only add timeout for core HTTP ports 2020-03-31 19:27:47 +01:00
335992c9e9
Restore custom middleware implementation.
This redirect doesn't work correctly, let's revert to our custom one for
now. It does exactly the same thing, anyway
2020-03-31 14:53:00 +01:00
079e58e67b
Add some automated postgres backups 2020-03-30 21:40:04 +01:00
10991def1e
Run the prune without prompt, and hard remove images 2020-03-30 18:23:11 +01:00
d1e814f097
Prune the system daily rather than weekly 2020-03-30 18:19:24 +01:00
2f17d2a9ff
Update quassel base 2020-03-30 18:07:22 +01:00
0e330066ba
Update emby base 2020-03-30 18:07:13 +01:00
8fe288549f
Update traefik to 2.2.0
This removes my custom hack for redirecting users to HTTPS
2020-03-30 17:59:02 +01:00
7c5968c39a
Update emby 2020-03-28 15:39:42 +00:00
4199423815
Update deluge base 2020-03-28 11:31:14 +00:00
ca3ed14973
Add automated DB backups for nextcloud
Will roll this out to everything else someday too!
2020-03-27 17:50:47 +00:00
55eca663a9
Replace f@h container with lsio one
Also move configuration into web UI, just because it's easier
2020-03-27 17:23:07 +00:00
1afc28ec17
Standardize string quotes in yaml 2020-03-25 21:27:15 +00:00
35bd63d12b
Add pv to handy tools 2020-03-25 20:52:41 +00:00
65e15c9f6c
Run watchtower more frequently
This makes autodeployment like tasks much easier
2020-03-25 20:41:15 +00:00
fdaf037b96
Update nextcloud base 2020-03-25 16:27:20 +00:00
5eb7e2feb8
Update nextcloud to 18.0.3 2020-03-25 08:50:03 +00:00
d15c27d109
Bump quassel base 2020-03-23 20:19:10 +00:00
3cb2542982
Update synapse 2020-03-23 18:29:24 +00:00
95c3e46783
Setup shorter yourls domain 2020-03-20 22:29:43 +00:00
ef083badc1
Use shiney new domain for git hosting 2020-03-20 22:21:02 +00:00
5938f7fca6
Remove statping from internal DNS
This *hammers* pihole and massively inflates the metrics. Remove for now until there's a sane way to fix it
2020-03-19 19:16:04 +00:00
02293459e1
Localise queries
Doesn't do anything yet, but it might some day...
2020-03-19 19:14:45 +00:00
45ae2be523
Update nextcloud container base 2020-03-18 21:49:20 +00:00
5f79109195
Convert nextcloud db to postgres 2020-03-18 21:35:17 +00:00
7eda50239c
Remove reference to become_user: root
This was the default anyway
2020-03-17 21:11:02 +00:00
236757b4c0
Update emby container base 2020-03-17 20:42:09 +00:00
24686f8cb3
Merge custom dnsmasq config into pihole 2020-03-17 20:29:40 +00:00
8093bcbcbb
Just use the autogenerated one
It's _fine_.
2020-03-17 18:38:47 +00:00
717391334e
Use a short pihole password so it actually works 2020-03-17 18:10:06 +00:00
69a6da95b9
Add pihole to internal DNS record 2020-03-16 20:13:07 +00:00
359efe72b4
Install pihole
Eventially it'll replace dnsmasq, but not today
2020-03-16 13:44:24 +00:00
aa05b675f4
Kinda install ctop 2020-03-15 16:39:40 +00:00
cdcfcf3c66
Increase fail2ban threshold 2020-03-15 15:02:57 +00:00
a0dd40847e
Install wallabag
It's sqlite, for now
2020-03-15 14:34:28 +00:00
4210013039
Update deluge base container 2020-03-15 12:07:48 +00:00
8a5267bc61
Update librespeed 2020-03-15 12:05:17 +00:00
1f78e2eb2c
Update nextcloud to 18.0.2 2020-03-15 12:00:38 +00:00
b3e307f147
Move config into nextcloud directory 2020-03-15 11:51:23 +00:00
871555532d
Stop passing through the entire config directory
This makes updates so much easier!
2020-03-15 11:45:55 +00:00
708250005a
Install fail2ban 2020-03-13 23:08:26 +00:00
92af315e69
Change haproxy timeouts 2020-03-13 22:26:30 +00:00
1c1bdc3cbd
Update gitea 2020-03-11 21:24:33 +00:00
16acfb1f11
Update nextcloud container base 2020-03-11 21:24:27 +00:00
47c0b65dfe
Add some helper synapse cleanup scripts 2020-03-10 20:08:46 +00:00
16e01c4a10
Update synapse to 1.11.1 2020-03-10 19:03:01 +00:00
31497155ee
Replace lsio mariadb container with official 2020-03-10 13:27:43 +00:00
88af6f6da9
update quassel base 2020-03-10 08:56:40 +00:00
c7bd4fc413
Reduce retention policy 2020-03-09 13:42:00 +00:00
f9bae27e4e
Update gitea 2020-03-08 20:07:28 +00:00
ac70fceca5
Convert all compose files to v2 2020-03-08 18:12:20 +00:00
6f1258232c
Install statping 2020-03-08 16:41:13 +00:00
dd956450dc
Start folding 2020-03-08 15:13:44 +00:00
b8e866058f
Update nextcloud container base 2020-03-06 08:54:16 +00:00
242f6f07c9
Update traefik 2020-03-03 13:15:16 +00:00
bb9408a39e
Update quassel base 2020-03-03 13:10:58 +00:00
000ceea198
Update emby container base 2020-03-03 13:07:59 +00:00
99a2472be8
Update nextcloud container 2020-03-03 13:04:19 +00:00
fa929cbca5
Install ntp from galaxy 2020-03-02 19:45:16 +00:00
85f6f59970
Use ansible galaxy to install docker 2020-03-02 19:37:11 +00:00
d1100485c0
Update emby container to fix issues with multiple processes running
Or at least, I think this fixed it
2020-02-24 21:52:36 +00:00
238bc2acff
Update calibre 2020-02-24 08:51:03 +00:00
23d41a90b6
Fix *all* the linting errors in synapse config 2020-02-22 21:46:37 +00:00
61b6dc5c7b
Trim newlines in ttrss config 2020-02-22 21:02:54 +00:00
5d804828bb
Cleanup nextcloud config 2020-02-22 20:51:49 +00:00
45946741d5
Update synapse 2020-02-21 09:25:00 +00:00
2ab3803030
Update gotify 2020-02-21 09:24:55 +00:00
b82381a5fe
Update nextcloud container 2020-02-21 09:20:36 +00:00
f978acdae4
Update deluge 2020-02-21 09:17:58 +00:00
b8ca1a8996
Update quassel 2020-02-18 08:59:09 +00:00
d290f2f68f
Use cgit as a simple frontend to gitea 2020-02-17 21:46:50 +00:00
be3a571d2c
Update mariadb container 2020-02-17 13:03:39 +00:00
88884a0f3a
Update config.php to match what's actually installed 2020-02-17 13:03:18 +00:00
11260d5a08
Upgrade nextcloud container 2020-02-17 12:52:10 +00:00
a95b36169c
Update gitea 2020-02-17 09:39:48 +00:00
c558346f70
Install and configure duplicati 2020-02-14 21:26:15 +00:00
3b30054958
Add helper script to access Nextcloud's occ cli 2020-02-14 09:27:44 +00:00
8325af9f6c
Update gitea to 1.11 2020-02-14 08:58:14 +00:00
0391f032c8
Upgrade quassel and deluge 2020-02-10 09:28:34 +00:00
42c565c368
Setup retention policy
Hopefully this puts a bit more of a handle on DB size
2020-02-10 09:15:19 +00:00
81d2be3b74
Install todoist-github 2020-02-09 15:48:22 +00:00
4c92e2df3b
Add nextcloud config
Damn this needs cleaning up at some point!
2020-02-09 15:21:48 +00:00
c264a707c3
Add synapse config 2020-02-09 14:15:46 +00:00
0da675db1c
Add quassel config 2020-02-09 13:19:45 +00:00
77fe92a7e7
Add torrent (deluge) config 2020-02-09 13:06:10 +00:00
81cccea858
Enable gzip and check for updates 2020-02-09 12:51:39 +00:00
1dbc7ea2c7
Drop some unnecessary comments
Reducing the amount of PHP in my infrastructure repo is a good thing!
2020-02-09 12:48:27 +00:00
ac12da5c02
Add tt-rss 2020-02-09 12:43:38 +00:00
253453ba16
Reload wireguard rather than restarting
Hopefully this stops it dropping connections
2020-02-07 21:09:41 +00:00
5027e77534
Have yourls redirect root to admin page
I keep forgetting this is a thing and thinking it's broken
2020-02-07 13:57:03 +00:00
94da91db8e
Install yourls 2020-02-07 13:49:13 +00:00
32d4e108f9
Update librespeed 2020-02-07 09:04:13 +00:00
b66ef84289
Explicitly pin portainer to latest tag 2020-02-07 09:04:06 +00:00
9c6f9dc288
Update gitea 2020-02-07 09:01:06 +00:00
eed3031170
Install gitea 2020-02-07 08:57:48 +00:00
c184936114
Upgrade traefik
This is the first upgrade of a container through this repo, and it worked perfectly! 🎉
2020-02-07 08:40:04 +00:00
e6a659e4cb
Add calibre compose file 2020-02-05 20:37:01 +00:00
e0b8b7961a
Add space in comment 2020-02-02 22:30:48 +00:00
7f1be920d6
Add some docker util scripts 2020-02-02 22:20:17 +00:00
035ff0ac24
Add traefik config 2020-02-02 21:10:29 +00:00
a42c1a4182
Read PUID from variable 2020-02-02 20:28:08 +00:00
8a14b09ce8
Install gotify 2020-02-02 20:22:23 +00:00
9a770df6dc
Fix NTP permissions 2020-02-02 20:19:51 +00:00
1414357ad7
Install librespeed 2020-01-30 13:43:28 +00:00
cdc7209013
Add emby docker compose files 2020-01-30 13:35:10 +00:00
78d860bfcb
Setup a cron job to cleanup docker containers 2020-01-30 13:27:10 +00:00
11e49eb76e
Add whoami 2020-01-30 13:20:31 +00:00
31462f85ee
Validate compose files 2020-01-28 22:17:12 +00:00
a9a27d617b
Add internal dns container 2020-01-28 22:15:14 +00:00
d1e5f63efd
Add portainer compose file 2020-01-28 22:02:02 +00:00
c3959d43c6
Install watchtower
Also move file masks to config so they're consistent
2020-01-28 21:55:53 +00:00
3142ba75c6
Add netdata docker-compose file 2020-01-28 21:50:29 +00:00
01ce422e11
FIx name of task to add docker apt key 2020-01-28 21:49:29 +00:00
9d8e7cbc9c
Setup and install docker 2020-01-28 21:32:29 +00:00
d61cb64c7e
Harden SSH config 2020-01-28 21:04:26 +00:00
0dbeb64710
Add recommend key exchange 2020-01-28 20:56:07 +00:00
14b7b6d2ef
Internalise SSH config and make it generic to all hosts 2020-01-28 20:39:42 +00:00
eb796ce1f9
Set timezone as root 2020-01-28 20:03:20 +00:00
b4bb3f01f2
Convert haproxy config to use spaces 2020-01-26 18:17:55 +00:00
ac5a9aa0f0
Remove SSL block from haproxy config 2020-01-26 18:15:19 +00:00
03b3bd5ddb
Disable login as root 2020-01-26 18:10:07 +00:00
af936990e2
Add custom DNS server 2020-01-23 20:06:45 +00:00
ec478c3cf5
Fix client config 2020-01-19 17:59:36 +00:00
7eaf608e3c
Revoke exposed wireguard keys
Derp derp derp
2020-01-19 17:41:34 +00:00
35605ce0a6
Move wireguard clients configuration to home dir
Makes it easier to provision machines
2020-01-19 17:33:14 +00:00
251fe11113
Output wireguard client config files 2020-01-19 16:43:51 +00:00
f6ffb1ceef
Template haproxy better 2020-01-17 22:56:45 +00:00
78fa36f20a
Move variables to 1 place
Much easier to manage
2020-01-17 22:31:50 +00:00
aaee2b443d
Add base packages 2019-12-09 20:55:47 +00:00
d0d2d6668e
Install NTP 2019-12-08 21:17:30 +00:00
23a472f764
Add wireguard server config 2019-12-08 21:05:20 +00:00
730246e67f
Install wireguard server 2019-12-08 20:16:42 +00:00
7713820e51 Fix typo 2019-12-08 19:27:54 +00:00
58a3683355 Define haproxy config 2019-12-08 16:47:28 +00:00
f8ecd8bf78 Ensure SSH is installed 2019-12-08 16:03:13 +00:00
b0277c2f46 COnfigure SSH bastion 2019-12-08 15:55:19 +00:00