Commit graph

1213 commits

Author SHA1 Message Date
2bbd1c681b
Allow proxying to any ports
On the assumption they're HTTP, it's probably fine to route to anything. We're not trying to act as a firewall
2022-11-06 22:16:48 +00:00
b9283ec445
Set port for HTTP proxies 2022-11-06 21:55:05 +00:00
041f791b60
Add squid as a forwarding proxy so containers are exposed through a VPN
Implementation isn't perfect, but as `qbittorrent` already had an outbound VPN connection, it makes sense to just reuse it.
2022-11-06 18:26:09 +00:00
fc577f21b8
Update Traefik to 2.9 2022-11-01 20:50:30 +00:00
4c8d5ffe44
Remove all references to traefik pages 2022-11-01 20:30:16 +00:00
d81ed290d7
Put the new website live 2022-10-30 12:04:15 +00:00
08afdd951e
Add hosting for new website
Top sneaky
2022-10-29 18:09:30 +01:00
8dd1f6cddf
Add nextcloud email config 2022-10-26 14:23:08 +01:00
0d24bd7e0c
Use correct location for nextcloud config file 2022-10-26 14:10:26 +01:00
d0cef763e1
Update Nextcloud to 25 2022-10-26 14:09:47 +01:00
27069281dc Update renovate/renovate Docker tag to v34 2022-10-25 14:05:25 +01:00
bfacd3b6df Merge branch 'renovate/wallabag-wallabag-2.x' into 'master'
Update wallabag/wallabag Docker tag to v2.5.2

See merge request sys/infrastructure!50
2022-10-25 08:46:19 +01:00
d4053908ab Update renovate/renovate Docker tag to v33 2022-10-23 08:02:08 +01:00
f90e167774 Update wallabag/wallabag Docker tag to v2.5.2 2022-10-21 14:01:20 +01:00
4e77f0165a
Use persistent storage for tt-rss
Otherwise the container fails to find the cache directory due to how updates are handled.
2022-10-17 13:44:06 +01:00
c0a4c35e5b Merge branch 'renovate/ansible-lint-5.x' into 'master'
Update dependency ansible-lint to v5.4.0

See merge request sys/infrastructure!40
2022-10-17 13:43:39 +01:00
d13d49447e Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.5

See merge request sys/infrastructure!45
2022-10-17 13:33:41 +01:00
cecf9f03a2 Update vaultwarden/server Docker tag to v1.26.0 2022-10-15 18:09:57 +01:00
ed2414954e Update louislam/uptime-kuma Docker tag to v1.18.5 2022-10-10 20:01:07 +01:00
7adda6ed1c
Update nextcloud to 24.0.6 2022-10-09 19:41:17 +01:00
2188c59372 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.4

See merge request sys/infrastructure!44
2022-10-09 19:33:07 +01:00
58730fcbeb
Move pages hosting to GitLab pages 2022-10-09 18:26:49 +01:00
491061d900
Remove shenanigans
It's not enabled, and it's 1 less container to deal with
2022-10-09 17:40:22 +01:00
77bc6947ab Update louislam/uptime-kuma Docker tag to v1.18.4 2022-10-09 10:01:04 +01:00
6d890a6991
Setup slides domain 2022-10-08 17:37:28 +01:00
41582f50db
Set up GitLab pages 2022-10-08 15:51:37 +01:00
2dc13c6f40
Update nebula to 1.6.1 2022-10-05 08:42:01 +01:00
521e6320fd Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.68.0

See merge request sys/infrastructure!39
2022-10-04 13:42:30 +01:00
681cff5ea7 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.2

See merge request sys/infrastructure!42
2022-10-04 13:40:52 +01:00
62aab30dc8 Update louislam/uptime-kuma Docker tag to v1.18.2 2022-10-04 12:01:00 +01:00
81b302459e Update vabene1111/recipes Docker tag to v1.4.4 2022-09-30 16:01:02 +01:00
d4830ae9c2 Update dependency ansible-lint to v5.4.0 2022-09-29 10:01:27 +01:00
b32b7ca629 Update matrixdotorg/synapse Docker tag to v1.68.0 2022-09-27 14:01:34 +01:00
02d5b2d8d3
Upgrade sanoid 2022-09-26 19:32:55 +01:00
67b890d639 Merge branch 'renovate/vabene1111-recipes-1.x' into 'master'
Update vabene1111/recipes Docker tag to v1.4.2

See merge request sys/infrastructure!37
2022-09-26 13:56:40 +01:00
5be1078639 Update vabene1111/recipes Docker tag to v1.4.2 2022-09-23 18:01:17 +01:00
bcc2bfd417 Update ghcr.io/goauthentik/server Docker tag to v2022.9.0 2022-09-23 12:01:29 +01:00
cf6cc7de7a
Add email to tandoor 2022-09-22 09:13:28 +01:00
356e04c005
Fewer workers / threads for authentik 2022-09-22 08:52:41 +01:00
92fdfd252a
Add email to authentik 2022-09-22 08:47:01 +01:00
98f2eea59b
Add email to plausible 2022-09-22 08:37:00 +01:00
9098fec232
Disable erlang multi-node distribution 2022-09-22 08:23:30 +01:00
2b590a55c9 Update vabene1111/recipes Docker tag to v1.4.1 2022-09-21 20:01:33 +01:00
71732b7b7c
Don't keep quite so many backups
This results in a huge index which some smaller VMs can't handle
2022-09-21 08:48:05 +01:00
eccefcd7e0
Replace Cloudflare's DNS with Quad9 where it makes sense 2022-09-18 19:55:35 +01:00
60e9454efe
Disable authentik startup analytics 2022-09-18 18:55:24 +01:00
f49b26c6f0
Deploy authentik
Not integrated into other services quite yet. But it's there
2022-09-18 18:49:17 +01:00
4f0ee78b7e
Update grafana to use mailgun 2022-09-18 15:27:58 +01:00
8300d6dbf3
Update commento to use mailgun 2022-09-18 15:01:16 +01:00
63c1bc29db
Update nextcloud to 24.0.5 2022-09-18 14:35:39 +01:00
259ab3aae8 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update matrixdotorg/synapse Docker tag to v1.67.0

See merge request sys/infrastructure!32
2022-09-18 14:22:13 +01:00
128689aed3 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update louislam/uptime-kuma Docker tag to v1.18.0

See merge request sys/infrastructure!33
2022-09-18 14:20:38 +01:00
218d6a48cf
Use mailgun for GitLab emails 2022-09-16 17:43:01 +01:00
5f8a4d7b78
Use supercronic to schedule renovate
This makes it easier to restart, and makes more creative scheduling possible
2022-09-13 20:01:37 +01:00
7575a57e6b Update matrixdotorg/synapse Docker tag to v1.67.0 2022-09-13 11:14:16 +01:00
c7d5056f2a
Scrape homeassistant metrics into prometheus 2022-09-06 21:29:11 +01:00
aa1cef4739 Update louislam/uptime-kuma Docker tag to v1.18.0 2022-09-05 11:03:55 +01:00
0b69388f2c
Remove tmpfs mounts for tt-rss
These don't get created with the correct user permissions, and so breaks
2022-08-29 10:37:13 +01:00
cc3f980d34
Deploy tandoor 2022-08-24 22:17:29 +01:00
10f43bc38d
Prioritise OS-drive's snapraid content file over ZFS
Reads are much faster as it's SSD based, and it avoids unnecessary reads on the pool
2022-08-24 15:24:36 +01:00
dcc3055e93
Use official distribution of tt-rss
The previous one hasn't been updated in about a year. This one requires a couple extra containers, but is officially supported and maintained.
2022-08-24 15:23:21 +01:00
475215f33a
Run as many CI jobs as there are cores 2022-08-17 20:03:37 +01:00
73f165c521
Revert "Update traefik to 2.8"
This reverts commit a695818355.

This causes problems with traefik-pages
2022-08-16 10:17:53 +01:00
4eab0d4f01
Don't mount docker socket to traefik
It was already configured to use the proxy, and was running as non-root
anyway, so likely didn't have access to it in the first place.
2022-08-16 09:38:27 +01:00
8b21b9e6f2
Monitor decker Traefik with prometheus 2022-08-14 15:04:55 +01:00
461cd8fe3c
Update config version of nextcloud 2022-08-14 14:50:14 +01:00
4ccde9cfaf Merge branch 'renovate/lscr.io-linuxserver-nextcloud-24.x' into 'master'
Update dependency lscr.io/linuxserver/nextcloud to v24.0.4

See merge request sys/infrastructure!29
2022-08-14 14:37:13 +01:00
b8953745a6 Update dependency lscr.io/linuxserver/nextcloud to v24.0.4 2022-08-12 09:47:44 +00:00
7577b35755 Update dependency matrixdotorg/synapse to v1.64.0 2022-08-02 10:42:13 +00:00
a695818355
Update traefik to 2.8 2022-08-01 15:02:09 +01:00
9a89dddda3 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update dependency matrixdotorg/synapse to v1.63.1

See merge request sys/infrastructure!27
2022-08-01 14:36:14 +01:00
84e27c9d61 Merge branch 'renovate/vaultwarden-server-1.x' into 'master'
Update dependency vaultwarden/server to v1.25.2

See merge request sys/infrastructure!28
2022-08-01 14:35:33 +01:00
6d7a147b74
Don't bind docker socket in CI
Use dind instead, as it's more secure and isolated

https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker
2022-07-28 17:47:02 +01:00
4311382033 Update dependency vaultwarden/server to v1.25.2 2022-07-27 20:03:05 +00:00
8734ad8ce1 Update dependency matrixdotorg/synapse to v1.63.1 2022-07-20 13:50:49 +00:00
e65b3ec605
Update nextcloud to 24.0.2 2022-06-28 19:28:46 +01:00
6844bbfe99 Merge branch 'renovate/louislam-uptime-kuma-1.x' into 'master'
Update dependency louislam/uptime-kuma to v1.17.1

See merge request sys/infrastructure!25
2022-06-28 19:13:55 +01:00
7b38760196 Update dependency matrixdotorg/synapse to v1.61.1 2022-06-28 14:41:39 +00:00
c502ee57f7
Set nginx to use automatic number of workers
See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6895
2022-06-27 17:52:06 +01:00
9632f9aa90 Update dependency louislam/uptime-kuma to v1.17.1 2022-06-23 08:23:24 +00:00
cf763d07f2
Stop capturing logs for containers I don't care about 2022-06-20 21:25:13 +01:00
0d5913ce3c
Disable any hub integrations 2022-06-18 22:09:59 +01:00
df28b56857
Update traefik to 2.7 2022-06-18 22:09:49 +01:00
f1835aecdd Merge branch 'renovate/vaultwarden-server-1.x' into 'master'
Update dependency vaultwarden/server to v1.25.0

See merge request sys/infrastructure!20
2022-06-18 21:53:52 +01:00
fd6a8be593 Merge branch 'renovate/wallabag-wallabag-2.x' into 'master'
Update dependency wallabag/wallabag to v2.5.1

See merge request sys/infrastructure!23
2022-06-18 21:43:45 +01:00
7b779f6ff7 Update dependency matrixdotorg/synapse to v1.61.0 2022-06-14 11:45:06 +00:00
c54ce7b209
For migrate grafana plugins 2022-06-13 21:52:40 +01:00
5b586f2608
Add container to extract TLS certs from traefik into standard format
Disable its network access, just in case
2022-06-13 21:18:45 +01:00
f8e4e6302d Update dependency wallabag/wallabag to v2.5.1 2022-06-09 08:05:42 +00:00
4ba1ab0a28
Update yourls mariadb to 10.8 2022-06-06 22:33:26 +01:00
b62f8001bb
Deploy commento++ 2022-06-05 15:44:49 +01:00
14de6fee84
Use socket proxy for DB backups 2022-06-04 23:03:41 +01:00
a15c300856
Ensure forrest saves DB backups to the correct place 2022-06-04 22:24:53 +01:00
0fd891f988 Update dependency louislam/uptime-kuma to v1.16.1 2022-05-29 05:48:38 +00:00
c159a157c3
Update download location for qbittorrent 2022-05-25 08:46:37 +01:00
0c11079246
Update geerlingguy.docker to fix issue installing on Arch
https://github.com/geerlingguy/ansible-role-docker/issues/346
2022-05-25 08:35:12 +01:00
565e1a156c
Update nextcloud to 24.0.1 2022-05-24 20:22:18 +01:00
1015a0ebc1 Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
Update dependency matrixdotorg/synapse to v1.59.1

See merge request sys/infrastructure!16
2022-05-24 20:12:51 +01:00
07f19ec509 Update dependency vaultwarden/server to v1.25.0 2022-05-23 18:01:20 +00:00
284bed5e90 Update dependency wallabag/wallabag to v2.5.0 2022-05-21 20:38:08 +00:00
6116eed775
Use external DNS for monitoring
This avoids potential issues with host DNS jitters
2022-05-19 09:39:30 +01:00
6a60e7284e Update dependency matrixdotorg/synapse to v1.59.1 2022-05-18 12:16:59 +00:00
b23b5e130e
Keep a few frequent backups in case of screw ups 2022-05-17 18:09:03 +01:00
e176ba371c
Move my settings out of default 2022-05-17 18:09:03 +01:00
f2290aafa6
Reduce usage and reliance on downsampled snapshots
Keep more at a lower resolution, as really those are the most useful
2022-05-17 18:09:03 +01:00
82040a5c85
Move qbittorrent to be a LXC 2022-05-16 22:02:01 +01:00
1c14c10b74
Allow 2 cores per runner job for concurrency
Allowing 2 clear cores runs fewer jobs, but should run them a lot faster
2022-05-07 12:34:57 +01:00
306d2368c1
Update dependency wallabag/wallabag to v2.4.3 2022-05-07 12:21:21 +01:00
8eae7b69e0
Pin versions of galaxy requirements 2022-05-07 12:21:21 +01:00
26b4b18737
Update synapse to 1.58.1 2022-05-07 11:38:46 +01:00
15b56971a1
Update uptime-kuma to 1.15.1 2022-05-07 11:37:49 +01:00
d7056861b9
Keep data for a bit longer
Don't ask me why I did this...
2022-05-07 11:34:46 +01:00
2c7e4e5532
Unpin fork of proxmox-nag-removal 2022-05-04 22:32:33 +01:00
51779a1f7e
Use released version of ntp role
Now https://github.com/geerlingguy/ansible-role-ntp/pull/110 has
shipped.
2022-04-27 08:40:17 +01:00
588152461e
Pin to released version of ansible-role-snapraid
Now https://github.com/IronicBadger/ansible-role-snapraid/pull/9 has
been merged.
2022-04-27 08:39:24 +01:00
208c605f05
Update uptime-kuma to 1.15.0 2022-04-26 20:40:33 +01:00
679cd5eba1
Update synapse to 1.57.1 2022-04-26 20:39:16 +01:00
b8c5d40c73
Update nextcloud to 23.0.4 2022-04-26 20:39:05 +01:00
54b8191754
Update uptime-kuma to 1.13.1 2022-03-24 22:20:29 +00:00
72c54029cd
Update synapse to 1.55.2 2022-03-24 22:13:52 +00:00
793506492f
No shenanigans by default
This causes strange problems with nextcloud
2022-03-23 19:30:22 +00:00
cccfa8bf51
Remove version prefix from nextcloud tag
Apparently that's not needed anymore
2022-03-22 21:22:07 +00:00
e0df63e3c9
Update nextcloud to 23.0.3 2022-03-22 21:19:43 +00:00
81116998b1
Fix symbolic link for yamllint config 2022-03-18 19:44:57 +00:00
b8736e1c65
Create VPN for port 53 2022-03-18 19:44:06 +00:00
bd49c1c869
Update renovate to v32 2022-03-18 18:06:07 +00:00
ffe9a13ff1
Update uptime-kuma to 1.12.1 2022-03-13 15:59:37 +00:00
5d136a8a2f
Update synapse to 1.54 2022-03-13 15:59:24 +00:00
2093f72602
Add a skeleton k8s deployment setup
DNS will come later
2022-03-07 21:58:17 +00:00
293aed0fd3
Enable GitLab registry 2022-02-25 21:48:13 +00:00
997fb0e600
Update synapse to 1.52 2022-02-21 21:50:30 +00:00
7ad6e81981
Update nextcloud to 23.0.2 2022-02-21 21:50:18 +00:00
7a05e154a6
Update uptime-kuma 2022-02-21 21:50:07 +00:00
c34b9e48f4
Add support for building docker containers on CI
This is easier than dind
2022-02-14 09:09:28 +00:00
6b63c2685b
Add an additional domain for matrix
I'll migrate over to this eventually. But doing a hard migration has just wasted my entire evening...
2022-02-13 20:54:46 +00:00
722b964bc9
Add Google Search Console integration to Plausible 2022-02-13 16:43:09 +00:00
a075b8f252
Update Vaultwarden to 1.24 2022-02-08 08:56:28 +00:00
4562b60517
Update Traefik to 2.6 2022-02-08 08:55:50 +00:00
af0eb65cce
Update synapse to 1.51 2022-02-08 08:55:41 +00:00
5df4a2c79a
Rotate nebula keys
Turns out they expired last night...
2022-01-30 21:00:38 +00:00
b91072b0da
Create a pages user for user with status checks 2022-01-29 22:18:07 +00:00
a5d9463f80
Ensure webdav pages is also accessible to Traefik 2022-01-29 22:11:19 +00:00
f07b5d9b7b
Migrate include: to include_tasks 2022-01-22 20:21:32 +00:00
106a89d72f
Use groups to manage sudo access rather than editing sudoers file 2022-01-22 20:10:16 +00:00
7e6e630808
Don't provision occ script on every machine
It only makes sense on 1
2022-01-21 22:28:13 +00:00
6db0500e1b
Provision remote f2b key with ansible 2022-01-21 22:11:49 +00:00
e8d4244946
Restart nebula, rather than reloading it
Reloading doesn't actually work it seems
2022-01-21 21:52:48 +00:00
af396a21cb
Provision a new caseyon Linode 2022-01-21 21:52:21 +00:00
188b7c9dd6
Install wireguard tools before provisioning config 2022-01-21 20:29:34 +00:00
c1319a134a
Forget snapshots in groups by host
By default, it includes the path, which means path changes result in very old snapshots

https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
9404f71dc6
Remove old DB backups dir from backups 2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases 2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs 2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik 2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed 2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
cf0e718bfb
Migrate decker services to linode
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma 2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove 2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14 2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14 2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14 2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14 2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14 2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14 2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository 2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7 2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12 2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file 2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault 2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault 2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault 2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars 2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file 2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23 2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1 2021-12-15 20:21:01 +00:00
9834a45ec5
Update uptime-kuma to 1.11.1 2021-12-15 20:20:50 +00:00
699673c3b5
Update Synapse to 1.49.0 2021-12-15 20:19:51 +00:00
9e899d0f52
Update nebula to 1.5.2 2021-12-15 20:18:25 +00:00
bbfd872a24
Mount the whole host into the restic LXC, so I can backup PVE config 2021-12-11 13:17:58 +00:00
4452cc4eeb
Update synapse to 1.47.1 2021-11-23 22:04:42 +00:00
eed75d8648
Mount homeassistant data into restic for external backup 2021-11-21 21:53:35 +00:00
47bcbd855e
Update nextcloud to 22.2.3 2021-11-16 21:04:54 +00:00
5c0987de4d
Update uptime-kuma 2021-11-15 20:26:29 +00:00
e1205564cb
Update nebula to 1.5.0 2021-11-15 20:26:20 +00:00
ccaff503da
Move decker from AMS to Paris
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
2021-11-06 16:45:09 +00:00
64695c3be1
Don't pipe dat ainto curl for healthchecks
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
2021-11-04 16:46:59 +00:00
ef22a43293
Update uptime-kuma to fix security issue 2021-10-29 21:52:09 +01:00
1b4d5de701
Rename plausible embed router
There's nothing really "bare" about it
2021-10-29 20:47:02 +01:00
0cb2a70d24
Upgrade Plausible to 1.4 2021-10-29 20:46:28 +01:00
090745456f
Update vaultwarden to 1.23.0 2021-10-23 16:24:42 +01:00
41fadd892e
Update uptime-kuma 2021-10-23 16:24:29 +01:00
4cdaba4692
Swap certificates for wildcards 2021-10-18 21:59:10 +01:00
ebb571bf20
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
2021-10-15 12:39:16 +01:00
6cc7d0b89e
Update synapse 2021-10-14 18:34:49 +01:00
31208856c2
Pin uptime-kuma version
It's pretty important now
2021-10-14 18:34:00 +01:00
6f0d4b60df
Run more web processes for tt-rss 2021-10-03 16:45:18 +01:00
c867efbe3b
Use alternative container registries where available 2021-10-03 16:26:10 +01:00
3727dd473c
Update synapse to 1.43 2021-10-01 21:17:13 +01:00
7fd176466d
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
2021-10-01 20:52:07 +01:00
4293d030d4
Don't lint globally installed roles 2021-09-27 14:50:08 +01:00
4db474034e
Ignore my VMs from a fail2ban 2021-09-27 14:49:56 +01:00
7e2d01c612
Change domain
Now there's a status page, we can consider it public
2021-09-25 21:34:18 +01:00
3daf939b32
Update uptime-kuma container
Now does user management itself
2021-09-25 21:08:42 +01:00
8a37a9d41b
Move uptime-kuma to decker 2021-09-25 21:03:56 +01:00
a135aae5f3
Provision new VM
This will be used for monitoring
2021-09-25 16:59:23 +01:00
48934ad2c5
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
83ed8879dc
Correctly set smtp user for GitLab
The user and from are different in my case.
2021-09-19 22:34:40 +01:00
178ca6b2c4
Add privatebin config
Disable super long expirations, among other things
2021-09-19 19:29:05 +01:00
d70f450e2d
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
2021-09-07 22:04:23 +01:00
0a8167c839
Remove stray expose
Traefik picks up the port just fine
2021-09-07 21:04:19 +01:00
eedba465c4
Update synapse 2021-09-07 21:04:04 +01:00
a866938207
Fix hostname of restic server 2021-09-06 21:07:10 +01:00
2db8ca5059
Add basic auth to dokku 2021-09-05 23:11:28 +01:00
a278443850
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
6e25403b3d
Update synapse to 1.41.1 2021-08-31 19:08:38 +01:00
86e9d12ce6
Update nextcloud to 22.1.1 2021-08-31 19:03:19 +01:00
c2cd2e6e34
Add backups for grimes 2021-08-30 21:50:55 +01:00
07b2ea2ccb
Add the ability to exclude certain paths from backup 2021-08-30 21:49:58 +01:00
259b0ca7a6
Use upstream telegraf role
https://github.com/rossmcdonald/telegraf/pull/54 shipped
2021-08-30 21:22:26 +01:00
dcbe6e8e72
Use upstream version of ansible-role-snapraid
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
2021-08-30 21:21:58 +01:00
95216b32c4
Consolidate server blocks 2021-08-24 14:31:12 +01:00
453a374801
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
f14e723d40
Fix service name on ingress
It's not alpine
2021-08-24 11:52:35 +01:00
601b916b43
Remove deprecated clients from wireguard server
I use nebula now for all that
2021-08-24 11:14:04 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
ecb946bab4
Remove nginx version from headers 2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00
a54d373526
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00
23fc7bbb12
Use slightly less memory for ZFS 2021-08-22 15:58:49 +01:00
1d5616a36f
Update roles so they support newer Debian versions
I'm monitoring the PRs, don't worry
2021-08-22 15:22:11 +01:00
8fabd11e31
Remove unnecessary pve role
no-subscription is handled by the nag removal role
2021-08-22 15:20:27 +01:00
f0a3585592
Use distribution name in repo URL 2021-08-22 14:44:34 +01:00
0874158a91
Update traefik to 2.5 2021-08-22 11:16:37 +01:00
c04e8b628a
Update synapse to 1.40.0 2021-08-22 11:16:19 +01:00