|
7b6675a9d0
|
Move gitlab variables to single vault
|
2021-12-21 20:12:05 +00:00 |
|
|
4cbc15fe0b
|
Move gitlab runner secrets to dedicated vault
|
2021-12-21 20:00:54 +00:00 |
|
|
66662594d0
|
Extract plausible secrets to dedicated vault
|
2021-12-21 19:57:43 +00:00 |
|
|
fcda77e750
|
Extract vault items from host vars
|
2021-12-21 19:36:52 +00:00 |
|
|
0b352e22d1
|
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
|
2021-12-21 18:04:03 +00:00 |
|
|
dce7c782ec
|
Move wireguard keys into a separate vault file
|
2021-12-21 17:58:52 +00:00 |
|
|
3f37cd4448
|
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
|
2021-12-20 21:17:42 +00:00 |
|
|
8d40a49780
|
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
|
2021-12-20 21:17:25 +00:00 |
|
|
9e473265a5
|
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
|
2021-12-20 17:25:18 +00:00 |
|
|
b50659ab5d
|
Update nextcloud to 23
|
2021-12-19 21:18:09 +00:00 |
|
|
a5329665c0
|
Update vaultwarden to 1.23.1
|
2021-12-15 20:21:01 +00:00 |
|
|
9834a45ec5
|
Update uptime-kuma to 1.11.1
|
2021-12-15 20:20:50 +00:00 |
|
|
699673c3b5
|
Update Synapse to 1.49.0
|
2021-12-15 20:19:51 +00:00 |
|
|
9e899d0f52
|
Update nebula to 1.5.2
|
2021-12-15 20:18:25 +00:00 |
|
|
bbfd872a24
|
Mount the whole host into the restic LXC, so I can backup PVE config
|
2021-12-11 13:17:58 +00:00 |
|
|
4452cc4eeb
|
Update synapse to 1.47.1
|
2021-11-23 22:04:42 +00:00 |
|
|
eed75d8648
|
Mount homeassistant data into restic for external backup
|
2021-11-21 21:53:35 +00:00 |
|
|
47bcbd855e
|
Update nextcloud to 22.2.3
|
2021-11-16 21:04:54 +00:00 |
|
|
5c0987de4d
|
Update uptime-kuma
|
2021-11-15 20:26:29 +00:00 |
|
|
e1205564cb
|
Update nebula to 1.5.0
|
2021-11-15 20:26:20 +00:00 |
|
|
ccaff503da
|
Move decker from AMS to Paris
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
|
2021-11-06 16:45:09 +00:00 |
|
|
64695c3be1
|
Don't pipe dat ainto curl for healthchecks
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
|
2021-11-04 16:46:59 +00:00 |
|
|
ef22a43293
|
Update uptime-kuma to fix security issue
|
2021-10-29 21:52:09 +01:00 |
|
|
1b4d5de701
|
Rename plausible embed router
There's nothing really "bare" about it
|
2021-10-29 20:47:02 +01:00 |
|
|
0cb2a70d24
|
Upgrade Plausible to 1.4
|
2021-10-29 20:46:28 +01:00 |
|
|
090745456f
|
Update vaultwarden to 1.23.0
|
2021-10-23 16:24:42 +01:00 |
|
|
41fadd892e
|
Update uptime-kuma
|
2021-10-23 16:24:29 +01:00 |
|
|
4cdaba4692
|
Swap certificates for wildcards
|
2021-10-18 21:59:10 +01:00 |
|
|
ebb571bf20
|
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
|
2021-10-15 12:39:16 +01:00 |
|
|
6cc7d0b89e
|
Update synapse
|
2021-10-14 18:34:49 +01:00 |
|
|
31208856c2
|
Pin uptime-kuma version
It's pretty important now
|
2021-10-14 18:34:00 +01:00 |
|
|
6f0d4b60df
|
Run more web processes for tt-rss
|
2021-10-03 16:45:18 +01:00 |
|
|
c867efbe3b
|
Use alternative container registries where available
|
2021-10-03 16:26:10 +01:00 |
|
|
3727dd473c
|
Update synapse to 1.43
|
2021-10-01 21:17:13 +01:00 |
|
|
7fd176466d
|
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
|
2021-10-01 20:52:07 +01:00 |
|
|
4293d030d4
|
Don't lint globally installed roles
|
2021-09-27 14:50:08 +01:00 |
|
|
4db474034e
|
Ignore my VMs from a fail2ban
|
2021-09-27 14:49:56 +01:00 |
|
|
7e2d01c612
|
Change domain
Now there's a status page, we can consider it public
|
2021-09-25 21:34:18 +01:00 |
|
|
3daf939b32
|
Update uptime-kuma container
Now does user management itself
|
2021-09-25 21:08:42 +01:00 |
|
|
8a37a9d41b
|
Move uptime-kuma to decker
|
2021-09-25 21:03:56 +01:00 |
|
|
a135aae5f3
|
Provision new VM
This will be used for monitoring
|
2021-09-25 16:59:23 +01:00 |
|
|
48934ad2c5
|
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
|
2021-09-19 22:48:48 +01:00 |
|
|
83ed8879dc
|
Correctly set smtp user for GitLab
The user and from are different in my case.
|
2021-09-19 22:34:40 +01:00 |
|
|
178ca6b2c4
|
Add privatebin config
Disable super long expirations, among other things
|
2021-09-19 19:29:05 +01:00 |
|
|
d70f450e2d
|
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
|
2021-09-07 22:04:23 +01:00 |
|
|
0a8167c839
|
Remove stray expose
Traefik picks up the port just fine
|
2021-09-07 21:04:19 +01:00 |
|
|
eedba465c4
|
Update synapse
|
2021-09-07 21:04:04 +01:00 |
|
|
a866938207
|
Fix hostname of restic server
|
2021-09-06 21:07:10 +01:00 |
|
|
2db8ca5059
|
Add basic auth to dokku
|
2021-09-05 23:11:28 +01:00 |
|
|
a278443850
|
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
|
2021-09-04 22:41:30 +01:00 |
|
|
6e25403b3d
|
Update synapse to 1.41.1
|
2021-08-31 19:08:38 +01:00 |
|
|
86e9d12ce6
|
Update nextcloud to 22.1.1
|
2021-08-31 19:03:19 +01:00 |
|
|
c2cd2e6e34
|
Add backups for grimes
|
2021-08-30 21:50:55 +01:00 |
|
|
07b2ea2ccb
|
Add the ability to exclude certain paths from backup
|
2021-08-30 21:49:58 +01:00 |
|
|
259b0ca7a6
|
Use upstream telegraf role
https://github.com/rossmcdonald/telegraf/pull/54 shipped
|
2021-08-30 21:22:26 +01:00 |
|
|
dcbe6e8e72
|
Use upstream version of ansible-role-snapraid
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
|
2021-08-30 21:21:58 +01:00 |
|
|
95216b32c4
|
Consolidate server blocks
|
2021-08-24 14:31:12 +01:00 |
|
|
453a374801
|
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.
Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
|
2021-08-24 14:21:51 +01:00 |
|
|
f14e723d40
|
Fix service name on ingress
It's not alpine
|
2021-08-24 11:52:35 +01:00 |
|
|
601b916b43
|
Remove deprecated clients from wireguard server
I use nebula now for all that
|
2021-08-24 11:14:04 +01:00 |
|
|
edc5c325b7
|
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
|
2021-08-23 19:56:04 +01:00 |
|
|
ecb946bab4
|
Remove nginx version from headers
|
2021-08-23 16:12:34 +01:00 |
|
|
93cba46dd1
|
Redirect to HTTPS at the edge
|
2021-08-23 16:10:37 +01:00 |
|
|
a54d373526
|
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
|
2021-08-22 22:35:09 +01:00 |
|
|
23fc7bbb12
|
Use slightly less memory for ZFS
|
2021-08-22 15:58:49 +01:00 |
|
|
1d5616a36f
|
Update roles so they support newer Debian versions
I'm monitoring the PRs, don't worry
|
2021-08-22 15:22:11 +01:00 |
|
|
8fabd11e31
|
Remove unnecessary pve role
no-subscription is handled by the nag removal role
|
2021-08-22 15:20:27 +01:00 |
|
|
f0a3585592
|
Use distribution name in repo URL
|
2021-08-22 14:44:34 +01:00 |
|
|
0874158a91
|
Update traefik to 2.5
|
2021-08-22 11:16:37 +01:00 |
|
|
c04e8b628a
|
Update synapse to 1.40.0
|
2021-08-22 11:16:19 +01:00 |
|
|
c99afdd446
|
Disable gzip on qbittorrent egress
It's mostly used over the internal network, so the additional gzip isn't going to gain anything when the disk is the bottleneck
|
2021-08-21 16:46:21 +01:00 |
|
|
55e3b81f06
|
Install release version of gitlab-dater onto GitLab server
Rather than than hacky development one I was using before
|
2021-08-10 22:51:12 +01:00 |
|
|
e421657619
|
Ensure restic gets the correct permissions when it's updated
Yes it's weird to modify the system package like this, but it's very handy.
See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
|
2021-08-10 08:45:59 +01:00 |
|
|
ab46c30df2
|
Start graphing some speeds
|
2021-08-07 10:59:42 +01:00 |
|
|
d0e472b51a
|
Update synapse to 1.39.0
|
2021-08-06 18:20:48 +01:00 |
|
|
11bf501d8a
|
Update nextcloud to 22.1.0
|
2021-08-06 18:20:38 +01:00 |
|
|
9755974647
|
Update vaultwarden to 1.22.2
|
2021-08-06 18:17:22 +01:00 |
|
|
f3bc72d2ba
|
Provision uptime-kuma
|
2021-07-31 16:43:12 +01:00 |
|
|
1399529a47
|
Move stray storage to tank
|
2021-07-17 20:32:26 +01:00 |
|
|
8f831c8191
|
Update synapse to 1.37.1
|
2021-07-11 20:20:56 +01:00 |
|
|
501fe81979
|
Update nextcloud to v22
|
2021-07-11 20:20:48 +01:00 |
|
|
3daf3ef8ed
|
Pin clickhouse to 21.6
21.7 doesn't work
|
2021-07-11 16:11:09 +01:00 |
|
|
b2d226300b
|
Update nextcloud to 21.0.3
|
2021-07-04 21:17:03 +01:00 |
|
|
19eb233ffa
|
Update vaultwarden to 1.22.1
|
2021-07-03 11:27:27 +01:00 |
|
|
797c44a27d
|
Use proxy protocol v2
Apparently it's better for chaining, and may be faster anyway
|
2021-07-01 22:28:25 +01:00 |
|
|
b6adc53746
|
Revert "Capture stderr in logs, too"
This reverts commit 8696f6d93f .
Yeah, this doesn't work. Syntax and intention.
|
2021-06-28 08:33:08 +01:00 |
|
|
41a8fe3b4d
|
Use logrotate for backrest logging rather than nuking immediately
Just in case something goes wrong with healthchecks
|
2021-06-27 10:58:01 +01:00 |
|
|
8696f6d93f
|
Capture stderr in logs, too
|
2021-06-27 10:53:13 +01:00 |
|
|
1c07534c40
|
Stop resetting dokku hostname to default
|
2021-06-26 21:27:39 +01:00 |
|
|
40e785de38
|
Add yet more metric sources
|
2021-06-26 12:52:55 +01:00 |
|
|
32f17908ad
|
Collect metrics on disk usage
|
2021-06-26 12:36:00 +01:00 |
|
|
77d2b82761
|
Add healthchecks for snapraid
|
2021-06-26 11:45:56 +01:00 |
|
|
18603d726e
|
Add username to proxmox-nag-removal role
Makes it obviously not one of mine
|
2021-06-25 22:47:21 +01:00 |
|
|
09a010f28e
|
Version snapraid config
Using fork of role at https://github.com/IronicBadger/ansible-role-snapraid/pull/7
|
2021-06-25 22:43:26 +01:00 |
|
|
b82e87c04b
|
Remove unnecessary which
`cron` doesn't need a full path
|
2021-06-25 20:57:19 +01:00 |
|
|
50c5ed68e3
|
Install some dokku plugins
|
2021-06-22 22:57:02 +01:00 |
|
|
83c84abc62
|
Use dokku role to install it
I also switched the host to debian, as the arch install didn't quite work.
|
2021-06-22 22:08:01 +01:00 |
|
|
9296c88ae4
|
Remove date from DB backups
|
2021-06-20 15:23:15 +01:00 |
|
|
bb5bbf16f5
|
Remove alpine special case
https://github.com/ansible-collections/community.general/pull/1722 has shipped.
|
2021-06-20 12:43:59 +01:00 |
|
|
8948437b66
|
Use official extension
|
2021-06-20 12:39:58 +01:00 |
|