|
796375446e
|
Update gitea to 1.13.7
|
2021-04-11 12:42:15 +01:00 |
|
|
1c424cb2ef
|
Update some IP addresses
I really need to stop using these external addresses somewhen...
|
2021-04-07 22:11:24 +01:00 |
|
|
22d43c16a7
|
Correctly redirect http traffic to https
Bug caused by https://github.com/traefik/traefik/issues/8035
|
2021-04-06 11:56:05 +01:00 |
|
|
f0193b5807
|
Scale up bitwarden slightly
Should be able to handle a bit more, faster
|
2021-04-02 12:32:33 +01:00 |
|
|
e0311111af
|
Update bitwarden
Send functionality, woohoo!
|
2021-03-29 08:23:48 +01:00 |
|
|
ad6bab108a
|
Keep backups for slightly longer
This makes my occasional syncs less likely to do bad things
|
2021-03-28 19:47:34 +01:00 |
|
|
a1307ff3a5
|
Remove obsolete port
|
2021-03-28 16:30:07 +01:00 |
|
|
3c8d9fe940
|
Block all ports
|
2021-03-28 16:28:07 +01:00 |
|
|
4d218248fa
|
Remotely connect to fail2ban to do ports
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
|
2021-03-28 16:06:36 +01:00 |
|
|
ac186f42e0
|
Keep fewer fail2ban logs
|
2021-03-28 13:06:01 +01:00 |
|
|
6973fb536f
|
Add fail2ban for traefik
Remote action coming soon
|
2021-03-28 13:05:38 +01:00 |
|
|
8398a2df21
|
Use endpoint middleware rather than hacky router
|
2021-03-27 23:34:34 +00:00 |
|
|
a5af5bea6c
|
Force bitwarden to use public DNS
It doesn't like creating icons for local IP spaces, so my overriden DNS doesn't play well
|
2021-03-27 18:45:06 +00:00 |
|
|
1d997d3c33
|
Remove separate private and protected IP
|
2021-03-27 18:42:06 +00:00 |
|
|
116e1adb50
|
Disable Traefik pilot on dashboard
|
2021-03-24 23:14:01 +00:00 |
|
|
36f6bd62bb
|
Update gitea to 1.13.6
|
2021-03-24 22:57:45 +00:00 |
|
|
5084bfecdf
|
Ignore PVE interface from f2b jails
|
2021-03-24 22:35:28 +00:00 |
|
|
f436e4660b
|
Remove intersect host config
is dead
|
2021-03-24 22:19:50 +00:00 |
|
|
e67e4565d3
|
Remove expose_ssh and support SSH listening on nebula and PVE
No more wireguard SSH for me
|
2021-03-24 22:19:29 +00:00 |
|
|
3c06eb748d
|
Update gitea to 1.13.5
|
2021-03-23 17:22:13 +00:00 |
|
|
ece0c841b2
|
Fix compose version
Mostly fix quotes, but also standardize
|
2021-03-21 18:51:38 +00:00 |
|
|
d4477c4bea
|
Add bitwarden_rs
|
2021-03-21 18:47:20 +00:00 |
|
|
65f9206b95
|
Fix NTP updates
Manually apply https://github.com/geerlingguy/ansible-role-ntp/pull/84, so machines actually update themselves via NTP
|
2021-03-13 18:46:45 +00:00 |
|
|
f6559ff1bd
|
Remove collabora
It doesn't seem to like being run inside LXC. I barely used it, anyway.
|
2021-03-12 23:35:39 +00:00 |
|
|
ab1e2fbae2
|
Increase ZFS RAM usage
If i've got a load of RAM free, it might as well be being used to cache ZFS!
|
2021-03-06 21:38:21 +00:00 |
|
|
3eb286c9bd
|
Move envrironment variables to docker
Using the `TTRSS_` prefix to follow upstream standard rather than container's
https://github.com/lunik1/docker-tt-rss/issues/3
|
2021-03-06 12:11:08 +00:00 |
|
|
8d136f0b55
|
Set default phone region for Nextcloud
|
2021-03-06 11:19:11 +00:00 |
|
|
9d6ed88e13
|
Monitor proxmox stats
|
2021-03-05 22:14:21 +00:00 |
|
|
d43d3433fa
|
Collect SMART metrics for disks
|
2021-03-05 20:50:08 +00:00 |
|
|
6b95b75fc2
|
Move telegraf to host
This makes metric collection for SMART much simpler. I'll still be using the prometheus node exporter for actual system metrics, though.
|
2021-03-05 20:39:11 +00:00 |
|
|
aa3da3cf10
|
Upgrade gitea to 1.13.3
|
2021-03-05 20:05:51 +00:00 |
|
|
89dbbc71e5
|
Move files into application directories
|
2021-03-05 14:40:17 +00:00 |
|
|
8e977edba1
|
Ignore go metrics
|
2021-03-05 14:27:33 +00:00 |
|
|
b264e5cbcc
|
Monitor traefik with prometheus rather than influxdb
|
2021-03-04 16:37:53 +00:00 |
|
|
e8960ebf27
|
Connect forrest to nebula hosts
|
2021-03-04 16:08:53 +00:00 |
|
|
2e05ed08fa
|
Use hostname rather than fqdn
|
2021-03-04 16:06:43 +00:00 |
|
|
a4eb26b129
|
Use Nebula as the primary private interface rather than wireguard
|
2021-03-04 16:02:42 +00:00 |
|
|
c6d9102e1e
|
Don't install NTP on LXC containers
This can cause issues with containers trying to sync the system clock, and getting it wrong
|
2021-03-04 15:45:47 +00:00 |
|
|
aba81f79bc
|
Add telegraf
And input to ping and output via prometheus
|
2021-03-04 15:16:54 +00:00 |
|
|
914676d209
|
Add prometheus for metrics
|
2021-03-04 14:53:03 +00:00 |
|
|
fe2450d43b
|
Add grafana docker network and restrict port binds
|
2021-03-04 14:39:40 +00:00 |
|
|
155bc837a8
|
Update synapse to 1.28
|
2021-03-02 12:31:07 +00:00 |
|
|
9d5c7e56e8
|
Move nextcloud things back to tank
|
2021-03-02 12:26:23 +00:00 |
|
|
21a2532f8a
|
Update nextcloud to 21
|
2021-03-02 12:03:13 +00:00 |
|
|
63d156c0a0
|
Stop always restarting whoami
whoami never sets `config_file`, so it's shadowed by whatever set it before
|
2021-02-27 22:09:24 +00:00 |
|
|
1413efdd19
|
Copy feed icons and DB to tank
|
2021-02-27 22:08:01 +00:00 |
|
|
a2fe3ca37a
|
Fix TT-RSS config
It needs to be environment variables now, but there's a bug where it doesn't read docker ones for some reason
|
2021-02-27 21:29:24 +00:00 |
|
|
b3a72eb8f1
|
Add influxdb server for metrics
|
2021-02-14 16:24:45 +00:00 |
|
|
ec0c78e6d9
|
Read emails from secrets
|
2021-02-14 12:29:14 +00:00 |
|
|
872471ef52
|
Setup email for grafana
|
2021-02-14 12:19:51 +00:00 |
|
|
f7a0877e72
|
Exclude nebula from fail2ban
|
2021-02-14 11:39:01 +00:00 |
|
|
d8f2a83dfe
|
Move grafana data back to pool
|
2021-02-14 11:33:46 +00:00 |
|
|
385917ba4e
|
Decrease find time
Hopefully reduce false-positive catches
|
2021-02-14 11:22:32 +00:00 |
|
|
3014e5d052
|
Provision privatebin
|
2021-02-12 23:32:31 +00:00 |
|
|
47df8164fa
|
Define timezone as variable
|
2021-02-10 09:12:42 +00:00 |
|
|
635f55d7bf
|
Update gitea to 1.13.2
|
2021-02-09 17:36:06 +00:00 |
|
|
149d01165f
|
Restore dockerized grafana setup
It's stil on a separate machine, but in docker to allow more applications to be run easier and tied together.
|
2021-02-09 09:16:52 +00:00 |
|
|
b940d22373
|
Install docker on forrest
I'll be migrating it to docker, so I can run more things simply under Docker
|
2021-02-08 21:56:06 +00:00 |
|
|
44a3fd4bc5
|
Only chown when the repos change
This keeps claiming it's changing things, even when nothing should have changed
|
2021-02-07 16:14:56 +00:00 |
|
|
870ac50c58
|
Update compose path to not be absolute
This relies on `which` to find the correct binary instead
|
2021-02-07 15:59:18 +00:00 |
|
|
a95ceb348f
|
Install docker from binary on debian distros
This is because the repos are usually super out of date, or at least can stray quite a bit
|
2021-02-07 15:56:25 +00:00 |
|
|
c4999d7b25
|
Use ansible collections for things
|
2021-02-07 13:02:14 +00:00 |
|
|
e8496ddced
|
Deploy deluge in docker
Makes version managing so much easier!
|
2021-02-01 17:24:36 +00:00 |
|
|
ac68b36841
|
Initially provision deluge machine
Based on Docker, so deluge itself is easier to install and keep updated. Until such time it's in the repos
|
2021-02-01 15:40:06 +00:00 |
|
|
54eee03524
|
Fix YAML linting and service name
|
2021-01-31 17:27:44 +00:00 |
|
|
7b9bab14fa
|
Remove stray variables file
|
2021-01-31 16:56:25 +00:00 |
|
|
c7fba8107a
|
Move grafana to forrest
|
2021-01-31 16:52:24 +00:00 |
|
|
a79e54d45a
|
Add forrest instance
|
2021-01-31 15:18:20 +00:00 |
|
|
058290b321
|
Keep track of IPs for PVE hosts
Yea they're all random, I'll deal with that later
|
2021-01-31 12:46:43 +00:00 |
|
|
9023b269eb
|
Allow PVE VMs to access nebula hosts via ingress
|
2021-01-31 12:19:33 +00:00 |
|
|
643d843bfb
|
Enable unsafe routing to PVE network over nebula
|
2021-01-30 22:59:56 +00:00 |
|
|
da301eb7dd
|
Provision remaining nebula instances
|
2021-01-30 20:47:11 +00:00 |
|
|
08ff5dcf94
|
Provision nebula certs using Ansible
|
2021-01-30 20:06:31 +00:00 |
|
|
92815a6f76
|
Add platform-agnostic installation of nebula
|
2021-01-30 19:10:52 +00:00 |
|
|
723372dd09
|
Name keys after hostname
|
2021-01-30 18:16:28 +00:00 |
|
|
703b3b194f
|
Make index read-only so it's not always reowned
|
2021-01-29 21:52:22 +00:00 |
|
|
062742bc5e
|
Update synapse
|
2021-01-29 21:44:34 +00:00 |
|
|
e1f3572a7c
|
Set pages install directory correctly
|
2021-01-29 21:35:01 +00:00 |
|
|
c5050381fc
|
Update plausible to v1.2
|
2021-01-29 21:34:44 +00:00 |
|
|
698804ff38
|
Remove gitlab
|
2021-01-28 19:54:03 +00:00 |
|
|
89a6c7680c
|
Decommission walker
Kimsufi is just too annoying of a host. Everything has either been moved off, killed, or has further plans.
|
2021-01-28 18:56:39 +00:00 |
|
|
b339cb0e2d
|
Move upload to grimes
|
2021-01-28 14:04:55 +00:00 |
|
|
909f693cba
|
Fix location of zpool command
TIL lookups are executed on the host
|
2021-01-26 22:02:58 +00:00 |
|
|
3de14efd9e
|
Remove heimdall
I've literally not used it since setting it up
|
2021-01-26 21:53:52 +00:00 |
|
|
a44a79031a
|
Init some skeleton nebula stuff
|
2021-01-25 21:53:04 +00:00 |
|
|
0ecd884a9a
|
Deploy yourls
|
2021-01-22 21:29:27 +00:00 |
|
|
2a8f715eca
|
Add redis cache for gitea
|
2021-01-22 18:59:52 +00:00 |
|
|
cc847a069c
|
Resolve zpool location
Hopefully this means they actually run
|
2021-01-22 15:29:41 +00:00 |
|
|
a2c6d7c276
|
Swap out alpine for debian on ingress
Mostly for future nebula deployment
|
2021-01-22 14:53:02 +00:00 |
|
|
0f9802a46c
|
Install duplicati on PVE docker machine
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
|
2021-01-20 21:38:01 +00:00 |
|
|
f6c176d2f0
|
Ensure duplicati base is always updated
|
2021-01-20 21:30:25 +00:00 |
|
|
fce8cf3768
|
Update nextcloud
|
2021-01-20 20:58:28 +00:00 |
|
|
76eeeec260
|
Update wallabag
|
2021-01-20 20:39:27 +00:00 |
|
|
3321b852a5
|
Update traefik to v2.4
|
2021-01-20 20:33:57 +00:00 |
|
|
700360eb96
|
Update synapse
|
2021-01-20 20:20:09 +00:00 |
|
|
3e8a3b2c6b
|
Update gotify
|
2021-01-20 20:02:01 +00:00 |
|
|
48c507e0c3
|
Up page sizes for gitea stuff
Screw paginating!
|
2021-01-19 21:20:00 +00:00 |
|
|
26905e245b
|
Hide heatmap on gitea
It's kinda useless at this scale
|
2021-01-19 17:42:10 +00:00 |
|
|
41915ec69c
|
Replace gitlab with gitea
Leave gitlab in place for a bit in case I need to get at data
|
2021-01-18 20:14:38 +00:00 |
|
|
f9187109c7
|
Correct router name for pages
|
2021-01-17 20:03:02 +00:00 |
|
|
ac4a93e0ed
|
Setup DNS for pages
|
2021-01-17 12:49:23 +00:00 |
|
|
b992df0313
|
Fix variable name for traefik conditional provider
|
2021-01-16 23:30:09 +00:00 |
|
|
604202fdce
|
Add traefik pages
Add it ready for the migration in future
|
2021-01-16 23:29:55 +00:00 |
|
|
e1ea938d59
|
Add file providers for jellyfin and HA
|
2021-01-13 22:12:58 +00:00 |
|
|
969674772c
|
Snapshot PVE root pool too
|
2021-01-10 13:23:36 +00:00 |
|
|
7672d99aa8
|
Remove homeassistant configuration
It's now in its own VM, and i'll deal with version control using the git integration there directly I suspect.
|
2021-01-10 13:12:19 +00:00 |
|
|
b40266b276
|
Add roles to handle PVE nag and repos
|
2021-01-09 23:21:35 +00:00 |
|
|
6dd86ea870
|
Limit ZFS ARC size on PVE
|
2021-01-09 22:32:55 +00:00 |
|
|
d87ec89887
|
Persist arc size
Modprobe only loads the module, it doesn't ensure the ARC value persists correctly.
|
2021-01-09 22:25:29 +00:00 |
|
|
0c6e9969bc
|
Give myself passwordless sudo access to zfs stuff
This is needed for syncoid pulls
|
2021-01-09 21:36:09 +00:00 |
|
|
c3053e9378
|
Fix location for sanoid install
This makes it sync up with where the systemd services expect them to be
|
2021-01-09 21:28:16 +00:00 |
|
|
7d235e67e0
|
Add ZFS configuration for PVE
|
2021-01-09 21:27:52 +00:00 |
|
|
decf5176f7
|
Use systemd rather than cron for sanoid
It's more reliable and easier to get logs
|
2021-01-09 20:57:47 +00:00 |
|
|
57d9c9d288
|
Allow configuring of pools to scrub
|
2021-01-09 20:52:51 +00:00 |
|
|
721bdf60b3
|
Fix quotes
|
2021-01-09 18:32:16 +00:00 |
|
|
1b72afdd29
|
Remove scrutiny role
SMART checks are handeld by PVE / something else in future
|
2021-01-09 18:30:28 +00:00 |
|
|
0506a78d02
|
Listen on public port
Makes connection so much easier
|
2021-01-09 18:25:08 +00:00 |
|
|
8fe8788458
|
Move ARC size to defaults so it can be easily changed
|
2021-01-09 18:24:52 +00:00 |
|
|
5b495688cd
|
Remove intersect wireguard keys
|
2021-01-09 18:23:10 +00:00 |
|
|
c38ecfebd7
|
Update gateway to point to ingress instance
|
2021-01-09 18:17:54 +00:00 |
|
|
fef7f2c2b4
|
Move docker containers to new PVE container
|
2021-01-09 18:02:17 +00:00 |
|
|
a35f2f91ff
|
Default to using python3 over "legacy python"
|
2021-01-09 17:55:29 +00:00 |
|
|
0355b6b214
|
Remove jellyfin docker config
It'll be replaced by something else later, don't worry.
|
2021-01-09 17:17:12 +00:00 |
|
|
2300426f0f
|
Move default variables into role defaults rather than group vars
|
2020-12-28 16:23:12 +00:00 |
|
|
422062ae63
|
Fix lint warning around missing mode
This only applies to directories https://stackoverflow.com/a/29793833
|
2020-12-28 16:16:35 +00:00 |
|
|
3338a1f898
|
Add jellyfin host
Role TBC
|
2020-12-28 16:08:15 +00:00 |
|
|
6267363ab0
|
Provision docker VM
|
2020-12-28 15:57:44 +00:00 |
|
|
bdfd38c9fe
|
Allow traefik to run on non-wireguard host
|
2020-12-28 15:55:45 +00:00 |
|
|
4f1e54baab
|
Actually enable timer
|
2020-12-28 15:14:50 +00:00 |
|
|
58879d2e1d
|
Ensure fail2ban and logrotate are available on all machines
|
2020-12-27 22:39:33 +00:00 |
|
|
b11dbfc829
|
Move traefik file provider to use directory rather than single file
This makes future composition possible
|
2020-12-22 15:53:03 +00:00 |
|
|
0353887590
|
Add override to ensure ZFS starts before docker
Stolen with love from 7dda0bc7cb
|
2020-12-21 21:37:46 +00:00 |
|
|
30cb9e52e7
|
Install and provision wireguard client on ingress server
|
2020-12-21 18:24:35 +00:00 |
|
|
3197953796
|
Provision PVE and ingress VM
|
2020-12-21 17:11:38 +00:00 |
|
|
44fb8f5380
|
Set some image resizing preferences
This stops the thumbnailing being quite as intensive
|
2020-12-11 17:39:58 +00:00 |
|
|
2bfad84071
|
Pin wallabag to newer version
2.4.0 came out *finally*
|
2020-12-11 17:39:35 +00:00 |
|
|
5a808e90e0
|
Update synapse
|
2020-12-11 17:36:06 +00:00 |
|
|
af1b7f754c
|
Update nextcloud to 20.0.3
|
2020-12-11 17:35:50 +00:00 |
|
|
8e6a3324a1
|
Install duplicati on grimes
Makes backing up website things a bit easier
|
2020-12-07 18:09:29 +00:00 |
|
|
6d75272d34
|
Move plausible to new server
|
2020-12-05 12:33:50 +00:00 |
|
|
e1dd6c4c05
|
Init new web server on Linode
I'll terraform it later, honest!
|
2020-12-04 23:02:19 +00:00 |
|
|
08bb8f22ca
|
Add feediron plugin for tt-rss
|
2020-11-25 13:16:13 +00:00 |
|
|
b5d676b6fe
|
Install fever plugin for tt-rss
Had to chown the directory afterwards, as git wouldn't play nice with `become_user`
|
2020-11-25 13:00:06 +00:00 |
|
|
48762bcfcd
|
Remove redundant quoting
|
2020-11-25 11:41:26 +00:00 |
|
|
a35ee7c824
|
Change base URL to default so the tracker script still uses disguised domain
|
2020-11-25 11:40:54 +00:00 |
|
|
2b291548f9
|
Just do plain path replacement
|
2020-11-25 11:38:47 +00:00 |
|
|
a81e2793f8
|
Add a secondary domain for plausible less likely to match blockers
Might change things, might not. But it's a fun experiment to try anyway.
Using a custom middleware to override the path due to https://github.com/plausible/analytics/pull/340
|
2020-11-25 11:11:29 +00:00 |
|
|
e8d3a72ea8
|
Update nextcloud to 20.0.2
|
2020-11-22 15:40:23 +00:00 |
|
|
1d8f54c778
|
Update synapse
|
2020-11-22 15:32:17 +00:00 |
|
|
3ddfd77bdf
|
Stop running synapse as root
|
2020-11-22 15:08:08 +00:00 |
|