|
|
0b352e22d1
|
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
|
2021-12-21 18:04:03 +00:00 |
|
|
|
dce7c782ec
|
Move wireguard keys into a separate vault file
|
2021-12-21 17:58:52 +00:00 |
|
|
|
3f37cd4448
|
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
|
2021-12-20 21:17:42 +00:00 |
|
|
|
8d40a49780
|
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
|
2021-12-20 21:17:25 +00:00 |
|
|
|
9e473265a5
|
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
|
2021-12-20 17:25:18 +00:00 |
|
|
|
b50659ab5d
|
Update nextcloud to 23
|
2021-12-19 21:18:09 +00:00 |
|
|
|
a5329665c0
|
Update vaultwarden to 1.23.1
|
2021-12-15 20:21:01 +00:00 |
|
|
|
9834a45ec5
|
Update uptime-kuma to 1.11.1
|
2021-12-15 20:20:50 +00:00 |
|
|
|
699673c3b5
|
Update Synapse to 1.49.0
|
2021-12-15 20:19:51 +00:00 |
|
|
|
9e899d0f52
|
Update nebula to 1.5.2
|
2021-12-15 20:18:25 +00:00 |
|
|
|
bbfd872a24
|
Mount the whole host into the restic LXC, so I can backup PVE config
|
2021-12-11 13:17:58 +00:00 |
|
|
|
4452cc4eeb
|
Update synapse to 1.47.1
|
2021-11-23 22:04:42 +00:00 |
|
|
|
eed75d8648
|
Mount homeassistant data into restic for external backup
|
2021-11-21 21:53:35 +00:00 |
|
|
|
47bcbd855e
|
Update nextcloud to 22.2.3
|
2021-11-16 21:04:54 +00:00 |
|
|
|
5c0987de4d
|
Update uptime-kuma
|
2021-11-15 20:26:29 +00:00 |
|
|
|
e1205564cb
|
Update nebula to 1.5.0
|
2021-11-15 20:26:20 +00:00 |
|
|
|
ccaff503da
|
Move decker from AMS to Paris
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
|
2021-11-06 16:45:09 +00:00 |
|
|
|
64695c3be1
|
Don't pipe dat ainto curl for healthchecks
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
|
2021-11-04 16:46:59 +00:00 |
|
|
|
ef22a43293
|
Update uptime-kuma to fix security issue
|
2021-10-29 21:52:09 +01:00 |
|
|
|
1b4d5de701
|
Rename plausible embed router
There's nothing really "bare" about it
|
2021-10-29 20:47:02 +01:00 |
|
|
|
0cb2a70d24
|
Upgrade Plausible to 1.4
|
2021-10-29 20:46:28 +01:00 |
|
|
|
090745456f
|
Update vaultwarden to 1.23.0
|
2021-10-23 16:24:42 +01:00 |
|
|
|
41fadd892e
|
Update uptime-kuma
|
2021-10-23 16:24:29 +01:00 |
|
|
|
4cdaba4692
|
Swap certificates for wildcards
|
2021-10-18 21:59:10 +01:00 |
|
|
|
ebb571bf20
|
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
|
2021-10-15 12:39:16 +01:00 |
|
|
|
6cc7d0b89e
|
Update synapse
|
2021-10-14 18:34:49 +01:00 |
|
|
|
31208856c2
|
Pin uptime-kuma version
It's pretty important now
|
2021-10-14 18:34:00 +01:00 |
|
|
|
6f0d4b60df
|
Run more web processes for tt-rss
|
2021-10-03 16:45:18 +01:00 |
|
|
|
c867efbe3b
|
Use alternative container registries where available
|
2021-10-03 16:26:10 +01:00 |
|
|
|
3727dd473c
|
Update synapse to 1.43
|
2021-10-01 21:17:13 +01:00 |
|
|
|
7fd176466d
|
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
|
2021-10-01 20:52:07 +01:00 |
|
|
|
4293d030d4
|
Don't lint globally installed roles
|
2021-09-27 14:50:08 +01:00 |
|
|
|
4db474034e
|
Ignore my VMs from a fail2ban
|
2021-09-27 14:49:56 +01:00 |
|
|
|
7e2d01c612
|
Change domain
Now there's a status page, we can consider it public
|
2021-09-25 21:34:18 +01:00 |
|
|
|
3daf939b32
|
Update uptime-kuma container
Now does user management itself
|
2021-09-25 21:08:42 +01:00 |
|
|
|
8a37a9d41b
|
Move uptime-kuma to decker
|
2021-09-25 21:03:56 +01:00 |
|
|
|
a135aae5f3
|
Provision new VM
This will be used for monitoring
|
2021-09-25 16:59:23 +01:00 |
|
|
|
48934ad2c5
|
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
|
2021-09-19 22:48:48 +01:00 |
|
|
|
83ed8879dc
|
Correctly set smtp user for GitLab
The user and from are different in my case.
|
2021-09-19 22:34:40 +01:00 |
|
|
|
178ca6b2c4
|
Add privatebin config
Disable super long expirations, among other things
|
2021-09-19 19:29:05 +01:00 |
|
|
|
d70f450e2d
|
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
|
2021-09-07 22:04:23 +01:00 |
|
|
|
0a8167c839
|
Remove stray expose
Traefik picks up the port just fine
|
2021-09-07 21:04:19 +01:00 |
|
|
|
eedba465c4
|
Update synapse
|
2021-09-07 21:04:04 +01:00 |
|
|
|
a866938207
|
Fix hostname of restic server
|
2021-09-06 21:07:10 +01:00 |
|
|
|
2db8ca5059
|
Add basic auth to dokku
|
2021-09-05 23:11:28 +01:00 |
|
|
|
a278443850
|
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
|
2021-09-04 22:41:30 +01:00 |
|
|
|
6e25403b3d
|
Update synapse to 1.41.1
|
2021-08-31 19:08:38 +01:00 |
|
|
|
86e9d12ce6
|
Update nextcloud to 22.1.1
|
2021-08-31 19:03:19 +01:00 |
|
|
|
c2cd2e6e34
|
Add backups for grimes
|
2021-08-30 21:50:55 +01:00 |
|
|
|
07b2ea2ccb
|
Add the ability to exclude certain paths from backup
|
2021-08-30 21:49:58 +01:00 |
|
|
|
259b0ca7a6
|
Use upstream telegraf role
https://github.com/rossmcdonald/telegraf/pull/54 shipped
|
2021-08-30 21:22:26 +01:00 |
|
|
|
dcbe6e8e72
|
Use upstream version of ansible-role-snapraid
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
|
2021-08-30 21:21:58 +01:00 |
|
|
|
95216b32c4
|
Consolidate server blocks
|
2021-08-24 14:31:12 +01:00 |
|
|
|
453a374801
|
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.
Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
|
2021-08-24 14:21:51 +01:00 |
|
|
|
f14e723d40
|
Fix service name on ingress
It's not alpine
|
2021-08-24 11:52:35 +01:00 |
|
|
|
601b916b43
|
Remove deprecated clients from wireguard server
I use nebula now for all that
|
2021-08-24 11:14:04 +01:00 |
|
|
|
edc5c325b7
|
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
|
2021-08-23 19:56:04 +01:00 |
|
|
|
ecb946bab4
|
Remove nginx version from headers
|
2021-08-23 16:12:34 +01:00 |
|
|
|
93cba46dd1
|
Redirect to HTTPS at the edge
|
2021-08-23 16:10:37 +01:00 |
|
|
|
a54d373526
|
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
|
2021-08-22 22:35:09 +01:00 |
|
|
|
23fc7bbb12
|
Use slightly less memory for ZFS
|
2021-08-22 15:58:49 +01:00 |
|
|
|
1d5616a36f
|
Update roles so they support newer Debian versions
I'm monitoring the PRs, don't worry
|
2021-08-22 15:22:11 +01:00 |
|
|
|
8fabd11e31
|
Remove unnecessary pve role
no-subscription is handled by the nag removal role
|
2021-08-22 15:20:27 +01:00 |
|
|
|
f0a3585592
|
Use distribution name in repo URL
|
2021-08-22 14:44:34 +01:00 |
|
|
|
0874158a91
|
Update traefik to 2.5
|
2021-08-22 11:16:37 +01:00 |
|
|
|
c04e8b628a
|
Update synapse to 1.40.0
|
2021-08-22 11:16:19 +01:00 |
|
|
|
c99afdd446
|
Disable gzip on qbittorrent egress
It's mostly used over the internal network, so the additional gzip isn't going to gain anything when the disk is the bottleneck
|
2021-08-21 16:46:21 +01:00 |
|
|
|
55e3b81f06
|
Install release version of gitlab-dater onto GitLab server
Rather than than hacky development one I was using before
|
2021-08-10 22:51:12 +01:00 |
|
|
|
e421657619
|
Ensure restic gets the correct permissions when it's updated
Yes it's weird to modify the system package like this, but it's very handy.
See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
|
2021-08-10 08:45:59 +01:00 |
|
|
|
ab46c30df2
|
Start graphing some speeds
|
2021-08-07 10:59:42 +01:00 |
|
|
|
d0e472b51a
|
Update synapse to 1.39.0
|
2021-08-06 18:20:48 +01:00 |
|
|
|
11bf501d8a
|
Update nextcloud to 22.1.0
|
2021-08-06 18:20:38 +01:00 |
|
|
|
9755974647
|
Update vaultwarden to 1.22.2
|
2021-08-06 18:17:22 +01:00 |
|
|
|
f3bc72d2ba
|
Provision uptime-kuma
|
2021-07-31 16:43:12 +01:00 |
|
|
|
1399529a47
|
Move stray storage to tank
|
2021-07-17 20:32:26 +01:00 |
|
|
|
8f831c8191
|
Update synapse to 1.37.1
|
2021-07-11 20:20:56 +01:00 |
|
|
|
501fe81979
|
Update nextcloud to v22
|
2021-07-11 20:20:48 +01:00 |
|
|
|
3daf3ef8ed
|
Pin clickhouse to 21.6
21.7 doesn't work
|
2021-07-11 16:11:09 +01:00 |
|
|
|
b2d226300b
|
Update nextcloud to 21.0.3
|
2021-07-04 21:17:03 +01:00 |
|
|
|
19eb233ffa
|
Update vaultwarden to 1.22.1
|
2021-07-03 11:27:27 +01:00 |
|
|
|
797c44a27d
|
Use proxy protocol v2
Apparently it's better for chaining, and may be faster anyway
|
2021-07-01 22:28:25 +01:00 |
|
|
|
b6adc53746
|
Revert "Capture stderr in logs, too"
This reverts commit 8696f6d93f.
Yeah, this doesn't work. Syntax and intention.
|
2021-06-28 08:33:08 +01:00 |
|
|
|
41a8fe3b4d
|
Use logrotate for backrest logging rather than nuking immediately
Just in case something goes wrong with healthchecks
|
2021-06-27 10:58:01 +01:00 |
|
|
|
8696f6d93f
|
Capture stderr in logs, too
|
2021-06-27 10:53:13 +01:00 |
|
|
|
1c07534c40
|
Stop resetting dokku hostname to default
|
2021-06-26 21:27:39 +01:00 |
|
|
|
40e785de38
|
Add yet more metric sources
|
2021-06-26 12:52:55 +01:00 |
|
|
|
32f17908ad
|
Collect metrics on disk usage
|
2021-06-26 12:36:00 +01:00 |
|
|
|
77d2b82761
|
Add healthchecks for snapraid
|
2021-06-26 11:45:56 +01:00 |
|
|
|
18603d726e
|
Add username to proxmox-nag-removal role
Makes it obviously not one of mine
|
2021-06-25 22:47:21 +01:00 |
|
|
|
09a010f28e
|
Version snapraid config
Using fork of role at https://github.com/IronicBadger/ansible-role-snapraid/pull/7
|
2021-06-25 22:43:26 +01:00 |
|
|
|
b82e87c04b
|
Remove unnecessary which
`cron` doesn't need a full path
|
2021-06-25 20:57:19 +01:00 |
|
|
|
50c5ed68e3
|
Install some dokku plugins
|
2021-06-22 22:57:02 +01:00 |
|
|
|
83c84abc62
|
Use dokku role to install it
I also switched the host to debian, as the arch install didn't quite work.
|
2021-06-22 22:08:01 +01:00 |
|
|
|
9296c88ae4
|
Remove date from DB backups
|
2021-06-20 15:23:15 +01:00 |
|
|
|
bb5bbf16f5
|
Remove alpine special case
https://github.com/ansible-collections/community.general/pull/1722 has shipped.
|
2021-06-20 12:43:59 +01:00 |
|
|
|
8948437b66
|
Use official extension
|
2021-06-20 12:39:58 +01:00 |
|
|
|
e3502ae1e0
|
Provision dokku server
|
2021-06-20 12:12:34 +01:00 |
|
|
|
b20ffb27c4
|
Remove gotify
Never used it
|
2021-06-12 19:00:39 +01:00 |
|
|
|
4e5fa59c58
|
Add redis
This isn't really used as a cache, but it is for a couple bits, so nice to enable it anyway, and it might become so in future
|
2021-06-12 18:53:50 +01:00 |
|
|
|
290b147821
|
Thin out synapse config
Previously it was the vast majority of code in the whole repo. Now we only define the necessary keys, and rely much more on defaults, which is nice!
|
2021-06-12 18:49:29 +01:00 |
|
