Commit graph

749 commits

Author SHA1 Message Date
ac68b36841
Initially provision deluge machine
Based on Docker, so deluge itself is easier to install and keep updated. Until such time it's in the repos
2021-02-01 15:40:06 +00:00
54eee03524
Fix YAML linting and service name 2021-01-31 17:27:44 +00:00
7b9bab14fa
Remove stray variables file 2021-01-31 16:56:25 +00:00
c7fba8107a
Move grafana to forrest 2021-01-31 16:52:24 +00:00
a79e54d45a
Add forrest instance 2021-01-31 15:18:20 +00:00
058290b321
Keep track of IPs for PVE hosts
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
9023b269eb
Allow PVE VMs to access nebula hosts via ingress 2021-01-31 12:19:33 +00:00
643d843bfb
Enable unsafe routing to PVE network over nebula 2021-01-30 22:59:56 +00:00
da301eb7dd
Provision remaining nebula instances 2021-01-30 20:47:11 +00:00
08ff5dcf94
Provision nebula certs using Ansible 2021-01-30 20:06:31 +00:00
92815a6f76
Add platform-agnostic installation of nebula 2021-01-30 19:10:52 +00:00
723372dd09
Name keys after hostname 2021-01-30 18:16:28 +00:00
703b3b194f
Make index read-only so it's not always reowned 2021-01-29 21:52:22 +00:00
062742bc5e
Update synapse 2021-01-29 21:44:34 +00:00
e1f3572a7c
Set pages install directory correctly 2021-01-29 21:35:01 +00:00
c5050381fc
Update plausible to v1.2 2021-01-29 21:34:44 +00:00
698804ff38
Remove gitlab 2021-01-28 19:54:03 +00:00
89a6c7680c
Decommission walker
Kimsufi is just too annoying of a host. Everything has either been moved off, killed, or has further plans.
2021-01-28 18:56:39 +00:00
b339cb0e2d
Move upload to grimes 2021-01-28 14:04:55 +00:00
909f693cba
Fix location of zpool command
TIL lookups are executed on the host
2021-01-26 22:02:58 +00:00
3de14efd9e
Remove heimdall
I've literally not used it since setting it up
2021-01-26 21:53:52 +00:00
a44a79031a
Init some skeleton nebula stuff 2021-01-25 21:53:04 +00:00
0ecd884a9a
Deploy yourls 2021-01-22 21:29:27 +00:00
2a8f715eca
Add redis cache for gitea 2021-01-22 18:59:52 +00:00
cc847a069c
Resolve zpool location
Hopefully this means they actually run
2021-01-22 15:29:41 +00:00
a2c6d7c276
Swap out alpine for debian on ingress
Mostly for future nebula deployment
2021-01-22 14:53:02 +00:00
0f9802a46c
Install duplicati on PVE docker machine
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
f6c176d2f0
Ensure duplicati base is always updated 2021-01-20 21:30:25 +00:00
fce8cf3768
Update nextcloud 2021-01-20 20:58:28 +00:00
76eeeec260
Update wallabag 2021-01-20 20:39:27 +00:00
3321b852a5
Update traefik to v2.4 2021-01-20 20:33:57 +00:00
700360eb96
Update synapse 2021-01-20 20:20:09 +00:00
3e8a3b2c6b
Update gotify 2021-01-20 20:02:01 +00:00
48c507e0c3
Up page sizes for gitea stuff
Screw paginating!
2021-01-19 21:20:00 +00:00
26905e245b
Hide heatmap on gitea
It's kinda useless at this scale
2021-01-19 17:42:10 +00:00
41915ec69c
Replace gitlab with gitea
Leave gitlab in place for a bit in case I need to get at data
2021-01-18 20:14:38 +00:00
f9187109c7
Correct router name for pages 2021-01-17 20:03:02 +00:00
ac4a93e0ed
Setup DNS for pages 2021-01-17 12:49:23 +00:00
b992df0313
Fix variable name for traefik conditional provider 2021-01-16 23:30:09 +00:00
604202fdce
Add traefik pages
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA 2021-01-13 22:12:58 +00:00
969674772c
Snapshot PVE root pool too 2021-01-10 13:23:36 +00:00
7672d99aa8
Remove homeassistant configuration
It's now in its own VM, and i'll deal with version control using the git integration there directly I suspect.
2021-01-10 13:12:19 +00:00
b40266b276
Add roles to handle PVE nag and repos 2021-01-09 23:21:35 +00:00
6dd86ea870
Limit ZFS ARC size on PVE 2021-01-09 22:32:55 +00:00
d87ec89887
Persist arc size
Modprobe only loads the module, it doesn't ensure the ARC value persists correctly.
2021-01-09 22:25:29 +00:00
0c6e9969bc
Give myself passwordless sudo access to zfs stuff
This is needed for syncoid pulls
2021-01-09 21:36:09 +00:00
c3053e9378
Fix location for sanoid install
This makes it sync up with where the systemd services expect them to be
2021-01-09 21:28:16 +00:00
7d235e67e0
Add ZFS configuration for PVE 2021-01-09 21:27:52 +00:00
decf5176f7
Use systemd rather than cron for sanoid
It's more reliable and easier to get logs
2021-01-09 20:57:47 +00:00
57d9c9d288
Allow configuring of pools to scrub 2021-01-09 20:52:51 +00:00
721bdf60b3
Fix quotes 2021-01-09 18:32:16 +00:00
1b72afdd29
Remove scrutiny role
SMART checks are handeld by PVE / something else in future
2021-01-09 18:30:28 +00:00
0506a78d02
Listen on public port
Makes connection so much easier
2021-01-09 18:25:08 +00:00
8fe8788458
Move ARC size to defaults so it can be easily changed 2021-01-09 18:24:52 +00:00
5b495688cd
Remove intersect wireguard keys 2021-01-09 18:23:10 +00:00
c38ecfebd7
Update gateway to point to ingress instance 2021-01-09 18:17:54 +00:00
fef7f2c2b4
Move docker containers to new PVE container 2021-01-09 18:02:17 +00:00
a35f2f91ff
Default to using python3 over "legacy python" 2021-01-09 17:55:29 +00:00
0355b6b214
Remove jellyfin docker config
It'll be replaced by something else later, don't worry.
2021-01-09 17:17:12 +00:00
2300426f0f
Move default variables into role defaults rather than group vars 2020-12-28 16:23:12 +00:00
422062ae63
Fix lint warning around missing mode
This only applies to directories https://stackoverflow.com/a/29793833
2020-12-28 16:16:35 +00:00
3338a1f898
Add jellyfin host
Role TBC
2020-12-28 16:08:15 +00:00
6267363ab0
Provision docker VM 2020-12-28 15:57:44 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host 2020-12-28 15:55:45 +00:00
4f1e54baab
Actually enable timer 2020-12-28 15:14:50 +00:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines 2020-12-27 22:39:33 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
This makes future composition possible
2020-12-22 15:53:03 +00:00
0353887590
Add override to ensure ZFS starts before docker
Stolen with love from 7dda0bc7cb
2020-12-21 21:37:46 +00:00
30cb9e52e7
Install and provision wireguard client on ingress server 2020-12-21 18:24:35 +00:00
3197953796
Provision PVE and ingress VM 2020-12-21 17:11:38 +00:00
44fb8f5380
Set some image resizing preferences
This stops the thumbnailing being quite as intensive
2020-12-11 17:39:58 +00:00
2bfad84071
Pin wallabag to newer version
2.4.0 came out *finally*
2020-12-11 17:39:35 +00:00
5a808e90e0
Update synapse 2020-12-11 17:36:06 +00:00
af1b7f754c
Update nextcloud to 20.0.3 2020-12-11 17:35:50 +00:00
8e6a3324a1
Install duplicati on grimes
Makes backing up website things a bit easier
2020-12-07 18:09:29 +00:00
6d75272d34
Move plausible to new server 2020-12-05 12:33:50 +00:00
e1dd6c4c05
Init new web server on Linode
I'll terraform it later, honest!
2020-12-04 23:02:19 +00:00
08bb8f22ca
Add feediron plugin for tt-rss 2020-11-25 13:16:13 +00:00
b5d676b6fe
Install fever plugin for tt-rss
Had to chown the directory afterwards, as git wouldn't play nice with `become_user`
2020-11-25 13:00:06 +00:00
48762bcfcd
Remove redundant quoting 2020-11-25 11:41:26 +00:00
a35ee7c824
Change base URL to default so the tracker script still uses disguised domain 2020-11-25 11:40:54 +00:00
2b291548f9
Just do plain path replacement 2020-11-25 11:38:47 +00:00
a81e2793f8
Add a secondary domain for plausible less likely to match blockers
Might change things, might not. But it's a fun experiment to try anyway.

Using a custom middleware to override the path due to https://github.com/plausible/analytics/pull/340
2020-11-25 11:11:29 +00:00
e8d3a72ea8
Update nextcloud to 20.0.2 2020-11-22 15:40:23 +00:00
1d8f54c778
Update synapse 2020-11-22 15:32:17 +00:00
3ddfd77bdf
Stop running synapse as root 2020-11-22 15:08:08 +00:00
310feaf332
Use correct args to build synapse DB 2020-11-22 15:07:34 +00:00
367de37fab
Actually disable unnecessary logging rather than change level
Also disable even more of them
2020-11-12 23:01:32 +00:00
2a4b3ec3e6
Increase timeout for SSH sessions
Stll check relatively often the client is still there, but check many times so the connection stays open a decent amount of time. Especially useful for long-running commands.
2020-11-08 22:04:30 +00:00
f5c7c094d3
Fix gotify container name
Gotify != duplicati
2020-11-08 11:07:57 +00:00
5c1f17e2aa
Update synapse 2020-10-28 18:22:30 +00:00
0fc57049e4
Update nextcloud to 20.0.1 2020-10-28 15:22:49 +00:00
f450d4a8f2
Pin jellyfin version 2020-10-27 17:38:10 +00:00
f414781182
Use new whoami container 2020-10-27 16:13:14 +00:00
c63506d2bc
Pin traefik to patch version 2020-10-27 16:13:14 +00:00
6ae8d0febe
Pin plausible versions 2020-10-27 16:13:14 +00:00
f665b87965
Allow NTP role to manage config
Hopefully this closes the port
2020-10-24 17:36:39 +01:00
ff72f5a25e
Move nextcloud data dir to ZFS 2020-10-24 14:26:30 +01:00
5eb3870fbe
Set mode on fail2ban filter and jail 2020-10-24 12:10:54 +01:00
8932ac828f
Add geoip database for plausible 2020-10-24 12:10:37 +01:00
47ad40bb52
Remove watchtower, and do updates manually from now on
Keeps @IronicBadger happy!
2020-10-22 18:07:48 +01:00
efd22010b7
Use new LSIO mod which does more 2020-10-19 17:29:28 +01:00
a46525aa80
Move configuration for custom port to Traefik config rather than custom container expose
Still a work-around for https://github.com/plausible/analytics/pull/237
2020-10-18 22:31:23 +01:00
0ca3f36f7a
Move some more nextcloud components to ZFS 2020-10-18 18:02:48 +01:00
58605c1c24
Don't snapshot tank root
This makes syncoid unhappy, and is generally unnecessary
2020-10-18 17:45:49 +01:00
bedbb0f5f4
Fix service to restart 2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module 2020-10-16 19:16:42 +01:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs 2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8.
2020-10-16 19:16:42 +01:00
30baed441e
Mount external files into nextcloud
Means some bits can live outside the nextcloud dir
2020-10-10 18:01:27 +01:00
b8ea056455
Remove netdata
Don't use it anyway
2020-10-09 23:39:55 +01:00
6852b84406
Change watchtower to run daily
A holdover until less of the containers are using `:latest`
2020-10-09 23:20:07 +01:00
5496744428
Remove web-rng 2020-10-09 23:11:53 +01:00
f7afaacbdc
Move website to be hosted on GitLab pages 2020-10-09 21:35:57 +01:00
7f09db5d20
Add heimdall 2020-10-07 14:09:23 +01:00
e9f61070f8
Update nextcloud to version 20
Using the new LSIO tags for version specific pins! 🎉
2020-10-07 09:18:32 +01:00
0a9deb3d9e
Update plausible environment so it's compatible with v1
Read the changelog, folks!
2020-10-06 21:48:34 +01:00
93ccb686e7
Drive watchtower config from environment 2020-10-06 09:10:26 +01:00
413ff4dad9
Add script to update containers
This is an attended update, which is better. Eventually replace watchtower
2020-10-06 08:44:01 +01:00
2c4e1e0414
Pin Plausible to major version 2020-10-05 18:43:12 +01:00
29c9e14f62
Remove haproxy chroot
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
4c40faf21d
Move clickhouse off ZFS
For some reason, they really don't play well together!
2020-10-03 17:18:11 +01:00
68bda30cb2
Add nginx container for getting access to files via rclone 2020-10-03 11:41:38 +01:00
64788eb602
Move transcodes to tempfs
Means I can remove the scratch disk
2020-10-02 18:12:15 +01:00
1f398b25c3
Store fewer snapshots for downloads directory 2020-10-02 18:11:53 +01:00
191374b812
Move deluge onto walker
Stop torrent traffic being limitted by home broadband
2020-10-02 18:11:34 +01:00
6cfaa3a03a
Update traefik 2020-10-02 09:20:33 +01:00
aee9507ec0
Update synapse 2020-10-02 09:13:41 +01:00
addd4f351c
Update nextcloud base 2020-10-02 09:13:34 +01:00
285f7b8a31
Update Gotify 2020-10-02 09:13:13 +01:00
a799ad9657
Scale gitlab up a tiny bit 2020-10-01 19:46:04 +01:00
4742552839
Add notes site 2020-09-30 18:49:36 +01:00
4e7c5ffd67
Add docker mod to scale worker processes to a sane value 2020-09-28 20:14:41 +01:00
07b0650618
Remove statping
It's buggy as all hell, super slow, and doesn't really get used for monitoring
2020-09-27 14:17:46 +01:00
5079599b9d
Require TLS 1.2 2020-09-27 12:36:49 +01:00
d93920c2b6
Move home-assistant stuff to ZFS 2020-09-27 11:31:05 +01:00
a303bed27f
Define app data dir in variable 2020-09-26 21:15:44 +01:00
361a78e8e0
Update yamllint 2020-09-26 17:54:14 +01:00
24d11deeae
Update ansible-lint
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
cc43910be6
Fix scrutiny so it picks up which task to run correctly 2020-09-26 17:10:07 +01:00
3c21c5670c
Replace postgres with mariadb
Its' recommended, and might hopefully fix my annoying auth issues!
2020-09-26 14:49:38 +01:00
40488f62b7
Also set user id for collector container
Else it chowns the DB, and doesn't run correctly
2020-09-24 22:18:34 +01:00
fd83820faa
Install scrutiny 2020-09-21 21:16:00 +01:00
a67361b9b5
Explicitly define bed lights 2020-09-19 16:16:24 +01:00
2bbc7c715f
Add GZIP compression to projects which don't natively support it 2020-09-18 12:42:36 +01:00
092f12459e
Fix XML formatting
This caused clickhouse to crash hard!
2020-09-18 12:21:15 +01:00
782b008cd3
Fix name of config so they're not constantly changed with each run of ansible
derp!
2020-09-18 12:11:44 +01:00
62e629187b
Clean up indent 2020-09-18 12:10:53 +01:00
4ad2bdc77a
Change clickhouse connection to unified variable 2020-09-17 15:18:01 +01:00
a8438c4c2a
Add grafana image renderer 2020-09-13 10:47:59 +01:00
809a977c63
Also update nextcloud config file 2020-09-12 23:15:08 +01:00
9cea8743e9
Update gotify 2020-09-12 22:54:49 +01:00
4c92fba2b9
Change gitlab trusted proxies to be docker IP space
Else it becomes `127.0.0.1`, which is obviously not right
2020-09-12 20:03:22 +01:00
6ad9fa070f
Update nextcloud 2020-09-11 21:30:20 +01:00
9ca2546766
Decommission grimes
Most of the function has moved to `walker`
2020-09-10 20:39:54 +01:00
1ecfc5b7fa
Update traefik 2020-09-10 20:16:23 +01:00
59a447023b
Update nextcloud base 2020-09-09 20:43:52 +01:00
c220f19545
Move scratch disk under /mnt
Mounting disks is hard!
2020-09-08 21:17:51 +01:00
2db72623ad
Remove DB backups for containers on ZFS
Snapshots are a better backup
2020-09-08 20:41:47 +01:00
b47de7e70b
Disable healthchecks for GitLab pages
Because of everything we have disabled, Docker considers the container unhealthy
2020-09-05 23:08:58 +01:00
8c4397d39a
Set rails trusted proxies 2020-09-05 22:29:16 +01:00
2af3241bd2
GZIP compress gitlab pages 2020-09-05 20:52:18 +01:00
19b2330832
Disable logrotate for pages
Logs are in a tempfs anyway, and it's just another process to be running
2020-09-05 20:36:45 +01:00
ea54d1be69
Expose pages sites 2020-09-05 20:33:57 +01:00
0a1b541974
Remove compression middleware for gitlab
This is already handled by the application
2020-09-05 18:27:56 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik 2020-09-05 18:27:04 +01:00
0289342e2c
Remove goaccess container 2020-09-05 17:29:40 +01:00
4c1ccfc4e4
Only clear containers weekly
This will be more helpful now, as repeat CI jobs won't need to re-download containers as often
2020-09-05 17:01:54 +01:00
af9c66785e
Decrease watchtower polling rate to 10 minutes
Doesn't need to be that intensive
2020-09-05 17:01:30 +01:00
77113246b0
Remove remaining gitea configuration
Goodbye old friend
2020-09-05 16:56:27 +01:00
c1dc26ce35
Install gitlab pages daemon
I'll deal with traefik domains later
2020-09-05 16:50:56 +01:00
e579edc758
Use lsyncd to push files to gitlab pages server
Server itself in future commit
2020-09-05 16:24:47 +01:00
1487915bbc
Also disable thread log 2020-09-02 20:12:31 +01:00
c47ff494e0
Revert "Disable docker healthchecks"
Turns out it really just takes that long to start up!

This reverts commit 61ed3db887.
2020-09-01 21:50:03 +01:00
61ed3db887
Disable docker healthchecks
Makes traefik take *ages* to detect the container is actually running. Let it 502 if it has to
2020-09-01 20:12:52 +01:00
3bc1d75d9e
Ensure the correct IP is detected 2020-09-01 20:12:16 +01:00
acef6246d0
Replace gitea with gitlab
Leave gitea in place for a bit in case I need to change back suddenly
2020-09-01 19:47:39 +01:00
84d529be2f
Update synapse 2020-08-31 18:47:37 +01:00
3b7493ae8f
Set default theme to dark and assign default proxy 2020-08-30 21:11:29 +01:00
1ed078ef23
Fix SSH port for gitlab 2020-08-30 21:08:04 +01:00
4610d5ced2
Update nextcloud to 19.0.2 2020-08-30 20:28:49 +01:00
3d76c48bbf
Use postgres on homeassistant 2020-08-30 16:58:27 +01:00
ec751ffa1a
Add influxdb to monitor traefik 2020-08-30 15:58:03 +01:00
17f0e22962
Migrate grafana to postgres 2020-08-30 14:53:08 +01:00
8efb3e0d69
Expose gitlab SSH 2020-08-30 11:22:15 +01:00
796c694170
Run duplicati as root
This ensures it has all the right permissions to access all the right files. Host is mounted read-only, so there's no real security risk.
2020-08-30 11:15:08 +01:00
5940b6970a
Move gitlab to ZFS pool 2020-08-30 10:19:57 +01:00
0ce15cb4d8
Add gitlab 2020-08-29 23:56:14 +01:00
da90b12643
Modify clickhouse settings so it's not a resource whore
This means it can be moved back to ZFS!
2020-08-28 14:20:13 +01:00
c6791e4098
Remove stray vault file from removing todoist-github 2020-08-28 14:17:45 +01:00
8a7cc5e57e
Move clickhouse back to old disk
It does a stupid number of writes, and the snapshots are massive! Until i've worked out why it writes so much, move it to a less critical disk
2020-08-27 14:16:12 +01:00
9a8995f1f8
Use single cron job for pruning and taking snapshots
Less to manage, and less lock contention
2020-08-26 13:02:50 +01:00
77262cd206
Reduce number of sanoid snapshots
It should be pretty quick for me to realise something went wrong. Can recycle through space much quicker this way!
2020-08-26 09:08:26 +01:00
1f70a46c35
Add custom clickhouse config
This changes the default log level to warning, to ensure the log file isn't being hammered
2020-08-26 08:54:37 +01:00
3edc34759d
Mount clickhouse logs on tmpfs
WHO LOGS TRACE BY DEFAULT?!
2020-08-25 22:05:10 +01:00
742412259c
Mount transcodes on scratch disk
Don't want them getting caught by sanoid!
2020-08-25 14:30:26 +01:00
4feff3d247
Move jellyfin to ZFS 2020-08-25 14:17:57 +01:00
6808e86a6d
Update nextcloud base 2020-08-24 14:30:11 +01:00
922b688615
Bump ZFS usage to 50% RAM
It's a lot, but should be dealable on most machines
2020-08-23 14:15:09 +01:00