Commit graph

1242 commits

Author SHA1 Message Date
7c8d224c4a
Add headscale ACLs
Some checks failed
/ ansible (push) Failing after 39s
/ terraform (push) Failing after 46s
Tags are managed entirely server side, so there's no priv esc issues.

This lets my devices do what they want, and server style devices can't do anything.
2024-04-20 15:46:21 +01:00
7bc0ebeb26 Update traefik Docker tag to v2.11
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 17:43:05 +01:00
33f9c544fd
Remove /tt-rss/ path from URL
Some checks failed
/ terraform (push) Failing after 3s
/ ansible (push) Failing after 2s
2024-04-15 17:33:36 +01:00
b6583cc823
Update Nextcloud version in config
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 15:28:16 +01:00
9c02017fed
Unpin tandoor 2024-04-15 15:28:16 +01:00
9d98d88089 Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.4
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 15:02:53 +01:00
5330fdc56f Update ghcr.io/goauthentik/server Docker tag to v2024
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 14:11:11 +01:00
2e0b562f5d Update matrixdotorg/synapse Docker tag to v1.104.0
Some checks failed
/ terraform (push) Failing after 2s
/ ansible (push) Failing after 2s
2024-04-15 13:58:20 +01:00
989a804bad Update wallabag/wallabag Docker tag to v2.6.9
Some checks failed
/ terraform (push) Failing after 51s
/ ansible (push) Failing after 46s
2024-04-03 12:00:18 +01:00
8424b3211b
Allow ingress to serve as tailscale exit node
All checks were successful
/ terraform (push) Successful in 38s
/ ansible (push) Successful in 1m46s
2024-03-28 23:30:24 +00:00
5157940f20
Stop exposing homeassistant
All checks were successful
/ terraform (push) Successful in 58s
/ ansible (push) Successful in 1m52s
2024-03-23 11:54:26 +00:00
eb6fe3a23b
Allow forrest to access internal services
All checks were successful
/ terraform (push) Successful in 36s
/ ansible (push) Successful in 1m36s
This is mostly for monitoring
2024-03-22 18:13:25 +00:00
b2656bdf43
Make vaultwarden VPN only
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m36s
The first service to go dark...
2024-03-21 23:20:27 +00:00
f88d224168
Allow only exposing services over Tailscale
Some checks failed
/ terraform (push) Failing after 41s
/ ansible (push) Successful in 1m41s
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
451a114262
Add IPv6 support for internal DNS overrides
CoreDNS 1.11.2 finally shipped!
2024-03-07 20:02:39 +00:00
119b3212a9
Remove robots.txt for gitea
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m30s
2024-03-04 08:38:16 +00:00
5aae711cb8 Update vaultwarden/server Docker tag to v1.30.5
All checks were successful
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m45s
2024-03-04 08:33:59 +00:00
f552332598 Update lscr.io/linuxserver/mastodon Docker tag to v4.2.8
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-03-04 08:33:51 +00:00
82451784a8
Deploy slides hosting
All checks were successful
/ terraform (push) Successful in 50s
/ ansible (push) Successful in 1m49s
2024-03-03 21:39:22 +00:00
000f3d3348
Add HSTS to all nginx requests 2024-03-03 21:37:07 +00:00
0dcc3f7c30
Use regular version of nginx on Arch
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m30s
`nginx-mainline` requires modules be recompiled each time, and isn't handled automatically. It's still a very new and maintained release.
2024-02-29 19:46:32 +00:00
8a1e21c79d
Ensure headscale sees the correct IP
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m48s
2024-02-29 17:41:29 +00:00
998d798797
Set maintenance window for nextcloud
All checks were successful
/ terraform (push) Successful in 26s
/ ansible (push) Successful in 1m37s
2024-02-21 21:57:03 +00:00
11a93dac55
Update nextcloud version in config 2024-02-21 21:52:58 +00:00
7d64518840 Update matrixdotorg/synapse Docker tag to v1.101.0
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-21 21:43:15 +00:00
26bcf09fea Update lscr.io/linuxserver/nextcloud Docker tag to v28.0.2
Some checks failed
/ terraform (push) Has been cancelled
/ ansible (push) Has been cancelled
2024-02-21 21:42:50 +00:00
808e72553b
Add the basics of some edge caching
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-21 21:42:16 +00:00
b513c88774 Update vaultwarden/server Docker tag to v1.30.3
All checks were successful
/ ansible (push) Successful in 1m33s
/ terraform (push) Successful in 27s
2024-02-19 14:13:02 +00:00
7741fbc163 Update vabene1111/recipes Docker tag to v1.5.13
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 1m34s
2024-02-19 14:07:32 +00:00
45cf930d14 Update lscr.io/linuxserver/mastodon Docker tag to v4.2.7
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m54s
2024-02-17 08:00:21 +00:00
58c48261e7
Consolidate vikunja container
All checks were successful
/ terraform (push) Successful in 53s
/ ansible (push) Successful in 1m51s
2024-02-12 14:12:17 +00:00
91a247868b
Add routes from forrest to tailscale network
All checks were successful
/ terraform (push) Successful in 27s
/ ansible (push) Successful in 1m35s
2024-02-07 22:12:08 +00:00
b6eca40ae0
Allow tailscale IP in more places 2024-02-07 18:21:16 +00:00
6c1c245c23 Update matrixdotorg/synapse Docker tag to v1.100.0
All checks were successful
/ terraform (push) Successful in 25s
/ ansible (push) Successful in 1m38s
2024-02-02 13:38:12 +00:00
379d4a26fa Update vabene1111/recipes Docker tag to v1.5.12
Some checks failed
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-02 13:38:00 +00:00
f1a2694f1a Update lscr.io/linuxserver/mastodon Docker tag to v4.2.5
Some checks failed
/ terraform (push) Successful in 29s
/ ansible (push) Has been cancelled
2024-02-02 13:37:05 +00:00
02847355a7
Install tailscale
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m34s
Install, not configure
2024-02-01 19:41:47 +00:00
29cac09b48
Remove explicit port for headscale 2024-02-01 18:32:53 +00:00
dba0262801
Remove website tmpfs
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m36s
The server's disk is probably fast enough, and container restarts will nuke that storage anyway
2024-02-01 18:15:51 +00:00
0c6528f9ca
Restrict access to headscale OIDC and API
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m33s
2024-01-31 21:40:43 +00:00
dfa8328e7b
Move gateway logs to separate file 2024-01-31 21:06:19 +00:00
53c758a781
Monitor headscale with prometheus
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m38s
2024-01-27 17:40:02 +00:00
2ceeaf091d
Deploy headscale
Some checks failed
/ terraform (push) Failing after 11m20s
/ ansible (push) Failing after 11m6s
2024-01-27 14:18:37 +00:00
06784563a7
Don't resolve ipv6
All checks were successful
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m36s
Something about this setup doesn't like it, so I'll disable v6 for now
2024-01-26 21:43:04 +00:00
4f6f4143ce Update matrixdotorg/synapse Docker tag to v1.99.0
All checks were successful
/ terraform (push) Successful in 31s
/ ansible (push) Successful in 1m46s
2024-01-22 09:15:38 +00:00
5292785cd9 Update wallabag/wallabag Docker tag to v2.6.8
Some checks are pending
/ terraform (push) Has started running
/ ansible (push) Successful in 1m38s
2024-01-22 09:11:27 +00:00
d297674fb5 Update vabene1111/recipes Docker tag to v1.5.11
All checks were successful
/ terraform (push) Successful in 49s
/ ansible (push) Successful in 1m51s
2024-01-22 08:42:36 +00:00
88f0828153
Use primary Quad9 servers
All checks were successful
/ terraform (push) Successful in 47s
/ ansible (push) Successful in 1m39s
DNSSEC and malware blocking is probably useful, just in case
2024-01-21 23:19:49 +00:00
cfc3de61b4
Add fallback quad9 address
This aids availability, along with a healthcheck
2024-01-21 23:05:25 +00:00
c6bae0f797
Do simple endsWith matching for docker view
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m42s
This saves the need for a regex
2024-01-14 22:27:02 +00:00