3485f8e1f0
Actually version the ingress haproxy config
2021-06-12 17:32:47 +01:00
33fcf1a9e5
Fix matrix federation
...
Apparently this has been broken since like March...
It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
94e4592db6
Update synapse to 1.35.1
2021-06-12 16:46:16 +01:00
5d4817e840
Move some larger gitlab storage off tank
...
Means they'll be backed up less, but they're less important anyway
2021-06-07 20:24:59 +01:00
3c3f69a776
Remove unnecessary influxdb instance
...
Never used it anyway
2021-06-03 20:50:54 +01:00
d59e86a8e8
Remove unnecessary private_ip
var from forrest
...
It was redundant
2021-06-03 20:47:33 +01:00
f1f2c620b0
Replace DHCP on PVE for static IPs
...
So much easier to deal with!
2021-06-03 20:47:08 +01:00
d751a023da
Promote GitLab to main git.
domain
2021-06-02 19:49:28 +01:00
6c23180591
Remove gitea
...
I use GitLab now
2021-06-02 19:27:09 +01:00
9c2ebd60e8
Remove duplicati
...
We're a restic shop now!
2021-06-02 19:18:21 +01:00
51b3ffd33a
Allow containers to be cached on CI
...
There's an existing task to clean them up, and being out of date by a week isn't the end of the world
2021-06-01 21:51:18 +01:00
a867df04a5
Add a GitLab runner
...
Woo CI!
2021-06-01 19:29:21 +01:00
64ebaa67d0
Setup email for gitlab
...
Not super useful, but nice to enable it
2021-05-30 21:30:03 +01:00
e6d029e22e
Fix typo
...
D'oh!
2021-05-30 13:56:06 +01:00
bf5c95fbe2
Stop running everything at midnight
2021-05-30 13:55:44 +01:00
69abafd8c8
Put GitLab on a real domain
2021-05-29 16:21:47 +01:00
9118938fea
Remove some GitLab constraints
...
I don't need things that constrained. The defaults are probably fine, and better tested.
2021-05-29 15:44:01 +01:00
f063af2478
Reconfigure gitlab on machine start
2021-05-29 11:21:20 +01:00
c7bde8b3dd
Init a GitLab server
...
Some day i'll make up my mind on which server to use, honest!
2021-05-28 22:49:48 +01:00
5ac5e2f8ab
Stagger backup times
2021-05-23 20:37:41 +01:00
ee55100016
Update gitea
2021-05-21 21:57:16 +01:00
e6dbe08ce0
Update nextcloud
2021-05-21 21:48:15 +01:00
420ef3b95c
Update synapse
2021-05-21 21:47:32 +01:00
830bd862d9
Update nebula
2021-05-21 21:34:13 +01:00
48e07d2a7e
Rename more bitwarden things
...
Serving on both domains currently, i'll migrate clients and fix that
2021-05-18 22:18:05 +01:00
a124bff473
Add scheduling for backup and forgetting
...
Only forget on 1 machine
2021-05-16 15:34:37 +01:00
91725d5876
Add forget and prune commands
2021-05-16 14:39:44 +01:00
5f6dc6e177
Support backing up clickhouse to file
...
It's janky, but it works
2021-05-16 12:25:32 +01:00
b4936f5780
Revert "Store DB files compressed"
...
This reverts commit f4a289ae98
.
Incremental backups work much better with plaintext
2021-05-16 11:16:25 +01:00
7fc67ca8d4
Put files in the root of the role
2021-05-08 16:47:25 +01:00
f4a289ae98
Store DB files compressed
...
Means external backups can still be compressed a bit
2021-05-08 16:45:08 +01:00
26cd35785c
Fix DB backup location
2021-05-08 16:45:08 +01:00
48c88347a9
Add some healthchecks integration to backup
2021-05-08 16:45:08 +01:00
781aa93892
Add some restic wrapper things
2021-05-08 16:45:08 +01:00
407e59ec5a
Use variables in prometheus config
...
Also replace grimes with walker
2021-05-05 18:12:42 +01:00
9b31efbf43
Destroy grimes
...
And the entire Linode integration
2021-05-05 18:11:14 +01:00
3da14e67dd
Replace minio with webdav for upload
...
Also made sure it all ran as the correct user
2021-05-04 14:08:08 +01:00
f62a1e8374
Replace minio with webdav
...
Much simpler and easier, and lower resources
2021-05-04 11:25:52 +01:00
fe748bfda7
Set permissions on media dir
2021-05-02 12:04:58 +01:00
4a0f7b701b
Install jellyfin through Ansible
2021-05-02 12:04:48 +01:00
a669e34f57
Update bitwarden_rs to vaultwarden
...
I'll do the full rename of everything another time
2021-05-01 23:00:37 +01:00
f2d3cb0835
Add a bash script to backup all database containers as text
2021-04-25 21:39:21 +01:00
c048e6d20e
Provision walker
2021-04-24 21:59:53 +01:00
03affd269f
FLoC Block
...
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
2021-04-18 22:30:26 +01:00
9ad64b444a
Update gotify
2021-04-16 22:19:27 +01:00
cd31c5f8a5
Update gitea
2021-04-16 22:12:08 +01:00
5d9ee7190d
Swap out deluge for qbittorrent
...
Just run on arch instead of docker, too. Much simpler.
2021-04-16 21:49:00 +01:00
943087b6ad
Fix the stupid postgres path for plausible
...
A lay over from when it was at home
2021-04-15 18:28:24 +01:00
5dc3db5dce
Remove need for geoip database
...
Apparently partial functionality is built-in to the container now
2021-04-15 18:21:18 +01:00
a25c0751fb
Update Plausible
...
Also required updating Clickhouse, due to syntax errors in migrations. It's also nice it's alpine now, and newer
2021-04-15 18:11:44 +01:00
4eec3292a6
Update wallabag
2021-04-11 12:54:59 +01:00
b6f23b31a9
Stop unnecessarily restarting tt-rss
2021-04-11 12:52:48 +01:00
3ce4626e29
Update synapse
2021-04-11 12:52:10 +01:00
62373bf352
Update nextcloud to 21.0.1
2021-04-11 12:48:02 +01:00
796375446e
Update gitea to 1.13.7
2021-04-11 12:42:15 +01:00
1c424cb2ef
Update some IP addresses
...
I really need to stop using these external addresses somewhen...
2021-04-07 22:11:24 +01:00
22d43c16a7
Correctly redirect http traffic to https
...
Bug caused by https://github.com/traefik/traefik/issues/8035
2021-04-06 11:56:05 +01:00
f0193b5807
Scale up bitwarden slightly
...
Should be able to handle a bit more, faster
2021-04-02 12:32:33 +01:00
e0311111af
Update bitwarden
...
Send functionality, woohoo!
2021-03-29 08:23:48 +01:00
ad6bab108a
Keep backups for slightly longer
...
This makes my occasional syncs less likely to do bad things
2021-03-28 19:47:34 +01:00
3c8d9fe940
Block all ports
2021-03-28 16:28:07 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
...
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
ac186f42e0
Keep fewer fail2ban logs
2021-03-28 13:06:01 +01:00
6973fb536f
Add fail2ban for traefik
...
Remote action coming soon
2021-03-28 13:05:38 +01:00
8398a2df21
Use endpoint middleware rather than hacky router
2021-03-27 23:34:34 +00:00
a5af5bea6c
Force bitwarden to use public DNS
...
It doesn't like creating icons for local IP spaces, so my overriden DNS doesn't play well
2021-03-27 18:45:06 +00:00
1d997d3c33
Remove separate private and protected IP
2021-03-27 18:42:06 +00:00
116e1adb50
Disable Traefik pilot on dashboard
2021-03-24 23:14:01 +00:00
36f6bd62bb
Update gitea to 1.13.6
2021-03-24 22:57:45 +00:00
5084bfecdf
Ignore PVE interface from f2b jails
2021-03-24 22:35:28 +00:00
e67e4565d3
Remove expose_ssh
and support SSH listening on nebula and PVE
...
No more wireguard SSH for me
2021-03-24 22:19:29 +00:00
3c06eb748d
Update gitea to 1.13.5
2021-03-23 17:22:13 +00:00
ece0c841b2
Fix compose version
...
Mostly fix quotes, but also standardize
2021-03-21 18:51:38 +00:00
d4477c4bea
Add bitwarden_rs
2021-03-21 18:47:20 +00:00
f6559ff1bd
Remove collabora
...
It doesn't seem to like being run inside LXC. I barely used it, anyway.
2021-03-12 23:35:39 +00:00
3eb286c9bd
Move envrironment variables to docker
...
Using the `TTRSS_` prefix to follow upstream standard rather than container's
https://github.com/lunik1/docker-tt-rss/issues/3
2021-03-06 12:11:08 +00:00
8d136f0b55
Set default phone region for Nextcloud
2021-03-06 11:19:11 +00:00
9d6ed88e13
Monitor proxmox stats
2021-03-05 22:14:21 +00:00
d43d3433fa
Collect SMART metrics for disks
2021-03-05 20:50:08 +00:00
6b95b75fc2
Move telegraf to host
...
This makes metric collection for SMART much simpler. I'll still be using the prometheus node exporter for actual system metrics, though.
2021-03-05 20:39:11 +00:00
aa3da3cf10
Upgrade gitea to 1.13.3
2021-03-05 20:05:51 +00:00
89dbbc71e5
Move files into application directories
2021-03-05 14:40:17 +00:00
8e977edba1
Ignore go metrics
2021-03-05 14:27:33 +00:00
b264e5cbcc
Monitor traefik with prometheus rather than influxdb
2021-03-04 16:37:53 +00:00
2e05ed08fa
Use hostname rather than fqdn
2021-03-04 16:06:43 +00:00
aba81f79bc
Add telegraf
...
And input to ping and output via prometheus
2021-03-04 15:16:54 +00:00
914676d209
Add prometheus for metrics
2021-03-04 14:53:03 +00:00
fe2450d43b
Add grafana docker network and restrict port binds
2021-03-04 14:39:40 +00:00
155bc837a8
Update synapse to 1.28
2021-03-02 12:31:07 +00:00
9d5c7e56e8
Move nextcloud things back to tank
2021-03-02 12:26:23 +00:00
21a2532f8a
Update nextcloud to 21
2021-03-02 12:03:13 +00:00
63d156c0a0
Stop always restarting whoami
...
whoami never sets `config_file`, so it's shadowed by whatever set it before
2021-02-27 22:09:24 +00:00
1413efdd19
Copy feed icons and DB to tank
2021-02-27 22:08:01 +00:00
a2fe3ca37a
Fix TT-RSS config
...
It needs to be environment variables now, but there's a bug where it doesn't read docker ones for some reason
2021-02-27 21:29:24 +00:00
b3a72eb8f1
Add influxdb server for metrics
2021-02-14 16:24:45 +00:00
ec0c78e6d9
Read emails from secrets
2021-02-14 12:29:14 +00:00
872471ef52
Setup email for grafana
2021-02-14 12:19:51 +00:00
f7a0877e72
Exclude nebula from fail2ban
2021-02-14 11:39:01 +00:00
d8f2a83dfe
Move grafana data back to pool
2021-02-14 11:33:46 +00:00
385917ba4e
Decrease find time
...
Hopefully reduce false-positive catches
2021-02-14 11:22:32 +00:00
3014e5d052
Provision privatebin
2021-02-12 23:32:31 +00:00
47df8164fa
Define timezone as variable
2021-02-10 09:12:42 +00:00
635f55d7bf
Update gitea to 1.13.2
2021-02-09 17:36:06 +00:00
149d01165f
Restore dockerized grafana setup
...
It's stil on a separate machine, but in docker to allow more applications to be run easier and tied together.
2021-02-09 09:16:52 +00:00
44a3fd4bc5
Only chown when the repos change
...
This keeps claiming it's changing things, even when nothing should have changed
2021-02-07 16:14:56 +00:00
870ac50c58
Update compose path to not be absolute
...
This relies on `which` to find the correct binary instead
2021-02-07 15:59:18 +00:00
a95ceb348f
Install docker from binary on debian distros
...
This is because the repos are usually super out of date, or at least can stray quite a bit
2021-02-07 15:56:25 +00:00
c4999d7b25
Use ansible collections for things
2021-02-07 13:02:14 +00:00
e8496ddced
Deploy deluge in docker
...
Makes version managing so much easier!
2021-02-01 17:24:36 +00:00
54eee03524
Fix YAML linting and service name
2021-01-31 17:27:44 +00:00
c7fba8107a
Move grafana to forrest
2021-01-31 16:52:24 +00:00
058290b321
Keep track of IPs for PVE hosts
...
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
9023b269eb
Allow PVE VMs to access nebula hosts via ingress
2021-01-31 12:19:33 +00:00
643d843bfb
Enable unsafe routing to PVE network over nebula
2021-01-30 22:59:56 +00:00
da301eb7dd
Provision remaining nebula instances
2021-01-30 20:47:11 +00:00
08ff5dcf94
Provision nebula certs using Ansible
2021-01-30 20:06:31 +00:00
92815a6f76
Add platform-agnostic installation of nebula
2021-01-30 19:10:52 +00:00
723372dd09
Name keys after hostname
2021-01-30 18:16:28 +00:00
703b3b194f
Make index read-only so it's not always reowned
2021-01-29 21:52:22 +00:00
062742bc5e
Update synapse
2021-01-29 21:44:34 +00:00
e1f3572a7c
Set pages
install directory correctly
2021-01-29 21:35:01 +00:00
c5050381fc
Update plausible to v1.2
2021-01-29 21:34:44 +00:00
698804ff38
Remove gitlab
2021-01-28 19:54:03 +00:00
89a6c7680c
Decommission walker
...
Kimsufi is just too annoying of a host. Everything has either been moved off, killed, or has further plans.
2021-01-28 18:56:39 +00:00
b339cb0e2d
Move upload
to grimes
2021-01-28 14:04:55 +00:00
909f693cba
Fix location of zpool
command
...
TIL lookups are executed on the host
2021-01-26 22:02:58 +00:00
3de14efd9e
Remove heimdall
...
I've literally not used it since setting it up
2021-01-26 21:53:52 +00:00
a44a79031a
Init some skeleton nebula stuff
2021-01-25 21:53:04 +00:00
0ecd884a9a
Deploy yourls
2021-01-22 21:29:27 +00:00
2a8f715eca
Add redis cache for gitea
2021-01-22 18:59:52 +00:00
cc847a069c
Resolve zpool location
...
Hopefully this means they actually run
2021-01-22 15:29:41 +00:00
a2c6d7c276
Swap out alpine for debian on ingress
...
Mostly for future nebula deployment
2021-01-22 14:53:02 +00:00
0f9802a46c
Install duplicati on PVE docker machine
...
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
f6c176d2f0
Ensure duplicati base is always updated
2021-01-20 21:30:25 +00:00
fce8cf3768
Update nextcloud
2021-01-20 20:58:28 +00:00
76eeeec260
Update wallabag
2021-01-20 20:39:27 +00:00
3321b852a5
Update traefik to v2.4
2021-01-20 20:33:57 +00:00
700360eb96
Update synapse
2021-01-20 20:20:09 +00:00
3e8a3b2c6b
Update gotify
2021-01-20 20:02:01 +00:00
48c507e0c3
Up page sizes for gitea stuff
...
Screw paginating!
2021-01-19 21:20:00 +00:00
26905e245b
Hide heatmap on gitea
...
It's kinda useless at this scale
2021-01-19 17:42:10 +00:00
41915ec69c
Replace gitlab with gitea
...
Leave gitlab in place for a bit in case I need to get at data
2021-01-18 20:14:38 +00:00
f9187109c7
Correct router name for pages
2021-01-17 20:03:02 +00:00
ac4a93e0ed
Setup DNS for pages
2021-01-17 12:49:23 +00:00
b992df0313
Fix variable name for traefik conditional provider
2021-01-16 23:30:09 +00:00
604202fdce
Add traefik pages
...
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA
2021-01-13 22:12:58 +00:00
969674772c
Snapshot PVE root pool too
2021-01-10 13:23:36 +00:00
7672d99aa8
Remove homeassistant configuration
...
It's now in its own VM, and i'll deal with version control using the git integration there directly I suspect.
2021-01-10 13:12:19 +00:00
b40266b276
Add roles to handle PVE nag and repos
2021-01-09 23:21:35 +00:00
d87ec89887
Persist arc size
...
Modprobe only loads the module, it doesn't ensure the ARC value persists correctly.
2021-01-09 22:25:29 +00:00
0c6e9969bc
Give myself passwordless sudo access to zfs stuff
...
This is needed for syncoid pulls
2021-01-09 21:36:09 +00:00
c3053e9378
Fix location for sanoid install
...
This makes it sync up with where the systemd services expect them to be
2021-01-09 21:28:16 +00:00
decf5176f7
Use systemd rather than cron for sanoid
...
It's more reliable and easier to get logs
2021-01-09 20:57:47 +00:00
57d9c9d288
Allow configuring of pools to scrub
2021-01-09 20:52:51 +00:00
721bdf60b3
Fix quotes
2021-01-09 18:32:16 +00:00
1b72afdd29
Remove scrutiny role
...
SMART checks are handeld by PVE / something else in future
2021-01-09 18:30:28 +00:00
0506a78d02
Listen on public port
...
Makes connection so much easier
2021-01-09 18:25:08 +00:00
8fe8788458
Move ARC size to defaults so it can be easily changed
2021-01-09 18:24:52 +00:00
c38ecfebd7
Update gateway to point to ingress instance
2021-01-09 18:17:54 +00:00
fef7f2c2b4
Move docker containers to new PVE container
2021-01-09 18:02:17 +00:00
0355b6b214
Remove jellyfin docker config
...
It'll be replaced by something else later, don't worry.
2021-01-09 17:17:12 +00:00
2300426f0f
Move default variables into role defaults rather than group vars
2020-12-28 16:23:12 +00:00
422062ae63
Fix lint warning around missing mode
...
This only applies to directories https://stackoverflow.com/a/29793833
2020-12-28 16:16:35 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host
2020-12-28 15:55:45 +00:00
4f1e54baab
Actually enable timer
2020-12-28 15:14:50 +00:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines
2020-12-27 22:39:33 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
...
This makes future composition possible
2020-12-22 15:53:03 +00:00
0353887590
Add override to ensure ZFS starts before docker
...
Stolen with love from 7dda0bc7cb
2020-12-21 21:37:46 +00:00
30cb9e52e7
Install and provision wireguard client on ingress server
2020-12-21 18:24:35 +00:00
44fb8f5380
Set some image resizing preferences
...
This stops the thumbnailing being quite as intensive
2020-12-11 17:39:58 +00:00
2bfad84071
Pin wallabag to newer version
...
2.4.0 came out *finally*
2020-12-11 17:39:35 +00:00
5a808e90e0
Update synapse
2020-12-11 17:36:06 +00:00
af1b7f754c
Update nextcloud to 20.0.3
2020-12-11 17:35:50 +00:00
08bb8f22ca
Add feediron plugin for tt-rss
2020-11-25 13:16:13 +00:00
b5d676b6fe
Install fever plugin for tt-rss
...
Had to chown the directory afterwards, as git wouldn't play nice with `become_user`
2020-11-25 13:00:06 +00:00
48762bcfcd
Remove redundant quoting
2020-11-25 11:41:26 +00:00
a35ee7c824
Change base URL to default so the tracker script still uses disguised domain
2020-11-25 11:40:54 +00:00
2b291548f9
Just do plain path replacement
2020-11-25 11:38:47 +00:00
a81e2793f8
Add a secondary domain for plausible less likely to match blockers
...
Might change things, might not. But it's a fun experiment to try anyway.
Using a custom middleware to override the path due to https://github.com/plausible/analytics/pull/340
2020-11-25 11:11:29 +00:00
e8d3a72ea8
Update nextcloud to 20.0.2
2020-11-22 15:40:23 +00:00
1d8f54c778
Update synapse
2020-11-22 15:32:17 +00:00
3ddfd77bdf
Stop running synapse as root
2020-11-22 15:08:08 +00:00
310feaf332
Use correct args to build synapse DB
2020-11-22 15:07:34 +00:00
367de37fab
Actually disable unnecessary logging rather than change level
...
Also disable even more of them
2020-11-12 23:01:32 +00:00
2a4b3ec3e6
Increase timeout for SSH sessions
...
Stll check relatively often the client is still there, but check many times so the connection stays open a decent amount of time. Especially useful for long-running commands.
2020-11-08 22:04:30 +00:00
f5c7c094d3
Fix gotify container name
...
Gotify != duplicati
2020-11-08 11:07:57 +00:00
5c1f17e2aa
Update synapse
2020-10-28 18:22:30 +00:00
0fc57049e4
Update nextcloud to 20.0.1
2020-10-28 15:22:49 +00:00
f450d4a8f2
Pin jellyfin version
2020-10-27 17:38:10 +00:00
f414781182
Use new whoami container
2020-10-27 16:13:14 +00:00
c63506d2bc
Pin traefik to patch version
2020-10-27 16:13:14 +00:00
6ae8d0febe
Pin plausible versions
2020-10-27 16:13:14 +00:00
ff72f5a25e
Move nextcloud data dir to ZFS
2020-10-24 14:26:30 +01:00
5eb3870fbe
Set mode on fail2ban filter and jail
2020-10-24 12:10:54 +01:00
8932ac828f
Add geoip database for plausible
2020-10-24 12:10:37 +01:00
47ad40bb52
Remove watchtower, and do updates manually from now on
...
Keeps @IronicBadger happy!
2020-10-22 18:07:48 +01:00
efd22010b7
Use new LSIO mod which does more
2020-10-19 17:29:28 +01:00
a46525aa80
Move configuration for custom port to Traefik config rather than custom container expose
...
Still a work-around for https://github.com/plausible/analytics/pull/237
2020-10-18 22:31:23 +01:00
0ca3f36f7a
Move some more nextcloud components to ZFS
2020-10-18 18:02:48 +01:00
bedbb0f5f4
Fix service to restart
2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module
2020-10-16 19:16:42 +01:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs
2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
...
This reverts commit 1f0e33acc8
.
2020-10-16 19:16:42 +01:00
30baed441e
Mount external files into nextcloud
...
Means some bits can live outside the nextcloud dir
2020-10-10 18:01:27 +01:00
b8ea056455
Remove netdata
...
Don't use it anyway
2020-10-09 23:39:55 +01:00
6852b84406
Change watchtower to run daily
...
A holdover until less of the containers are using `:latest`
2020-10-09 23:20:07 +01:00
5496744428
Remove web-rng
2020-10-09 23:11:53 +01:00
f7afaacbdc
Move website to be hosted on GitLab pages
2020-10-09 21:35:57 +01:00
7f09db5d20
Add heimdall
2020-10-07 14:09:23 +01:00
e9f61070f8
Update nextcloud to version 20
...
Using the new LSIO tags for version specific pins! 🎉
2020-10-07 09:18:32 +01:00
0a9deb3d9e
Update plausible environment so it's compatible with v1
...
Read the changelog, folks!
2020-10-06 21:48:34 +01:00
93ccb686e7
Drive watchtower config from environment
2020-10-06 09:10:26 +01:00
413ff4dad9
Add script to update containers
...
This is an attended update, which is better. Eventually replace watchtower
2020-10-06 08:44:01 +01:00
2c4e1e0414
Pin Plausible to major version
2020-10-05 18:43:12 +01:00
29c9e14f62
Remove haproxy chroot
...
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
4c40faf21d
Move clickhouse off ZFS
...
For some reason, they really don't play well together!
2020-10-03 17:18:11 +01:00
68bda30cb2
Add nginx container for getting access to files via rclone
2020-10-03 11:41:38 +01:00
64788eb602
Move transcodes to tempfs
...
Means I can remove the scratch disk
2020-10-02 18:12:15 +01:00
191374b812
Move deluge onto walker
...
Stop torrent traffic being limitted by home broadband
2020-10-02 18:11:34 +01:00
6cfaa3a03a
Update traefik
2020-10-02 09:20:33 +01:00
aee9507ec0
Update synapse
2020-10-02 09:13:41 +01:00
addd4f351c
Update nextcloud base
2020-10-02 09:13:34 +01:00
285f7b8a31
Update Gotify
2020-10-02 09:13:13 +01:00
a799ad9657
Scale gitlab up a tiny bit
2020-10-01 19:46:04 +01:00
4742552839
Add notes site
2020-09-30 18:49:36 +01:00
4e7c5ffd67
Add docker mod to scale worker processes to a sane value
2020-09-28 20:14:41 +01:00
07b0650618
Remove statping
...
It's buggy as all hell, super slow, and doesn't really get used for monitoring
2020-09-27 14:17:46 +01:00
5079599b9d
Require TLS 1.2
2020-09-27 12:36:49 +01:00
d93920c2b6
Move home-assistant stuff to ZFS
2020-09-27 11:31:05 +01:00
a303bed27f
Define app data dir in variable
2020-09-26 21:15:44 +01:00
24d11deeae
Update ansible-lint
...
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
cc43910be6
Fix scrutiny so it picks up which task to run correctly
2020-09-26 17:10:07 +01:00
3c21c5670c
Replace postgres with mariadb
...
Its' recommended, and might hopefully fix my annoying auth issues!
2020-09-26 14:49:38 +01:00
40488f62b7
Also set user id for collector container
...
Else it chowns the DB, and doesn't run correctly
2020-09-24 22:18:34 +01:00
fd83820faa
Install scrutiny
2020-09-21 21:16:00 +01:00
a67361b9b5
Explicitly define bed lights
2020-09-19 16:16:24 +01:00
2bbc7c715f
Add GZIP compression to projects which don't natively support it
2020-09-18 12:42:36 +01:00
092f12459e
Fix XML formatting
...
This caused clickhouse to crash hard!
2020-09-18 12:21:15 +01:00
782b008cd3
Fix name of config so they're not constantly changed with each run of ansible
...
derp!
2020-09-18 12:11:44 +01:00
62e629187b
Clean up indent
2020-09-18 12:10:53 +01:00
4ad2bdc77a
Change clickhouse connection to unified variable
2020-09-17 15:18:01 +01:00
a8438c4c2a
Add grafana image renderer
2020-09-13 10:47:59 +01:00
809a977c63
Also update nextcloud config file
2020-09-12 23:15:08 +01:00
9cea8743e9
Update gotify
2020-09-12 22:54:49 +01:00
4c92fba2b9
Change gitlab trusted proxies to be docker IP space
...
Else it becomes `127.0.0.1`, which is obviously not right
2020-09-12 20:03:22 +01:00
6ad9fa070f
Update nextcloud
2020-09-11 21:30:20 +01:00
1ecfc5b7fa
Update traefik
2020-09-10 20:16:23 +01:00
59a447023b
Update nextcloud base
2020-09-09 20:43:52 +01:00
c220f19545
Move scratch disk under /mnt
...
Mounting disks is hard!
2020-09-08 21:17:51 +01:00
2db72623ad
Remove DB backups for containers on ZFS
...
Snapshots are a better backup
2020-09-08 20:41:47 +01:00
b47de7e70b
Disable healthchecks for GitLab pages
...
Because of everything we have disabled, Docker considers the container unhealthy
2020-09-05 23:08:58 +01:00
8c4397d39a
Set rails trusted proxies
2020-09-05 22:29:16 +01:00
2af3241bd2
GZIP compress gitlab pages
2020-09-05 20:52:18 +01:00
19b2330832
Disable logrotate for pages
...
Logs are in a tempfs anyway, and it's just another process to be running
2020-09-05 20:36:45 +01:00
ea54d1be69
Expose pages sites
2020-09-05 20:33:57 +01:00
0a1b541974
Remove compression middleware for gitlab
...
This is already handled by the application
2020-09-05 18:27:56 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik
2020-09-05 18:27:04 +01:00
0289342e2c
Remove goaccess container
2020-09-05 17:29:40 +01:00
4c1ccfc4e4
Only clear containers weekly
...
This will be more helpful now, as repeat CI jobs won't need to re-download containers as often
2020-09-05 17:01:54 +01:00
af9c66785e
Decrease watchtower polling rate to 10 minutes
...
Doesn't need to be that intensive
2020-09-05 17:01:30 +01:00
77113246b0
Remove remaining gitea configuration
...
Goodbye old friend
2020-09-05 16:56:27 +01:00
c1dc26ce35
Install gitlab pages daemon
...
I'll deal with traefik domains later
2020-09-05 16:50:56 +01:00
e579edc758
Use lsyncd to push files to gitlab pages server
...
Server itself in future commit
2020-09-05 16:24:47 +01:00
1487915bbc
Also disable thread log
2020-09-02 20:12:31 +01:00
c47ff494e0
Revert "Disable docker healthchecks"
...
Turns out it really just takes that long to start up!
This reverts commit 61ed3db887
.
2020-09-01 21:50:03 +01:00
61ed3db887
Disable docker healthchecks
...
Makes traefik take *ages* to detect the container is actually running. Let it 502 if it has to
2020-09-01 20:12:52 +01:00
3bc1d75d9e
Ensure the correct IP is detected
2020-09-01 20:12:16 +01:00
acef6246d0
Replace gitea with gitlab
...
Leave gitea in place for a bit in case I need to change back suddenly
2020-09-01 19:47:39 +01:00
84d529be2f
Update synapse
2020-08-31 18:47:37 +01:00
3b7493ae8f
Set default theme to dark and assign default proxy
2020-08-30 21:11:29 +01:00
1ed078ef23
Fix SSH port for gitlab
2020-08-30 21:08:04 +01:00
4610d5ced2
Update nextcloud to 19.0.2
2020-08-30 20:28:49 +01:00
3d76c48bbf
Use postgres on homeassistant
2020-08-30 16:58:27 +01:00
ec751ffa1a
Add influxdb to monitor traefik
2020-08-30 15:58:03 +01:00
17f0e22962
Migrate grafana to postgres
2020-08-30 14:53:08 +01:00
8efb3e0d69
Expose gitlab SSH
2020-08-30 11:22:15 +01:00
796c694170
Run duplicati as root
...
This ensures it has all the right permissions to access all the right files. Host is mounted read-only, so there's no real security risk.
2020-08-30 11:15:08 +01:00
5940b6970a
Move gitlab to ZFS pool
2020-08-30 10:19:57 +01:00
0ce15cb4d8
Add gitlab
2020-08-29 23:56:14 +01:00
da90b12643
Modify clickhouse settings so it's not a resource whore
...
This means it can be moved back to ZFS!
2020-08-28 14:20:13 +01:00
c6791e4098
Remove stray vault file from removing todoist-github
2020-08-28 14:17:45 +01:00
8a7cc5e57e
Move clickhouse back to old disk
...
It does a stupid number of writes, and the snapshots are massive! Until i've worked out why it writes so much, move it to a less critical disk
2020-08-27 14:16:12 +01:00
9a8995f1f8
Use single cron job for pruning and taking snapshots
...
Less to manage, and less lock contention
2020-08-26 13:02:50 +01:00
1f70a46c35
Add custom clickhouse config
...
This changes the default log level to warning, to ensure the log file isn't being hammered
2020-08-26 08:54:37 +01:00
3edc34759d
Mount clickhouse logs on tmpfs
...
WHO LOGS TRACE BY DEFAULT?!
2020-08-25 22:05:10 +01:00
742412259c
Mount transcodes on scratch disk
...
Don't want them getting caught by sanoid!
2020-08-25 14:30:26 +01:00
4feff3d247
Move jellyfin to ZFS
2020-08-25 14:17:57 +01:00
6808e86a6d
Update nextcloud base
2020-08-24 14:30:11 +01:00
922b688615
Bump ZFS usage to 50% RAM
...
It's a lot, but should be dealable on most machines
2020-08-23 14:15:09 +01:00
f531d4f915
Move plausible onto ZFS
2020-08-22 12:19:47 +01:00
9ffdd4d711
Move grafana to ZFS
...
Don't need to create the directory anymore really
2020-08-22 12:07:44 +01:00
f517831435
Install synapse config to right place
2020-08-22 12:03:04 +01:00
67dfe6a8a0
Remove todoist-github
...
It's got some pretty big bugs, and isn't running anyway
2020-08-22 12:01:24 +01:00
07d5c4fa72
Move quassel to ZFS
2020-08-22 11:59:10 +01:00
3dc8ee16b5
Move wallabag to ZFS
2020-08-22 11:51:51 +01:00
ff7ec46e77
Move synapse to ZFS
2020-08-22 11:42:03 +01:00
037d719906
Migrate deluge data to ZFS pool
2020-08-22 11:20:38 +01:00
8d2c6dfb68
Move gitea to ZFS
2020-08-21 16:02:56 +01:00
bc5d6d512b
Move calibre to ZFS pool
2020-08-21 15:34:04 +01:00
2866cd0602
Move TT-RSS into ZFS pool
2020-08-21 15:33:46 +01:00
35266e975d
Drive sanoid changes from YAML
2020-08-20 21:47:12 +01:00
1bcb8f22b1
Fully resolve path to sanoid
...
Apparently cron didn't like just `sanoid`
2020-08-20 21:24:33 +01:00
a2e021ac43
Install ZFS on home server 🎉
2020-08-19 21:34:23 +01:00
63ec7c671a
Manually install sanoid
...
Makes the foundation for a future external role
2020-08-19 18:40:17 +01:00
fcd4dbf657
Fix casing
...
Turns out it's a lower case "l"
2020-08-19 17:59:56 +01:00
2ef836b2e9
Remove synapse helper scripts
...
They're not maintained, and actually highly advised against
2020-08-18 20:39:23 +01:00
efc7a5d7fb
Allow arc to be 20% RAM usage
2020-08-18 13:47:48 +01:00
cbbd7bf83d
Update synapse
2020-08-18 13:13:25 +01:00
6716b418d7
Ensure cron tasks are run as the right user
...
Looks like by default they're installed as the current user, not root. Bad ansible documentation!
2020-08-17 22:29:02 +01:00
af22e89a73
Update nextcloud base
2020-08-17 13:57:53 +01:00
bf4e90d053
Update synapse
2020-08-17 13:57:44 +01:00
150a34be2f
Provide cron flag to sanoid
2020-08-17 13:49:07 +01:00
0902dd001e
Expose grafana
2020-08-07 12:03:45 +01:00
9d014cfa1c
Install grafana and link it to HA
2020-08-07 11:52:15 +01:00
301ac37868
Remove legacy integrations
2020-08-06 17:05:19 +01:00
55f79b4a51
Remove socks proxy
2020-08-05 20:56:12 +01:00
384a07b513
Run plausible migrations on startup
2020-08-04 22:07:45 +01:00
6ceea80ee7
Fix website restart
2020-08-04 20:54:34 +01:00
4b7830567b
Add postgres backups for plausible
2020-08-04 19:49:21 +01:00
7c0d78ee9d
Remove folding-at-home
...
New server location isn't especially ventilated, so heat is an issue.
I'm sorry.
2020-08-04 19:41:01 +01:00
c435ad1ba8
Ensure plausible is restarted on error
2020-08-04 19:38:01 +01:00
969b0bd8d9
Update traefik
...
Fixes GHSA-6qq8-5wq3-86rp
2020-07-30 21:46:44 +01:00
ed00a0d40e
Update gitea
2020-07-29 18:26:13 +01:00
a6047da465
Use default port
2020-07-28 20:31:32 +01:00
91effbcac5
Add ZFS scrub cron job
2020-07-26 22:17:28 +01:00
6e58b07519
Remove unnecessary quotes
2020-07-26 18:22:43 +01:00
ebbd2a4015
Install zfs and sanoid
2020-07-26 18:03:09 +01:00
5cb1a470ab
Bump plausible pool size
2020-07-26 15:40:03 +01:00
f77cd1216f
Move upload server to walker
2020-07-24 17:14:39 +01:00
3c7c0ec3fa
GZIP plausible traffic
...
Plausible doesn't gzip for itself. Funnily enough the tracker is actually too small to be compressed by Traefik!
2020-07-22 12:18:49 +01:00
9ee4e1c14b
Add plausible analytics
2020-07-21 20:55:44 +01:00
74d40ac915
Update traefik
2020-07-18 13:29:20 +01:00
005cc528b6
Update nextcloud to 19.0.1
2020-07-17 14:48:50 +01:00
7a38207ef0
Update traefik
2020-07-15 14:53:36 +01:00
b7aebfaabd
Move statping to new machine
...
Also update it to the latest version. It's probably still buggy AF, but it'll do for what I need it to rigth now.
2020-07-14 19:35:55 +01:00
52e8f34198
Pin jellyfin to latest
...
It can update itself just fine
2020-07-13 18:09:33 +01:00
9d962c324b
Update synapse
2020-07-13 18:04:20 +01:00
bb5a5b61bd
Update traefik
2020-07-13 18:04:11 +01:00
dd8523ebdd
Update gitea
2020-07-13 18:02:51 +01:00
eed13e3727
Setup offsite storage service
...
My own lil' S3
2020-07-12 21:01:06 +01:00
3c49c80ff1
Ensure traefik only listens on wireguard network
2020-07-12 19:29:18 +01:00
9c0682ef9b
Restrict SSH connections to wireguard cidr
...
Except on home server, still handy to connect on same network.
2020-07-12 17:53:02 +01:00
e5e308fafa
Remove firewall role
...
firewalld does not play nice with docker!
2020-07-12 17:04:13 +01:00
f2d7d63e2d
Update nextcloud base
2020-07-10 16:15:13 +01:00
dc2b51db6b
Update synapse
2020-07-10 16:02:06 +01:00
ba486a26e4
Update duplicati
2020-07-09 19:27:53 +01:00
13a70b27a4
Add RGB LED controller
2020-07-06 20:48:57 +01:00
82bffc3538
Setup firewalld
2020-07-03 21:53:31 +01:00
fba284f9a9
Change primary gitea domain to the one I actually use
2020-07-02 19:42:51 +01:00
1c99477ce9
Move nextcloud config into root
2020-07-02 18:44:27 +01:00
c80d4b7e04
Move tt-rss config out of config directory
2020-07-02 18:24:26 +01:00
689c0cecd9
Set permissions on nextcloud data dir
2020-07-02 17:52:53 +01:00
452118e2a9
Update synapse
2020-07-02 17:41:22 +01:00
86a398d6b4
Replace docker-compose restart hack with shell handler hack
...
The docker-compose integration would start 2 of the same container, which does bad things to things like databases!
2020-06-28 20:13:12 +01:00
71086ca291
Do HA person management through web UI
2020-06-28 19:35:39 +01:00
e2ca9ad4a9
Don't use host hack to connect to influx
...
Just bind to internal port like a sane person
2020-06-28 19:16:22 +01:00
9f09554053
Set some sysctl
settings so zeroconf works for HA
...
https://stackoverflow.com/a/46890741
2020-06-28 17:35:49 +01:00
bf2a5e9320
Add Tado and Arlo integrations
2020-06-27 21:00:18 +01:00
e4aba817cc
Fix influxdb comms
...
Stupid host network mode and DNS
2020-06-27 21:00:07 +01:00
cfd46ea752
I'm probably where my phone is
2020-06-27 19:53:21 +01:00
fe5a5984c3
Remove container names from containers
...
They're not needed for anything, and caused annoying weird issues when cycling containers
2020-06-27 17:45:28 +01:00
681d591176
Add ESPHome
2020-06-27 16:45:00 +01:00
c89715c52b
Add influxdb for homeassistant storage
2020-06-27 16:34:41 +01:00
93b4bef05d
Add home-assistant
2020-06-27 16:16:52 +01:00
e5cbae81f4
Switch from Emby to Jellyfin
...
Merge remote-tracking branch 'origin/jellyfin'
2020-06-25 21:39:19 +01:00
e051db5e71
Remove obsolete middleware
2020-06-24 18:48:39 +01:00
7119d5877f
Only expose deluge to internal network
...
And VPN
2020-06-24 18:48:30 +01:00
dd12b795b5
Remove pihole
...
Internal VPN server is working just perfectly instead
2020-06-24 18:46:13 +01:00
7d61282d19
Set depends_on
where needed
2020-06-24 18:35:20 +01:00
7a3643f3c2
Persist mirror caches outside container
2020-06-24 18:21:14 +01:00
df54decc99
Mirror dotfiles repo
2020-06-24 16:47:31 +01:00
82a3c85263
Install git-mirror
container
...
This also moves the canonical home of this repo to my gitea instance!
2020-06-24 16:27:13 +01:00
5f9b337c7a
Update gitea
2020-06-24 14:26:12 +01:00
2ab8928985
Update nextcloud base
2020-06-24 14:26:05 +01:00
319c96512e
Change default theme to original
...
Black and green looks odd
2020-06-22 21:03:08 +01:00
913ee4759f
Quote value to silence errors
2020-06-18 21:18:47 +01:00
9ba9593127
Remove debug log level for deluge
2020-06-18 20:50:04 +01:00
f878866f10
Update yamllint
2020-06-18 20:49:12 +01:00
9f59b30f1e
Update synapse
2020-06-18 20:34:23 +01:00
7f62ed43d4
Update gitea to 1.12
2020-06-18 20:33:09 +01:00
624d1b5425
Set HSTS header for nextcloud
2020-06-13 21:14:23 +01:00
ca188ab1b4
Rename middleware
...
It's not actually applying a HSTS header
2020-06-13 21:09:48 +01:00
d7b6abaf58
Update to nextcloud 19
2020-06-13 21:06:33 +01:00
a22f555878
Unpin the versions of things I don't care about too much
...
If they update and break, it's not the end of the world, however unlikely it may be
2020-06-13 19:38:42 +01:00
a3d19eba94
Update synapse
2020-06-13 19:27:53 +01:00
3969b23cd0
Keep using fancy index
...
Repairs breaking change from 0f036dd6d7
2020-06-11 19:24:53 +01:00
e1ae11e388
Update quassel base
2020-06-10 13:54:18 +01:00
26aba92483
DIal back emby update
...
Apparently that was a pre-release
2020-06-10 13:53:47 +01:00
e54ec1312c
Replace onlyoffice with collabora
2020-06-07 21:09:02 +01:00
0724ae9238
Update redis
2020-06-07 15:09:20 +01:00
61a50435c9
Update emby
2020-06-05 19:11:49 +01:00
fa41b09d83
Update deluge base
2020-06-05 17:36:09 +01:00
15720fded8
Update quassel base
2020-06-05 17:35:56 +01:00
1f9ea561df
Update calibre
2020-06-05 17:35:37 +01:00
0a13b8e34d
Update nextcloud base
2020-05-31 13:30:37 +01:00
d41d1b0d6c
Update gitea
2020-05-31 13:26:47 +01:00
605ae4f8b8
Make sure media is owned correctly
2020-05-30 15:35:55 +01:00
e5d77f23fd
Update deluge base
2020-05-29 15:37:49 +01:00
249045e4cd
Update synapse
2020-05-29 15:37:39 +01:00
cd076b871c
Update duplicati base
2020-05-29 15:36:40 +01:00
f59c625058
Move nextcloud DB to SSD
...
Speeeeeeeeed
2020-05-28 20:20:33 +01:00
28cdaefb05
Update nextcloud base
2020-05-27 16:17:32 +01:00
adc7611242
Only bind duplicati to wireguard interface
2020-05-25 17:38:26 +01:00
986fc50fde
Set hostname for duplicati so it's picked up correctly in the UI
...
This shouldn't have any negative impact. Hopefully...
2020-05-25 17:32:44 +01:00
851f750948
Move duplicati to its own role so it can be installed on grimes
2020-05-25 17:25:58 +01:00
b45d399734
Mount entire host inside duplicati
2020-05-25 17:01:29 +01:00
7dd31c0556
Allow nextcloud to be reached over internal SSL
...
This removes the need for a custom config, and means traefik is proxying HTTP2, which is nice
2020-05-24 19:21:17 +01:00
eac381a90a
Decrease resource limit on FaH
...
It's getting hot
2020-05-24 18:37:57 +01:00
d2269de4ad
Claenup docker util scripts
2020-05-23 18:25:00 +01:00
ceca641e2f
Remove deprecated options
2020-05-23 11:47:31 +01:00
c92f924faa
Harden host key
2020-05-23 11:45:53 +01:00
2fe6cf7c93
Install mobile key
2020-05-23 11:23:45 +01:00
20d5020f6b
Manually use file lookup so the terminal output looks nicer
2020-05-23 11:18:48 +01:00
09418cffb0
Provision SSH keys with ansible now
2020-05-23 11:04:50 +01:00
7e534e52e1
Merge SSH into base role
2020-05-23 10:58:09 +01:00
16881048e2
Update duplicati
2020-05-23 10:35:59 +01:00
892ac4e950
Update synapse
2020-05-22 22:34:37 +01:00
cd255f7ca2
Remove docker-rclone-mount
...
Seems there's some issues where having this attached which makes the duplicati container delete all its RO mounts.
2020-05-22 21:09:40 +01:00
7fbfbbb699
Ansiblize rclone mounts configs
2020-05-22 12:04:43 +01:00
251d52f1de
Add rclone mounts
2020-05-22 11:47:45 +01:00
9b9af7e90d
Set nextcloud trusted proxy to docker host IP
2020-05-21 18:11:51 +01:00
fc7b57eab9
Modify some things and cleanup gitea config
2020-05-21 17:58:38 +01:00
1c8d80e12d
Revert "Add a redis cache to gitea"
...
This reverts commit c0c396f008
.
Causes weird stability issues as the process received sig 15 and
restarts, which is strange!
2020-05-21 12:03:45 +01:00
c0c396f008
Add a redis cache to gitea
2020-05-19 21:49:09 +01:00
b9e6e8801e
Mount a directory for restore testing
...
And for actual restores, should the time come...
2020-05-18 12:08:10 +01:00
9850f73a17
Deploy web-rng
...
https://github.com/RealOrangeOne/web-rng
2020-05-17 18:04:44 +01:00
600bc4bb58
Ensure sysctl change is persisted
...
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
2020-05-16 16:15:58 +01:00
f207b2eedd
Update quassel base
2020-05-14 14:16:19 +01:00
1a51624f5f
Update nextcloud base
2020-05-14 14:16:11 +01:00
98f478a1ca
Update pihole to v5
2020-05-14 14:15:36 +01:00
825b7926af
Update duplicati base
2020-05-14 14:15:28 +01:00
851c6b167c
Remove yourls
...
Mariadb update broke it, but I never use it anyway.
2020-05-14 13:54:59 +01:00
6f7f7aae94
Remove TOR proxy
...
Wasn't actually using it, proxying through `grimes`
2020-05-12 20:43:19 +01:00
112e8ce985
Install some wireguard tools
2020-05-11 11:59:46 +01:00
93e5ce5bac
Reduce polling interval slightly so things update quicker
2020-05-10 22:20:03 +01:00
eb65e8808d
Update gitea
2020-05-10 19:38:00 +01:00
40cf931f14
Update deluge base
2020-05-10 19:37:48 +01:00
8f32d74095
Update gotify
2020-05-10 19:29:36 +01:00
2d655a3da0
Remove unnecessary strings
2020-05-10 19:23:41 +01:00
d693240eb4
Just hardcode to bash
...
I'm not resetting my login shell again!
2020-05-10 19:19:42 +01:00
f156bd6860
Use which to get path to bash
2020-05-09 21:06:03 +01:00
59868fc331
Install git on all hosts
2020-05-09 21:03:43 +01:00
52ae01d29f
Add user to docker group
2020-05-09 20:48:46 +01:00
59a721b243
Create user
2020-05-09 20:47:41 +01:00
5289206f14
Remove unnecessary quotes
2020-05-09 20:11:08 +01:00
1f0e33acc8
Remove fail2ban
...
Keeps getting hit by stats. I should fix that at some point
2020-05-09 20:09:36 +01:00
f3126e34b9
Update haproxy config for use on arch
2020-05-09 20:08:27 +01:00
059cb585db
Use OS-agnostic package install for haproxy
2020-05-09 20:08:14 +01:00
095c8c4562
Use sysctl to enable p2p comms
2020-05-09 20:07:19 +01:00