4ba1ab0a28
Update yourls mariadb to 10.8
2022-06-06 22:33:26 +01:00
b62f8001bb
Deploy commento++
2022-06-05 15:44:49 +01:00
14de6fee84
Use socket proxy for DB backups
2022-06-04 23:03:41 +01:00
a15c300856
Ensure forrest saves DB backups to the correct place
2022-06-04 22:24:53 +01:00
0fd891f988
Update dependency louislam/uptime-kuma to v1.16.1
2022-05-29 05:48:38 +00:00
c159a157c3
Update download location for qbittorrent
2022-05-25 08:46:37 +01:00
0c11079246
Update geerlingguy.docker to fix issue installing on Arch
...
https://github.com/geerlingguy/ansible-role-docker/issues/346
2022-05-25 08:35:12 +01:00
565e1a156c
Update nextcloud to 24.0.1
2022-05-24 20:22:18 +01:00
1015a0ebc1
Merge branch 'renovate/matrixdotorg-synapse-1.x' into 'master'
...
Update dependency matrixdotorg/synapse to v1.59.1
See merge request sys/infrastructure!16
2022-05-24 20:12:51 +01:00
07f19ec509
Update dependency vaultwarden/server to v1.25.0
2022-05-23 18:01:20 +00:00
284bed5e90
Update dependency wallabag/wallabag to v2.5.0
2022-05-21 20:38:08 +00:00
6116eed775
Use external DNS for monitoring
...
This avoids potential issues with host DNS jitters
2022-05-19 09:39:30 +01:00
6a60e7284e
Update dependency matrixdotorg/synapse to v1.59.1
2022-05-18 12:16:59 +00:00
b23b5e130e
Keep a few frequent backups in case of screw ups
2022-05-17 18:09:03 +01:00
e176ba371c
Move my settings out of default
2022-05-17 18:09:03 +01:00
f2290aafa6
Reduce usage and reliance on downsampled snapshots
...
Keep more at a lower resolution, as really those are the most useful
2022-05-17 18:09:03 +01:00
82040a5c85
Move qbittorrent to be a LXC
2022-05-16 22:02:01 +01:00
1c14c10b74
Allow 2 cores per runner job for concurrency
...
Allowing 2 clear cores runs fewer jobs, but should run them a lot faster
2022-05-07 12:34:57 +01:00
306d2368c1
Update dependency wallabag/wallabag to v2.4.3
2022-05-07 12:21:21 +01:00
8eae7b69e0
Pin versions of galaxy requirements
2022-05-07 12:21:21 +01:00
26b4b18737
Update synapse to 1.58.1
2022-05-07 11:38:46 +01:00
15b56971a1
Update uptime-kuma to 1.15.1
2022-05-07 11:37:49 +01:00
d7056861b9
Keep data for a bit longer
...
Don't ask me why I did this...
2022-05-07 11:34:46 +01:00
2c7e4e5532
Unpin fork of proxmox-nag-removal
2022-05-04 22:32:33 +01:00
51779a1f7e
Use released version of ntp role
...
Now https://github.com/geerlingguy/ansible-role-ntp/pull/110 has
shipped.
2022-04-27 08:40:17 +01:00
588152461e
Pin to released version of ansible-role-snapraid
...
Now https://github.com/IronicBadger/ansible-role-snapraid/pull/9 has
been merged.
2022-04-27 08:39:24 +01:00
208c605f05
Update uptime-kuma to 1.15.0
2022-04-26 20:40:33 +01:00
679cd5eba1
Update synapse to 1.57.1
2022-04-26 20:39:16 +01:00
b8c5d40c73
Update nextcloud to 23.0.4
2022-04-26 20:39:05 +01:00
54b8191754
Update uptime-kuma to 1.13.1
2022-03-24 22:20:29 +00:00
72c54029cd
Update synapse to 1.55.2
2022-03-24 22:13:52 +00:00
793506492f
No shenanigans by default
...
This causes strange problems with nextcloud
2022-03-23 19:30:22 +00:00
cccfa8bf51
Remove version prefix from nextcloud tag
...
Apparently that's not needed anymore
2022-03-22 21:22:07 +00:00
e0df63e3c9
Update nextcloud to 23.0.3
2022-03-22 21:19:43 +00:00
81116998b1
Fix symbolic link for yamllint config
2022-03-18 19:44:57 +00:00
b8736e1c65
Create VPN for port 53
2022-03-18 19:44:06 +00:00
bd49c1c869
Update renovate to v32
2022-03-18 18:06:07 +00:00
ffe9a13ff1
Update uptime-kuma to 1.12.1
2022-03-13 15:59:37 +00:00
5d136a8a2f
Update synapse to 1.54
2022-03-13 15:59:24 +00:00
2093f72602
Add a skeleton k8s deployment setup
...
DNS will come later
2022-03-07 21:58:17 +00:00
293aed0fd3
Enable GitLab registry
2022-02-25 21:48:13 +00:00
997fb0e600
Update synapse to 1.52
2022-02-21 21:50:30 +00:00
7ad6e81981
Update nextcloud to 23.0.2
2022-02-21 21:50:18 +00:00
7a05e154a6
Update uptime-kuma
2022-02-21 21:50:07 +00:00
c34b9e48f4
Add support for building docker containers on CI
...
This is easier than dind
2022-02-14 09:09:28 +00:00
6b63c2685b
Add an additional domain for matrix
...
I'll migrate over to this eventually. But doing a hard migration has just wasted my entire evening...
2022-02-13 20:54:46 +00:00
722b964bc9
Add Google Search Console integration to Plausible
2022-02-13 16:43:09 +00:00
a075b8f252
Update Vaultwarden to 1.24
2022-02-08 08:56:28 +00:00
4562b60517
Update Traefik to 2.6
2022-02-08 08:55:50 +00:00
af0eb65cce
Update synapse to 1.51
2022-02-08 08:55:41 +00:00
5df4a2c79a
Rotate nebula keys
...
Turns out they expired last night...
2022-01-30 21:00:38 +00:00
b91072b0da
Create a pages user for user with status checks
2022-01-29 22:18:07 +00:00
a5d9463f80
Ensure webdav pages is also accessible to Traefik
2022-01-29 22:11:19 +00:00
f07b5d9b7b
Migrate include:
to include_tasks
2022-01-22 20:21:32 +00:00
106a89d72f
Use groups to manage sudo access rather than editing sudoers file
2022-01-22 20:10:16 +00:00
7e6e630808
Don't provision occ script on every machine
...
It only makes sense on 1
2022-01-21 22:28:13 +00:00
6db0500e1b
Provision remote f2b key with ansible
2022-01-21 22:11:49 +00:00
e8d4244946
Restart nebula, rather than reloading it
...
Reloading doesn't actually work it seems
2022-01-21 21:52:48 +00:00
af396a21cb
Provision a new casey
on Linode
2022-01-21 21:52:21 +00:00
188b7c9dd6
Install wireguard tools before provisioning config
2022-01-21 20:29:34 +00:00
c1319a134a
Forget snapshots in groups by host
...
By default, it includes the path, which means path changes result in very old snapshots
https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
...
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
9404f71dc6
Remove old DB backups dir from backups
2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases
2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs
2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik
2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
...
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed
2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
...
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
...
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
cf0e718bfb
Migrate decker services to linode
...
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
...
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
...
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma
2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
...
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
...
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove
2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
...
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
...
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14
2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
...
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14
2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14
2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14
2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14
2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14
2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository
2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
...
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7
2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12
2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file
2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault
2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault
2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault
2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars
2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
...
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file
2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
...
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
...
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
...
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23
2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1
2021-12-15 20:21:01 +00:00
9834a45ec5
Update uptime-kuma to 1.11.1
2021-12-15 20:20:50 +00:00
699673c3b5
Update Synapse to 1.49.0
2021-12-15 20:19:51 +00:00
9e899d0f52
Update nebula to 1.5.2
2021-12-15 20:18:25 +00:00
bbfd872a24
Mount the whole host into the restic LXC, so I can backup PVE config
2021-12-11 13:17:58 +00:00
4452cc4eeb
Update synapse to 1.47.1
2021-11-23 22:04:42 +00:00
eed75d8648
Mount homeassistant data into restic for external backup
2021-11-21 21:53:35 +00:00
47bcbd855e
Update nextcloud to 22.2.3
2021-11-16 21:04:54 +00:00
5c0987de4d
Update uptime-kuma
2021-11-15 20:26:29 +00:00
e1205564cb
Update nebula to 1.5.0
2021-11-15 20:26:20 +00:00
ccaff503da
Move decker from AMS to Paris
...
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
2021-11-06 16:45:09 +00:00
64695c3be1
Don't pipe dat ainto curl for healthchecks
...
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
2021-11-04 16:46:59 +00:00
ef22a43293
Update uptime-kuma to fix security issue
2021-10-29 21:52:09 +01:00
1b4d5de701
Rename plausible embed router
...
There's nothing really "bare" about it
2021-10-29 20:47:02 +01:00
0cb2a70d24
Upgrade Plausible to 1.4
2021-10-29 20:46:28 +01:00
090745456f
Update vaultwarden to 1.23.0
2021-10-23 16:24:42 +01:00
41fadd892e
Update uptime-kuma
2021-10-23 16:24:29 +01:00
4cdaba4692
Swap certificates for wildcards
2021-10-18 21:59:10 +01:00
ebb571bf20
Increase GC frequenc to work around restic's high memory usage
...
https://github.com/restic/restic/issues/1988
2021-10-15 12:39:16 +01:00
6cc7d0b89e
Update synapse
2021-10-14 18:34:49 +01:00
31208856c2
Pin uptime-kuma version
...
It's pretty important now
2021-10-14 18:34:00 +01:00
6f0d4b60df
Run more web processes for tt-rss
2021-10-03 16:45:18 +01:00
c867efbe3b
Use alternative container registries where available
2021-10-03 16:26:10 +01:00
3727dd473c
Update synapse to 1.43
2021-10-01 21:17:13 +01:00
7fd176466d
Update nextcloud to 22.2.0
...
Required quite some hacks around federatedfilesharing app not wanting to update
2021-10-01 20:52:07 +01:00
4293d030d4
Don't lint globally installed roles
2021-09-27 14:50:08 +01:00
4db474034e
Ignore my VMs from a fail2ban
2021-09-27 14:49:56 +01:00
7e2d01c612
Change domain
...
Now there's a status page, we can consider it public
2021-09-25 21:34:18 +01:00
3daf939b32
Update uptime-kuma container
...
Now does user management itself
2021-09-25 21:08:42 +01:00
8a37a9d41b
Move uptime-kuma to decker
2021-09-25 21:03:56 +01:00
a135aae5f3
Provision new VM
...
This will be used for monitoring
2021-09-25 16:59:23 +01:00
48934ad2c5
Apply gzip to everything
...
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
83ed8879dc
Correctly set smtp user for GitLab
...
The user and from are different in my case.
2021-09-19 22:34:40 +01:00
178ca6b2c4
Add privatebin config
...
Disable super long expirations, among other things
2021-09-19 19:29:05 +01:00
d70f450e2d
Change forget resolution to 30d
...
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
2021-09-07 22:04:23 +01:00
0a8167c839
Remove stray expose
...
Traefik picks up the port just fine
2021-09-07 21:04:19 +01:00
eedba465c4
Update synapse
2021-09-07 21:04:04 +01:00
a866938207
Fix hostname of restic server
2021-09-06 21:07:10 +01:00
2db8ca5059
Add basic auth to dokku
2021-09-05 23:11:28 +01:00
a278443850
Use auto
on nginx configs
...
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
6e25403b3d
Update synapse to 1.41.1
2021-08-31 19:08:38 +01:00
86e9d12ce6
Update nextcloud to 22.1.1
2021-08-31 19:03:19 +01:00
c2cd2e6e34
Add backups for grimes
2021-08-30 21:50:55 +01:00
07b2ea2ccb
Add the ability to exclude certain paths from backup
2021-08-30 21:49:58 +01:00
259b0ca7a6
Use upstream telegraf
role
...
https://github.com/rossmcdonald/telegraf/pull/54 shipped
2021-08-30 21:22:26 +01:00
dcbe6e8e72
Use upstream version of ansible-role-snapraid
...
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
2021-08-30 21:21:58 +01:00
95216b32c4
Consolidate server blocks
2021-08-24 14:31:12 +01:00
453a374801
Replace ingress proxy with nginx
...
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.
Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
f14e723d40
Fix service name on ingress
...
It's not alpine
2021-08-24 11:52:35 +01:00
601b916b43
Remove deprecated clients from wireguard server
...
I use nebula now for all that
2021-08-24 11:14:04 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
...
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
ecb946bab4
Remove nginx version from headers
2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge
2021-08-23 16:10:37 +01:00
a54d373526
Replace edge proxy with nginx
...
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00
23fc7bbb12
Use slightly less memory for ZFS
2021-08-22 15:58:49 +01:00
1d5616a36f
Update roles so they support newer Debian versions
...
I'm monitoring the PRs, don't worry
2021-08-22 15:22:11 +01:00
8fabd11e31
Remove unnecessary pve role
...
no-subscription is handled by the nag removal role
2021-08-22 15:20:27 +01:00
f0a3585592
Use distribution name in repo URL
2021-08-22 14:44:34 +01:00
0874158a91
Update traefik to 2.5
2021-08-22 11:16:37 +01:00
c04e8b628a
Update synapse to 1.40.0
2021-08-22 11:16:19 +01:00
c99afdd446
Disable gzip on qbittorrent egress
...
It's mostly used over the internal network, so the additional gzip isn't going to gain anything when the disk is the bottleneck
2021-08-21 16:46:21 +01:00
55e3b81f06
Install release version of gitlab-dater
onto GitLab server
...
Rather than than hacky development one I was using before
2021-08-10 22:51:12 +01:00
e421657619
Ensure restic gets the correct permissions when it's updated
...
Yes it's weird to modify the system package like this, but it's very handy.
See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
2021-08-10 08:45:59 +01:00
ab46c30df2
Start graphing some speeds
2021-08-07 10:59:42 +01:00
d0e472b51a
Update synapse to 1.39.0
2021-08-06 18:20:48 +01:00
11bf501d8a
Update nextcloud to 22.1.0
2021-08-06 18:20:38 +01:00
9755974647
Update vaultwarden to 1.22.2
2021-08-06 18:17:22 +01:00
f3bc72d2ba
Provision uptime-kuma
2021-07-31 16:43:12 +01:00
1399529a47
Move stray storage to tank
2021-07-17 20:32:26 +01:00
8f831c8191
Update synapse to 1.37.1
2021-07-11 20:20:56 +01:00
501fe81979
Update nextcloud to v22
2021-07-11 20:20:48 +01:00
3daf3ef8ed
Pin clickhouse to 21.6
...
21.7 doesn't work
2021-07-11 16:11:09 +01:00
b2d226300b
Update nextcloud to 21.0.3
2021-07-04 21:17:03 +01:00
19eb233ffa
Update vaultwarden to 1.22.1
2021-07-03 11:27:27 +01:00
797c44a27d
Use proxy protocol v2
...
Apparently it's better for chaining, and may be faster anyway
2021-07-01 22:28:25 +01:00
b6adc53746
Revert "Capture stderr in logs, too"
...
This reverts commit 8696f6d93f
.
Yeah, this doesn't work. Syntax and intention.
2021-06-28 08:33:08 +01:00
41a8fe3b4d
Use logrotate for backrest logging rather than nuking immediately
...
Just in case something goes wrong with healthchecks
2021-06-27 10:58:01 +01:00
8696f6d93f
Capture stderr in logs, too
2021-06-27 10:53:13 +01:00
1c07534c40
Stop resetting dokku hostname to default
2021-06-26 21:27:39 +01:00
40e785de38
Add yet more metric sources
2021-06-26 12:52:55 +01:00
32f17908ad
Collect metrics on disk usage
2021-06-26 12:36:00 +01:00
77d2b82761
Add healthchecks for snapraid
2021-06-26 11:45:56 +01:00
18603d726e
Add username to proxmox-nag-removal role
...
Makes it obviously not one of mine
2021-06-25 22:47:21 +01:00
09a010f28e
Version snapraid config
...
Using fork of role at https://github.com/IronicBadger/ansible-role-snapraid/pull/7
2021-06-25 22:43:26 +01:00
b82e87c04b
Remove unnecessary which
...
`cron` doesn't need a full path
2021-06-25 20:57:19 +01:00
50c5ed68e3
Install some dokku plugins
2021-06-22 22:57:02 +01:00
83c84abc62
Use dokku role to install it
...
I also switched the host to debian, as the arch install didn't quite work.
2021-06-22 22:08:01 +01:00
9296c88ae4
Remove date from DB backups
2021-06-20 15:23:15 +01:00
bb5bbf16f5
Remove alpine special case
...
https://github.com/ansible-collections/community.general/pull/1722 has shipped.
2021-06-20 12:43:59 +01:00
8948437b66
Use official extension
2021-06-20 12:39:58 +01:00
e3502ae1e0
Provision dokku server
2021-06-20 12:12:34 +01:00
b20ffb27c4
Remove gotify
...
Never used it
2021-06-12 19:00:39 +01:00
4e5fa59c58
Add redis
...
This isn't really used as a cache, but it is for a couple bits, so nice to enable it anyway, and it might become so in future
2021-06-12 18:53:50 +01:00
290b147821
Thin out synapse config
...
Previously it was the vast majority of code in the whole repo. Now we only define the necessary keys, and rely much more on defaults, which is nice!
2021-06-12 18:49:29 +01:00
47e546d51a
Add synapse-admin
...
Useful to see what's going on on the server
2021-06-12 18:09:18 +01:00
3485f8e1f0
Actually version the ingress haproxy config
2021-06-12 17:32:47 +01:00
33fcf1a9e5
Fix matrix federation
...
Apparently this has been broken since like March...
It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
94e4592db6
Update synapse to 1.35.1
2021-06-12 16:46:16 +01:00
5d4817e840
Move some larger gitlab storage off tank
...
Means they'll be backed up less, but they're less important anyway
2021-06-07 20:24:59 +01:00
3c3f69a776
Remove unnecessary influxdb instance
...
Never used it anyway
2021-06-03 20:50:54 +01:00
d59e86a8e8
Remove unnecessary private_ip
var from forrest
...
It was redundant
2021-06-03 20:47:33 +01:00
f1f2c620b0
Replace DHCP on PVE for static IPs
...
So much easier to deal with!
2021-06-03 20:47:08 +01:00
d751a023da
Promote GitLab to main git.
domain
2021-06-02 19:49:28 +01:00
6c23180591
Remove gitea
...
I use GitLab now
2021-06-02 19:27:09 +01:00
9c2ebd60e8
Remove duplicati
...
We're a restic shop now!
2021-06-02 19:18:21 +01:00
51b3ffd33a
Allow containers to be cached on CI
...
There's an existing task to clean them up, and being out of date by a week isn't the end of the world
2021-06-01 21:51:18 +01:00
a867df04a5
Add a GitLab runner
...
Woo CI!
2021-06-01 19:29:21 +01:00
64ebaa67d0
Setup email for gitlab
...
Not super useful, but nice to enable it
2021-05-30 21:30:03 +01:00
e6d029e22e
Fix typo
...
D'oh!
2021-05-30 13:56:06 +01:00
bf5c95fbe2
Stop running everything at midnight
2021-05-30 13:55:44 +01:00
9a6eef0320
Use correct cidr for GitLab auth
2021-05-29 22:49:57 +01:00
d922bf30ef
Allow git
user to authenticate over SSH
2021-05-29 22:01:28 +01:00
8610be3ac3
Rename host
...
"gitlab" sounds more like the hosted service, not mine
2021-05-29 22:01:01 +01:00
69abafd8c8
Put GitLab on a real domain
2021-05-29 16:21:47 +01:00
9118938fea
Remove some GitLab constraints
...
I don't need things that constrained. The defaults are probably fine, and better tested.
2021-05-29 15:44:01 +01:00
f063af2478
Reconfigure gitlab on machine start
2021-05-29 11:21:20 +01:00
c7bde8b3dd
Init a GitLab server
...
Some day i'll make up my mind on which server to use, honest!
2021-05-28 22:49:48 +01:00
5ac5e2f8ab
Stagger backup times
2021-05-23 20:37:41 +01:00
7063e55ea9
Increase line length
2021-05-22 20:28:36 +01:00
ee55100016
Update gitea
2021-05-21 21:57:16 +01:00
e6dbe08ce0
Update nextcloud
2021-05-21 21:48:15 +01:00
420ef3b95c
Update synapse
2021-05-21 21:47:32 +01:00
830bd862d9
Update nebula
2021-05-21 21:34:13 +01:00
48e07d2a7e
Rename more bitwarden things
...
Serving on both domains currently, i'll migrate clients and fix that
2021-05-18 22:18:05 +01:00
ae597a7359
Backup plain DB backups on walker
2021-05-16 15:36:56 +01:00
a124bff473
Add scheduling for backup and forgetting
...
Only forget on 1 machine
2021-05-16 15:34:37 +01:00
91725d5876
Add forget and prune commands
2021-05-16 14:39:44 +01:00
5f6dc6e177
Support backing up clickhouse to file
...
It's janky, but it works
2021-05-16 12:25:32 +01:00
b4936f5780
Revert "Store DB files compressed"
...
This reverts commit f4a289ae98
.
Incremental backups work much better with plaintext
2021-05-16 11:16:25 +01:00
1431f7a30a
Add restic to walker
2021-05-09 14:26:21 +01:00
7fc67ca8d4
Put files in the root of the role
2021-05-08 16:47:25 +01:00
f4a289ae98
Store DB files compressed
...
Means external backups can still be compressed a bit
2021-05-08 16:45:08 +01:00
26cd35785c
Fix DB backup location
2021-05-08 16:45:08 +01:00
48c88347a9
Add some healthchecks integration to backup
2021-05-08 16:45:08 +01:00
781aa93892
Add some restic wrapper things
2021-05-08 16:45:08 +01:00
e7c2a7fb34
Provision a restic container
2021-05-07 19:38:11 +01:00
407e59ec5a
Use variables in prometheus config
...
Also replace grimes with walker
2021-05-05 18:12:42 +01:00
9b31efbf43
Destroy grimes
...
And the entire Linode integration
2021-05-05 18:11:14 +01:00
52429e0bc2
walker
isn't a PVE VM
2021-05-04 20:41:19 +01:00
3da14e67dd
Replace minio with webdav for upload
...
Also made sure it all ran as the correct user
2021-05-04 14:08:08 +01:00
f62a1e8374
Replace minio with webdav
...
Much simpler and easier, and lower resources
2021-05-04 11:25:52 +01:00
ad415c2b53
Move website to walker
2021-05-02 17:24:10 +01:00
86482246b3
Move plausible to walker
2021-05-02 16:07:25 +01:00
fe748bfda7
Set permissions on media dir
2021-05-02 12:04:58 +01:00
4a0f7b701b
Install jellyfin through Ansible
2021-05-02 12:04:48 +01:00
a669e34f57
Update bitwarden_rs to vaultwarden
...
I'll do the full rename of everything another time
2021-05-01 23:00:37 +01:00
f2d3cb0835
Add a bash script to backup all database containers as text
2021-04-25 21:39:21 +01:00
8ab0d7cd80
Add duplicati to walker
2021-04-24 22:25:40 +01:00
1fcc63a5da
Move upload
2021-04-24 22:14:29 +01:00
c048e6d20e
Provision walker
2021-04-24 21:59:53 +01:00
03affd269f
FLoC Block
...
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
2021-04-18 22:30:26 +01:00
9ad64b444a
Update gotify
2021-04-16 22:19:27 +01:00
cd31c5f8a5
Update gitea
2021-04-16 22:12:08 +01:00
5d9ee7190d
Swap out deluge for qbittorrent
...
Just run on arch instead of docker, too. Much simpler.
2021-04-16 21:49:00 +01:00
943087b6ad
Fix the stupid postgres path for plausible
...
A lay over from when it was at home
2021-04-15 18:28:24 +01:00
5dc3db5dce
Remove need for geoip database
...
Apparently partial functionality is built-in to the container now
2021-04-15 18:21:18 +01:00
a25c0751fb
Update Plausible
...
Also required updating Clickhouse, due to syntax errors in migrations. It's also nice it's alpine now, and newer
2021-04-15 18:11:44 +01:00
4eec3292a6
Update wallabag
2021-04-11 12:54:59 +01:00
b6f23b31a9
Stop unnecessarily restarting tt-rss
2021-04-11 12:52:48 +01:00
3ce4626e29
Update synapse
2021-04-11 12:52:10 +01:00
62373bf352
Update nextcloud to 21.0.1
2021-04-11 12:48:02 +01:00
796375446e
Update gitea to 1.13.7
2021-04-11 12:42:15 +01:00
1c424cb2ef
Update some IP addresses
...
I really need to stop using these external addresses somewhen...
2021-04-07 22:11:24 +01:00
22d43c16a7
Correctly redirect http traffic to https
...
Bug caused by https://github.com/traefik/traefik/issues/8035
2021-04-06 11:56:05 +01:00
f0193b5807
Scale up bitwarden slightly
...
Should be able to handle a bit more, faster
2021-04-02 12:32:33 +01:00
e0311111af
Update bitwarden
...
Send functionality, woohoo!
2021-03-29 08:23:48 +01:00
ad6bab108a
Keep backups for slightly longer
...
This makes my occasional syncs less likely to do bad things
2021-03-28 19:47:34 +01:00
a1307ff3a5
Remove obsolete port
2021-03-28 16:30:07 +01:00
3c8d9fe940
Block all ports
2021-03-28 16:28:07 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
...
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
ac186f42e0
Keep fewer fail2ban logs
2021-03-28 13:06:01 +01:00
6973fb536f
Add fail2ban for traefik
...
Remote action coming soon
2021-03-28 13:05:38 +01:00
8398a2df21
Use endpoint middleware rather than hacky router
2021-03-27 23:34:34 +00:00
a5af5bea6c
Force bitwarden to use public DNS
...
It doesn't like creating icons for local IP spaces, so my overriden DNS doesn't play well
2021-03-27 18:45:06 +00:00
1d997d3c33
Remove separate private and protected IP
2021-03-27 18:42:06 +00:00
116e1adb50
Disable Traefik pilot on dashboard
2021-03-24 23:14:01 +00:00
36f6bd62bb
Update gitea to 1.13.6
2021-03-24 22:57:45 +00:00
5084bfecdf
Ignore PVE interface from f2b jails
2021-03-24 22:35:28 +00:00
f436e4660b
Remove intersect host config
...
is dead
2021-03-24 22:19:50 +00:00
e67e4565d3
Remove expose_ssh
and support SSH listening on nebula and PVE
...
No more wireguard SSH for me
2021-03-24 22:19:29 +00:00
3c06eb748d
Update gitea to 1.13.5
2021-03-23 17:22:13 +00:00
ece0c841b2
Fix compose version
...
Mostly fix quotes, but also standardize
2021-03-21 18:51:38 +00:00
d4477c4bea
Add bitwarden_rs
2021-03-21 18:47:20 +00:00
65f9206b95
Fix NTP updates
...
Manually apply https://github.com/geerlingguy/ansible-role-ntp/pull/84 , so machines actually update themselves via NTP
2021-03-13 18:46:45 +00:00
f6559ff1bd
Remove collabora
...
It doesn't seem to like being run inside LXC. I barely used it, anyway.
2021-03-12 23:35:39 +00:00
ab1e2fbae2
Increase ZFS RAM usage
...
If i've got a load of RAM free, it might as well be being used to cache ZFS!
2021-03-06 21:38:21 +00:00
3eb286c9bd
Move envrironment variables to docker
...
Using the `TTRSS_` prefix to follow upstream standard rather than container's
https://github.com/lunik1/docker-tt-rss/issues/3
2021-03-06 12:11:08 +00:00
8d136f0b55
Set default phone region for Nextcloud
2021-03-06 11:19:11 +00:00
9d6ed88e13
Monitor proxmox stats
2021-03-05 22:14:21 +00:00
d43d3433fa
Collect SMART metrics for disks
2021-03-05 20:50:08 +00:00
6b95b75fc2
Move telegraf to host
...
This makes metric collection for SMART much simpler. I'll still be using the prometheus node exporter for actual system metrics, though.
2021-03-05 20:39:11 +00:00
aa3da3cf10
Upgrade gitea to 1.13.3
2021-03-05 20:05:51 +00:00
89dbbc71e5
Move files into application directories
2021-03-05 14:40:17 +00:00
8e977edba1
Ignore go metrics
2021-03-05 14:27:33 +00:00
b264e5cbcc
Monitor traefik with prometheus rather than influxdb
2021-03-04 16:37:53 +00:00
e8960ebf27
Connect forrest
to nebula hosts
2021-03-04 16:08:53 +00:00
2e05ed08fa
Use hostname rather than fqdn
2021-03-04 16:06:43 +00:00
a4eb26b129
Use Nebula as the primary private interface rather than wireguard
2021-03-04 16:02:42 +00:00
c6d9102e1e
Don't install NTP on LXC containers
...
This can cause issues with containers trying to sync the system clock, and getting it wrong
2021-03-04 15:45:47 +00:00
aba81f79bc
Add telegraf
...
And input to ping and output via prometheus
2021-03-04 15:16:54 +00:00
914676d209
Add prometheus for metrics
2021-03-04 14:53:03 +00:00
fe2450d43b
Add grafana docker network and restrict port binds
2021-03-04 14:39:40 +00:00
155bc837a8
Update synapse to 1.28
2021-03-02 12:31:07 +00:00
9d5c7e56e8
Move nextcloud things back to tank
2021-03-02 12:26:23 +00:00
21a2532f8a
Update nextcloud to 21
2021-03-02 12:03:13 +00:00
63d156c0a0
Stop always restarting whoami
...
whoami never sets `config_file`, so it's shadowed by whatever set it before
2021-02-27 22:09:24 +00:00
1413efdd19
Copy feed icons and DB to tank
2021-02-27 22:08:01 +00:00
a2fe3ca37a
Fix TT-RSS config
...
It needs to be environment variables now, but there's a bug where it doesn't read docker ones for some reason
2021-02-27 21:29:24 +00:00
b3a72eb8f1
Add influxdb server for metrics
2021-02-14 16:24:45 +00:00
ec0c78e6d9
Read emails from secrets
2021-02-14 12:29:14 +00:00
872471ef52
Setup email for grafana
2021-02-14 12:19:51 +00:00
f7a0877e72
Exclude nebula from fail2ban
2021-02-14 11:39:01 +00:00
d8f2a83dfe
Move grafana data back to pool
2021-02-14 11:33:46 +00:00
385917ba4e
Decrease find time
...
Hopefully reduce false-positive catches
2021-02-14 11:22:32 +00:00
3014e5d052
Provision privatebin
2021-02-12 23:32:31 +00:00
47df8164fa
Define timezone as variable
2021-02-10 09:12:42 +00:00
635f55d7bf
Update gitea to 1.13.2
2021-02-09 17:36:06 +00:00
149d01165f
Restore dockerized grafana setup
...
It's stil on a separate machine, but in docker to allow more applications to be run easier and tied together.
2021-02-09 09:16:52 +00:00
b940d22373
Install docker on forrest
...
I'll be migrating it to docker, so I can run more things simply under Docker
2021-02-08 21:56:06 +00:00
44a3fd4bc5
Only chown when the repos change
...
This keeps claiming it's changing things, even when nothing should have changed
2021-02-07 16:14:56 +00:00
870ac50c58
Update compose path to not be absolute
...
This relies on `which` to find the correct binary instead
2021-02-07 15:59:18 +00:00
a95ceb348f
Install docker from binary on debian distros
...
This is because the repos are usually super out of date, or at least can stray quite a bit
2021-02-07 15:56:25 +00:00
c4999d7b25
Use ansible collections for things
2021-02-07 13:02:14 +00:00
e8496ddced
Deploy deluge in docker
...
Makes version managing so much easier!
2021-02-01 17:24:36 +00:00
ac68b36841
Initially provision deluge
machine
...
Based on Docker, so deluge itself is easier to install and keep updated. Until such time it's in the repos
2021-02-01 15:40:06 +00:00
54eee03524
Fix YAML linting and service name
2021-01-31 17:27:44 +00:00
7b9bab14fa
Remove stray variables file
2021-01-31 16:56:25 +00:00
c7fba8107a
Move grafana to forrest
2021-01-31 16:52:24 +00:00
a79e54d45a
Add forrest
instance
2021-01-31 15:18:20 +00:00
058290b321
Keep track of IPs for PVE hosts
...
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
9023b269eb
Allow PVE VMs to access nebula hosts via ingress
2021-01-31 12:19:33 +00:00
643d843bfb
Enable unsafe routing to PVE network over nebula
2021-01-30 22:59:56 +00:00
da301eb7dd
Provision remaining nebula instances
2021-01-30 20:47:11 +00:00
08ff5dcf94
Provision nebula certs using Ansible
2021-01-30 20:06:31 +00:00
92815a6f76
Add platform-agnostic installation of nebula
2021-01-30 19:10:52 +00:00
723372dd09
Name keys after hostname
2021-01-30 18:16:28 +00:00
703b3b194f
Make index read-only so it's not always reowned
2021-01-29 21:52:22 +00:00
062742bc5e
Update synapse
2021-01-29 21:44:34 +00:00
e1f3572a7c
Set pages
install directory correctly
2021-01-29 21:35:01 +00:00
c5050381fc
Update plausible to v1.2
2021-01-29 21:34:44 +00:00
698804ff38
Remove gitlab
2021-01-28 19:54:03 +00:00
89a6c7680c
Decommission walker
...
Kimsufi is just too annoying of a host. Everything has either been moved off, killed, or has further plans.
2021-01-28 18:56:39 +00:00
b339cb0e2d
Move upload
to grimes
2021-01-28 14:04:55 +00:00
909f693cba
Fix location of zpool
command
...
TIL lookups are executed on the host
2021-01-26 22:02:58 +00:00
3de14efd9e
Remove heimdall
...
I've literally not used it since setting it up
2021-01-26 21:53:52 +00:00
a44a79031a
Init some skeleton nebula stuff
2021-01-25 21:53:04 +00:00
0ecd884a9a
Deploy yourls
2021-01-22 21:29:27 +00:00
2a8f715eca
Add redis cache for gitea
2021-01-22 18:59:52 +00:00
cc847a069c
Resolve zpool location
...
Hopefully this means they actually run
2021-01-22 15:29:41 +00:00
a2c6d7c276
Swap out alpine for debian on ingress
...
Mostly for future nebula deployment
2021-01-22 14:53:02 +00:00
0f9802a46c
Install duplicati on PVE docker machine
...
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
f6c176d2f0
Ensure duplicati base is always updated
2021-01-20 21:30:25 +00:00
fce8cf3768
Update nextcloud
2021-01-20 20:58:28 +00:00
76eeeec260
Update wallabag
2021-01-20 20:39:27 +00:00
3321b852a5
Update traefik to v2.4
2021-01-20 20:33:57 +00:00
700360eb96
Update synapse
2021-01-20 20:20:09 +00:00
3e8a3b2c6b
Update gotify
2021-01-20 20:02:01 +00:00
48c507e0c3
Up page sizes for gitea stuff
...
Screw paginating!
2021-01-19 21:20:00 +00:00
26905e245b
Hide heatmap on gitea
...
It's kinda useless at this scale
2021-01-19 17:42:10 +00:00
41915ec69c
Replace gitlab with gitea
...
Leave gitlab in place for a bit in case I need to get at data
2021-01-18 20:14:38 +00:00
f9187109c7
Correct router name for pages
2021-01-17 20:03:02 +00:00
ac4a93e0ed
Setup DNS for pages
2021-01-17 12:49:23 +00:00
b992df0313
Fix variable name for traefik conditional provider
2021-01-16 23:30:09 +00:00
604202fdce
Add traefik pages
...
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA
2021-01-13 22:12:58 +00:00
969674772c
Snapshot PVE root pool too
2021-01-10 13:23:36 +00:00
7672d99aa8
Remove homeassistant configuration
...
It's now in its own VM, and i'll deal with version control using the git integration there directly I suspect.
2021-01-10 13:12:19 +00:00
b40266b276
Add roles to handle PVE nag and repos
2021-01-09 23:21:35 +00:00
6dd86ea870
Limit ZFS ARC size on PVE
2021-01-09 22:32:55 +00:00
d87ec89887
Persist arc size
...
Modprobe only loads the module, it doesn't ensure the ARC value persists correctly.
2021-01-09 22:25:29 +00:00
0c6e9969bc
Give myself passwordless sudo access to zfs stuff
...
This is needed for syncoid pulls
2021-01-09 21:36:09 +00:00
c3053e9378
Fix location for sanoid install
...
This makes it sync up with where the systemd services expect them to be
2021-01-09 21:28:16 +00:00
7d235e67e0
Add ZFS configuration for PVE
2021-01-09 21:27:52 +00:00
decf5176f7
Use systemd rather than cron for sanoid
...
It's more reliable and easier to get logs
2021-01-09 20:57:47 +00:00
57d9c9d288
Allow configuring of pools to scrub
2021-01-09 20:52:51 +00:00
721bdf60b3
Fix quotes
2021-01-09 18:32:16 +00:00
1b72afdd29
Remove scrutiny role
...
SMART checks are handeld by PVE / something else in future
2021-01-09 18:30:28 +00:00
0506a78d02
Listen on public port
...
Makes connection so much easier
2021-01-09 18:25:08 +00:00
8fe8788458
Move ARC size to defaults so it can be easily changed
2021-01-09 18:24:52 +00:00
5b495688cd
Remove intersect wireguard keys
2021-01-09 18:23:10 +00:00
c38ecfebd7
Update gateway to point to ingress instance
2021-01-09 18:17:54 +00:00
fef7f2c2b4
Move docker containers to new PVE container
2021-01-09 18:02:17 +00:00
a35f2f91ff
Default to using python3 over "legacy python"
2021-01-09 17:55:29 +00:00
0355b6b214
Remove jellyfin docker config
...
It'll be replaced by something else later, don't worry.
2021-01-09 17:17:12 +00:00
2300426f0f
Move default variables into role defaults rather than group vars
2020-12-28 16:23:12 +00:00
422062ae63
Fix lint warning around missing mode
...
This only applies to directories https://stackoverflow.com/a/29793833
2020-12-28 16:16:35 +00:00
3338a1f898
Add jellyfin host
...
Role TBC
2020-12-28 16:08:15 +00:00
6267363ab0
Provision docker VM
2020-12-28 15:57:44 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host
2020-12-28 15:55:45 +00:00
4f1e54baab
Actually enable timer
2020-12-28 15:14:50 +00:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines
2020-12-27 22:39:33 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
...
This makes future composition possible
2020-12-22 15:53:03 +00:00
0353887590
Add override to ensure ZFS starts before docker
...
Stolen with love from 7dda0bc7cb
2020-12-21 21:37:46 +00:00
30cb9e52e7
Install and provision wireguard client on ingress server
2020-12-21 18:24:35 +00:00
3197953796
Provision PVE and ingress VM
2020-12-21 17:11:38 +00:00
44fb8f5380
Set some image resizing preferences
...
This stops the thumbnailing being quite as intensive
2020-12-11 17:39:58 +00:00
2bfad84071
Pin wallabag to newer version
...
2.4.0 came out *finally*
2020-12-11 17:39:35 +00:00
5a808e90e0
Update synapse
2020-12-11 17:36:06 +00:00
af1b7f754c
Update nextcloud to 20.0.3
2020-12-11 17:35:50 +00:00
8e6a3324a1
Install duplicati on grimes
...
Makes backing up website things a bit easier
2020-12-07 18:09:29 +00:00
6d75272d34
Move plausible to new server
2020-12-05 12:33:50 +00:00
e1dd6c4c05
Init new web server on Linode
...
I'll terraform it later, honest!
2020-12-04 23:02:19 +00:00
08bb8f22ca
Add feediron plugin for tt-rss
2020-11-25 13:16:13 +00:00
b5d676b6fe
Install fever plugin for tt-rss
...
Had to chown the directory afterwards, as git wouldn't play nice with `become_user`
2020-11-25 13:00:06 +00:00
48762bcfcd
Remove redundant quoting
2020-11-25 11:41:26 +00:00
a35ee7c824
Change base URL to default so the tracker script still uses disguised domain
2020-11-25 11:40:54 +00:00
2b291548f9
Just do plain path replacement
2020-11-25 11:38:47 +00:00
a81e2793f8
Add a secondary domain for plausible less likely to match blockers
...
Might change things, might not. But it's a fun experiment to try anyway.
Using a custom middleware to override the path due to https://github.com/plausible/analytics/pull/340
2020-11-25 11:11:29 +00:00
e8d3a72ea8
Update nextcloud to 20.0.2
2020-11-22 15:40:23 +00:00
1d8f54c778
Update synapse
2020-11-22 15:32:17 +00:00
3ddfd77bdf
Stop running synapse as root
2020-11-22 15:08:08 +00:00
310feaf332
Use correct args to build synapse DB
2020-11-22 15:07:34 +00:00
367de37fab
Actually disable unnecessary logging rather than change level
...
Also disable even more of them
2020-11-12 23:01:32 +00:00
2a4b3ec3e6
Increase timeout for SSH sessions
...
Stll check relatively often the client is still there, but check many times so the connection stays open a decent amount of time. Especially useful for long-running commands.
2020-11-08 22:04:30 +00:00
f5c7c094d3
Fix gotify container name
...
Gotify != duplicati
2020-11-08 11:07:57 +00:00
5c1f17e2aa
Update synapse
2020-10-28 18:22:30 +00:00
0fc57049e4
Update nextcloud to 20.0.1
2020-10-28 15:22:49 +00:00
f450d4a8f2
Pin jellyfin version
2020-10-27 17:38:10 +00:00
f414781182
Use new whoami container
2020-10-27 16:13:14 +00:00
c63506d2bc
Pin traefik to patch version
2020-10-27 16:13:14 +00:00
6ae8d0febe
Pin plausible versions
2020-10-27 16:13:14 +00:00
f665b87965
Allow NTP role to manage config
...
Hopefully this closes the port
2020-10-24 17:36:39 +01:00
ff72f5a25e
Move nextcloud data dir to ZFS
2020-10-24 14:26:30 +01:00
5eb3870fbe
Set mode on fail2ban filter and jail
2020-10-24 12:10:54 +01:00
8932ac828f
Add geoip database for plausible
2020-10-24 12:10:37 +01:00
47ad40bb52
Remove watchtower, and do updates manually from now on
...
Keeps @IronicBadger happy!
2020-10-22 18:07:48 +01:00
efd22010b7
Use new LSIO mod which does more
2020-10-19 17:29:28 +01:00
a46525aa80
Move configuration for custom port to Traefik config rather than custom container expose
...
Still a work-around for https://github.com/plausible/analytics/pull/237
2020-10-18 22:31:23 +01:00
0ca3f36f7a
Move some more nextcloud components to ZFS
2020-10-18 18:02:48 +01:00
58605c1c24
Don't snapshot tank root
...
This makes syncoid unhappy, and is generally unnecessary
2020-10-18 17:45:49 +01:00
bedbb0f5f4
Fix service to restart
2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module
2020-10-16 19:16:42 +01:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs
2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
...
This reverts commit 1f0e33acc8
.
2020-10-16 19:16:42 +01:00
30baed441e
Mount external files into nextcloud
...
Means some bits can live outside the nextcloud dir
2020-10-10 18:01:27 +01:00
b8ea056455
Remove netdata
...
Don't use it anyway
2020-10-09 23:39:55 +01:00
6852b84406
Change watchtower to run daily
...
A holdover until less of the containers are using `:latest`
2020-10-09 23:20:07 +01:00
5496744428
Remove web-rng
2020-10-09 23:11:53 +01:00
f7afaacbdc
Move website to be hosted on GitLab pages
2020-10-09 21:35:57 +01:00
7f09db5d20
Add heimdall
2020-10-07 14:09:23 +01:00
e9f61070f8
Update nextcloud to version 20
...
Using the new LSIO tags for version specific pins! 🎉
2020-10-07 09:18:32 +01:00
0a9deb3d9e
Update plausible environment so it's compatible with v1
...
Read the changelog, folks!
2020-10-06 21:48:34 +01:00
93ccb686e7
Drive watchtower config from environment
2020-10-06 09:10:26 +01:00
413ff4dad9
Add script to update containers
...
This is an attended update, which is better. Eventually replace watchtower
2020-10-06 08:44:01 +01:00
2c4e1e0414
Pin Plausible to major version
2020-10-05 18:43:12 +01:00
29c9e14f62
Remove haproxy chroot
...
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
4c40faf21d
Move clickhouse off ZFS
...
For some reason, they really don't play well together!
2020-10-03 17:18:11 +01:00
68bda30cb2
Add nginx container for getting access to files via rclone
2020-10-03 11:41:38 +01:00
64788eb602
Move transcodes to tempfs
...
Means I can remove the scratch disk
2020-10-02 18:12:15 +01:00
1f398b25c3
Store fewer snapshots for downloads directory
2020-10-02 18:11:53 +01:00
191374b812
Move deluge onto walker
...
Stop torrent traffic being limitted by home broadband
2020-10-02 18:11:34 +01:00
6cfaa3a03a
Update traefik
2020-10-02 09:20:33 +01:00
aee9507ec0
Update synapse
2020-10-02 09:13:41 +01:00
addd4f351c
Update nextcloud base
2020-10-02 09:13:34 +01:00
285f7b8a31
Update Gotify
2020-10-02 09:13:13 +01:00
a799ad9657
Scale gitlab up a tiny bit
2020-10-01 19:46:04 +01:00
4742552839
Add notes site
2020-09-30 18:49:36 +01:00
4e7c5ffd67
Add docker mod to scale worker processes to a sane value
2020-09-28 20:14:41 +01:00
07b0650618
Remove statping
...
It's buggy as all hell, super slow, and doesn't really get used for monitoring
2020-09-27 14:17:46 +01:00
5079599b9d
Require TLS 1.2
2020-09-27 12:36:49 +01:00
d93920c2b6
Move home-assistant stuff to ZFS
2020-09-27 11:31:05 +01:00
a303bed27f
Define app data dir in variable
2020-09-26 21:15:44 +01:00
361a78e8e0
Update yamllint
2020-09-26 17:54:14 +01:00
24d11deeae
Update ansible-lint
...
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
cc43910be6
Fix scrutiny so it picks up which task to run correctly
2020-09-26 17:10:07 +01:00
3c21c5670c
Replace postgres with mariadb
...
Its' recommended, and might hopefully fix my annoying auth issues!
2020-09-26 14:49:38 +01:00
40488f62b7
Also set user id for collector container
...
Else it chowns the DB, and doesn't run correctly
2020-09-24 22:18:34 +01:00
fd83820faa
Install scrutiny
2020-09-21 21:16:00 +01:00
a67361b9b5
Explicitly define bed lights
2020-09-19 16:16:24 +01:00
2bbc7c715f
Add GZIP compression to projects which don't natively support it
2020-09-18 12:42:36 +01:00
092f12459e
Fix XML formatting
...
This caused clickhouse to crash hard!
2020-09-18 12:21:15 +01:00
782b008cd3
Fix name of config so they're not constantly changed with each run of ansible
...
derp!
2020-09-18 12:11:44 +01:00
62e629187b
Clean up indent
2020-09-18 12:10:53 +01:00
4ad2bdc77a
Change clickhouse connection to unified variable
2020-09-17 15:18:01 +01:00
a8438c4c2a
Add grafana image renderer
2020-09-13 10:47:59 +01:00
809a977c63
Also update nextcloud config file
2020-09-12 23:15:08 +01:00
9cea8743e9
Update gotify
2020-09-12 22:54:49 +01:00
4c92fba2b9
Change gitlab trusted proxies to be docker IP space
...
Else it becomes `127.0.0.1`, which is obviously not right
2020-09-12 20:03:22 +01:00
6ad9fa070f
Update nextcloud
2020-09-11 21:30:20 +01:00
9ca2546766
Decommission grimes
...
Most of the function has moved to `walker`
2020-09-10 20:39:54 +01:00
1ecfc5b7fa
Update traefik
2020-09-10 20:16:23 +01:00
59a447023b
Update nextcloud base
2020-09-09 20:43:52 +01:00
c220f19545
Move scratch disk under /mnt
...
Mounting disks is hard!
2020-09-08 21:17:51 +01:00
2db72623ad
Remove DB backups for containers on ZFS
...
Snapshots are a better backup
2020-09-08 20:41:47 +01:00
b47de7e70b
Disable healthchecks for GitLab pages
...
Because of everything we have disabled, Docker considers the container unhealthy
2020-09-05 23:08:58 +01:00
8c4397d39a
Set rails trusted proxies
2020-09-05 22:29:16 +01:00
2af3241bd2
GZIP compress gitlab pages
2020-09-05 20:52:18 +01:00
19b2330832
Disable logrotate for pages
...
Logs are in a tempfs anyway, and it's just another process to be running
2020-09-05 20:36:45 +01:00
ea54d1be69
Expose pages sites
2020-09-05 20:33:57 +01:00
0a1b541974
Remove compression middleware for gitlab
...
This is already handled by the application
2020-09-05 18:27:56 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik
2020-09-05 18:27:04 +01:00
0289342e2c
Remove goaccess container
2020-09-05 17:29:40 +01:00
4c1ccfc4e4
Only clear containers weekly
...
This will be more helpful now, as repeat CI jobs won't need to re-download containers as often
2020-09-05 17:01:54 +01:00
af9c66785e
Decrease watchtower polling rate to 10 minutes
...
Doesn't need to be that intensive
2020-09-05 17:01:30 +01:00
77113246b0
Remove remaining gitea configuration
...
Goodbye old friend
2020-09-05 16:56:27 +01:00
c1dc26ce35
Install gitlab pages daemon
...
I'll deal with traefik domains later
2020-09-05 16:50:56 +01:00
e579edc758
Use lsyncd to push files to gitlab pages server
...
Server itself in future commit
2020-09-05 16:24:47 +01:00
1487915bbc
Also disable thread log
2020-09-02 20:12:31 +01:00
c47ff494e0
Revert "Disable docker healthchecks"
...
Turns out it really just takes that long to start up!
This reverts commit 61ed3db887
.
2020-09-01 21:50:03 +01:00
61ed3db887
Disable docker healthchecks
...
Makes traefik take *ages* to detect the container is actually running. Let it 502 if it has to
2020-09-01 20:12:52 +01:00
3bc1d75d9e
Ensure the correct IP is detected
2020-09-01 20:12:16 +01:00
acef6246d0
Replace gitea with gitlab
...
Leave gitea in place for a bit in case I need to change back suddenly
2020-09-01 19:47:39 +01:00
84d529be2f
Update synapse
2020-08-31 18:47:37 +01:00
3b7493ae8f
Set default theme to dark and assign default proxy
2020-08-30 21:11:29 +01:00
1ed078ef23
Fix SSH port for gitlab
2020-08-30 21:08:04 +01:00
4610d5ced2
Update nextcloud to 19.0.2
2020-08-30 20:28:49 +01:00
3d76c48bbf
Use postgres on homeassistant
2020-08-30 16:58:27 +01:00
ec751ffa1a
Add influxdb to monitor traefik
2020-08-30 15:58:03 +01:00
17f0e22962
Migrate grafana to postgres
2020-08-30 14:53:08 +01:00
8efb3e0d69
Expose gitlab SSH
2020-08-30 11:22:15 +01:00
796c694170
Run duplicati as root
...
This ensures it has all the right permissions to access all the right files. Host is mounted read-only, so there's no real security risk.
2020-08-30 11:15:08 +01:00
5940b6970a
Move gitlab to ZFS pool
2020-08-30 10:19:57 +01:00
0ce15cb4d8
Add gitlab
2020-08-29 23:56:14 +01:00
da90b12643
Modify clickhouse settings so it's not a resource whore
...
This means it can be moved back to ZFS!
2020-08-28 14:20:13 +01:00
c6791e4098
Remove stray vault file from removing todoist-github
2020-08-28 14:17:45 +01:00
8a7cc5e57e
Move clickhouse back to old disk
...
It does a stupid number of writes, and the snapshots are massive! Until i've worked out why it writes so much, move it to a less critical disk
2020-08-27 14:16:12 +01:00
9a8995f1f8
Use single cron job for pruning and taking snapshots
...
Less to manage, and less lock contention
2020-08-26 13:02:50 +01:00
77262cd206
Reduce number of sanoid snapshots
...
It should be pretty quick for me to realise something went wrong. Can recycle through space much quicker this way!
2020-08-26 09:08:26 +01:00
1f70a46c35
Add custom clickhouse config
...
This changes the default log level to warning, to ensure the log file isn't being hammered
2020-08-26 08:54:37 +01:00
3edc34759d
Mount clickhouse logs on tmpfs
...
WHO LOGS TRACE BY DEFAULT?!
2020-08-25 22:05:10 +01:00
742412259c
Mount transcodes on scratch disk
...
Don't want them getting caught by sanoid!
2020-08-25 14:30:26 +01:00
4feff3d247
Move jellyfin to ZFS
2020-08-25 14:17:57 +01:00
6808e86a6d
Update nextcloud base
2020-08-24 14:30:11 +01:00
922b688615
Bump ZFS usage to 50% RAM
...
It's a lot, but should be dealable on most machines
2020-08-23 14:15:09 +01:00
f531d4f915
Move plausible onto ZFS
2020-08-22 12:19:47 +01:00
9ffdd4d711
Move grafana to ZFS
...
Don't need to create the directory anymore really
2020-08-22 12:07:44 +01:00
f517831435
Install synapse config to right place
2020-08-22 12:03:04 +01:00
67dfe6a8a0
Remove todoist-github
...
It's got some pretty big bugs, and isn't running anyway
2020-08-22 12:01:24 +01:00
07d5c4fa72
Move quassel to ZFS
2020-08-22 11:59:10 +01:00
3dc8ee16b5
Move wallabag to ZFS
2020-08-22 11:51:51 +01:00
ff7ec46e77
Move synapse to ZFS
2020-08-22 11:42:03 +01:00
037d719906
Migrate deluge data to ZFS pool
2020-08-22 11:20:38 +01:00
8d2c6dfb68
Move gitea to ZFS
2020-08-21 16:02:56 +01:00
bc5d6d512b
Move calibre to ZFS pool
2020-08-21 15:34:04 +01:00
2866cd0602
Move TT-RSS into ZFS pool
2020-08-21 15:33:46 +01:00
35266e975d
Drive sanoid changes from YAML
2020-08-20 21:47:12 +01:00
1bcb8f22b1
Fully resolve path to sanoid
...
Apparently cron didn't like just `sanoid`
2020-08-20 21:24:33 +01:00
a2e021ac43
Install ZFS on home server 🎉
2020-08-19 21:34:23 +01:00
a5aa21429c
Conditionally run reflector role rather than manually defining which machines run arch
2020-08-19 18:58:58 +01:00
63ec7c671a
Manually install sanoid
...
Makes the foundation for a future external role
2020-08-19 18:40:17 +01:00
fcd4dbf657
Fix casing
...
Turns out it's a lower case "l"
2020-08-19 17:59:56 +01:00
2ef836b2e9
Remove synapse helper scripts
...
They're not maintained, and actually highly advised against
2020-08-18 20:39:23 +01:00
efc7a5d7fb
Allow arc to be 20% RAM usage
2020-08-18 13:47:48 +01:00
cbbd7bf83d
Update synapse
2020-08-18 13:13:25 +01:00
6716b418d7
Ensure cron tasks are run as the right user
...
Looks like by default they're installed as the current user, not root. Bad ansible documentation!
2020-08-17 22:29:02 +01:00
af22e89a73
Update nextcloud base
2020-08-17 13:57:53 +01:00
bf4e90d053
Update synapse
2020-08-17 13:57:44 +01:00
150a34be2f
Provide cron flag to sanoid
2020-08-17 13:49:07 +01:00
0902dd001e
Expose grafana
2020-08-07 12:03:45 +01:00
9d014cfa1c
Install grafana and link it to HA
2020-08-07 11:52:15 +01:00
301ac37868
Remove legacy integrations
2020-08-06 17:05:19 +01:00
55f79b4a51
Remove socks proxy
2020-08-05 20:56:12 +01:00
c888fc5e72
Pull new images before taking application down
2020-08-05 17:43:04 +01:00
1195a5001e
Add reflector to keep mirror lists updated
2020-08-05 12:15:28 +01:00
384a07b513
Run plausible migrations on startup
2020-08-04 22:07:45 +01:00
19c134564a
Add duplicati to walker
...
Gotta backup them backups
2020-08-04 21:09:45 +01:00
7d3f6a8121
Remove duplicati from grimes
2020-08-04 20:58:10 +01:00
e184c7fba1
Move website over to walker
2020-08-04 20:54:53 +01:00
6ceea80ee7
Fix website restart
2020-08-04 20:54:34 +01:00
4b7830567b
Add postgres backups for plausible
2020-08-04 19:49:21 +01:00
7c0d78ee9d
Remove folding-at-home
...
New server location isn't especially ventilated, so heat is an issue.
I'm sorry.
2020-08-04 19:41:01 +01:00
c435ad1ba8
Ensure plausible is restarted on error
2020-08-04 19:38:01 +01:00
969b0bd8d9
Update traefik
...
Fixes GHSA-6qq8-5wq3-86rp
2020-07-30 21:46:44 +01:00
ed00a0d40e
Update gitea
2020-07-29 18:26:13 +01:00
a6047da465
Use default port
2020-07-28 20:31:32 +01:00
91effbcac5
Add ZFS scrub cron job
2020-07-26 22:17:28 +01:00
6e58b07519
Remove unnecessary quotes
2020-07-26 18:22:43 +01:00
ebbd2a4015
Install zfs and sanoid
2020-07-26 18:03:09 +01:00
5cb1a470ab
Bump plausible pool size
2020-07-26 15:40:03 +01:00
f77cd1216f
Move upload server to walker
2020-07-24 17:14:39 +01:00
3c7c0ec3fa
GZIP plausible traffic
...
Plausible doesn't gzip for itself. Funnily enough the tracker is actually too small to be compressed by Traefik!
2020-07-22 12:18:49 +01:00
9ee4e1c14b
Add plausible analytics
2020-07-21 20:55:44 +01:00
74d40ac915
Update traefik
2020-07-18 13:29:20 +01:00
005cc528b6
Update nextcloud to 19.0.1
2020-07-17 14:48:50 +01:00
7a38207ef0
Update traefik
2020-07-15 14:53:36 +01:00
b7aebfaabd
Move statping to new machine
...
Also update it to the latest version. It's probably still buggy AF, but it'll do for what I need it to rigth now.
2020-07-14 19:35:55 +01:00
52e8f34198
Pin jellyfin to latest
...
It can update itself just fine
2020-07-13 18:09:33 +01:00
9d962c324b
Update synapse
2020-07-13 18:04:20 +01:00
bb5a5b61bd
Update traefik
2020-07-13 18:04:11 +01:00
dd8523ebdd
Update gitea
2020-07-13 18:02:51 +01:00
eed13e3727
Setup offsite storage service
...
My own lil' S3
2020-07-12 21:01:06 +01:00
3c49c80ff1
Ensure traefik only listens on wireguard network
2020-07-12 19:29:18 +01:00
0314908eac
Install docker on new server
2020-07-12 19:21:27 +01:00
9c0682ef9b
Restrict SSH connections to wireguard cidr
...
Except on home server, still handy to connect on same network.
2020-07-12 17:53:02 +01:00
a6a3982cc8
Provision keys for walker
2020-07-12 17:19:51 +01:00
693c3fc0ab
Remove legacy vars file
2020-07-12 17:12:47 +01:00
63eecf7a56
Provision new dedicated server
2020-07-12 17:06:02 +01:00
e5e308fafa
Remove firewall role
...
firewalld does not play nice with docker!
2020-07-12 17:04:13 +01:00
f2d7d63e2d
Update nextcloud base
2020-07-10 16:15:13 +01:00
dc2b51db6b
Update synapse
2020-07-10 16:02:06 +01:00
ba486a26e4
Update duplicati
2020-07-09 19:27:53 +01:00
13a70b27a4
Add RGB LED controller
2020-07-06 20:48:57 +01:00
82bffc3538
Setup firewalld
2020-07-03 21:53:31 +01:00
fba284f9a9
Change primary gitea domain to the one I actually use
2020-07-02 19:42:51 +01:00
1c99477ce9
Move nextcloud config into root
2020-07-02 18:44:27 +01:00
c80d4b7e04
Move tt-rss config out of config directory
2020-07-02 18:24:26 +01:00
689c0cecd9
Set permissions on nextcloud data dir
2020-07-02 17:52:53 +01:00
452118e2a9
Update synapse
2020-07-02 17:41:22 +01:00
86a398d6b4
Replace docker-compose restart hack with shell handler hack
...
The docker-compose integration would start 2 of the same container, which does bad things to things like databases!
2020-06-28 20:13:12 +01:00