Commit graph

966 commits

Author SHA1 Message Date
c1319a134a
Forget snapshots in groups by host
By default, it includes the path, which means path changes result in very old snapshots

https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
619d5bfa7b
Give every cloud machine its own cname 2022-01-19 08:44:21 +00:00
af07840de7
Harden SPF 2022-01-19 08:19:51 +00:00
9404f71dc6
Remove old DB backups dir from backups 2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases 2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs 2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik 2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed 2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
db68c107d0
Decommission decker on Vultr 2022-01-11 19:25:04 +00:00
ceb62cc0c8
Open the right ports so web traffic will flow 2022-01-11 09:08:23 +00:00
cf0e718bfb
Migrate decker services to linode
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
50398eac07
Commit the terraform lock file
It tells you to
2022-01-08 22:12:44 +00:00
e50a1f9a72
Privision a decker on linode 2022-01-08 22:12:28 +00:00
0a13f78d29
Add linode to terraform setup
Let the migration, begin!
2022-01-08 22:11:34 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma 2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove 2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14 2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14 2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14 2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14 2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14 2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14 2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository 2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7 2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12 2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file 2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault 2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault 2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault 2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars 2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file 2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
e2029cf8aa
Pretend vault pass script is the password 2021-12-20 17:48:14 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23 2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1 2021-12-15 20:21:01 +00:00