Commit graph

919 commits

Author SHA1 Message Date
7e6e630808
Don't provision occ script on every machine
It only makes sense on 1
2022-01-21 22:28:13 +00:00
6db0500e1b
Provision remote f2b key with ansible 2022-01-21 22:11:49 +00:00
e8d4244946
Restart nebula, rather than reloading it
Reloading doesn't actually work it seems
2022-01-21 21:52:48 +00:00
af396a21cb
Provision a new caseyon Linode 2022-01-21 21:52:21 +00:00
188b7c9dd6
Install wireguard tools before provisioning config 2022-01-21 20:29:34 +00:00
c1319a134a
Forget snapshots in groups by host
By default, it includes the path, which means path changes result in very old snapshots

https://twitter.com/RealOrangeOne/status/1484217495124852748
2022-01-20 17:43:56 +00:00
1db289b604
Show domain in logs rather than upstream
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
9404f71dc6
Remove old DB backups dir from backups 2022-01-16 17:56:45 +00:00
a07b1dbad5
Ensure grimes backs up its databases 2022-01-16 17:56:13 +00:00
5cc552d0eb
Add container to automatically backup DBs 2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik 2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
1348eb8b1c
Prefent yourls redirect page being indexed 2022-01-11 21:20:23 +00:00
89a99d2db2
Make ansible a dev dependency
It's required by `ansible-lint` to work properly
2022-01-11 21:19:02 +00:00
c5215e330b
Update yamllint to fix dependency issue
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
cf0e718bfb
Migrate decker services to linode
Mostly just uptime-kuma
2022-01-11 09:07:48 +00:00
41289ab359
Reduce ZFS memory usage to 5GB
That's still more than 1GB per usable TB of space. Should really be ample
2022-01-08 12:29:35 +00:00
1f6c6858e5
Fix NTP timesyncd issue
https://github.com/geerlingguy/ansible-role-ntp/pull/110
2022-01-08 12:29:13 +00:00
02cfd37a02
Update uptime-kuma 2022-01-08 12:18:25 +00:00
1a74e05a7c
Create a dedicated machine for renovate
This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:59:13 +00:00
78b0161585
Install renovate
It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now
2022-01-01 18:23:32 +00:00
b81f250d02
Update clickhouse config to reference new tables to remove 2021-12-29 17:34:07 +00:00
062c4a25fb
Keep just 2 weeks of backrest logs
That's ample
2021-12-28 12:57:57 +00:00
711d78bfd3
Only try and rotate the log files
Previously, this was also rotating the compressed logs, for some reason
2021-12-28 12:57:08 +00:00
3a7d2194cc
Update tt-rss DB to postgres 14 2021-12-22 22:39:46 +00:00
66c48c4a69
Remove old domain for vaultwarden
It's been long enough
2021-12-22 15:41:14 +00:00
e6ecffdf62
Update vaultwarden DB to postgres 14 2021-12-22 15:33:40 +00:00
ec9ca428a3
Update synapse DB to postgres 14 2021-12-22 15:24:37 +00:00
fbdbc8afb5
Update quassel DB to postgres 14 2021-12-22 13:17:01 +00:00
da41fcd7bc
Update grafana DB to postgres 14 2021-12-22 13:10:06 +00:00
6681ad43fb
Update plausible DB to postgres 14 2021-12-22 12:57:49 +00:00
31b7811b1f
Use new clickhouse docker repository 2021-12-22 12:01:25 +00:00
b6a0fdfd1d
Unpin the version of yourls
It's a very simple, non-critical application, which I keep forgetting to update
2021-12-21 21:48:41 +00:00
1c645fa106
Update yourls mariadb to 10.7 2021-12-21 21:40:56 +00:00
c5beb223be
Update clickhouse to 21.12 2021-12-21 21:31:53 +00:00
0734ff42d8
Move grafana variables to vault file 2021-12-21 20:22:47 +00:00
7b6675a9d0
Move gitlab variables to single vault 2021-12-21 20:12:05 +00:00
4cbc15fe0b
Move gitlab runner secrets to dedicated vault 2021-12-21 20:00:54 +00:00
66662594d0
Extract plausible secrets to dedicated vault 2021-12-21 19:57:43 +00:00
fcda77e750
Extract vault items from host vars 2021-12-21 19:36:52 +00:00
0b352e22d1
Merge all group vars into single vault file
This will make tracking down where a secret is defined much simpler
2021-12-21 18:04:03 +00:00
dce7c782ec
Move wireguard keys into a separate vault file 2021-12-21 17:58:52 +00:00
3f37cd4448
Be quiet on interpreter warnings
It works fine, I don't need to be screamed at
2021-12-20 21:17:42 +00:00
8d40a49780
Move traefik pages secret into full vault file
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
9e473265a5
Read vault password from bitwarden instead of filesystem
https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00
b50659ab5d
Update nextcloud to 23 2021-12-19 21:18:09 +00:00
a5329665c0
Update vaultwarden to 1.23.1 2021-12-15 20:21:01 +00:00
9834a45ec5
Update uptime-kuma to 1.11.1 2021-12-15 20:20:50 +00:00
699673c3b5
Update Synapse to 1.49.0 2021-12-15 20:19:51 +00:00
9e899d0f52
Update nebula to 1.5.2 2021-12-15 20:18:25 +00:00
bbfd872a24
Mount the whole host into the restic LXC, so I can backup PVE config 2021-12-11 13:17:58 +00:00
4452cc4eeb
Update synapse to 1.47.1 2021-11-23 22:04:42 +00:00
eed75d8648
Mount homeassistant data into restic for external backup 2021-11-21 21:53:35 +00:00
47bcbd855e
Update nextcloud to 22.2.3 2021-11-16 21:04:54 +00:00
5c0987de4d
Update uptime-kuma 2021-11-15 20:26:29 +00:00
e1205564cb
Update nebula to 1.5.0 2021-11-15 20:26:20 +00:00
ccaff503da
Move decker from AMS to Paris
The AMS DC has a bit of a flaky network connection, which isn't what you want for monitoring.
2021-11-06 16:45:09 +00:00
64695c3be1
Don't pipe dat ainto curl for healthchecks
See https://github.com/IronicBadger/ansible-role-snapraid/pull/9
2021-11-04 16:46:59 +00:00
ef22a43293
Update uptime-kuma to fix security issue 2021-10-29 21:52:09 +01:00
1b4d5de701
Rename plausible embed router
There's nothing really "bare" about it
2021-10-29 20:47:02 +01:00
0cb2a70d24
Upgrade Plausible to 1.4 2021-10-29 20:46:28 +01:00
090745456f
Update vaultwarden to 1.23.0 2021-10-23 16:24:42 +01:00
41fadd892e
Update uptime-kuma 2021-10-23 16:24:29 +01:00
4cdaba4692
Swap certificates for wildcards 2021-10-18 21:59:10 +01:00
ebb571bf20
Increase GC frequenc to work around restic's high memory usage
https://github.com/restic/restic/issues/1988
2021-10-15 12:39:16 +01:00
6cc7d0b89e
Update synapse 2021-10-14 18:34:49 +01:00
31208856c2
Pin uptime-kuma version
It's pretty important now
2021-10-14 18:34:00 +01:00
6f0d4b60df
Run more web processes for tt-rss 2021-10-03 16:45:18 +01:00
c867efbe3b
Use alternative container registries where available 2021-10-03 16:26:10 +01:00
3727dd473c
Update synapse to 1.43 2021-10-01 21:17:13 +01:00
7fd176466d
Update nextcloud to 22.2.0
Required quite some hacks around federatedfilesharing app not wanting to update
2021-10-01 20:52:07 +01:00
4293d030d4
Don't lint globally installed roles 2021-09-27 14:50:08 +01:00
4db474034e
Ignore my VMs from a fail2ban 2021-09-27 14:49:56 +01:00
7e2d01c612
Change domain
Now there's a status page, we can consider it public
2021-09-25 21:34:18 +01:00
3daf939b32
Update uptime-kuma container
Now does user management itself
2021-09-25 21:08:42 +01:00
8a37a9d41b
Move uptime-kuma to decker 2021-09-25 21:03:56 +01:00
a135aae5f3
Provision new VM
This will be used for monitoring
2021-09-25 16:59:23 +01:00
48934ad2c5
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
83ed8879dc
Correctly set smtp user for GitLab
The user and from are different in my case.
2021-09-19 22:34:40 +01:00
178ca6b2c4
Add privatebin config
Disable super long expirations, among other things
2021-09-19 19:29:05 +01:00
d70f450e2d
Change forget resolution to 30d
Restic is really annoying with its retention arguments, not really allowing what I want, so this is the easiest way to get decent retention.
2021-09-07 22:04:23 +01:00
0a8167c839
Remove stray expose
Traefik picks up the port just fine
2021-09-07 21:04:19 +01:00
eedba465c4
Update synapse 2021-09-07 21:04:04 +01:00
a866938207
Fix hostname of restic server 2021-09-06 21:07:10 +01:00
2db8ca5059
Add basic auth to dokku 2021-09-05 23:11:28 +01:00
a278443850
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
6e25403b3d
Update synapse to 1.41.1 2021-08-31 19:08:38 +01:00
86e9d12ce6
Update nextcloud to 22.1.1 2021-08-31 19:03:19 +01:00
c2cd2e6e34
Add backups for grimes 2021-08-30 21:50:55 +01:00
07b2ea2ccb
Add the ability to exclude certain paths from backup 2021-08-30 21:49:58 +01:00
259b0ca7a6
Use upstream telegraf role
https://github.com/rossmcdonald/telegraf/pull/54 shipped
2021-08-30 21:22:26 +01:00
dcbe6e8e72
Use upstream version of ansible-role-snapraid
https://github.com/IronicBadger/ansible-role-snapraid/pull/7 shipped
2021-08-30 21:21:58 +01:00
95216b32c4
Consolidate server blocks 2021-08-24 14:31:12 +01:00
453a374801
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
f14e723d40
Fix service name on ingress
It's not alpine
2021-08-24 11:52:35 +01:00
601b916b43
Remove deprecated clients from wireguard server
I use nebula now for all that
2021-08-24 11:14:04 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
ecb946bab4
Remove nginx version from headers 2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00
a54d373526
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00