Commit graph

135 commits

Author SHA1 Message Date
Sam A. 6592020863
Repo installations will add PGP keys 2024-01-06 17:19:51 +01:00
Sam A. 99942dadfb
Fix WebSocket support 2024-01-01 16:33:52 +01:00
Sam A. 0db32bf185
Only install haveged on KVM instances 2023-12-31 23:02:51 +01:00
Sam A. 61fad5cab0
Add in sapt-labs-mda01 2023-12-31 20:03:08 +01:00
Sam A. 6bbf57ccf2
Add Lab LAN to proxy_trusted_subnets 2023-12-31 18:44:25 +01:00
Sam A. 6b7bd105a3
Move stuff around 2023-12-31 18:39:08 +01:00
Sam A. c8a15443c3
Only allow global access to production in Caddy 2023-12-31 18:34:36 +01:00
Sam A. f190d0bc61
Add reload-proxy option to deploy.sh 2023-12-31 18:27:09 +01:00
Sam A. 64f09eded2
Configure $connection_upgrade and set X-Real-IP 2023-12-31 15:41:50 +01:00
Sam A. df2172d72b
Add HTTP headers to Nextcloud 2023-12-31 14:48:22 +01:00
Sam A. 9dc3df8d0f
Make MOTD message less wide, for small screens 2023-12-30 19:01:41 +01:00
Sam A. e3fa67ef54
Fix stuff 2023-12-29 19:59:58 +01:00
Sam A. 2a0fcd6012
Fix Restic putting Nextcloud in maintenance mode 2023-12-29 19:42:43 +01:00
Sam A. e5cbeec0d7
Upgrade Nextcloud to version 28 2023-12-29 19:11:33 +01:00
Sam A. bf2cab8384
Use Jinja2 comments 2023-12-29 19:07:08 +01:00
Sam A. adb67678a8
Remove ! 2023-12-29 19:00:09 +01:00
Sam A. f59f1dc5cd
Add MOTD 2023-12-29 17:43:18 +01:00
Sam A. 8dfc27cb34
Add NEXTCLOUD_TRUSTED_DOMAINS 2023-12-29 00:22:15 +01:00
Sam A. aa137ae9e3
Nextcloud success! 2023-12-28 22:39:11 +01:00
Sam A. fa0d70732d
Allow HTTP(S) for public zone 2023-12-28 21:04:33 +01:00
Sam A. 6265387d02
Make deploy.sh accessible with sudo 2023-12-28 19:00:50 +01:00
Sam A. c76ec95ab9
More packages 2023-12-28 18:33:05 +01:00
Sam A. f04e21927d
Sort for loops 2023-12-28 17:19:51 +01:00
Sam A. 3a01a5fd48
Install extra packages 2023-12-28 16:30:11 +01:00
Sam A. a52bb7fafa
Folder -> directory 2023-12-28 00:07:21 +01:00
Sam A. 66e7fbc6b6
Disable WAL archiving for now 2023-12-28 00:01:59 +01:00
Sam A. 40d196c100
Fix stuff after testing 2023-12-28 00:00:12 +01:00
Sam A. f9b7abd0b0
Use DNS challenge for non-production 2023-12-27 19:26:29 +01:00
Sam A. 2e3e404727
Remove flush handlers 2023-12-26 00:32:31 +01:00
Sam A. 0e7bced36b
Prune Monero blockchain on staging 2023-12-25 23:58:35 +01:00
Sam A. 6d5d1b5853
Apply fixes after testing 2023-12-25 23:17:36 +01:00
Sam A. 3ac0ded2a3
Apply fixes after testing 2023-12-25 21:49:17 +01:00
Sam A. 2d9eb03b66
Simplify FW rules, handling in router FW 2023-12-25 20:36:14 +01:00
Sam A. 7b3decdf07
Remove hostname and timezone, cloud-init does that 2023-12-25 20:35:49 +01:00
Sam A. a49db2006d
Apply fixes after testing 2023-12-25 00:58:55 +01:00
Sam A. 8b640de728
Add Vim 2023-12-24 21:37:05 +01:00
Sam A. 1cf2b901bd
Bump restic 2023-12-23 18:05:10 +01:00
Sam A. 2cd7b8b2e8
Add managed by ansible header to all files 2023-12-23 17:52:27 +01:00
Sam A. f0464f288c
Add PostgreSQL configs 2023-12-23 17:41:57 +01:00
Sam A. c091a4f869
Remove sapt-labr-prx02 2023-12-22 21:57:19 +01:00
Sam A. ab0b7835a4
Initialize database as postgres 2023-12-05 22:08:55 +01:00
Sam A. 259a396319
Add settings and Postgres reload handler 2023-11-26 20:02:55 +01:00
Sam A. ecc56cf778
Add database creation steps 2023-11-26 17:37:17 +01:00
Sam A. f654f8c86d
Add media server LXC instances 2023-11-25 18:40:00 +01:00
Sam A. 83f4673e03
Remove app02 2023-11-24 23:01:12 +01:00
Sam A. 87a9c0f77d
Improvements 2023-11-15 20:30:53 +01:00
Sam A. 1c2c0d7a5f
Add missing secrets 2023-11-13 21:45:18 +01:00
Sam A. 3017190ea5
Use property names instead of references 2023-11-13 21:31:09 +01:00
Sam A. d726d95557
Many improvements 2023-11-13 21:17:17 +01:00
Sam A. 0616ed1b38
Start working on proxy role 2023-11-12 23:16:53 +01:00
Sam A. f11126df9f
Use 'creates' and specify postgresql_version per environment 2023-11-12 21:47:35 +01:00
Sam A. 7885de776c
postgresql role continuation 2023-11-12 20:22:32 +01:00
Sam A. f09fbdefef
Extra packages 2023-11-12 19:44:01 +01:00
Sam A. 67f29a6e32
Smarter firewall handling again 2023-11-12 18:22:08 +01:00
Sam A. 59febe2622
Smarter firewall handling 2023-11-12 18:18:56 +01:00
Sam A. 6ef6b227cf
Start on postgresql role 2023-11-12 17:59:18 +01:00
Sam A. b8e18cdbe9
Switch to Rocky Linux 2023-11-12 16:56:40 +01:00
Sam A. bf5c7a526e
Renames 2023-11-12 16:03:21 +01:00
Sam A. 704319cff6
Improve firewall config 2023-11-11 21:09:17 +01:00
Sam A. 54f9d3c11b
Switch to firewalld as it's compatible with Docker 2023-11-11 19:11:14 +01:00
Sam A. 072192cf66
Bump Watchtower to 1.7.0 2023-11-11 17:19:29 +01:00
Sam A. cb561805d6
Use sudoers module 2023-11-11 16:41:47 +01:00
Sam A. 93c0101ca4
Allow passwordless sudo 2023-11-11 16:35:14 +01:00
Sam A. 30b52f9fb9
Add deploy.sh 2023-11-11 16:21:29 +01:00
Sam A. 7a97d73ae0
Add nginx config files for the rest 2023-11-11 15:47:51 +01:00
Sam A. 5ad5e36998
Move variables around 2023-11-11 15:09:35 +01:00
Sam A. f6db815eff
Restic: Only set PRE- and POST_COMMANDS when Nextcloud is included 2023-11-11 14:57:30 +01:00
Sam A. c816f3d551
Intersect apps_backup with apps_include 2023-11-11 14:51:43 +01:00
Sam A. 646bfa4e85
Add initial nginx configuration 2023-11-08 22:44:08 +01:00
Sam A. 0b539463e9
Only disable stub resolver for control machines 2023-11-07 22:25:43 +01:00
Sam A. 65be11b3f1
Add sshd_config 2023-11-07 22:15:20 +01:00
Sam A. bb71e83d23
Set <IP> <FQDN> in hosts 2023-11-07 21:32:11 +01:00
Sam A. a15eb67a0f
Make hosts file dynamic according to machine type 2023-11-07 21:27:35 +01:00
Sam A. 2ed912de44
Add back prx02 and add physical servers 2023-11-07 19:02:43 +01:00
Sam A. 374f3ec169
Fix hosts 2023-11-05 20:54:47 +01:00
Sam A. 73d8706461
Add hosts file 2023-11-05 19:27:30 +01:00
Sam A. f4b6b2a8ba
Simplify even more stuff 2023-11-05 19:08:26 +01:00
Sam A. c02389c7ec
Simplify stuff 2023-11-05 18:27:49 +01:00
Sam A. ab5d357c4d
Add secrets to vault files 2023-11-04 00:38:08 +01:00
Sam A. 4da17ee4f5
Unify app config in one file + upload Compose files 2023-11-03 23:38:15 +01:00
Sam A. 423dbe2f7f
Add stuff
- Add sapt-labn-prx02 for apps on *.local.sapti.me
- Remove Pi-Hole (will be on my RPi)
- Unify app configuration in one file (not finished yet)
- Upload Compose files to hosts (not finished yet)
2023-10-31 22:13:24 +01:00
Sam A. c2c0e482ba
Remove stuff 2023-10-29 20:51:25 +01:00
Sam A. ee351c8304
Prepare multi-host Ansible repo 2023-10-29 20:46:52 +01:00
Sam A. a6b721c888
Refactor structure a bit 2023-10-29 01:49:29 +02:00
Sam A. 5cae5344ab
Initial commit 2023-10-29 01:00:05 +02:00