Sam A.
6bbf57ccf2
Add Lab LAN to proxy_trusted_subnets
2023-12-31 18:44:25 +01:00
Sam A.
6b7bd105a3
Move stuff around
2023-12-31 18:39:08 +01:00
Sam A.
c8a15443c3
Only allow global access to production in Caddy
2023-12-31 18:34:36 +01:00
Sam A.
f190d0bc61
Add reload-proxy option to deploy.sh
2023-12-31 18:27:09 +01:00
Sam A.
64f09eded2
Configure $connection_upgrade and set X-Real-IP
2023-12-31 15:41:50 +01:00
Sam A.
df2172d72b
Add HTTP headers to Nextcloud
2023-12-31 14:48:22 +01:00
Sam A.
9dc3df8d0f
Make MOTD message less wide, for small screens
2023-12-30 19:01:41 +01:00
Sam A.
e3fa67ef54
Fix stuff
2023-12-29 19:59:58 +01:00
Sam A.
2a0fcd6012
Fix Restic putting Nextcloud in maintenance mode
2023-12-29 19:42:43 +01:00
Sam A.
e5cbeec0d7
Upgrade Nextcloud to version 28
2023-12-29 19:11:33 +01:00
Sam A.
bf2cab8384
Use Jinja2 comments
2023-12-29 19:07:08 +01:00
Sam A.
adb67678a8
Remove !
2023-12-29 19:00:09 +01:00
Sam A.
f59f1dc5cd
Add MOTD
2023-12-29 17:43:18 +01:00
Sam A.
8dfc27cb34
Add NEXTCLOUD_TRUSTED_DOMAINS
2023-12-29 00:22:15 +01:00
Sam A.
aa137ae9e3
Nextcloud success!
2023-12-28 22:39:11 +01:00
Sam A.
fa0d70732d
Allow HTTP(S) for public zone
2023-12-28 21:04:33 +01:00
Sam A.
6265387d02
Make deploy.sh accessible with sudo
2023-12-28 19:00:50 +01:00
Sam A.
c76ec95ab9
More packages
2023-12-28 18:33:05 +01:00
Sam A.
f04e21927d
Sort for loops
2023-12-28 17:19:51 +01:00
Sam A.
3a01a5fd48
Install extra packages
2023-12-28 16:30:11 +01:00
Sam A.
a52bb7fafa
Folder -> directory
2023-12-28 00:07:21 +01:00
Sam A.
66e7fbc6b6
Disable WAL archiving for now
2023-12-28 00:01:59 +01:00
Sam A.
40d196c100
Fix stuff after testing
2023-12-28 00:00:12 +01:00
Sam A.
f9b7abd0b0
Use DNS challenge for non-production
2023-12-27 19:26:29 +01:00
Sam A.
2e3e404727
Remove flush handlers
2023-12-26 00:32:31 +01:00
Sam A.
0e7bced36b
Prune Monero blockchain on staging
2023-12-25 23:58:35 +01:00
Sam A.
6d5d1b5853
Apply fixes after testing
2023-12-25 23:17:36 +01:00
Sam A.
3ac0ded2a3
Apply fixes after testing
2023-12-25 21:49:17 +01:00
Sam A.
2d9eb03b66
Simplify FW rules, handling in router FW
2023-12-25 20:36:14 +01:00
Sam A.
7b3decdf07
Remove hostname and timezone, cloud-init does that
2023-12-25 20:35:49 +01:00
Sam A.
a49db2006d
Apply fixes after testing
2023-12-25 00:58:55 +01:00
Sam A.
8b640de728
Add Vim
2023-12-24 21:37:05 +01:00
Sam A.
1cf2b901bd
Bump restic
2023-12-23 18:05:10 +01:00
Sam A.
2cd7b8b2e8
Add managed by ansible header to all files
2023-12-23 17:52:27 +01:00
Sam A.
f0464f288c
Add PostgreSQL configs
2023-12-23 17:41:57 +01:00
Sam A.
c091a4f869
Remove sapt-labr-prx02
2023-12-22 21:57:19 +01:00
Sam A.
ab0b7835a4
Initialize database as postgres
2023-12-05 22:08:55 +01:00
Sam A.
259a396319
Add settings and Postgres reload handler
2023-11-26 20:02:55 +01:00
Sam A.
ecc56cf778
Add database creation steps
2023-11-26 17:37:17 +01:00
Sam A.
f654f8c86d
Add media server LXC instances
2023-11-25 18:40:00 +01:00
Sam A.
83f4673e03
Remove app02
2023-11-24 23:01:12 +01:00
Sam A.
87a9c0f77d
Improvements
2023-11-15 20:30:53 +01:00
Sam A.
1c2c0d7a5f
Add missing secrets
2023-11-13 21:45:18 +01:00
Sam A.
3017190ea5
Use property names instead of references
2023-11-13 21:31:09 +01:00
Sam A.
d726d95557
Many improvements
2023-11-13 21:17:17 +01:00
Sam A.
0616ed1b38
Start working on proxy role
2023-11-12 23:16:53 +01:00
Sam A.
f11126df9f
Use 'creates' and specify postgresql_version per environment
2023-11-12 21:47:35 +01:00
Sam A.
7885de776c
postgresql role continuation
2023-11-12 20:22:32 +01:00
Sam A.
f09fbdefef
Extra packages
2023-11-12 19:44:01 +01:00
Sam A.
67f29a6e32
Smarter firewall handling again
2023-11-12 18:22:08 +01:00
Sam A.
59febe2622
Smarter firewall handling
2023-11-12 18:18:56 +01:00
Sam A.
6ef6b227cf
Start on postgresql role
2023-11-12 17:59:18 +01:00
Sam A.
b8e18cdbe9
Switch to Rocky Linux
2023-11-12 16:56:40 +01:00
Sam A.
bf5c7a526e
Renames
2023-11-12 16:03:21 +01:00
Sam A.
704319cff6
Improve firewall config
2023-11-11 21:09:17 +01:00
Sam A.
54f9d3c11b
Switch to firewalld as it's compatible with Docker
2023-11-11 19:11:14 +01:00
Sam A.
072192cf66
Bump Watchtower to 1.7.0
2023-11-11 17:19:29 +01:00
Sam A.
cb561805d6
Use sudoers module
2023-11-11 16:41:47 +01:00
Sam A.
93c0101ca4
Allow passwordless sudo
2023-11-11 16:35:14 +01:00
Sam A.
30b52f9fb9
Add deploy.sh
2023-11-11 16:21:29 +01:00
Sam A.
7a97d73ae0
Add nginx config files for the rest
2023-11-11 15:47:51 +01:00
Sam A.
5ad5e36998
Move variables around
2023-11-11 15:09:35 +01:00
Sam A.
f6db815eff
Restic: Only set PRE- and POST_COMMANDS when Nextcloud is included
2023-11-11 14:57:30 +01:00
Sam A.
c816f3d551
Intersect apps_backup with apps_include
2023-11-11 14:51:43 +01:00
Sam A.
646bfa4e85
Add initial nginx configuration
2023-11-08 22:44:08 +01:00
Sam A.
0b539463e9
Only disable stub resolver for control machines
2023-11-07 22:25:43 +01:00
Sam A.
65be11b3f1
Add sshd_config
2023-11-07 22:15:20 +01:00
Sam A.
bb71e83d23
Set <IP> <FQDN> in hosts
2023-11-07 21:32:11 +01:00
Sam A.
a15eb67a0f
Make hosts file dynamic according to machine type
2023-11-07 21:27:35 +01:00
Sam A.
2ed912de44
Add back prx02 and add physical servers
2023-11-07 19:02:43 +01:00
Sam A.
374f3ec169
Fix hosts
2023-11-05 20:54:47 +01:00
Sam A.
73d8706461
Add hosts file
2023-11-05 19:27:30 +01:00
Sam A.
f4b6b2a8ba
Simplify even more stuff
2023-11-05 19:08:26 +01:00
Sam A.
c02389c7ec
Simplify stuff
2023-11-05 18:27:49 +01:00
Sam A.
ab5d357c4d
Add secrets to vault files
2023-11-04 00:38:08 +01:00
Sam A.
4da17ee4f5
Unify app config in one file + upload Compose files
2023-11-03 23:38:15 +01:00
Sam A.
423dbe2f7f
Add stuff
...
- Add sapt-labn-prx02 for apps on *.local.sapti.me
- Remove Pi-Hole (will be on my RPi)
- Unify app configuration in one file (not finished yet)
- Upload Compose files to hosts (not finished yet)
2023-10-31 22:13:24 +01:00
Sam A.
c2c0e482ba
Remove stuff
2023-10-29 20:51:25 +01:00
Sam A.
ee351c8304
Prepare multi-host Ansible repo
2023-10-29 20:46:52 +01:00
Sam A.
a6b721c888
Refactor structure a bit
2023-10-29 01:49:29 +02:00
Sam A.
5cae5344ab
Initial commit
2023-10-29 01:00:05 +02:00