homeserver-iac

Author	SHA1	Message	Date
dogeystamp	a6c35ab0a7	motd: unscrew colors	2024-12-15 17:14:29 -05:00
dogeystamp	aba27dfafc	nameserver: split horizon dns for the vpn should avoid vpn conflicts with local ip subnet	2024-12-15 17:11:02 -05:00
dogeystamp	b4eed7d1a3	wireguard: default vpn subdomain changed to "net"	2024-12-15 15:03:45 -05:00
dogeystamp@disroot.org	a11de10423	connection: move rmconn cronjob to _after_ creating connection	2024-12-15 10:51:52 -05:00
dogeystamp@disroot.org	ef472d04f9	bastion vars now have overlay	2024-12-15 10:51:23 -05:00
dogeystamp	20ce8eedeb	navidrome: fix up things	2024-10-12 10:37:49 -04:00
dogeystamp	dd39e0043e	system: cronjob at midnight not noon	2024-08-27 17:00:19 -04:00
dogeystamp	84f728c991	dotfiles: chezmoi migration	2024-08-13 20:25:08 -04:00
dogeystamp	b198b90f3f	wireguard: remove allow all firewall rule	2024-08-11 15:05:40 -04:00
dogeystamp	b0a28a0e47	firewall: add paperless port oops	2024-08-03 19:44:48 -04:00
dogeystamp	48a370db43	system: reboot cronjob this broke my server once so hopefully it doesn't happen again https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/	2024-08-03 18:08:51 -04:00
dogeystamp	864c1bdfd3	haproxy, firewall, containers: force connections through bastion vpn docker is now listening on localhost, with a haproxy on the services server to forward the ports outwards. this is because docker tends to disregard UFW's rules, but haproxy should be better in that regard. meanwhile, the firewall rules have been configured properly to only allow the bastion IP in over the wireguard connection, for proper authentication.	2024-06-19 23:02:08 -04:00
dogeystamp	21a15ff6fa	synapse: increase max upload size	2024-06-19 21:55:26 -04:00
dogeystamp	03d59be0eb	containers, synapse: groups -> group_names	2024-06-19 14:05:35 -04:00
dogeystamp	0f5d50ee44	wireguard: prevent ufw from screwing up config	2024-06-19 14:04:51 -04:00
dogeystamp	68e2867f44	wireguard: fix typo in iptables delete rule	2024-06-18 15:27:30 -04:00
dogeystamp	c70e33e629	wireguard: clean up - make variables less clunky - make docker-compose run after wireguard (this seems janky right now)	2024-06-17 17:48:29 -04:00
dogeystamp	0c8d18dcce	wireguard: use vpn for bastion-fleet comms supposedly fleet will be more secure this way	2024-06-16 21:32:52 -04:00
dogeystamp	1b3e800443	caddy: deny access to private services outside LAN/VPN	2024-06-16 19:32:35 -04:00
dogeystamp	58a2a1526b	nameserver: remove extraneous AAAA record how did i not notice this 🐸	2024-06-16 15:28:24 -04:00
dogeystamp	35088cf849	README.md: add wireguard mention	2024-06-16 15:27:33 -04:00
dogeystamp	03177a1ee7	roles/wireguard: implemented	2024-06-16 15:05:12 -04:00
dogeystamp	70809c7573	run.yml: reorder tasks dotfiles, website depend on containers	2024-04-05 14:58:04 -04:00
dogeystamp	00739e0b77	dotfiles: only deploy dotfiles once this makes logging in waaaay snappier	2024-03-20 18:25:56 -04:00
dogeystamp	24a64c0919	navidrome: add sharing option	2024-03-10 21:22:29 -04:00
dogeystamp	1941d0092c	roles/containers/: update docker-compose.service to have longer timeout	2024-03-10 21:21:43 -04:00
dogeystamp	154ea9137f	caddy: make config directory	2024-03-03 09:59:07 -05:00
dogeystamp	f7638d136c	paperless: fix consume dir permissions	2024-03-03 09:58:35 -05:00
dogeystamp	96d62d6060	add wifi "support"	2024-01-02 21:03:31 -05:00
dogeystamp	533082b8d4	paperless-ngx: add service	2023-12-09 21:36:36 -05:00
dogeystamp	314f1cfc8d	containers: use ghc navidrome image	2023-12-09 15:17:31 -05:00
dogeystamp	ad2f9719c2	roles/system/tasks/essential: set timezone	2023-11-11 14:45:32 -05:00
dogeystamp	e4a6908815	.gitignore: updated	2023-11-11 14:41:59 -05:00
dogeystamp	905654d9bd	removed extraneous files i do not remember committing these however we trust in encryption	2023-11-11 14:41:05 -05:00
dogeystamp	b2e731ef3a	ddclient: update configuration to remove deprecated options	2023-11-11 14:21:17 -05:00
dogeystamp	fc9559ae42	roles/website: actually deploy website to web root	2023-09-26 18:44:27 -04:00
dogeystamp	7f2e74490d	roles/containers: make navidrome dir have the 'vault' group	2023-09-26 18:43:51 -04:00
dogeystamp	66c6a7d5d2	roles/synapse: use proper owner/group on synapse files	2023-09-14 16:15:55 -04:00
dogeystamp	ce93e7ee96	clarify docs	2023-09-10 21:00:15 -04:00
dogeystamp	301beab91d	README: updated	2023-09-10 20:56:38 -04:00
dogeystamp	5def6181ce	roles/filesystems: moved dataroot creation here it's an issue if the dataroot is created before its mount is created	2023-09-10 20:19:51 -04:00
dogeystamp	b7013cc53a	fix details playbook has now run on real hardware	2023-09-10 19:25:29 -04:00
dogeystamp	2d7b6c649b	README: remove avahi part	2023-09-09 14:03:32 -04:00
dogeystamp	e4e5aece14	fix vars	2023-09-09 11:45:54 -04:00
dogeystamp	f29eae7f1e	roles/synapse: fix mistakes	2023-09-09 09:05:05 -04:00
dogeystamp	4144a0647e	roles/synapse: added	2023-09-07 21:47:16 -04:00
dogeystamp	2b4ee3a365	roles/containers: also create archive dir	2023-09-04 20:09:48 -04:00
dogeystamp	892b5285cc	roles/containers: navidrome added	2023-09-04 18:27:08 -04:00
dogeystamp	bf130d2c3f	roles/syncthing, roles/containers: added syncthing	2023-09-04 15:28:03 -04:00
dogeystamp	d8db896ac2	roles/containers: put gitea on its own network	2023-09-03 22:05:22 -04:00

1 2

73 Commits