864c1bdfd3
haproxy, firewall, containers: force connections through bastion vpn
...
docker is now listening on localhost, with a haproxy on the services
server to forward the ports outwards. this is because docker tends to
disregard UFW's rules, but haproxy should be better in that regard.
meanwhile, the firewall rules have been configured properly to only
allow the bastion IP in over the wireguard connection, for proper
authentication.
2024-06-19 23:02:08 -04:00
21a15ff6fa
synapse: increase max upload size
2024-06-19 21:55:26 -04:00
03d59be0eb
containers, synapse: groups -> group_names
2024-06-19 14:05:35 -04:00
0f5d50ee44
wireguard: prevent ufw from screwing up config
2024-06-19 14:04:51 -04:00
68e2867f44
wireguard: fix typo in iptables delete rule
2024-06-18 15:27:30 -04:00
c70e33e629
wireguard: clean up
...
- make variables less clunky
- make docker-compose run after wireguard (this seems janky right now)
2024-06-17 17:48:29 -04:00
0c8d18dcce
wireguard: use vpn for bastion-fleet comms
...
supposedly fleet will be more secure this way
2024-06-16 21:32:52 -04:00
1b3e800443
caddy: deny access to private services outside LAN/VPN
2024-06-16 19:32:35 -04:00
58a2a1526b
nameserver: remove extraneous AAAA record
...
how did i not notice this 🐸
2024-06-16 15:28:24 -04:00
03177a1ee7
roles/wireguard: implemented
2024-06-16 15:05:12 -04:00
00739e0b77
dotfiles: only deploy dotfiles once
...
this makes logging in waaaay snappier
2024-03-20 18:25:56 -04:00
24a64c0919
navidrome: add sharing option
2024-03-10 21:22:29 -04:00
1941d0092c
roles/containers/: update docker-compose.service to have longer timeout
2024-03-10 21:21:43 -04:00
154ea9137f
caddy: make config directory
2024-03-03 09:59:07 -05:00
f7638d136c
paperless: fix consume dir permissions
2024-03-03 09:58:35 -05:00
96d62d6060
add wifi "support"
2024-01-02 21:03:31 -05:00
533082b8d4
paperless-ngx: add service
2023-12-09 21:36:36 -05:00
314f1cfc8d
containers: use ghc navidrome image
2023-12-09 15:17:31 -05:00
ad2f9719c2
roles/system/tasks/essential: set timezone
2023-11-11 14:45:32 -05:00
b2e731ef3a
ddclient: update configuration to remove deprecated options
2023-11-11 14:21:17 -05:00
fc9559ae42
roles/website: actually deploy website to web root
2023-09-26 18:44:27 -04:00
7f2e74490d
roles/containers: make navidrome dir have the 'vault' group
2023-09-26 18:43:51 -04:00
66c6a7d5d2
roles/synapse: use proper owner/group on synapse files
2023-09-14 16:15:55 -04:00
5def6181ce
roles/filesystems: moved dataroot creation here
...
it's an issue if the dataroot is created before its mount is created
2023-09-10 20:19:51 -04:00
b7013cc53a
fix details
...
playbook has now run on real hardware
2023-09-10 19:25:29 -04:00
e4e5aece14
fix vars
2023-09-09 11:45:54 -04:00
f29eae7f1e
roles/synapse: fix mistakes
2023-09-09 09:05:05 -04:00
4144a0647e
roles/synapse: added
2023-09-07 21:47:16 -04:00
2b4ee3a365
roles/containers: also create archive dir
2023-09-04 20:09:48 -04:00
892b5285cc
roles/containers: navidrome added
2023-09-04 18:27:08 -04:00
bf130d2c3f
roles/syncthing, roles/containers: added syncthing
2023-09-04 15:28:03 -04:00
d8db896ac2
roles/containers: put gitea on its own network
2023-09-03 22:05:22 -04:00
3b6ec76ce8
roles/firewall: fix invalid argument
2023-09-03 21:49:43 -04:00
a1c44da446
roles/caddy: fix issues
2023-09-03 20:50:07 -04:00
e0b7c5a15e
roles/haproxy: fix issues
2023-09-03 20:09:56 -04:00
ff40949ff7
roles/containers: make gitea bridge network instead of host network
2023-09-03 19:38:29 -04:00
167c01c04e
containers: add gitea user
2023-09-02 18:20:46 -04:00
9b749316ff
roles/caddy: added gitea config
2023-08-28 20:34:25 -04:00
e8f762a4cb
roles/containers: gitea should work properly now
2023-08-27 21:59:01 -04:00
dd0de3139e
roles/containers: got gitea container up
2023-08-27 20:33:18 -04:00
9b4e047171
firewall: fix glaring errors
2023-08-27 19:36:52 -04:00
c6978b61ae
roles/networking: fix more issues
2023-08-27 18:11:31 -04:00
0288cea768
roles/containers: use systemd instead of docker module
...
arch doesn't package python-docker-compose so just docker compose up via
systemd instead of ansible
2023-08-27 17:39:08 -04:00
d6a1876fe8
roles/networking: fix dns issues
2023-08-27 14:50:34 -04:00
3b1cfcf61a
roles/system: fix motd
2023-08-27 11:57:36 -04:00
a5c17a160f
roles/networking: add default gateway IP
2023-08-26 22:15:49 -04:00
1e4cae244f
fix minor issues
2023-08-26 22:02:29 -04:00
e32301fa3c
roles/firewall: make bastion_ip a variable
2023-08-23 21:14:39 -04:00
97fc92ff56
roles/containers: added gitea container
2023-08-23 20:48:34 -04:00
1ddb72e734
roles/haproxy: added
2023-08-23 18:22:50 -04:00
