6b2feaee5e
Hide docker-compose secrets from diff output
2023-10-18 23:03:52 -04:00
31e0538b84
Add locale configuration tasks to base role
2023-10-18 16:32:09 -04:00
a65c4b9cf6
Handle Ansible undefined loop variable
...
- Default docker_compose_deploy to empty list if undefined
- Add conditional check to avoid looping through an empty list
2023-10-10 00:14:52 -04:00
7ee6e4810d
Convert booleans to lowercase
2023-10-10 00:00:00 -04:00
87aa7ecf8b
Add external compose support in the docker role
...
- Use ansible.posix.synchronize for compose.yml
- Set fact for compose service restarts
- Introduce plain Docker dev host
- Optionally verify repos via GPG before sync
- Hide docker_repos_path in .folder
- Tweak .env for conciseness
- Add --diff to Ansible in Vagrantfile
- Clean output with loop_control
- Embed GPG in base role
2023-10-09 23:47:49 -04:00
0377a5e642
Add option for private OCI registry auth
2023-09-29 22:18:59 -04:00
2e02efcbb7
Add Makefile, roles_path, and SSH tunnel variable
2023-09-26 21:14:06 -04:00
8fed63792b
Ask permission for starting vagrant SSH tunnels
2023-09-16 00:04:58 -04:00
2c4fcbacc3
Introduce forward-ssh.sh method & reorganize
...
- Abandoned update-hosts.sh in favor of loopback SSH forwarding
- Adopted *.local.krislamo.org as a wildcard loopback domain
- Bound Traefik to ports 443/80 on Dockerbox dev
- Removed outdated Gitea config from Dockerbox
- Relocated production playbooks to a new directory
2023-09-15 23:46:45 -04:00
b81372c07a
Fix the Vagrantfile for Github runners
2023-08-30 19:45:42 -04:00
9b5be29a1a
Update Vagrantfile to use external settings
2023-08-21 18:46:47 -04:00
ef5aacdbbd
No deploy keys without compose deploy variable
2023-07-21 23:52:18 -04:00
a635c7aa48
Add option to deploy external docker-compose stack
2023-07-20 03:51:44 -04:00
56aee460ad
Limit Github actions to specific branches
2023-07-20 00:33:42 -04:00
027ba46f6b
Add Github actions and remove old ansible stuff
2023-07-08 23:43:52 -04:00
48216db8f9
Updated Nextcloud settings and added cron job
2023-06-18 23:52:10 -04:00
fa1dc4acb7
Fix WireGuard firewall rule
2023-06-15 03:09:13 -04:00
228cd5795b
Config adjustments for Jellyfin/Samba deployment
...
- Ignored .vscode
- Added firewall exclusion option
- Allowed guest access in Samba
2023-06-09 22:26:47 -04:00
74a559f1f6
Update mediaserver playbook and fix Wireguard task
2023-06-08 03:47:54 -04:00
4c2a1550c4
Adding samba and general user management
2023-06-07 02:12:17 -04:00
f02cf7b0cc
Refactor docker playbook
...
- Removed copyright notice
- Variablize 'hosts' value in the playbook
- Install Jenkins agent before running Docker role
2023-05-08 16:26:16 -04:00
9142254a57
Improvements for ansible-linting
2023-05-04 01:44:18 -04:00
dfd93dd5f8
Updated Ansible tasks to FQCN format
2023-05-03 23:42:55 -04:00
81d2ea447a
Add mediaserver, rm .gitignore, FQCN, Jellyfin
...
- Added development "mediaserver" playbook for testing
- rm .gitignore in roles dir since no external ansible roles are used
- Update a part of the base role to use FQCN for linting
- Added "jellyfin" role to install Jellyfin with docker-compose
- Updated Traefik to use the loopback for default web entry points
- Simplified Traefik docker-compose vars, Ansible sets defaults
2023-04-26 02:26:50 -04:00
9512212b84
Refactor Traefik deploy: docker-compose + systemd
...
- Replace docker_container ansible with new setup
- Add option to disable HTTPS for alternate reverse proxy use
2023-04-21 03:04:53 -04:00
c67a39982e
Option to enable websockets for the noVNC console
2022-12-06 00:15:10 -05:00
f68f57d0cf
ROOT_URL should have HTTPS for the clone URL
2022-09-18 15:21:16 -04:00
b9f9b0bf3c
Update TLS settings in nginx proxy
2022-08-27 18:56:12 -04:00
4f4a341b05
Add client_max_body_size for Nextcloud
2022-08-19 01:27:55 -04:00
cab6ab2d8e
Strip auth header and update external config
2022-08-19 00:51:05 -04:00
95f54b7f0a
Add Traefik toggles
2022-08-18 23:32:37 -04:00
7522c333da
Disable Traefik LE resolver and HSTS
2022-08-18 21:53:38 -04:00
344b79e97f
Add base domain to the wildcard certificate
2022-08-17 02:17:36 -04:00
e4fed78193
Remove basic auth on static nginx sites
2022-08-17 01:40:11 -04:00
85a6c3894a
Add basic auth and ignore backend SSL errors
2022-08-17 01:15:15 -04:00
7677bc25fa
Add WireGuard firewall rule
2022-08-13 00:19:24 -04:00
b255680a7a
Use host MariaDB in Gitea container
2022-08-11 21:04:07 -04:00
9eefad0e87
Install Fail2ban IP allow list
2022-06-28 23:43:58 -04:00
8362230eb4
Add nginx proxy server
2022-06-27 20:21:25 -04:00
82df91305a
Install aggressive Fail2ban jail for SSH
2022-06-18 19:47:02 -04:00
dd9f84d498
Create initial log files for fail2ban
2022-06-07 00:25:47 -04:00
b52ccabd22
Add Fail2ban to Gitea and Bitwarden
2022-05-28 02:31:41 -04:00
eccd6b7874
Add reverse proxy settings for Gitea and Bitwarden
2022-05-28 00:18:15 -04:00
3a92921932
Minor cleanup
2022-05-27 23:14:06 -04:00
330f2b5a91
Add X-Forwarded-For proxy header
2022-05-27 22:33:35 -04:00
45465ad26b
Add the ufw firewall
2022-05-27 16:29:27 -04:00
d7838563a1
Gitea SSH container passthrough
2022-05-27 02:28:51 -04:00
03a57d2531
Only create LE directory if production is true
2022-05-27 00:06:09 -04:00
e346180b13
Add Bitwarden systemd service
2022-05-27 00:03:49 -04:00
be6e1596c5
Rehaul Gitea role for compose and PostgreSQL
2022-05-27 00:02:45 -04:00
