737acfde87
fix: require postgresql for forgejo and vaultwarden
...
Storing data for Forgejo and Vaultwarden in the postgres database results
in a rather wonky behavior during restarts of the VPS and potential
restarts of the postgres itself.
Based on some observations Forgejo is capable of recovering from such
issues, but Vaultwarden falls into a retry loop trying to reconnect to
the database while failing on resolving the hostname / connecting, e.g.,
[2024-11-27 16:52:43.646][r2d2][ERROR] connection to server at "host.containers.internal" (XXX.XXX.XXX.XXX), port 5432 failed: Connection refused
Therefore adjust the quadlet definitions to require and boot containers
»after« the postgres is running to minimalize the possible issues.
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-27 17:57:35 +01:00
da56e3acd6
fix(nginx): unnest notify
...
notify should not be passed to the module
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-22 16:43:15 +01:00
b819a3d33e
fix(helix): define installation on Debian
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-20 18:14:40 +01:00
b49b5a3e91
fix(wg): improve generation of keypairs
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-20 18:13:02 +01:00
037716df0c
feat(quadlets): allow auto-update by podman
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:48:02 +01:00
69db34f4ff
fix(vaultwarden): handle reverse proxy
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:47:36 +01:00
4fa3f26d43
fix(thelounge): handle reverse proxy
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:35:55 +01:00
e0f3fbe22b
fix(forgejo): handle reverse proxy
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:31:15 +01:00
1f4c009197
fix(nginx): restart nginx on any changes
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:23:27 +01:00
7bdc99dbe6
chore: add empty task list to playground
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:22:51 +01:00
e89bd7956e
feat: create handlers in top-level
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:21:19 +01:00
e3bff6c8c4
fix(install): refine the decision-making for OSs
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:15:49 +01:00
c5747f422a
fix(base/system): upgrade with apt on Debian
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:09:53 +01:00
a2a5dd2edb
fix(bootstrap): remove the ptyxis
...
didn't like it in the end
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-18 15:06:32 +01:00
d0fc1cd3d6
style: add Ansible-managed headers
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-15 16:50:11 +01:00
02b44273db
fix(vaultwarden): bump ROCKET_WORKERS
...
This variable was not required when running from the user-space, but
after migrating to quadlets, I had to define it.
Just to satisfy the requirements, I set it to 1. Based on some docs I
have managed to find, it appears that the default is 10. Given the
amount of users of my deployment and the fact it's running on the VPS,
setting it to 8.
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-14 17:52:36 +01:00
e106973211
feat(vaultwarden): deploy from quadlet
...
Related to #51
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-14 16:50:43 +01:00
cde2c78a0e
feat(thelounge): add quadlet deployment
...
Related to #51
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-14 15:56:22 +01:00
5057b9fed1
feat(forgejo): add quadlet deployment
...
Related to #51
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-14 15:40:40 +01:00
51a44bca3d
chore: remove stylus definitions
...
As the syncing of the definitions has become more troublesome and the
stylesheets grew, I moved them to https://git.mfocko.xyz/mfocko/usercss ,
which also allows Stylus to update the stylesheets automatically based
on the versions declared in the sheets. Thus making this unmaintained
file obsolete.
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-13 17:48:21 +01:00
bbd265cf95
feat: convert inventories and use Ansible Vault
...
Fixes #52
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-13 09:45:54 +01:00
8454780c92
feat(porkbun): switch to global variables for keys
...
- Introduce 2 global variables with API keys
- Remove redundant role that only installs one config file used by
another role
- Use the said global variables within DDNS and Certbot roles
- Create the config file in the role that uses it (Certbot)
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-12 16:46:34 +01:00
2039bf6570
feat(ddns): support Porkbun in the DDNS
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-12 16:40:16 +01:00
f6428b2406
fix(certbot): migrate from Cloudflare to Porkbun
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-12 16:40:14 +01:00
45a41d7c99
feat(porkbun): add support for porkbun creds
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-11 17:00:42 +01:00
27fe69cfa0
fix(os/el): enable Google repo and RPMfusion
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-30 15:11:16 +02:00
67d4083b97
feat(ptyxis): add new role for a terminal
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-30 15:08:54 +02:00
1d65e7e176
feat(sshd): adjust for archLinux
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-22 11:36:40 +02:00
9d89a874ec
fix(firewalld): adjust firewall only when it's set up
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-22 10:39:21 +02:00
eaaf707b60
fix(vscode)!: do not install
...
Always fails right now
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-22 10:37:20 +02:00
f59e074ef8
fix(zsh): use correct *box script for name
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-22 10:37:16 +02:00
044d0e42ab
fix(helix): correct the installation
...
* Do not use Copr repo for AlmaLinux
* Make a generic install action for Helix from official repositories
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-22 10:36:56 +02:00
ca89c810cd
fix(flatpak): install flatpak if not present
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-15 19:42:30 +02:00
7760066325
fix(wg): correct path to config and variable
...
* use correct path to the template for the config
* use correct variable when adjusting the DNS on AlmaLinux
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-15 15:44:30 +02:00
f2be2f7b95
fix(base/desktop): create applications directory
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-15 15:43:43 +02:00
c13adc9084
fix(zsh): adjust the starship config
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-13 10:07:08 +02:00
0554e665c5
chore: move out user roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:23:02 +02:00
281b95d824
chore: move out system roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:19:42 +02:00
6a732703f7
chore: move out yubikey roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:15:31 +02:00
cfc02949d6
chore: move out the OS-specific roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:15:31 +02:00
c7293cd6ea
chore: move out the server roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:15:31 +02:00
0283426127
chore: move out the base roles
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:07:20 +02:00
bc2d4a291e
chore(wg): factor out the wireguard role
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 19:53:09 +02:00
f0d4f84ec7
feat(user/yubikey): implement setup for Yubikey auth
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 15:02:51 +02:00
28531a4f07
feat(system/yubikey): implement PAM auth for Yubikey OTP
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 15:02:18 +02:00
918f7c8fbf
feat(system/cockpit): implement Cockpit role
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 15:01:52 +02:00
1380efe400
feat(server/nginx): implement nginx role
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 15:00:55 +02:00
34798fd196
feat(server/cups): implement CUPS role
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 14:58:28 +02:00
d5137bc5fb
docs(user/tmpfiles): document variables
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 14:57:21 +02:00
d6bcb2b018
fix(ssh): maxwell → mountainside
...
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 14:56:59 +02:00