Commit Graph

152 Commits

Author SHA1 Message Date
0b253e0553
hosts/plover: update Vouch proxy settings and secrets permissions 2023-10-14 11:26:33 +08:00
ac134281f8
hosts/plover: add back the custom Gitea logos 2023-10-14 11:25:26 +08:00
1ad6e7e8c5
hosts/plover: fix Grafana provider strings in settings 2023-10-14 11:14:44 +08:00
107241f553
hosts/plover: fix duplicate nginx shared memory zone 2023-10-14 11:14:09 +08:00
9527896251
hosts/plover: update Grafana and PostgreSQL integration 2023-10-14 11:01:57 +08:00
7430d992f2
hosts/plover: fix nginx code for Grafana server 2023-10-13 16:55:39 +08:00
2632b75bf2
hosts/plover: properly add nginx upstreams
Even though this is unlikely to be scaled further, we're just being good
sysadmins (or at least roleplaying as one).
2023-10-13 16:48:02 +08:00
8fbdc73478
hosts/plover: update Grafana settings 2023-10-11 13:06:41 +08:00
3ee04bb812
chore: reformat codebase 2023-10-09 20:48:01 +08:00
2dbb3ed68c
services/vouch-proxy: restructure for multiple instances
This resolves some cases where the admin does not have all of their
users within the protected domain and some in others.
2023-10-09 20:43:13 +08:00
46e38d0c96
hosts/plover: update Vouch proxy config 2023-10-09 20:26:11 +08:00
cd93122b07
hosts/plover: enable Kanidm LDAP server 2023-10-09 22:09:33 +08:00
2af2326b16
hosts/plover: update Grafana nginx and secrets config 2023-10-09 22:09:15 +08:00
a6fcc6eec6
hosts/plover: update Wezterm mux server config
It's not fully working but we'll get there.
2023-10-08 03:29:06 +08:00
97916aaa05
hosts/plover: init Prometheus monitoring daemon 2023-10-08 03:28:35 +08:00
6ec18948b5
hosts/plover: init Vouch proxy server 2023-10-08 03:28:14 +08:00
0eadf55fd5
hosts/plover: init Grafana server 2023-10-08 03:27:47 +08:00
f489c50aa9
hosts/plover: refactor Gitea config 2023-10-08 03:26:53 +08:00
c35b72352e
hosts/plover: update Bind config generation 2023-10-08 03:26:07 +08:00
61f8457584
hosts/plover: update nginx configuration 2023-10-04 15:53:43 +08:00
ccb05b35ae
hosts/plover: remove unused bindings 2023-10-04 13:29:29 +08:00
5f5dc2a14e
hosts/plover: add kTLS for various services 2023-10-03 15:52:42 +08:00
4c71c61768
hosts/plover: add nginx content caching for select services 2023-10-03 15:50:46 +08:00
56c0e245ca
hosts/plover: remove Portunus as LDAP server
It is also replaced with Kanidm (though read-only from its user store).
2023-09-28 18:48:17 +08:00
3d9351a99b
hosts/plover: delete Keycloak service entirely
It is now completely replaced with Kanidm.
2023-09-28 18:46:31 +08:00
8e91973c70
config: add comments 2023-09-28 18:33:00 +08:00
862fd5a07a
hosts/plover: replace Keycloak with Kanidm as SSO application 2023-09-28 18:29:09 +08:00
4adc573fcf
hosts/plover: fix string interpolation for integer 2023-09-21 21:26:13 +08:00
b31cc58adc
hosts/plover: refactor bindings 2023-09-21 12:53:18 +08:00
c3ff202b84
hosts/plover: fix credentials permission for Bind service 2023-09-21 12:52:53 +08:00
7368027cdb
hosts/plover: add DH parameters for nginx 2023-09-21 11:37:09 +08:00
0eb19acc40
hosts/plover: enable DNS-over-HTTPS for Bind server 2023-09-21 11:36:43 +08:00
eed4160b85
hosts/plover: reduce service capability 2023-09-20 11:04:45 +08:00
fbce914870
hosts/plover: cleanup Bind configuration 2023-09-19 23:45:30 +08:00
05895e11fa
hosts/plover: consolidate Bind config into configFile 2023-09-19 23:45:08 +08:00
7dacbe6963
chore: reformat codebase 2023-08-31 09:59:56 +08:00
1a74104845
hosts/plover: update Gitea files 2023-08-03 19:39:19 +08:00
101f3771a1
hosts/plover: update Wezterm mux server configuration 2023-07-28 08:53:32 +08:00
eef1ff0b32
hosts/plover: update Bind service settings 2023-07-27 22:20:50 +08:00
0ae9b2033e
hosts/plover: update Gitea tmpfiles configuration 2023-07-27 13:36:19 +08:00
187b32e7bb
hosts/plover: update Wezterm mux server config
This should also fix the ACME certificate self-signed permissions error
since there is no `wezterm` group (or user). We're just using systemd's
dynamic user feature in our service.
2023-07-27 13:36:05 +08:00
760e1a3233
hosts/plover: fix Keycloak pre-start script 2023-07-27 10:25:32 +08:00
9c2e3ee1bf
hosts/plover: fix Bind9 pre-start script 2023-07-27 10:25:06 +08:00
87de61fba8
hosts/plover: add Keybase verification key 2023-07-22 10:39:23 +08:00
a2ab1f09a8
hosts/plover: fix Vaultwarden hardened service 2023-07-20 10:42:43 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service 2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase 2023-07-05 16:42:15 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00