This will reject TLS connections entirely, which is likely better
compared to defaulting to the next (and possibly incorrect) server
block or presenting a self-signed certificate only to then reject the
request with a 444 response.
Nginx might take a while to start up, especially during startup or under
high load, and restarts can cause adverse effects in secondary units.
Raising this number makes us more lenient in these cases.
This adds infrastructure and configuration required for running a
host-local instance of Gitea Actions, with rootless Podman-in-Podman
enabled for the dedicated `gitea-actions` user.
By default, the rootless Podman instance is activated via systemd, and
does not run when it is not used.
Fast listing for B2 will help reduce chargeable `b2_list_file_names`
operations, with higher memory use as a trade-off. In addition, the
volume used by `rclone-webdav` is now handled via `container-volume`
and is therefore eligible for remote backups.
Previously, all container volumes initialized via the `container-volume`
service would have local rotating backups performed by pushing `tar`
archives to the `/var/lib/backups/coreos-home-server` directory.
This proved to be a simple and effective mechanism for storing historic
volume state locally; however, the use-case for historic backup is
usually data loss, either partial (e.g. by deleting files inadvertently)
or complete (e.g. by loss of disk), which is likely better mitigated by
more concrete mechanisms of retention.
In addition, this need to store historic volume state locally, in its
totality, proved to be a barrier for performing partial backups, which
is an issue especially for larger volumes.
This commit deprecates this simple, generic volume backup/restore
mechanism, and instead has us rely directly on Rclone reading from the
volume in question.
Our SMART metrics exporter would previously not depend on either
Prometheus or Grafana, which had builds fail with missing image versions
on first boot.
The latest version of CoreOS, used for testing against our local/virtual
host, will now be resolved automatically for the given stream and
architecture.
renovate[bot]
Alex Palaistras