Alex Palaistras
8b4d1b2331
prometheus: Make SMART exporter privileged
...
Raw access to SMART data requires privileged access, or at least
specific capabilities; we might move to a more secure/less open model in
the future, but there is relative little danger of exposing this for now.
2024-01-22 17:51:36 +00:00
Alex Palaistras
1b99d33c05
prometheus: Use multi-stage builds, add SMART exporter
...
Multi-stage container builds allow for better use of layer cache,
especially where changes to only specific exporter components are
implied. In addition, a SMART disk metrics exporter has been added and
will be instrumented with the overall Node Metrics dashboard.
2024-01-22 14:20:35 +00:00
Alex Palaistras
572002bd4c
navidrome: Fix version extraction for Renovate
2024-01-22 08:54:27 +00:00
renovate[bot]
24d6c6a9bf
chore(deps): update dependency navidrome/navidrome to v0.51.0
2024-01-22 02:05:03 +00:00
renovate[bot]
fbbb39de9b
chore(deps): update dependency containers/prometheus-podman-exporter to v1.7.0
2024-01-22 02:04:50 +00:00
Alex Palaistras
61a49800e3
dovecot: Add uptime graph for Grafana dashboard
2024-01-21 15:44:20 +00:00
Alex Palaistras
b3c0fb195f
rpamd: Really allow unauthenticated read-only reqs
...
Setting `enable_password` on its own was not enough -- we need to both
clear the fallback password *and* unset the secure IPs mechanism.
2024-01-20 20:25:56 +00:00
renovate[bot]
abee9de9e6
chore(deps): update dependency rspamd/rspamd to v3.8.0
2024-01-20 19:08:46 +00:00
Alex Palaistras
a0da2c26a7
rspamd: Only protect write commands in Controller
...
Previously, all commands (including read) were password-protected, which
makes metrics integration slightly harder, and doesn't improve security
by much (given that the Controller worker ports are only accessible
internally).
2024-01-20 19:05:36 +00:00
Alex Palaistras
bb13a68800
prometheus: Update Grafana dashboard for Podman
...
This makes in/out network traffic a tad more legible by using both the
positive and negative axis.
2024-01-20 19:03:29 +00:00
renovate[bot]
7a890dbb22
chore(deps): update dependency go-gitea/gitea to v1.21.4
2024-01-20 01:08:20 +00:00
Alex Palaistras
6376a96a1a
radicale: Move to latest HEAD ref for bug-fixes
...
Radicale hasn't had a proper release in years, and development seems to
have similarly stalled, but latest HEAD seems to contain bug-fixes for
category searches that we need.
2024-01-19 19:21:53 +00:00
renovate[bot]
c21ff0a682
chore(deps): update docker.io/mariadb:10.11 docker digest to 692856b
2024-01-19 01:02:40 +00:00
Alex Palaistras
f70cb32500
slidge: Update WhatsApp transport version
2024-01-18 19:18:37 +00:00
Alex Palaistras
8c2bf0e6f0
hugo: Don't minify output
2024-01-18 19:16:44 +00:00
renovate[bot]
2868d5450e
chore(deps): update docker.io/mariadb:10.11 docker digest to d86812d
2024-01-18 00:57:49 +00:00
renovate[bot]
9bde95a273
chore(deps): update docker.io/golang:1.21-bookworm docker digest to c4b696f
2024-01-18 00:57:32 +00:00
renovate[bot]
1b0be47172
chore(deps): update dependency prometheus/prometheus to v2.49.1
2024-01-16 00:29:39 +00:00
Alex Palaistras
dba653d1a8
hugo: Add required `git` package dependency
2024-01-15 22:37:31 +00:00
Alex Palaistras
90c57f3aee
Add configuration for Shiori, bookmark manager
...
This is, apparently, the easiest solution to set up, while still being
as featureful as required for simple use (readable and PDF archive of
bookmarks).
2024-01-14 17:07:04 +00:00
renovate[bot]
eded524eba
chore(deps): update docker.io/golang:1.21-bookworm docker digest to cbee5d2
2024-01-14 00:21:03 +00:00
Alex Palaistras
7606e87a4c
Correctly load certificates from /etc/ssl/private
2024-01-13 23:28:01 +00:00
renovate[bot]
ca4bc9d4ff
chore(deps): update docker.io/debian:bullseye-slim docker digest to 41c3fec
2024-01-13 00:46:58 +00:00
Alex Palaistras
6d98006b22
gotosocial: Inject Mastodon version for instance
...
This allows better compatibility with clients that look up the Mastodon
API version, e.g. Brutaldon.
2024-01-12 20:26:14 +00:00
Alex Palaistras
b15d9b1393
Makefile: Update to latest CoreOS version
2024-01-12 20:19:47 +00:00
Alex Palaistras
c63631cd81
hugo: Add required `openssh-client` package
2024-01-12 20:19:28 +00:00
Alex Palaistras
83bea27cd4
Move to dedicated Let's Encrypt certificate volume
...
We would previously use the `letsencrypt` volume used as state by Lego
itself, which contains a number of private files not intended to be
accessed widely; the `letsencrypt-certificates` volume used now contains
only certificate chains and private keys, under dedicated folders.
2024-01-12 14:59:04 +00:00
renovate[bot]
bc579762cc
chore(deps): update docker.io/debian:bookworm-slim docker digest to f4a83aa
2024-01-12 01:56:48 +00:00
renovate[bot]
79aa64c16f
chore(deps): update dependency superseriousbusiness/gotosocial to v0.13.1
2024-01-11 00:30:24 +00:00
renovate[bot]
80eb1d3dd2
chore(deps): update docker.io/mariadb:10.11 docker digest to 40843b2
2024-01-11 00:30:11 +00:00
renovate[bot]
b59fc7fb8c
chore(deps): update dependency redis/redis to v7.2.4
2024-01-10 01:32:14 +00:00
renovate[bot]
9378a6d2c7
chore(deps): update docker.io/golang:1.21-bookworm docker digest to 688ad7f
2024-01-10 01:32:00 +00:00
renovate[bot]
1c5eec6da7
chore(deps): update docker.io/rclone/rclone docker tag to v1.65.1
2024-01-09 01:41:43 +00:00
renovate[bot]
fc52e384bd
chore(deps): update dependency gohugoio/hugo to v0.121.2
2024-01-06 01:45:37 +00:00
Alex Palaistras
748d6feceb
renovate: Skip non-existent checks for auto-merge
2024-01-05 18:57:09 +00:00
Alex Palaistras
c35cd7209a
Makefile: Update CoreOS, improve image download
2024-01-04 20:51:24 +00:00
Alex Palaistras
c496425203
dovecot: Fix UID for `virtual` user
2024-01-04 11:23:27 +00:00
Alex Palaistras
f0fd067dca
letsencrypt: Copy certs to host-specific directory
...
This should help make use of host-specific certificates easier, as
otherwise containers will have access to all certificates and private keys.
2024-01-03 19:57:23 +00:00
Alex Palaistras
2649741f3c
letsencrypt: Move to binary build
...
Upstream provides binary builds, which are generally faster to install
compared to source builds.
2024-01-03 18:51:12 +00:00
Alex Palaistras
f88c36754e
grafana: Copy all data files into share directory
2024-01-03 18:44:41 +00:00
Alex Palaistras
b6f0880445
container-build: Use latest ID in previous tag
...
Using the name itself has the tag point to the name, which defeats the
purpose of tagging with the `previous` tag.
2024-01-03 18:19:25 +00:00
Alex Palaistras
196e4458dc
hugo: Fix exec invocation in entrypoint
2024-01-03 17:56:19 +00:00
Alex Palaistras
abb92a486f
lldap: Correct chown command in entrypoint
2024-01-03 17:55:04 +00:00
Alex Palaistras
6eeca85f90
hugo: Fix binary package installation stage
2024-01-03 17:22:01 +00:00
Alex Palaistras
11711fbf7b
navidrome: Move to multi-stage container build
2024-01-03 17:17:02 +00:00
Alex Palaistras
01a8f60452
lldap: Move to binary for container build
...
Binary builds are now available for LLDAP, which simplifies and makes
the build process much quicker. In addition, multi-stage builds are
used, which again help with caching.
2024-01-03 17:05:30 +00:00
Alex Palaistras
eff9e8d048
Fix nits for Grafana, LetsEncrypt containers
2024-01-03 16:49:24 +00:00
renovate[bot]
36116018a3
chore(deps): update dependency debian_12/postfix to v3.7.9-0+deb12u1
2024-01-03 16:20:57 +00:00
Alex Palaistras
0493a7fbfa
hugo: Move to multi-stage container build
...
As with other container definitions, this helps make layers more
cacheable both between containers and in version updates.
2024-01-02 16:11:26 +00:00
Alex Palaistras
9b9a906363
grafana: Move to multi-stage build
...
This improves cacheability and lowers total container image size by only
copying artefacts that are useful for deployment.
2024-01-02 15:55:37 +00:00