deuill
/
coreos-home-server
mirror of https://github.com/deuill/coreos-home-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
578 Commits 3 Branches 0 Tags 1.9 MiB
Commit Graph

578 Commits

Author SHA1 Message Date
Alex Palaistras 8b4d1b2331 prometheus: Make SMART exporter privileged 
Raw access to SMART data requires privileged access, or at least
specific capabilities; we might move to a more secure/less open model in
the future, but there is relative little danger of exposing this for now.
 2024-01-22 17:51:36 +00:00
Alex Palaistras 1b99d33c05 prometheus: Use multi-stage builds, add SMART exporter 
Multi-stage container builds allow for better use of layer cache,
especially where changes to only specific exporter components are
implied. In addition, a SMART disk metrics exporter has been added and
will be instrumented with the overall Node Metrics dashboard.
 2024-01-22 14:20:35 +00:00
Alex Palaistras 572002bd4c navidrome: Fix version extraction for Renovate 2024-01-22 08:54:27 +00:00
renovate[bot] 24d6c6a9bf chore(deps): update dependency navidrome/navidrome to v0.51.0 2024-01-22 02:05:03 +00:00
renovate[bot] fbbb39de9b chore(deps): update dependency containers/prometheus-podman-exporter to v1.7.0 2024-01-22 02:04:50 +00:00
Alex Palaistras 61a49800e3 dovecot: Add uptime graph for Grafana dashboard 2024-01-21 15:44:20 +00:00
Alex Palaistras b3c0fb195f rpamd: Really allow unauthenticated read-only reqs 
Setting `enable_password` on its own was not enough -- we need to both
clear the fallback password *and* unset the secure IPs mechanism.
 2024-01-20 20:25:56 +00:00
renovate[bot] abee9de9e6 chore(deps): update dependency rspamd/rspamd to v3.8.0 2024-01-20 19:08:46 +00:00
Alex Palaistras a0da2c26a7 rspamd: Only protect write commands in Controller 
Previously, all commands (including read) were password-protected, which
makes metrics integration slightly harder, and doesn't improve security
by much (given that the Controller worker ports are only accessible
internally).
 2024-01-20 19:05:36 +00:00
Alex Palaistras bb13a68800 prometheus: Update Grafana dashboard for Podman 
This makes in/out network traffic a tad more legible by using both the
positive and negative axis.
 2024-01-20 19:03:29 +00:00
renovate[bot] 7a890dbb22 chore(deps): update dependency go-gitea/gitea to v1.21.4 2024-01-20 01:08:20 +00:00
Alex Palaistras 6376a96a1a radicale: Move to latest HEAD ref for bug-fixes 
Radicale hasn't had a proper release in years, and development seems to
have similarly stalled, but latest HEAD seems to contain bug-fixes for
category searches that we need.
 2024-01-19 19:21:53 +00:00
renovate[bot] c21ff0a682 chore(deps): update docker.io/mariadb:10.11 docker digest to 692856b 2024-01-19 01:02:40 +00:00
Alex Palaistras f70cb32500 slidge: Update WhatsApp transport version 2024-01-18 19:18:37 +00:00
Alex Palaistras 8c2bf0e6f0 hugo: Don't minify output 2024-01-18 19:16:44 +00:00
renovate[bot] 2868d5450e chore(deps): update docker.io/mariadb:10.11 docker digest to d86812d 2024-01-18 00:57:49 +00:00
renovate[bot] 9bde95a273 chore(deps): update docker.io/golang:1.21-bookworm docker digest to c4b696f 2024-01-18 00:57:32 +00:00
renovate[bot] 1b0be47172 chore(deps): update dependency prometheus/prometheus to v2.49.1 2024-01-16 00:29:39 +00:00
Alex Palaistras dba653d1a8 hugo: Add required `git` package dependency 2024-01-15 22:37:31 +00:00
Alex Palaistras 90c57f3aee Add configuration for Shiori, bookmark manager 
This is, apparently, the easiest solution to set up, while still being
as featureful as required for simple use (readable and PDF archive of
bookmarks).
 2024-01-14 17:07:04 +00:00
renovate[bot] eded524eba chore(deps): update docker.io/golang:1.21-bookworm docker digest to cbee5d2 2024-01-14 00:21:03 +00:00
Alex Palaistras 7606e87a4c Correctly load certificates from /etc/ssl/private 2024-01-13 23:28:01 +00:00
renovate[bot] ca4bc9d4ff chore(deps): update docker.io/debian:bullseye-slim docker digest to 41c3fec 2024-01-13 00:46:58 +00:00
Alex Palaistras 6d98006b22 gotosocial: Inject Mastodon version for instance 
This allows better compatibility with clients that look up the Mastodon
API version, e.g. Brutaldon.
 2024-01-12 20:26:14 +00:00
Alex Palaistras b15d9b1393 Makefile: Update to latest CoreOS version 2024-01-12 20:19:47 +00:00
Alex Palaistras c63631cd81 hugo: Add required `openssh-client` package 2024-01-12 20:19:28 +00:00
Alex Palaistras 83bea27cd4 Move to dedicated Let's Encrypt certificate volume 
We would previously use the `letsencrypt` volume used as state by Lego
itself, which contains a number of private files not intended to be
accessed widely; the `letsencrypt-certificates` volume used now contains
only certificate chains and private keys, under dedicated folders.
 2024-01-12 14:59:04 +00:00
renovate[bot] bc579762cc chore(deps): update docker.io/debian:bookworm-slim docker digest to f4a83aa 2024-01-12 01:56:48 +00:00
renovate[bot] 79aa64c16f chore(deps): update dependency superseriousbusiness/gotosocial to v0.13.1 2024-01-11 00:30:24 +00:00
renovate[bot] 80eb1d3dd2 chore(deps): update docker.io/mariadb:10.11 docker digest to 40843b2 2024-01-11 00:30:11 +00:00
renovate[bot] b59fc7fb8c chore(deps): update dependency redis/redis to v7.2.4 2024-01-10 01:32:14 +00:00
renovate[bot] 9378a6d2c7 chore(deps): update docker.io/golang:1.21-bookworm docker digest to 688ad7f 2024-01-10 01:32:00 +00:00
renovate[bot] 1c5eec6da7 chore(deps): update docker.io/rclone/rclone docker tag to v1.65.1 2024-01-09 01:41:43 +00:00
renovate[bot] fc52e384bd chore(deps): update dependency gohugoio/hugo to v0.121.2 2024-01-06 01:45:37 +00:00
Alex Palaistras 748d6feceb renovate: Skip non-existent checks for auto-merge 2024-01-05 18:57:09 +00:00
Alex Palaistras c35cd7209a Makefile: Update CoreOS, improve image download 2024-01-04 20:51:24 +00:00
Alex Palaistras c496425203 dovecot: Fix UID for `virtual` user 2024-01-04 11:23:27 +00:00
Alex Palaistras f0fd067dca letsencrypt: Copy certs to host-specific directory 
This should help make use of host-specific certificates easier, as
otherwise containers will have access to all certificates and private keys.
 2024-01-03 19:57:23 +00:00
Alex Palaistras 2649741f3c letsencrypt: Move to binary build 
Upstream provides binary builds, which are generally faster to install
compared to source builds.
 2024-01-03 18:51:12 +00:00
Alex Palaistras f88c36754e grafana: Copy all data files into share directory 2024-01-03 18:44:41 +00:00
Alex Palaistras b6f0880445 container-build: Use latest ID in previous tag 
Using the name itself has the tag point to the name, which defeats the
purpose of tagging with the `previous` tag.
 2024-01-03 18:19:25 +00:00
Alex Palaistras 196e4458dc hugo: Fix exec invocation in entrypoint 2024-01-03 17:56:19 +00:00
Alex Palaistras abb92a486f lldap: Correct chown command in entrypoint 2024-01-03 17:55:04 +00:00
Alex Palaistras 6eeca85f90 hugo: Fix binary package installation stage 2024-01-03 17:22:01 +00:00
Alex Palaistras 11711fbf7b navidrome: Move to multi-stage container build 2024-01-03 17:17:02 +00:00
Alex Palaistras 01a8f60452 lldap: Move to binary for container build 
Binary builds are now available for LLDAP, which simplifies and makes
the build process much quicker. In addition, multi-stage builds are
used, which again help with caching.
 2024-01-03 17:05:30 +00:00
Alex Palaistras eff9e8d048 Fix nits for Grafana, LetsEncrypt containers 2024-01-03 16:49:24 +00:00
renovate[bot] 36116018a3 chore(deps): update dependency debian_12/postfix to v3.7.9-0+deb12u1 2024-01-03 16:20:57 +00:00
Alex Palaistras 0493a7fbfa hugo: Move to multi-stage container build 
As with other container definitions, this helps make layers more
cacheable both between containers and in version updates.
 2024-01-02 16:11:26 +00:00
Alex Palaistras 9b9a906363 grafana: Move to multi-stage build 
This improves cacheability and lowers total container image size by only
copying artefacts that are useful for deployment.
 2024-01-02 15:55:37 +00:00