bb26fe060e
Delete unneeded compose file
2024-08-23 11:41:52 -07:00
1fe802b4ce
#12 Disable sabnzbd-exporter
2024-08-22 21:01:13 -07:00
1ec2804584
#12 Switch to a specific tag because :latest doesn't exist
2024-08-22 20:57:47 -07:00
6be08d88c2
#12 Switch to Linuxserver's container registry
2024-08-22 20:50:37 -07:00
021b61f5ca
#12 Init Readarr
2024-08-22 20:49:16 -07:00
1601b86401
Move Qbt to port 49500
2024-08-20 22:11:35 -07:00
ae51002efc
Add socks5 proxy for druid
2024-08-20 21:52:51 -07:00
56c7590000
Revert qbittorrent to before gluetun
2024-08-20 21:42:19 -07:00
ba40901fa8
Move gluetun to port 8580
2024-08-20 21:20:46 -07:00
b638ce2c7c
Remove port mappings
2024-08-20 21:19:58 -07:00
eaa5c91865
Remove web network
2024-08-20 21:07:57 -07:00
417a3f3fe9
Configure Qbittorrent to use gluetun to route container network traffic through vpn.jafner.tools
2024-08-20 20:47:17 -07:00
fac4bf6613
#6 Add "Public" service group
...
Add labels for calibre-web stack
2024-08-18 16:59:54 -07:00
7593a6b7b6
#6 Move Homepage to general-purpose
2024-08-18 16:49:50 -07:00
f224745def
#3 Delete test secret, add zipline secret
2024-08-16 17:41:23 -07:00
b7c902f342
#3 Nuke sops
2024-08-16 17:10:38 -07:00
3ca0f11aa9
#3 Test git-crypt on secrets.env
2024-08-16 17:03:23 -07:00
85c6b5c534
#3 Re-add zipline secrets to gitignore
2024-08-16 17:01:10 -07:00
fe2351fe6e
#3 Delete secrets.env, init gitignore and gitattributes for git-crypt
2024-08-16 16:59:50 -07:00
0563c01488
#3 Show diffs in cleartext
2024-08-16 15:44:09 -07:00
ce7bd53e26
#3 Touch secrets.env to re-encrypt with fighter's host pubkey as recipient
2024-08-16 15:28:45 -07:00
8d0add4d16
#3 Update encrypt filter to get host pubkey correctly
2024-08-16 15:27:30 -07:00
cbaedf5018
#3 Refactor secret management for fighter/zipline
2024-08-16 15:21:59 -07:00
448295b7ca
#3 Fix filters missing quotes, pass '%f' to filter scripts in setup
2024-08-16 15:16:31 -07:00
31ef9b5a53
#3 Enable sops filter for all secrets.env files
2024-08-16 15:09:25 -07:00
d3d6807af6
#3 Update gitignore for homelab to explicit list of secrets files, will remove each from list one at a time
2024-08-16 15:06:35 -07:00
49c4c9b085
#3 Delete test secrets
2024-08-16 14:35:55 -07:00
ba933c9533
#3 Remove duplicate keypair setup block
2024-08-16 14:34:22 -07:00
dff6d688be
#3 chmod +x age-setup.sh
2024-08-16 14:33:26 -07:00
7052b517fb
#3 Polish up the setup script, delete unused manual scripts
2024-08-16 14:31:58 -07:00
72f3f50b15
#3 Add handling for each file type supported by sops, including binary
2024-08-16 14:11:46 -07:00
86aa517c52
#3 Re-create test secrets
2024-08-16 13:42:10 -07:00
cdcc806113
#3 Delete test secrets
2024-08-16 13:39:28 -07:00
2f6536362a
#3 Add second test secret
2024-08-16 13:22:28 -07:00
2e676c3f4d
#3 Re-create test secret
2024-08-16 13:00:25 -07:00
d2aaac378f
#3 Delete test secret
2024-08-16 12:58:57 -07:00
bea0e29f89
#3 Switch to file descriptor 3 as input to sops
2024-08-16 12:52:04 -07:00
049ae05b4a
#3 Debug: echo working directory to diagnose whether we're working from a subdirectory of .git, rather than the true repo root.
2024-08-16 12:49:08 -07:00
02972c0d6b
#3 Re-create test secret
2024-08-16 12:45:31 -07:00
8c3f370086
#3 Delete test secret
2024-08-16 12:44:47 -07:00
f9ca3ca219
#3 Remove unneeded SOPS_AGE_RECIPIENTS configuration from decrypt, cd to repo root
2024-08-16 12:43:31 -07:00
1b33a96e93
#3 Re-create test secret
2024-08-16 12:37:52 -07:00
96543c7f4f
#3 Delete test secret
2024-08-16 12:34:28 -07:00
4daec51130
#3 Debug echo FILE_PATH variable
2024-08-16 12:32:36 -07:00
489c8f67d7
#3 Re-create test secret
2024-08-16 12:29:15 -07:00
bb9b308cde
#3 Delete testsecret
2024-08-16 12:28:54 -07:00
bbad9b07ed
#3 Render absolute path of file to process
2024-08-16 12:27:37 -07:00
cc77e386be
#3 Re-introduce test secret
2024-08-16 12:20:38 -07:00
c1bc72e9fe
#3 Delete test secret
2024-08-16 12:19:46 -07:00
b45df3190d
#3 Reroute stdout and stderr from non-sops commands to log files
2024-08-16 12:16:07 -07:00
0080a68f3c
#3 Validate input is file path
2024-08-16 12:09:26 -07:00
afc9ef5abd
#3 Re-create test secret
2024-08-15 16:45:25 -07:00
958baec8b0
#3 Delete test secret
2024-08-15 16:44:35 -07:00
c02b810237
#3 Update encrypt and decrypt filter scripts
...
- Decrypt: use realpath of file to decrypt as FILE_PATH
- Decrypt: Switch from in-place to stdout
- Encrypt: Switch from operating on $1 to $FILE_PATH
2024-08-15 16:28:28 -07:00
766a34dfb4
#3 Fix logic for creating age keyfile
2024-08-15 16:24:21 -07:00
e5256cff1e
#3 Update script names in filter setup
2024-08-15 16:20:40 -07:00
fc5973a46f
#3 Configure sops filter in age-setup script
2024-08-15 16:19:42 -07:00
bf81ecbd27
#3 Init working encrypt-filter and testsecret.
...
TODO: Test decrypt-filter, write setup script
2024-08-15 16:14:07 -07:00
492fa394d6
Rename filter scripts
2024-08-15 15:46:57 -07:00
75b065de25
#3 Debug: Remove checking for count of arguments
2024-08-15 15:17:31 -07:00
601a9706f6
Delete unused dungeon-master files
2024-08-15 15:14:07 -07:00
205ab38149
#3 Set up scripts to encrypt/decrypt in place
2024-08-15 15:13:41 -07:00
c5231f1311
#5 Init Terraform Cloudflare DNS IaC
...
- Import existing records via cf-terraforming utility
- Rename resources to human-readable names
- Move aws and cloudflare terraform roots to their own directories
2024-08-15 15:04:13 -07:00
f99e1266ba
Move gitignore to homelab directory
2024-08-15 11:57:13 -07:00
172fab21f0
#4 Disable traefik debug logging
2024-08-15 11:56:19 -07:00
1b00de1c9d
#4 Remove quotes from token value
2024-08-15 11:47:31 -07:00
5aabb51cb5
#4 Add debug logging
...
Switch back to just one token with both Zone/DNS/Edit and Zone/Zone/Read permissions for 'All zones from account'
2024-08-15 11:34:15 -07:00
a21aedd233
#4 Enable debug logs for traefik to better diagnose issue getting certs via dnsChallenge
2024-08-15 11:25:31 -07:00
03878b77ef
#4 Add cloudflare zone read token
2024-08-15 11:03:59 -07:00
ec6f552a53
#4 Add nginx container at test.nginx.jafner.net to test DNS challenge
2024-08-15 10:24:17 -07:00
322a79c2f5
#2 Remove unused lines
2024-08-14 14:30:09 -07:00
676da8dca3
#2 Move age files to homelab/.sops/
...
Separate "authors" keys and "deploy" keys.
Add features to setup, encrypt, and decrypt scripts:
- Validate input arguments
- Set age keyfile and recipients dynamically at runtime
2024-08-14 14:26:52 -07:00
383b8b3351
#3 Switch send to dns01 challenge certresolver
2024-08-14 14:10:49 -07:00
1bcc37f70d
#3 Configure lets-encrypt-dns01 certresolver with its own acme.json storage
2024-08-14 14:10:17 -07:00
756225c680
#2 Switch postgress back to password from password file
2024-08-14 00:15:41 -07:00
228b3768cd
#2 Fix typo: extra underscore
2024-08-14 00:10:32 -07:00
b2028a5ad0
#2 Re-encrypt keycloak secrets with fighter's pubkey added to map
2024-08-14 00:05:58 -07:00
9ca38bd52c
#2 Replace Docker secrets with encrypted secrets.env file
...
Add encrypt and decrypt scripts
Add pubkeys file with desktop and fighter pubkeys
2024-08-13 23:34:15 -07:00
8729e02a23
Switch postgres to native password file, remove entrypoint injection
2024-08-13 15:52:02 -07:00
c4cc18835f
Resolve "/bin/sh: 1: source: not found"
2024-08-13 15:39:52 -07:00
8efd7c42a8
Simplify entrypoint
2024-08-13 15:38:57 -07:00
1f5801d31f
Correct entrypoint script name (this is going to be a pain)
2024-08-13 15:32:17 -07:00
aa0fe3365d
Experimental implementation of entrypoint injection to export secrets to env vars
2024-08-13 15:29:04 -07:00
f838aa199f
Remove deprecated HOSTNAME_URL option
2024-08-13 11:37:33 -07:00
d6682073d8
Update keycloak proxy configuration per upgrading guide.
...
https://www.keycloak.org/server/reverseproxy
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
2024-08-13 11:27:01 -07:00
037ce905d0
#2 Fix typo in secret filename
2024-08-13 11:15:13 -07:00
e6158be743
#2 Remove leftover env_file block for forwardauth
2024-08-13 11:12:38 -07:00
623470803b
Move manifests to old/ and init Terraform configuration for silver-hand
2024-08-12 16:41:28 -07:00
b01948219f
Init Traefik certresolver for dns01 challenges
2024-08-12 16:40:17 -07:00
3b2c9039c5
#2 Refactor Keycloak secret configuration
2024-08-12 16:39:28 -07:00
526fee4792
Init dungeon-master traefik instance for testing nested Traefik reverse proxies.
2024-08-12 16:38:24 -07:00
10e1fb2d74
Init passthrough router from fighter to dungeon-master
2024-08-12 13:08:28 -07:00
184013dde1
Fix accidental quotes
2024-08-09 16:28:11 -07:00
34fdb75fb7
Fix regexps for router rules
2024-08-09 16:27:25 -07:00
180a4bd14a
Add additional router for silver-hand
...
Per: https://community.traefik.io/t/run-traefik-behind-traefik-reverse-proxy/4044/6
2024-08-09 16:22:19 -07:00
e45dfd64e8
Switch TCP router to point to TLS port
2024-08-09 15:57:08 -07:00
e1f79bcaa8
Configure fighter traefik instance to pass through requests for *.jafner.dev to the k3s cluster
2024-08-09 15:55:24 -07:00
557be69e3f
Fix erroneous protocol prefix
2024-08-08 12:25:36 -07:00
c13727ce56
Init Traefik TCP router for passing *.k3s.jafner.net and k3s.jafner.net through to cluster ingress controller
2024-08-08 12:24:28 -07:00
cfbb22bed0
Document update process for Wizard
2024-08-07 16:23:47 -07:00
