remove data volume

fix terraform module source
move to virtiofs shared directory
2023-04-26 16:07:40 +02:00 · 2023-04-26 14:59:04 +02:00 · 2023-04-26 14:53:57 +02:00 · 2023-04-24 13:47:18 +02:00 · 2023-04-24 13:31:27 +02:00 · 2023-04-24 13:07:54 +02:00
138 changed files with 447 additions and 976 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend
+
 .vault_password
--- a/8
+++ b/8
@ -1,8 +0,0 @@
-all:
-	ansible-playbook playbooks/all.yml
-
-backup:
-	ansible-playbook playbooks/backup.yml
-	
-%:
-	ansible-playbook playbooks/all.yml --tags "$@"
--- a/README.md
+++ b/README.md
@ -1,59 +1,23 @@
-# Homeservers
+# Max

-This repository contains Ansible scripts to setup our home servers.
-The `common` role executes some common OS tasks.
-The `docker` role installs Docker.
-The other roles are specifically for the various services we run.
+Max is our VM running all of our web servers, provisioned with Terraform and configured with Ansible.

 ## Running services

-All services below are running under Docker, except NSD and Borg.
+All services below are implemented using Docker:

- Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl)
 - Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
- Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl))
+- Git server using [Forgejo](https://forgejo.org/) ([git.pim.kunis.nl](https://git.pim.kunis.nl))
+- Static website using [Jekyll](https://jekyllrb.com/) ([pim.kunis.nl](https://pim.kunis.nl))
 - File sychronisation using [Syncthing](https://syncthing.net/)
 - Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
+- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pim.kunis.nl](https://dav.pim.kunis.nl))
 - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
 - Cloud file storage using [Seafile](https://www.seafile.com)
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
+- Disposable mail server using [Inbucket](https://inbucket.org)
+- Digital toolbox using [Cyberchef](https://cyberchef.geokunis2.nl)
 - Jitsi Meet (https://meet.jit.si)
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
 - RSS feed reader using [FreshRSS](https://miniflux.app/)
 - Metrics using [Prometheus](https://prometheus.io/)
-
-## Possible future services
-
- matrix
- peertube?
- Pixelfed?
- Prometheus
- Concourse CI?
-
-## TODO
-
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Host tobb website?
- Move from Ubuntu to Debian
- move Mastodon to pim.kunis.nl
- Podman
- Replace watchtower with Podman features
- Move nginx static content server to this repo
- Move dataserver to its own repo
-
-### NSD
-
-#### ZSK Rollover
-
-Could make automatic key rollovers with cron or some other tool.
-
-#### Idempotency
-
-Currently I always resign zones.
-But for idempotency I should probably only do it if the zone has changed or the keys have changed.
-
-### Firewall
-
-A little more difficult because of docker networking but probably doable.
+- Latex editor using [Overleaf](https://www.overleaf.com/) ([latex.pim.kunis.nl](https://latex.pim.kunis.nl))
+- Markdown editor using [Hedgedoc](https://hedgedoc.org/)
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -1,5 +1,4 @@
 [defaults]
-# (pathspec) Colon separated paths in which Ansible will search for Roles.
 roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
 vault_password_file=util/secret-service-client.sh
--- a/ansible/inventory/host_vars/max.yml
+++ b/ansible/inventory/host_vars/max.yml
@ -1,5 +1,6 @@
-base_data_dir: /data
+base_data_dir: /mnt/data
 base_service_dir: /srv
+domain_name_pim: pim.kunis.nl

 # Additional open ports
 jitsi_videobridge_port: 54562
@ -7,6 +8,8 @@ git_ssh_port: 56287
 prometheus_port: 8081
 traefik_api_port: 8080
 internal_forgejo_port: 3000 # Needed to pull from a repository from another docker container.
-internal_matrix_port: 3001 # Needed for proxying through NGINX

-domain_name_pim: pim.kunis.nl
+docker_daemon_config:
+  default-address-pools:
+  - base: "10.204.0.0/16"
+    size: 24
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -0,0 +1,5 @@
+all:
+  hosts:
+    max:
+      ansible_user: root
+      ansible_host: max.dmz
--- a/ansible/max.yml
+++ b/ansible/max.yml
@ -0,0 +1,36 @@
+- name: Wait for servers to come up
+  hosts: max
+  gather_facts: no
+  roles:
+    - 'cloudinit-wait'
+
+- name: Start services
+  hosts: max
+  pre_tasks:
+  - name: Create base service directory
+    file:
+      path: "{{ base_service_dir }}"
+      state: directory
+  - name: Delete externally managed environment file
+    shell:
+      cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+    register: rm
+    changed_when: "rm.rc == 0"
+    failed_when: "false"
+  roles:
+    - {role: 'setup-apt', tags: 'setup-apt'}
+    - {role: 'watchtower', tags: 'watchtower'}
+    - {role: 'forgejo', tags: 'forgejo'}
+    - {role: 'syncthing', tags: 'syncthing'}
+    - {role: 'kms', tags: 'kms'}
+    - {role: 'cyberchef', tags: 'cyberchef'}
+    - {role: 'radicale', tags: 'radicale'}
+    - {role: 'mastodon', tags: 'mastodon'}
+    - {role: 'seafile', tags: 'seafile'}
+    - {role: 'jitsi', tags: 'jitsi'}
+    - {role: 'freshrss', tags: 'freshrss'}
+    - {role: 'static', tags: 'static'}
+    - {role: 'inbucket', tags: 'inbucket'}
+    - {role: 'prometheus', tags: 'prometheus'}
+    - {role: 'overleaf', tags: 'overleaf'}
+    - {role: 'hedgedoc', tags: 'hedgedoc'}
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,9 @@
+- name: setup-apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
+- name: cloudinit-wait
+  src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+  scm: git
+- name: docker
+  src: https://git.pim.kunis.nl/pim/ansible-role-docker
+  scm: git
--- a/ansible/roles/cyberchef/files/docker-compose.yml
+++ b/ansible/roles/cyberchef/files/docker-compose.yml
@ -0,0 +1,22 @@
+version: "3.7"
+
+services:
+   cyberchef-server:
+      image: mpepping/cyberchef
+      container_name: cyberchef
+      restart: always
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.cyberchef.entrypoints=websecure
+        - traefik.http.routers.cyberchef.rule=Host(`cyberchef.geokunis2.nl`)
+        - traefik.http.routers.cyberchef.tls=true
+        - traefik.http.routers.cyberchef.tls.certresolver=letsencrypt
+        - traefik.http.services.cyberchef.loadbalancer.server.port=8000
+        - traefik.http.routers.cyberchef.service=cyberchef
+        - traefik.docker.network=traefik
+      networks: 
+        - traefik
+
+networks:
+  traefik:
+    external: true
--- a/ansible/roles/cyberchef/meta/main.yml
+++ b/ansible/roles/cyberchef/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/cyberchef/tasks/main.yml
+++ b/ansible/roles/cyberchef/tasks/main.yml
@ -0,0 +1,13 @@
+- name: Create app directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy Docker Compose script
+  copy:
+    src: "{{ role_path }}/files/docker-compose.yml"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Start the Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
--- a/ansible/roles/cyberchef/vars/main.yml
+++ b/ansible/roles/cyberchef/vars/main.yml
@ -1,2 +1,2 @@
-service_name: traefik
+service_name: cyberchef
 service_dir: "{{ base_service_dir }}/{{ service_name }}"
--- a/ansible/roles/forgejo/meta/main.yml
+++ b/ansible/roles/forgejo/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/forgejo/tasks/main.yml
+++ b/ansible/roles/forgejo/tasks/main.yml
--- a/ansible/roles/forgejo/templates/app.ini.j2
+++ b/ansible/roles/forgejo/templates/app.ini.j2
@ -4,6 +4,7 @@ RUN_USER = git

 [repository]
 ROOT = /data/git/repositories
+DEFAULT_BRANCH = master

 [repository.local]
 LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
@ -38,6 +39,7 @@ CHARSET  = utf8

 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+ISSUE_INDEXER_TYPE = db

 [session]
 PROVIDER_CONFIG = /data/gitea/sessions
--- a/ansible/roles/forgejo/templates/docker-compose.yml.j2
+++ b/ansible/roles/forgejo/templates/docker-compose.yml.j2
@ -12,10 +12,10 @@ services:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
-    ports:
-      - "{{ internal_forgejo_port }}:3000"
    networks:
      - traefik
+    ports:
+      - "{{ internal_forgejo_port }}:3000"
    volumes:
      - {{ data_dir }}:/data
      - {{ service_dir }}/conf:/data/gitea/conf
--- a/ansible/roles/forgejo/vars/main.yml
+++ b/ansible/roles/forgejo/vars/main.yml
@ -3,7 +3,6 @@ data_dir: "{{ base_data_dir }}/{{ service_name }}"
 service_dir: "{{ base_service_dir }}/{{ service_name }}"
 git_domain: "git.{{ domain_name_pim }}"

-
 forgejo:
  root_url: "https://{{ git_domain }}"
  mailer_host: "smtp.tweak.nl"
--- a/ansible/roles/freshrss/meta/main.yml
+++ b/ansible/roles/freshrss/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/freshrss/tasks/main.yml
+++ b/ansible/roles/freshrss/tasks/main.yml
--- a/ansible/roles/freshrss/templates/docker-compose.yml.j2
+++ b/ansible/roles/freshrss/templates/docker-compose.yml.j2
@ -11,10 +11,8 @@ services:
      options:
        max-size: 10m
    volumes:
-      # Recommended volume for FreshRSS persistent data such as configuration and SQLite databases
-      - /data/freshrss/data:/var/www/FreshRSS/data
-      # Optional volume for storing third-party extensions
-      - /data/freshrss/extensions:/var/www/FreshRSS/extensions
+      - {{ data_dir }}/data:/var/www/FreshRSS/data
+      - {{ data_dir }}/extensions:/var/www/FreshRSS/extensions
    environment:
      TZ: Europe/Amsterdam
      CRON_MIN: '2,32'
--- a/ansible/roles/freshrss/vars/main.yml
+++ b/ansible/roles/freshrss/vars/main.yml
--- a/ansible/roles/hedgedoc/meta/main.yml
+++ b/ansible/roles/hedgedoc/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/hedgedoc/tasks/main.yml
+++ b/ansible/roles/hedgedoc/tasks/main.yml
@ -0,0 +1,22 @@
+- name: Create service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy Docker Compose script
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Create data directory
+  file:
+    path: "{{ data_dir }}"
+    state: directory
+- name: Create uploads directory
+  file:
+    path: "{{ data_dir }}/uploads"
+    state: directory
+    mode: 0777
+- name: Start the Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
--- a/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
+++ b/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
@ -0,0 +1,51 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+  internal:
+    external: false
+
+services:
+  database:
+    image: postgres:13.4-alpine
+    container_name: hedgedoc-database
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - {{ data_dir }}/database:/var/lib/postgresql/data
+    restart: always
+    networks:
+      - internal
+
+  app:
+    image: quay.io/hedgedoc/hedgedoc:1.9.7
+    container_name: hedgedoc
+    environment:
+      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
+      - CMD_DOMAIN={{ hedgedoc_domain }}
+      - CMD_PORT=3000
+      - CMD_URL_ADDPORT=false
+      - CMD_ALLOW_ANONYMOUS=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_SESSION_SECRET={{ session_secret }}
+    volumes:
+      - {{ data_dir }}/uploads:/hedgedoc/public/uploads
+    restart: always
+    depends_on:
+      - database
+    networks:
+      - traefik
+      - internal
+    labels:
+          - traefik.enable=true
+          - traefik.http.routers.hedgedoc.entrypoints=websecure
+          - traefik.http.routers.hedgedoc.rule=Host(`{{ hedgedoc_domain }}`)
+          - traefik.http.routers.hedgedoc.tls=true
+          - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
+          - treafik.http.routers.hedgedoc.service=hedgedoc
+          - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
+          - traefik.docker.network=traefik
--- a/ansible/roles/hedgedoc/vars/main.yml
+++ b/ansible/roles/hedgedoc/vars/main.yml
@ -0,0 +1,14 @@
+service_name: hedgedoc
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+hedgedoc_domain: "md.{{ domain_name_pim }}"
+session_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30633835386265643561343033326536653166343630396139303137613138383233666565666330
+          3032613865333836656566626435383165396539323837350a376331306464643766373839386638
+          65653865343539633636323833343964636332636461386434386432306230343833343431363134
+          6563373138626637650a633932313862326231666330343662343765666166373961376237396434
+          33396131353830323063326266623862353731653665626466653335656434303033353333353164
+          61613535373037646565386131383631366338616565373261396136616433393462313537313861
+          35313661616365373231373963323865393635626132343138363230313431636333363130346239
+          32656335333635613736
--- a/ansible/roles/inbucket/files/docker-compose.yml
+++ b/ansible/roles/inbucket/files/docker-compose.yml
--- a/ansible/roles/inbucket/meta/main.yml
+++ b/ansible/roles/inbucket/meta/main.yml
@ -1,3 +1,2 @@
 dependencies:
-  - role: common
  - role: docker
--- a/ansible/roles/inbucket/tasks/main.yml
+++ b/ansible/roles/inbucket/tasks/main.yml
--- a/ansible/roles/inbucket/vars/main.yml
+++ b/ansible/roles/inbucket/vars/main.yml
--- a/ansible/roles/jitsi/meta/main.yml
+++ b/ansible/roles/jitsi/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/jitsi/tasks/main.yml
+++ b/ansible/roles/jitsi/tasks/main.yml
--- a/ansible/roles/jitsi/templates/docker-compose.yml.j2
+++ b/ansible/roles/jitsi/templates/docker-compose.yml.j2
--- a/ansible/roles/jitsi/vars/main.yml
+++ b/ansible/roles/jitsi/vars/main.yml
--- a/ansible/roles/kms/files/docker-compose.yml
+++ b/ansible/roles/kms/files/docker-compose.yml
--- a/ansible/roles/kms/meta/main.yml
+++ b/ansible/roles/kms/meta/main.yml
@ -1,3 +1,2 @@
 dependencies:
-  - role: common
  - role: docker
--- a/ansible/roles/kms/tasks/main.yml
+++ b/ansible/roles/kms/tasks/main.yml
--- a/ansible/roles/kms/vars/main.yml
+++ b/ansible/roles/kms/vars/main.yml
--- a/ansible/roles/mastodon/files/.env.production
+++ b/ansible/roles/mastodon/files/.env.production
--- a/ansible/roles/mastodon/meta/main.yml
+++ b/ansible/roles/mastodon/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/mastodon/tasks/main.yml
+++ b/ansible/roles/mastodon/tasks/main.yml
--- a/ansible/roles/mastodon/templates/docker-compose.yml.j2
+++ b/ansible/roles/mastodon/templates/docker-compose.yml.j2
--- a/ansible/roles/mastodon/vars/main.yml
+++ b/ansible/roles/mastodon/vars/main.yml
--- a/ansible/roles/overleaf/meta/main.yml
+++ b/ansible/roles/overleaf/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/overleaf/tasks/main.yml
+++ b/ansible/roles/overleaf/tasks/main.yml
@ -0,0 +1,13 @@
+- name: Create service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy Docker Compose script
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Start the Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
--- a/ansible/roles/overleaf/templates/docker-compose.yml.j2
+++ b/ansible/roles/overleaf/templates/docker-compose.yml.j2
@ -0,0 +1,107 @@
+version: '2.2'
+
+networks:
+  traefik:
+    external: true
+  internal:
+    external: false
+
+services:
+    sharelatex:
+        restart: always
+        image: sharelatex/sharelatex
+        container_name: overleaf
+        networks:
+          - traefik
+          - internal
+        depends_on:
+            overleaf-mongodb:
+                condition: service_healthy
+            overleaf-redis:
+                condition: service_started
+        links:
+            - overleaf-mongodb
+            - overleaf-redis
+        stop_grace_period: 60s
+        volumes:
+            - {{ data_dir }}/overleaf/sharelatex_data:/var/lib/sharelatex
+        labels:
+          - traefik.enable=true
+          - traefik.http.routers.overleaf.entrypoints=websecure
+          - traefik.http.routers.overleaf.rule=Host(`latex.pim.kunis.nl`)
+          - traefik.http.routers.overleaf.tls=true
+          - traefik.http.routers.overleaf.tls.certresolver=letsencrypt
+          - treafik.http.routers.overleaf.service=overleaf
+          - traefik.http.services.overleaf.loadbalancer.server.port=80
+          - traefik.docker.network=traefik
+        environment:
+            SHARELATEX_APP_NAME: Overleaf Community Edition
+
+            SHARELATEX_MONGO_URL: mongodb://overleaf-mongodb:27017/sharelatex
+
+            # Same property, unfortunately with different names in
+            # different locations
+            SHARELATEX_REDIS_HOST: overleaf-redis
+            REDIS_HOST: overleaf-redis
+
+            ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
+
+            # Enables Thumbnail generation using ImageMagick
+            ENABLE_CONVERSIONS: 'true'
+
+            # Disables email confirmation requirement
+            EMAIL_CONFIRMATION_DISABLED: 'true'
+
+            # temporary fix for LuaLaTex compiles
+            # see https://github.com/overleaf/overleaf/issues/695
+            TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var
+
+            ## Set for SSL via nginx-proxy
+            #VIRTUAL_HOST: 103.112.212.22
+
+            SHARELATEX_SITE_URL: https://latex.pim.kunis.nl
+            # SHARELATEX_NAV_TITLE: Our ShareLaTeX Instance
+            # SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png
+            SHARELATEX_ADMIN_EMAIL: pim@kunis.nl
+
+            # SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"},{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]'
+            # SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
+
+            SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@kunis.nl"
+
+            SHARELATEX_EMAIL_SMTP_HOST: "smtp.tweak.nl"
+            SHARELATEX_EMAIL_SMTP_PORT: 587
+            SHARELATEX_EMAIL_SMTP_USER: ""
+            SHARELATEX_EMAIL_SMTP_PASS: ""
+            # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
+            # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
+            # SHARELATEX_EMAIL_SMTP_NAME: '127.0.0.1'
+            # SHARELATEX_EMAIL_SMTP_LOGGER: true
+            # SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
+
+    overleaf-mongodb:
+        restart: always
+        image: mongo:4.4
+        container_name: overleaf-mongodb
+        networks:
+          - internal
+        expose:
+            - 27017
+        volumes:
+            - {{ data_dir }}/overleaf/mongo_data:/data/db
+        healthcheck:
+            test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
+            interval: 10s
+            timeout: 10s
+            retries: 5
+
+    overleaf-redis:
+        restart: always
+        image: redis:5
+        container_name: overleaf-redis
+        networks:
+          - internal
+        expose:
+            - 6379
+        volumes:
+            - {{ data_dir }}/overleaf/redis_data:/data
--- a/ansible/roles/overleaf/vars/main.yml
+++ b/ansible/roles/overleaf/vars/main.yml
@ -0,0 +1,3 @@
+service_name: overleaf
+data_dir: "{{ base_data_dir}}/{{service_name}}"
+service_dir: "{{ base_service_dir}}/{{service_name}}"
--- a/ansible/roles/prometheus/meta/main.yml
+++ b/ansible/roles/prometheus/meta/main.yml
@ -1,3 +1,2 @@
 dependencies:
-  - role: common
  - role: docker
--- a/ansible/roles/prometheus/tasks/main.yml
+++ b/ansible/roles/prometheus/tasks/main.yml
--- a/ansible/roles/prometheus/templates/docker-compose.yml.j2
+++ b/ansible/roles/prometheus/templates/docker-compose.yml.j2
--- a/ansible/roles/prometheus/templates/prometheus.yml.j2
+++ b/ansible/roles/prometheus/templates/prometheus.yml.j2
--- a/ansible/roles/prometheus/vars/main.yml
+++ b/ansible/roles/prometheus/vars/main.yml
--- a/ansible/roles/radicale/files/radicale.conf
+++ b/ansible/roles/radicale/files/radicale.conf
@ -9,7 +9,7 @@ stock = utf-8
 [auth]
 realm = Radicale - Password Required
 type = htpasswd
-htpasswd_filename = /radicale/users
+htpasswd_filename = /config/users
 htpasswd_encryption = md5

 [rights]
--- a/ansible/roles/radicale/files/users
+++ b/ansible/roles/radicale/files/users
--- a/ansible/roles/radicale/meta/main.yml
+++ b/ansible/roles/radicale/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/radicale/tasks/main.yml
+++ b/ansible/roles/radicale/tasks/main.yml
@ -13,7 +13,7 @@
 - name: Copy radicale.conf
  copy:
    src: "{{ role_path }}/files/radicale.conf"
-    dest: "{{ service_dir }}/config/radicale.conf"
+    dest: "{{ service_dir }}/config/config"
 - name: Copy users file
  copy:
    src: "{{ role_path }}/files/users"
--- a/ansible/roles/radicale/templates/docker-compose.yml.j2
+++ b/ansible/roles/radicale/templates/docker-compose.yml.j2
@ -1,18 +1,28 @@
-version: '3'
-
-networks:
-  traefik:
-    external: true
+version: '3.7'

 services:
  radicale:
-    restart: always
-    image: mailu/radicale:1.9
+    image: tomsquest/docker-radicale
    container_name: radicale
+    init: true
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - CHOWN
+      - KILL
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 30s
+      retries: 3
+    restart: unless-stopped
    volumes:
      - {{ data_dir }}:/data
-      - {{ service_dir }}/config:/radicale
-    command: radicale -S -C /radicale/radicale.conf
+      - {{ service_dir }}/config:/config:ro
    networks:
      - traefik
    labels:
@ -23,3 +33,7 @@ services:
      - traefik.http.routers.radicale.tls.certresolver=letsencrypt
      - traefik.http.routers.radicale.service=radicale
      - traefik.http.services.radicale.loadbalancer.server.port=5232
+
+networks:
+  traefik:
+    external: true
--- a/ansible/roles/radicale/vars/main.yml
+++ b/ansible/roles/radicale/vars/main.yml
--- a/ansible/roles/seafile/meta/main.yml
+++ b/ansible/roles/seafile/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/seafile/tasks/main.yml
+++ b/ansible/roles/seafile/tasks/main.yml
--- a/ansible/roles/seafile/templates/docker-compose.yml.j2
+++ b/ansible/roles/seafile/templates/docker-compose.yml.j2
--- a/ansible/roles/seafile/vars/main.yml
+++ b/ansible/roles/seafile/vars/main.yml
--- a/ansible/roles/static/files/security.txt
+++ b/ansible/roles/static/files/security.txt
@ -0,0 +1 @@
+testje
--- a/ansible/roles/static/meta/main.yml
+++ b/ansible/roles/static/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: traefik
--- a/ansible/roles/static/tasks/main.yml
+++ b/ansible/roles/static/tasks/main.yml
@ -17,10 +17,10 @@
    cmd: "docker run --rm --volume=\"{{ service_dir }}/git:/srv/jekyll:Z\" -it jekyll/minimal jekyll build"
    chdir: "{{ service_dir }}"
  when: repo.changed
- name: Copy Matrix static files
+- name: Copy security.txt
  copy:
-    src: "{{ role_path }}/files/matrix/"
-    dest: "{{ service_dir }}/matrix/"
+    src: "{{ role_path }}/files/security.txt"
+    dest: "{{ service_dir }}/security.txt"
 - name: Copy docker compose file
  template:
    src: "{{ role_path }}/templates/docker-compose.yml.j2"
--- a/ansible/roles/static/templates/docker-compose.yml.j2
+++ b/ansible/roles/static/templates/docker-compose.yml.j2
@ -12,24 +12,15 @@ services:
      - {{ service_dir }}/security.txt:/var/www/blog/security.txt
    networks:
      - traefik
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
    labels:
      - traefik.enable=true
      - traefik.http.routers.blog.entrypoints=websecure
-      - "traefik.http.routers.blog.rule=(Host(`{{ domain_name_pim }}`) || Path(`/security.txt`, `/.well-known/security.txt`, `/_matrix`, `/.well-known/matrix/`))"
+      - "traefik.http.routers.blog.rule=(Host(`{{ domain_name_pim }}`) || Path(`/security.txt`, `/.well-known/security.txt`))"
      - traefik.http.routers.blog.tls=true
      - traefik.http.routers.blog.tls.certresolver=letsencrypt
      - traefik.http.routers.blog.service=blog
      - traefik.http.services.blog.loadbalancer.server.port=80

-      - traefik.http.routers.matrix-fed.entrypoints=matrix
-      - traefik.http.routers.matrix-fed.rule=Host(`matrix.pim.kunis.nl`)
-      - traefik.http.routers.matrix-fed.tls=true
-      - traefik.http.routers.matrix-fed.tls.certresolver=letsencrypt
-      - traefik.http.routers.matrix-fed.service=matrix-fed
-      - traefik.http.services.matrix-fed.loadbalancer.server.port=8448
-
 networks:
  traefik:
    external: true
--- a/ansible/roles/static/templates/nginx.conf.j2
+++ b/ansible/roles/static/templates/nginx.conf.j2
@ -10,31 +10,6 @@ server {
 	}
 }

-server {
-    # For the federation port
-    listen 8448 http2 default_server;
-    listen [::]:8448 http2 default_server;
-
-    server_name matrix.pim.kunis.nl;
-
-    location ~ ^(/_matrix|/_synapse/client) {
-        # note: do not add a path (even a single /) after the port in `proxy_pass`,
-        # otherwise nginx will canonicalise the URI and cause signature verification
-        # errors.
-        proxy_pass http://host.docker.internal:{{ internal_matrix_port }};
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
-
-        # Nginx by default only allows file uploads up to 1M in size
-        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
-        client_max_body_size 50M;
-	
-	# Synapse responses may be chunked, which is an HTTP/1.1 feature.
-	proxy_http_version 1.1;
-    }
-}
-
 server {
 	listen 80;
 	server_name {{ domain_name_pim }};
--- a/ansible/roles/static/vars/main.yml
+++ b/ansible/roles/static/vars/main.yml
@ -1,3 +1,3 @@
 service_name: static
 service_dir: "{{ base_service_dir }}/{{ service_name }}"
-git_origin: "http://localhost:{{ internal_forgejo_port }}/pim/static.git"
+git_origin: "http://git.pim.kunis.nl/pim/static.git"
--- a/ansible/roles/syncthing/files/cert.pem
+++ b/ansible/roles/syncthing/files/cert.pem
--- a/ansible/roles/syncthing/files/key.pem
+++ b/ansible/roles/syncthing/files/key.pem
--- a/ansible/roles/syncthing/meta/main.yml
+++ b/ansible/roles/syncthing/meta/main.yml
@ -1,4 +1,2 @@
 dependencies:
-  - role: common
  - role: docker
-  
--- a/ansible/roles/syncthing/tasks/main.yml
+++ b/ansible/roles/syncthing/tasks/main.yml
--- a/ansible/roles/syncthing/templates/config.xml.j2
+++ b/ansible/roles/syncthing/templates/config.xml.j2
--- a/ansible/roles/syncthing/templates/docker-compose.yml.j2
+++ b/ansible/roles/syncthing/templates/docker-compose.yml.j2
--- a/ansible/roles/syncthing/vars/main.yml
+++ b/ansible/roles/syncthing/vars/main.yml
--- a/ansible/roles/traefik/files/services.toml
+++ b/ansible/roles/traefik/files/services.toml
@ -3,4 +3,4 @@
    [http.services.esrom]
      [http.services.esrom.loadBalancer]
        [[http.services.esrom.loadBalancer.servers]]
-          url = "http://192.168.30.2:80/"
+          url = "http://esrom.dmz:80/"
--- a/ansible/roles/traefik/meta/main.yml
+++ b/ansible/roles/traefik/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: docker
--- a/ansible/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@ -2,10 +2,14 @@
  file:
    path: "{{ service_dir }}"
    state: directory
+- name: Create data directory
+  file:
+    path: "{{ data_dir }}"
+    state: directory
 - name: Create acme file
  copy:
    content: ""
-    dest: "{{ service_dir }}/acme.json"
+    dest: "{{ data_dir }}/acme.json"
    force: no
    mode: 0600
 - name: Copy Docker Compose script
--- a/ansible/roles/traefik/templates/docker-compose.yml.j2
+++ b/ansible/roles/traefik/templates/docker-compose.yml.j2
@ -14,12 +14,11 @@ services:
      - "80:80"
      - "{{ git_ssh_port }}:{{ git_ssh_port }}"
      - "{{ traefik_api_port }}:{{ traefik_api_port }}"
-      - "8448:8448"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
      - {{ service_dir }}/services.toml:/etc/traefik/services.toml
-      - {{ service_dir }}/acme.json:/acme.json
+      - {{ data_dir }}/acme.json:/acme.json
    networks:
      - traefik
    labels:
@ -31,6 +30,6 @@ services:
      - traefik.http.routers.esrom.tls=true
      - traefik.http.routers.esrom.tls.certresolver=letsencrypt

-      - traefik.http.routers.traefik.rule=Host(`max.lan`)
+      - traefik.http.routers.traefik.rule=Host(`max.dmz`)
      - traefik.http.routers.traefik.entrypoints=internal
      - traefik.http.routers.traefik.service=api@internal
--- a/ansible/roles/traefik/templates/traefik.toml.j2
+++ b/ansible/roles/traefik/templates/traefik.toml.j2
@ -15,8 +15,6 @@ loglevel = "DEBUG"
    address = ":{{ jitsi_videobridge_port }}/udp"
  [entryPoints.internal]
    address = ":{{ traefik_api_port }}"
-  [entryPoints.matrix]
-    address = ":8448"

 [api]
  insecure = false
--- a/ansible/roles/traefik/vars/main.yml
+++ b/ansible/roles/traefik/vars/main.yml
@ -0,0 +1,3 @@
+service_name: traefik
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
--- a/ansible/roles/watchtower/files/docker-compose.yml
+++ b/ansible/roles/watchtower/files/docker-compose.yml
@ -4,5 +4,5 @@ services:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-    command: --schedule "0 0 4 * * *" --include-restarting --cleanup --include-stopped --no-startup-message
+    command: --schedule "0 0 4 * * *" --cleanup --include-stopped --no-startup-message
    restart: always
--- a/ansible/roles/watchtower/meta/main.yml
+++ b/ansible/roles/watchtower/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: docker
--- a/ansible/roles/watchtower/tasks/main.yml
+++ b/ansible/roles/watchtower/tasks/main.yml
--- a/ansible/roles/watchtower/vars/main.yml
+++ b/ansible/roles/watchtower/vars/main.yml
--- a/ansible/util/secret-service-client.sh
+++ b/ansible/util/secret-service-client.sh
@ -4,7 +4,6 @@ pass=`secret-tool lookup ansible_vault homeservers`
 retval=$?

 if [ $retval -ne 0 ]; then
-	echo Provide password:
 	read -s pass
 fi
 echo $pass
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -1,8 +0,0 @@
-borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
-dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
-kingston1tb_mount_point: "/mnt/kingston1TB"
-backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
-
-admin_public_keys:
-  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
-  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
--- a/inventory/group_vars/dataserver.yml
+++ b/inventory/group_vars/dataserver.yml
@ -1 +0,0 @@
-kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -1,12 +0,0 @@
-all:
-  children:
-    homeserver:
-      hosts:
-        max:
-          ansible_user: root
-          ansible_host: max.lan
-    dataserver:
-      hosts:
-        lewis:
-          ansible_user: root
-          ansible_host: lewis.lan
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@ -1,23 +0,0 @@
- name: Setup homeserver
-  hosts: homeserver
-  roles:
-    - {role: 'ssh', tags: 'ssh'}
-    - {role: 'watchtower', tags: 'watchtower'}
-    - {role: 'borg', tags: 'borg'}
-    - {role: 'nsd', tags: 'nsd'}
-    - {role: 'forgejo', tags: 'forgejo'}
-    - {role: 'syncthing', tags: 'syncthing'}
-    - {role: 'kms', tags: 'kms'}
-    - {role: 'radicale', tags: 'radicale'}
-    - {role: 'mastodon', tags: 'mastodon'}
-    - {role: 'seafile', tags: 'seafile'}
-    - {role: 'jitsi', tags: 'jitsi'}
-    - {role: 'freshrss', tags: 'freshrss'}
-    - {role: 'static', tags: 'static'}
-    - {role: 'inbucket', tags: 'inbucket'}
-    - {role: 'prometheus', tags: 'prometheus'}
-    - {role: 'matrix', tags: 'matrix'}
- name: Setup dataserver
-  hosts: dataserver
-  roles:
-    - {role: 'dataserver', tags: 'dataserver'}
--- a/playbooks/backup.yml
+++ b/playbooks/backup.yml
@ -1,7 +0,0 @@
- name: Create backup
-  hosts: homeserver
-  
-  tasks:
-    - name: Create backup
-      command:
-        cmd: systemctl start backup.service
--- a/roles/borg/files/backup.timer
+++ b/roles/borg/files/backup.timer
@ -1,10 +0,0 @@
-[Unit]
-Description=Backup data daily 
-
-[Timer]
-OnCalendar=*-*-* 3:00:00
-Persistent=true
-RandomizedDelaySec=1h
-
-[Install]
-WantedBy=timers.target
--- a/roles/borg/files/id_ed25519
+++ b/roles/borg/files/id_ed25519
@ -1,25 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39646436383433653539316135323332303832633864366363313031636534353531386638323037
-6364366663313964633239613261373733333736316534390a306262373634303536353365396138
-35626433353935633534353636613232623531303765636139363139646265653361353164656363
-3465316438373734330a636563346263633332353962353033336565356435353739646263343339
-38633832343230393631633434323231313438336537383930646562356264346534663235323035
-31643861306134663662353938643861393861333838633338613131363136333766353131313666
-30393437616539643263386331343166636434323435666636386562353239373330336462653636
-38306161393634356636613334323038366365626138326365303063313564653365313063643432
-66306664356662326638363736366462343636393466303432323661323431393337306132386531
-65663736643565363634373461666631356439373935353734636535636538626630666462653636
-33363730626662313336633132393437666533363136643464653462646561393861376464366238
-35383136333939653265366336356234613166353162366365346462633639396335653432353964
-35303964633339356531343437393231303936623465383265666134316335666531636337383563
-30326530396439363438396439313264643765366663343439646333326664633231626662666463
-38616235353730346239396265306230623135626332636330666461333864306664346637396233
-61343535396230363938306162313938363063353934323764656538666337656431363634333739
-62373234356131373931333736373136343166636465643065643337386539376361383965343762
-33633837626637393832366332343332303361306230626131346539323538383365316535666532
-30666439643263653835666430393439396239333464336133316264323234643361336434343763
-61306133373335353563646331303562326139613133356139366632363738316461633739333161
-33666531653239626362363364346566373430656538356166346363333531656433393034333232
-65353139623435383330353864336132313031656362386538626464313264333231653831373834
-33363632616430303763616366356131323265313337323836396264623539316436616333383933
-62653865623831626330
--- a/roles/borg/meta/main.yml
+++ b/roles/borg/meta/main.yml
@ -1,2 +0,0 @@
-dependencies:
-  - role: common
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
@ -1,38 +0,0 @@
- name: Install borg
-  apt:
-    pkg:
-      - borgbackup
-      - borgmatic
- name: Create borg service directory
-  file:
-    path: "{{ service_dir }}"
-    state: directory
- name: Copy borg backup configuration
-  template:
-    src: "{{ role_path }}/templates/backup.yml.j2"
-    dest: "{{ service_dir }}/backup.yml"
- name: Copy private key
-  copy:
-    src: "{{ role_path }}/files/id_ed25519"
-    dest: "{{ service_dir }}/id_ed25519"
-    mode: 0600
- name: Copy systemd timer backup service
-  template:
-    src: "{{ role_path }}/templates/backup.service.j2"
-    dest: "/etc/systemd/system/backup.service"
-  register: service
- name: Copy systemd timer backup timer
-  copy:
-    src: "{{ role_path }}/files/backup.timer"
-    dest: "/etc/systemd/system/backup.timer"
-  register: timer
- name: Enable systemd timer
-  systemd:
-    name: backup.timer
-    enabled: true
-    state: started
-    daemon_reload: "{{ 'yes' if service.changed or timer.changed else 'no' }}"
- name: Restore backup
-  command:
-    cmd: "borgmatic extract --archive latest --destination / --config {{ service_dir }}/backup.yml"
-    creates: /data
--- a/roles/borg/templates/backup.service.j2
+++ b/roles/borg/templates/backup.service.j2
@ -1,6 +0,0 @@
-[Unit]
-Description=Backup data using borgmatic
-
-[Service]
-ExecStart=/usr/bin/borgmatic --config {{ service_dir }}/backup.yml
-Type=oneshot
--- a/roles/borg/templates/backup.yml.j2
+++ b/roles/borg/templates/backup.yml.j2
@ -1,17 +0,0 @@
-location:
-    source_directories:
-        - {{ base_data_dir }}
-    repositories:
-        - ssh://root@lewis.lan/{{ backup_location }}
-retention:
-    keep_daily: 7
-    keep_weekly: 4
-    keep_monthly: 6
-storage:
-    ssh_command: ssh -i {{ service_dir }}/id_ed25519
-    unknown_unencrypted_repo_access_is_ok: true
-hooks:
-    before_everything:
-        - systemctl stop docker docker.socket
-    after_everything:
-        - systemctl start docker
--- a/roles/borg/vars/main.yml
+++ b/roles/borg/vars/main.yml
@ -1,2 +0,0 @@
-service_name: borg
-service_dir: "{{ base_service_dir }}/{{ service_name }}"
--- a/roles/common/files/resolv.conf
+++ b/roles/common/files/resolv.conf
@ -1,4 +0,0 @@
-nameserver 192.168.30.1
-nameserver 1.1.1.1
-nameserver 1.0.0.1
-search lan
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,26 +0,0 @@
- name: APT upgrade
-  apt:
-    autoremove: true
-    upgrade: yes
-    state: latest
-    update_cache: yes
-    cache_valid_time: 86400 # One day
- name: Create base service directory
-  file:
-    path: "{{ base_service_dir }}"
-    state: directory
- name: Disable systemd-resolved
-  systemd:
-    name: systemd-resolved
-    enabled: false
-    state: stopped
- name: Copy resolv.conf
-  copy:
-    src: "{{ role_path }}/files/resolv.conf"
-    dest: /etc/resolv.conf
-    follow: true
- name: Add dataserver to known hosts
-  known_hosts:
-    name: "lewis.lan"
-    key: "lewis.lan ssh-ed25519 {{ dataserver_public_key }}"
-    state: present
--- a/roles/dataserver/files/ssh_host_ed25519_key
+++ b/roles/dataserver/files/ssh_host_ed25519_key
@ -1,25 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38633038656332643033396338303864343332636434633331366266383235316235313236646361
-6634313931303637616535373966316165656564366437330a393465356237626631303063363061
-62323737343635316139636664663937333233323737376238656566633037613938383737306132
-6237633230623962320a643433323532646261366532346234653332323336653162366433626465
-31386461393535303730333865356364646137386634643630353831383039353763396536313439
-30333335623364306166346232303862633636633066323062313531363234396362653232316261
-36666132623030323332623334323632636639646239363032626364646334643461346662616366
-39656266643937663531656137353031353130366238326535383261333539353439353566313537
-38353632353039643530613766313033313063333331333733613939383731663262623766626266
-64363061306166353633333634363332633461346538316661666364626639366132356434343631
-61373432633863643237386435386633366161393934646562343261386335353638353033343932
-62393633366163613064393966663830646237613265396462376238396639363566363865303861
-36343666326632626166323430303137323236346137346131623636653236353061343633383437
-61396534636166353038626162376335363137636164616631646261366332303135306237356432
-61626261656332666536343039316333303431653931666233363366613166663266663130656633
-39316363326532653665626136393135373863383234326638303466353930653038303433643536
-30666237363230306634333162396562623034386232666465343631306433373764626634613635
-63343965623163356536626162613863373033396565366361353538323933656165653932653937
-34666538353139636366333765363733336134396566613134303530633666326165306131353535
-33653133663166333964326330366530643730363861626261666366383334613661303762636663
-34376531343732346630643466616638323537633665373333346162306361393836326533636630
-61656335306337643930613662613832626530653630343566643661356666313331316438366538
-37333166636639363838303665626137643731626338356662656338393335343239376635303633
-35663237653238313133
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Pim Kunis	a57d59ac04	remove data volume	2023-04-26 16:07:40 +02:00
Pim Kunis	c25e4ca41d	fix terraform module source	2023-04-26 14:59:04 +02:00
Pim Kunis	8a634be9ab	move to virtiofs shared directory	2023-04-26 14:53:57 +02:00
Pim Kunis	37fe3937e5	save LE certificates on data disk closes #25	2023-04-24 13:47:18 +02:00
Pim Kunis	e6f64d4f4d	rename TF module closes #18	2023-04-24 13:31:27 +02:00
Pim Kunis	2cc35feebb	increase disk size in Terraform as well	2023-04-24 13:07:54 +02:00
Pim Kunis	bf094a02d6	put docker role in separate repo	2023-04-17 19:35:33 +02:00
Pim Kunis	69cf0a1d4b	cleanup	2023-04-17 19:01:42 +02:00
Pim Kunis	72d07aac36	change hedgedoc container names closes #24	2023-04-16 12:21:10 +02:00
Pim Kunis	aa0987593e	change overleaf container names closes #23	2023-04-16 12:15:39 +02:00
Pim Kunis	58aeaacc67	add hedgedoc service close #9	2023-04-15 13:04:33 +02:00
Pim Kunis	fef821f770	update readme fixed #8	2023-04-14 20:10:14 +02:00
Pim Kunis	cd224321df	add overleaf service	2023-04-14 20:08:18 +02:00
Pim Kunis	b8adaee9d4	use cloudinit-wait role from git	2023-04-14 09:38:34 +02:00
Pim Kunis	723bc7ed33	update README.md	2023-04-13 17:45:11 +02:00
Pim Kunis	9eb52229f1	change directory structure	2023-04-13 17:24:01 +02:00
Pim Kunis	b89713643d	fix unable to scope ansible to tags fixes #4	2023-04-13 17:21:48 +02:00
Pim Kunis	f8bd422451	fix freshrss data location (#3 )	2023-04-13 13:00:19 +02:00
Pim Kunis	7c220a5501	fix #2	2023-04-13 11:43:42 +02:00
Pim Kunis	74a4de1615	virtualize (#3 ) Reviewed-on: https://git.pim.kunis.nl/home/max/pulls/3	2023-04-12 21:26:46 +00:00
Pim Kunis	72f2cc91f6	remove makefile	2023-04-12 14:59:56 +02:00
Pim Kunis	da13d96bf7	Merge branch 'master' of ssh://git.pim.kunis.nl:56287/home/max	2023-04-11 22:41:27 +02:00
Pim Kunis	73921cdd57	remove backup functionality	2023-04-11 22:41:18 +02:00
Pim Kunis	3988a26d93	Update 'README.md'	2023-04-10 09:53:27 +00:00
niels	a8b63203d8	Update 'README.md'	2023-04-03 20:07:57 +00:00
niels	6587dea614	Update 'README.md'	2023-04-03 20:07:07 +00:00
niels	d87705fdad	Update 'README.md'	2023-04-03 20:06:45 +00:00
niels	5d454bee04	Update 'README.md'	2023-04-03 20:05:49 +00:00
niels	69a520b70a	Update 'README.md'	2023-04-03 20:04:58 +00:00
niels	4d4ed08ce6	Update 'README.md'	2023-04-03 20:03:35 +00:00
pizzaniels	d81bcbaba2	added cyberchef.geokunis2.nl	2023-04-03 21:31:57 +02:00
Pim Kunis	3865e57f9a	remove authoritative DNS server	2023-03-19 11:44:16 +01:00
Pim Kunis	cc4704b2b9	fix esrom ip address	2023-03-17 21:06:47 +01:00
Pim Kunis	a1713233c5	set dns to dmz vm	2023-03-14 23:06:10 +01:00
Pim Kunis	c65dc64aaa	change hostnames	2023-03-14 22:44:41 +01:00
Pim Kunis	bb2a4ecbcc	Update 'README.md'	2023-03-14 21:11:24 +00:00
Pim Kunis	0bf2ffdb8f	change forgejo default branch to master	2023-03-11 11:25:23 +01:00
pizzaniels	a364830b10	correctie op ipv adres van wireguard	2023-03-05 13:57:58 +01:00
Pim Kunis	e105fef482	remove echo from vault password prompt	2023-02-25 18:12:17 +01:00
Pim Kunis	5ed08e0f1a	move dataserver to seperate repo	2023-02-25 15:42:28 +01:00
Pim Kunis	b9f923787e	fix static website git pull	2023-02-25 15:14:32 +01:00
				`@ -1 +0,0 @@`
				`kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"`