1. 02 Jul, 2020 2 commits
  2. 01 Jul, 2020 7 commits
  3. 30 Jun, 2020 1 commit
    • Sheogorath's avatar
      Add monitoring setup to infrastructure · 474a2748
      Sheogorath authored
      This patch adds a first version of my monitoring setup to the
      repository. It should be improved over time, but for a first versions
      it's already rather satisfied.
      474a2748
  4. 22 Jun, 2020 1 commit
  5. 18 Jun, 2020 1 commit
  6. 15 Jun, 2020 2 commits
  7. 05 Jun, 2020 1 commit
  8. 02 Jun, 2020 1 commit
  9. 01 Jun, 2020 1 commit
  10. 29 May, 2020 1 commit
  11. 27 May, 2020 1 commit
  12. 24 May, 2020 6 commits
  13. 19 May, 2020 1 commit
  14. 18 May, 2020 1 commit
  15. 17 May, 2020 2 commits
  16. 11 May, 2020 1 commit
    • Sheogorath's avatar
      minecraft: Add minecraftctl CLI interface · aaf943ea
      Sheogorath authored
      This CLI allows management of the minecraft container. It can be used to
      allow people to manage the container who are not overly experienced with
      UNIX shell commands.
      
      The idea is to provide a simplified CLI that can do take care of the
      most essential tasks.
      aaf943ea
  17. 08 May, 2020 1 commit
  18. 06 May, 2020 1 commit
    • Sheogorath's avatar
      traefik: Fix alt-svc headers on all installations · 60109246
      Sheogorath authored
      The format for alt-svc headers in traefik 2.0 was wrongly used in all
      templates. This patch fixes the header by using
      `customresponseheaders.alt-svc=h2=` instead of
      `customresponseheaders.alt-svc:h2=`.
      
      After doing this the header is set again, properly. Thanks to perflyst
      for the report.
      60109246
  19. 04 May, 2020 2 commits
    • Sheogorath's avatar
      mastodon: Add postgres container hardening · d1364bc6
      Sheogorath authored
      d1364bc6
    • Sheogorath's avatar
      backup_lvm: Allow additional encrytion keys for backups · a7d23a34
      Sheogorath authored
      This patch adds the ability to specify an array of encryption keys that
      are used for the backup encryption. This should provide better
      recoverability in a crisis situation.
      
      The usual recommendation is to backup the gpg key, that is used for
      encryption and signing. But the time between storing this key and being
      in a recovery situation is huge and in worst case keys get lost.
      
      Adding a second key, that is more frequently used i.e. an encryption key
      stored on a yubikey that is used on a daily basis, might saves the day
      here. This of course means the backup has to be downloaded, decrypted
      and uploaded, but a backup that takes a few days to recover is better
      than a backup that can't be recovered at all.
      
      In order to use the new feature extend the `backup_gpg` config with a
      `sign_key` identifier and a `encryption_keys` identifier array.
      
      Example (old vs new):
      
      ```yaml
      ---
      
      backup_gpg:
        id: "123456789"
        passphrase: "abcdefghiklmnopqrstuvwxyz"
      ```
      
      vs.
      
      ```yaml
      ---
      
      backup_gpg:
        id: "123456789"
        passphrase: "abcdefghiklmnopqrstuvwxyz"
        sign_key: "123456789"
        encryption_keys:
          - "123456789"
          - "098765432"
      ```
      
      Note: The `backup_gpg.passphrase` is for the signing key, not for the
      encryption keys. The `backup_gpg.id` field exists only for backwards
      compatiblity.
      a7d23a34
  20. 01 May, 2020 1 commit
  21. 30 Apr, 2020 1 commit
    • Sheogorath's avatar
      static_websites: Add read-only mode for nginx · 2258c5bc
      Sheogorath authored
      Containers can gain a significant security benefit from read-only
      filesystems. This patch adds the ability to host nginx-based static
      websites in read-only mode and this way reduce the attack surface
      drastically.
      
      The patch provides the needed changes as well as an extension of the
      example in the README.
      2258c5bc
  22. 28 Apr, 2020 1 commit
  23. 23 Apr, 2020 1 commit
  24. 15 Apr, 2020 2 commits