1. 05 Jun, 2020 1 commit
  2. 02 Jun, 2020 1 commit
  3. 01 Jun, 2020 1 commit
  4. 29 May, 2020 1 commit
  5. 27 May, 2020 1 commit
  6. 24 May, 2020 6 commits
  7. 19 May, 2020 1 commit
  8. 18 May, 2020 1 commit
  9. 17 May, 2020 2 commits
  10. 11 May, 2020 1 commit
    • Sheogorath's avatar
      minecraft: Add minecraftctl CLI interface · aaf943ea
      Sheogorath authored
      This CLI allows management of the minecraft container. It can be used to
      allow people to manage the container who are not overly experienced with
      UNIX shell commands.
      The idea is to provide a simplified CLI that can do take care of the
      most essential tasks.
  11. 08 May, 2020 1 commit
  12. 06 May, 2020 1 commit
    • Sheogorath's avatar
      traefik: Fix alt-svc headers on all installations · 60109246
      Sheogorath authored
      The format for alt-svc headers in traefik 2.0 was wrongly used in all
      templates. This patch fixes the header by using
      `customresponseheaders.alt-svc=h2=` instead of
      After doing this the header is set again, properly. Thanks to perflyst
      for the report.
  13. 04 May, 2020 2 commits
    • Sheogorath's avatar
      mastodon: Add postgres container hardening · d1364bc6
      Sheogorath authored
    • Sheogorath's avatar
      backup_lvm: Allow additional encrytion keys for backups · a7d23a34
      Sheogorath authored
      This patch adds the ability to specify an array of encryption keys that
      are used for the backup encryption. This should provide better
      recoverability in a crisis situation.
      The usual recommendation is to backup the gpg key, that is used for
      encryption and signing. But the time between storing this key and being
      in a recovery situation is huge and in worst case keys get lost.
      Adding a second key, that is more frequently used i.e. an encryption key
      stored on a yubikey that is used on a daily basis, might saves the day
      here. This of course means the backup has to be downloaded, decrypted
      and uploaded, but a backup that takes a few days to recover is better
      than a backup that can't be recovered at all.
      In order to use the new feature extend the `backup_gpg` config with a
      `sign_key` identifier and a `encryption_keys` identifier array.
      Example (old vs new):
        id: "123456789"
        passphrase: "abcdefghiklmnopqrstuvwxyz"
        id: "123456789"
        passphrase: "abcdefghiklmnopqrstuvwxyz"
        sign_key: "123456789"
          - "123456789"
          - "098765432"
      Note: The `backup_gpg.passphrase` is for the signing key, not for the
      encryption keys. The `backup_gpg.id` field exists only for backwards
  14. 01 May, 2020 1 commit
  15. 30 Apr, 2020 1 commit
    • Sheogorath's avatar
      static_websites: Add read-only mode for nginx · 2258c5bc
      Sheogorath authored
      Containers can gain a significant security benefit from read-only
      filesystems. This patch adds the ability to host nginx-based static
      websites in read-only mode and this way reduce the attack surface
      The patch provides the needed changes as well as an extension of the
      example in the README.
  16. 28 Apr, 2020 1 commit
  17. 23 Apr, 2020 1 commit
  18. 15 Apr, 2020 2 commits
  19. 13 Apr, 2020 1 commit
    • Sheogorath's avatar
      thelounge: Up memory limits · 8349ab46
      Sheogorath authored
      As always it seems like I put the memory limits a bit too low. With this
      changes the outages for the bouncer should stop.
  20. 12 Apr, 2020 2 commits
  21. 10 Apr, 2020 1 commit
    • Sheogorath's avatar
      gitlab: Fix not loading UI parts due to CSP · 5220848c
      Sheogorath authored
      Due to the use of eval, some parts of the UI, such as the comment field
      on MRs, were broken. This patch should fix those issues by adding an
      `unsafe-eval` statement to the CSP.
  22. 09 Apr, 2020 1 commit
  23. 07 Apr, 2020 6 commits
  24. 06 Apr, 2020 3 commits