- Feb 26, 2021
- Feb 19, 2021
-
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
To make more uniform, use the same location on all hosts. Instead of copying the same tasks over and over in the renew-certs playbook in the homelab repo.
-
nimrod authored
Those directories were used by hosts now served by ns4.
-
nimrod authored
-
nimrod authored
-
nimrod authored
Access LAM on its own domain (from inside the network only).
-
nimrod authored
- No more proxying in www.shore.co.il. I think about redoing it all with a subdomain per service. Also no more secrets, intead authenticate against the LDAP server or something. - CI templates. - Simpler self-signed SSL certificate generation. - Set the hostname in CI. - Use the www-redirect snippet in shore.co.il.
-
nimrod authored
-
- Feb 11, 2021
-
-
nimrod authored
Mainly ChaCha20. Also disable AESCCM (as per https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ it's slow and uncommon).
-
- Feb 04, 2021
-
-
nimrod authored
Vouch uses the Host header for calculating the JWT but we can't override that (proxying won't work with an incorrect header). So instead it to each deployment so we don't have multiple proxies and can override the Host header.
-
- Jan 30, 2021
-
-
nimrod authored
-
- Jan 29, 2021
- Jan 28, 2021
-
-
nimrod authored
-
- Jan 27, 2021
-
-
nimrod authored
Needed for the default (fallback) acme challenge access (with the renew-certs playbooks from the homelab repo).
-
- Jan 26, 2021
-
-
nimrod authored
-
- Jan 22, 2021
- Jan 12, 2021
-
-
nimrod authored
The Docker resolver replies with a TTL of 600, too long. Refresh after 30 seconds.
-
nimrod authored
-
nimrod authored
By default the cerificate is valid for 30 days, reasonable. Also, using -batch means the default values are used and the certificate is generated without any input required.
-
nimrod authored
-
nimrod authored
I'm moving some services to ns4, some will remain on host01. I'm branching to have specific deployment for each host. So have a minimal and generic master branch so common changes will be done there and I'll rebase the other branches on top of it.
-
- Jan 08, 2021
-
-
nimrod authored
So the directory is always there (in case I'm going to delete the files inside).
-
nimrod authored
-
nimrod authored
I really should have added those much earlier.
-
nimrod authored
- Use common pre-commit snippet for Docker projects. - Use GitLab CI template for pre-commit job.
-
nimrod authored
In case the host isn't passed (or isn't known), redirect to www.shore.co.il.
-
- Dec 13, 2020
- Dec 12, 2020