| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-01-15 | Fix certbot renewal hook script for dovecot | Dmitry Ilvokhin | |
| Replace devecot -> dovecot. | |||
| 2024-12-29 | Add `ninja` to dev role | Dmitry Ilvokhin | |
| 2024-12-26 | Add role for irssi | Dmitry Ilvokhin | |
| 2024-12-21 | Add comment why `man-pages` is needed in dev role | Dmitry Ilvokhin | |
| 2024-12-21 | Add `jq`, `tree` and `man-pages` to dev role | Dmitry Ilvokhin | |
| 2024-12-21 | Add dev role to setup development environment | Dmitry Ilvokhin | |
| 2024-12-08 | Add two more clients to `wgvpn0` | Dmitry Ilvokhin | |
| 2024-11-03 | Replace gnu-netcat with openbsd-netcat | Dmitry Ilvokhin | |
| openbsd-netcat required as dependency for cloud-init. | |||
| 2024-10-05 | Make screenrc compatible with screen 5.0.0 version | Dmitry Ilvokhin | |
| GNU Screen does not support colors specification as letters anymore. Here is relevant quote from manpage: > The old format of specifying colors by letters (k,r,g,y,b,m,c,w) is > now deprecated. And by deprecated they mean doesn't work anymore. Unfortunately, macOS ships screen version 4.00.03 and I couldn't figure out a way to have screenrc syntax to work on both 5.0 and 4.0 versions at the same time. One more problem is `screen --version` changed return code, so even code for checking if screen is installed at all doesn't work anymore. Need to figure out a proper way forward. For now I just installed screen version 5.0.0 from homebrew to fix macOS setup and at the same time make Linux machines happy as well. | |||
| 2024-09-15 | Extend postfix body_checks to prevent spam | Dmitry Ilvokhin | |
| 2024-06-30 | Use `delegate_to` instead of `local_action` | Dmitry Ilvokhin | |
| 2024-06-30 | Use `ansible.builtin.shell` instead of `cmd` | Dmitry Ilvokhin | |
| 2024-06-30 | Fix one more missing `yes` usage | Dmitry Ilvokhin | |
| 2024-06-30 | Cleanup quotes usage in YAML files | Dmitry Ilvokhin | |
| Seems quotes in YAML is a mess. Official guidelines (see explanation here [1]) are following. 1. If you can get away without quotes, do not use them. 2. Use single quotes if you need quotes. 3. Use double quotes if you can't use single quotes for some reason. Common reason for double quotes in this repository is line breaks for long lines and control characters (\n, \t) in replacement patterns. Hope, I didn't break anything. Tested with following commands, because there are no changes in others. $ ansible-playbook dotfiles.yml $ ansible-playbook master.yml [1]: https://stackoverflow.com/a/69850618/1313516 | |||
| 2024-06-30 | Migrate from `yes` to `true` | Dmitry Ilvokhin | |
| 2024-06-29 | Add wg-quick@wgtor0 as dependency to tor | Dmitry Ilvokhin | |
| Otherwise tor could not bind ports on wgtor0 ip addresses as it wasn't up yet. | |||
| 2024-06-23 | Remove trailing spaces | Dmitry Ilvokhin | |
| 2024-06-23 | Introduce sysupgrade playbook | Dmitry Ilvokhin | |
| Playbook sysupgrade.yml is a attempt to do automatic full system upgrade. Currently logic is completely automated for happy path. 1. Shutdown machine. 2. Take snapshot from the machine. 3. Power on machine back. 4. Update archlinux-keyring. 5. Upgrade everything. 6. Reboot. If something is working, then we are done. Otherwise, restore from snapshot manually and try to figure out what went wrong. | |||
| 2024-06-15 | Tor -> tor for consistency | Dmitry Ilvokhin | |
| 2024-06-15 | WireGuard -> wireguard for consistency | Dmitry Ilvokhin | |
| 2024-06-15 | Rename wg0 interface to wgnet0 | Dmitry Ilvokhin | |
| 2024-06-15 | Rename wg1 interface to wgvpn0 | Dmitry Ilvokhin | |
| 2024-06-15 | Rename wg2 interface to wgtor0 | Dmitry Ilvokhin | |
| 2024-06-14 | Mark gate as jumphost | Dmitry Ilvokhin | |
| 2024-06-14 | Add comment why we use reload for wgnet | Dmitry Ilvokhin | |
| 2024-06-14 | Fix wrong state restart -> restarted | Dmitry Ilvokhin | |
| 2024-06-14 | Manually create /etc/systemd/resolved.conf.d dir | Dmitry Ilvokhin | |
| 2024-06-09 | Migrate to restart instead of reload for wgvpn | Dmitry Ilvokhin | |
| For the same reason restart is used in wgtor: there are `iptables` commands in `PostUp` and `PostDown` which are not running on reload. | |||
| 2024-06-09 | Add tor role | Dmitry Ilvokhin | |
| 2024-06-09 | Add wgtor role for Tor middlebox | Dmitry Ilvokhin | |
| 2024-06-01 | Migrate netfwd to systemd-sysctl | Dmitry Ilvokhin | |
| /etc/sysctl.conf doesn't work, see [1]. Intrestingly enough, I catched it only with system upgrade and reboot. Just reboot didn't catch it for some reason, or I didn't notice. [1]: https://wiki.archlinux.org/title/sysctl | |||
| 2024-05-27 | Remove semicolons from wgvpn config | Dmitry Ilvokhin | |
| 2024-05-27 | Add wgvpn role for WireGuard VPN | Dmitry Ilvokhin | |
| 2024-05-26 | Remove wgnet networkd files | Dmitry Ilvokhin | |
| 2024-05-26 | Move sysctl net forwarding to separate role | Dmitry Ilvokhin | |
| 2024-05-19 | Migrate away from networkd for wireguard | Dmitry Ilvokhin | |
| Migrate due to a bug [1], which wasn't fixed for some time. [1]: https://github.com/systemd/systemd/issues/25547 | |||
| 2024-05-19 | Wireguard overlay network setup | Dmitry Ilvokhin | |
| Need to migrate away from networkd, because it can't add new wireguard peers now out of the box without hacks. [1]: https://github.com/systemd/systemd/issues/25547 | |||
| 2024-05-06 | Add wireguard role | Dmitry Ilvokhin | |
| 2024-05-04 | Push public key from another laptop to servers | Dmitry Ilvokhin | |
| 2024-05-03 | Open git.ilvokhin.com to the world | Dmitry Ilvokhin | |
| 2024-05-03 | Init repositories as private by default | Dmitry Ilvokhin | |
| 2024-05-03 | Add clone URLs for repositories | Dmitry Ilvokhin | |
| 2024-05-03 | Do not export everything with git-daemon | Dmitry Ilvokhin | |
| We should export only repositories with git-daemon-export-ok file inside. | |||
| 2024-05-03 | Rename .htpasswd to htpasswd | Dmitry Ilvokhin | |
| 2024-05-03 | Add dots to comments | Dmitry Ilvokhin | |
| 2024-05-03 | List repositories explicitly instead of scan-path | Dmitry Ilvokhin | |
| This allowes to have private repositories on the same server. | |||
| 2024-04-26 | Remove favicon from cgit | Dmitry Ilvokhin | |
| We set root to /usr/share/webapps/cgit for cgit location. This directory contains favicon which served automatically. One way to stop it is to remove favicon, but every package update will bring it back in. So I just hardcoded into nginx config return code of 404 for favicon request to do not serve it. | |||
| 2024-04-26 | Fix indent in nginx config for cgit | Dmitry Ilvokhin | |
| 2024-04-20 | Use systemd service instead of service for certbot | Dmitry Ilvokhin | |
| To properly reload systemd in case of changes in unit file. | |||
| 2024-04-20 | Add paccache role to all hosts | Dmitry Ilvokhin | |