| Age | Commit message (Collapse) | Author |
|---|
|
|
|
openbsd-netcat required as dependency for cloud-init.
|
|
GNU Screen does not support colors specification as letters anymore.
Here is relevant quote from manpage:
> The old format of specifying colors by letters (k,r,g,y,b,m,c,w) is
> now deprecated.
And by deprecated they mean doesn't work anymore.
Unfortunately, macOS ships screen version 4.00.03 and I couldn't figure
out a way to have screenrc syntax to work on both 5.0 and 4.0 versions
at the same time.
One more problem is `screen --version` changed return code, so even code
for checking if screen is installed at all doesn't work anymore. Need
to figure out a proper way forward. For now I just installed screen
version 5.0.0 from homebrew to fix macOS setup and at the same time make
Linux machines happy as well.
|
|
|
|
|
|
|
|
|
|
Seems quotes in YAML is a mess.
Official guidelines (see explanation here [1]) are following.
1. If you can get away without quotes, do not use them.
2. Use single quotes if you need quotes.
3. Use double quotes if you can't use single quotes for some reason.
Common reason for double quotes in this repository is line breaks for
long lines and control characters (\n, \t) in replacement patterns.
Hope, I didn't break anything.
Tested with following commands, because there are no changes in others.
$ ansible-playbook dotfiles.yml
$ ansible-playbook master.yml
[1]: https://stackoverflow.com/a/69850618/1313516
|
|
|
|
Otherwise tor could not bind ports on wgtor0 ip addresses as it wasn't
up yet.
|
|
|
|
Playbook sysupgrade.yml is a attempt to do automatic full system
upgrade. Currently logic is completely automated for happy path.
1. Shutdown machine.
2. Take snapshot from the machine.
3. Power on machine back.
4. Update archlinux-keyring.
5. Upgrade everything.
6. Reboot.
If something is working, then we are done. Otherwise, restore from
snapshot manually and try to figure out what went wrong.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For the same reason restart is used in wgtor: there are `iptables`
commands in `PostUp` and `PostDown` which are not running on reload.
|
|
|
|
|
|
/etc/sysctl.conf doesn't work, see [1]. Intrestingly enough, I catched
it only with system upgrade and reboot. Just reboot didn't catch it for
some reason, or I didn't notice.
[1]: https://wiki.archlinux.org/title/sysctl
|
|
|
|
|
|
|
|
|
|
Migrate due to a bug [1], which wasn't fixed for some time.
[1]: https://github.com/systemd/systemd/issues/25547
|
|
Need to migrate away from networkd, because it can't add new wireguard
peers now out of the box without hacks.
[1]: https://github.com/systemd/systemd/issues/25547
|
|
|
|
|
|
|
|
|
|
|
|
We should export only repositories with git-daemon-export-ok file
inside.
|
|
|
|
|
|
This allowes to have private repositories on the same server.
|
|
We set root to /usr/share/webapps/cgit for cgit location. This directory
contains favicon which served automatically. One way to stop it is to
remove favicon, but every package update will bring it back in.
So I just hardcoded into nginx config return code of 404 for favicon
request to do not serve it.
|
|
|
|
To properly reload systemd in case of changes in unit file.
|
|
|
|
|
|
|
|
|
|
Currently, we obtain certificates from Let's Encrypt with standalone
mode, so when we do renew, certbot tries to run it is own webserver on
port 80, but this port is already in use by nginx.
Stop nginx, before renewal. This is quite hacky, but should work. Proper
solution is to split certificate role by standalone and non-standalone
versions.
|
|
Enable submission to send mail.
|
|
Postfix can start without dovecot, but dovecot can't without postfix,
because it uses postfix user to create unix socket.
|