| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add the API key for gandi to the secrest, create a profile for acme with
my defaults.
The profile is loaded by tahoe since that's where our services are
running on.
Update all the servers in nginx to listen on their wireguard interface.
|
|
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
|
|
This will help to organize and structure monitoring modules a bit
better.
|
|
|
|
|
|
|
|
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.
Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I83952484f60206df215e8c03017cfe7722d32697
Reviewed-on: https://cl.fcuny.net/c/world/+/487
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
We don't need to backup log files for grafana and sourcegraph.
Change-Id: I8ed6f6ce1270a12233cad268bcd12e28ac2785cf
Reviewed-on: https://cl.fcuny.net/c/world/+/383
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
There's already something on port 3000.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Do a single backup for the host, instead of running multiple ones.
|
|
|
