.env.example

@@ -19,6 +19,11 @@ TF_VAR_aws_region=
 TF_VAR_aws_access_key=
 TF_VAR_aws_secret_key=
 
+TF_VAR_contabo_client_id=
+TF_VAR_contabo_client_secret=
+TF_VAR_contabo_user=
+TF_VAR_contabo_pass=
+
 TF_VAR_hcloud_token=
 
 TF_VAR_healthchecksio_api_key=

modules/infrastructure/ovh.tf

@@ -52,10 +52,10 @@ resource "ovh_domain_zone_record" "tailscale_vpn" {
   target    = each.value.address
 }
 
-resource "ovh_domain_zone_record" "gpg_verify" {
+resource "ovh_domain_zone_record" "status_page_cname" {
   zone      = "serguzim.net"
-  subdomain = ""
+  subdomain = "status"
-  fieldtype = "TXT"
+  fieldtype = "CNAME"
   ttl       = 3600
-  target    = "openpgp4fpr:723B78C0BF8D8C721D2C4EEF41E544A54E2533B2"
+  target    = "status.serguzim.me."
 }

playbooks/filter_plugins/gatus.py

@@ -75,7 +75,6 @@ class FilterModule(object):
                     "group": mon.get("group"),
                     "url": url,
                     "conditions": conditions,
-                    "interval": mon.get("interval"),
                     "alerts": self.default_alerts,
                     "ui": {
                         "hide-url": True

playbooks/roles/backup/tasks/main.yml

@@ -35,3 +35,14 @@
       ansible.builtin.import_tasks: recovery.yml
     - name: Import tasks specific to systemd
       ansible.builtin.import_tasks: systemd.yml
+
+    - name: Verify service
+      ansible.builtin.command:
+        cmd: autorestic -v check
+        chdir: "{{ service_path }}"
+      changed_when: false
+      become: true
+      register: cmd_result_verify
+      until: "cmd_result_verify is not failed"
+      retries: 10
+      delay: 10

playbooks/roles/forgejo/templates/footer.tmpl.j2

@@ -1,2 +1 @@
 <script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
-<script async src="/_a/track-external.js"></script>

playbooks/roles/forgejo_runner/vars/main.yml

@@ -22,7 +22,6 @@ forgejo_runner_compose:
       docker-in-docker:
         image: docker:dind
         privileged: true
-        dns: 1.1.1.1
         restart: always
         command: dockerd -H tcp://0.0.0.0:2375 --tls=false
         networks:

playbooks/roles/homebox/vars/main.yml

@@ -14,7 +14,7 @@ homebox_env:
 
 homebox_compose:
   watchtower: update
-  image: ghcr.io/sysadminsmedia/homebox:0-rootless
+  image: ghcr.io/sysadminsmedia/homebox:latest-rootless
   volumes:
     - data:/data
   file:

playbooks/roles/umami/vars/main.yml

@@ -10,21 +10,6 @@ umami_docker_image: docker.umami.dev/umami-software/umami:postgresql-latest
 
 umami_svc:
   domain: "{{ all_services | service_get_domain(role_name) }}"
-  caddy_extra: |
-    handle /track-external.js {
-      header Content-Type text/javascript
-      respond <<JS
-        (() => {
-          const name = 'outbound-link-click';
-          document.querySelectorAll('a').forEach(a => {
-            if (a.host !== window.location.host && !a.getAttribute('data-umami-event')) {
-              a.setAttribute('data-umami-event', name);
-              a.setAttribute('data-umami-event-url', a.href);
-            }
-          });
-        })();
-        JS 200
-    }
   port: 3000
 
 umami_env:

playbooks/unlock-backup.yml

@@ -3,7 +3,7 @@
   hosts: serguzim_net
   become: true
   tasks:
-  - name: Unlock backups
+  - name: Change password
     ansible.builtin.shell:
       cmd: autorestic unlock --force && autorestic exec -va unlock
       chdir: "{{ (services_path, 'backup') | path_join }}"

playbooks/verify-backup-yml

@@ -1,15 +0,0 @@
----
-- name: Unlock backups
-  hosts: serguzim_net
-  become: true
-  tasks:
-  - name: Verify backup
-    ansible.builtin.command:
-      cmd: autorestic -v check
-      chdir: "{{ (services_path, 'backup') | path_join }}"
-    changed_when: false
-    become: true
-    register: cmd_result_verify
-    until: "cmd_result_verify is not failed"
-    retries: 10
-    delay: 10

templates/infrastructure.d2.j2

@@ -15,25 +15,16 @@ external: {
     }
 }
 
-classes: {
+{% for host in hosts %}
-    zero_grid: {
+{{ host.key }}: {
-        grid-columns: 3
-        grid-gap: 0
-    }
-    monitored: {
-        style: {
-            fill: "#1E9025"
-        }
-    }
-    backup: {
-        style: {
-            fill: "#0f0"
-        }
-    }
 }
 
-{% for host in hosts %}
+{{ host.key }}.backup -> external.restic {
-{{ host.key }}
+    style: {
+        stroke: "#0f0"
+        stroke-dash: 3
+    }
+}
 {% endfor %}{# host #}
 
 {% for svc in svcs %}
@@ -45,25 +36,32 @@ classes: {
 }
 
 {% for backup in svc.backup or [] %}
-{{ svc.key }}.'{{ backup.name }}'.class: backup
+{{ svc.key }} -> {{ svc.host_key }}.backup: {{ backup.name }} {
-{% endfor %}
+    style: {
+        stroke: "#0f0"
+        stroke-dash: 3
+    }
+}
+{% endfor %}{# backup #}
 
 {% if svc.monitoring %}
-{{ svc.key }}.monitored.class: monitored
+{{ monitoring_key }} -> {{ svc.key }}: {
+    style.stroke: "#1E9025"
+}
 {% endif %}
 
 {% if svc.database %}
 {{ svc.key }} -> {{ db_key }}: {
     style.stroke: "#336791"
 }
-{{ db_subkey }}.{{ svc.name }}
+{{ db_key }}.{{ svc.name }}
 {% endif %}
 
 {% if svc.auth %}
 {{ svc.key }} -> {{ auth_key }}: {
     style.stroke: "#FD4B2D"
 }
-{{ auth_subkey }}.{{ svc.name }}
+{{ auth_key }}.{{ svc.name }}
 {% endif %}
 
 {% if svc.s3 %}
@@ -80,11 +78,14 @@ external.scaleway.s3.{{ svc.name }}
 {{ svc.key }} -> {{ mail_key }}: {
     style.stroke: "#C9B81F"
 }
-{{ mail_subkey }}.{{ svc.name }}
+{{ mail_key }}.{{ svc.name }}
 {% endif %}
 
 {% endfor %}{# svc #}
 
 {% for svc in grid_svcs %}
-{{ svc }}.class: zero_grid
+{{ svc }}: {
+    grid-columns: 3
+    grid-gap: 0
+}
 {% endfor %}

variables.tf

@@ -148,7 +148,6 @@ variable "services" {
     monitoring = optional(object({
       url   = optional(string)
       group = optional(string)
-      interval = optional(string)
       conditions = optional(list(string))
     }))
     ports = optional(list(object({

visualize.py

@@ -11,7 +11,6 @@ icon_overrides = {
     "backup": "restic",
     "dokku": None,
     "extra_services": None,
-    "factorio": None,
     "forgejo_runner": "forgejo",
     "healthcheck": "healthchecks",
     "lego": "lets-encrypt",
@@ -97,21 +96,20 @@ if __name__ == '__main__':
     with open('./services.auto.tfvars', 'r') as file:
         services = hcl2.load(file)["services"][0]
 
-    keys = {}
+    db_key = service_key_find("postgresql", services, hosts)
-    keys["db_key"] = service_key_find("postgresql", services, hosts)
+    auth_key = service_key_find("authentik", services, hosts)
-    keys["db_subkey"] = f"{keys["db_key"]}.dbs"
+    monitoring_key = service_key_find("gatus", services, hosts)
-    keys["auth_key"] = service_key_find("authentik", services, hosts)
+    mail_key = service_key_find("mailcowdockerized", services, hosts)
-    keys["auth_subkey"] = f"{keys["auth_key"]}.apps"
-    keys["mail_key"] = service_key_find("mailcowdockerized", services, hosts)
-    keys["mail_subkey"] = f"{keys["mail_key"]}.mailboxes"
-    keys["monitoring_key"] = service_key_find("gatus", services, hosts)
 
     jinja_loader = jinja2.FileSystemLoader(searchpath="./templates")
     jinja_env = jinja2.Environment(loader=jinja_loader)
     template = jinja_env.get_template("infrastructure.d2.j2")
     print(template.render(
-        grid_svcs=[keys["db_subkey"], keys["auth_subkey"], keys["mail_subkey"]],
+        grid_svcs=[db_key, auth_key, mail_key],
         svcs=parse_services(services, hosts),
         hosts=parse_hosts(hosts),
-        **keys
+        db_key=db_key,
+        auth_key=auth_key,
+        monitoring_key=monitoring_key,
+        mail_key=mail_key,
     ))