From a500e0ece46d5c0d3047b2c3dd0a02c44723562a Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 1 Nov 2025 22:28:43 -0500 Subject: [PATCH 1/5] hosts: Decommission dc-headphone.p.b _dc-headphone.pyrocufflink.blue_ has been replaced by _dc-backless.pyrocufflink.blue_. --- hosts | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts b/hosts index 4cc43a9..34138c5 100644 --- a/hosts +++ b/hosts @@ -183,7 +183,6 @@ pxe0.pyrocufflink.blue cloud0.pyrocufflink.blue db0.pyrocufflink.blue dc-grumbly.pyrocufflink.blue -dc-headphone.pyrocufflink.blue file0.pyrocufflink.blue git0.pyrocufflink.blue haproxy0.pyrocufflink.blue @@ -231,7 +230,6 @@ unifi [samba-dc] dc-grumbly.pyrocufflink.blue -dc-headphone.pyrocufflink.blue [serterm] chromie.pyrocufflink.blue From 28ecc2974c90eb1f9e335abf3392dc3e588710d8 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 6 Nov 2025 09:44:22 -0600 Subject: [PATCH 2/5] fluent-bit: Remove Promtail --- fluent-bit.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/fluent-bit.yml b/fluent-bit.yml index 0cd3ec5..ba29bfb 100644 --- a/fluent-bit.yml +++ b/fluent-bit.yml @@ -4,3 +4,21 @@ roles: - role: fluent-bit tags: fluent-bit + tasks: + - block: + - name: ensure promtail service is not running + service: + name: promtail + state: stopped + ignore_errors: true + - name: ensure promtail service is not enabled + service: + name: promtail + enabled: false + ignore_errors: true + - name: ensure promtail is not installed + package: + name: promtail + state: absent + tags: + - remove-promtail From 4b91e088ea6024d2a84ecc82a5b1b395a71f9055 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 9 Nov 2025 13:23:02 -0600 Subject: [PATCH 3/5] r/apache: Reduce amount of logs stored There's really no reason to keep 4 256 MiB log files, especially access logs. In any case, most of the web servers only have 1 GiB log volume, so this configuration tends to fill them up. --- roles/apache/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/apache/defaults/main.yml b/roles/apache/defaults/main.yml index 7c10ece..68af109 100644 --- a/roles/apache/defaults/main.yml +++ b/roles/apache/defaults/main.yml @@ -1,6 +1,6 @@ apache_mpm: event -apache_keep_num_logs: 4 -apache_max_log_size: 256M +apache_keep_num_logs: 2 +apache_max_log_size: 64M apache_error_log: syslog:daemon apache_ssl_protocol: - all From 44c3dba46a35de54c8d49746b452c5f79329814f Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 12 Nov 2025 17:48:09 -0600 Subject: [PATCH 4/5] r/gitea: Update to v1.24.7 --- roles/gitea/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index f3d7a73..877e982 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,8 +1,8 @@ -gitea_version: 1.20.5 +gitea_version: 1.24.7 gitea_arch: '{{ _gitea_arch_map[ansible_architecture] }}' gitea_bin: gitea-{{ gitea_version }}-linux-{{ gitea_arch }} gitea_bin_sha256: >- - {{ _gitea_cksm_map[gitea_version][gitea_arch] }} + sha256:{{ gitea_download_url }}.sha256 gitea_download_url: >- https://dl.gitea.io/gitea/{{ gitea_version }}/{{ gitea_bin }} From fce060bdec795f21a28f985e0bbf2a6f7d2ceb6e Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 13 Nov 2025 18:40:52 -0600 Subject: [PATCH 5/5] r/ssh-host-certs: Fix circular dep in reload.path The `reload-ssh-cert.path` unit introduced a circular ordering dependency with `sshd.service` by way of `paths.target`. There's no particular reason for this dependency here, so we need to remove it to resolve the issue. --- roles/ssh-host-certs/files/reload-ssh-cert.path | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/ssh-host-certs/files/reload-ssh-cert.path b/roles/ssh-host-certs/files/reload-ssh-cert.path index f4fdb71..8488c99 100644 --- a/roles/ssh-host-certs/files/reload-ssh-cert.path +++ b/roles/ssh-host-certs/files/reload-ssh-cert.path @@ -1,6 +1,5 @@ [Unit] Description=Watch SSH Host certificates for renewal -After=sshd.service [Path] PathChanged=/etc/ssh/ssh_host_rsa_key-cert.pub