# HG changeset patch
# User Luke Hoersten <luke@hoersten.org>
# Date 1774322556 18000
# Node ID 3542951a98cb8127637a02912ba099f2ce7c3aaf
# Parent  c3d1236b6c090303cf0841f99fb1f009033d5e1f
Fixed log rotation and log2ram sizing.

diff -r c3d1236b6c09 -r 3542951a98cb adguard-home/templates/AdGuardHome.service.j2
--- a/adguard-home/templates/AdGuardHome.service.j2	Mon Mar 23 22:22:19 2026 -0500
+++ b/adguard-home/templates/AdGuardHome.service.j2	Mon Mar 23 22:22:36 2026 -0500
@@ -9,8 +9,6 @@
 
 WorkingDirectory={{adguard_home_data_dir}}
 
-StandardOutput=file:/var/log/AdGuardHome.out
-StandardError=file:/var/log/AdGuardHome.err
 Restart=always
 RestartSec=10
 EnvironmentFile=-/etc/sysconfig/AdGuardHome
diff -r c3d1236b6c09 -r 3542951a98cb dendrite/server/templates/nginx.conf.j2
--- a/dendrite/server/templates/nginx.conf.j2	Mon Mar 23 22:22:19 2026 -0500
+++ b/dendrite/server/templates/nginx.conf.j2	Mon Mar 23 22:22:36 2026 -0500
@@ -1,3 +1,5 @@
+limit_req_zone $binary_remote_addr zone=dendrite_reg:10m rate=2r/m;
+
 server {
     listen 80;
     server_name {{nginx_server_name}};
@@ -36,6 +38,11 @@
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout                 600;
 
+    location ~* ^/_matrix/client/[^/]+/register {
+        limit_req zone=dendrite_reg burst=3 nodelay;
+        proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
+    }
+
     location /_matrix {
         proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
     }
diff -r c3d1236b6c09 -r 3542951a98cb ergo/defaults/main.yaml
--- a/ergo/defaults/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/defaults/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -7,4 +7,6 @@
 ergo_tar_name: "ergo-{{ergo_version}}-linux-{{ergo_arch}}"
 ergo_tar: "{{ergo_tar_name}}.tar.gz"
 ergo_url: "https://github.com/ergochat/ergo/releases/download/v{{ergo_version}}/{{ergo_tar}}"
+ergo_run_dir: "/var/ergo"
+ergo_data_dir: "/var/ergo"
 ergo_force_nick_equals_account: false
diff -r c3d1236b6c09 -r 3542951a98cb ergo/files/ergo.service
--- a/ergo/files/ergo.service	Mon Mar 23 22:22:19 2026 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-[Unit]
-Description=ergo
-#After=network.target
-# If you are using MySQL for history storage, comment out the above line
-# and uncomment these two instead (you must independently install and configure
-# MySQL for your system):
-Wants=mysql.service
-After=network.target mysql.service
-
-[Service]
-Type=simple
-User=ergo
-WorkingDirectory=/var/ergo
-ExecStart=/usr/local/bin/ergo run --conf /etc/ergo/config.yaml
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-LimitNOFILE=1048576
-
-[Install]
-WantedBy=multi-user.target
diff -r c3d1236b6c09 -r 3542951a98cb ergo/tasks/main.yaml
--- a/ergo/tasks/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/tasks/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -26,14 +26,15 @@
 - name: create ergo dirs
   become: yes
   file:
-    path: "{{item}}/ergo"
+    path: "{{item}}"
     owner: "ergo"
     group: "ergo"
     mode: "0755"
     state: "directory"
   loop:
-    - "/etc"
-    - "/var"
+    - "/etc/ergo"
+    - "{{ergo_run_dir}}"
+    - "{{ergo_data_dir}}"
 
 - name: configure ergo
   become: yes
@@ -54,8 +55,8 @@
 
 - name: install ergo service
   become: yes
-  copy:
-    src: "ergo.service"
+  template:
+    src: "ergo.service.j2"
     dest: "/lib/systemd/system/ergo.service"
     mode: "0644"
   notify: restart ergo
diff -r c3d1236b6c09 -r 3542951a98cb ergo/templates/config.yaml.j2
--- a/ergo/templates/config.yaml.j2	Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/templates/config.yaml.j2	Mon Mar 23 22:22:36 2026 -0500
@@ -58,7 +58,7 @@
         #         proxy: false
 
         # Example of a Unix domain socket for proxying:
-        "/var/ergo/socket":
+        "{{ergo_run_dir}}/socket":
 
         # Example of a Tor listener: any connection that comes in on this listener will
         # be considered a Tor connection. It is strongly recommended that this listener
@@ -288,7 +288,7 @@
     # ergo will write files to disk under certain circumstances, e.g.,
     # CPU profiling or data export. by default, these files will be written
     # to the working directory. set this to customize:
-    output-path: "/var/ergo"
+    output-path: "{{ergo_run_dir}}"
 
 # account options
 accounts:
@@ -685,7 +685,7 @@
 # datastore configuration
 datastore:
     # path to the datastore
-    path: "/var/ergo/ergo.db"
+    path: "{{ergo_data_dir}}/ergo.db"
 
     # if the database schema requires an upgrade, `autoupgrade` will attempt to
     # perform it automatically on startup. the database will be backed
diff -r c3d1236b6c09 -r 3542951a98cb ergo/templates/ergo.service.j2
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ergo/templates/ergo.service.j2	Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,20 @@
+[Unit]
+Description=ergo
+#After=network.target
+# If you are using MySQL for history storage, comment out the above line
+# and uncomment these two instead (you must independently install and configure
+# MySQL for your system):
+Wants=mysql.service
+After=network.target mysql.service
+
+[Service]
+Type=simple
+User=ergo
+WorkingDirectory={{ergo_run_dir}}
+ExecStart=/usr/local/bin/ergo run --conf /etc/ergo/config.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
diff -r c3d1236b6c09 -r 3542951a98cb ergo/templates/nginx.conf.j2
--- a/ergo/templates/nginx.conf.j2	Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/templates/nginx.conf.j2	Mon Mar 23 22:22:36 2026 -0500
@@ -1,6 +1,6 @@
 server {
       listen 6697 ssl;
-      proxy_pass unix:/var/ergo/socket;
+      proxy_pass unix:{{ergo_run_dir}}/socket;
       proxy_protocol on;
 
       ssl_certificate {{nginx_ssl_cert}};
diff -r c3d1236b6c09 -r 3542951a98cb jellyfin/defaults/main.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jellyfin/defaults/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,3 @@
+---
+
+jellyfin_data_dir: "/var/lib/jellyfin"
diff -r c3d1236b6c09 -r 3542951a98cb jellyfin/tasks/main.yaml
--- a/jellyfin/tasks/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/jellyfin/tasks/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -23,6 +23,24 @@
   apt: name="jellyfin"
   notify: restart jellyfin service
 
+- name: create jellyfin data dir
+  become: yes
+  file:
+    path: "{{jellyfin_data_dir}}"
+    state: "directory"
+    owner: "jellyfin"
+    group: "jellyfin"
+    mode: "0755"
+
+- name: configure jellyfin data dir
+  become: yes
+  lineinfile:
+    path: "/etc/jellyfin/jellyfin"
+    regexp: "^JELLYFIN_DATA_DIR="
+    line: "JELLYFIN_DATA_DIR={{jellyfin_data_dir}}"
+    create: yes
+  notify: restart jellyfin service
+
 - name: ensure jellyfin service is running
   become: yes
   systemd: name="jellyfin.service" state="started" daemon_reload="yes"
diff -r c3d1236b6c09 -r 3542951a98cb rpi-base/files/journald.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/files/journald.conf	Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,2 @@
+[Journal]
+SystemMaxUse=100M
diff -r c3d1236b6c09 -r 3542951a98cb rpi-base/files/logrotate.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/files/logrotate.conf	Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,11 @@
+# Sized to fit within log2ram's RAM disk.
+# Defaults: daily, 7 rotations, compress immediately, max 50M per log.
+# Worst case per log: 50M active + 7 x compressed ~ 100M
+
+daily
+su root adm
+rotate 7
+maxsize 50M
+create
+compress
+include /etc/logrotate.d
diff -r c3d1236b6c09 -r 3542951a98cb rpi-base/handlers/main.yaml
--- a/rpi-base/handlers/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/rpi-base/handlers/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -3,3 +3,7 @@
 - name: restart log2ram service
   systemd: name="log2ram" state="restarted" daemon_reload="yes"
   become: yes
+
+- name: restart journald
+  systemd: name="systemd-journald" state="restarted"
+  become: yes
diff -r c3d1236b6c09 -r 3542951a98cb rpi-base/tasks/main.yaml
--- a/rpi-base/tasks/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/rpi-base/tasks/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -40,6 +40,15 @@
   become: yes
   copy: src="20auto-upgrades" dest="/etc/apt/apt.conf.d/20auto-upgrades"
 
+- name: configure logrotate
+  become: yes
+  copy: src="logrotate.conf" dest="/etc/logrotate.conf"
+
+- name: configure journald max size
+  become: yes
+  copy: src="journald.conf" dest="/etc/systemd/journald.conf"
+  notify: restart journald
+
 - name: configure log2ram disk size
   become: yes
   lineinfile:
diff -r c3d1236b6c09 -r 3542951a98cb scrypted/tasks/main.yaml
--- a/scrypted/tasks/main.yaml	Mon Mar 23 22:22:19 2026 -0500
+++ b/scrypted/tasks/main.yaml	Mon Mar 23 22:22:36 2026 -0500
@@ -1,13 +1,24 @@
 ---
 
+- name: add docker apt key
+  become: yes
+  get_url:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    dest: "/etc/apt/trusted.gpg.d/docker.asc"
+    mode: "0644"
+
+- name: add docker apt repo
+  become: yes
+  apt_repository: repo="deb [arch=arm64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/ubuntu noble stable"
+
+- name: install docker apt packages
+  become: yes
+  apt: name="docker-ce" update_cache="yes"
+
 - name: add scrypted user
   become: yes
   user: name="scrypted" shell="/bin/false" system="yes" create_home="no" groups="docker"
 
-- name: install docker apt packages
-  become: yes
-  apt: name="docker-ce"
-
 - name: make scrypted dir
   become: yes
   file: