Fixed log rotation and log2ram sizing.
--- a/adguard-home/templates/AdGuardHome.service.j2 Mon Mar 23 22:22:19 2026 -0500
+++ b/adguard-home/templates/AdGuardHome.service.j2 Mon Mar 23 22:22:36 2026 -0500
@@ -9,8 +9,6 @@
WorkingDirectory={{adguard_home_data_dir}}
-StandardOutput=file:/var/log/AdGuardHome.out
-StandardError=file:/var/log/AdGuardHome.err
Restart=always
RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome
--- a/dendrite/server/templates/nginx.conf.j2 Mon Mar 23 22:22:19 2026 -0500
+++ b/dendrite/server/templates/nginx.conf.j2 Mon Mar 23 22:22:36 2026 -0500
@@ -1,3 +1,5 @@
+limit_req_zone $binary_remote_addr zone=dendrite_reg:10m rate=2r/m;
+
server {
listen 80;
server_name {{nginx_server_name}};
@@ -36,6 +38,11 @@
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
+ location ~* ^/_matrix/client/[^/]+/register {
+ limit_req zone=dendrite_reg burst=3 nodelay;
+ proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
+ }
+
location /_matrix {
proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
}
--- a/ergo/defaults/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/defaults/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -7,4 +7,6 @@
ergo_tar_name: "ergo-{{ergo_version}}-linux-{{ergo_arch}}"
ergo_tar: "{{ergo_tar_name}}.tar.gz"
ergo_url: "https://github.com/ergochat/ergo/releases/download/v{{ergo_version}}/{{ergo_tar}}"
+ergo_run_dir: "/var/ergo"
+ergo_data_dir: "/var/ergo"
ergo_force_nick_equals_account: false
--- a/ergo/files/ergo.service Mon Mar 23 22:22:19 2026 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-[Unit]
-Description=ergo
-#After=network.target
-# If you are using MySQL for history storage, comment out the above line
-# and uncomment these two instead (you must independently install and configure
-# MySQL for your system):
-Wants=mysql.service
-After=network.target mysql.service
-
-[Service]
-Type=simple
-User=ergo
-WorkingDirectory=/var/ergo
-ExecStart=/usr/local/bin/ergo run --conf /etc/ergo/config.yaml
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-LimitNOFILE=1048576
-
-[Install]
-WantedBy=multi-user.target
--- a/ergo/tasks/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/tasks/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -26,14 +26,15 @@
- name: create ergo dirs
become: yes
file:
- path: "{{item}}/ergo"
+ path: "{{item}}"
owner: "ergo"
group: "ergo"
mode: "0755"
state: "directory"
loop:
- - "/etc"
- - "/var"
+ - "/etc/ergo"
+ - "{{ergo_run_dir}}"
+ - "{{ergo_data_dir}}"
- name: configure ergo
become: yes
@@ -54,8 +55,8 @@
- name: install ergo service
become: yes
- copy:
- src: "ergo.service"
+ template:
+ src: "ergo.service.j2"
dest: "/lib/systemd/system/ergo.service"
mode: "0644"
notify: restart ergo
--- a/ergo/templates/config.yaml.j2 Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/templates/config.yaml.j2 Mon Mar 23 22:22:36 2026 -0500
@@ -58,7 +58,7 @@
# proxy: false
# Example of a Unix domain socket for proxying:
- "/var/ergo/socket":
+ "{{ergo_run_dir}}/socket":
# Example of a Tor listener: any connection that comes in on this listener will
# be considered a Tor connection. It is strongly recommended that this listener
@@ -288,7 +288,7 @@
# ergo will write files to disk under certain circumstances, e.g.,
# CPU profiling or data export. by default, these files will be written
# to the working directory. set this to customize:
- output-path: "/var/ergo"
+ output-path: "{{ergo_run_dir}}"
# account options
accounts:
@@ -685,7 +685,7 @@
# datastore configuration
datastore:
# path to the datastore
- path: "/var/ergo/ergo.db"
+ path: "{{ergo_data_dir}}/ergo.db"
# if the database schema requires an upgrade, `autoupgrade` will attempt to
# perform it automatically on startup. the database will be backed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ergo/templates/ergo.service.j2 Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,20 @@
+[Unit]
+Description=ergo
+#After=network.target
+# If you are using MySQL for history storage, comment out the above line
+# and uncomment these two instead (you must independently install and configure
+# MySQL for your system):
+Wants=mysql.service
+After=network.target mysql.service
+
+[Service]
+Type=simple
+User=ergo
+WorkingDirectory={{ergo_run_dir}}
+ExecStart=/usr/local/bin/ergo run --conf /etc/ergo/config.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
--- a/ergo/templates/nginx.conf.j2 Mon Mar 23 22:22:19 2026 -0500
+++ b/ergo/templates/nginx.conf.j2 Mon Mar 23 22:22:36 2026 -0500
@@ -1,6 +1,6 @@
server {
listen 6697 ssl;
- proxy_pass unix:/var/ergo/socket;
+ proxy_pass unix:{{ergo_run_dir}}/socket;
proxy_protocol on;
ssl_certificate {{nginx_ssl_cert}};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jellyfin/defaults/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,3 @@
+---
+
+jellyfin_data_dir: "/var/lib/jellyfin"
--- a/jellyfin/tasks/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/jellyfin/tasks/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -23,6 +23,24 @@
apt: name="jellyfin"
notify: restart jellyfin service
+- name: create jellyfin data dir
+ become: yes
+ file:
+ path: "{{jellyfin_data_dir}}"
+ state: "directory"
+ owner: "jellyfin"
+ group: "jellyfin"
+ mode: "0755"
+
+- name: configure jellyfin data dir
+ become: yes
+ lineinfile:
+ path: "/etc/jellyfin/jellyfin"
+ regexp: "^JELLYFIN_DATA_DIR="
+ line: "JELLYFIN_DATA_DIR={{jellyfin_data_dir}}"
+ create: yes
+ notify: restart jellyfin service
+
- name: ensure jellyfin service is running
become: yes
systemd: name="jellyfin.service" state="started" daemon_reload="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/files/journald.conf Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,2 @@
+[Journal]
+SystemMaxUse=100M
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/files/logrotate.conf Mon Mar 23 22:22:36 2026 -0500
@@ -0,0 +1,11 @@
+# Sized to fit within log2ram's RAM disk.
+# Defaults: daily, 7 rotations, compress immediately, max 50M per log.
+# Worst case per log: 50M active + 7 x compressed ~ 100M
+
+daily
+su root adm
+rotate 7
+maxsize 50M
+create
+compress
+include /etc/logrotate.d
--- a/rpi-base/handlers/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/rpi-base/handlers/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -3,3 +3,7 @@
- name: restart log2ram service
systemd: name="log2ram" state="restarted" daemon_reload="yes"
become: yes
+
+- name: restart journald
+ systemd: name="systemd-journald" state="restarted"
+ become: yes
--- a/rpi-base/tasks/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/rpi-base/tasks/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -40,6 +40,15 @@
become: yes
copy: src="20auto-upgrades" dest="/etc/apt/apt.conf.d/20auto-upgrades"
+- name: configure logrotate
+ become: yes
+ copy: src="logrotate.conf" dest="/etc/logrotate.conf"
+
+- name: configure journald max size
+ become: yes
+ copy: src="journald.conf" dest="/etc/systemd/journald.conf"
+ notify: restart journald
+
- name: configure log2ram disk size
become: yes
lineinfile:
--- a/scrypted/tasks/main.yaml Mon Mar 23 22:22:19 2026 -0500
+++ b/scrypted/tasks/main.yaml Mon Mar 23 22:22:36 2026 -0500
@@ -1,13 +1,24 @@
---
+- name: add docker apt key
+ become: yes
+ get_url:
+ url: "https://download.docker.com/linux/ubuntu/gpg"
+ dest: "/etc/apt/trusted.gpg.d/docker.asc"
+ mode: "0644"
+
+- name: add docker apt repo
+ become: yes
+ apt_repository: repo="deb [arch=arm64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/ubuntu noble stable"
+
+- name: install docker apt packages
+ become: yes
+ apt: name="docker-ce" update_cache="yes"
+
- name: add scrypted user
become: yes
user: name="scrypted" shell="/bin/false" system="yes" create_home="no" groups="docker"
-- name: install docker apt packages
- become: yes
- apt: name="docker-ce"
-
- name: make scrypted dir
become: yes
file: