aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
...
* Add tag for rolling out service scriptsGravatar Johannes Christ2024-09-03-0/+2
|
* Update variable reference for Fredrick vacation scriptGravatar Johannes Christ2024-09-03-1/+1
|
* Have Fredrick's vacation tool CC in DevOpsGravatar Johannes Christ2024-09-03-2/+1
|
* Add transport rules for FredrickGravatar Joe Banks2024-09-03-0/+5
|
* Add Fredrick API handler scriptGravatar Joe Banks2024-09-03-0/+54
|
* Add variables for Fredrick APIGravatar Joe Banks2024-09-03-7/+12
|
* Migrate service scripts from files to templatesGravatar Joe Banks2024-09-03-5/+17
|
* Treat NGINX responses as UTF-8Gravatar Joe Banks2024-09-02-0/+19
| | | | | | | | | Some sites that had non-ASCII characters rendered weirdly because our NGINX configuration was not returning a default charset and so rendering was being left up to browser/standards defaults. This change adds a new config file to /etc/nginx/conf.d/ which forces responses to be interpreted as/transformed to UTF-8.
* Raise time threshold for 4xx alertsGravatar Johannes Christ2024-09-01-1/+1
| | | | | | At present we get plenty of unactionable, flapping alarms. So far, they have shown us nothing of value. Raise the time consecutive errors need to be seen before we alert.
* Pleasure the style dictatorGravatar Johannes Christ2024-09-01-1/+2
| | | | | See https://github.com/python-discord/infra/pull/524#issuecomment-2323385510.
* Install Galaxy dependencies in CI with cacheGravatar Joe Banks2024-09-01-1/+11
|
* Update Ansible lint config to ignore Jinja spacing ruleGravatar Joe Banks2024-09-01-0/+2
| | | | | Also ignore the promethues-postgres-exporter which is a submodule and is not subject to our lint rules
* Update git checkouts in Ansible lint CI stageGravatar Joe Banks2024-09-01-1/+8
|
* Override runtime directory permissionsGravatar Johannes Christ2024-09-01-0/+23
|
* Swap saslauthd to mount outside of postfixGravatar Johannes Christ2024-09-01-2/+5
| | | | Closes #474.
* Add missing task for sasl roleGravatar Johannes Christ2024-09-01-0/+10
|
* Update dependency mkdocs-material to v9.5.34Gravatar renovate[bot]2024-09-01-3/+3
| | | | | | | datasource | package | from | to | | ---------- | --------------- | ------ | ------ | | pypi | mkdocs-material | 9.5.33 | 9.5.34 |
* noqa variable naming on dmarc_metrics_exporter taskGravatar Joe Banks2024-08-31-8/+7
|
* Skip ansible lint on DMARC metrics exporter roleGravatar Joe Banks2024-08-31-0/+1
|
* Explicitly set become: true on DMARC sieve compilation handlerGravatar Joe Banks2024-08-31-0/+1
|
* Use --unsafe in check-yaml pre-commit filterGravatar Joe Banks2024-08-31-1/+1
| | | | | This performs a syntax check instead of attempting a load to prevent unresolvable tags (i.e. Ansible's `!vault`) from kicking up errors.
* Add DMARC exporter to Prometheus scrape targetsGravatar Joe Banks2024-08-31-0/+7
|
* Run DMARC inbox setup and dmarc_metrics_exporter role on mail hostsGravatar Joe Banks2024-08-31-0/+25
|
* Add tasks to template and enable DMARC inbox sieve filterGravatar Joe Banks2024-08-31-0/+39
|
* Add new DMARC inbox sieve filterGravatar Joe Banks2024-08-31-0/+7
|
* Add dmarc_metrics_exporter role requirementGravatar Joe Banks2024-08-31-0/+4
|
* Update munin-node config template to allow scraping from any hostGravatar Joe Banks2024-08-30-1/+8
|
* Add scraping config to munin master against all Ansible hostsGravatar Joe Banks2024-08-30-4/+8
|
* Create a new firewalld zone for Wireguard interface on Rocky hostsGravatar Joe Banks2024-08-30-0/+19
|
* Setup firewall rule for Rocky hosts in munin-nodeGravatar Joe Banks2024-08-30-0/+12
|
* Add Munin port 4949 to wireguard allow list for nftables hostsGravatar Joe Banks2024-08-30-0/+3
|
* Add new firewalld role for shared reload handlerGravatar Joe Banks2024-08-30-0/+6
|
* Add standalone munin-node roleGravatar Johannes Christ2024-08-30-90/+105
|
* Update templated WireGuard configGravatar Joe Banks2024-08-30-1/+2
| | | | | Include a missing PreDown task to remove the local routes we add as well as including all hosts in the inventory instead of just netcup hosts.
* Set packages to install for Wireguard by distributionGravatar Joe Banks2024-08-30-7/+11
|
* Move wireguard role to run on all hostsGravatar Joe Banks2024-08-30-1/+1
|
* Add Wireguard subnet to ldap01Gravatar Joe Banks2024-08-30-0/+1
|
* Implement dovecot mail plugin, configure limitsGravatar Johannes Christ2024-08-30-73/+165
| | | | | | | | | This also moves custom plugins into the `roles/munin/templates/plugins` directory, which should hopefully be easier to maintain than the existing inline dictionary. The only issue is that now it is a bit harder to deal with the filepaths. This change has already been deployed.
* Update dependency ruff to v0.6.3Gravatar renovate[bot]2024-08-30-21/+21
| | | | | | | datasource | package | from | to | | ---------- | ------- | ----- | ----- | | pypi | ruff | 0.6.2 | 0.6.3 |
* Feed Dovecot maildir stats into PrometheusGravatar Johannes Christ2024-08-30-1/+95
| | | | | | | | | | | | | | | | Already deployed on lovelace. I was going to leave out script deployment and just write it inline, but YAML folding of long lines (and unreadability of 200 column-wide AWk scripts, to be honest) made it a bit bad. The e-mail for DevOps cron failure reports is updated to include `+cron` to allow for client-side filtering, if necessary. To test: `ssh -L localhost:9090:localhost:9090 lovelace.box.pydis.wtf`, then check out the `dovecot_` variables in the UI. We might want to further check out Dovecot's built-in statistics support, see https://doc.dovecot.org/2.3/configuration_manual/stats/.
* Recommend CLI & GUI sieve clientsGravatar Johannes Christ2024-08-30-5/+5
| | | | As suggested by Joe.
* Remove unnecessary & faulty LDAP user attribute mappingGravatar Joe Banks2024-08-30-1/+1
|
* Change templating of user mail_homeGravatar Joe Banks2024-08-30-1/+1
|
* Make spam learning pipe scripts world readable/executableGravatar Joe Banks2024-08-30-1/+1
|
* Separate mail users by their UIDGravatar Johannes Christ2024-08-30-3/+10
| | | | | Directories under /var/vmail are no longer all owned by `vmail`, but instead `$ldap_uid:vmail`.
* ManageSieve for EveryoneGravatar Johannes Christ2024-08-30-15/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | A spectre is haunting Python Discord -- the spectre of proprietary mail filtering programs. All the Powers of Big Mail have entered into a holy alliance to exorcise this spectre: Outlook and GMail, Yahoo and Zoho, AOL adn iCloud. Where is the open protocol in opposition that has not been decried as unprofessional, free and open source by its opponents in power? Where is the Opposition that has not hurled back the branding reproach of Internet Standards, against the more advanced opposition protocols, as well as against its reactionary adversaries? Two things result from this fact. I. Sieve is already standardized as a protocol via the IETF. II. It is high time that Python Discord users should openly, in the face of the TLS-encrypted internet, filter their notifications, their love letters, their mailing lists, and meet this nursery tale of the Spectre of ManageSieve with a Manifesto of Python Discord Devops itself. To this end, ManageSieve users of various nationalities have assembled on jitsi.pydis.wtf, and sketched the following commit, to be published on the lovelace Python Discord e-mail service.
* Show status code in nginx alertsGravatar Johannes Christ2024-08-29-4/+4
|
* Compile prevent-duplicates.sieve script to sieve-after filter directoryGravatar Joe Banks2024-08-29-0/+16
|
* Add duplicate prevention sieve scriptGravatar Joe Banks2024-08-29-0/+9
|
* Bad Bank Working DayGravatar Johannes Christ2024-08-29-2/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-19 22:07:17 +0000