aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
...
* Update munin-node config template to allow scraping from any hostGravatar Joe Banks2024-08-30-1/+8
|
* Add scraping config to munin master against all Ansible hostsGravatar Joe Banks2024-08-30-4/+8
|
* Create a new firewalld zone for Wireguard interface on Rocky hostsGravatar Joe Banks2024-08-30-0/+19
|
* Setup firewall rule for Rocky hosts in munin-nodeGravatar Joe Banks2024-08-30-0/+12
|
* Add Munin port 4949 to wireguard allow list for nftables hostsGravatar Joe Banks2024-08-30-0/+3
|
* Add new firewalld role for shared reload handlerGravatar Joe Banks2024-08-30-0/+6
|
* Add standalone munin-node roleGravatar Johannes Christ2024-08-30-90/+105
|
* Update templated WireGuard configGravatar Joe Banks2024-08-30-1/+2
| | | | | Include a missing PreDown task to remove the local routes we add as well as including all hosts in the inventory instead of just netcup hosts.
* Set packages to install for Wireguard by distributionGravatar Joe Banks2024-08-30-7/+11
|
* Move wireguard role to run on all hostsGravatar Joe Banks2024-08-30-1/+1
|
* Add Wireguard subnet to ldap01Gravatar Joe Banks2024-08-30-0/+1
|
* Implement dovecot mail plugin, configure limitsGravatar Johannes Christ2024-08-30-73/+165
| | | | | | | | | This also moves custom plugins into the `roles/munin/templates/plugins` directory, which should hopefully be easier to maintain than the existing inline dictionary. The only issue is that now it is a bit harder to deal with the filepaths. This change has already been deployed.
* Update dependency ruff to v0.6.3Gravatar renovate[bot]2024-08-30-21/+21
| | | | | | | datasource | package | from | to | | ---------- | ------- | ----- | ----- | | pypi | ruff | 0.6.2 | 0.6.3 |
* Feed Dovecot maildir stats into PrometheusGravatar Johannes Christ2024-08-30-1/+95
| | | | | | | | | | | | | | | | Already deployed on lovelace. I was going to leave out script deployment and just write it inline, but YAML folding of long lines (and unreadability of 200 column-wide AWk scripts, to be honest) made it a bit bad. The e-mail for DevOps cron failure reports is updated to include `+cron` to allow for client-side filtering, if necessary. To test: `ssh -L localhost:9090:localhost:9090 lovelace.box.pydis.wtf`, then check out the `dovecot_` variables in the UI. We might want to further check out Dovecot's built-in statistics support, see https://doc.dovecot.org/2.3/configuration_manual/stats/.
* Recommend CLI & GUI sieve clientsGravatar Johannes Christ2024-08-30-5/+5
| | | | As suggested by Joe.
* Remove unnecessary & faulty LDAP user attribute mappingGravatar Joe Banks2024-08-30-1/+1
|
* Change templating of user mail_homeGravatar Joe Banks2024-08-30-1/+1
|
* Make spam learning pipe scripts world readable/executableGravatar Joe Banks2024-08-30-1/+1
|
* Separate mail users by their UIDGravatar Johannes Christ2024-08-30-3/+10
| | | | | Directories under /var/vmail are no longer all owned by `vmail`, but instead `$ldap_uid:vmail`.
* ManageSieve for EveryoneGravatar Johannes Christ2024-08-30-15/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | A spectre is haunting Python Discord -- the spectre of proprietary mail filtering programs. All the Powers of Big Mail have entered into a holy alliance to exorcise this spectre: Outlook and GMail, Yahoo and Zoho, AOL adn iCloud. Where is the open protocol in opposition that has not been decried as unprofessional, free and open source by its opponents in power? Where is the Opposition that has not hurled back the branding reproach of Internet Standards, against the more advanced opposition protocols, as well as against its reactionary adversaries? Two things result from this fact. I. Sieve is already standardized as a protocol via the IETF. II. It is high time that Python Discord users should openly, in the face of the TLS-encrypted internet, filter their notifications, their love letters, their mailing lists, and meet this nursery tale of the Spectre of ManageSieve with a Manifesto of Python Discord Devops itself. To this end, ManageSieve users of various nationalities have assembled on jitsi.pydis.wtf, and sketched the following commit, to be published on the lovelace Python Discord e-mail service.
* Show status code in nginx alertsGravatar Johannes Christ2024-08-29-4/+4
|
* Compile prevent-duplicates.sieve script to sieve-after filter directoryGravatar Joe Banks2024-08-29-0/+16
|
* Add duplicate prevention sieve scriptGravatar Joe Banks2024-08-29-0/+9
|
* Bad Bank Working DayGravatar Johannes Christ2024-08-29-2/+2
|
* Calculate the Lovering InheritanceGravatar Johannes Christ2024-08-28-2/+68
|
* Support custom plugins for muninGravatar Johannes Christ2024-08-28-0/+15
|
* Configure PostgreSQL plugins for MuninGravatar Johannes Christ2024-08-28-6/+27
|
* Include Uncle Christ's Assorted Works in mirrorGravatar Johannes Christ2024-08-28-1/+8
| | | | | | | Uncle Christ would like to mirror this item on the Python Discord git mirror to ensure the security of Python Discord DevOps poetry dependencies is included. Uncle Christ stands hopeful that this change contributes to a better society.
* Bind munin-node locallyGravatar Joe Banks2024-08-28-2/+2
|
* Remove unnecessary handler for munin restartingGravatar Joe Banks2024-08-28-7/+0
|
* Enable some plugins for mail, spam and NGINXGravatar Joe Banks2024-08-28-0/+32
| | | | | | Also, disable some wrongly autodetected radio related plugins, I think this seems to automatically enable based off a port being open but all the logs were obviously just invalid responses.
* Add nginx status stub listenerGravatar Joe Banks2024-08-28-0/+14
|
* Add munin NGINX configurationGravatar Joe Banks2024-08-28-0/+43
|
* Rudimentary pass at a munin roleGravatar Joe Banks2024-08-28-0/+260
|
* Add munin to monitoring in playbookGravatar Joe Banks2024-08-28-0/+1
|
* Add munin DNS recordGravatar Joe Banks2024-08-28-0/+8
|
* Update spam address listGravatar Joe Banks2024-08-28-1/+3
|
* Do not rewrite inbound mail headersGravatar Johannes Christ2024-08-28-1/+0
| | | | This is wrong on so many levels.
* Remove documentation and tooling references to pydis-users roleGravatar Joe Banks2024-08-27-3/+2
|
* Stop running pydis-users role on netcup hostsGravatar Joe Banks2024-08-27-1/+0
|
* Delete pydis-users roleGravatar Joe Banks2024-08-27-204/+0
|
* Add HBA rule for grafana -> pinnwandGravatar Joe Banks2024-08-27-2/+6
|
* Update script to use `cd -` instead of pushd/popd for sh compatibilityGravatar Joe Banks2024-08-26-3/+1
|
* Amendments to mirrors cron script for reliabilityGravatar Joe Banks2024-08-26-1/+5
|
* Use variables for cronjob file namingGravatar Joe Banks2024-08-26-3/+5
|
* Rename NGINX variables in git-mirrors roleGravatar Joe Banks2024-08-26-5/+6
|
* Explicitly install moreutils for chronic utilityGravatar Joe Banks2024-08-26-0/+8
|
* Harden security permissions on git-mirrors owned filesGravatar Joe Banks2024-08-26-4/+4
|
* Improve formatting of git clone command for mirrorsGravatar Joe Banks2024-08-26-3/+7
|
* Make git-mirrors a system userGravatar Joe Banks2024-08-26-0/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-19 21:11:49 +0000