aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
...
* Add systemd overrides with new security preferencesGravatar Joe Banks2024-06-07-0/+38
|
* Add NGINX access and error logsGravatar Joe Banks2024-06-07-0/+10
|
* Add relabing stages to name custom log extractorsGravatar Joe Banks2024-06-07-0/+11
|
* Update configuration template with authenticationGravatar Joe Banks2024-06-07-9/+18
|
* Update documentation for Alloy with Loki configurationGravatar Joe Banks2024-06-07-3/+4
|
* Add Alloy vars file with endpoint and authenticationGravatar Joe Banks2024-06-07-0/+14
|
* Add host vars for database host to export PostgreSQL logGravatar Joe Banks2024-06-07-0/+4
|
* Extend Alloy configuration to include some default files + extra filesGravatar Joe Banks2024-06-07-0/+27
|
* Update default variables for Alloy with empty extra files listGravatar Joe Banks2024-06-07-0/+2
|
* Update Alloy README to document extra filesGravatar Joe Banks2024-06-07-0/+7
|
* Add Alloy role to all host deployment sectionGravatar Joe Banks2024-06-07-0/+1
|
* Add role to install and template configuration for AlloyGravatar Joe Banks2024-06-07-0/+85
|
* Rename relabelledpods to just podsGravatar Joe Banks2024-06-07-1/+1
| | | | | | | This was a redundant rename and reduced the clarity of jobs when querying from inside Grafana. This rectifies that by renaming the stream to just `pods`.
* Remove become_ask_pass preference from Ansible configurationGravatar Joe Banks2024-06-07-1/+0
|
* Add new sudoers rule for NOPASSWD sudoGravatar Joe Banks2024-06-07-0/+2
|
* Reflect pydis.wtf certificate into Loki namespaceGravatar Joe Banks2024-06-07-2/+2
|
* Add secret for Loki authenticationGravatar Joe Banks2024-06-07-0/+0
|
* Add new Ingress for Loki gatewayGravatar Joe Banks2024-06-07-0/+25
|
* Add loki-gateway.pydis.wtfGravatar Joe Banks2024-06-07-0/+9
|
* Add PostgreSQL user to cert reader groupGravatar Joe Banks2024-06-06-0/+1
|
* Update directory permissions of certbot generated certificatesGravatar Joe Banks2024-06-06-1/+2
|
* use host issued certs for postgres server instead of snakeoil'sGravatar shtlrs2024-06-06-4/+4
|
* Add Metricity manifestGravatar Joe Banks2024-06-06-0/+30
| | | | Copies the Metricity deployment manifest from the Metricity repo.
* Add myself to CODEOWNERSGravatar Joe Banks2024-06-06-0/+3
|
* Switch to using designated placeholder IPv4 for originless recordsGravatar Joe Banks2024-06-06-3/+3
| | | | | | | | | | | | | | We currently used something like 1.2.3.4 or 1.1.1.1 as placeholder IP addresses for DNS records where we ran in "originless" mode (the request is always answered by a Cloudflare Worker or a redirect). This changes that so we use designated reserved IPv4 addresses (192.0.2.0) to capture that traffic instead, ensuring that in no circumstance would we leak traffic to an address like 1.1.1.1 or 1.2.3.4 if there was a Cloudflare misconfiguration. Despite the potential risk vectors here being very small, it's a minor change and also helps us ensure configuration works correctly in the future.
* Set proxied to true for paste recordGravatar Joe Banks2024-06-06-1/+1
|
* Add paste.pydis.wtf record for forwardingGravatar Joe Banks2024-06-06-0/+8
|
* Add tmpfs to King ArthurGravatar Joe Banks2024-06-05-0/+9
|
* Add automatic HBA rules for all users to connect via mTLSGravatar Joe Banks2024-06-04-3/+9
|
* Add devops user accountGravatar Joe Banks2024-06-04-42/+69
|
* Add CA file to postgresql.confGravatar Joe Banks2024-06-04-0/+2
|
* Add pg_ident.conf fileGravatar Joe Banks2024-06-04-1/+18
|
* Install PostgreSQL documentation packageGravatar Johannes Christ2024-06-04-0/+1
|
* Bump ruff from 0.4.5 to 0.4.7 (#342)Gravatar dependabot[bot]2024-06-03-21/+22
| | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.5 to 0.4.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add Bella to git-crypt keyringGravatar Johannes Christ2024-06-02-0/+0
| | | | | | | | | | | | New collaborators: DB1D650A Amrou Bellalouna <[email protected]> The key has been verified and signed by both Joe and me. Chris was MIA but approved it ahead of time. Approved-by: Joe Banks <[email protected]> Approved-by: Chris Lovering <[email protected]>
* Remove PostgreSQL Exporter from KubernetesGravatar Joe Banks2024-06-02-55/+0
|
* Remove Kubernetes PostgreSQL AlertsGravatar Joe Banks2024-06-02-29/+0
|
* Remove Kubernetes PostgreSQL backup from BlackboxGravatar Joe Banks2024-06-02-6/+1
|
* Remove PostgreSQL deployment from KubernetesGravatar Joe Banks2024-06-02-127/+0
|
* Update pixels environment variableGravatar Joe Banks2024-06-02-0/+0
|
* add pixels user and dbGravatar shtlrs2024-06-02-39/+60
|
* Force line-endings to LF in Ansible gitattributesGravatar Joe Banks2024-06-02-1/+1
|
* Update Metabase configuration secretGravatar Joe Banks2024-06-02-0/+0
|
* add metabase user and databaseGravatar shtlrs2024-06-02-0/+8
|
* Add PostgreSQL alerts to Ansible Prometheus configurationGravatar Joe Banks2024-06-02-0/+30
|
* Filter CNs of client certificates for PrometheusGravatar Joe Banks2024-06-02-0/+8
|
* Allow node_exporter scraping in nftablesGravatar Joe Banks2024-06-02-0/+3
|
* Fix docs lint flowGravatar Joe Banks2024-06-02-0/+3
|
* Move default server config to a templateGravatar Joe Banks2024-06-02-2/+2
|
* Issue certificate for hostname and sub-services, not both in oneGravatar Joe Banks2024-06-02-1/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-28 08:34:28 +0000