| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Remove temporary testing deployment of pinnwand |  Chris Lovering | 2024-05-16 | -150/+0 |
| | | ||||
| * | Add lovelace credentials to blackbox secrets | Chris Lovering | 2024-05-16 | -0/+0 |
| | | ||||
| * | configure blackbox to backup lovelace's pg instance |  shtlrs | 2024-05-16 | -0/+7 |
| | | ||||
| * | grant pg users their predefined roles | shtlrs | 2024-05-16 | -0/+14 |
| | | ||||
| * | define the blackbox user and its db roles | shtlrs | 2024-05-16 | -11/+20 |
| | | ||||
| * | Readd nftables submodule | Chris Lovering | 2024-05-15 | -0/+0 |
| | | ||||
| * | Deploy a pinnwand instance that used lovelace's pg database (#293) | Amrou Bellalouna | 2024-05-15 | -0/+150 |
| | | | | | | | | | | | | * add a deployment config for pinnwand on lovelace * add a dns entry for the new pastebin * Add database URI for pinnwand to connect to psql on lovelace --------- Co-authored-by: Chris Lovering <[email protected]> | |||
| * | Pleasure the style dictator (#291) |  jchristgit | 2024-05-14 | -16/+25 |
| | | | | Fix warnings with argsplat in postgres role | |||
| * | add the task that configures host based authentication | shtlrs | 2024-05-14 | -0/+16 |
| | | ||||
| * | add the db_passwords secrets file | shtlrs | 2024-05-14 | -7/+24 |
| | | | | | | | This contains the encrypted passwords for all database users This also moves variables under the /vars/main folder to allow ansible to load all variable folders automatically | |||
| * | add a handler to reload postgres | shtlrs | 2024-05-14 | -1/+10 |
| | | | | | | | This also renames the handler that restarts it. You're welcome Johannes. | |||
| * | ignore .ansible file upon syncing | shtlrs | 2024-05-14 | -1/+1 |
| | | | | | This will avoid the copying of a potentially empty .ansible file on host, rendering the guest playbooks unrunnable | |||
| * | Remove pixels-modsite.pythondiscord.com DNS |  Joe Banks | 2024-05-14 | -8/+0 |
| | | ||||
| * | Update Pixels modsite to pixels-mod.pydis.wtf | Joe Banks | 2024-05-14 | -6/+6 |
| | | ||||
| * | Update Ansible Prometheus to point to pydis.wtf alertmanager | Joe Banks | 2024-05-14 | -1/+1 |
| | | ||||
| * | Move AlertManager to pydis.wtf | Joe Banks | 2024-05-14 | -5/+6 |
| | | ||||
| * | Move prometheus to pydis.wtf | Joe Banks | 2024-05-14 | -4/+5 |
| | | ||||
| * | Move policy-bot to pydis.wtf | Joe Banks | 2024-05-14 | -6/+6 |
| | | ||||
| * | Migrate Metabase to pydis.wtf | Joe Banks | 2024-05-14 | -3/+3 |
| | | ||||
| * | Migrate Bitwarden to pydis.wtf | Joe Banks | 2024-05-14 | -7/+7 |
| | | ||||
| * | Remove reflection of pythondiscord.com TLS to modmail ns | Joe Banks | 2024-05-14 | -2/+2 |
| | | ||||
| * | Migrate modmail to pydis.wtf | Joe Banks | 2024-05-14 | -4/+4 |
| | | ||||
| * | Reflect pydis.wtf certificate to modmail | Joe Banks | 2024-05-14 | -2/+2 |
| | | ||||
| * | Update tools docs to point to new Grafana URL | Joe Banks | 2024-05-14 | -1/+1 |
| | | ||||
| * | Update Grafana configmap to grafana.pydis.wtf | Joe Banks | 2024-05-14 | -2/+2 |
| | | ||||
| * | Update Grafana ingress to grafana.pydis.wtf | Joe Banks | 2024-05-14 | -3/+3 |
| | | ||||
| * | Reflect pydis.wtf cert to monitoring namespace | Joe Banks | 2024-05-14 | -0/+6 |
| | | ||||
| * | Reflect *.pythondiscord.com secret to necessary namespaces | Joe Banks | 2024-05-14 | -0/+6 |
| | | ||||
| * | Add information on secret reflector Helm deployment | Joe Banks | 2024-05-14 | -0/+11 |
| | | ||||
| * | Update pinnwand database secret to support being ast.literal_eval'd | Chris Lovering | 2024-05-13 | -0/+0 |
| | | ||||
| * | Use our own fork for deploying pinnwand | Chris Lovering | 2024-05-13 | -1/+1 |
| | | ||||
| * | Bump pre-commit from 3.7.0 to 3.7.1 (#286) |  dependabot[bot] | 2024-05-13 | -5/+5 |
| | | | | | | | | | | | | | | | | | Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | |||
| * | Remove obsolete cleanup tasks | Johannes Christ | 2024-05-12 | -18/+0 |
| | | ||||
| * | Configure sudo in separate file | Johannes Christ | 2024-05-12 | -2/+17 |
| | | ||||
| * | Bump jinja2 from 3.1.3 to 3.1.4 | dependabot[bot] | 2024-05-12 | -3/+3 |
| | | | | | | | | | | | | | | | Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> | |||
| * | Bump octodns from 1.6.1 to 1.7.0 | dependabot[bot] | 2024-05-08 | -64/+7 |
| | | | | | | | | | | | | | | | Bumps [octodns](https://github.com/octodns/octodns) from 1.6.1 to 1.7.0. - [Changelog](https://github.com/octodns/octodns/blob/main/CHANGELOG.md) - [Commits](https://github.com/octodns/octodns/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: octodns dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> | |||
| * | Properly load Prometheus rules | Johannes Christ | 2024-05-08 | -0/+1 |
| | | ||||
| * | Update Helm files for fix for webhook validator | Joe Banks | 2024-05-08 | -0/+6 |
| | | ||||
| * | Update issuers | Joe Banks | 2024-05-08 | -4/+4 |
| | | ||||
| * | Add Cloudflare API token secret | Joe Banks | 2024-05-08 | -0/+0 |
| | | ||||
| * | Add pydis.wtf certificate | Joe Banks | 2024-05-08 | -0/+12 |
| | | ||||
| * | Configure Prometheus alerting for failed systemd units (#278) | jchristgit | 2024-05-08 | -1/+16 |
| | | | | | | The two services that I would normally exclude are intentionally not excluded right now to test out the alertmanager setup. If all goes well, we should receive a notification on Discord. | |||
| * | Correct scheme configuration for Alertmanager | Johannes Christ | 2024-05-07 | -3/+3 |
| | | ||||
| * | install blackbox exporter as part of out monitoring stack | shtlrs | 2024-05-06 | -47/+49 |
| | | ||||
| * | Perform fail2ban bans directly via nftables | Johannes Christ | 2024-05-04 | -0/+2 |
| | | | | | | | See upstream at https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc, this will be incorporated into Debian at the next release. | |||
| * | Skip tasks requiring all hosts when running with limit | Johannes Christ | 2024-05-04 | -0/+2 |
| | | ||||
| * | Configure default security limits | Johannes Christ | 2024-05-04 | -0/+15 |
| | | | | | | | | | | The new limits allow each user to run a maximum of 100 processes by default, allowing to manually raise this number to 200. When a custom "pydis" group or similar is introduced, I plan to expand this to also specify other limits to prevent user error from causing problems on the system. | |||
| * | set backend to systemd | shtlrs | 2024-05-04 | -0/+1 |
| | | ||||
| * | Set up Prometheus alerting on Netcup | Johannes Christ | 2024-05-04 | -2/+18 |
| | | ||||
| * | Set up database group for database hosts | Johannes Christ | 2024-05-03 | -3/+9 |
| | | ||||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |