| Commit message (Collapse) | Author | Age | Lines | ||
|---|---|---|---|---|---|
| ... | |||||
| * | Install and configure fail2ban |  Joe Banks | 2022-03-15 | -0/+45 | |
| | | |||||
| * | Remove vim modelines | Joe Banks | 2022-03-15 | -11/+1 | |
| | | |||||
| * | Capitalise all task names in roles | Joe Banks | 2022-03-15 | -10/+10 | |
| | | | | | Makes all role names begin with a capital letter in Ansible roles | ||||
| * | Allow HTTP traffic through the firewall | Joe Banks | 2022-03-15 | -2/+2 | |
| | | | | | Allow HTTP traffic in addition to HTTPS by switching to the "Nginx Full" ruleset | ||||
| * | Update extra SAN | Joe Banks | 2022-03-14 | -1/+1 | |
| | | |||||
| * | Force reload on all rsync operations | Joe Banks | 2022-03-14 | -2/+20 | |
| | | | | | | | | | Update the forced command in authorized_keys to reload NGINX after termination of the rsync session. This ensures that after key updates complete they will be reloaded and pushed to NGINX. | ||||
| * | Add certbot roles | Joe Banks | 2022-03-14 | -1/+125 | |
| | | | | | | | | | | | Add a certbot role that generates a certificate on the first host in the NGINX group and then deploys it to all other NGINX hosts. As of now we generate wildcard certs for pythondiscord.com and pydis.wtf. A unique SSH key is generated for each replica host which is restricted for security purposes. A deploy hook is installed to push renewals to other hosts. | ||||
| * | Miscellaneous fixes to jumpcloud & NGINX mTLS | Joe Banks | 2022-03-14 | -1/+13 | |
| | | |||||
| * | Configure GeoIP for moon phase support |  Johannes Christ | 2022-02-25 | -0/+20 | |
| | | | | | | | | | | In order to add moon phase support on the dark theme picker later, we need to configure the GeoIP module included with nginx. On Debian, the `nginx` package that we install installs `nginx-core`, which in turn installs the GeoIP module and even a GeoIP country database for us. | ||||
| * | Deploy Prometheus & node-exporter | Johannes Christ | 2022-02-21 | -0/+156 | |
| | | | | | To start off, we are only scraping Prometheus itself and node-exporter. | ||||
| * | Save host allocation file in the repository | Johannes Christ | 2022-02-20 | -0/+0 | |
| | | |||||
| * | Use builtin NGINX UFW rule name | Johannes Christ | 2022-02-20 | -2/+1 | |
| | | | | Co-authored-by: ChrisJL <[email protected]> | ||||
| * | Remove subjective linting rules | Johannes Christ | 2022-02-20 | -1/+5 | |
| | | |||||
| * | Add nginx deployment | Johannes Christ | 2022-02-20 | -0/+131 | |
| | | | | | | | | | | | | Includes documented roles for: - installing nginx & configuring handlers - installing the mTLS certificate for Cloudflare - installing firewall rules They are kept separate for now, for composability. Closes #22. | ||||
| * | Delete projects_automation.yml | Joe Banks | 2022-02-16 | -16/+0 | |
| | | |||||
| * | Add PostUp directive for routing wg subnet | Joe Banks | 2022-02-11 | -0/+2 | |
| | | |||||
| * | Add podman role and improve playbook organization | Johannes Christ | 2022-02-05 | -20/+71 | |
| | | | | | | | | | This PR adds a new podman role, see #18. The playbook is merged into sections for each group of hosts that we want to deploy to. To limit by role now, use tags, such as `-t role::podman`. | ||||
| * | Epand entire dict when adding psql users and databases |  Chris Lovering | 2022-01-21 | -7/+2 | |
| | | | | | This will allow us to add more key: value pairs in future, without having to update it in two places | ||||
| * | Add postgres role to playbook | Chris Lovering | 2022-01-21 | -0/+6 | |
| | | |||||
| * | Add users and databases to portgres after install | Chris Lovering | 2022-01-21 | -0/+17 | |
| | | |||||
| * | Install postgres role | Chris Lovering | 2022-01-21 | -0/+18 | |
| | | | | | . | ||||
| * | Add basic postgres vars | Chris Lovering | 2022-01-21 | -0/+7 | |
| | | |||||
| * | Enable ansible ssh pipelining globally | Chris Lovering | 2022-01-21 | -0/+3 | |
| | | | | | | | | | See https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 for why we do this. The drawback of this is that it is incompatible with sudo's requiretty setting (or su, which always requires a tty). This is because of a quirk of the Python interpreter, which enters interactive mode automatically when you pipe in data from a (pseudo) tty. However, modern Debian, which we run, comes with requiretty disabled. | ||||
| * | Add ufw role to playbook |  MarkKoz | 2022-01-11 | -0/+6 | |
| | | |||||
| * | Install UFW | MarkKoz | 2022-01-11 | -0/+7 | |
| | | |||||
| * | Ensure SSH is allowed before setting default deny | MarkKoz | 2022-01-11 | -5/+5 | |
| | | | | | | Ansible relies on SSH, so it's good to ensure that's allowed before blocking everything else. | ||||
| * | Add basic UFW rules | MarkKoz | 2022-01-11 | -0/+21 | |
| | | |||||
| * | Update local env setup instructions | MarkKoz | 2022-01-11 | -0/+2 | |
| | | |||||
| * | Make wireguard port a variable | MarkKoz | 2022-01-11 | -2/+4 | |
| | | |||||
| * | Update README with directory structure | Joe Banks | 2022-01-11 | -9/+20 | |
| | | |||||
| * | Inject extra public keys for DevOps members | Joe Banks | 2022-01-11 | -0/+12 | |
| | | |||||
| * | Add handler for reloading WireGuard when config is modified | Joe Banks | 2022-01-11 | -0/+6 | |
| | | |||||
| * | Assign WireGuard subnets to each host | Joe Banks | 2022-01-11 | -0/+5 | |
| | | |||||
| * | Add WireGuard role to playbook | Joe Banks | 2022-01-11 | -0/+6 | |
| | | |||||
| * | Add role for setting up WireGuard mesh network | Joe Banks | 2022-01-11 | -0/+69 | |
| | | |||||
| * | Automatically add new issues to the project board (#12) | Joe Banks | 2022-01-11 | -0/+16 | |
| | | |||||
| * | Add dnspython to requirements.txt | Joe Banks | 2022-01-11 | -0/+1 | |
| | | | | | | | The lookup('dig', '...') function requires dnspython to be installed on the local machine so that queries can be processed. We're now using this to resolve the FQDNs of machines to IPs to inject into /etc/hosts. | ||||
| * | Resolve inventory hostnames with dnspython when injecting to /etc/hosts | Joe Banks | 2022-01-11 | -1/+1 | |
| | | |||||
| * | Use FQDNs for Ansible inventory | Joe Banks | 2022-01-10 | -5/+5 | |
| | | |||||
| * | Add JumpCloud Agent (#6) | Joe Banks | 2022-01-10 | -0/+46 | |
| | | | | | Co-authored-by: ChrisJL <[email protected]> Co-authored-by: Chris Lovering <[email protected]> | ||||
| * | Merge pull request #7 from python-discord/correct-workflow-step-names |  Hassan Abouelela | 2022-01-10 | -9/+9 | |
| |\ | | | | | Correct GitHub workflow step names | ||||
| | * | Correct GitHub workflow step names | Chris Lovering | 2022-01-10 | -9/+9 | |
| |/ | |||||
| * | Merge pull request #5 from python-discord/vendor-ansible-lint | Hassan Abouelela | 2022-01-10 | -7/+85 | |
| |\ | | | | | Ansible-lint in pre-commit and dep caching in workflows | ||||
| | * | Add missing if statement to status embed workflow | Chris Lovering | 2022-01-10 | -1/+2 | |
| | | | |||||
| | * | Update lint flow to cache and use pre-commit config | Chris Lovering | 2022-01-10 | -6/+50 | |
| | | | |||||
| | * | Add config for pre-commit | Chris Lovering | 2022-01-10 | -0/+20 | |
| | | | | | | | | | . | ||||
| | * | Setup project deps for ansible-lint and update README | Chris Lovering | 2022-01-10 | -0/+13 | |
| |/ | |||||
| * | Merge pull request #4 from python-discord/status-embed-flow | Joe Banks | 2022-01-10 | -0/+98 | |
| |\ | |||||
| | * | Add a status embed workflow | Chris Lovering | 2022-01-10 | -0/+72 | |
| | | | | | | | | | This embed webhooks a summary of PR workflows to the devops channel | ||||
| | * | Upload PR artifact as part of lint flow | Chris Lovering | 2022-01-10 | -0/+26 | |
| |/ | | | | This is so that it is available to other flows to parse, such as the status embed flow | ||||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |