aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Readd nftables submoduleGravatar Chris Lovering2024-05-15-0/+0
|
* Deploy a pinnwand instance that used lovelace's pg database (#293)Gravatar Amrou Bellalouna2024-05-15-0/+150
| | | | | | | | | | | * add a deployment config for pinnwand on lovelace * add a dns entry for the new pastebin * Add database URI for pinnwand to connect to psql on lovelace --------- Co-authored-by: Chris Lovering <[email protected]>
* Pleasure the style dictator (#291)Gravatar jchristgit2024-05-14-16/+25
| | | Fix warnings with argsplat in postgres role
* add the task that configures host based authenticationGravatar shtlrs2024-05-14-0/+16
|
* add the db_passwords secrets fileGravatar shtlrs2024-05-14-7/+24
| | | | | | This contains the encrypted passwords for all database users This also moves variables under the /vars/main folder to allow ansible to load all variable folders automatically
* add a handler to reload postgresGravatar shtlrs2024-05-14-1/+10
| | | | | | This also renames the handler that restarts it. You're welcome Johannes.
* ignore .ansible file upon syncingGravatar shtlrs2024-05-14-1/+1
| | | | This will avoid the copying of a potentially empty .ansible file on host, rendering the guest playbooks unrunnable
* Remove pixels-modsite.pythondiscord.com DNSGravatar Joe Banks2024-05-14-8/+0
|
* Update Pixels modsite to pixels-mod.pydis.wtfGravatar Joe Banks2024-05-14-6/+6
|
* Update Ansible Prometheus to point to pydis.wtf alertmanagerGravatar Joe Banks2024-05-14-1/+1
|
* Move AlertManager to pydis.wtfGravatar Joe Banks2024-05-14-5/+6
|
* Move prometheus to pydis.wtfGravatar Joe Banks2024-05-14-4/+5
|
* Move policy-bot to pydis.wtfGravatar Joe Banks2024-05-14-6/+6
|
* Migrate Metabase to pydis.wtfGravatar Joe Banks2024-05-14-3/+3
|
* Migrate Bitwarden to pydis.wtfGravatar Joe Banks2024-05-14-7/+7
|
* Remove reflection of pythondiscord.com TLS to modmail nsGravatar Joe Banks2024-05-14-2/+2
|
* Migrate modmail to pydis.wtfGravatar Joe Banks2024-05-14-4/+4
|
* Reflect pydis.wtf certificate to modmailGravatar Joe Banks2024-05-14-2/+2
|
* Update tools docs to point to new Grafana URLGravatar Joe Banks2024-05-14-1/+1
|
* Update Grafana configmap to grafana.pydis.wtfGravatar Joe Banks2024-05-14-2/+2
|
* Update Grafana ingress to grafana.pydis.wtfGravatar Joe Banks2024-05-14-3/+3
|
* Reflect pydis.wtf cert to monitoring namespaceGravatar Joe Banks2024-05-14-0/+6
|
* Reflect *.pythondiscord.com secret to necessary namespacesGravatar Joe Banks2024-05-14-0/+6
|
* Add information on secret reflector Helm deploymentGravatar Joe Banks2024-05-14-0/+11
|
* Update pinnwand database secret to support being ast.literal_eval'dGravatar Chris Lovering2024-05-13-0/+0
|
* Use our own fork for deploying pinnwandGravatar Chris Lovering2024-05-13-1/+1
|
* Bump pre-commit from 3.7.0 to 3.7.1 (#286)Gravatar dependabot[bot]2024-05-13-5/+5
| | | | | | | | | | | | | | | | Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove obsolete cleanup tasksGravatar Johannes Christ2024-05-12-18/+0
|
* Configure sudo in separate fileGravatar Johannes Christ2024-05-12-2/+17
|
* Bump jinja2 from 3.1.3 to 3.1.4Gravatar dependabot[bot]2024-05-12-3/+3
| | | | | | | | | | | | | | Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
* Bump octodns from 1.6.1 to 1.7.0Gravatar dependabot[bot]2024-05-08-64/+7
| | | | | | | | | | | | | | Bumps [octodns](https://github.com/octodns/octodns) from 1.6.1 to 1.7.0. - [Changelog](https://github.com/octodns/octodns/blob/main/CHANGELOG.md) - [Commits](https://github.com/octodns/octodns/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: octodns dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
* Properly load Prometheus rulesGravatar Johannes Christ2024-05-08-0/+1
|
* Update Helm files for fix for webhook validatorGravatar Joe Banks2024-05-08-0/+6
|
* Update issuersGravatar Joe Banks2024-05-08-4/+4
|
* Add Cloudflare API token secretGravatar Joe Banks2024-05-08-0/+0
|
* Add pydis.wtf certificateGravatar Joe Banks2024-05-08-0/+12
|
* Configure Prometheus alerting for failed systemd units (#278)Gravatar jchristgit2024-05-08-1/+16
| | | | | The two services that I would normally exclude are intentionally not excluded right now to test out the alertmanager setup. If all goes well, we should receive a notification on Discord.
* Correct scheme configuration for AlertmanagerGravatar Johannes Christ2024-05-07-3/+3
|
* install blackbox exporter as part of out monitoring stackGravatar shtlrs2024-05-06-47/+49
|
* Perform fail2ban bans directly via nftablesGravatar Johannes Christ2024-05-04-0/+2
| | | | | | See upstream at https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc, this will be incorporated into Debian at the next release.
* Skip tasks requiring all hosts when running with limitGravatar Johannes Christ2024-05-04-0/+2
|
* Configure default security limitsGravatar Johannes Christ2024-05-04-0/+15
| | | | | | | | | The new limits allow each user to run a maximum of 100 processes by default, allowing to manually raise this number to 200. When a custom "pydis" group or similar is introduced, I plan to expand this to also specify other limits to prevent user error from causing problems on the system.
* set backend to systemdGravatar shtlrs2024-05-04-0/+1
|
* Set up Prometheus alerting on NetcupGravatar Johannes Christ2024-05-04-2/+18
|
* Set up database group for database hostsGravatar Johannes Christ2024-05-03-3/+9
|
* Remove old groups from Vagrant inventoryGravatar Johannes Christ2024-05-03-30/+0
| | | | | These groups are no longer present in our proper inventory as we no longer plan on selfhosting Kubernetes on the netcup nodes.
* Harden SSH security and prevent some misconfigurationsGravatar Johannes Christ2024-05-01-8/+45
| | | | | | | | | | | Disable agent forwarding and X11 forwarding in the default configuration. Users can still forward this if they really want to by installing a custom forwarder and utilizing their shell access to spawn it, but with this, we're making it impossible for people to accidentally forward their agent or their X socket to the remote server. Additionally, change the SSH configuration such that only the Python Discord users are allowed to log in.
* Depend on ansible-core instead of AnsibleGravatar Johannes Christ2024-05-01-22/+83
| | | | Allow for faster local installation by only installing what we need.
* ignore pycharm's idea filesGravatar shtlrs2024-05-01-0/+1
|
* update the readme file to be more user friendlyGravatar shtlrs2024-05-01-14/+51
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-23 21:19:53 +0000