infra - The PyDis DevOps boiler house, the engine room, where the magic happens.

	Commit message (Collapse)	Author	Age	Lines
*	Add secret for Loki authentication	Joe Banks	2024-06-07	-0/+0
\|
*	Add new Ingress for Loki gateway	Joe Banks	2024-06-07	-0/+25
\|
*	Add loki-gateway.pydis.wtf	Joe Banks	2024-06-07	-0/+9
\|
*	Add PostgreSQL user to cert reader group	Joe Banks	2024-06-06	-0/+1
\|
*	Update directory permissions of certbot generated certificates	Joe Banks	2024-06-06	-1/+2
\|
*	use host issued certs for postgres server instead of snakeoil's	shtlrs	2024-06-06	-4/+4
\|
*	Add Metricity manifest	Joe Banks	2024-06-06	-0/+30
\| \| \| \|	Copies the Metricity deployment manifest from the Metricity repo.
*	Add myself to CODEOWNERS	Joe Banks	2024-06-06	-0/+3
\|
*	Switch to using designated placeholder IPv4 for originless records	Joe Banks	2024-06-06	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	We currently used something like 1.2.3.4 or 1.1.1.1 as placeholder IP addresses for DNS records where we ran in "originless" mode (the request is always answered by a Cloudflare Worker or a redirect). This changes that so we use designated reserved IPv4 addresses (192.0.2.0) to capture that traffic instead, ensuring that in no circumstance would we leak traffic to an address like 1.1.1.1 or 1.2.3.4 if there was a Cloudflare misconfiguration. Despite the potential risk vectors here being very small, it's a minor change and also helps us ensure configuration works correctly in the future.
*	Set proxied to true for paste record	Joe Banks	2024-06-06	-1/+1
\|
*	Add paste.pydis.wtf record for forwarding	Joe Banks	2024-06-06	-0/+8
\|
*	Add tmpfs to King Arthur	Joe Banks	2024-06-05	-0/+9
\|
*	Add automatic HBA rules for all users to connect via mTLS	Joe Banks	2024-06-04	-3/+9
\|
*	Add devops user account	Joe Banks	2024-06-04	-42/+69
\|
*	Add CA file to postgresql.conf	Joe Banks	2024-06-04	-0/+2
\|
*	Add pg_ident.conf file	Joe Banks	2024-06-04	-1/+18
\|
*	Install PostgreSQL documentation package	Johannes Christ	2024-06-04	-0/+1
\|
*	Bump ruff from 0.4.5 to 0.4.7 (#342)	dependabot[bot]	2024-06-03	-21/+22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.5 to 0.4.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
*	Add Bella to git-crypt keyring	Johannes Christ	2024-06-02	-0/+0
\| \| \| \| \| \| \| \| \| \| \| \|	New collaborators: DB1D650A Amrou Bellalouna <[email protected]> The key has been verified and signed by both Joe and me. Chris was MIA but approved it ahead of time. Approved-by: Joe Banks <[email protected]> Approved-by: Chris Lovering <[email protected]>
*	Remove PostgreSQL Exporter from Kubernetes	Joe Banks	2024-06-02	-55/+0
\|
*	Remove Kubernetes PostgreSQL Alerts	Joe Banks	2024-06-02	-29/+0
\|
*	Remove Kubernetes PostgreSQL backup from Blackbox	Joe Banks	2024-06-02	-6/+1
\|
*	Remove PostgreSQL deployment from Kubernetes	Joe Banks	2024-06-02	-127/+0
\|
*	Update pixels environment variable	Joe Banks	2024-06-02	-0/+0
\|
*	add pixels user and db	shtlrs	2024-06-02	-39/+60
\|
*	Force line-endings to LF in Ansible gitattributes	Joe Banks	2024-06-02	-1/+1
\|
*	Update Metabase configuration secret	Joe Banks	2024-06-02	-0/+0
\|
*	add metabase user and database	shtlrs	2024-06-02	-0/+8
\|
*	Add PostgreSQL alerts to Ansible Prometheus configuration	Joe Banks	2024-06-02	-0/+30
\|
*	Filter CNs of client certificates for Prometheus	Joe Banks	2024-06-02	-0/+8
\|
*	Allow node_exporter scraping in nftables	Joe Banks	2024-06-02	-0/+3
\|
*	Fix docs lint flow	Joe Banks	2024-06-02	-0/+3
\|
*	Move default server config to a template	Joe Banks	2024-06-02	-2/+2
\|
*	Issue certificate for hostname and sub-services, not both in one	Joe Banks	2024-06-02	-1/+2
\|
*	Deploy host-specific configs in NGINX	Joe Banks	2024-06-02	-8/+20
\|
*	Create new reverse proxying config for Prometheus	Joe Banks	2024-06-02	-0/+18
\|
*	Move files config to new NGINX turing host variables	Joe Banks	2024-06-02	-10/+13
\|
*	Add NGINX deployment to lovelace	Joe Banks	2024-06-02	-0/+1
\|
*	Remove Prometheus rules from nftables	Joe Banks	2024-06-02	-9/+0
\|
*	Revert Prometheus listen settings to HTTP	Joe Banks	2024-06-02	-28/+0
\|
*	Bump ansible/roles/nftables from `015a7ed` to `4acd4ae`	dependabot[bot]	2024-06-02	-0/+0
\| \| \| \| \| \| \| \| \| \| \| \|	Bumps [ansible/roles/nftables](https://github.com/jchristgit/ansible-role-nftables) from `015a7ed` to `4acd4ae`. - [Commits](https://github.com/jchristgit/ansible-role-nftables/compare/015a7ed269e7122dbd714c23eb6cec8a52176f0b...4acd4ae18f27c50d22d1f5db470ee561aeeb6375) --- updated-dependencies: - dependency-name: ansible/roles/nftables dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
*	Update Hugo versions in CI	Joe Banks	2024-06-01	-8/+10
\|
*	Update hugo-book theme to v10	Joe Banks	2024-06-01	-0/+0
\|
*	Template config instead of YAML copy for Prometheus	Joe Banks	2024-06-01	-1/+1
\|
*	Update Prometheus config to include Postgres exporter	Joe Banks	2024-06-01	-2/+15
\| \| \| \| \|	We dynamically fetch all hosts in the databases group and add them to the scrape targets with the PostgreSQL exporter port (9187)
*	Update site secret with new database address	Joe Banks	2024-06-01	-0/+0
\|
*	add hba conf for metabase to connect to site	shtlrs	2024-06-01	-0/+11
\|
*	grant correct privileges to site and grafana	shtlrs	2024-06-01	-37/+75
\|
*	Make issuing pg grants configurable (#327)	Amrou Bellalouna	2024-06-01	-0/+53
\| \| \| \| \|	* add a task to issue pg grants for specific roles * document the postgres role
*	whitelist ips of netcup and linode servers (#326)	Amrou Bellalouna	2024-05-31	-13/+18
\|