aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Add Helm deployment info for metrics-serverGravatar Joe Banks2024-05-28-0/+24
| | | | | | | Due to the way Linode seems to issue certificates for our nodes, we need to disable TLS verification for communications to fetch metric information. It's unfortunate but non-critical and it does restore metrics-server functionality.
* Add documentation on services deployed to the kube-system namespaceGravatar Joe Banks2024-05-28-0/+33
|
* Add user for StelercusGravatar Joe Banks2024-05-28-99/+145
|
* Add pydis-mtls role for distributing root CAGravatar Joe Banks2024-05-27-0/+64
| | | | | | | | | | | Adds a new role named pydis-mtls to distribute the mTLS certificate authority data to all nodes in the inventory. The defaults are sufficient here and are using the production CA that will be used for service authentication (tls.pydis.wtf). Other services can point to the value stored in pydis_mtls_location as the source of truth for the certificate authority to validate against.
* Change certificate directory ownership to cert-users groupGravatar Joe Banks2024-05-27-3/+26
| | | | | | | | | | This allows for non-root services that are in the cert-users group to still access and read certificate data that they need in order to operate. Doing things this way means that services still refer to a single-source-of-truth for the certificate store whilst retaining their non-root and non-privileged nature.
* Add new cert_users variable to certbot roleGravatar Joe Banks2024-05-27-0/+4
|
* Open port 9090 to allow hitting the prometheus instance (#317)Gravatar Amrou Bellalouna2024-05-27-2/+37
| | | | | | | * add a monitoring group for better hosts distinction * run prometheus with TLS * add prometheus connections nftables config
* Group and deploy certificates per target host (#316)Gravatar Amrou Bellalouna2024-05-27-69/+12
| | | | | * request certificates per target domain * run certbot role on all hosts
* Add new ServiceAccount for cert issuanceGravatar Joe Banks2024-05-27-0/+5
|
* Update mTLS bundle for ingress-nginxGravatar Joe Banks2024-05-27-36/+46
|
* Add Helm instructions for VaultGravatar Joe Banks2024-05-27-0/+54
|
* Add pydis.wtf cert to vault namespaceGravatar Joe Banks2024-05-27-2/+2
|
* Add DNS record for VaultGravatar Joe Banks2024-05-27-0/+8
|
* Set Poetry package-mode preference to falseGravatar Joe Banks2024-05-27-0/+1
|
* Dependency Bumps 27/05/2024Gravatar Joe Banks2024-05-27-201/+198
| | | | | | | - Explicitly bump octodns-cloudflare to 0.0.6 - Explicitly bump ansible-core to 2.17.0 - Explicitly bump ruff to 0.4.5 - Implicitly bump requests to 2.32.2
* Update Chris's user settingsGravatar Joe Banks2024-05-27-99/+99
|
* Fix AlertManager Discord instance formattingGravatar Joe Banks2024-05-27-1/+1
| | | | | | | | | | | We made a change to include the instance in alerts sent to Discord, but not all of our configured alerts send this field. As a result, we would have incorrectly formatted alerts being sent through to Discord which were tricky to read. The format template has now been changed to only conditionally render the instance label if it is present on a triggered alert.
* Add 404 fallback for files serverGravatar Joe Banks2024-05-27-1/+1
| | | | | | | | | Previously the files server would return a HTTP 500 if a matching file was not found, since internally NGINX would fall into a redirect loop trying to locate the relevant file. This adds a final 404 fallback handler so if there is not a direct match we return an error instead of returning a HTTP 500.
* Add new alias for file serverGravatar Joe Banks2024-05-27-1/+1
|
* Bump HassanAbouelela/actions from setup-python_v1.5.0 to 1.6.0Gravatar dependabot[bot]2024-05-27-4/+4
| | | | | | | | | | | | | Bumps [HassanAbouelela/actions](https://github.com/hassanabouelela/actions) from setup-python_v1.5.0 to 1.6.0. This release includes the previously tagged commit. - [Release notes](https://github.com/hassanabouelela/actions/releases) - [Commits](https://github.com/hassanabouelela/actions/compare/setup-python_v1.5.0...setup-python_v1.6.0) --- updated-dependencies: - dependency-name: HassanAbouelela/actions dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
* Generate a certificate for `prometheus.lovelace.box.pydis.wtf` (#305)Gravatar Amrou Bellalouna2024-05-26-0/+15
| | | | | * generate cert for prometheus.lovelace.box.pydis.wtf * add dns record for prometheus.lovelace.box
* Take 15 minutes before alerting on high latencyGravatar Johannes Christ2024-05-20-2/+2
|
* Enforce SSL for remote PostgreSQL connectionsGravatar Johannes Christ2024-05-19-5/+5
|
* Configure Prometheus PostgreSQL exporterGravatar Johannes Christ2024-05-18-0/+4
|
* Instruct code jam management to connect to lovelaceGravatar Johannes Christ2024-05-18-0/+0
|
* craete codejam pg userGravatar shtlrs2024-05-18-21/+36
|
* Instruct black knight to connect to lovelaceGravatar Johannes Christ2024-05-18-0/+0
|
* add a blacknight pg userGravatar shtlrs2024-05-18-17/+32
|
* Annotations.instance => Labels.instanceGravatar Joe Banks2024-05-18-1/+1
|
* Add Craig Dazey emulatorGravatar Joe Banks2024-05-18-0/+20
|
* Add instance to AlertManager Discord embedsGravatar Joe Banks2024-05-17-1/+1
|
* update bitwarden user's password to exclude ugly charsGravatar shtlrs2024-05-17-17/+17
|
* Update Bitwarden Kubernetes secret with new database locationGravatar Joe Banks2024-05-17-0/+0
|
* Disable alerts for known problematic servicesGravatar Johannes Christ2024-05-17-2/+1
|
* add bitwarden postgres user & db configGravatar shtlrs2024-05-17-14/+29
|
* Revert "Skip tasks requiring all hosts when running with limit"Gravatar Johannes Christ2024-05-17-2/+0
| | | | This reverts commit 566c0ad557fafe148dc51463e5071ff64f980c24.
* configure hba rules separatelyGravatar shtlrs2024-05-16-3/+17
|
* Add a postgresql.conf file templateGravatar Chris Lovering2024-05-16-0/+63
|
* Bump limits and requests for bots that have been OOMing recentlyGravatar Chris Lovering2024-05-16-3/+3
|
* Move AlertManager to 4 replicasGravatar Joe Banks2024-05-16-1/+1
|
* Unindent lovelace postgres config map for blackboxGravatar Chris Lovering2024-05-16-3/+3
|
* Merge branch 'dependabot/pip/ruff-0.4.4'Gravatar Chris Lovering2024-05-16-22/+23
|\
| * Bump ruff from 0.4.2 to 0.4.4Gravatar dependabot[bot]2024-05-16-22/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.2 to 0.4.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.2...v0.4.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
* | Update pinnwand conenction string to point at lovelaceGravatar Chris Lovering2024-05-16-0/+0
| |
* | Remove temporary testing deployment of pinnwandGravatar Chris Lovering2024-05-16-150/+0
| |
* | Add lovelace credentials to blackbox secretsGravatar Chris Lovering2024-05-16-0/+0
| |
* | configure blackbox to backup lovelace's pg instanceGravatar shtlrs2024-05-16-0/+7
| |
* | grant pg users their predefined rolesGravatar shtlrs2024-05-16-0/+14
| |
* | define the blackbox user and its db rolesGravatar shtlrs2024-05-16-11/+20
| |
* | Readd nftables submoduleGravatar Chris Lovering2024-05-15-0/+0
| |
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-24 10:46:48 +0000