| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Add documentation to ff-bot.yml policy file |  Joe Banks | 2024-06-15 | -0/+10 |
| | | ||||
| * | Add ff-bot.yml policy file | Joe Banks | 2024-06-15 | -0/+3 |
| | | ||||
| * | Update readme in regards to our docs being written now |  Johannes Christ | 2024-06-14 | -1/+1 |
| | | ||||
| * | Update Loki config with new compactor preferences for retention modes | Joe Banks | 2024-06-13 | -1/+6 |
| | | | | | | | | | | * `retention_enabled`: enable retention mode within the compactor * `delete_request_store`: store deletion requests within the s3 cluster that is also used to house log chunks * `delete_request_cancel_period`: do not exercise log deletion instructions until at least one hour has passed to prevent accidental deletion | |||
| * | Update Prometheus deployment with a tmpfs for the reloader | Joe Banks | 2024-06-10 | -0/+9 |
| | | ||||
| * | Add secrets for reloader webhook | Joe Banks | 2024-06-10 | -0/+0 |
| | | ||||
| * | Add sidecar container to reload Prometheus config on change | Joe Banks | 2024-06-10 | -0/+25 |
| | | ||||
| * | Add reloader hook configmap to reload prometheus on change | Joe Banks | 2024-06-10 | -0/+38 |
| | | ||||
| * | Add Alert for Prometheus config reload failure | Joe Banks | 2024-06-10 | -0/+9 |
| | | ||||
| * | Enable scraping of Prometheus pods | Joe Banks | 2024-06-10 | -0/+3 |
| | | ||||
| * | Relock poetry to bump sub-dependencies |  Chris Lovering | 2024-06-10 | -70/+53 |
| | | ||||
| * | Bump ruff from 0.4.7 to 0.4.8 |  dependabot[bot] | 2024-06-10 | -20/+20 |
| | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.7 to 0.4.8. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.7...v0.4.8) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> | |||
| * | Update Pinnwand logo to square image | Joe Banks | 2024-06-09 | -1/+1 |
| | | ||||
| * | Update from command to args in site deployment | Joe Banks | 2024-06-07 | -1/+1 |
| | | | | | | | | | Kubernetes renames ENTRYPOINT in Docker images to command and any additional args go in `args` (confusing, I know!) This ensures that we run within the context of Poetry so can reach Django and other installed requirements when running migrations. | |||
| * | Remove unnecessary shell execution for migration initContainer | Joe Banks | 2024-06-07 | -3/+3 |
| | | ||||
| * | Update site to run migrations in an init container | Joe Banks | 2024-06-07 | -0/+13 |
| | | | | | | | | | | | | | | | | | | | In accordance with updates from python-discord/site#1338 this changes the way migrations are run. Previously, migrations would be run all from within the manage.py execution process with the command being manually spawned using Django internals. After python-discord/site#1338 merges the Dockerfile will directly invoke gunicorn and bypass manage.py to simplify the process and avoid problems with shared database contexts. Hence, we need to manually run migrations using an init container. With testing there is no additional delay in doing this as spinning up an init container is cheap and we don't cut over any traffic until the site passes a healthcheck anyway. | |||
| * | Update Grafana repository to use explicit keyring | Joe Banks | 2024-06-07 | -3/+3 |
| | | ||||
| * | Add systemd overrides with new security preferences | Joe Banks | 2024-06-07 | -0/+38 |
| | | ||||
| * | Add NGINX access and error logs | Joe Banks | 2024-06-07 | -0/+10 |
| | | ||||
| * | Add relabing stages to name custom log extractors | Joe Banks | 2024-06-07 | -0/+11 |
| | | ||||
| * | Update configuration template with authentication | Joe Banks | 2024-06-07 | -9/+18 |
| | | ||||
| * | Update documentation for Alloy with Loki configuration | Joe Banks | 2024-06-07 | -3/+4 |
| | | ||||
| * | Add Alloy vars file with endpoint and authentication | Joe Banks | 2024-06-07 | -0/+14 |
| | | ||||
| * | Add host vars for database host to export PostgreSQL log | Joe Banks | 2024-06-07 | -0/+4 |
| | | ||||
| * | Extend Alloy configuration to include some default files + extra files | Joe Banks | 2024-06-07 | -0/+27 |
| | | ||||
| * | Update default variables for Alloy with empty extra files list | Joe Banks | 2024-06-07 | -0/+2 |
| | | ||||
| * | Update Alloy README to document extra files | Joe Banks | 2024-06-07 | -0/+7 |
| | | ||||
| * | Add Alloy role to all host deployment section | Joe Banks | 2024-06-07 | -0/+1 |
| | | ||||
| * | Add role to install and template configuration for Alloy | Joe Banks | 2024-06-07 | -0/+85 |
| | | ||||
| * | Rename relabelledpods to just pods | Joe Banks | 2024-06-07 | -1/+1 |
| | | | | | | | | This was a redundant rename and reduced the clarity of jobs when querying from inside Grafana. This rectifies that by renaming the stream to just `pods`. | |||
| * | Remove become_ask_pass preference from Ansible configuration | Joe Banks | 2024-06-07 | -1/+0 |
| | | ||||
| * | Add new sudoers rule for NOPASSWD sudo | Joe Banks | 2024-06-07 | -0/+2 |
| | | ||||
| * | Reflect pydis.wtf certificate into Loki namespace | Joe Banks | 2024-06-07 | -2/+2 |
| | | ||||
| * | Add secret for Loki authentication | Joe Banks | 2024-06-07 | -0/+0 |
| | | ||||
| * | Add new Ingress for Loki gateway | Joe Banks | 2024-06-07 | -0/+25 |
| | | ||||
| * | Add loki-gateway.pydis.wtf | Joe Banks | 2024-06-07 | -0/+9 |
| | | ||||
| * | Add PostgreSQL user to cert reader group | Joe Banks | 2024-06-06 | -0/+1 |
| | | ||||
| * | Update directory permissions of certbot generated certificates | Joe Banks | 2024-06-06 | -1/+2 |
| | | ||||
| * | use host issued certs for postgres server instead of snakeoil's |  shtlrs | 2024-06-06 | -4/+4 |
| | | ||||
| * | Add Metricity manifest | Joe Banks | 2024-06-06 | -0/+30 |
| | | | | | Copies the Metricity deployment manifest from the Metricity repo. | |||
| * | Add myself to CODEOWNERS | Joe Banks | 2024-06-06 | -0/+3 |
| | | ||||
| * | Switch to using designated placeholder IPv4 for originless records | Joe Banks | 2024-06-06 | -3/+3 |
| | | | | | | | | | | | | | | | We currently used something like 1.2.3.4 or 1.1.1.1 as placeholder IP addresses for DNS records where we ran in "originless" mode (the request is always answered by a Cloudflare Worker or a redirect). This changes that so we use designated reserved IPv4 addresses (192.0.2.0) to capture that traffic instead, ensuring that in no circumstance would we leak traffic to an address like 1.1.1.1 or 1.2.3.4 if there was a Cloudflare misconfiguration. Despite the potential risk vectors here being very small, it's a minor change and also helps us ensure configuration works correctly in the future. | |||
| * | Set proxied to true for paste record | Joe Banks | 2024-06-06 | -1/+1 |
| | | ||||
| * | Add paste.pydis.wtf record for forwarding | Joe Banks | 2024-06-06 | -0/+8 |
| | | ||||
| * | Add tmpfs to King Arthur | Joe Banks | 2024-06-05 | -0/+9 |
| | | ||||
| * | Add automatic HBA rules for all users to connect via mTLS | Joe Banks | 2024-06-04 | -3/+9 |
| | | ||||
| * | Add devops user account | Joe Banks | 2024-06-04 | -42/+69 |
| | | ||||
| * | Add CA file to postgresql.conf | Joe Banks | 2024-06-04 | -0/+2 |
| | | ||||
| * | Add pg_ident.conf file | Joe Banks | 2024-06-04 | -1/+18 |
| | | ||||
| * | Install PostgreSQL documentation package | Johannes Christ | 2024-06-04 | -0/+1 |
| | | ||||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |