| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Add myself to CODEOWNERS |  Joe Banks | 2024-06-06 | -0/+3 |
| | | ||||
| * | Switch to using designated placeholder IPv4 for originless records | Joe Banks | 2024-06-06 | -3/+3 |
| | | | | | | | | | | | | | | | We currently used something like 1.2.3.4 or 1.1.1.1 as placeholder IP addresses for DNS records where we ran in "originless" mode (the request is always answered by a Cloudflare Worker or a redirect). This changes that so we use designated reserved IPv4 addresses (192.0.2.0) to capture that traffic instead, ensuring that in no circumstance would we leak traffic to an address like 1.1.1.1 or 1.2.3.4 if there was a Cloudflare misconfiguration. Despite the potential risk vectors here being very small, it's a minor change and also helps us ensure configuration works correctly in the future. | |||
| * | Set proxied to true for paste record | Joe Banks | 2024-06-06 | -1/+1 |
| | | ||||
| * | Add paste.pydis.wtf record for forwarding | Joe Banks | 2024-06-06 | -0/+8 |
| | | ||||
| * | Add tmpfs to King Arthur | Joe Banks | 2024-06-05 | -0/+9 |
| | | ||||
| * | Add automatic HBA rules for all users to connect via mTLS | Joe Banks | 2024-06-04 | -3/+9 |
| | | ||||
| * | Add devops user account | Joe Banks | 2024-06-04 | -42/+69 |
| | | ||||
| * | Add CA file to postgresql.conf | Joe Banks | 2024-06-04 | -0/+2 |
| | | ||||
| * | Add pg_ident.conf file | Joe Banks | 2024-06-04 | -1/+18 |
| | | ||||
| * | Install PostgreSQL documentation package |  Johannes Christ | 2024-06-04 | -0/+1 |
| | | ||||
| * | Bump ruff from 0.4.5 to 0.4.7 (#342) |  dependabot[bot] | 2024-06-03 | -21/+22 |
| | | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.5 to 0.4.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | |||
| * | Add Bella to git-crypt keyring | Johannes Christ | 2024-06-02 | -0/+0 |
| | | | | | | | | | | | | | New collaborators: DB1D650A Amrou Bellalouna <[email protected]> The key has been verified and signed by both Joe and me. Chris was MIA but approved it ahead of time. Approved-by: Joe Banks <[email protected]> Approved-by: Chris Lovering <[email protected]> | |||
| * | Remove PostgreSQL Exporter from Kubernetes | Joe Banks | 2024-06-02 | -55/+0 |
| | | ||||
| * | Remove Kubernetes PostgreSQL Alerts | Joe Banks | 2024-06-02 | -29/+0 |
| | | ||||
| * | Remove Kubernetes PostgreSQL backup from Blackbox | Joe Banks | 2024-06-02 | -6/+1 |
| | | ||||
| * | Remove PostgreSQL deployment from Kubernetes | Joe Banks | 2024-06-02 | -127/+0 |
| | | ||||
| * | Update pixels environment variable | Joe Banks | 2024-06-02 | -0/+0 |
| | | ||||
| * | add pixels user and db |  shtlrs | 2024-06-02 | -39/+60 |
| | | ||||
| * | Force line-endings to LF in Ansible gitattributes | Joe Banks | 2024-06-02 | -1/+1 |
| | | ||||
| * | Update Metabase configuration secret | Joe Banks | 2024-06-02 | -0/+0 |
| | | ||||
| * | add metabase user and database | shtlrs | 2024-06-02 | -0/+8 |
| | | ||||
| * | Add PostgreSQL alerts to Ansible Prometheus configuration | Joe Banks | 2024-06-02 | -0/+30 |
| | | ||||
| * | Filter CNs of client certificates for Prometheus | Joe Banks | 2024-06-02 | -0/+8 |
| | | ||||
| * | Allow node_exporter scraping in nftables | Joe Banks | 2024-06-02 | -0/+3 |
| | | ||||
| * | Fix docs lint flow | Joe Banks | 2024-06-02 | -0/+3 |
| | | ||||
| * | Move default server config to a template | Joe Banks | 2024-06-02 | -2/+2 |
| | | ||||
| * | Issue certificate for hostname and sub-services, not both in one | Joe Banks | 2024-06-02 | -1/+2 |
| | | ||||
| * | Deploy host-specific configs in NGINX | Joe Banks | 2024-06-02 | -8/+20 |
| | | ||||
| * | Create new reverse proxying config for Prometheus | Joe Banks | 2024-06-02 | -0/+18 |
| | | ||||
| * | Move files config to new NGINX turing host variables | Joe Banks | 2024-06-02 | -10/+13 |
| | | ||||
| * | Add NGINX deployment to lovelace | Joe Banks | 2024-06-02 | -0/+1 |
| | | ||||
| * | Remove Prometheus rules from nftables | Joe Banks | 2024-06-02 | -9/+0 |
| | | ||||
| * | Revert Prometheus listen settings to HTTP | Joe Banks | 2024-06-02 | -28/+0 |
| | | ||||
| * | Bump ansible/roles/nftables from `015a7ed` to `4acd4ae` | dependabot[bot] | 2024-06-02 | -0/+0 |
| | | | | | | | | | | | | | Bumps [ansible/roles/nftables](https://github.com/jchristgit/ansible-role-nftables) from `015a7ed` to `4acd4ae`. - [Commits](https://github.com/jchristgit/ansible-role-nftables/compare/015a7ed269e7122dbd714c23eb6cec8a52176f0b...4acd4ae18f27c50d22d1f5db470ee561aeeb6375) --- updated-dependencies: - dependency-name: ansible/roles/nftables dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> | |||
| * | Update Hugo versions in CI | Joe Banks | 2024-06-01 | -8/+10 |
| | | ||||
| * | Update hugo-book theme to v10 | Joe Banks | 2024-06-01 | -0/+0 |
| | | ||||
| * | Template config instead of YAML copy for Prometheus | Joe Banks | 2024-06-01 | -1/+1 |
| | | ||||
| * | Update Prometheus config to include Postgres exporter | Joe Banks | 2024-06-01 | -2/+15 |
| | | | | | | We dynamically fetch all hosts in the databases group and add them to the scrape targets with the PostgreSQL exporter port (9187) | |||
| * | Update site secret with new database address | Joe Banks | 2024-06-01 | -0/+0 |
| | | ||||
| * | add hba conf for metabase to connect to site | shtlrs | 2024-06-01 | -0/+11 |
| | | ||||
| * | grant correct privileges to site and grafana | shtlrs | 2024-06-01 | -37/+75 |
| | | ||||
| * | Make issuing pg grants configurable (#327) | Amrou Bellalouna | 2024-06-01 | -0/+53 |
| | | | | | | * add a task to issue pg grants for specific roles * document the postgres role | |||
| * | whitelist ips of netcup and linode servers (#326) | Amrou Bellalouna | 2024-05-31 | -13/+18 |
| | | ||||
| * | Add sudo.tls.pydis.wtf to allowed SANs for Prometheus | Joe Banks | 2024-05-30 | -0/+1 |
| | | ||||
| * | Enable mTLS SAN validation | Joe Banks | 2024-05-30 | -0/+3 |
| | | ||||
| * | Restart Prometheus instead of reload after web config update | Joe Banks | 2024-05-30 | -1/+1 |
| | | ||||
| * | Update Prometheus web config with mTLS preferences | Joe Banks | 2024-05-30 | -0/+3 |
| | | ||||
| * | Set secure mode | Johannes Christ | 2024-05-30 | -0/+1 |
| | | | | | Co-authored-by: Dennis Schuster <[email protected]> | |||
| * | Pleasure the style dictator | Johannes Christ | 2024-05-30 | -1/+5 |
| | | | | | Co-authored-by: Amrou Bellalouna <[email protected]> | |||
| * | Install custom Prometheus version | Johannes Christ | 2024-05-30 | -2/+85 |
| | | | | | Co-authored-by: Joe William Murray Humphreys Banks <[email protected]> | |||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |