aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Update tools docs to point to new Grafana URLGravatar Joe Banks2024-05-14-1/+1
|
* Update Grafana configmap to grafana.pydis.wtfGravatar Joe Banks2024-05-14-2/+2
|
* Update Grafana ingress to grafana.pydis.wtfGravatar Joe Banks2024-05-14-3/+3
|
* Reflect pydis.wtf cert to monitoring namespaceGravatar Joe Banks2024-05-14-0/+6
|
* Reflect *.pythondiscord.com secret to necessary namespacesGravatar Joe Banks2024-05-14-0/+6
|
* Add information on secret reflector Helm deploymentGravatar Joe Banks2024-05-14-0/+11
|
* Update pinnwand database secret to support being ast.literal_eval'dGravatar Chris Lovering2024-05-13-0/+0
|
* Use our own fork for deploying pinnwandGravatar Chris Lovering2024-05-13-1/+1
|
* Bump pre-commit from 3.7.0 to 3.7.1 (#286)Gravatar dependabot[bot]2024-05-13-5/+5
| | | | | | | | | | | | | | | | Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove obsolete cleanup tasksGravatar Johannes Christ2024-05-12-18/+0
|
* Configure sudo in separate fileGravatar Johannes Christ2024-05-12-2/+17
|
* Bump jinja2 from 3.1.3 to 3.1.4Gravatar dependabot[bot]2024-05-12-3/+3
| | | | | | | | | | | | | | Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
* Bump octodns from 1.6.1 to 1.7.0Gravatar dependabot[bot]2024-05-08-64/+7
| | | | | | | | | | | | | | Bumps [octodns](https://github.com/octodns/octodns) from 1.6.1 to 1.7.0. - [Changelog](https://github.com/octodns/octodns/blob/main/CHANGELOG.md) - [Commits](https://github.com/octodns/octodns/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: octodns dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
* Properly load Prometheus rulesGravatar Johannes Christ2024-05-08-0/+1
|
* Update Helm files for fix for webhook validatorGravatar Joe Banks2024-05-08-0/+6
|
* Update issuersGravatar Joe Banks2024-05-08-4/+4
|
* Add Cloudflare API token secretGravatar Joe Banks2024-05-08-0/+0
|
* Add pydis.wtf certificateGravatar Joe Banks2024-05-08-0/+12
|
* Configure Prometheus alerting for failed systemd units (#278)Gravatar jchristgit2024-05-08-1/+16
| | | | | The two services that I would normally exclude are intentionally not excluded right now to test out the alertmanager setup. If all goes well, we should receive a notification on Discord.
* Correct scheme configuration for AlertmanagerGravatar Johannes Christ2024-05-07-3/+3
|
* install blackbox exporter as part of out monitoring stackGravatar shtlrs2024-05-06-47/+49
|
* Perform fail2ban bans directly via nftablesGravatar Johannes Christ2024-05-04-0/+2
| | | | | | See upstream at https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc, this will be incorporated into Debian at the next release.
* Skip tasks requiring all hosts when running with limitGravatar Johannes Christ2024-05-04-0/+2
|
* Configure default security limitsGravatar Johannes Christ2024-05-04-0/+15
| | | | | | | | | The new limits allow each user to run a maximum of 100 processes by default, allowing to manually raise this number to 200. When a custom "pydis" group or similar is introduced, I plan to expand this to also specify other limits to prevent user error from causing problems on the system.
* set backend to systemdGravatar shtlrs2024-05-04-0/+1
|
* Set up Prometheus alerting on NetcupGravatar Johannes Christ2024-05-04-2/+18
|
* Set up database group for database hostsGravatar Johannes Christ2024-05-03-3/+9
|
* Remove old groups from Vagrant inventoryGravatar Johannes Christ2024-05-03-30/+0
| | | | | These groups are no longer present in our proper inventory as we no longer plan on selfhosting Kubernetes on the netcup nodes.
* Harden SSH security and prevent some misconfigurationsGravatar Johannes Christ2024-05-01-8/+45
| | | | | | | | | | | Disable agent forwarding and X11 forwarding in the default configuration. Users can still forward this if they really want to by installing a custom forwarder and utilizing their shell access to spawn it, but with this, we're making it impossible for people to accidentally forward their agent or their X socket to the remote server. Additionally, change the SSH configuration such that only the Python Discord users are allowed to log in.
* Depend on ansible-core instead of AnsibleGravatar Johannes Christ2024-05-01-22/+83
| | | | Allow for faster local installation by only installing what we need.
* ignore pycharm's idea filesGravatar shtlrs2024-05-01-0/+1
|
* update the readme file to be more user friendlyGravatar shtlrs2024-05-01-14/+51
|
* Install dependencies using poetryGravatar shtlrs2024-05-01-8/+14
|
* bump the debian version usedGravatar shtlrs2024-05-01-4/+3
| | | | This also explicitly specifies the sync type to rsync
* Stop alerting for slow GitHub webhook filter endpoint calls (#235)Gravatar jchristgit2024-04-29-2/+2
| | | | | These are directly forwarded to GitHub with no time-consuming processing done on the site. We would therefore be alerting for GitHub's slowness, which is rather useless.
* Whitelist possible LKE addresses to PostgreSQL on lovelaceGravatar Johannes Christ2024-04-29-8/+26
| | | | | | | | This allows us to connect to PostgreSQL on lovelace from any possible LKE node location, whilst not opening up our PostgreSQL instances to the world. This has already been rolled out.
* Add LKE addresses to group variablesGravatar Johannes Christ2024-04-29-0/+9
|
* Update nftables roleGravatar Johannes Christ2024-04-29-0/+0
| | | | | The new commit includes automatic validation of the `nft` configuration to ensure that any deployed config is valid.
* Remove UFW and make ansible-lint happyGravatar Johannes Christ2024-04-29-33/+2
|
* Use nftables for firewallingGravatar Johannes Christ2024-04-29-39/+86
| | | | | | | | | nftables is the modern replacement for iptables, which ufw uses under the hood. It allows us to specify firewall rules in a simple text file (with as much or as little abstraction as we want) and is quick to update and read. The text-file format allows more liberty with commenting compared to UFW. The existing `ufw` role has been converted to simply remove UFW. This has already been deployed on lovelace.
* Updated postgres config from PGTuneGravatar Chris Lovering2024-04-29-2/+11
|
* update access table to netcup serversGravatar Amrou Bellalouna2024-04-29-1/+1
|
* Add ops site DNSGravatar Joe Banks2024-04-28-0/+8
|
* Connect netcup Prometheus to Kubernetes AlertmanagerGravatar Johannes Christ2024-04-28-1/+3
| | | | Closes #240.
* Add new zone entries for pydis.wtf service migrationGravatar Joe Banks2024-04-28-0/+64
| | | | Adds the necessary DNS entries for issue #230
* Add AAAA records for our box domainsGravatar Joe Banks2024-04-28-12/+24
|
* Bump actions/configure-pages from 4 to 5Gravatar dependabot[bot]2024-04-28-1/+1
| | | | | | | | | | | | | | Bumps [actions/configure-pages](https://github.com/actions/configure-pages) from 4 to 5. - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](https://github.com/actions/configure-pages/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/configure-pages dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
* Bump HassanAbouelela/actions from setup-python_v1.4.2 to 1.5.0Gravatar dependabot[bot]2024-04-28-4/+4
| | | | | | | | | | | | | Bumps [HassanAbouelela/actions](https://github.com/hassanabouelela/actions) from setup-python_v1.4.2 to 1.5.0. This release includes the previously tagged commit. - [Release notes](https://github.com/hassanabouelela/actions/releases) - [Commits](https://github.com/hassanabouelela/actions/compare/setup-python_v1.4.2...setup-python_v1.5.0) --- updated-dependencies: - dependency-name: HassanAbouelela/actions dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
* Document how to use Ansible on Windows (#247)Gravatar jchristgit2024-04-28-4/+9
|
* Update hugo theme submodule with dependabot (#246)Gravatar jchristgit2024-04-28-0/+7
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-23 12:38:36 +0000