| Commit message (Collapse) | Author | Age | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [ansible/roles/nftables](https://github.com/jchristgit/ansible-role-nftables) from `015a7ed` to `4acd4ae`.
- [Commits](https://github.com/jchristgit/ansible-role-nftables/compare/015a7ed269e7122dbd714c23eb6cec8a52176f0b...4acd4ae18f27c50d22d1f5db470ee561aeeb6375)
---
updated-dependencies:
- dependency-name: ansible/roles/nftables
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
We dynamically fetch all hosts in the databases group and add them to
the scrape targets with the PostgreSQL exporter port (9187)
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* add a task to issue pg grants for specific roles
* document the postgres role
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Co-authored-by: Dennis Schuster <[email protected]>
|
|
|
|
| |
Co-authored-by: Amrou Bellalouna <[email protected]>
|
|
|
|
| |
Co-authored-by: Joe William Murray Humphreys Banks <[email protected]>
|
|
|
|
|
|
| |
Adds the new roles necessary for grafana and metabase, grants them
access to the metricity table as well as giving them the
pg_read_all_data role for read-only access to the metricity database.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Due to the way Linode seems to issue certificates for our nodes, we need
to disable TLS verification for communications to fetch metric
information. It's unfortunate but non-critical and it does restore
metrics-server functionality.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new role named pydis-mtls to distribute the mTLS certificate
authority data to all nodes in the inventory.
The defaults are sufficient here and are using the production CA that
will be used for service authentication (tls.pydis.wtf).
Other services can point to the value stored in pydis_mtls_location as
the source of truth for the certificate authority to validate against.
|
|
|
|
|
|
|
|
|
|
| |
This allows for non-root services that are in the cert-users group to
still access and read certificate data that they need in order to
operate.
Doing things this way means that services still refer to a
single-source-of-truth for the certificate store whilst retaining their
non-root and non-privileged nature.
|
| |
|
|
|
|
|
|
|
| |
* add a monitoring group for better hosts distinction
* run prometheus with TLS
* add prometheus connections nftables config
|
|
|
|
|
| |
* request certificates per target domain
* run certbot role on all hosts
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
- Explicitly bump octodns-cloudflare to 0.0.6
- Explicitly bump ansible-core to 2.17.0
- Explicitly bump ruff to 0.4.5
- Implicitly bump requests to 2.32.2
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We made a change to include the instance in alerts sent to Discord, but
not all of our configured alerts send this field.
As a result, we would have incorrectly formatted alerts being sent
through to Discord which were tricky to read.
The format template has now been changed to only conditionally render
the instance label if it is present on a triggered alert.
|
|
|
|
|
|
|
|
|
| |
Previously the files server would return a HTTP 500 if a matching file
was not found, since internally NGINX would fall into a redirect loop
trying to locate the relevant file.
This adds a final 404 fallback handler so if there is not a direct match
we return an error instead of returning a HTTP 500.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [HassanAbouelela/actions](https://github.com/hassanabouelela/actions) from setup-python_v1.5.0 to 1.6.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/hassanabouelela/actions/releases)
- [Commits](https://github.com/hassanabouelela/actions/compare/setup-python_v1.5.0...setup-python_v1.6.0)
---
updated-dependencies:
- dependency-name: HassanAbouelela/actions
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
|
|
|
| |
* generate cert for prometheus.lovelace.box.pydis.wtf
* add dns record for prometheus.lovelace.box
|