aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
...
* add snippet about world writable ansible dir on windows causing permissions ↵Gravatar Bradley Reynolds2023-02-22-1/+5
| | | | | | errors Signed-off-by: Bradley Reynolds <[email protected]>
* Add `local_testing` utilizing vagrant and virtualbox to create an ↵Gravatar GDWR2023-02-22-0/+204
| | | | environment that we can test ansible updates in
* Bump SebastiaanZ/github-status-embed-for-discord to 0.3.0Gravatar Chris Lovering2023-02-22-10/+1
| | | | This also removes the need to pass some of the keys, so those have been removed.
* Bump CI action versions to latestGravatar Chris Lovering2023-02-22-5/+5
|
* Pin dependencies & resolve ansible-lint failures (#79)Gravatar GDWR2023-02-22-9/+32
| | | | | | | * Use uppercase for all names * Pin `requirements.txt` versions * Add `dependabot.yml`
* Update & Deploy Kubespray (#77)Gravatar Hassan Abouelela2023-02-08-32/+1938
| | | | | | | | | | | | | | | | | | | | | | | | | * Move Kubespray Inventory Move the kuberspray inventory to the repo root to make accessing it easier, and unify inventories. * Document Kubespray Deploy Instructions Signed-off-by: Hassan Abouelela <[email protected]> * Ignore Kubespray In Ansible Lint Signed-off-by: Hassan Abouelela <[email protected]> * Fix Ansible Lint The `.github` folder was inappropriately being included in linting due to actions being in yaml format. Signed-off-by: Hassan Abouelela <[email protected]> --------- Signed-off-by: Hassan Abouelela <[email protected]>
* Add MOTD and sudo lecture roles (#76)Gravatar ChrisJL2023-02-08-0/+39
|
* Update bootstrap script to use shorturl (#75)Gravatar ChrisJL2022-12-21-1/+1
|
* Add instructions to the bootstrap script (#74)Gravatar ChrisJL2022-12-21-1/+9
| | | | | * Add instructions to the bootstrap script * Make the .ssh folder before making a file within
* Add a server bootstrap script (#73)Gravatar ChrisJL2022-12-21-0/+15
|
* Add kubespray moduleGravatar Johannes Christ2022-11-27-0/+3
|
* Delete roles we won't use with self-hosted k8sGravatar Chris Lovering2022-10-18-1193/+0
|
* Disable `fqcn-builtins` lintGravatar Johannes Christ2022-04-07-0/+1
| | | | | This got introduced by a recent `ansible-lint` update, and is now breaking all PRs (and failing on master).
* Add meeting notes for todayGravatar Johannes Christ2022-04-07-0/+22
|
* Add auditbeatGravatar Joe Banks2022-03-15-0/+159
|
* Return random URL for default serverGravatar Joe Banks2022-03-15-2/+40
|
* Move from sites-enabled to conf.d for Kibana NGINXGravatar Joe Banks2022-03-15-1/+1
|
* De-duplicate elasticsearch apt reposGravatar Joe Banks2022-03-15-131/+59
|
* Address ansible-lint concernsGravatar Joe Banks2022-03-15-4/+8
|
* Add wireguard rule to allow all internal trafficGravatar Joe Banks2022-03-15-1/+6
|
* Add new logs tooling to root playbookGravatar Joe Banks2022-03-15-0/+13
|
* Add PacketbeatGravatar Joe Banks2022-03-15-0/+300
|
* Add FilebeatGravatar Joe Banks2022-03-15-0/+178
|
* Add Kibana and NGINX config for KibanaGravatar Joe Banks2022-03-15-0/+100
|
* Add ElasticsearchGravatar Joe Banks2022-03-15-0/+48
|
* Install and configure fail2banGravatar Joe Banks2022-03-15-0/+45
|
* Remove vim modelinesGravatar Joe Banks2022-03-15-11/+1
|
* Capitalise all task names in rolesGravatar Joe Banks2022-03-15-10/+10
| | | | Makes all role names begin with a capital letter in Ansible roles
* Allow HTTP traffic through the firewallGravatar Joe Banks2022-03-15-2/+2
| | | | Allow HTTP traffic in addition to HTTPS by switching to the "Nginx Full" ruleset
* Update extra SANGravatar Joe Banks2022-03-14-1/+1
|
* Force reload on all rsync operationsGravatar Joe Banks2022-03-14-2/+20
| | | | | | | | Update the forced command in authorized_keys to reload NGINX after termination of the rsync session. This ensures that after key updates complete they will be reloaded and pushed to NGINX.
* Add certbot rolesGravatar Joe Banks2022-03-14-1/+125
| | | | | | | | | | Add a certbot role that generates a certificate on the first host in the NGINX group and then deploys it to all other NGINX hosts. As of now we generate wildcard certs for pythondiscord.com and pydis.wtf. A unique SSH key is generated for each replica host which is restricted for security purposes. A deploy hook is installed to push renewals to other hosts.
* Miscellaneous fixes to jumpcloud & NGINX mTLSGravatar Joe Banks2022-03-14-1/+13
|
* Configure GeoIP for moon phase supportGravatar Johannes Christ2022-02-25-0/+20
| | | | | | | | | In order to add moon phase support on the dark theme picker later, we need to configure the GeoIP module included with nginx. On Debian, the `nginx` package that we install installs `nginx-core`, which in turn installs the GeoIP module and even a GeoIP country database for us.
* Deploy Prometheus & node-exporterGravatar Johannes Christ2022-02-21-0/+156
| | | | To start off, we are only scraping Prometheus itself and node-exporter.
* Save host allocation file in the repositoryGravatar Johannes Christ2022-02-20-0/+0
|
* Use builtin NGINX UFW rule nameGravatar Johannes Christ2022-02-20-2/+1
| | | Co-authored-by: ChrisJL <[email protected]>
* Remove subjective linting rulesGravatar Johannes Christ2022-02-20-1/+5
|
* Add nginx deploymentGravatar Johannes Christ2022-02-20-0/+131
| | | | | | | | | | | Includes documented roles for: - installing nginx & configuring handlers - installing the mTLS certificate for Cloudflare - installing firewall rules They are kept separate for now, for composability. Closes #22.
* Delete projects_automation.ymlGravatar Joe Banks2022-02-16-16/+0
|
* Add PostUp directive for routing wg subnetGravatar Joe Banks2022-02-11-0/+2
|
* Add podman role and improve playbook organizationGravatar Johannes Christ2022-02-05-20/+71
| | | | | | | | This PR adds a new podman role, see #18. The playbook is merged into sections for each group of hosts that we want to deploy to. To limit by role now, use tags, such as `-t role::podman`.
* Epand entire dict when adding psql users and databasesGravatar Chris Lovering2022-01-21-7/+2
| | | | This will allow us to add more key: value pairs in future, without having to update it in two places
* Add postgres role to playbookGravatar Chris Lovering2022-01-21-0/+6
|
* Add users and databases to portgres after installGravatar Chris Lovering2022-01-21-0/+17
|
* Install postgres roleGravatar Chris Lovering2022-01-21-0/+18
| | | | .
* Add basic postgres varsGravatar Chris Lovering2022-01-21-0/+7
|
* Enable ansible ssh pipelining globallyGravatar Chris Lovering2022-01-21-0/+3
| | | | | | | | See https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 for why we do this. The drawback of this is that it is incompatible with sudo's requiretty setting (or su, which always requires a tty). This is because of a quirk of the Python interpreter, which enters interactive mode automatically when you pipe in data from a (pseudo) tty. However, modern Debian, which we run, comes with requiretty disabled.
* Add ufw role to playbookGravatar MarkKoz2022-01-11-0/+6
|
* Install UFWGravatar MarkKoz2022-01-11-0/+7
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-30 14:32:43 +0000