infra - The PyDis DevOps boiler house, the engine room, where the magic happens.

	Commit message (Collapse)	Author	Age	Lines
...
*	Add MOTD and sudo lecture roles (#76)	ChrisJL	2023-02-08	-0/+39
\|
*	Update bootstrap script to use shorturl (#75)	ChrisJL	2022-12-21	-1/+1
\|
*	Add instructions to the bootstrap script (#74)	ChrisJL	2022-12-21	-1/+9
\| \| \| \| \|	* Add instructions to the bootstrap script * Make the .ssh folder before making a file within
*	Add a server bootstrap script (#73)	ChrisJL	2022-12-21	-0/+15
\|
*	Add kubespray module	Johannes Christ	2022-11-27	-0/+3
\|
*	Delete roles we won't use with self-hosted k8s	Chris Lovering	2022-10-18	-1193/+0
\|
*	Disable `fqcn-builtins` lint	Johannes Christ	2022-04-07	-0/+1
\| \| \| \| \|	This got introduced by a recent `ansible-lint` update, and is now breaking all PRs (and failing on master).
*	Add meeting notes for today	Johannes Christ	2022-04-07	-0/+22
\|
*	Add auditbeat	Joe Banks	2022-03-15	-0/+159
\|
*	Return random URL for default server	Joe Banks	2022-03-15	-2/+40
\|
*	Move from sites-enabled to conf.d for Kibana NGINX	Joe Banks	2022-03-15	-1/+1
\|
*	De-duplicate elasticsearch apt repos	Joe Banks	2022-03-15	-131/+59
\|
*	Address ansible-lint concerns	Joe Banks	2022-03-15	-4/+8
\|
*	Add wireguard rule to allow all internal traffic	Joe Banks	2022-03-15	-1/+6
\|
*	Add new logs tooling to root playbook	Joe Banks	2022-03-15	-0/+13
\|
*	Add Packetbeat	Joe Banks	2022-03-15	-0/+300
\|
*	Add Filebeat	Joe Banks	2022-03-15	-0/+178
\|
*	Add Kibana and NGINX config for Kibana	Joe Banks	2022-03-15	-0/+100
\|
*	Add Elasticsearch	Joe Banks	2022-03-15	-0/+48
\|
*	Install and configure fail2ban	Joe Banks	2022-03-15	-0/+45
\|
*	Remove vim modelines	Joe Banks	2022-03-15	-11/+1
\|
*	Capitalise all task names in roles	Joe Banks	2022-03-15	-10/+10
\| \| \| \|	Makes all role names begin with a capital letter in Ansible roles
*	Allow HTTP traffic through the firewall	Joe Banks	2022-03-15	-2/+2
\| \| \| \|	Allow HTTP traffic in addition to HTTPS by switching to the "Nginx Full" ruleset
*	Update extra SAN	Joe Banks	2022-03-14	-1/+1
\|
*	Force reload on all rsync operations	Joe Banks	2022-03-14	-2/+20
\| \| \| \| \| \| \| \|	Update the forced command in authorized_keys to reload NGINX after termination of the rsync session. This ensures that after key updates complete they will be reloaded and pushed to NGINX.
*	Add certbot roles	Joe Banks	2022-03-14	-1/+125
\| \| \| \| \| \| \| \| \| \|	Add a certbot role that generates a certificate on the first host in the NGINX group and then deploys it to all other NGINX hosts. As of now we generate wildcard certs for pythondiscord.com and pydis.wtf. A unique SSH key is generated for each replica host which is restricted for security purposes. A deploy hook is installed to push renewals to other hosts.
*	Miscellaneous fixes to jumpcloud & NGINX mTLS	Joe Banks	2022-03-14	-1/+13
\|
*	Configure GeoIP for moon phase support	Johannes Christ	2022-02-25	-0/+20
\| \| \| \| \| \| \| \| \|	In order to add moon phase support on the dark theme picker later, we need to configure the GeoIP module included with nginx. On Debian, the `nginx` package that we install installs `nginx-core`, which in turn installs the GeoIP module and even a GeoIP country database for us.
*	Deploy Prometheus & node-exporter	Johannes Christ	2022-02-21	-0/+156
\| \| \| \|	To start off, we are only scraping Prometheus itself and node-exporter.
*	Save host allocation file in the repository	Johannes Christ	2022-02-20	-0/+0
\|
*	Use builtin NGINX UFW rule name	Johannes Christ	2022-02-20	-2/+1
\| \| \|	Co-authored-by: ChrisJL <[email protected]>
*	Remove subjective linting rules	Johannes Christ	2022-02-20	-1/+5
\|
*	Add nginx deployment	Johannes Christ	2022-02-20	-0/+131
\| \| \| \| \| \| \| \| \| \| \|	Includes documented roles for: - installing nginx & configuring handlers - installing the mTLS certificate for Cloudflare - installing firewall rules They are kept separate for now, for composability. Closes #22.
*	Delete projects_automation.yml	Joe Banks	2022-02-16	-16/+0
\|
*	Add PostUp directive for routing wg subnet	Joe Banks	2022-02-11	-0/+2
\|
*	Add podman role and improve playbook organization	Johannes Christ	2022-02-05	-20/+71
\| \| \| \| \| \| \| \|	This PR adds a new podman role, see #18. The playbook is merged into sections for each group of hosts that we want to deploy to. To limit by role now, use tags, such as `-t role::podman`.
*	Epand entire dict when adding psql users and databases	Chris Lovering	2022-01-21	-7/+2
\| \| \| \|	This will allow us to add more key: value pairs in future, without having to update it in two places
*	Add postgres role to playbook	Chris Lovering	2022-01-21	-0/+6
\|
*	Add users and databases to portgres after install	Chris Lovering	2022-01-21	-0/+17
\|
*	Install postgres role	Chris Lovering	2022-01-21	-0/+18
\| \| \| \|	.
*	Add basic postgres vars	Chris Lovering	2022-01-21	-0/+7
\|
*	Enable ansible ssh pipelining globally	Chris Lovering	2022-01-21	-0/+3
\| \| \| \| \| \| \| \|	See https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 for why we do this. The drawback of this is that it is incompatible with sudo's requiretty setting (or su, which always requires a tty). This is because of a quirk of the Python interpreter, which enters interactive mode automatically when you pipe in data from a (pseudo) tty. However, modern Debian, which we run, comes with requiretty disabled.
*	Add ufw role to playbook	MarkKoz	2022-01-11	-0/+6
\|
*	Install UFW	MarkKoz	2022-01-11	-0/+7
\|
*	Ensure SSH is allowed before setting default deny	MarkKoz	2022-01-11	-5/+5
\| \| \| \| \|	Ansible relies on SSH, so it's good to ensure that's allowed before blocking everything else.
*	Add basic UFW rules	MarkKoz	2022-01-11	-0/+21
\|
*	Update local env setup instructions	MarkKoz	2022-01-11	-0/+2
\|
*	Make wireguard port a variable	MarkKoz	2022-01-11	-2/+4
\|
*	Update README with directory structure	Joe Banks	2022-01-11	-9/+20
\|
*	Inject extra public keys for DevOps members	Joe Banks	2022-01-11	-0/+12
\|