aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Add sidecar container to reload Prometheus config on changeGravatar Joe Banks2024-06-10-0/+25
|
* Add reloader hook configmap to reload prometheus on changeGravatar Joe Banks2024-06-10-0/+38
|
* Add Alert for Prometheus config reload failureGravatar Joe Banks2024-06-10-0/+9
|
* Enable scraping of Prometheus podsGravatar Joe Banks2024-06-10-0/+3
|
* Relock poetry to bump sub-dependenciesGravatar Chris Lovering2024-06-10-70/+53
|
* Bump ruff from 0.4.7 to 0.4.8Gravatar dependabot[bot]2024-06-10-20/+20
| | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.7 to 0.4.8. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.7...v0.4.8) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
* Update Pinnwand logo to square imageGravatar Joe Banks2024-06-09-1/+1
|
* Update from command to args in site deploymentGravatar Joe Banks2024-06-07-1/+1
| | | | | | | | Kubernetes renames ENTRYPOINT in Docker images to command and any additional args go in `args` (confusing, I know!) This ensures that we run within the context of Poetry so can reach Django and other installed requirements when running migrations.
* Remove unnecessary shell execution for migration initContainerGravatar Joe Banks2024-06-07-3/+3
|
* Update site to run migrations in an init containerGravatar Joe Banks2024-06-07-0/+13
| | | | | | | | | | | | | | | | | | In accordance with updates from python-discord/site#1338 this changes the way migrations are run. Previously, migrations would be run all from within the manage.py execution process with the command being manually spawned using Django internals. After python-discord/site#1338 merges the Dockerfile will directly invoke gunicorn and bypass manage.py to simplify the process and avoid problems with shared database contexts. Hence, we need to manually run migrations using an init container. With testing there is no additional delay in doing this as spinning up an init container is cheap and we don't cut over any traffic until the site passes a healthcheck anyway.
* Update Grafana repository to use explicit keyringGravatar Joe Banks2024-06-07-3/+3
|
* Add systemd overrides with new security preferencesGravatar Joe Banks2024-06-07-0/+38
|
* Add NGINX access and error logsGravatar Joe Banks2024-06-07-0/+10
|
* Add relabing stages to name custom log extractorsGravatar Joe Banks2024-06-07-0/+11
|
* Update configuration template with authenticationGravatar Joe Banks2024-06-07-9/+18
|
* Update documentation for Alloy with Loki configurationGravatar Joe Banks2024-06-07-3/+4
|
* Add Alloy vars file with endpoint and authenticationGravatar Joe Banks2024-06-07-0/+14
|
* Add host vars for database host to export PostgreSQL logGravatar Joe Banks2024-06-07-0/+4
|
* Extend Alloy configuration to include some default files + extra filesGravatar Joe Banks2024-06-07-0/+27
|
* Update default variables for Alloy with empty extra files listGravatar Joe Banks2024-06-07-0/+2
|
* Update Alloy README to document extra filesGravatar Joe Banks2024-06-07-0/+7
|
* Add Alloy role to all host deployment sectionGravatar Joe Banks2024-06-07-0/+1
|
* Add role to install and template configuration for AlloyGravatar Joe Banks2024-06-07-0/+85
|
* Rename relabelledpods to just podsGravatar Joe Banks2024-06-07-1/+1
| | | | | | | This was a redundant rename and reduced the clarity of jobs when querying from inside Grafana. This rectifies that by renaming the stream to just `pods`.
* Remove become_ask_pass preference from Ansible configurationGravatar Joe Banks2024-06-07-1/+0
|
* Add new sudoers rule for NOPASSWD sudoGravatar Joe Banks2024-06-07-0/+2
|
* Reflect pydis.wtf certificate into Loki namespaceGravatar Joe Banks2024-06-07-2/+2
|
* Add secret for Loki authenticationGravatar Joe Banks2024-06-07-0/+0
|
* Add new Ingress for Loki gatewayGravatar Joe Banks2024-06-07-0/+25
|
* Add loki-gateway.pydis.wtfGravatar Joe Banks2024-06-07-0/+9
|
* Add PostgreSQL user to cert reader groupGravatar Joe Banks2024-06-06-0/+1
|
* Update directory permissions of certbot generated certificatesGravatar Joe Banks2024-06-06-1/+2
|
* use host issued certs for postgres server instead of snakeoil'sGravatar shtlrs2024-06-06-4/+4
|
* Add Metricity manifestGravatar Joe Banks2024-06-06-0/+30
| | | | Copies the Metricity deployment manifest from the Metricity repo.
* Add myself to CODEOWNERSGravatar Joe Banks2024-06-06-0/+3
|
* Switch to using designated placeholder IPv4 for originless recordsGravatar Joe Banks2024-06-06-3/+3
| | | | | | | | | | | | | | We currently used something like 1.2.3.4 or 1.1.1.1 as placeholder IP addresses for DNS records where we ran in "originless" mode (the request is always answered by a Cloudflare Worker or a redirect). This changes that so we use designated reserved IPv4 addresses (192.0.2.0) to capture that traffic instead, ensuring that in no circumstance would we leak traffic to an address like 1.1.1.1 or 1.2.3.4 if there was a Cloudflare misconfiguration. Despite the potential risk vectors here being very small, it's a minor change and also helps us ensure configuration works correctly in the future.
* Set proxied to true for paste recordGravatar Joe Banks2024-06-06-1/+1
|
* Add paste.pydis.wtf record for forwardingGravatar Joe Banks2024-06-06-0/+8
|
* Add tmpfs to King ArthurGravatar Joe Banks2024-06-05-0/+9
|
* Add automatic HBA rules for all users to connect via mTLSGravatar Joe Banks2024-06-04-3/+9
|
* Add devops user accountGravatar Joe Banks2024-06-04-42/+69
|
* Add CA file to postgresql.confGravatar Joe Banks2024-06-04-0/+2
|
* Add pg_ident.conf fileGravatar Joe Banks2024-06-04-1/+18
|
* Install PostgreSQL documentation packageGravatar Johannes Christ2024-06-04-0/+1
|
* Bump ruff from 0.4.5 to 0.4.7 (#342)Gravatar dependabot[bot]2024-06-03-21/+22
| | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.5 to 0.4.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add Bella to git-crypt keyringGravatar Johannes Christ2024-06-02-0/+0
| | | | | | | | | | | | New collaborators: DB1D650A Amrou Bellalouna <[email protected]> The key has been verified and signed by both Joe and me. Chris was MIA but approved it ahead of time. Approved-by: Joe Banks <[email protected]> Approved-by: Chris Lovering <[email protected]>
* Remove PostgreSQL Exporter from KubernetesGravatar Joe Banks2024-06-02-55/+0
|
* Remove Kubernetes PostgreSQL AlertsGravatar Joe Banks2024-06-02-29/+0
|
* Remove Kubernetes PostgreSQL backup from BlackboxGravatar Joe Banks2024-06-02-6/+1
|
* Remove PostgreSQL deployment from KubernetesGravatar Joe Banks2024-06-02-127/+0
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-25 02:12:15 +0000