aboutsummaryrefslogtreecommitdiffstats
path: root/ansible (follow)
Commit message (Collapse)AuthorAgeLines
* Add all accepted mail domains to SRS exclude configurationGravatar Joe Banks2024-09-03-0/+21
| | | | | | | | | | | | | | We don't want to rewrite the envelopes of mail that is from a valid domain of our mailserver (e.g. pydis.com or int.pydis.wtf), but by default PostSRSD will rewrite anything that is not the `mydomain` configuration variable of Postfix (which is just set to `pydis.wtf` for us). This change updates the environment defaults for PostSRSD to ensure that we don't change any envelopes that don't need to be changed, as well as ensuring that to end mailservers the DKIM and SPF checks are made against the actual domain (e.g. int.pydis.wtf) instead of the rewritten envelope.
* Appease the documentation dictatorGravatar Joe Banks2024-09-03-4/+9
|
* Update postfix main.cf to pass through new conditional SRS rewriterGravatar Joe Banks2024-09-03-2/+2
|
* Add new postfix sub-services for conditional SRS rewritingGravatar Joe Banks2024-09-03-0/+23
|
* Create new sender canonical map template for SRSGravatar Joe Banks2024-09-03-0/+5
| | | | | | This template returns the address verbatim if it's a local domain else it returns nothing. Based on this, we can use these addresses for SRS, it will either use the verbatim address or pass onto SRSd for a rewrite.
* Clean up mail script after feeding it to atGravatar Johannes Christ2024-09-03-0/+1
|
* Send raw date to Fredrick vacation scriptGravatar Johannes Christ2024-09-03-2/+4
| | | | | | Allows to add the timezone to it to properly determine local sender time and Fredrick's current time (if he's travelling within his home country, that is).
* Fix Jitsi SASL authenticationGravatar Joe Banks2024-09-03-4/+4
| | | | | | | | | | | | | | Why doesn't it support quotes? Why doesn't it support quotes? Why doesn't it support quotes? Why doesn't it support quotes? Why doesn't it support quotes? Why doesn't it support quotes?
* More cgitrc modificationsGravatar Joe Banks2024-09-03-0/+3
| | | | THERE ARE SO MANY OPTIONS! I LOVE CGIT!!!!
* Correct handler names in Dovecot roleGravatar Joe Banks2024-09-03-2/+2
|
* Change all templates to use {{ ansible_managed }}Gravatar Joe Banks2024-09-03-38/+38
|
* Set ansible_managed for use in templatesGravatar Joe Banks2024-09-03-0/+2
|
* Delay Fredrick vacation script replies by 10 minutesGravatar Johannes Christ2024-09-03-1/+21
| | | | | | Untested. We should expand this (later) such that when an e-mail is sent outside of Fredrick's regular working hours, the script (like Fredrick) needs more time to get back to you, since he needs to practice his Qi.
* Include sender date as a unix timestampGravatar Johannes Christ2024-09-03-1/+5
|
* Add top posting to vacation scriptGravatar Johannes Christ2024-09-03-0/+9
|
* Add tag for rolling out service scriptsGravatar Johannes Christ2024-09-03-0/+2
|
* Update variable reference for Fredrick vacation scriptGravatar Johannes Christ2024-09-03-1/+1
|
* Have Fredrick's vacation tool CC in DevOpsGravatar Johannes Christ2024-09-03-2/+1
|
* Add transport rules for FredrickGravatar Joe Banks2024-09-03-0/+5
|
* Add Fredrick API handler scriptGravatar Joe Banks2024-09-03-0/+54
|
* Add variables for Fredrick APIGravatar Joe Banks2024-09-03-7/+12
|
* Migrate service scripts from files to templatesGravatar Joe Banks2024-09-03-5/+17
|
* Treat NGINX responses as UTF-8Gravatar Joe Banks2024-09-02-0/+19
| | | | | | | | | Some sites that had non-ASCII characters rendered weirdly because our NGINX configuration was not returning a default charset and so rendering was being left up to browser/standards defaults. This change adds a new config file to /etc/nginx/conf.d/ which forces responses to be interpreted as/transformed to UTF-8.
* Pleasure the style dictatorGravatar Johannes Christ2024-09-01-1/+2
| | | | | See https://github.com/python-discord/infra/pull/524#issuecomment-2323385510.
* Update Ansible lint config to ignore Jinja spacing ruleGravatar Joe Banks2024-09-01-0/+2
| | | | | Also ignore the promethues-postgres-exporter which is a submodule and is not subject to our lint rules
* Override runtime directory permissionsGravatar Johannes Christ2024-09-01-0/+23
|
* Swap saslauthd to mount outside of postfixGravatar Johannes Christ2024-09-01-2/+5
| | | | Closes #474.
* Add missing task for sasl roleGravatar Johannes Christ2024-09-01-0/+10
|
* noqa variable naming on dmarc_metrics_exporter taskGravatar Joe Banks2024-08-31-8/+7
|
* Skip ansible lint on DMARC metrics exporter roleGravatar Joe Banks2024-08-31-0/+1
|
* Explicitly set become: true on DMARC sieve compilation handlerGravatar Joe Banks2024-08-31-0/+1
|
* Add DMARC exporter to Prometheus scrape targetsGravatar Joe Banks2024-08-31-0/+7
|
* Run DMARC inbox setup and dmarc_metrics_exporter role on mail hostsGravatar Joe Banks2024-08-31-0/+25
|
* Add tasks to template and enable DMARC inbox sieve filterGravatar Joe Banks2024-08-31-0/+39
|
* Add new DMARC inbox sieve filterGravatar Joe Banks2024-08-31-0/+7
|
* Add dmarc_metrics_exporter role requirementGravatar Joe Banks2024-08-31-0/+4
|
* Update munin-node config template to allow scraping from any hostGravatar Joe Banks2024-08-30-1/+8
|
* Add scraping config to munin master against all Ansible hostsGravatar Joe Banks2024-08-30-4/+8
|
* Create a new firewalld zone for Wireguard interface on Rocky hostsGravatar Joe Banks2024-08-30-0/+19
|
* Setup firewall rule for Rocky hosts in munin-nodeGravatar Joe Banks2024-08-30-0/+12
|
* Add Munin port 4949 to wireguard allow list for nftables hostsGravatar Joe Banks2024-08-30-0/+3
|
* Add new firewalld role for shared reload handlerGravatar Joe Banks2024-08-30-0/+6
|
* Add standalone munin-node roleGravatar Johannes Christ2024-08-30-90/+105
|
* Update templated WireGuard configGravatar Joe Banks2024-08-30-1/+2
| | | | | Include a missing PreDown task to remove the local routes we add as well as including all hosts in the inventory instead of just netcup hosts.
* Set packages to install for Wireguard by distributionGravatar Joe Banks2024-08-30-7/+11
|
* Move wireguard role to run on all hostsGravatar Joe Banks2024-08-30-1/+1
|
* Add Wireguard subnet to ldap01Gravatar Joe Banks2024-08-30-0/+1
|
* Implement dovecot mail plugin, configure limitsGravatar Johannes Christ2024-08-30-73/+165
| | | | | | | | | This also moves custom plugins into the `roles/munin/templates/plugins` directory, which should hopefully be easier to maintain than the existing inline dictionary. The only issue is that now it is a bit harder to deal with the filepaths. This change has already been deployed.
* Feed Dovecot maildir stats into PrometheusGravatar Johannes Christ2024-08-30-1/+95
| | | | | | | | | | | | | | | | Already deployed on lovelace. I was going to leave out script deployment and just write it inline, but YAML folding of long lines (and unreadability of 200 column-wide AWk scripts, to be honest) made it a bit bad. The e-mail for DevOps cron failure reports is updated to include `+cron` to allow for client-side filtering, if necessary. To test: `ssh -L localhost:9090:localhost:9090 lovelace.box.pydis.wtf`, then check out the `dovecot_` variables in the UI. We might want to further check out Dovecot's built-in statistics support, see https://doc.dovecot.org/2.3/configuration_manual/stats/.
* Remove unnecessary & faulty LDAP user attribute mappingGravatar Joe Banks2024-08-30-1/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 20:54:15 +0000