| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Whitelist possible LKE addresses to PostgreSQL on lovelace |  Johannes Christ | 2024-04-29 | -8/+26 |
| | | | | | | | | | This allows us to connect to PostgreSQL on lovelace from any possible LKE node location, whilst not opening up our PostgreSQL instances to the world. This has already been rolled out. | |||
| * | Add LKE addresses to group variables | Johannes Christ | 2024-04-29 | -0/+9 |
| | | ||||
| * | Update nftables role | Johannes Christ | 2024-04-29 | -0/+0 |
| | | | | | | The new commit includes automatic validation of the `nft` configuration to ensure that any deployed config is valid. | |||
| * | Remove UFW and make ansible-lint happy | Johannes Christ | 2024-04-29 | -33/+2 |
| | | ||||
| * | Use nftables for firewalling | Johannes Christ | 2024-04-29 | -39/+83 |
| | | | | | | | | | | nftables is the modern replacement for iptables, which ufw uses under the hood. It allows us to specify firewall rules in a simple text file (with as much or as little abstraction as we want) and is quick to update and read. The text-file format allows more liberty with commenting compared to UFW. The existing `ufw` role has been converted to simply remove UFW. This has already been deployed on lovelace. | |||
| * | Connect netcup Prometheus to Kubernetes Alertmanager | Johannes Christ | 2024-04-28 | -1/+3 |
| | | | | | Closes #240. | |||
| * | Document how to use Ansible on Windows (#247) | jchristgit | 2024-04-28 | -4/+9 |
| | | ||||
| * | Use same indent for all fail2ban options | Johannes Christ | 2024-04-27 | -1/+1 |
| | | ||||
| * | Add bellas user |  Chris Lovering | 2024-04-24 | -53/+99 |
| | | ||||
| * | Use Ansible Vault for storing users | Johannes Christ | 2024-04-15 | -1/+3 |
| | | | | | Closes #211. | |||
| * | Update vars to have the role name as a prefix | Chris Lovering | 2024-04-15 | -16/+16 |
| | | ||||
| * | Configure Ansible for user authentication (#213) | jchristgit | 2024-04-14 | -2/+1 |
| | | ||||
| * | Add a users role | Johannes Christ | 2024-04-13 | -0/+31 |
| | | | | | | | | | The new `pydis-users` role allows us to manage user accounts and move away from the root user setup script, eventually locking down SSH access to the root user. Joe, Chris and me have been added as users. | |||
| * | Copy root bashrc from skel | Johannes Christ | 2024-04-12 | -0/+1 |
| | | ||||
| * | Configure SSH daemon options in unit dropin | Johannes Christ | 2024-04-12 | -9/+20 |
| | | | | | | | Disable password authentication and root logins and use a configuration file that is independent of the `sshd_config` that `apt` itself will modify on upgrades. | |||
| * | Install unattended-upgrades on our nodes | Johannes Christ | 2024-04-12 | -0/+8 |
| | | ||||
| * | Move requirements to poetry | Chris Lovering | 2023-08-13 | -4/+0 |
| | | ||||
| * | Add a basic README for the ansible folder | Chris Lovering | 2023-08-13 | -0/+17 |
| | | ||||
| * | Move all ansible files to their own folder | Chris Lovering | 2023-08-13 | -0/+1101 |
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |