| Commit message (Collapse) | Author | Age | Lines | ||
|---|---|---|---|---|---|
| ... | |||||
| * | postfix: run received messages through opendmarc |  Joe Banks | 2024-07-31 | -2/+2 | |
| | | |||||
| * | dmarc: add opendmarc role | Joe Banks | 2024-07-31 | -0/+74 | |
| | | |||||
| * | dkim: add documentation on opendkim role | Joe Banks | 2024-07-31 | -0/+35 | |
| | | |||||
| * | dkim: enable dkim milter | Joe Banks | 2024-07-31 | -0/+3 | |
| | | |||||
| * | dkim: run opendkim role on mail hosts | Joe Banks | 2024-07-31 | -0/+1 | |
| | | |||||
| * | dkim: add opendkim role | Joe Banks | 2024-07-31 | -0/+133 | |
| | | |||||
| * | spf: run inbound mail through policyd-spf filter | Joe Banks | 2024-07-31 | -2/+9 | |
| | | |||||
| * | postfix: add handler to restart postfix | Joe Banks | 2024-07-31 | -0/+5 | |
| | | |||||
| * | spf: add policyd-spf to validate SPF of inbound mail | Joe Banks | 2024-07-31 | -1/+43 | |
| | | |||||
| * | postfix: add group email to alias maps and relay recipients | Joe Banks | 2024-07-31 | -0/+2 | |
| | | |||||
| * | ldap: handle group-directed email | Joe Banks | 2024-07-31 | -0/+13 | |
| | | |||||
| * | postfix: add new aliases to relay restrictions and alias maps | Joe Banks | 2024-07-31 | -3/+5 | |
| | | |||||
| * | postfix: add variable for postmaster email | Joe Banks | 2024-07-31 | -0/+2 | |
| | | |||||
| * | postfix: template virtual address table and regenerate on changes | Joe Banks | 2024-07-31 | -0/+13 | |
| | | |||||
| * | postfix: add handler for regenerating aliases | Joe Banks | 2024-07-31 | -0/+4 | |
| | | |||||
| * | postfix: add alias table for manual aliases | Joe Banks | 2024-07-31 | -0/+7 | |
| | | |||||
| * | postfix: remove unused alias map | Joe Banks | 2024-07-31 | -2/+0 | |
| | | |||||
| * | postfix: add tasks to configure postfix server | Joe Banks | 2024-07-31 | -2/+49 | |
| | | |||||
| * | postfix: allow access to certificates | Joe Banks | 2024-07-31 | -0/+1 | |
| | | |||||
| * | postfix: add firewall rules | Joe Banks | 2024-07-31 | -0/+18 | |
| | | |||||
| * | postfix: add reload handlers | Joe Banks | 2024-07-31 | -0/+5 | |
| | | |||||
| * | postfix: add variables and vault | Joe Banks | 2024-07-31 | -0/+15 | |
| | | |||||
| * | ldap: add ldap configuration files to postfix | Joe Banks | 2024-07-31 | -0/+33 | |
| | | |||||
| * | postfix: add main.cf file | Joe Banks | 2024-07-31 | -0/+47 | |
| | | |||||
| * | Move mail hosts to dedicated group | Joe Banks | 2024-07-31 | -1/+8 | |
| | | |||||
| * | postfix: deploy postfix instead of opensmtpd |  Johannes Christ | 2024-07-31 | -48/+8 | |
| | | | | | Per discussion in the PR, we have more experience with Postfix on deck. | ||||
| * | Install a local MTA | Johannes Christ | 2024-07-31 | -0/+48 | |
| | | | | | | | | Allow services and users on lovelace to exchange local mail messages. Later, we will want to expand the service to consolidate service mails or perhaps even allow forwarding e-mails to Python Discord e-mails via LDAP. | ||||
| * | Prevent search engines from finding Joe's achievements | Johannes Christ | 2024-07-30 | -0/+2 | |
| | | |||||
| * | Fix typo in NGINX configuration | Johannes Christ | 2024-07-30 | -0/+10 | |
| | | |||||
| * | Add polonium db and user/password |  Chris Lovering | 2024-07-26 | -49/+70 | |
| | | |||||
| * | Don't deploy pydis-users role to Rocky | Joe Banks | 2024-07-26 | -1/+1 | |
| | | |||||
| * | Install epel-release and tools on Rocky hosts | Joe Banks | 2024-07-25 | -0/+10 | |
| | | |||||
| * | chore(deps): update dependency community.crypto to v2.21.1 (#405) |  renovate[bot] | 2024-07-24 | -1/+1 | |
| | | | | | | | | | datasource | package | from | to | | ----------------- | ---------------- | ------ | ------ | | galaxy-collection | community.crypto | 2.21.0 | 2.21.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> | ||||
| * | Remove Turing from fail2ban | Joe Banks | 2024-07-23 | -1/+1 | |
| | | |||||
| * | Remove Turing from Ansible Inventory | Joe Banks | 2024-07-23 | -1/+0 | |
| | | |||||
| * | Update certificate issuance to group together related certificates | Joe Banks | 2024-07-23 | -4/+5 | |
| | | | | | | | | | | | | | | | We now can use CSV values to group different (but related) SANs into one issued certificate. As an example, when it was migrated in #402, certificates were configured in such a way that certbot attempted to issue one certificate for pydis.wtf and another for *.pydis.wtf, which is obviously not desirable. This restores previous behaviour to group together certificates served from the same NGINX vhost, using some Ansible filters to ensure the `creates` option of the task matches the certbot generated directory. | ||||
| * | Remove deployments on turing | Johannes Christ | 2024-07-22 | -37/+12 | |
| | | | | | Files of the webserver have been migrated over. | ||||
| * | Run the LDAP role on the LDAP host in Ansible | Joe Banks | 2024-07-21 | -0/+5 | |
| | | | | | Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Add LDAP role | Joe Banks | 2024-07-21 | -0/+39 | |
| | | | | | | | | This does not configure the LDAP server but configures the environment and installs the necessary packages, as well as configuring the firewall. Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Template hostname in Alloy to the inventory hostname | Joe Banks | 2024-07-21 | -1/+1 | |
| | | | | | | | | | | This maintains previous behaviour in which the hostname would have just been the inventory hostname, but as the hostname is being updated to the FQDN we should explicitly set the inventory_hostname to ensure continuity of logs. Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Remove /etc/hosts alias for FQDN to 127.0.0.1 on hosts | Joe Banks | 2024-07-21 | -1/+0 | |
| | | | | | Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Don't add limits to LDAP hosts | Joe Banks | 2024-07-21 | -0/+1 | |
| | | | | | | | | | | | | | | This prevented the IPA installation from completing, presumably because it creates a high number of threads/subprocesses/whatever to get the installation complete. Regardless, with SELinux and other security tools that ship with the Rocky security profile we are on. This should be fine. Limits are not a security risk other than resource exhaustion which is not mission critical here. Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Set hostnames of hosts to FQDNs | Joe Banks | 2024-07-21 | -1/+1 | |
| | | | | | Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Add ldap01 host to ldap group | Joe Banks | 2024-07-21 | -0/+3 | |
| | | | | | Signed-off-by: Joe Banks <[email protected]> | ||||
| * | Only template node exporter for Ansible hosts | Joe Banks | 2024-07-19 | -3/+2 | |
| | | |||||
| * | Separate install stage for Emacs in common role | Joe Banks | 2024-07-19 | -8/+18 | |
| | | |||||
| * | Explicitly create sudo group for user creation | Joe Banks | 2024-07-19 | -1/+9 | |
| | | |||||
| * | Update SSH role to handle both Rocky and Debian reloads | Joe Banks | 2024-07-19 | -1/+10 | |
| | | |||||
| * | Update Wireguard to only template for netcup hosts | Joe Banks | 2024-07-19 | -4/+4 | |
| | | |||||
| * | Split netcup services into separate top-level task in playbook | Joe Banks | 2024-07-19 | -2/+6 | |
| | | |||||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |