| Commit message (Collapse) | Author | Lines | ||
|---|---|---|---|---|
| 2024-07-23 | Migrate pythondiscord.com to using CNAMEs |  Joe Banks | -49/+49 | |
| 2024-07-23 | Migrate all pydis.wtf services to using CNAMEs | Joe Banks | -44/+39 | |
| 2024-07-23 | Split pydis.wtf into multiple zone files | Joe Banks | -23/+32 | |
| 2024-07-23 | Allow zone files to be split across multiple YAML files | Joe Banks | -1/+2 | |
| 2024-07-23 | Remove Turing from Ansible Inventory | Joe Banks | -1/+0 | |
| 2024-07-23 | Always force when dry-running DNS to generate changes | Joe Banks | -0/+1 | |
| 2024-07-23 | Update certificate issuance to group together related certificates | Joe Banks | -4/+5 | |
| We now can use CSV values to group different (but related) SANs into one issued certificate. As an example, when it was migrated in #402, certificates were configured in such a way that certbot attempted to issue one certificate for pydis.wtf and another for *.pydis.wtf, which is obviously not desirable. This restores previous behaviour to group together certificates served from the same NGINX vhost, using some Ansible filters to ensure the `creates` option of the task matches the certbot generated directory. | ||||
| 2024-07-22 | Remove deployments on turing |  Johannes Christ | -52/+13 | |
| Files of the webserver have been migrated over. | ||||
| 2024-07-22 | Disable DNS proxying via CF |  Chris Lovering | -2/+1 | |
| 2024-07-22 | Remove ghost blog | Chris Lovering | -99/+0 | |
| 2024-07-22 | Point blog DNS to netlify | Chris Lovering | -2/+2 | |
| 2024-07-22 | chore(deps): update ghost docker tag to v5.88 |  renovate[bot] | -1/+1 | |
| | datasource | package | from | to | | ---------- | ------- | ---- | ---- | | docker | ghost | 5.87 | 5.88 | | ||||
| 2024-07-21 | Run the LDAP role on the LDAP host in Ansible | Joe Banks | -0/+5 | |
| Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Add a trust store to Keycloak for the IPA generated CA | Joe Banks | -1/+44 | |
| This allows us to authenticate requests to LDAP with LDAPS and ensure a) authenticity and b) security of the transmission. Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Add LDAP role | Joe Banks | -0/+39 | |
| This does not configure the LDAP server but configures the environment and installs the necessary packages, as well as configuring the firewall. Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Template hostname in Alloy to the inventory hostname | Joe Banks | -1/+1 | |
| This maintains previous behaviour in which the hostname would have just been the inventory hostname, but as the hostname is being updated to the FQDN we should explicitly set the inventory_hostname to ensure continuity of logs. Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Remove /etc/hosts alias for FQDN to 127.0.0.1 on hosts | Joe Banks | -1/+0 | |
| Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Don't add limits to LDAP hosts | Joe Banks | -0/+1 | |
| This prevented the IPA installation from completing, presumably because it creates a high number of threads/subprocesses/whatever to get the installation complete. Regardless, with SELinux and other security tools that ship with the Rocky security profile we are on. This should be fine. Limits are not a security risk other than resource exhaustion which is not mission critical here. Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Set hostnames of hosts to FQDNs | Joe Banks | -1/+1 | |
| Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-21 | Add ldap01 host to ldap group | Joe Banks | -0/+3 | |
| Signed-off-by: Joe Banks <[email protected]> | ||||
| 2024-07-20 | fix(deps): update dependency ruff to v0.5.4 | renovate[bot] | -21/+21 | |
| | datasource | package | from | to | | ---------- | ------- | ----- | ----- | | pypi | ruff | 0.5.3 | 0.5.4 | | ||||
| 2024-07-19 | Only template node exporter for Ansible hosts | Joe Banks | -3/+2 | |
| 2024-07-19 | Separate install stage for Emacs in common role | Joe Banks | -8/+18 | |
| 2024-07-19 | Explicitly create sudo group for user creation | Joe Banks | -1/+9 | |
| 2024-07-19 | Update SSH role to handle both Rocky and Debian reloads | Joe Banks | -1/+10 | |
| 2024-07-19 | Update Wireguard to only template for netcup hosts | Joe Banks | -4/+4 | |
| 2024-07-19 | Split netcup services into separate top-level task in playbook | Joe Banks | -2/+6 | |
| 2024-07-19 | Add new ldap01 host | Joe Banks | -0/+6 | |
| 2024-07-19 | Add DNS record for ldap01.box.pydis.wtf | Joe Banks | -9/+18 | |
| 2024-07-18 | fix(deps): update dependency ruff to v0.5.3 | renovate[bot] | -21/+22 | |
| | datasource | package | from | to | | ---------- | ------- | ----- | ----- | | pypi | ruff | 0.5.2 | 0.5.3 | | ||||
| 2024-07-18 | chore(deps): update quay.io/keycloak/keycloak docker tag to v25.0.2 | renovate[bot] | -1/+1 | |
| | datasource | package | from | to | | ---------- | ------------------------- | ------ | ------ | | docker | quay.io/keycloak/keycloak | 25.0.1 | 25.0.2 | | ||||
| 2024-07-18 | Lock poetry.lock lockfile | Joe Banks | -125/+125 | |
| 2024-07-18 | Update node_exporter daemonset to 1.27+ featureset | Joe Banks | -3/+3 | |
| 2024-07-18 | chore(deps): update quay.io/prometheus/node-exporter docker tag to v1.8.2 | renovate[bot] | -1/+1 | |
| | datasource | package | from | to | | ---------- | -------------------------------- | ------ | ------ | | docker | quay.io/prometheus/node-exporter | v1.2.0 | v1.8.2 | | ||||
| 2024-07-18 | chore(deps): update dependency community.general to v9 | renovate[bot] | -1/+1 | |
| | datasource | package | from | to | | ----------------- | ----------------- | ----- | ----- | | galaxy-collection | community.general | 8.6.2 | 9.2.0 | | ||||
| 2024-07-18 | chore(deps): update ansible | renovate[bot] | -2/+2 | |
| | datasource | package | from | to | | ----------------- | ----------------- | ------ | ------ | | galaxy-collection | community.crypto | 2.20.0 | 2.21.0 | | galaxy-collection | community.general | 8.6.2 | 8.6.3 | | ||||
| 2024-07-18 | chore(deps): update poetry | renovate[bot] | -24/+24 | |
| | datasource | package | from | to | | ---------- | ------------ | ------ | ------ | | pypi | ansible-core | 2.17.1 | 2.17.2 | | pypi | ruff | 0.5.1 | 0.5.2 | | ||||
| 2024-07-18 | chore(deps): update ghost docker tag to v5.87 | renovate[bot] | -1/+1 | |
| | datasource | package | from | to | | ---------- | ------- | ---- | ---- | | docker | ghost | 5.78 | 5.87 | | ||||
| 2024-07-16 | Add certbot post deploy hook to reload nginx | Chris Lovering | -1/+15 | |
| 2024-07-16 | Document current redis database usage | Chris Lovering | -0/+7 | |
| 2024-07-16 | Add redis url secret to forms-backend | Chris Lovering | -0/+0 | |
| 2024-07-15 | renovate: always attempt rebase when behind base branch | Joe Banks | -1/+2 | |
| 2024-07-14 | Add Admins to Grafana authorized Team IDs | Joe Banks | -1/+1 | |
| 2024-07-10 | Update dependency ansible-lint to v24.7.0 (#404) | renovate[bot] | -5/+5 | |
| | datasource | package | from | to | | ---------- | ------------ | ------ | ------ | | pypi | ansible-lint | 24.6.1 | 24.7.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> | ||||
| 2024-07-10 | Bump mogno mem requests and limit | Chris Lovering | -2/+2 | |
| 2024-07-07 | Include instructions for killing dependency update mails | Johannes Christ | -0/+4 | |
| 2024-07-07 | Finish meeting notes for today | Johannes Christ | -3/+95 | |
| 2024-07-07 | Update meeting doc to correct date | Chris Lovering | -1/+1 | |
| 2024-07-07 | Add topic points for Flux & polonium | Chris Lovering | -0/+7 | |
| 2024-07-07 | Add topic point regarding finger server | Johannes Christ | -0/+9 | |
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |