| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Move all ansible files to their own folder |  Chris Lovering | 2023-08-13 | -795/+0 |
| | | ||||
| * | Serve static files from Turing (#116) |  ChrisJL | 2023-08-12 | -3/+44 |
| | | | | | | | | | | | | | | * Redirect http requests to https * Remove default NGINX site * Remove trailing whitespace from old meeting note * Mount static files * Correct capitalisation of notify directives * Add missing children key to inventory | |||
| * | Remove explicit rrsync server start script | Chris Lovering | 2023-07-24 | -18/+0 |
| | | ||||
| * | Fix ansible-lint errors | chrislovering | 2023-07-24 | -17/+20 |
| | | ||||
| * | Expliticly install geoip nginx module | chrislovering | 2023-07-24 | -0/+1 |
| | | | | | This is no longer included in nginx core in debian 13 | |||
| * | Bump postgres to 15 | chrislovering | 2023-07-24 | -1/+1 |
| | | | | | This is now what's available in debian 13 stable | |||
| * | Enable the default .bashrc for root | chrislovering | 2023-07-24 | -0/+7 |
| | | ||||
| * | Ensure renewal-hooks deploy directory exists before syncing certs | chrislovering | 2023-07-24 | -0/+6 |
| | | ||||
| * | Re-add previous ansible roles | Chris Lovering | 2023-07-24 | -4/+412 |
| | | | | | | | | Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: Johannes Christ <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: MarkKoz <[email protected]> | |||
| * | Remove bad default fail2ban ignore IP | Chris Lovering | 2023-07-24 | -1/+1 |
| | | ||||
| * | Match casing of task handlers |  GDWR | 2023-03-04 | -5/+5 |
| | | | | | Ansible is case sensitive when specifying a handler | |||
| * | Pin dependencies & resolve ansible-lint failures (#79) |  GDWR | 2023-02-22 | -5/+5 |
| | | | | | | | | * Use uppercase for all names * Pin `requirements.txt` versions * Add `dependabot.yml` | |||
| * | Add MOTD and sudo lecture roles (#76) | ChrisJL | 2023-02-08 | -0/+39 |
| | | ||||
| * | Delete roles we won't use with self-hosted k8s | Chris Lovering | 2022-10-18 | -1166/+0 |
| | | ||||
| * | Add auditbeat |  Joe Banks | 2022-03-15 | -0/+158 |
| | | ||||
| * | Return random URL for default server | Joe Banks | 2022-03-15 | -2/+40 |
| | | ||||
| * | Move from sites-enabled to conf.d for Kibana NGINX | Joe Banks | 2022-03-15 | -1/+1 |
| | | ||||
| * | De-duplicate elasticsearch apt repos | Joe Banks | 2022-03-15 | -131/+59 |
| | | ||||
| * | Address ansible-lint concerns | Joe Banks | 2022-03-15 | -4/+8 |
| | | ||||
| * | Add wireguard rule to allow all internal traffic | Joe Banks | 2022-03-15 | -1/+6 |
| | | ||||
| * | Add Packetbeat | Joe Banks | 2022-03-15 | -0/+300 |
| | | ||||
| * | Add Filebeat | Joe Banks | 2022-03-15 | -0/+178 |
| | | ||||
| * | Add Kibana and NGINX config for Kibana | Joe Banks | 2022-03-15 | -0/+100 |
| | | ||||
| * | Add Elasticsearch | Joe Banks | 2022-03-15 | -0/+48 |
| | | ||||
| * | Install and configure fail2ban | Joe Banks | 2022-03-15 | -0/+44 |
| | | ||||
| * | Remove vim modelines | Joe Banks | 2022-03-15 | -11/+1 |
| | | ||||
| * | Capitalise all task names in roles | Joe Banks | 2022-03-15 | -10/+10 |
| | | | | | Makes all role names begin with a capital letter in Ansible roles | |||
| * | Allow HTTP traffic through the firewall | Joe Banks | 2022-03-15 | -2/+2 |
| | | | | | Allow HTTP traffic in addition to HTTPS by switching to the "Nginx Full" ruleset | |||
| * | Update extra SAN | Joe Banks | 2022-03-14 | -1/+1 |
| | | ||||
| * | Force reload on all rsync operations | Joe Banks | 2022-03-14 | -2/+20 |
| | | | | | | | | | Update the forced command in authorized_keys to reload NGINX after termination of the rsync session. This ensures that after key updates complete they will be reloaded and pushed to NGINX. | |||
| * | Add certbot roles | Joe Banks | 2022-03-14 | -0/+123 |
| | | | | | | | | | | | Add a certbot role that generates a certificate on the first host in the NGINX group and then deploys it to all other NGINX hosts. As of now we generate wildcard certs for pythondiscord.com and pydis.wtf. A unique SSH key is generated for each replica host which is restricted for security purposes. A deploy hook is installed to push renewals to other hosts. | |||
| * | Miscellaneous fixes to jumpcloud & NGINX mTLS | Joe Banks | 2022-03-14 | -1/+13 |
| | | ||||
| * | Configure GeoIP for moon phase support |  Johannes Christ | 2022-02-25 | -0/+19 |
| | | | | | | | | | | In order to add moon phase support on the dark theme picker later, we need to configure the GeoIP module included with nginx. On Debian, the `nginx` package that we install installs `nginx-core`, which in turn installs the GeoIP module and even a GeoIP country database for us. | |||
| * | Deploy Prometheus & node-exporter | Johannes Christ | 2022-02-21 | -0/+115 |
| | | | | | To start off, we are only scraping Prometheus itself and node-exporter. | |||
| * | Use builtin NGINX UFW rule name | Johannes Christ | 2022-02-20 | -2/+1 |
| | | | | Co-authored-by: ChrisJL <[email protected]> | |||
| * | Remove subjective linting rules | Johannes Christ | 2022-02-20 | -1/+1 |
| | | ||||
| * | Add nginx deployment | Johannes Christ | 2022-02-20 | -0/+109 |
| | | | | | | | | | | | | Includes documented roles for: - installing nginx & configuring handlers - installing the mTLS certificate for Cloudflare - installing firewall rules They are kept separate for now, for composability. Closes #22. | |||
| * | Add PostUp directive for routing wg subnet | Joe Banks | 2022-02-11 | -0/+2 |
| | | ||||
| * | Add podman role and improve playbook organization | Johannes Christ | 2022-02-05 | -0/+55 |
| | | | | | | | | | This PR adds a new podman role, see #18. The playbook is merged into sections for each group of hosts that we want to deploy to. To limit by role now, use tags, such as `-t role::podman`. | |||
| * | Epand entire dict when adding psql users and databases | Chris Lovering | 2022-01-21 | -7/+2 |
| | | | | | This will allow us to add more key: value pairs in future, without having to update it in two places | |||
| * | Add users and databases to portgres after install | Chris Lovering | 2022-01-21 | -0/+17 |
| | | ||||
| * | Install postgres role | Chris Lovering | 2022-01-21 | -0/+18 |
| | | | | | . | |||
| * | Add basic postgres vars | Chris Lovering | 2022-01-21 | -0/+7 |
| | | ||||
| * | Install UFW |  MarkKoz | 2022-01-11 | -0/+7 |
| | | ||||
| * | Ensure SSH is allowed before setting default deny | MarkKoz | 2022-01-11 | -5/+5 |
| | | | | | | Ansible relies on SSH, so it's good to ensure that's allowed before blocking everything else. | |||
| * | Add basic UFW rules | MarkKoz | 2022-01-11 | -0/+21 |
| | | ||||
| * | Make wireguard port a variable | MarkKoz | 2022-01-11 | -2/+2 |
| | | ||||
| * | Inject extra public keys for DevOps members | Joe Banks | 2022-01-11 | -0/+12 |
| | | ||||
| * | Add handler for reloading WireGuard when config is modified | Joe Banks | 2022-01-11 | -0/+6 |
| | | ||||
| * | Add role for setting up WireGuard mesh network | Joe Banks | 2022-01-11 | -0/+69 |
| | | ||||
 |
index : infra | |
| The PyDis DevOps boiler house, the engine room, where the magic happens. |
| aboutsummaryrefslogtreecommitdiffstats |