merwyn
/
infra
forked from AFPy/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
236 Commits 1 Branch 0 Tags 723 KiB
Commit Graph

236 Commits

Author SHA1 Message Date
Florian Guillet 7658471f1f dl: Add myself to dl and add corresponding ssh keys 2023-02-15 12:12:48 +01:00
Julien Palard 2ffb56a40c
dl.afpy.org: To A+ in Mozilla Observatory. 2023-02-14 18:23:46 +01:00
Julien Palard a838ed6fa3
dl.afpy.org: Content Security Poilicy. 2023-02-14 16:20:38 +01:00
Julien Palard 8ab6c25d89
discourse: FIX: Also allow 21m in dockerized nginx. 
So there's 3 place to configure max upload body size:
- Discourse settings (Via admin web interface)
- Host nginx (via Ansible)
- Guest nginx (Via app.yml)
 2023-02-14 16:11:35 +01:00
Julien Palard a0fdfa969d
On Debian, munin-cgi-graph is expected to run as www-data. 
Proof: the graph cleaning cron is ran as www-data.
 2023-02-14 09:26:20 +01:00
Julien Palard 2cb12d55d1
nginx: Unifying logs, we're at 600+ files in /var/log/nginx, it's unusable. 2023-02-13 23:33:35 +01:00
Julien Palard a45cbbefcd
Hello HTTP/2 2023-02-13 22:40:47 +01:00
Julien Palard 9281b475f7
Hello unattended upgrades. 2023-02-13 22:36:15 +01:00
Julien Palard 67e06bfaff
Munin: Restart munin-node after adding a plugin. 2023-02-13 21:41:20 +01:00
Julien Palard d2d67b066b
Munin: I would love for this to work. 
But: https://github.com/munin-monitoring/munin/issues/1514
 2023-02-13 14:28:05 +01:00
Julien Palard 57494ec363
Munin: Update IPs (the one for hkis04 was wrong) 2023-02-13 14:27:23 +01:00
Julien Palard 572c913437
There's only 2 cores on the machine. 2023-02-13 12:04:41 +01:00
Julien Palard 9eb3582e39
Munin: Don't redraw graphs every 5mn, we don't look at them that often. 2023-02-13 10:49:21 +01:00
Julien Palard 308b6c2844
munin-node apt_all update yields errors. 
Like:

E: The value 'bookworm-backports' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'bookworm-security' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'bookworm-updates' is invalid for APT::Default-Release as
such a release is not available in the sources

But anyway « The plugin does not support this anymore. » : bc6450d8eb
 2023-02-13 00:04:16 +01:00
Julien Palard b72753ded9
Ohh, it's handled by the munin package itself ♥. 2023-02-12 23:05:07 +01:00
Julien Palard 5f76ae341b
exim: Disable IPv6 to avoid unavoidable blocklists. 
See 889b5aa425.
 2023-02-12 09:46:09 +01:00
Julien Palard ac13dd5a8b
A very specific PATH here can break other crons (like munin). 2023-02-01 21:57:33 +01:00
Julien Palard 29b7d1e926
We do no longer have pydocteur, but we have munin now. 2023-02-01 18:04:52 +01:00
Julien Palard 2e41276910
Add self as a email alias for root. 2023-02-01 16:16:02 +01:00
Julien Palard 4bf259b213
Hello munin.afpy.org. 2023-02-01 16:15:12 +01:00
Julien Palard b3c765e67b
Documenting discourse1.afpy.org 2023-02-01 08:28:20 +01:00
Julien Palard 318dd0ffbf
Hello woodpecker. 2023-02-01 00:18:00 +01:00
Julien Palard 5edae03972
Moving Discourse to its own VPS. 
The disk starts to approch 90% on deb2.

Also Discourse is huge, I do no longer feel like sharing the same
machine that so many other things (it was OK when our Discourse was
just a small test).
 2023-02-01 00:06:28 +01:00
Julien Palard b753acc41f
It's 2023 after all. 21MB ought to be enough for anybody. 2023-01-30 22:02:11 +01:00
Julien Palard e71300e390
For the schedule iframe. 2023-01-29 21:23:21 +01:00
Julien Palard 204aaf059c
pycon.fr: To A+ on mozilla observatory. 2023-01-18 23:46:45 +01:00
Julien Palard 889b5aa425
Send emails using IPv4 due to Gandi not prividing whole /64. 
SpamHaus expect the IPv6 /64 to be owned by the same entity.

This is not the case for Gandi VPS that are provided with a single
IPv6.

Gandi is working on it, they want to provide /64 to organisations, but
it's not ready yet.

In the meantime we're blocked by spamhaus since a few days on both the
/64 used by git.afpy.org and the /64 used by discuss.afpy.org.

So as a trash fix I propose sending emails using IPv4.
 2023-01-17 10:04:26 +01:00
Julien Palard 3d7bc235b1
s/include/include_task/ 2023-01-13 17:41:00 +01:00
Julien Palard b2af1120f9
Update SSL config. 
While proofreading the config, and checking if it was up to date
according to:

- Mozilla recommandations
- SSLtest
- testssl.sh

I spotted an issue in the HSTS header:

$ curl -I https://afpy.org
[...]
Strict-Transport-Security: max-age=63072000; always

the `always` part is an nginx config token, not a cookie value.

So I simplified the conf so we can more easily copy/paste from Mozilla
generator, which obviously removed the bug.
 2023-01-13 17:16:49 +01:00
Julien Palard 27e9a4b749
Checking backups. 2023-01-02 16:30:03 +01:00
Julien Palard f3d006bd3b
Bump gitea. 2022-12-26 15:40:46 +01:00
Julien Palard 3f16506e57
Checking backups. Yes we have a backup of PonyConf. 2022-12-14 15:34:38 +01:00
Julien Palard 4a35896c24
Allow smaller RSA keys. 2022-12-05 12:51:09 +01:00
Julien Palard 63f31d44c5
Don't show user emails to avoid basic scrappers seeing them. 2022-12-01 10:31:41 +01:00
Julien Palard a0622f6c64
gitea: Allow wheels, but with a limit. 2022-11-30 12:07:55 +01:00
Julien Palard 13a14bf70f
PonyConf: Tell Django when the request is from HTTPS. 2022-11-30 11:21:31 +01:00
Julien Palard ea39c0eb41
Ponyconf can now read emails. 2022-11-29 16:46:34 +01:00
Julien Palard f9652e04fa
Procédure de restauration de sauvegarde sur git.afpy.org 2022-11-29 16:46:16 +01:00
Julien Palard 4b4e7c352a
psql needs to be restarted to see freshly added locales. 2022-11-20 22:03:38 +01:00
Julien Palard c2fbdbeed9
FIX: error in when statement. 2022-11-20 21:59:08 +01:00
Julien Palard 8990a305f4
gitea: Enable push-to-create I love this feature. 2022-11-18 15:38:57 +01:00
Julien Palard b31c8d95e3
Enable reStructuredText rendering. 2022-11-17 21:27:41 +01:00
Julien Palard 8a9236c76f
Add self to list of people authorized to publish afpy.org. 2022-11-17 11:40:58 +01:00
Bruno Bonfils 2810791472 Update token for discord bot 2022-11-10 14:59:34 +01:00
Julien Palard eb4808516d
On upgrade, Discourse can return 500 errors too. 2022-11-09 00:25:41 +01:00
Julien Palard 7b8a4ba00a
Hello photos.afpy.org. 2022-11-08 23:49:54 +01:00
Julien Palard 36caeff6fc
pycon.fr/2023 is up and running. 2022-11-04 21:34:58 +01:00
Julien Palard 898514a96e
Checking backups. 2022-11-01 20:55:36 +01:00
Julien Palard 603228045e
Showcasing PonyConf for roscon. 2022-10-23 11:25:00 +02:00
Julien Palard 429bb00525
nginx role: allow to choose certbot authenticator. 2022-10-23 11:24:31 +02:00