merwyn
/
infra
forked from AFPy/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
236 Commits 1 Branch 0 Tags 723 KiB
Commit Graph

89 Commits

Author SHA1 Message Date
Julien Palard 8ab6c25d89
discourse: FIX: Also allow 21m in dockerized nginx. 
So there's 3 place to configure max upload body size:
- Discourse settings (Via admin web interface)
- Host nginx (via Ansible)
- Guest nginx (Via app.yml)
 2023-02-14 16:11:35 +01:00
Julien Palard a0fdfa969d
On Debian, munin-cgi-graph is expected to run as www-data. 
Proof: the graph cleaning cron is ran as www-data.
 2023-02-14 09:26:20 +01:00
Julien Palard 2cb12d55d1
nginx: Unifying logs, we're at 600+ files in /var/log/nginx, it's unusable. 2023-02-13 23:33:35 +01:00
Julien Palard a45cbbefcd
Hello HTTP/2 2023-02-13 22:40:47 +01:00
Julien Palard 9281b475f7
Hello unattended upgrades. 2023-02-13 22:36:15 +01:00
Julien Palard 67e06bfaff
Munin: Restart munin-node after adding a plugin. 2023-02-13 21:41:20 +01:00
Julien Palard d2d67b066b
Munin: I would love for this to work. 
But: https://github.com/munin-monitoring/munin/issues/1514
 2023-02-13 14:28:05 +01:00
Julien Palard 57494ec363
Munin: Update IPs (the one for hkis04 was wrong) 2023-02-13 14:27:23 +01:00
Julien Palard 9eb3582e39
Munin: Don't redraw graphs every 5mn, we don't look at them that often. 2023-02-13 10:49:21 +01:00
Julien Palard 308b6c2844
munin-node apt_all update yields errors. 
Like:

E: The value 'bookworm-backports' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'bookworm-security' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'bookworm-updates' is invalid for APT::Default-Release as
such a release is not available in the sources

But anyway « The plugin does not support this anymore. » : bc6450d8eb
 2023-02-13 00:04:16 +01:00
Julien Palard b72753ded9
Ohh, it's handled by the munin package itself ♥. 2023-02-12 23:05:07 +01:00
Julien Palard 5f76ae341b
exim: Disable IPv6 to avoid unavoidable blocklists. 
See 889b5aa425.
 2023-02-12 09:46:09 +01:00
Julien Palard ac13dd5a8b
A very specific PATH here can break other crons (like munin). 2023-02-01 21:57:33 +01:00
Julien Palard 2e41276910
Add self as a email alias for root. 2023-02-01 16:16:02 +01:00
Julien Palard 4bf259b213
Hello munin.afpy.org. 2023-02-01 16:15:12 +01:00
Julien Palard 5edae03972
Moving Discourse to its own VPS. 
The disk starts to approch 90% on deb2.

Also Discourse is huge, I do no longer feel like sharing the same
machine that so many other things (it was OK when our Discourse was
just a small test).
 2023-02-01 00:06:28 +01:00
Julien Palard b753acc41f
It's 2023 after all. 21MB ought to be enough for anybody. 2023-01-30 22:02:11 +01:00
Julien Palard 889b5aa425
Send emails using IPv4 due to Gandi not prividing whole /64. 
SpamHaus expect the IPv6 /64 to be owned by the same entity.

This is not the case for Gandi VPS that are provided with a single
IPv6.

Gandi is working on it, they want to provide /64 to organisations, but
it's not ready yet.

In the meantime we're blocked by spamhaus since a few days on both the
/64 used by git.afpy.org and the /64 used by discuss.afpy.org.

So as a trash fix I propose sending emails using IPv4.
 2023-01-17 10:04:26 +01:00
Julien Palard 3d7bc235b1
s/include/include_task/ 2023-01-13 17:41:00 +01:00
Julien Palard b2af1120f9
Update SSL config. 
While proofreading the config, and checking if it was up to date
according to:

- Mozilla recommandations
- SSLtest
- testssl.sh

I spotted an issue in the HSTS header:

$ curl -I https://afpy.org
[...]
Strict-Transport-Security: max-age=63072000; always

the `always` part is an nginx config token, not a cookie value.

So I simplified the conf so we can more easily copy/paste from Mozilla
generator, which obviously removed the bug.
 2023-01-13 17:16:49 +01:00
Julien Palard 4a35896c24
Allow smaller RSA keys. 2022-12-05 12:51:09 +01:00
Julien Palard 63f31d44c5
Don't show user emails to avoid basic scrappers seeing them. 2022-12-01 10:31:41 +01:00
Julien Palard a0622f6c64
gitea: Allow wheels, but with a limit. 2022-11-30 12:07:55 +01:00
Julien Palard f9652e04fa
Procédure de restauration de sauvegarde sur git.afpy.org 2022-11-29 16:46:16 +01:00
Julien Palard 4b4e7c352a
psql needs to be restarted to see freshly added locales. 2022-11-20 22:03:38 +01:00
Julien Palard c2fbdbeed9
FIX: error in when statement. 2022-11-20 21:59:08 +01:00
Julien Palard 8990a305f4
gitea: Enable push-to-create I love this feature. 2022-11-18 15:38:57 +01:00
Julien Palard b31c8d95e3
Enable reStructuredText rendering. 2022-11-17 21:27:41 +01:00
Julien Palard eb4808516d
On upgrade, Discourse can return 500 errors too. 2022-11-09 00:25:41 +01:00
Julien Palard 429bb00525
nginx role: allow to choose certbot authenticator. 2022-10-23 11:24:31 +02:00
Julien Palard 03c21e4f57
gitea: CAPTCHA hurt accessibility. 2022-10-19 14:43:26 +02:00
Julien Palard 233b6c59a8
gitea: It can be usefull to receive email notifications. 2022-10-19 14:41:32 +02:00
Julien Palard ef4166afbc
Pas bientôt. 2022-10-18 19:07:53 +02:00
Julien Palard 06b4e95b7d
Opening https://git.afpy.org. 2022-10-18 19:03:09 +02:00
Julien Palard e01acffd96
git.afpy.org: CGU. 2022-10-18 19:01:35 +02:00
Julien Palard 7c0feb42e8
Gitea: documenting the hardware, backup, restore, and upgrade. 2022-10-15 18:34:20 +02:00
Julien Palard b27195c0e7
Forgot gitea in rsnapshotted hosts. More rsnapshot verbosity can't hurt. 2022-10-10 16:02:24 +02:00
Julien Palard 270a848628
Tell about gitea fingerprint (I'm bad at HTML). 2022-10-09 23:06:52 +02:00
Julien Palard a48fb10a30
Backuping gitea. 2022-10-09 23:06:34 +02:00
Julien Palard 9027703db8
gitea: FIX email domain in config. 2022-10-09 21:40:42 +02:00
Julien Palard c956b5ab08
gitea: personalized home and logos. 2022-10-07 19:12:28 +02:00
Julien Palard c5e4d2de3f
gitea: Split to a role. 2022-10-07 17:01:40 +02:00
Julien Palard 89c9bbf7b5
Avoid common to overwrite rsnapshot key. 2022-10-01 12:20:18 +02:00
Julien Palard 7c1c464316
Discourse: Setup a nice error page during upgrades. 2022-09-30 14:08:52 +02:00
Julien Palard 47452f07f2
Configure /etc/hosts as expected by Debian. 
cf. https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution
 2022-09-30 14:07:57 +02:00
Julien Palard 861af29c7d
Set client_max_body_size to 4m to match Discourse configuration. 2022-09-30 10:55:57 +02:00
Julien Palard f6f700c02e
Ensure nginx is reloaded when a certificate is renewed. 2022-08-03 10:32:15 +02:00
Julien Palard e7b4e59216
dl.afpy.org (/var/www/dl.afpy.org) is another file system. 2022-07-05 13:29:28 +02:00
Julien Palard 7d4bae27ce
Try to fix renewal issue for fr.pycon.fr, see #33. 2022-06-19 22:36:57 +02:00
Pilou ab4bdfe3b2
Install man & needrestart packages (#31) 
Co-authored-by: Pierre-Louis Bonicoli <pierre-louis@ir5.eu>
 2022-03-21 14:12:02 +01:00