Evangelos Foutras
a9e0790f53
Remove the three dashes from all YAML documents
...
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
2022-06-08 14:35:45 +03:00
Evangelos Foutras
b4d60ae2f6
Move highly sensitive secrets to new "super" vault
...
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
2022-05-07 17:45:19 +03:00
Kristian Klausen
7da1e273fc
Cleanup tools
...
Fix #392
2021-10-02 14:45:02 +02:00
Jan Alexander Steffens (heftig)
481033af57
matrix: Update synapse to 1.40.0
2021-08-10 21:49:51 +02:00
Kristian Klausen
2304dc5caa
Split the postfix role into a role for mail.a.o and the clients
...
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
2021-07-16 20:02:05 +02:00
Kristian Klausen
664deb67ab
WireGuard all hosts
...
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
2021-07-06 20:58:15 +00:00
Jan Alexander Steffens (heftig)
652185f380
matrix: Retune memory use a bit
...
Give more memory to the apps and less to postgres.
2021-06-01 18:44:21 +02:00
Kristian Klausen
7235e726d6
Implement centralized logging
...
Fix #263
2021-04-08 20:33:43 +02:00
Kristian Klausen
b941a133fb
Remove unbound from most systems
...
unbound is only used if dns_servers is explicit set to 127.0.0.1, which
isn't the case for any of these systems.
Fix #234
2021-04-07 20:01:39 +00:00
Jan Alexander Steffens (heftig)
458217f45d
matrix: Raise postgres_effective_cache_size
...
Seems we run at about 5GB of cache. Let postgres assume it gets 4GB.
2020-12-12 13:36:41 +01:00
Jan Alexander Steffens (heftig)
a631466739
matrix: Retune PostgreSQL again
...
Bump the mem settings higher again, now that we know they're not the
cause. Also increase the maximum connection count.
2020-12-12 12:51:54 +01:00
Jan Alexander Steffens (heftig)
c7e3446bae
postgres: Set `jit = off` on matrix.archlinux.org
...
This seems to be the cause for our memory leak.
https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
2020-12-12 12:51:53 +01:00
Jan Alexander Steffens (heftig)
c12ce1ab1f
matrix: Reduce postgres_maintenance_work_mem
...
Still seeing PostgreSQL session processes eating over 600M of private
memory. What's going on?
2020-12-08 17:51:33 +01:00
Jelle van der Waa
5aacd09f12
Monitor all hosts with prometheus
2020-11-21 22:13:31 +01:00
Jan Alexander Steffens (heftig)
f5667a0ff2
matrix: Adjust PostgreSQL tuning some more
...
Less work_mem because this explodes easily. It's per-operation, which a
query can have multiple of, and also across multiple worker threads.
More shared_buffers and effective_cache_size as these are global.
2020-11-14 00:47:05 +01:00
Jan Alexander Steffens (heftig)
ba1f1a5b11
matrix.archlinux.org: Reduce PostgreSQL memory usage
...
It ran out of memory, with Postgres using a lot of RSS.
2020-11-10 23:39:34 +01:00
Jelle van der Waa
1c94b5fe1e
Update playbooks for new mail server
2020-10-24 18:09:26 +02:00
Jelle van der Waa
2be002b112
Remove zabbix-agent role everywhere
...
We switched for monitoring to prometheus so zabbix-agent is unwanted and
we don't want to accidently deploy it again.
2020-09-12 17:22:09 +02:00
Frederik Schwan
04b2e3b1e0
fix E106 'Role name <role> does not match ``^[a-z][a-z0-9_]+$`` pattern'
2020-08-27 05:29:00 +00:00
Sven-Hendrik Haase
fb75cf7c5c
Remove a lot of unnecessary tags that are already added by auto_tags.py
2020-06-17 06:00:22 +02:00
Jan Alexander Steffens (heftig)
293f7277ad
matrix.archlinux.org: Support sending emails again
2020-05-28 23:38:12 +02:00
Jan Alexander Steffens (heftig)
7614beee96
matrix.archlinux.org: Add fail2ban
2020-05-28 22:42:33 +02:00
Jan Alexander Steffens (heftig)
57307320cf
matrix.archlinux.org: Add more zabbix templates
2020-05-28 22:22:34 +02:00
Jan Alexander Steffens (heftig)
affc74cbab
matrix: Rescale to cpx31
2020-05-07 23:18:37 +02:00
Sven-Hendrik Haase
8fda08aed6
Add offsite backup with rsync.net
2020-03-11 18:03:46 +01:00
Jan Alexander Steffens (heftig)
04b4c61ef4
Migrate matrix from soyuz to hcloud
2019-08-14 20:12:58 +02:00
Jelle van der Waa
cb9287d083
add playbook for matrix.archlinux.org
2019-08-11 11:54:30 +02:00