Jakub Sokołowski
|
658a36bb1b
|
readme: fix infra repo usage link
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2022-10-05 17:15:23 +02:00 |
Jakub Sokołowski
|
dfdb6011ea
|
versions: upgrade Terraform verison to 1.2.0
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2022-10-05 17:15:08 +02:00 |
Jakub Sokołowski
|
489786166e
|
requirements: bump roles, fix bootstrap secrets
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2022-03-03 17:47:29 +01:00 |
Jakub Sokołowski
|
1a26e8d3aa
|
requirements: update bootstrap role and others
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-09-16 00:15:26 +02:00 |
Jakub Sokołowski
|
2656cf37cf
|
ansible.cfg: fix location of lookup plugins
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-09-16 00:15:13 +02:00 |
Jakub Sokołowski
|
dbb0e1a275
|
firewall: allow DB access from redash.bi fleet
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-08-12 16:48:26 +02:00 |
Jakub Sokołowski
|
6883a75ee3
|
firewall: use new IP sets and iptables chains
https://github.com/status-im/infra-hq/issues/69
https://github.com/status-im/infra-role-bootstrap-linux/commit/92d8923b
https://github.com/status-im/infra-role-wireguard/commit/8394639e
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-08-09 15:46:01 +02:00 |
Jakub Sokołowski
|
1672383c49
|
update WireGuard config files layout
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-07-29 22:20:30 +02:00 |
Jakub Sokołowski
|
d0f3fa270f
|
rename infra-role-bootstrap-linux, upgrade consul
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-07-28 11:45:22 +02:00 |
Jakub Sokołowski
|
126dd80c34
|
ansible/requirements.yml: bum restic-backups, systemd-timer
We had issues with wrong VPN IPs. Also this generalizes the check.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-06-14 11:10:12 +02:00 |
Jakub Sokołowski
|
8ab4ef58bd
|
set root password from BitWarden as well
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-06-01 09:39:21 +02:00 |
Jakub Sokołowski
|
972ac84fe0
|
add BitWarden lookup plugin, port secrets to BW
https://github.com/status-im/infra-docs/issues/9
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-29 00:42:23 +02:00 |
Jakub Sokołowski
|
3fc96c685c
|
readme: add info about get.status.im endpoint
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-28 10:52:25 +02:00 |
Jakub Sokołowski
|
d5e84434f5
|
replace Tinc VPN with Wireguard
https://github.com/status-im/infra-hq/issues/58
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-19 23:48:16 +02:00 |
Jakub Sokołowski
|
053f9c1d25
|
drop secrets variabls, we use TF pass provider for those
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-19 14:20:03 +02:00 |
Jakub Sokołowski
|
5d4b0ada7a
|
ansible: add versioncheck.py script to verify role versions
This was originally introduced to `infra-nimbus` and proved robust.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-19 14:09:51 +02:00 |
Jakub Sokołowski
|
277d27c505
|
move secrets from service to services
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-05-11 15:36:50 +02:00 |
Jakub Sokołowski
|
bdf3712f2b
|
upgrade tf pass provider to 2.0.0
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-04-01 16:44:31 +02:00 |
Jakub Sokołowski
|
3632a9b3c3
|
explicitly open HTTP and HTTPS ports using open-ports role
Related to:
https://github.com/status-im/infra-role-bootstrap/commit/0bd3c136
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-04-01 16:43:25 +02:00 |
Jakub Sokołowski
|
6369b76198
|
referral-service: make Docker Compose a template
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-03-22 14:31:35 +01:00 |
Jakub Sokołowski
|
9804da9d7d
|
referral-service: configure Restic backups of pg_dump
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-03-22 14:30:53 +01:00 |
Jakub Sokołowski
|
a4495a8a4e
|
referral-service: add timer for creating pg_dump backups
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-03-22 14:17:03 +01:00 |
Jakub Sokołowski
|
31b02eff81
|
bootstrap: provide Consul encryption key from infra-pass
Related: https://github.com/status-im/infra-role-bootstrap/commit/0d40f81d
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-03-22 11:14:35 +01:00 |
Jakub Sokołowski
|
70a91c5fc8
|
upgrade to Terraform 0.14.x, use pass data provider
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-03-11 10:54:25 +01:00 |
Jakub Sokołowski
|
8771bcb2ed
|
upgrade DigitalOcean provider to 2.5.1
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-02-16 18:09:59 +01:00 |
Jakub Sokołowski
|
2b87f29f7c
|
use different host sizes for test and prod envs
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 19:31:52 +01:00 |
Jakub Sokołowski
|
8dc2cebba9
|
increase Nginx proxy worker_connections from 512 to 2048
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 19:26:15 +01:00 |
Jakub Sokołowski
|
3cd1f8fab2
|
optimize redirect from root to status.im/get
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:51:53 +01:00 |
Jakub Sokołowski
|
99e7a32630
|
increase buffer sizes for Nginx proxy
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:49:33 +01:00 |
Jakub Sokołowski
|
6f801dfd22
|
tune Nginx proxy to use HTTP 1.1 and bump read timeout
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:47:03 +01:00 |
Jakub Sokołowski
|
ca5bd3afbb
|
referral-service: fix type of value for sysctl task
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:46:02 +01:00 |
Jakub Sokołowski
|
df729b2e99
|
disable GoeIP querying for now
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:45:39 +01:00 |
Jakub Sokołowski
|
d73f23548c
|
referral-service: allow disabling GeoIP checks
Made possible by: https://github.com/status-im/referral-service/pull/34
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:29:18 +01:00 |
Jakub Sokołowski
|
0555959ccf
|
ansible/terraform.py: drop unnecessary encoding arg
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 18:27:20 +01:00 |
Jakub Sokołowski
|
cc10e18307
|
ansible.cfg: ignore group name warnings, use shell module
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-26 13:26:49 +01:00 |
Jakub Sokołowski
|
1a9cb33b1b
|
bump referral host to s-4vcpu-8gb
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-25 19:36:32 +01:00 |
Jakub Sokołowski
|
c248cd23e6
|
update terraform versions
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-25 19:18:44 +01:00 |
Jakub Sokołowski
|
70b354ddd6
|
use bootstrap__active_extra_users variable, drop Andre
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2021-01-14 13:56:13 +01:00 |
Jakub Sokołowski
|
f2b43cd37a
|
install ThreatStack agent only on Prod hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-10-19 21:14:57 +02:00 |
Jakub Sokołowski
|
7d32f3659f
|
fix name of nginx role
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-10-12 15:50:42 +02:00 |
Jakub Sokołowski
|
2566793996
|
deploy nginx-metrics on all hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-10-12 15:44:10 +02:00 |
Jakub Sokołowski
|
efa009fcd7
|
use our own Nginx role to fix permissions
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-10-07 19:50:34 +02:00 |
Jakub Sokołowski
|
0f57e43cd4
|
return only the client IP via X-Forwarded-For header
This solves an issue with Ruby Rails showing CloudFlare proxy as the
client IP because it doesn't trust the range:
https://github.com/rails/rails/blob/11738e82/actionpack/lib/action_dispatch/middleware/remote_ip.rb#L35
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-09-30 19:58:35 +02:00 |
Jakub Sokołowski
|
c092cd2529
|
referral-service: add IP_SALT env variable from secrets
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-09-30 11:33:06 +02:00 |
Jakub Sokołowski
|
fe71cf861a
|
add andreap to active ssh users
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-09-22 14:41:14 +02:00 |
Jakub Sokołowski
|
55dbfb3ca2
|
readme: add deployments section
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-09-22 09:00:35 +02:00 |
Jakub Sokołowski
|
2b5252b028
|
use container tag based on stage
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-09-01 22:37:18 +02:00 |
Jakub Sokołowski
|
1d5c117e18
|
referral-service: expose PostgreSQL 5432 port to Tinc VPN
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-08-25 16:38:04 +02:00 |
Jakub Sokołowski
|
b904968a68
|
add get.status.im as prod domain
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-08-25 12:22:57 +02:00 |
Jakub Sokołowski
|
d324700ab6
|
use secrets based on stage
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
2020-08-24 21:38:05 +02:00 |