heftig has agreed to have his access reduced, as a way to reduce the
number of people with access to the "super" vault.
With this change the matrix vault is moved from the "super" vault to the
"default" vault as that is needed for maintaining the matrix server.
Fix #567
As we have recently migrated our vagrant account to a hashicorp cloud
account these credentials are not working anymore and are superseeded by
the ones that can be found in "misc/vaults/vault_hashicorp_cloud.yml".
Signed-off-by: Christian Heusel <christian@heusel.eu>
Currently needs a hack in
/var/lib/synapse/matrix-appservice-irc/node_modules/matrix-appservice-bridge/lib/components/media-proxy.js
to replace the `"http"` require with `"https"` or the proxy won't work.
See: https://github.com/matrix-org/matrix-appservice-bridge/issues/507
A new Hetzner cloud project has been created called "Sandbox". This
project is meant for non-production workload which must be created
on-demand from e.g. a CI pipeline. The first project using the sandbox
is aurweb, which wants to use GitLab's Review apps[1] feature to create
dynamic environments on-demand.
Two API tokens have been created, one for the infrastructure project (to
be used by packer) and for the aurweb project.
[1] https://docs.gitlab.com/ee/ci/review_apps/
Renovate is a tool for: "Automated dependency updates. Multi-platform
and multi-language."[1].
We require all commits pushed directly to official projects to be
signed, so a master key and signing key have been generated for
Renovate. Both keys are stored in renovate.asc and Renovate only has
access to the signing key.
[1] https://github.com/renovatebot/renovate
We want non-DevOps to be able to deploy project documentation (ex:
repod) with GitLab Pages and a separate domain was considered the only
sensible solution due to security issues[1].
[1] https://github.blog/2013-04-09-yummy-cookies-across-domains/
We want to deploy project documentation (ex: repod) with GitLab Pages
and due to security concerns[1], they should be deployed on a separate
domain.
Hetzner's Registration Robot[2] only supports a few TLDs and all the
good names have already been taken, and therefore we need a new domain
registrar. SPI has a partnership with Gandi, so Gandi it is.
[1] https://www.hetzner.com/registrationrobot
[2] https://github.blog/2013-04-09-yummy-cookies-across-domains/
roles/prometheus/defaults/main.yml used to include a comment with the
commands used to generate a list of HTTPS endpoints to check. Move it
into a proper script and fix it to generate the correct current list.
Extend the removal of the dashes from unencrypted YAML documents to
encrypted ones as well.
Fixes: a9e0790f53ec ("Remove the three dashes from all YAML documents")
