We don't want these comments to be added to docs/ssh-known_hosts.txt.
From OpenSSH 9.8 release notes [1]:
* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.
[1] https://www.openssh.com/txt/release-9.8
matrix.archlinux.org doesn't like it when accounts.archlinux.org is
unavailable at start-up. Try to work around this by upgrading
accounts.archlinux.org first and doing a health check before proceeding
to update the rest of the servers.
Fixes: #496
The glibc 2.35-6 package ships with the C.UTF-8 locale included which
means there is now a usable UTF-8 locale available by default.
en_US.UTF-8 will still be generated because PostgreSQL clusters are
created with that locale. Migrating the clusters to C.UTF-8 is
possible, but that requires dumping and recreating them.
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
Avoid updating the cache in the same task w/ the upgrade as the former
causes the combined task to always return changed=True. For up-to-date
hosts, stop early instead of following through to the end and skipping
the final reboot task.
Before Ansible 5.4.0, combined cache update + package upgrade would not
always return changed=True but instead depended on whether the were any
packages to upgrade.
These are managed services and Ansible doesn't run on them. It got
boring writing 'all,!rsync_net,!hetzner_storageboxes' in playbooks
and ad-hoc commands, so remove these borg hosts from our inventory.
Change docs/ssh-known_hosts.txt to be partially managed by Ansible, so
custom entries can be added to the top of the file. Use the new format
to write down the host keys of our two borg hosts.
Service facts did not provide enough information about the state of
the borg-backup{,-offsite} services. While runnning, their state is
reported as stopped by service_facts and "activating" by systemctl.
In a recent execution of the server upgrade task, svntogit was started
shortly before the reboot command was issued. Therefore, it was killed
two seconds into its run, leaving behind a lock file that prevented it
from starting again after gemini was rebooted.
Avoid the above timing issue by stopping the timer before rebooting.
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
