mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-26 21:01:44 +02:00
Code Issues
3,535 Commits 29 Branches 0 Tags 20 MiB
101f428fdb
Commit Graph

145 Commits

Author SHA1 Message Date
Frederik Schwan
9a2ae489f5
make master-key and www CNAME entries 2020-12-28 02:38:33 +01:00
Frederik Schwan
8a8c7b308f
typo fixes in tf-stage1 2020-12-28 02:27:23 +01:00
Frederik Schwan
28f56cbda4
remove low TTLs on all domains 2020-12-28 02:22:53 +01:00
Sven-Hendrik Haase
6c0af300da
Scale up wiki to CPX21 (fixes #249) 
The wiki box was a little small and actually ran out of RAM in some cases.
 2020-12-28 02:22:48 +01:00
Frederik Schwan
45805763e7
fixups to minimize terraform state changes while applying !238 2020-12-28 02:14:12 +01:00
Kristian Klausen
fc13e31a69
tf-stage1/archlinux: Switch archlinux_org_gitlab_pages to a map 2020-12-28 01:23:01 +01:00
Kristian Klausen
91196b5abe
tf-stage1/archlinux: Use a local variable for archlinux_org_gitlab_pages 2020-12-28 01:23:00 +01:00
Kristian Klausen
b08787d2e8
tf-stage1/archlinux: Use a local variable for archlinux_org_cname 2020-12-28 01:22:59 +01:00
Frederik Schwan
b7af352722
move handling of machines into variables 2020-12-28 01:22:58 +01:00
Frederik Schwan
0f664a3eed redirect conf.static.archlinux.org to gitlab pages 2020-12-27 23:28:33 +00:00
Kristian Klausen
67bc3ab2de tf-stage1/archlinux: Move al.org A/AAAA to a variable to ease management 2020-12-27 01:46:14 +01:00
Frederik Schwan
06d5360ec7 add redirect server to handle redirects for deprecated domains 2020-12-26 23:35:32 +00:00
Kristian Klausen
0700fc457e tf-stage1/archlinux: Move most CNAMEs to a variable to ease management 2020-12-26 22:47:08 +01:00
Kristian Klausen
b6adec20f9 tf-stage1/archlinux: Manage GitLab Pages with variable + for_each 2020-12-26 22:12:49 +01:00
Frederik Schwan
0f9831862a
fix newly added IPv6 records 2020-12-26 21:05:52 +01:00
Kristian Klausen
c5cdfcf1ad tf-stage1/archlinux: Add missing AAAA records for hcloud servers 2020-12-26 20:02:30 +00:00
Kristian Klausen
81751e645e tf-stage1/archlinux: Remove archive.gemini.archlinux.org 
Superseded by archive.archlinux.org
 2020-12-26 20:02:30 +00:00
Kristian Klausen
c046166f60 tf-stage1/archlinux: Setup SMTP TLS Reporting for remaining mail domains 2020-12-26 20:50:29 +01:00
Kristian Klausen
d11c92cca9 Setup MTA-STS for remaining mail domains 
https://tools.ietf.org/html/rfc8461
 2020-12-26 20:50:26 +01:00
Sven-Hendrik Haase
b5540e68b7
Migrate conf.archlinux.org to GitLab Pages 2020-12-26 18:45:30 +01:00
Kristian Klausen
be6b4f8735 Setup MTA-STS in testing mode 
https://tools.ietf.org/html/rfc8461
 2020-12-26 18:19:28 +01:00
Kristian Klausen
a11ef906fc Setup SMTP TLS Reporting 
https://tools.ietf.org/html/rfc8460
 2020-12-26 18:19:25 +01:00
Kristian Klausen
7f90b9edfb tf-stage1/archlinux: Avoid similar mx/SPF records by using for_each 2020-12-26 03:43:07 +01:00
Kristian Klausen
05d9a147a7 tf-stage1/archlinux: Setup SPF record for lists HELO name 2020-12-26 03:20:27 +01:00
Kristian Klausen
c165e12ef6 tf-stage1/archlinux: Cleanup SPF record 
5.9.250.164/2a01:4f8:160:3033::2 (luna) -> lists.archlinux.org SPF

138.201.81.199/a:apollo.archlinux.org: decommissioning TBD
66.211.214.132 (gerolde): decommissioned
88.198.91.70 (orion): decommissioned

Fix #197
 2020-12-26 02:26:33 +01:00
Giancarlo Razzolini
a39c9e830e
tf-stage1/archlinux: Change the security DNS records 
Change the security DNS record from a CNAME to an A and create the AAAA,
both pointing to the new security server.
 2020-12-25 14:40:49 -03:00
Giancarlo Razzolini
98bd3b73b5
tf-stage1/archlinux: Change DNS record for patchwork 
Change the DNS record from a CNAME to apollo to point to the new patchwork machine.
 2020-12-24 11:36:37 -03:00
Sven-Hendrik Haase
4fe1e1f859
Add whatcanwedofor.archlinux.org (fixes #247) 2020-12-23 18:50:18 +01:00
Sven-Hendrik Haase
2972584fcc
Add A/AAAA domain for pages 
This makes it easier for projects to use it as they only have to provide a single CNAME entry
instead of having to provide a A and a AAAA entry.
 2020-12-23 16:48:26 +01:00
Giancarlo Razzolini
62a90380d0
tf-stage1: Create the security server 
Given that we are migrating everything out of apollo, create a machine
for hosting security.archlinux.org
 2020-12-22 17:04:57 -03:00
Sven-Hendrik Haase
83307cad39
Add hcloud floating IP to gitlab.archlinux.org 2020-12-22 18:28:28 +01:00
Kristian Klausen
2897cfe9a2 Use the hcloud ip addresses instead of hardcoding them 2020-12-22 17:27:31 +01:00
Giancarlo Razzolini
c313f7f25e
tf-stage1/archlinux: Create patchwork server and lower its DNS record TTL 
Created a cx11 server for the patchwork migration and lowered its CNAME DNS record.
 2020-12-22 08:31:30 -03:00
Giancarlo Razzolini
ccc6884b5a
tf-stage1: Change wiki record from CNAME to A/AAAA 
Changed the wiki's dns record from a CNAME pointing to apollo, to an A/AAAA records
pointing to the new machine ip addresses.
 2020-12-21 16:34:45 -03:00
Frederik Schwan
17d0cca1b9
Revert "add hcloud volume to archlinux.org machine to host ISO files" 
The additional volume is not needed since the machine has actually
40 G of diskspace. The btrfs partition had just to be resized.

This reverts commit d33427fa0d.
 2020-12-21 10:15:39 +01:00
Frederik Schwan
d33427fa0d
add hcloud volume to archlinux.org machine to host ISO files 2020-12-21 04:32:51 +01:00
Giancarlo Razzolini
274b950ee1
tf-stage1/archlinux: Lower TTL and create a new server for the wiki 
Created a new CPX11 server for the wiki and lowered the TTL of the wiki CNAME
entry.
 2020-12-20 13:53:39 -03:00
Giancarlo Razzolini
824fb0842e tf-stage1/archlinux: Change DNS records for the archweb migration and also increase the machine size 
Changed the A and AAAA record for @ to point to the new machine. Also, since we can't have CNAME to
@, change www from CNAME to A and AAAA and point to the new machine too. The other domains were kept
CNAME, but pointing to www in this case. Also, the master-key domain only had an A record, so added an
AAAA record too. The TTL is still at 600, but we can increase after a while.
 2020-12-20 11:21:31 +00:00
Giancarlo Razzolini
84519dc68c tf-stage1/archlinux: Escape the value on gitlab pages verification code 
Escape the value, since TXT records need it.
 2020-12-20 11:21:30 +00:00
Kristian Klausen
37408f5761 Fix missing AAAA record for europe.archive.pkgbuild.com 2020-12-18 21:28:58 +00:00
Jelle van der Waa
3658d8b174
Lower security.archlinux.org TTL for migration 
The security tracker will be migrated to a new CX11 server.
 2020-12-12 19:47:55 +01:00
Jelle van der Waa
4803384593
Add archive domains and DNS entries 
As we want to serve mirros and the archive add a new domain for the
archive so the mirror and archive can be hosted.
 2020-12-12 15:15:55 +01:00
Giancarlo Razzolini
fbafffa326 tf-stage1/archlinux.tf: Lower TTL of archlinux.org related domains 
Lower the ttl of master-key, dev, packages and ipxe
 2020-12-12 13:02:13 +00:00
Giancarlo Razzolini
bcbfb2d1b2 tf-stage1/archlinux.tf: Lower TTL for archlinux.org and www.archlinux.org and create a new server for archlinux.org 
For the archweb migration, we need to lower the TTL and create a new archlinux.org server to host the site.
 2020-12-12 13:02:13 +00:00
Sven-Hendrik Haase
678845afac Add Kape server IPv6 addresses (fixes #230) 2020-12-11 22:08:26 +00:00
Sven-Hendrik Haase
e049e89e9a
Upgrade to Terraform 0.14 
This process didn't need any source changes but it added the new Terraform lockfiles.
 2020-12-10 21:53:50 +01:00
Jelle van der Waa
7fe487ad27
Add Kape donated servers 
Setup Kape servers as archive mirrors (asia,europe,america), Gitlab
runner and Rebuilderd worker. All machines except runner1 are EFI
machines with grub setup and a EFI parition which is not supported by
our ansible install role and is manually rolled out.
 2020-12-07 20:28:55 +01:00
Jelle van der Waa
d129e7d947 Add rebuilderd_worker role for repro1.pkgbuild.com 
The repro3.pkgbuild.com machine was a packet.net box with an Ubuntu
installation. Now converted to an Arch Linux installation managed by
ansible with a new rebuilderd_worker role.
 2020-12-03 16:19:43 +00:00
Frederik Schwan
06ae146c0a
remove DKIM key used for opendkim on mail. after migration to rspamd 2020-11-24 20:43:12 +01:00
Frederik Schwan
f2845e141a
add new dkim keys for the upcoming rspamd deployment 
also move the dkim key generation to the docs as this is only run ~once
 2020-11-22 16:36:25 +01:00
Jelle van der Waa
3b071828dd
Remove zabbix.archlinux.org 2020-11-21 22:14:22 +01:00
Frederik Schwan
494145e5c1
fix mx record for aur. and master-key. 2020-11-12 13:54:32 +01:00
Sven-Hendrik Haase
9fb9c1a0d3
Delete archconfbox 
In coordination with Foxboron, the box has fulfilled its use and has been deleted.
 2020-11-11 18:35:37 +01:00
Sven-Hendrik Haase
7bd1041f10
Fix TXT record formatting 
Earlier, Terraform would always show a diff because Hetzner DNS API will tranform our entries
after submitting them. This commit ensures that the entries are in the same format the API expects
them to be in from the start.
 2020-11-09 17:48:09 +01:00
Frederik Schwan
0266692516
readd dkim key for mail domain 2020-11-03 18:28:22 +01:00
Frederik Schwan
f563303ff2
regroup and rename mail records 2020-11-03 18:26:46 +01:00
Kristian Klausen
ef42811b89 Setup SPF record for HELO name 
The RFC[1] recommends it and it seems to be best-pratice these days.

[1] https://tools.ietf.org/html/rfc7208
 2020-11-02 18:02:37 +01:00
Sven-Hendrik Haase
af1c54c34e
Remove secure-runner2 
As it turns out, secure-runner2 isn't fast enough to serve as CI/CD and if we keep rescaling it to be
large enough, it'll be more expensive than secure-runner1 which is a lot faster. So, it'd be most
useful to just get rid of this VPS.
 2020-11-02 13:05:11 +01:00
Sven-Hendrik Haase
b2afd63fe1
Rescale secure-runner2 from cx11 to cpx31 
The idea is to cancel secure-runner1 and use secure-runner2 as the sole secure-runner as it should be fast enough.
We originally had secure-runner1 in hardware as we thought we needed KVM but as it turns out, qemu software emulation
via tcg is actually fast enough so that's what we're using now. That also menas that we can now use a cheap cloud
runner for everything.
 2020-11-02 12:17:00 +01:00
Sven-Hendrik Haase
c0f075530d
Remove orion DNS entries (#85) 2020-11-02 11:55:16 +01:00
Sven-Hendrik Haase
cd8b815fca
Remove kanboard from DNS (#16) 
We decommissioned kanboard in favor of GitLab.
 2020-11-02 10:45:18 +01:00
Jelle van der Waa
53bd985636
Move openpgpkey.archlinux.org to a new VPS 
The WKD webservice ran on orion, but as we want to retire it, we will
move it to it's own CX11 VPS. As it's just a simple web page.
 2020-11-02 10:02:41 +01:00
Frederik Schwan
7dd36d7465
use IPs for mail.archlinux.org in SPF record 2020-10-24 22:13:45 +02:00
Frederik Schwan
2c6711a2ab
fix spf record missing an "a:" prefix 2020-10-24 21:22:45 +02:00
Frederik Schwan
d450ac98d2
fix mx record 2020-10-24 21:12:19 +02:00
Frederik Schwan
1396746021
increase TTL to 600 after mail server migration 2020-10-24 18:33:03 +02:00
Frederik Schwan
6278f6688a
switch mail service from orion. to mail. 
mx pointed to orion which is removed
mx is not used anymore, instead we use mail.
mail. got a fresh DKIM key
in the spf record, mx gets replaced with mail
 2020-10-24 16:11:45 +02:00
Frederik Schwan
1d0866ebce
lower the TTL of records affecting mail services to 60 for the upcoming mail server migration 2020-10-24 14:14:10 +02:00
Frederik Schwan
b4ab4aa908 apply TTL of 600 also to mail. CNAME orion. 2020-10-22 12:33:22 +00:00
Frederik Schwan
80c22539b9
introduce terraform fmt to the CI to improve readability 2020-10-22 13:45:19 +02:00
Frederik Schwan
9517123e44
set TTL to 600 to prepare mail server migration 2020-10-21 20:07:31 +02:00
Sven-Hendrik Haase
2785d304b5
Add 1TB hcloud volume to gitlab (fixes #157) 
Sorry, this was kind of an emergency and I had to quickly perform this change so no MR for this.
 2020-10-21 05:42:27 +02:00
Sven-Hendrik Haase
3f8de505bf
Add archconfbox.pkgbuild.com (fixes #160) 2020-10-12 20:00:30 +02:00
Jelle van der Waa
096317e128 Remove configuration and entries for retired PIA boxes 
The PIA boxes are retired.
 2020-09-20 22:04:30 +00:00
Jelle van der Waa
18e8dcbaa7
Add reverse DNS and DNS entries for svn2gittest vps 2020-09-17 18:45:26 +02:00
Sven-Hendrik Haase
31ce038f1c
Use IPs from Hcloud 
Now that we manage DNS via Terraform and Hetzner DNS API, it makes sense to use the data provider from
hcloud to get the server IPs.
 2020-09-09 03:01:03 +02:00
Sven-Hendrik Haase
9338427ccb
Comment out SOA entries for for now as we don't know how to manage those via Terraform 
See https://github.com/timohirt/terraform-provider-hetznerdns/issues/20 for reference.
 2020-09-08 12:34:16 +02:00
Sven-Hendrik Haase
903adb38a9 Start managing Hetzner DNS with Terraform 2020-09-07 03:46:52 +00:00
Sven-Hendrik Haase
3430aeadfa
Increase AUR machine size 2020-09-03 21:10:06 +02:00
Sven-Hendrik Haase
0cd2f7018b
Add PTR entries for IPv6 2020-08-31 10:22:29 +02:00
Sven-Hendrik Haase
65400adeca
Upgrade to terraform 0.13 2020-08-27 07:17:09 +02:00
Sven-Hendrik Haase
5a99d4f1b9
Add hcloud volume to mirror.pkgbuild.com 2020-08-13 21:42:37 +02:00
Sven-Hendrik Haase
539b6ae9d8
Fix copy-paste error 2020-08-13 17:55:57 +02:00
Giancarlo Razzolini
e12ece360b
terraform: Add new mail.archlinux.org server 
Added a new server for the mail migration.
 2020-07-31 11:54:06 -03:00
Sven-Hendrik Haase
b6a7e1e89b
Add secure-runner2.archlinux.org 
This runner, as opposed to secure-runner1.archlinux.org, doesn't have any virtual machine capabilities and should be preferred for projects that don't need such capabilities.
 2020-07-25 04:34:30 +02:00
Sven-Hendrik Haase
13f88d263a
Increase AUR hcloud server to CPX31 
We were seeing load spikes that pegged the server at 200% before.
 2020-07-25 02:49:42 +02:00
Giancarlo Razzolini
bd59c027ab
terraform: Scale down the size of the AUR 
After some consideration, we are going to start with a smaller server size
for the AUR and increase if necessary.
 2020-07-24 14:06:44 -03:00
Giancarlo Razzolini
2bb914bac6
tf-stage1: Add the server for aur.archlinux.org 
Added the server for the aur.archlinux.org migration. Used a CPX31
server, since AUR requires a bit more resources.
 2020-07-23 11:03:41 -03:00
Sven-Hendrik Haase
8942802cca Add GitHub OAuth for Keycloak 2020-06-03 10:07:31 +00:00
Sven-Hendrik Haase
6b3b73060a
Add temporary server for Foxboron's svn2git migration test 2020-06-01 06:43:08 +02:00
Sven-Hendrik Haase
5f679adbb0 Prepare monitoring.archlinux.org 2020-05-25 20:10:42 +00:00
Sven-Hendrik Haase
95f2d6c8d3
Resize gitlab.archlinux.org to be a cx51 
We ran at the bare minimum and cx51 should last us some time.
 2020-05-22 21:28:45 +02:00
Jan Alexander Steffens (heftig)
affc74cbab
matrix: Rescale to cpx31 2020-05-07 23:18:37 +02:00
Sven-Hendrik Haase
0f5d388206
Remove ciprototype.archlinux.org 2020-05-01 19:18:29 +02:00
Frederik Schwan
f42fd92b83
Merge wip-keyclaok into master 2020-04-30 14:30:35 +02:00