Jelle van der Waa
19b0514b7a
use unbound dns for mail servers
2018-11-05 21:34:06 +01:00
Jelle van der Waa
8429772f11
misc: Add pypi password
2018-10-29 19:39:05 +01:00
Jelle van der Waa
d1c8c9e58a
docs: Add email documentation
2018-10-29 18:53:41 +01:00
Florian Pritz
71fe299d15
Add mailman list admin password
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-28 21:48:47 +01:00
Florian Pritz
035ba65e38
archwiki: Update to 1.31.1-2
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-27 10:58:04 +02:00
Florian Pritz
8e1cdea4f9
mariadb: Switch python module to python3 version
...
This is used by ansible to run mysql queries, e.g. when adding users.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-27 10:42:17 +02:00
Florian Pritz
cf4af7605d
archwiki: Let runJobs-wait service depend on mysqld
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-24 11:34:44 +02:00
Jelle van der Waa
f92fef44ba
common: octal file permisisons must contain leading zero
2018-10-21 21:42:50 +02:00
Jelle van der Waa
4afeba2e08
Add zabbix instruactions for adding host
2018-10-21 15:15:20 +02:00
Jelle van der Waa
4e01b0a2d8
Update archutils to latest commit
2018-10-20 17:08:43 +02:00
Bartłomiej Piotrowski
eabdd4df7e
Deploy public_html on sgp
2018-10-17 13:24:00 +02:00
Florian Pritz
08169fd5e2
Update arch-boxes to 1.1.3
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-06 00:14:11 +02:00
Jelle van der Waa
13c37bf6df
Remove dan from sudoers
2018-10-03 21:48:59 +02:00
Florian Pritz
fdaf0a1bb5
sa-update.sh: Fix error handling not getting exit code due to if
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-01 10:12:56 +02:00
Florian Pritz
c08cd648ed
sa-update.sh: Exit with error when sa-update fails
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-01 10:06:26 +02:00
Florian Pritz
68282d1d24
Add pacman hook for SA update
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-01 10:06:26 +02:00
Florian Pritz
4cee959dd6
Disable broken SA update channels
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-10-01 10:06:26 +02:00
Jelle van der Waa
15138d3a16
nymeria: Add required firewalld changes
2018-09-30 18:06:49 +02:00
Florian Pritz
88afae9ab4
Update archwiki to 1.31.1
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-23 14:21:44 +02:00
Phillip Smith
807808baef
enable firewall on *.mirror.pkgbuild.com
2018-09-21 11:57:29 +10:00
Jelle van der Waa
32b37e8552
archusers: eric resigned
...
Remove eric's pubkey and addition of it['s user account.
2018-09-19 10:59:07 +02:00
Jelle van der Waa
b303517691
common: enable paccache service on all servers
...
Enable pacache timer to cleanup old packages and keeps the lsat three
version of a package.
2018-09-14 18:56:49 +02:00
Phillip Smith
17b6c54b42
fix typo: signapore -> singapore
2018-09-12 17:09:05 +10:00
Florian Pritz
b63063738d
Track firewalld.conf
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-06 01:01:25 +02:00
Florian Pritz
0e3cf954eb
Remove dragon.archlinux.org
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-06 00:58:42 +02:00
Florian Pritz
a4ee0643a7
Add new TU - Chih-Hsuan Yen
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-31 23:28:21 +02:00
Jan Alexander Steffens (heftig)
cb4b71d2ea
roles/matrix: SASL support is broken
2018-08-28 23:03:14 +02:00
Jan Alexander Steffens (heftig)
c771743e7c
roles/matrix: Update irc bridge config
2018-08-28 22:25:54 +02:00
Jelle van der Waa
e7aa39e00b
Move commit, server, version to host_vars
2018-08-28 21:31:46 +02:00
Jelle van der Waa
12e5090ad3
Bump archweb to latest version
2018-08-28 19:41:10 +02:00
Florian Pritz
cf2b01c0d2
Fix apollo postgres ip detection and firewall generation
...
- firewall tag so that the facts exist when only firewall is run
- extract IPs from our host vars all the time. no need to query
autodetected facts
- remove empty elements from the list with select(). not all hosts have
ipv6
- fix the subnetmask for v6
- fix the postgres role configuring a v4 rule instead of v6 for a v6
address
- hardcode netmask for orion addresses too
Little bit much for one commit, but splitting it doesn't make a whole
lot of sense.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-28 15:00:57 +02:00
Florian Pritz
897666a244
Update python version
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-28 11:08:51 +02:00
Florian Pritz
f51c87d2cd
patchwork: Install pip for python 3.7
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-28 11:03:54 +02:00
Florian Pritz
b366af705e
nymeria: Set correct archweb rsync url
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-24 23:17:07 +02:00
Jelle van der Waa
52c93ffa81
nymeria: fix ipv6 configuration
...
The ipv6 configuration from hetzner was copied while specific nymeria
settings where reqired.
2018-08-22 21:08:23 +02:00
Florian Pritz
0c84e38dce
Update arch-boxes to 1.1.2
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-18 09:48:34 +02:00
Phillip Smith
8d681f0040
add "firewall" tag to all relevant tasks
2018-08-17 14:56:37 +10:00
Phillip Smith
2ba41e849f
Merge branch 'wip/firewalld'
2018-08-17 11:24:37 +10:00
Phillip Smith
54496540ba
Merge branch 'wip/firewalld' of ssh://git.archlinux.org/srv/git/infrastructure into wip/firewalld
2018-08-17 11:23:44 +10:00
Phillip Smith
d13089e608
break postgres client ips into separate variables
...
we have to use rich rules in firewalld to restict a specific port to a list of
specific ip addresses. when using rich rules, you have to specify the address
family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4
and ipv6 addresses of the clients dynamically generated into a single variable.
so this commit creates 2 variables; one for ipv4 clients and one for ipv6
clients which can be referred to as required when creating the rich rules.
2018-08-17 10:32:35 +10:00
Phillip Smith
c43b18f89b
disable default dhcpv6-client firewall rule
...
none of our hosts are configured using dhcpv6 so no need to allow this
default firewall hole to remain in place.
2018-08-17 10:32:35 +10:00
Florian Pritz
19955820d4
zabbix-server: Open trapper port in firewall
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:35 +10:00
Phillip Smith
f73d2d0d3f
set variables to enable firewall
2018-08-17 10:32:35 +10:00
Phillip Smith
8c3f8bf7bb
initial commit of luna.yml playbook
2018-08-17 10:32:35 +10:00
Phillip Smith
a342d2912a
fix tag for matrix firewall task
2018-08-17 10:32:10 +10:00
Florian Pritz
1112c18bd1
Add ssh hostkeys list
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Florian Pritz
73ada882e2
fetch-borg-keys: Update path
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Florian Pritz
ca7875f882
Move install_arch and fetch-borg-keys playbooks to tasks subdir
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Christian Rebischke
ea217832a5
renamed packer-io to packer
...
Signed-off-by: Christian Rebischke <Chris.Rebischke@posteo.de>
2018-08-17 10:32:10 +10:00
Phillip Smith
24860997d8
matrix role; open firewall holes
2018-08-17 10:32:10 +10:00