mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-20 19:05:40 +02:00
Code Issues
1,046 Commits 29 Branches 0 Tags 20 MiB
19b0514b7a
Commit Graph

1046 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jelle van der Waa
19b0514b7a use unbound dns for mail servers 2018-11-05 21:34:06 +01:00
Jelle van der Waa
8429772f11 misc: Add pypi password 2018-10-29 19:39:05 +01:00
Jelle van der Waa
d1c8c9e58a docs: Add email documentation 2018-10-29 18:53:41 +01:00
Florian Pritz
71fe299d15
Add mailman list admin password 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-28 21:48:47 +01:00
Florian Pritz
035ba65e38
archwiki: Update to 1.31.1-2 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-27 10:58:04 +02:00
Florian Pritz
8e1cdea4f9
mariadb: Switch python module to python3 version 
This is used by ansible to run mysql queries, e.g. when adding users.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-27 10:42:17 +02:00
Florian Pritz
cf4af7605d
archwiki: Let runJobs-wait service depend on mysqld 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-24 11:34:44 +02:00
Jelle van der Waa
f92fef44ba common: octal file permisisons must contain leading zero 2018-10-21 21:42:50 +02:00
Jelle van der Waa
4afeba2e08 Add zabbix instruactions for adding host 2018-10-21 15:15:20 +02:00
Jelle van der Waa
4e01b0a2d8 Update archutils to latest commit 2018-10-20 17:08:43 +02:00
Bartłomiej Piotrowski
eabdd4df7e Deploy public_html on sgp 2018-10-17 13:24:00 +02:00
Florian Pritz
08169fd5e2
Update arch-boxes to 1.1.3 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-06 00:14:11 +02:00
Jelle van der Waa
13c37bf6df Remove dan from sudoers 2018-10-03 21:48:59 +02:00
Florian Pritz
fdaf0a1bb5
sa-update.sh: Fix error handling not getting exit code due to if 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-01 10:12:56 +02:00
Florian Pritz
c08cd648ed sa-update.sh: Exit with error when sa-update fails 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-01 10:06:26 +02:00
Florian Pritz
68282d1d24 Add pacman hook for SA update 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-01 10:06:26 +02:00
Florian Pritz
4cee959dd6 Disable broken SA update channels 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-10-01 10:06:26 +02:00
Jelle van der Waa
15138d3a16 nymeria: Add required firewalld changes 2018-09-30 18:06:49 +02:00
Florian Pritz
88afae9ab4
Update archwiki to 1.31.1 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-09-23 14:21:44 +02:00
Phillip Smith
807808baef enable firewall on *.mirror.pkgbuild.com 2018-09-21 11:57:29 +10:00
Jelle van der Waa
32b37e8552 archusers: eric resigned 
Remove eric's pubkey and addition of it['s user account.
 2018-09-19 10:59:07 +02:00
Jelle van der Waa
b303517691 common: enable paccache service on all servers 
Enable pacache timer to cleanup old packages and keeps the lsat three
version of a package.
 2018-09-14 18:56:49 +02:00
Phillip Smith
17b6c54b42 fix typo: signapore -> singapore 2018-09-12 17:09:05 +10:00
Florian Pritz
b63063738d
Track firewalld.conf 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-09-06 01:01:25 +02:00
Florian Pritz
0e3cf954eb
Remove dragon.archlinux.org 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-09-06 00:58:42 +02:00
Florian Pritz
a4ee0643a7
Add new TU - Chih-Hsuan Yen 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-31 23:28:21 +02:00
Jan Alexander Steffens (heftig)
cb4b71d2ea
roles/matrix: SASL support is broken 2018-08-28 23:03:14 +02:00
Jan Alexander Steffens (heftig)
c771743e7c
roles/matrix: Update irc bridge config 2018-08-28 22:25:54 +02:00
Jelle van der Waa
e7aa39e00b Move commit, server, version to host_vars 2018-08-28 21:31:46 +02:00
Jelle van der Waa
12e5090ad3 Bump archweb to latest version 2018-08-28 19:41:10 +02:00
Florian Pritz
cf2b01c0d2
Fix apollo postgres ip detection and firewall generation 
- firewall tag so that the facts exist when only firewall is run
- extract IPs from our host vars all the time. no need to query
autodetected facts
- remove empty elements from the list with select(). not all hosts have
ipv6
- fix the subnetmask for v6
- fix the postgres role configuring a v4 rule instead of v6 for a v6
address
- hardcode netmask for orion addresses too

Little bit much for one commit, but splitting it doesn't make a whole
lot of sense.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-28 15:00:57 +02:00
Florian Pritz
897666a244
Update python version 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-28 11:08:51 +02:00
Florian Pritz
f51c87d2cd
patchwork: Install pip for python 3.7 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-28 11:03:54 +02:00
Florian Pritz
b366af705e
nymeria: Set correct archweb rsync url 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-24 23:17:07 +02:00
Jelle van der Waa
52c93ffa81 nymeria: fix ipv6 configuration 
The ipv6 configuration from hetzner was copied while specific nymeria
settings where reqired.
 2018-08-22 21:08:23 +02:00
Florian Pritz
0c84e38dce
Update arch-boxes to 1.1.2 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-18 09:48:34 +02:00
Phillip Smith
8d681f0040 add "firewall" tag to all relevant tasks 2018-08-17 14:56:37 +10:00
Phillip Smith
2ba41e849f Merge branch 'wip/firewalld' 2018-08-17 11:24:37 +10:00
Phillip Smith
54496540ba Merge branch 'wip/firewalld' of ssh://git.archlinux.org/srv/git/infrastructure into wip/firewalld 2018-08-17 11:23:44 +10:00
Phillip Smith
d13089e608 break postgres client ips into separate variables 
we have to use rich rules in firewalld to restict a specific port to a list of
specific ip addresses. when using rich rules, you have to specify the address
family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4
and ipv6 addresses of the clients dynamically generated into a single variable.
so this commit creates 2 variables; one for ipv4 clients and one for ipv6
clients which can be referred to as required when creating the rich rules.
 2018-08-17 10:32:35 +10:00
Phillip Smith
c43b18f89b disable default dhcpv6-client firewall rule 
none of our hosts are configured using dhcpv6 so no need to allow this
default firewall hole to remain in place.
 2018-08-17 10:32:35 +10:00
Florian Pritz
19955820d4 zabbix-server: Open trapper port in firewall 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-17 10:32:35 +10:00
Phillip Smith
f73d2d0d3f set variables to enable firewall 2018-08-17 10:32:35 +10:00
Phillip Smith
8c3f8bf7bb initial commit of luna.yml playbook 2018-08-17 10:32:35 +10:00
Phillip Smith
a342d2912a fix tag for matrix firewall task 2018-08-17 10:32:10 +10:00
Florian Pritz
1112c18bd1 Add ssh hostkeys list 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-17 10:32:10 +10:00
Florian Pritz
73ada882e2 fetch-borg-keys: Update path 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-17 10:32:10 +10:00
Florian Pritz
ca7875f882 Move install_arch and fetch-borg-keys playbooks to tasks subdir 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-08-17 10:32:10 +10:00
Christian Rebischke
ea217832a5 renamed packer-io to packer 
Signed-off-by: Christian Rebischke <Chris.Rebischke@posteo.de>
 2018-08-17 10:32:10 +10:00
Phillip Smith
24860997d8 matrix role; open firewall holes 2018-08-17 10:32:10 +10:00