Evangelos Foutras
62f93478dc
Replace dynamic hcloud inventory with host entries
...
We make almost no use of the dynamic properties of the hcloud inventory,
so we can simplify this by declaring all cloud servers in the main hosts
inventory.
The main benefit of this change is that temporary and experimental cloud
servers are not automatically included in the Ansible playbooks. In such
cases it is usually incorrect to deploy changes to these unknown servers.
A smaller side benefit is that Ansible will now use hostnames to connect
to cloud servers, whereas the dynamic inventory provided IPv4 addresses.
This results in more meaningful ~/.ssh/known_hosts entries.
2022-05-12 20:32:58 +03:00
Evangelos Foutras
b4d60ae2f6
Move highly sensitive secrets to new "super" vault
...
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
2022-05-07 17:45:19 +03:00
Kristian Klausen
c8e88c4723
README: Configure terraform to verify postgres's SSL certificate
...
The default sslmode is require which doesn't protect against MITM
attacks (the certificate isn't verified). The different modes are
explained here [1].
[1] https://www.postgresql.org/docs/current/libpq-ssl.html
2022-04-20 20:08:34 +02:00
Jelle van der Waa
2db513cc43
Add instructions for gitlab version
2021-11-06 15:39:53 +01:00
Evangelos Foutras
006cdc0446
Document semi-automated server updates
2021-08-23 23:19:48 +03:00
Evangelos Foutras
f7033ae2cd
Drop kernels from IgnorePkg
...
Main motivation behind this is preparing for doing more automatic
upgrades. The need for ignoring kernel updates isn't clear either.
2021-08-17 18:46:18 +03:00
Kristian Klausen
d9e4acf8a6
Fix command for updating gitlab
2021-07-28 23:15:04 +02:00
Evangelos Foutras
faba3a3d7c
misc/get_key.py: load vault file without chdir'ing
...
Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.
Fixes: 7754214604
("Rewrite get_key.py to use click instead of typer")
2021-07-07 15:18:41 +03:00
Sven-Hendrik Haase
40fd7811a6
More accurate DevOps onboarding docs
2021-06-02 16:15:00 +02:00
Kristian Klausen
7754214604
Rewrite get_key.py to use click instead of typer
...
Typer doesn't work with Click 8[1].
[1] https://github.com/tiangolo/typer/issues/280
2021-06-02 15:39:47 +02:00
Kristian Klausen
01c6542990
Remove uneeded OpenDKIM doc
2021-02-22 13:56:02 +01:00
Kristian Klausen
361e88b6c4
Fix certificate catch-22 bootstrapping issue
...
Issuing a certificate requires nginx to be running, but nginx requires a
certificate to start. Fix it by using Python built-in http.server.
Fix #30
2021-01-10 22:57:57 +00:00
Kristian Klausen
59200d5119
Move the "Servers" section from the readme to docs/servers.md
2020-12-18 17:41:42 +01:00
Kristian Klausen
d46efc907c
Add TOC to readme
2020-12-18 01:37:40 +01:00
Jelle van der Waa
1f4499b8e4
Mention the archive mirrors in our README as offered services
2020-12-17 22:02:11 +01:00
Jelle van der Waa
d793df2f4c
Add rebuilderd documentation
2020-12-03 16:19:43 +00:00
Jelle van der Waa
d129e7d947
Add rebuilderd_worker role for repro1.pkgbuild.com
...
The repro3.pkgbuild.com machine was a packet.net box with an Ubuntu
installation. Now converted to an Arch Linux installation managed by
ansible with a new rebuilderd_worker role.
2020-12-03 16:19:43 +00:00
Jelle van der Waa
5bcfc33fd9
Add link to Grafana docs in readme
2020-11-30 22:41:35 +01:00
Jelle van der Waa
493f9a58b9
Cleanup orion references
...
Orion has been replaced by gemini and for mail by mail.archlinux.org
2020-11-21 21:00:44 +00:00
Jelle van der Waa
53bd985636
Move openpgpkey.archlinux.org to a new VPS
...
The WKD webservice ran on orion, but as we want to retire it, we will
move it to it's own CX11 VPS. As it's just a simple web page.
2020-11-02 10:02:41 +01:00
Jelle van der Waa
c986d38691
Update README to reflect server changes
2020-10-29 21:21:03 +01:00
Sven-Hendrik Haase
b0e7036df9
Improve backup docs and add borg wrapper
2020-10-24 18:45:34 +02:00
Sven-Hendrik Haase
86bc7f75e2
Fix README indentation level
2020-10-23 01:08:51 +02:00
Jelle van der Waa
137d9313c0
Document our Grafana setup
...
Document addinga new dashboard and how our Grafana is configured.
2020-10-13 17:37:38 +02:00
Jelle van der Waa
e589fb26e2
Document prometheus exporters configuration
2020-09-21 12:34:27 +00:00
Jelle van der Waa
096317e128
Remove configuration and entries for retired PIA boxes
...
The PIA boxes are retired.
2020-09-20 22:04:30 +00:00
Jelle van der Waa
8b3c68e5e1
Add prometheus role for the prometheus/alertmanager server
...
Introduce a new monitoring server with prometheus and alertmanager for
monitoring all our boxes.
2020-08-31 21:09:54 +02:00
Sven-Hendrik Haase
60fd5b8a29
Some tiny markup fixes
2020-08-29 01:09:16 +02:00
Sven-Hendrik Haase
a636f8a597
Remove arch-boxes stuff ( fixes #107 )
...
This is now built enitrely in GitLab CI in the arch-boxes repo so this is no longer required.
2020-08-28 20:05:24 +00:00
Jelle van der Waa
d9fdafb0b1
Use archlinux-contrib over git submodule
...
Prefer using our maintained version of checkservices from the contrib
repository hosted on our Gitlab repository. This has the benefit of
getting rid of a submodule which isn't cloned by default.
2020-08-27 06:43:42 +00:00
Jakub Klinkovský
b3b7dfd2d3
README.md: use proper Markdown numbered list
2020-08-27 06:37:14 +00:00
Jakub Klinkovský
ab130591b7
README.md: fix references to documents in docs/ and make them clickable in Gitlab
2020-08-27 06:37:14 +00:00
Jakub Klinkovský
453803d132
README.md: fix some typos and formatting errors
2020-08-27 06:37:14 +00:00
Jakub Klinkovský
caf765d021
README.md: remove obsolete documentation of mirror.pkgbuild.com
...
The mirror_load_balancer stuff was removed recently in commit
3472c7bb7c
2020-08-27 06:37:14 +00:00
Sven-Hendrik Haase
65400adeca
Upgrade to terraform 0.13
2020-08-27 07:17:09 +02:00
Jan Alexander Steffens (heftig)
fe5a07875d
README.md: Restore the explanation for matrix.archlinux.org
2020-08-24 20:42:53 +02:00
Sven-Hendrik Haase
b4e116b23e
Fix typo
2020-08-22 16:52:11 +02:00
Levente Polyak
358eec668c
readme: add required python-jmespath for ansible json jmespath query
...
Some playbooks that use jmespath query like the matrix playbook while
getting changes for the "install irc-bridge registration" require the
python-jmespath package on client side to work, document this.
2020-08-20 19:26:41 +02:00
Levente Polyak
a5fbc14b95
Revert "matrix: Integrate with Keycloak"
...
This reverts commit 8e4eac7df4
.
Revert this feature as its part of a keycloak change that must go
through review via a merge request.
2020-08-20 11:50:18 +02:00
Jan Alexander Steffens (heftig)
8e4eac7df4
matrix: Integrate with Keycloak
2020-08-19 20:24:16 +02:00
Jelle van der Waa
cdb023fdfb
Document how to update Gitlab
...
Closes: #12
2020-08-16 22:22:49 +00:00
Jelle van der Waa
21974053bc
Remove hefur as torrent tracker
...
The magnet uri's and torrent files no longer include a torrent tracker
link so running the service is obsolete.
2020-08-13 19:26:33 +02:00
Jelle van der Waa
1d30717c66
Remove jpn/repro2 as they no longer respond
...
Both boxes died and are no longer responsive, retire them.
2020-07-30 22:47:42 +02:00
Giancarlo Razzolini
c2b464e780
host_vars: Add the vars for aur.archlinux.org and change the README
...
Added the missing host_vars file for aur.archlinux.org and changed the README
to reflect it's move.
2020-07-24 08:33:54 -03:00
Sven-Hendrik Haase
38199d161b
Update backup instructions in README
2020-07-09 00:50:50 +02:00
Sven-Hendrik Haase
6bdab52f16
Use prio host for rsync.net
...
Apparently the host without prio is the traffic shaped one which has been very slow for us.
2020-07-09 00:50:32 +02:00
Sven-Hendrik Haase
764df6ee5d
Switch from vostok to storagebox ( fixes #51 )
2020-07-09 00:50:04 +02:00
Jelle van der Waa
fad8d005c4
Document moreutils requirement for re-encrypting the vault
2020-07-08 18:20:41 +02:00
Jelle van der Waa
57a57f22c3
Add setting up borg backups on a new machine section
2020-06-17 12:03:47 +02:00
Sven-Hendrik Haase
8942802cca
Add GitHub OAuth for Keycloak
2020-06-03 10:07:31 +00:00