Jelle van der Waa
2422fa8093
group_vars: remove thomas from sudoers
2019-05-06 16:14:51 +02:00
Giancarlo Razzolini
f397362dd8
root_access: For some reason, after all this time, still did not had sudo access.
2019-04-14 18:11:27 -03:00
Florian Pritz
97c0a1dcbe
Add some more zsh/fish users based on orion's passwd
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-04-05 08:36:59 +02:00
Evangelos Foutras
acb571dcdb
archusers: Change shell for eworm to zsh
2019-04-05 09:09:28 +03:00
Florian Pritz
3713930c66
archusers: Set zsh for some more users
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-04-03 21:15:31 +02:00
Florian Pritz
4cd98aa009
archusers: Set zsh for some more users
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-04-03 20:31:14 +02:00
Florian Pritz
acff12e07e
archusers: Change shell for jerome to zsh
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-04-03 16:48:32 +02:00
Florian Pritz
83ce9add96
Add archive uploader
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-03-30 22:57:01 +01:00
Sven-Hendrik Haase
48dc27e492
Add terraform_state role
2019-03-24 20:54:57 +01:00
Evangelos Foutras
282266d4ff
Add my build host key to dragon
2019-03-20 00:06:45 +02:00
Giancarlo Razzolini
6085c220f9
Merge branch 'master' of arch-git:/srv/git/infrastructure
2019-03-19 16:40:43 -03:00
Giancarlo Razzolini
5f5c0d56bd
archusers: Add developer powers to dvzrv.
2019-03-19 16:39:09 -03:00
Sven-Hendrik Haase
ab1c932e7a
Lower Python version requirement to any Python 3 version
...
This is because otherwise we'll fail to install on any system not explicitly running Python 3.7 (like some Debian we provision Arch on).
We don't strictly need Python 3.7 and most Python 3 versions will in fact work with Ansible.
2019-03-19 18:51:44 +01:00
Evangelos Foutras
d9f1649cb3
common: drop congestion control configuration
...
It's highly unlikely we'll be using anything other than cubic, so there
is no need for this to be configurable.
2019-02-27 11:49:26 +02:00
Florian Pritz
ed51f84f7d
Remove allan from wheel group
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 22:23:47 +01:00
Florian Pritz
2ec6c3adf6
Give Pierre full root access
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:32:18 +01:00
Florian Pritz
cb46185a7f
Document what to run when root_access variables are changed
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:32:18 +01:00
Florian Pritz
6d4c3dee5f
root_access: Sort lists
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:12:37 +01:00
Florian Pritz
8b8abd3d83
Rename group_vars/root_pubkeys to root_access
...
This better reflects the content (sudo wheel access + root login).
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:07:49 +01:00
Florian Pritz
cba5e3eb1b
Move sudo_users to root_pubkeys.yml
...
This ensures that all info regarding "who has root" is in one place.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:06:33 +01:00
Florian Pritz
69bc8d008c
Remove dave and ionut from wheel group
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-02-10 15:05:16 +01:00
Jan Alexander Steffens (heftig)
9540818e3a
archweb: Add well-known file required for Matrix
...
https://github.com/matrix-org/synapse/blob/master/docs/MSC1711_certificates_FAQ.md
2019-02-06 00:23:12 +01:00
Bartłomiej Piotrowski
d7e53c07c9
Add new TU - Daurnimator
2019-01-27 19:06:49 +01:00
Florian Pritz
199e39dddf
Disable BBR TCP congestion control
...
BBR behaves badly when it is not the sole connection. It slows down
other streams (bbr and cubic) and generally doesn't scale well when
deployed widely. Let's disable it so we don't make the internet for
others worse.
https://ripe76.ripe.net/presentations/10-2018-05-15-bbr.pdf
7dd7510424
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-21 16:49:01 +01:00
Florian Pritz
38c0fdaf2c
Set default zabbix_agent_templates
...
This is mostly so that the roles runs OK and that we have every host in
there. This change only affects 2 unused pia machines. All other hosts
already set a template list.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 18:19:42 +01:00
Florian Pritz
0efeaa3e78
Remove python2 group_vars
...
This breaks firewalld for machines where this variable hasn't yet been
reconfigured. We don't need python2 anywhere so just get rid of this and
use the python3 default I put into another group var already.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 18:02:17 +01:00
Florian Pritz
7401c79bfa
Remove redundant dns_servers definitions and use 127.0.0.1 everywhere
...
This only changes the dns server of two unused PIA boxes. All other
machines were already configured like this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 17:29:35 +01:00
Florian Pritz
682835af84
Enable firewall for all hosts
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 17:15:26 +01:00
Florian Pritz
d364a72800
Use unbound for DNS and disable resolved when unbound is used
...
We don't need resolved and it is sometimes buggy so let's just get rid
of it and use unbound like we do on our mail machines already.
Details: 7dd7510424
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 16:39:57 +01:00
Florian Pritz
f5fb5c43cf
Add new TU - Daniel M. Capella
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-07 11:52:39 +01:00
Evangelos Foutras
bd4fd43a28
Add my host-specific key used to fetch packages
...
Key resides on orion and is used to pull packages from soyuz and sgp.
2018-11-27 14:43:48 +02:00
Jan Alexander Steffens (heftig)
32a0c062ed
Update my SSH keys
...
Work key to soyuz because I sync my zsh/nvim/stuff config with it if I
can't reach my home network.
2018-11-27 12:49:39 +01:00
Florian Pritz
4366b9b070
Manage zabbix host configuration via ansible
...
This currently deploys the same configuration we used to have apart from
some '127.0.0.1' IPs for the agent IP, but those were incorrect anyways.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-25 17:10:50 +01:00
Florian Pritz
49caae399b
Add soyuz-only key for Maxim
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-25 15:52:59 +01:00
Bartłomiej Piotrowski
65cca332e3
Add new TU - Brett Cornwall
2018-11-21 12:00:42 +01:00
Florian Pritz
c5a14a00cc
Add new TU - Maxim Baz
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 23:52:01 +01:00
Bartłomiej Piotrowski
7c11caa5e4
Add new TU - Konstantin Gizdov
2018-11-13 10:11:47 +01:00
Florian Pritz
f944db487c
Add new TU - Daniel Bermond
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-07 10:35:32 +01:00
Jan Alexander Steffens (heftig)
5a1700eba2
roles/matrix: Sync config with generated default one
2018-11-05 23:56:50 +01:00
Jelle van der Waa
13c37bf6df
Remove dan from sudoers
2018-10-03 21:48:59 +02:00
Jelle van der Waa
32b37e8552
archusers: eric resigned
...
Remove eric's pubkey and addition of it['s user account.
2018-09-19 10:59:07 +02:00
Florian Pritz
a4ee0643a7
Add new TU - Chih-Hsuan Yen
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-31 23:28:21 +02:00
Phillip Smith
f73d2d0d3f
set variables to enable firewall
2018-08-17 10:32:35 +10:00
Florian Pritz
48cbaf9f2c
Create docker-image-sudo group
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-07 19:45:32 +02:00
Florian Pritz
3edfe3adc0
Give sangy sudo to docker-image user
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-07 19:43:02 +02:00
Florian Pritz
0f0ea32304
Add new TU - Santiago Torres-Arias
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-07 14:50:51 +02:00
Bartłomiej Piotrowski
05cb80d613
Remove Pierre Neidhart's account
2018-07-31 12:47:43 +02:00
Florian Pritz
e3355a2527
Add new TU - Filipe Laíns
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-07-28 10:26:59 +02:00
Florian Pritz
592765f5b1
Change vault key and rekey all vault files
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-07 12:11:06 +02:00
Florian Pritz
f185ead14b
Improve group vars vault usage for matrix
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-07 12:11:06 +02:00