Jelle van der Waa
342d27bd5c
Stop => Start
...
This unit has no ExecStop nor do we want a timeout for ExecStop but we
want one for ExecStart.
2019-01-19 21:19:52 +01:00
Jelle van der Waa
637cbd6adb
docs: document impi access
2019-01-19 20:12:32 +01:00
Jelle van der Waa
c86e6c8684
kanboard: update to 1.2.7
2019-01-19 19:47:12 +01:00
Jelle van der Waa
6c35b76a72
postgres: update to python3 dependency
...
Our roles are switched to python3 and have to be updated to install the
python3 variant of modules to deploy the role.
2019-01-19 00:10:07 +01:00
Florian Pritz
0bf85de82b
archwiki: Automatically update registration question when pacman package is updated
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-15 15:22:10 +01:00
Florian Pritz
67a1b894f7
archwiki: Use loop instead of multiple tasks for systemd units
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-15 15:22:10 +01:00
Jelle van der Waa
cd4a871b11
grafana: sync upstream configuration file
2019-01-14 22:11:57 +01:00
Jelle van der Waa
a4273931c5
reprobuilds: remove repro build nodes
2019-01-14 22:10:02 +01:00
Florian Pritz
aeae6cd42b
archwiki: Update pacman string
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-14 15:44:18 +01:00
Florian Pritz
36d8f3974a
php: Merge upstream php.ini changes
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-14 15:16:40 +01:00
Florian Pritz
4cb57b2746
Update dbscripts to 20190113
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-14 00:13:10 +01:00
Jelle van der Waa
856a6032e4
sync system.conf configuration file from pacnew
2019-01-13 20:29:29 +01:00
Florian Pritz
6cbcba629b
archive: Redirect .all packages to /packages/ tree
...
Currently .all/ keeps symlinks for each package file that point to the
actual file. We also track all files in the /pacakages/ tree separated
into directories based on their pkgname. This rewrite rule matches the
.all/ URLs to the /packages/ directory tree so that we can eventually
delete the symlinks from .all/.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-13 17:48:21 +01:00
Florian Pritz
e0f9bd5777
dbscripts: Disable NoNewPrivileges for cleanup.service
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-13 13:39:48 +01:00
Florian Pritz
367cc0f8c4
zabbix-agent: Install pytthon-zabbix-api on localhost
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-13 13:23:18 +01:00
Florian Pritz
e051b47e27
Remove docs/zabbix.txt
...
This text is no longer relevant since zabbix configuration is now
handled via ansible and not via the zabbix website.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-13 13:12:55 +01:00
Florian Pritz
bfbfa26641
Update pacman website to 5.1.2
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-13 10:24:53 +01:00
Florian Pritz
9d95627045
Update dbscripts to 20190111-2
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-11 22:44:21 +01:00
Jelle van der Waa
3d3ab44d36
archweb: update to latest version
...
Update django to 1.11.18 security release
2019-01-11 22:26:39 +01:00
Florian Pritz
29a783b599
Update dbscripts to 20190111
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-11 18:16:22 +01:00
Florian Pritz
08e411bfb2
dbscripts: Add sudoers entries for package archive
...
Context: https://lists.archlinux.org/pipermail/arch-projects/2019-January/005063.html
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-10 16:04:14 +01:00
Jelle van der Waa
8dcb89d7db
zabbix-agent: arch-audit exclude testing repo updates
...
arch-audit -u also recommends updating to testing packages, while this
is not something we recommend or want.
2019-01-07 18:30:50 +01:00
Jelle van der Waa
daea84c9bd
dbscripts: harden cleanup script
2018-12-30 22:43:36 +01:00
Jelle van der Waa
711db78730
Add postgresql servers group for zabbix-agent role
2018-12-29 23:23:38 +01:00
Jelle van der Waa
c9eb2209e5
zabbix-agent: add PostgreSQL DB size monitoring
...
Add monitoring for our PostgreSQL DB size using a similiar construct as
the MySQL DB size monitoring with a perl script.
2018-12-29 23:12:53 +01:00
Jelle van der Waa
0777baea09
orion: migrate torrent tracker from luna to orion
...
Add a role for the hefur torrent tracker. A simple
service which runs on tracker.archlinux.org. Note that our setup
overrides a few things of the systemd service.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2018-12-27 19:58:53 +01:00
Florian Pritz
38c0fdaf2c
Set default zabbix_agent_templates
...
This is mostly so that the roles runs OK and that we have every host in
there. This change only affects 2 unused pia machines. All other hosts
already set a template list.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 18:19:42 +01:00
Florian Pritz
0efeaa3e78
Remove python2 group_vars
...
This breaks firewalld for machines where this variable hasn't yet been
reconfigured. We don't need python2 anywhere so just get rid of this and
use the python3 default I put into another group var already.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 18:02:17 +01:00
Florian Pritz
7401c79bfa
Remove redundant dns_servers definitions and use 127.0.0.1 everywhere
...
This only changes the dns server of two unused PIA boxes. All other
machines were already configured like this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 17:29:35 +01:00
Florian Pritz
aa10283811
zabbix-agent: Never mark PSK key fetching as changed
...
It's just a cat and only populates the variable. No need to mark it
changed every time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 17:24:20 +01:00
Florian Pritz
682835af84
Enable firewall for all hosts
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 17:15:26 +01:00
Florian Pritz
da8bea46ea
Fix deprecated result|failed syntax
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 16:54:32 +01:00
Florian Pritz
0088387540
Replace deprecated pacman with_items usage with direct list
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 16:52:33 +01:00
Florian Pritz
d364a72800
Use unbound for DNS and disable resolved when unbound is used
...
We don't need resolved and it is sometimes buggy so let's just get rid
of it and use unbound like we do on our mail machines already.
Details: 7dd7510424
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-25 16:39:57 +01:00
Jelle van der Waa
744dae84a5
remove hefurd open port from apollo
...
luna runs hefurd
2018-12-25 15:50:01 +01:00
Florian Pritz
dc0f789315
Add TODO
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-24 12:35:19 +01:00
Jan Alexander Steffens (heftig)
27a1149062
roles/matrix: Use yarn instead of npm
2018-12-20 20:16:15 +01:00
Jan Alexander Steffens (heftig)
e794c4fe60
roles/matrix: Don't restart IRC appservice when restarting synapse
2018-12-20 20:12:18 +01:00
Jan Alexander Steffens (heftig)
5c9922bd19
roles/matrix: Use jemalloc for synapse
2018-12-20 20:11:47 +01:00
Jan Alexander Steffens (heftig)
03d14f846f
roles/matrix: Sync config
2018-12-20 20:08:11 +01:00
Jan Alexander Steffens (heftig)
b7073b58ae
roles/matrix: Upgrade synapse to Python 3
2018-12-20 19:51:30 +01:00
Jan Alexander Steffens (heftig)
03e66d8cba
roles/matrix: Change log level to ERROR
2018-12-20 14:39:11 +01:00
Jelle van der Waa
6134cf9ae5
security_tracker: harden system service
...
Mount /usr, /etc read only, protect the /home, /tmp and kernel
directories. Also disallow privilige escalation.
2018-12-15 23:04:59 +01:00
Eli Schwartz
6560a2dfc0
archbuild: allow passing through the SOURCE_DATE_EPOCH variable
...
When using restrictive sudoers profiles, the builtin mechanism for
whitelisting this variable on the sudo command line does not work.
Explicitly whitelist it anyway by matching on the ARCHBUILD role.
2018-12-14 09:54:51 +01:00
Jelle van der Waa
1c25da6327
Update services in README
2018-12-13 22:54:57 +01:00
Florian Pritz
ce5dcc7324
archusers: Set empty password when creating accounts
...
This hopefully allows users to use `passwd` to set a password which is
necessary for email.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-10 09:41:57 +01:00
Florian Pritz
add585968d
docs/email: Explain email client settings for users
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-10 09:26:38 +01:00
Florian Pritz
f5fb5c43cf
Add new TU - Daniel M. Capella
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-12-07 11:52:39 +01:00
Jelle van der Waa
51b66f2068
sshd: validate sshd_config on copying
2018-12-02 21:23:26 +01:00
Evangelos Foutras
bd4fd43a28
Add my host-specific key used to fetch packages
...
Key resides on orion and is used to pull packages from soyuz and sgp.
2018-11-27 14:43:48 +02:00