mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-20 04:53:30 +02:00
Code Issues
1,143 Commits 29 Branches 0 Tags 20 MiB
342d27bd5c
Commit Graph

1143 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jelle van der Waa
342d27bd5c Stop => Start 
This unit has no ExecStop nor do we want a timeout for ExecStop but we
want one for ExecStart.
 2019-01-19 21:19:52 +01:00
Jelle van der Waa
637cbd6adb docs: document impi access 2019-01-19 20:12:32 +01:00
Jelle van der Waa
c86e6c8684 kanboard: update to 1.2.7 2019-01-19 19:47:12 +01:00
Jelle van der Waa
6c35b76a72 postgres: update to python3 dependency 
Our roles are switched to python3 and have to be updated to install the
python3 variant of modules to deploy the role.
 2019-01-19 00:10:07 +01:00
Florian Pritz
0bf85de82b archwiki: Automatically update registration question when pacman package is updated 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-15 15:22:10 +01:00
Florian Pritz
67a1b894f7 archwiki: Use loop instead of multiple tasks for systemd units 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-15 15:22:10 +01:00
Jelle van der Waa
cd4a871b11 grafana: sync upstream configuration file 2019-01-14 22:11:57 +01:00
Jelle van der Waa
a4273931c5 reprobuilds: remove repro build nodes 2019-01-14 22:10:02 +01:00
Florian Pritz
aeae6cd42b
archwiki: Update pacman string 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-14 15:44:18 +01:00
Florian Pritz
36d8f3974a
php: Merge upstream php.ini changes 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-14 15:16:40 +01:00
Florian Pritz
4cb57b2746
Update dbscripts to 20190113 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-14 00:13:10 +01:00
Jelle van der Waa
856a6032e4 sync system.conf configuration file from pacnew 2019-01-13 20:29:29 +01:00
Florian Pritz
6cbcba629b
archive: Redirect .all packages to /packages/ tree 
Currently .all/ keeps symlinks for each package file that point to the
actual file. We also track all files in the /pacakages/ tree separated
into directories based on their pkgname. This rewrite rule matches the
.all/ URLs to the /packages/ directory tree so that we can eventually
delete the symlinks from .all/.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-13 17:48:21 +01:00
Florian Pritz
e0f9bd5777
dbscripts: Disable NoNewPrivileges for cleanup.service 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-13 13:39:48 +01:00
Florian Pritz
367cc0f8c4
zabbix-agent: Install pytthon-zabbix-api on localhost 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-13 13:23:18 +01:00
Florian Pritz
e051b47e27
Remove docs/zabbix.txt 
This text is no longer relevant since zabbix configuration is now
handled via ansible and not via the zabbix website.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-13 13:12:55 +01:00
Florian Pritz
bfbfa26641 Update pacman website to 5.1.2 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-13 10:24:53 +01:00
Florian Pritz
9d95627045 Update dbscripts to 20190111-2 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-11 22:44:21 +01:00
Jelle van der Waa
3d3ab44d36 archweb: update to latest version 
Update django to 1.11.18 security release
 2019-01-11 22:26:39 +01:00
Florian Pritz
29a783b599 Update dbscripts to 20190111 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-11 18:16:22 +01:00
Florian Pritz
08e411bfb2
dbscripts: Add sudoers entries for package archive 
Context: https://lists.archlinux.org/pipermail/arch-projects/2019-January/005063.html

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2019-01-10 16:04:14 +01:00
Jelle van der Waa
8dcb89d7db zabbix-agent: arch-audit exclude testing repo updates 
arch-audit -u also recommends updating to testing packages, while this
is not something we recommend or want.
 2019-01-07 18:30:50 +01:00
Jelle van der Waa
daea84c9bd dbscripts: harden cleanup script 2018-12-30 22:43:36 +01:00
Jelle van der Waa
711db78730 Add postgresql servers group for zabbix-agent role 2018-12-29 23:23:38 +01:00
Jelle van der Waa
c9eb2209e5 zabbix-agent: add PostgreSQL DB size monitoring 
Add monitoring for our PostgreSQL DB size using a similiar construct as
the MySQL DB size monitoring with a perl script.
 2018-12-29 23:12:53 +01:00
Jelle van der Waa
0777baea09 orion: migrate torrent tracker from luna to orion 
Add a role for the hefur torrent tracker. A simple
service which runs on tracker.archlinux.org. Note that our setup
overrides a few things of the systemd service.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2018-12-27 19:58:53 +01:00
Florian Pritz
38c0fdaf2c
Set default zabbix_agent_templates 
This is mostly so that the roles runs OK and that we have every host in
there. This change only affects 2 unused pia machines. All other hosts
already set a template list.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 18:19:42 +01:00
Florian Pritz
0efeaa3e78
Remove python2 group_vars 
This breaks firewalld for machines where this variable hasn't yet been
reconfigured. We don't need python2 anywhere so just get rid of this and
use the python3 default I put into another group var already.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 18:02:17 +01:00
Florian Pritz
7401c79bfa
Remove redundant dns_servers definitions and use 127.0.0.1 everywhere 
This only changes the dns server of two unused PIA boxes. All other
machines were already configured like this.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 17:29:35 +01:00
Florian Pritz
aa10283811
zabbix-agent: Never mark PSK key fetching as changed 
It's just a cat and only populates the variable. No need to mark it
changed every time.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 17:24:20 +01:00
Florian Pritz
682835af84
Enable firewall for all hosts 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 17:15:26 +01:00
Florian Pritz
da8bea46ea
Fix deprecated result|failed syntax 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 16:54:32 +01:00
Florian Pritz
0088387540
Replace deprecated pacman with_items usage with direct list 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 16:52:33 +01:00
Florian Pritz
d364a72800 Use unbound for DNS and disable resolved when unbound is used 
We don't need resolved and it is sometimes buggy so let's just get rid
of it and use unbound like we do on our mail machines already.

Details: 7dd7510424

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-25 16:39:57 +01:00
Jelle van der Waa
744dae84a5 remove hefurd open port from apollo 
luna runs hefurd
 2018-12-25 15:50:01 +01:00
Florian Pritz
dc0f789315
Add TODO 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-24 12:35:19 +01:00
Jan Alexander Steffens (heftig)
27a1149062
roles/matrix: Use yarn instead of npm 2018-12-20 20:16:15 +01:00
Jan Alexander Steffens (heftig)
e794c4fe60
roles/matrix: Don't restart IRC appservice when restarting synapse 2018-12-20 20:12:18 +01:00
Jan Alexander Steffens (heftig)
5c9922bd19
roles/matrix: Use jemalloc for synapse 2018-12-20 20:11:47 +01:00
Jan Alexander Steffens (heftig)
03d14f846f
roles/matrix: Sync config 2018-12-20 20:08:11 +01:00
Jan Alexander Steffens (heftig)
b7073b58ae
roles/matrix: Upgrade synapse to Python 3 2018-12-20 19:51:30 +01:00
Jan Alexander Steffens (heftig)
03e66d8cba
roles/matrix: Change log level to ERROR 2018-12-20 14:39:11 +01:00
Jelle van der Waa
6134cf9ae5 security_tracker: harden system service 
Mount /usr, /etc read only, protect the /home, /tmp and kernel
directories. Also disallow privilige escalation.
 2018-12-15 23:04:59 +01:00
Eli Schwartz
6560a2dfc0 archbuild: allow passing through the SOURCE_DATE_EPOCH variable 
When using restrictive sudoers profiles, the builtin mechanism for
whitelisting this variable on the sudo command line does not work.

Explicitly whitelist it anyway by matching on the ARCHBUILD role.
 2018-12-14 09:54:51 +01:00
Jelle van der Waa
1c25da6327 Update services in README 2018-12-13 22:54:57 +01:00
Florian Pritz
ce5dcc7324
archusers: Set empty password when creating accounts 
This hopefully allows users to use `passwd` to set a password which is
necessary for email.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-10 09:41:57 +01:00
Florian Pritz
add585968d
docs/email: Explain email client settings for users 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-10 09:26:38 +01:00
Florian Pritz
f5fb5c43cf
Add new TU - Daniel M. Capella 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-12-07 11:52:39 +01:00
Jelle van der Waa
51b66f2068 sshd: validate sshd_config on copying 2018-12-02 21:23:26 +01:00
Evangelos Foutras
bd4fd43a28 Add my host-specific key used to fetch packages 
Key resides on orion and is used to pull packages from soyuz and sgp.
 2018-11-27 14:43:48 +02:00