Jelle van der Waa
101f428fdb
Mention postgresql/gitlab/mariadb backups
...
Document how we backup our databases/gitlab instances.
2021-09-04 22:00:01 +02:00
Jelle van der Waa
77753e266f
Update banning docs for wireguard
2021-08-01 17:03:00 +02:00
Kristian Klausen
208a533910
Remove reference to disabled STARTTLS Submission (port 587)
...
Disabled in:
0ae67c4a
("postfix: Disable STARTTLS Submission (port 587)")
2021-07-30 15:49:21 +02:00
Kristian Klausen
3ba230b17c
Replace runner1 with a new bigger box
...
CPU: Intel Xeon E5-2620 -> E-2288G
Disk: 2x~1TB -> 2x~500GB
2021-07-21 00:40:59 +02:00
Kristian Klausen
2304dc5caa
Split the postfix role into a role for mail.a.o and the clients
...
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
2021-07-16 20:02:05 +02:00
Jelle van der Waa
314aa3556e
Rate limit archlinux.org and fail2ban abusers
...
Add a default rate limit for 20 req/s for the uwsgi endpoint and
automatically ban users who reach this limit. The nginx-limit-req rule
does not ban users who reach the rss limit as these are not likely DoS
attempts.
2021-07-11 21:10:38 +02:00
Kristian Klausen
9a513cadd4
docs/email: Remove reference to removed SMTP port 10027
...
The port was removed in:
4729ba40
("postfix: Remove special "fast-path" smtpd")
2021-07-09 22:40:09 +02:00
Kristian Klausen
79f7d59910
Goodbye luna
...
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html
Fix #86
2021-07-04 12:46:01 +00:00
Jelle van der Waa
0d2c553db0
Document rsync.net OTP token setup
2021-07-03 15:22:12 +02:00
Evangelos Foutras
62c78dfa1c
Use sub-accounts for backups to Hetzner Storage Box
...
This offers improved separation between the server backups and should
avoid bumping against the storage box 10 concurrent connection limit.
Fixes: https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/362
2021-07-02 19:04:19 +03:00
Kristian Klausen
ac8e5863c5
Update host keys and known hosts
2021-06-30 09:30:31 +00:00
Kristian Klausen
41c5a5e26c
Add initial playbook for lists.archlinux.org
...
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
a998e80dcf
Change IRC network to Libera Chat[1]
...
[1] https://archlinux.org/news/move-of-official-irc-channels-to-liberachat/
2021-06-03 20:54:17 +00:00
Jan Alexander Steffens (heftig)
407163f39b
matrix: Move IRC bridge to Libera Chat
2021-06-01 18:44:21 +02:00
Jelle van der Waa
7c2af1598d
Add aur-dev to our servers list
2021-05-28 14:40:29 +02:00
Jelle van der Waa
d014d839a4
Document our Gitlab Servicedesk aliases
2021-05-23 21:58:30 +02:00
Leonidas Spyropoulos
e5773374fe
fail2ban: Ban IPs based on nginx request abuse
...
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
2021-05-23 19:50:25 +00:00
Jelle van der Waa
7b216d5710
Add otp documentation for uptimerobot
2021-05-18 22:51:16 +02:00
Jelle van der Waa
c6baa1dfc9
Document adding a dashboard to our public instance
2021-05-15 18:08:25 +02:00
Jelle van der Waa
1f37eb16ef
Document how to add metrics to dashboards.archlinux.org
...
Document how to whitelist some metrics for the public Grafana instance.
Closes: #334
2021-05-15 17:52:07 +02:00
Jelle van der Waa
d6626844c0
Add AUR monitoring documentation
2021-05-15 17:18:06 +02:00
Jelle van der Waa
4321309d76
Add docs for firewalld-cmd banning
2021-05-15 13:41:26 +02:00
Kristian Klausen
9ef30adb21
Mention dashboards.archlinux.org in the docs
2021-05-13 23:36:44 +02:00
Jakub Klinkovský
63736ab38d
add docs/testing.md
2021-04-26 23:37:30 +00:00
Jelle van der Waa
a9c2da23e0
Add Loki documentation to monitoring
2021-04-08 22:02:10 +02:00
Kristian Klausen
7235e726d6
Implement centralized logging
...
Fix #263
2021-04-08 20:33:43 +02:00
Kristian Klausen
fabccd0f61
"Move" NM connectivity check file to a subdomain
...
The file should not be on the main domain as it adds unnecessary
complexity to the archweb role and there is a bigger chance that we
unintentionally break connectivity checking (which has happened in the
past[1][2]).
This doesn't remove the file from the main domain[3], as we need to ship
a updated NetworkManager package first.
[1] https://www.reddit.com/r/archlinux/comments/keai0g/does_anyone_know_if_this_is_normal/
[2] https://www.reddit.com/r/gnome/comments/ke9ytm/network_manager_popup/
[3] http://www.archlinux.org/check_network_status.txt
Fix #239
2021-02-25 20:23:56 +01:00
Jelle van der Waa
3124cfd933
Add hedgedoc as new service
...
This adds a collaborative markdown editor as newly offered service which
is available via login for all Arch Linux Staff with an option to allow
anonymous edits by users (not default). Users are managed via keycloak
and require the Staff role to be allowed in, non staff keycloak users
currently will receive an internal server error due to an upstream
issue.
2021-02-01 21:59:30 +01:00
Sven-Hendrik Haase
44f497e52b
Remove dragon ( fixes #267 )
2021-01-31 13:54:14 +01:00
Jelle van der Waa
8ea35153b6
Add a btrfs prometheus exporter
...
Collect prometheus btrfs errors from the btrfs command from btrfs-progs
which since 5.10 supports json output for device stats. The collected
errors will in the future trigger an alert when the errors reach a
certain treshold.
2021-01-26 23:01:28 +01:00
Sven-Hendrik Haase
83cbb36866
Add build.archlinux.org
2021-01-26 18:06:09 +01:00
Jelle van der Waa
c62adf42dc
Make Kape archive servers, arch mirrors as well.
...
Closes: #231
2021-01-26 16:56:41 +01:00
Evangelos Foutras
6d813e52fb
Merge sogrep (createlinks script) into dbscripts
...
Databases used by sogrep are fetched by syncrepo from gemini, no point
in duplicating this work; consider this to be part of roles/dbscripts.
2021-01-24 09:47:04 +02:00
Sven-Hendrik Haase
8327ffd974
Deploy man.archlinux.org
2021-01-11 14:55:29 +01:00
Jelle van der Waa
8b0950a30a
Remove openpgpkey.archlinux.org leftovers
2021-01-10 21:05:12 +01:00
Giancarlo Razzolini
fe4520501c
docs/servers: Remove apollo and add missing servers
...
Removed apollo and added the following servers: archlinux.org, mail.archlinux.org,
patchwork.archlinux.org, redirect.archlinux.org, security.archlinux.org and wiki.archlinux.org
2020-12-29 07:47:50 -03:00
Giancarlo Razzolini
dee3a10078
docs/ssh: Remove apollo from hostkeys and known_hosts
...
Removed apollo from the ssh-hostkeys and ssh-known_hosts files.
2020-12-29 07:18:25 -03:00
Giancarlo Razzolini
871898d340
docs/fail2ban: Remove mentions of apollo and orion
...
Removed any mentions of apollo and also orion, since it was decommissioned a long
time ago.
2020-12-29 07:17:41 -03:00
Giancarlo Razzolini
51e596fff3
docs/ssh-hostkeys: Fix svn2gittest name
...
The svn2gittest was renamed to fqdn, so fix it on the ssh hostkeys and knowhosts.
2020-12-28 13:55:25 -03:00
Frederik Schwan
06d5360ec7
add redirect server to handle redirects for deprecated domains
2020-12-26 23:35:32 +00:00
Giancarlo Razzolini
c584f23104
docs/ssh-known-hosts: Add the know hosts for security.archlinux.org
2020-12-25 14:40:49 -03:00
Giancarlo Razzolini
c8dabdc35b
docs/ssh-hostkeys: Add security.archlinux.org ssh keys
...
Add the security.archlinux.org ssh host keys so we can have the backup working.
2020-12-25 14:40:49 -03:00
Giancarlo Razzolini
1bb1b63334
docs/ssh-hostkeys: Update the hostkeys for the new patchwork.archlinux.org server
...
Updated the hostkeys for the new patchwork server.
2020-12-24 11:30:35 -03:00
Frederik Schwan
0176503a3a
add docs to grow disks
2020-12-22 12:28:16 +01:00
Kristian Klausen
59200d5119
Move the "Servers" section from the readme to docs/servers.md
2020-12-18 17:41:42 +01:00
Giancarlo Razzolini
f40c23c04e
docs/maintenance: Add section on custom nginx template
...
Added some documentation regarding the service_nginx_template variable and the implications of
using it.
2020-12-17 09:23:30 -03:00
Jelle van der Waa
4658d36d18
Add archive specific monitoring
...
To monitor our archive mirrors and the archive size itself a new
textcollector has been added. This will allow us to monitor the archive
growth and the sync rate to mirrors.
2020-12-14 20:04:54 +01:00
Jakub Klinkovský
ece52b3b7d
Fix typo in docs/kape.md
...
The hosts file contains repro2.pkgbuild.com in the `[kape_servers]`
group.
2020-12-10 22:24:01 +01:00
Jelle van der Waa
7fe487ad27
Add Kape donated servers
...
Setup Kape servers as archive mirrors (asia,europe,america), Gitlab
runner and Rebuilderd worker. All machines except runner1 are EFI
machines with grub setup and a EFI parition which is not supported by
our ansible install role and is manually rolled out.
2020-12-07 20:28:55 +01:00
Jelle van der Waa
d793df2f4c
Add rebuilderd documentation
2020-12-03 16:19:43 +00:00