mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-27 15:56:05 +02:00
Code Issues
3,573 Commits 20 Branches 0 Tags 17 MiB
Commit Graph

121 Commits

Author SHA1 Message Date
Jelle van der Waa 101f428fdb
Mention postgresql/gitlab/mariadb backups 
Document how we backup our databases/gitlab instances.
 2021-09-04 22:00:01 +02:00
Jelle van der Waa 77753e266f
Update banning docs for wireguard 2021-08-01 17:03:00 +02:00
Kristian Klausen 208a533910
Remove reference to disabled STARTTLS Submission (port 587) 
Disabled in:
0ae67c4a ("postfix: Disable STARTTLS Submission (port 587)")
 2021-07-30 15:49:21 +02:00
Kristian Klausen 3ba230b17c Replace runner1 with a new bigger box 
CPU: Intel Xeon E5-2620 -> E-2288G
Disk: 2x~1TB -> 2x~500GB
 2021-07-21 00:40:59 +02:00
Kristian Klausen 2304dc5caa Split the postfix role into a role for mail.a.o and the clients 
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.

[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
 2021-07-16 20:02:05 +02:00
Jelle van der Waa 314aa3556e
Rate limit archlinux.org and fail2ban abusers 
Add a default rate limit for 20 req/s for the uwsgi endpoint and
automatically ban users who reach this limit. The nginx-limit-req rule
does not ban users who reach the rss limit as these are not likely DoS
attempts.
 2021-07-11 21:10:38 +02:00
Kristian Klausen 9a513cadd4
docs/email: Remove reference to removed SMTP port 10027 
The port was removed in:
4729ba40 ("postfix: Remove special "fast-path" smtpd")
 2021-07-09 22:40:09 +02:00
Kristian Klausen 79f7d59910 Goodbye luna 
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html

Fix #86
 2021-07-04 12:46:01 +00:00
Jelle van der Waa 0d2c553db0
Document rsync.net OTP token setup 2021-07-03 15:22:12 +02:00
Evangelos Foutras 62c78dfa1c
Use sub-accounts for backups to Hetzner Storage Box 
This offers improved separation between the server backups and should
avoid bumping against the storage box 10 concurrent connection limit.

Fixes: https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/362
 2021-07-02 19:04:19 +03:00
Kristian Klausen ac8e5863c5 Update host keys and known hosts 2021-06-30 09:30:31 +00:00
Kristian Klausen 41c5a5e26c Add initial playbook for lists.archlinux.org 
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
 2021-06-30 09:30:31 +00:00
Kristian Klausen a998e80dcf Change IRC network to Libera Chat[1] 
[1] https://archlinux.org/news/move-of-official-irc-channels-to-liberachat/
 2021-06-03 20:54:17 +00:00
Jan Alexander Steffens (heftig) 407163f39b
matrix: Move IRC bridge to Libera Chat 2021-06-01 18:44:21 +02:00
Jelle van der Waa 7c2af1598d
Add aur-dev to our servers list 2021-05-28 14:40:29 +02:00
Jelle van der Waa d014d839a4
Document our Gitlab Servicedesk aliases 2021-05-23 21:58:30 +02:00
Leonidas Spyropoulos e5773374fe fail2ban: Ban IPs based on nginx request abuse 
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
 2021-05-23 19:50:25 +00:00
Jelle van der Waa 7b216d5710
Add otp documentation for uptimerobot 2021-05-18 22:51:16 +02:00
Jelle van der Waa c6baa1dfc9
Document adding a dashboard to our public instance 2021-05-15 18:08:25 +02:00
Jelle van der Waa 1f37eb16ef
Document how to add metrics to dashboards.archlinux.org 
Document how to whitelist some metrics for the public Grafana instance.

Closes: #334
 2021-05-15 17:52:07 +02:00
Jelle van der Waa d6626844c0
Add AUR monitoring documentation 2021-05-15 17:18:06 +02:00
Jelle van der Waa 4321309d76
Add docs for firewalld-cmd banning 2021-05-15 13:41:26 +02:00
Kristian Klausen 9ef30adb21 Mention dashboards.archlinux.org in the docs 2021-05-13 23:36:44 +02:00
Jakub Klinkovský 63736ab38d add docs/testing.md 2021-04-26 23:37:30 +00:00
Jelle van der Waa a9c2da23e0
Add Loki documentation to monitoring 2021-04-08 22:02:10 +02:00
Kristian Klausen 7235e726d6
Implement centralized logging 
Fix #263
 2021-04-08 20:33:43 +02:00
Kristian Klausen fabccd0f61 "Move" NM connectivity check file to a subdomain 
The file should not be on the main domain as it adds unnecessary
complexity to the archweb role and there is a bigger chance that we
unintentionally break connectivity checking (which has happened in the
past[1][2]).

This doesn't remove the file from the main domain[3], as we need to ship
a updated NetworkManager package first.

[1] https://www.reddit.com/r/archlinux/comments/keai0g/does_anyone_know_if_this_is_normal/
[2] https://www.reddit.com/r/gnome/comments/ke9ytm/network_manager_popup/
[3] http://www.archlinux.org/check_network_status.txt

Fix #239
 2021-02-25 20:23:56 +01:00
Jelle van der Waa 3124cfd933
Add hedgedoc as new service 
This adds a collaborative markdown editor as newly offered service which
is available via login for all Arch Linux Staff with an option to allow
anonymous edits by users (not default). Users are managed via keycloak
and require the Staff role to be allowed in, non staff keycloak users
currently will receive an internal server error due to an upstream
issue.
 2021-02-01 21:59:30 +01:00
Sven-Hendrik Haase 44f497e52b
Remove dragon (fixes #267) 2021-01-31 13:54:14 +01:00
Jelle van der Waa 8ea35153b6
Add a btrfs prometheus exporter 
Collect prometheus btrfs errors from the btrfs command from btrfs-progs
which since 5.10 supports json output for device stats. The collected
errors will in the future trigger an alert when the errors reach a
certain treshold.
 2021-01-26 23:01:28 +01:00
Sven-Hendrik Haase 83cbb36866
Add build.archlinux.org 2021-01-26 18:06:09 +01:00
Jelle van der Waa c62adf42dc
Make Kape archive servers, arch mirrors as well. 
Closes: #231
 2021-01-26 16:56:41 +01:00
Evangelos Foutras 6d813e52fb
Merge sogrep (createlinks script) into dbscripts 
Databases used by sogrep are fetched by syncrepo from gemini, no point
in duplicating this work; consider this to be part of roles/dbscripts.
 2021-01-24 09:47:04 +02:00
Sven-Hendrik Haase 8327ffd974
Deploy man.archlinux.org 2021-01-11 14:55:29 +01:00
Jelle van der Waa 8b0950a30a
Remove openpgpkey.archlinux.org leftovers 2021-01-10 21:05:12 +01:00
Giancarlo Razzolini fe4520501c
docs/servers: Remove apollo and add missing servers 
Removed apollo and added the following servers: archlinux.org, mail.archlinux.org,
patchwork.archlinux.org, redirect.archlinux.org, security.archlinux.org and wiki.archlinux.org
 2020-12-29 07:47:50 -03:00
Giancarlo Razzolini dee3a10078
docs/ssh: Remove apollo from hostkeys and known_hosts 
Removed apollo from the ssh-hostkeys and ssh-known_hosts files.
 2020-12-29 07:18:25 -03:00
Giancarlo Razzolini 871898d340
docs/fail2ban: Remove mentions of apollo and orion 
Removed any mentions of apollo and also orion, since it was decommissioned a long
time ago.
 2020-12-29 07:17:41 -03:00
Giancarlo Razzolini 51e596fff3
docs/ssh-hostkeys: Fix svn2gittest name 
The svn2gittest was renamed to fqdn, so fix it on the ssh hostkeys and knowhosts.
 2020-12-28 13:55:25 -03:00
Frederik Schwan 06d5360ec7 add redirect server to handle redirects for deprecated domains 2020-12-26 23:35:32 +00:00
Giancarlo Razzolini c584f23104
docs/ssh-known-hosts: Add the know hosts for security.archlinux.org 2020-12-25 14:40:49 -03:00
Giancarlo Razzolini c8dabdc35b
docs/ssh-hostkeys: Add security.archlinux.org ssh keys 
Add the security.archlinux.org ssh host keys so we can have the backup working.
 2020-12-25 14:40:49 -03:00
Giancarlo Razzolini 1bb1b63334
docs/ssh-hostkeys: Update the hostkeys for the new patchwork.archlinux.org server 
Updated the hostkeys for the new patchwork server.
 2020-12-24 11:30:35 -03:00
Frederik Schwan 0176503a3a
add docs to grow disks 2020-12-22 12:28:16 +01:00
Kristian Klausen 59200d5119 Move the "Servers" section from the readme to docs/servers.md 2020-12-18 17:41:42 +01:00
Giancarlo Razzolini f40c23c04e
docs/maintenance: Add section on custom nginx template 
Added some documentation regarding the service_nginx_template variable and the implications of
using it.
 2020-12-17 09:23:30 -03:00
Jelle van der Waa 4658d36d18
Add archive specific monitoring 
To monitor our archive mirrors and the archive size itself a new
textcollector has been added. This will allow us to monitor the archive
growth and the sync rate to mirrors.
 2020-12-14 20:04:54 +01:00
Jakub Klinkovský ece52b3b7d
Fix typo in docs/kape.md 
The hosts file contains repro2.pkgbuild.com in the `[kape_servers]`
group.
 2020-12-10 22:24:01 +01:00
Jelle van der Waa 7fe487ad27
Add Kape donated servers 
Setup Kape servers as archive mirrors (asia,europe,america), Gitlab
runner and Rebuilderd worker. All machines except runner1 are EFI
machines with grub setup and a EFI parition which is not supported by
our ansible install role and is manually rolled out.
 2020-12-07 20:28:55 +01:00
Jelle van der Waa d793df2f4c Add rebuilderd documentation 2020-12-03 16:19:43 +00:00