Kristian Klausen
7da1e273fc
Cleanup tools
...
Fix #392
2021-10-02 14:45:02 +02:00
Evangelos Foutras
312738318e
Update pacman website to 6.0.1 and switch to meson
...
Also adjust indentation and make the uploaded files owned by nobody.
2021-09-10 11:20:12 +03:00
Jakub Klinkovský
70d1910047
Update archmanweb to v1.3
2021-09-02 21:30:25 +02:00
Kristian Klausen
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
Evangelos Foutras
5ff9037832
Do not reboot gemini if there are logged on users
...
This is done to avoid killing db-update and related processes.
2021-08-23 21:15:49 +03:00
Evangelos Foutras
4986190a69
Skip rebooting if package builds are running
2021-08-23 21:15:49 +03:00
Evangelos Foutras
485e26bb53
Wait for svntogit before rebooting after upgrade
2021-08-22 19:46:40 +03:00
Evangelos Foutras
19084fe336
Abort the play if any hosts fail to upgrade
2021-08-22 19:46:40 +03:00
Evangelos Foutras
7605e7ee78
Use serial = 1 for servers without rescue shell
2021-08-22 19:46:39 +03:00
Evangelos Foutras
871f9a208e
Do rolling upgrades in batches of 20%
2021-08-22 19:46:39 +03:00
Evangelos Foutras
55199ad75a
Update archlinux-keyring before full system upgrade
2021-08-22 19:46:39 +03:00
Evangelos Foutras
0bc7a762bf
upgrade-servers: Don't reboot if no upgrades occurred
2021-08-22 19:46:39 +03:00
Evangelos Foutras
ad14ad7db8
Add simple playbook task for upgrading servers
...
We want to treat our servers as cattle; hopefully when this is fleshed
out a bit more, it can accomplish the job without too many casualties.
2021-08-22 19:46:39 +03:00
Evangelos Foutras
5a88a31374
fluxbb: Speed up search and increase buffer pool
2021-08-19 03:48:53 +03:00
Evangelos Foutras
6534413cf3
mariadb: Tweak query cache settings
...
We used to set query_cache_type to 0 in the default settings but we were
also setting query_cache_size to a non-zero/non-default value, which was
in turn re-enabling the query cache. Update the configuration to reflect
the actual cache state and make sure query_cache_size is set to zero for
the "query_cache_type = 0" case.
Now that the setting controls the real state of the query cache, disable
it for bbs.archlinux.org; its hit rate is small compared to insert rate.
2021-08-18 19:56:50 +03:00
Evangelos Foutras
de7582913c
mariadb: Move two common variables out of playbooks
...
Default query_cache_type to 0 and innodb_file_per_table to true.
2021-08-18 03:07:12 +03:00
Jan Alexander Steffens (heftig)
481033af57
matrix: Update synapse to 1.40.0
2021-08-10 21:49:51 +02:00
Kristian Klausen
2304dc5caa
Split the postfix role into a role for mail.a.o and the clients
...
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
2021-07-16 20:02:05 +02:00
Kristian Klausen
db2a1bf348
Restrict the users on mail.a.o to the passwd command
...
The users are only meant as a way to change the mail password and
setting up forwarding (~/.forward), the latter will be handled by the
DevOps team now.
2021-07-16 01:48:14 +00:00
Jelle van der Waa
cbe8eab0ad
Add fail2ban to all-hosts-basic playbook
2021-07-12 17:24:01 +02:00
Kristian Klausen
664deb67ab
WireGuard all hosts
...
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
2021-07-06 20:58:15 +00:00
Jelle van der Waa
e4ea994c35
Add missing firewalld role
2021-07-05 22:37:48 +02:00
Kristian Klausen
79f7d59910
Goodbye luna
...
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html
Fix #86
2021-07-04 12:46:01 +00:00
Kristian Klausen
06d4826aac
Make the lists.al.org VPS the new lists server
...
Fix #356
2021-06-30 09:30:31 +00:00
Kristian Klausen
bc1c5fe614
Add mailman role for the new lists.al.org machine
...
The DNS is still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
41c5a5e26c
Add initial playbook for lists.archlinux.org
...
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
c6e740b84a
rspamd: Don't hardcode the dkim signing domain
...
We want to use rspamd for lists.al.org at some point, so we can't
hardcode the domain to archlinux.org.
2021-06-30 09:30:31 +00:00
Jakub Klinkovský
3fa976c83e
Update archmanweb to v1.2
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-06-15 02:40:51 +02:00
Jan Alexander Steffens (heftig)
652185f380
matrix: Retune memory use a bit
...
Give more memory to the apps and less to postgres.
2021-06-01 18:44:21 +02:00
Jelle van der Waa
bab8e408fd
Add missing fail2ban role to md.archlinux.org
2021-05-16 13:54:34 +02:00
Kristian Klausen
b0793ac561
grafana: Add anonymous access for dashboards.al.org
2021-05-13 23:28:04 +02:00
Kristian Klausen
e9f7c97088
prometheus: Add receive only mode and remote_write metrics to dashboards.al.org
2021-05-13 23:28:04 +02:00
Kristian Klausen
103bbdec41
Split alertmanager into its own role
2021-05-13 23:28:04 +02:00
Sven-Hendrik Haase
d2b110d250
Add dashboards.archlinux.org for public Grafana dashboards
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-05-13 23:28:01 +02:00
Sven-Hendrik Haase
47d4f0801f
install_arch: Update bootstrap_version to 2021.04.01
2021-04-30 18:52:34 +02:00
Jelle van der Waa
bdd538ecd7
Use unbound for rspamd DNS resolving
...
To not run into rate-limits when resolving DNS records from rspamd, use
our own local recursive resolver.
2021-04-22 21:03:30 +02:00
Jelle van der Waa
89a98702bd
Remove arch32 mirror role
...
We no longer mirror arch32 on our servers and this role is currently
broken.
2021-04-12 18:47:10 +02:00
Kristian Klausen
7235e726d6
Implement centralized logging
...
Fix #263
2021-04-08 20:33:43 +02:00
Kristian Klausen
b941a133fb
Remove unbound from most systems
...
unbound is only used if dns_servers is explicit set to 127.0.0.1, which
isn't the case for any of these systems.
Fix #234
2021-04-07 20:01:39 +00:00
Sven-Hendrik Haase
a2ca65b5aa
Bump pacman version
2021-03-19 13:51:46 +01:00
Jelle van der Waa
10bdd3389c
Add missing prometheus_exporters task to accounts.archlinux.org
2021-03-02 17:39:49 +01:00
Kristian Klausen
35df0be3a0
Add new role which sync arch-boxes images to the repos
...
Fix #272
2021-02-25 23:58:04 +01:00
Kristian Klausen
fabccd0f61
"Move" NM connectivity check file to a subdomain
...
The file should not be on the main domain as it adds unnecessary
complexity to the archweb role and there is a bigger chance that we
unintentionally break connectivity checking (which has happened in the
past[1][2]).
This doesn't remove the file from the main domain[3], as we need to ship
a updated NetworkManager package first.
[1] https://www.reddit.com/r/archlinux/comments/keai0g/does_anyone_know_if_this_is_normal/
[2] https://www.reddit.com/r/gnome/comments/ke9ytm/network_manager_popup/
[3] http://www.archlinux.org/check_network_status.txt
Fix #239
2021-02-25 20:23:56 +01:00
Jelle van der Waa
d6320b7548
Switch the archwiki to PHP 7
...
As mediawiki does not support PHP 8 yet in the current LTS release, we
have to stay with PHP 7.
2021-02-19 18:28:14 +01:00
Kristian Klausen
4112bdf9fd
Make ansible-lint happy
...
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
2021-02-14 14:22:05 +01:00
Jelle van der Waa
230cc79a89
Migrate bugtracker to php7 package
...
As flyspray does not support PHP 8 as of yet, transition to the php7
package by simply introducing a new php7_fpm role.
2021-02-14 12:44:00 +01:00
Jelle van der Waa
3124cfd933
Add hedgedoc as new service
...
This adds a collaborative markdown editor as newly offered service which
is available via login for all Arch Linux Staff with an option to allow
anonymous edits by users (not default). Users are managed via keycloak
and require the Staff role to be allowed in, non staff keycloak users
currently will receive an internal server error due to an upstream
issue.
2021-02-01 21:59:30 +01:00
Sven-Hendrik Haase
44f497e52b
Remove dragon ( fixes #267 )
2021-01-31 13:54:14 +01:00
Sven-Hendrik Haase
83cbb36866
Add build.archlinux.org
2021-01-26 18:06:09 +01:00
Evangelos Foutras
6d813e52fb
Merge sogrep (createlinks script) into dbscripts
...
Databases used by sogrep are fetched by syncrepo from gemini, no point
in duplicating this work; consider this to be part of roles/dbscripts.
2021-01-24 09:47:04 +02:00