mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-28 16:11:40 +02:00
Code Issues
3,694 Commits 30 Branches 0 Tags 20 MiB
91f9df6960
Commit Graph

414 Commits

Author SHA1 Message Date
Kristian Klausen
91f9df6960
Add missing wireguard for gluebuddy 
Fixes: d88c0b95 ("Initialize gluebuddy host")
 2022-01-30 14:25:35 +01:00
Kristian Klausen
ed4ddb2c08
Remove tools role from gluebuddy 
The tools role is only used on servers which normal staff have SSH
access to since [1].

[1] 7da1e273 ("Cleanup tools")

Fixes: d88c0b95 ("Initialize gluebuddy host")
 2022-01-30 14:25:31 +01:00
Kristian Klausen
30a84d8f47
Remove duplicate gluebuddy playbook 
Fixes: d88c0b95 ("Initialize gluebuddy host")
 2022-01-30 14:25:26 +01:00
Kristian Klausen
525bd79083
archwiki: Update to PHP8 
PHP7 will likely be removed from the repos soon[1]. Time to upgrade! :)

[1] https://archlinux.org/todo/php-7-retiredment/
 2022-01-23 19:57:09 +01:00
Jelle van der Waa
d88c0b953e
Initialize gluebuddy host 2022-01-21 10:30:05 +01:00
Jelle van der Waa
6ce40bb203
Add gluebuddy playbook 2022-01-21 10:30:05 +01:00
Evangelos Foutras
b6972fda76
tasks: stop arch-svntogit.timer before rebooting 
In a recent execution of the server upgrade task, svntogit was started
shortly before the reboot command was issued. Therefore, it was killed
two seconds into its run, leaving behind a lock file that prevented it
from starting again after gemini was rebooted.

Avoid the above timing issue by stopping the timer before rebooting.
 2022-01-09 19:28:07 +02:00
Jelle van der Waa
3d079f7952
tasks: skip reboot when borg-backup{,-offsite} is running 2022-01-02 19:29:27 +01:00
Jelle van der Waa
78a92f48b3
Update dbscripts to debug packages support 2021-12-16 20:48:03 +01:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration 
New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.
 2021-11-06 19:50:31 +02:00
Jelle van der Waa
947b5c32ed
Update dbscripts to latest release 2021-10-27 21:34:28 +02:00
Evangelos Foutras
5492d6793a
archusers: Allow overriding users' shell setting 
Useful for mail.archlinux.org where this setting doesn't matter since we
force the SSH command to passwd and zsh was removed as part of the tools
cleanup effort recently (stops shadow.service from complaining about zsh
missing).
 2021-10-05 00:41:48 +03:00
Evangelos Foutras
dc3436a82c
Add roles/tools to homedir.archlinux.org 2021-10-04 22:25:09 +03:00
Kristian Klausen
7da1e273fc Cleanup tools 
Fix #392
 2021-10-02 14:45:02 +02:00
Evangelos Foutras
312738318e
Update pacman website to 6.0.1 and switch to meson 
Also adjust indentation and make the uploaded files owned by nobody.
 2021-09-10 11:20:12 +03:00
Jakub Klinkovský
70d1910047
Update archmanweb to v1.3 2021-09-02 21:30:25 +02:00
Kristian Klausen
6a11db2f20 Use wireguard for db connections to archlinux.org 
Fix #177
 2021-08-24 21:08:08 +02:00
Evangelos Foutras
5ff9037832
Do not reboot gemini if there are logged on users 
This is done to avoid killing db-update and related processes.
 2021-08-23 21:15:49 +03:00
Evangelos Foutras
4986190a69
Skip rebooting if package builds are running 2021-08-23 21:15:49 +03:00
Evangelos Foutras
485e26bb53
Wait for svntogit before rebooting after upgrade 2021-08-22 19:46:40 +03:00
Evangelos Foutras
19084fe336
Abort the play if any hosts fail to upgrade 2021-08-22 19:46:40 +03:00
Evangelos Foutras
7605e7ee78
Use serial = 1 for servers without rescue shell 2021-08-22 19:46:39 +03:00
Evangelos Foutras
871f9a208e
Do rolling upgrades in batches of 20% 2021-08-22 19:46:39 +03:00
Evangelos Foutras
55199ad75a
Update archlinux-keyring before full system upgrade 2021-08-22 19:46:39 +03:00
Evangelos Foutras
0bc7a762bf
upgrade-servers: Don't reboot if no upgrades occurred 2021-08-22 19:46:39 +03:00
Evangelos Foutras
ad14ad7db8
Add simple playbook task for upgrading servers 
We want to treat our servers as cattle; hopefully when this is fleshed
out a bit more, it can accomplish the job without too many casualties.
 2021-08-22 19:46:39 +03:00
Evangelos Foutras
5a88a31374
fluxbb: Speed up search and increase buffer pool 2021-08-19 03:48:53 +03:00
Evangelos Foutras
6534413cf3
mariadb: Tweak query cache settings 
We used to set query_cache_type to 0 in the default settings but we were
also setting query_cache_size to a non-zero/non-default value, which was
in turn re-enabling the query cache. Update the configuration to reflect
the actual cache state and make sure query_cache_size is set to zero for
the "query_cache_type = 0" case.

Now that the setting controls the real state of the query cache, disable
it for bbs.archlinux.org; its hit rate is small compared to insert rate.
 2021-08-18 19:56:50 +03:00
Evangelos Foutras
de7582913c
mariadb: Move two common variables out of playbooks 
Default query_cache_type to 0 and innodb_file_per_table to true.
 2021-08-18 03:07:12 +03:00
Jan Alexander Steffens (heftig)
481033af57
matrix: Update synapse to 1.40.0 2021-08-10 21:49:51 +02:00
Kristian Klausen
2304dc5caa Split the postfix role into a role for mail.a.o and the clients 
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.

[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
 2021-07-16 20:02:05 +02:00
Kristian Klausen
db2a1bf348 Restrict the users on mail.a.o to the passwd command 
The users are only meant as a way to change the mail password and
setting up forwarding (~/.forward), the latter will be handled by the
DevOps team now.
 2021-07-16 01:48:14 +00:00
Jelle van der Waa
cbe8eab0ad
Add fail2ban to all-hosts-basic playbook 2021-07-12 17:24:01 +02:00
Kristian Klausen
664deb67ab WireGuard all hosts 
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
 2021-07-06 20:58:15 +00:00
Jelle van der Waa
e4ea994c35
Add missing firewalld role 2021-07-05 22:37:48 +02:00
Kristian Klausen
79f7d59910 Goodbye luna 
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html

Fix #86
 2021-07-04 12:46:01 +00:00
Kristian Klausen
06d4826aac Make the lists.al.org VPS the new lists server 
Fix #356
 2021-06-30 09:30:31 +00:00
Kristian Klausen
bc1c5fe614 Add mailman role for the new lists.al.org machine 
The DNS is still pointing to luna.
 2021-06-30 09:30:31 +00:00
Kristian Klausen
41c5a5e26c Add initial playbook for lists.archlinux.org 
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
 2021-06-30 09:30:31 +00:00
Kristian Klausen
c6e740b84a rspamd: Don't hardcode the dkim signing domain 
We want to use rspamd for lists.al.org at some point, so we can't
hardcode the domain to archlinux.org.
 2021-06-30 09:30:31 +00:00
Jakub Klinkovský
3fa976c83e Update archmanweb to v1.2 
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
 2021-06-15 02:40:51 +02:00
Jan Alexander Steffens (heftig)
652185f380
matrix: Retune memory use a bit 
Give more memory to the apps and less to postgres.
 2021-06-01 18:44:21 +02:00
Jelle van der Waa
bab8e408fd
Add missing fail2ban role to md.archlinux.org 2021-05-16 13:54:34 +02:00
Kristian Klausen
b0793ac561 grafana: Add anonymous access for dashboards.al.org 2021-05-13 23:28:04 +02:00
Kristian Klausen
e9f7c97088 prometheus: Add receive only mode and remote_write metrics to dashboards.al.org 2021-05-13 23:28:04 +02:00
Kristian Klausen
103bbdec41 Split alertmanager into its own role 2021-05-13 23:28:04 +02:00
Sven-Hendrik Haase
d2b110d250 Add dashboards.archlinux.org for public Grafana dashboards 
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
 2021-05-13 23:28:01 +02:00
Sven-Hendrik Haase
47d4f0801f
install_arch: Update bootstrap_version to 2021.04.01 2021-04-30 18:52:34 +02:00
Jelle van der Waa
bdd538ecd7
Use unbound for rspamd DNS resolving 
To not run into rate-limits when resolving DNS records from rspamd, use
our own local recursive resolver.
 2021-04-22 21:03:30 +02:00
Jelle van der Waa
89a98702bd
Remove arch32 mirror role 
We no longer mirror arch32 on our servers and this role is currently
broken.
 2021-04-12 18:47:10 +02:00