Kristian Klausen
91f9df6960
Add missing wireguard for gluebuddy
...
Fixes: d88c0b95 ("Initialize gluebuddy host")
2022-01-30 14:25:35 +01:00
Kristian Klausen
ed4ddb2c08
Remove tools role from gluebuddy
...
The tools role is only used on servers which normal staff have SSH
access to since [1].
[1] 7da1e273 ("Cleanup tools")
Fixes: d88c0b95 ("Initialize gluebuddy host")
2022-01-30 14:25:31 +01:00
Kristian Klausen
30a84d8f47
Remove duplicate gluebuddy playbook
...
Fixes: d88c0b95 ("Initialize gluebuddy host")
2022-01-30 14:25:26 +01:00
Kristian Klausen
525bd79083
archwiki: Update to PHP8
...
PHP7 will likely be removed from the repos soon[1]. Time to upgrade! :)
[1] https://archlinux.org/todo/php-7-retiredment/
2022-01-23 19:57:09 +01:00
Jelle van der Waa
d88c0b953e
Initialize gluebuddy host
2022-01-21 10:30:05 +01:00
Jelle van der Waa
6ce40bb203
Add gluebuddy playbook
2022-01-21 10:30:05 +01:00
Evangelos Foutras
b6972fda76
tasks: stop arch-svntogit.timer before rebooting
...
In a recent execution of the server upgrade task, svntogit was started
shortly before the reboot command was issued. Therefore, it was killed
two seconds into its run, leaving behind a lock file that prevented it
from starting again after gemini was rebooted.
Avoid the above timing issue by stopping the timer before rebooting.
2022-01-09 19:28:07 +02:00
Jelle van der Waa
3d079f7952
tasks: skip reboot when borg-backup{,-offsite} is running
2022-01-02 19:29:27 +01:00
Jelle van der Waa
78a92f48b3
Update dbscripts to debug packages support
2021-12-16 20:48:03 +01:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration
...
New username; separate and longer account manager + storage passwords.
Also, have to use --remote-path=borg1 when interacting with rsync.net.
2021-11-06 19:50:31 +02:00
Jelle van der Waa
947b5c32ed
Update dbscripts to latest release
2021-10-27 21:34:28 +02:00
Evangelos Foutras
5492d6793a
archusers: Allow overriding users' shell setting
...
Useful for mail.archlinux.org where this setting doesn't matter since we
force the SSH command to passwd and zsh was removed as part of the tools
cleanup effort recently (stops shadow.service from complaining about zsh
missing).
2021-10-05 00:41:48 +03:00
Evangelos Foutras
dc3436a82c
Add roles/tools to homedir.archlinux.org
2021-10-04 22:25:09 +03:00
Kristian Klausen
7da1e273fc
Cleanup tools
...
Fix #392
2021-10-02 14:45:02 +02:00
Evangelos Foutras
312738318e
Update pacman website to 6.0.1 and switch to meson
...
Also adjust indentation and make the uploaded files owned by nobody.
2021-09-10 11:20:12 +03:00
Jakub Klinkovský
70d1910047
Update archmanweb to v1.3
2021-09-02 21:30:25 +02:00
Kristian Klausen
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
Evangelos Foutras
5ff9037832
Do not reboot gemini if there are logged on users
...
This is done to avoid killing db-update and related processes.
2021-08-23 21:15:49 +03:00
Evangelos Foutras
4986190a69
Skip rebooting if package builds are running
2021-08-23 21:15:49 +03:00
Evangelos Foutras
485e26bb53
Wait for svntogit before rebooting after upgrade
2021-08-22 19:46:40 +03:00
Evangelos Foutras
19084fe336
Abort the play if any hosts fail to upgrade
2021-08-22 19:46:40 +03:00
Evangelos Foutras
7605e7ee78
Use serial = 1 for servers without rescue shell
2021-08-22 19:46:39 +03:00
Evangelos Foutras
871f9a208e
Do rolling upgrades in batches of 20%
2021-08-22 19:46:39 +03:00
Evangelos Foutras
55199ad75a
Update archlinux-keyring before full system upgrade
2021-08-22 19:46:39 +03:00
Evangelos Foutras
0bc7a762bf
upgrade-servers: Don't reboot if no upgrades occurred
2021-08-22 19:46:39 +03:00
Evangelos Foutras
ad14ad7db8
Add simple playbook task for upgrading servers
...
We want to treat our servers as cattle; hopefully when this is fleshed
out a bit more, it can accomplish the job without too many casualties.
2021-08-22 19:46:39 +03:00
Evangelos Foutras
5a88a31374
fluxbb: Speed up search and increase buffer pool
2021-08-19 03:48:53 +03:00
Evangelos Foutras
6534413cf3
mariadb: Tweak query cache settings
...
We used to set query_cache_type to 0 in the default settings but we were
also setting query_cache_size to a non-zero/non-default value, which was
in turn re-enabling the query cache. Update the configuration to reflect
the actual cache state and make sure query_cache_size is set to zero for
the "query_cache_type = 0" case.
Now that the setting controls the real state of the query cache, disable
it for bbs.archlinux.org; its hit rate is small compared to insert rate.
2021-08-18 19:56:50 +03:00
Evangelos Foutras
de7582913c
mariadb: Move two common variables out of playbooks
...
Default query_cache_type to 0 and innodb_file_per_table to true.
2021-08-18 03:07:12 +03:00
Jan Alexander Steffens (heftig)
481033af57
matrix: Update synapse to 1.40.0
2021-08-10 21:49:51 +02:00
Kristian Klausen
2304dc5caa
Split the postfix role into a role for mail.a.o and the clients
...
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
2021-07-16 20:02:05 +02:00
Kristian Klausen
db2a1bf348
Restrict the users on mail.a.o to the passwd command
...
The users are only meant as a way to change the mail password and
setting up forwarding (~/.forward), the latter will be handled by the
DevOps team now.
2021-07-16 01:48:14 +00:00
Jelle van der Waa
cbe8eab0ad
Add fail2ban to all-hosts-basic playbook
2021-07-12 17:24:01 +02:00
Kristian Klausen
664deb67ab
WireGuard all hosts
...
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
2021-07-06 20:58:15 +00:00
Jelle van der Waa
e4ea994c35
Add missing firewalld role
2021-07-05 22:37:48 +02:00
Kristian Klausen
79f7d59910
Goodbye luna
...
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html
Fix #86
2021-07-04 12:46:01 +00:00
Kristian Klausen
06d4826aac
Make the lists.al.org VPS the new lists server
...
Fix #356
2021-06-30 09:30:31 +00:00
Kristian Klausen
bc1c5fe614
Add mailman role for the new lists.al.org machine
...
The DNS is still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
41c5a5e26c
Add initial playbook for lists.archlinux.org
...
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
c6e740b84a
rspamd: Don't hardcode the dkim signing domain
...
We want to use rspamd for lists.al.org at some point, so we can't
hardcode the domain to archlinux.org.
2021-06-30 09:30:31 +00:00
Jakub Klinkovský
3fa976c83e
Update archmanweb to v1.2
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-06-15 02:40:51 +02:00
Jan Alexander Steffens (heftig)
652185f380
matrix: Retune memory use a bit
...
Give more memory to the apps and less to postgres.
2021-06-01 18:44:21 +02:00
Jelle van der Waa
bab8e408fd
Add missing fail2ban role to md.archlinux.org
2021-05-16 13:54:34 +02:00
Kristian Klausen
b0793ac561
grafana: Add anonymous access for dashboards.al.org
2021-05-13 23:28:04 +02:00
Kristian Klausen
e9f7c97088
prometheus: Add receive only mode and remote_write metrics to dashboards.al.org
2021-05-13 23:28:04 +02:00
Kristian Klausen
103bbdec41
Split alertmanager into its own role
2021-05-13 23:28:04 +02:00
Sven-Hendrik Haase
d2b110d250
Add dashboards.archlinux.org for public Grafana dashboards
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-05-13 23:28:01 +02:00
Sven-Hendrik Haase
47d4f0801f
install_arch: Update bootstrap_version to 2021.04.01
2021-04-30 18:52:34 +02:00
Jelle van der Waa
bdd538ecd7
Use unbound for rspamd DNS resolving
...
To not run into rate-limits when resolving DNS records from rspamd, use
our own local recursive resolver.
2021-04-22 21:03:30 +02:00
Jelle van der Waa
89a98702bd
Remove arch32 mirror role
...
We no longer mirror arch32 on our servers and this role is currently
broken.
2021-04-12 18:47:10 +02:00