Kristian Klausen
4112bdf9fd
Make ansible-lint happy
...
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
2021-02-14 14:22:05 +01:00
Jelle van der Waa
230cc79a89
Migrate bugtracker to php7 package
...
As flyspray does not support PHP 8 as of yet, transition to the php7
package by simply introducing a new php7_fpm role.
2021-02-14 12:44:00 +01:00
Jelle van der Waa
3124cfd933
Add hedgedoc as new service
...
This adds a collaborative markdown editor as newly offered service which
is available via login for all Arch Linux Staff with an option to allow
anonymous edits by users (not default). Users are managed via keycloak
and require the Staff role to be allowed in, non staff keycloak users
currently will receive an internal server error due to an upstream
issue.
2021-02-01 21:59:30 +01:00
Sven-Hendrik Haase
44f497e52b
Remove dragon ( fixes #267 )
2021-01-31 13:54:14 +01:00
Sven-Hendrik Haase
83cbb36866
Add build.archlinux.org
2021-01-26 18:06:09 +01:00
Evangelos Foutras
6d813e52fb
Merge sogrep (createlinks script) into dbscripts
...
Databases used by sogrep are fetched by syncrepo from gemini, no point
in duplicating this work; consider this to be part of roles/dbscripts.
2021-01-24 09:47:04 +02:00
Jakub Klinkovský
ca4a79d982
Deploy archmanweb v1.1
2021-01-23 21:16:36 +00:00
Sven-Hendrik Haase
ed1ba0fbc5
gitlab: Fix address binding
...
GitLab becomes unhappy if it can't poll localhost.
2021-01-23 22:06:02 +01:00
Sven-Hendrik Haase
8327ffd974
Deploy man.archlinux.org
2021-01-11 14:55:29 +01:00
Sven-Hendrik Haase
aed624bbcb
Upgrade to current bootstrap image
2021-01-10 22:59:37 +01:00
Jelle van der Waa
d4fe2fcd4a
Remove WKD role, replaced by Gitlab Pages
2021-01-10 20:36:35 +01:00
Jelle van der Waa
11e26b3920
Fix openpgpkeys playbook not being a yml file
2021-01-02 17:15:35 +01:00
Frederik Schwan
8decc2e977
use fetchmail for donor import
...
The former approach to export a maildir and iterate over it with a
script broke when the mail server and the web server got on their
own hosts. This will use IMAP IDLE to check for new mails and pass
them instantly to the djange manage.py script without storing the mail
locally.
2020-12-30 21:33:28 +01:00
Giancarlo Razzolini
1853b36042
playbooks: Remove apollo playbook
...
Removed the apollo playbook.
2020-12-29 07:20:47 -03:00
Frederik Schwan
06d5360ec7
add redirect server to handle redirects for deprecated domains
2020-12-26 23:35:32 +00:00
Kristian Klausen
be6b4f8735
Setup MTA-STS in testing mode
...
https://tools.ietf.org/html/rfc8461
2020-12-26 18:19:28 +01:00
Giancarlo Razzolini
1ae188aec1
playbooks/security.archlinux.org: Add a playbook for security.archlinux.org
...
Based on the apollo playbook, add the roles needed for the security tracker to run.
2020-12-25 14:40:49 -03:00
Frederik Schwan
4ad9050c24
use fetchmail to deliver mail to patchwork
2020-12-24 11:36:37 -03:00
Giancarlo Razzolini
250cb0274f
playbooks/patchwork: Create a playbook for the new patchwork machine
...
Created a playbook for patchwork.archlinux.org
2020-12-24 11:36:36 -03:00
Sven-Hendrik Haase
00f30da2d8
Add a way to let us provide additional addresses to machines configured via DHCP
2020-12-22 18:27:06 +01:00
Giancarlo Razzolini
381f808c71
playbooks/wiki: Created a playbook for wiki.archlinux.org
...
Created a playbook for the new wiki.archlinux.org machine, based on the apollo
playbook. Removed from php_fpm the unneded modules.
2020-12-21 16:38:24 -03:00
Giancarlo Razzolini
48b3687031
plabooks: Change the archweb db variable to point to archlinux.org
...
Change the archweb_db_host variable to point to archlinux.org instead of
apollo. This is of particular importance to gemini.
2020-12-20 11:21:31 +00:00
Jelle van der Waa
d18057756c
Monitor the archive mirrors
2020-12-18 20:58:50 +01:00
Giancarlo Razzolini
797586939a
archlinux.org: Add a host_vars file and playbook for archlinux.org
...
Added a host_var file for archlinux.org as well as the playbook for archlinux.org
machine. It it's a stripped down version of apollo's playbook, only containing the roles
pertaining archweb.
2020-12-15 14:14:39 -03:00
Jelle van der Waa
5dc453cc21
Split archive role into archive_web for archive-mirrors
...
To simplify the archive role, split it up in the web serving part for
the archive-mirrors, gemini and keep the archive role for only the
archive operation. This simplifies the new role as only two lines are
required to setup the the archive mirror website.
2020-12-12 18:32:23 +00:00
Jan Alexander Steffens (heftig)
458217f45d
matrix: Raise postgres_effective_cache_size
...
Seems we run at about 5GB of cache. Let postgres assume it gets 4GB.
2020-12-12 13:36:41 +01:00
Jan Alexander Steffens (heftig)
a631466739
matrix: Retune PostgreSQL again
...
Bump the mem settings higher again, now that we know they're not the
cause. Also increase the maximum connection count.
2020-12-12 12:51:54 +01:00
Jan Alexander Steffens (heftig)
c7e3446bae
postgres: Set jit = off
on matrix.archlinux.org
...
This seems to be the cause for our memory leak.
https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
2020-12-12 12:51:53 +01:00
Jan Alexander Steffens (heftig)
c12ce1ab1f
matrix: Reduce postgres_maintenance_work_mem
...
Still seeing PostgreSQL session processes eating over 600M of private
memory. What's going on?
2020-12-08 17:51:33 +01:00
Jelle van der Waa
7fe487ad27
Add Kape donated servers
...
Setup Kape servers as archive mirrors (asia,europe,america), Gitlab
runner and Rebuilderd worker. All machines except runner1 are EFI
machines with grub setup and a EFI parition which is not supported by
our ansible install role and is manually rolled out.
2020-12-07 20:28:55 +01:00
Jelle van der Waa
d129e7d947
Add rebuilderd_worker role for repro1.pkgbuild.com
...
The repro3.pkgbuild.com machine was a packet.net box with an Ubuntu
installation. Now converted to an Arch Linux installation managed by
ansible with a new rebuilderd_worker role.
2020-12-03 16:19:43 +00:00
Jelle van der Waa
61ebc74d67
Remove unrequired php modules from bugs.archlinux.org
2020-11-30 23:06:54 +01:00
Frederik Schwan
bdda1074a8
remove unused kanboard role
2020-11-24 20:00:19 +01:00
Kristian Klausen
2557ba3d73
Use Rspamd for DKIM signing
...
Fix #213
2020-11-22 00:21:42 +01:00
Jelle van der Waa
4bc660d6be
Remove zabbix-agent, zabbix roles
...
Zabbix has been replaced by Prometheus for monitoring our services.
2020-11-21 22:14:20 +01:00
Jelle van der Waa
5aacd09f12
Monitor all hosts with prometheus
2020-11-21 22:13:31 +01:00
Jelle van der Waa
493f9a58b9
Cleanup orion references
...
Orion has been replaced by gemini and for mail by mail.archlinux.org
2020-11-21 21:00:44 +00:00
Jelle van der Waa
30d5dd4fc9
Docker is now build in Gitlab CI
...
We no longer need this role as Gitlab handles it now.
2020-11-21 19:16:14 +00:00
Jelle van der Waa
5be4dad25f
Add archusers role to gemini
2020-11-19 22:16:54 +01:00
Kristian Klausen
bcf1c981bb
Replace SpamAssassin with Rspamd
...
Switching to Rspamd has some advantages:
* It is probably faster than SA[1] (C + Lua vs Perl)
* We can reduce the number of moving parts. Rspamd has built-in DKIM
signing, greylisting, DMARC checking to name a few
* It doesn't just mark the mail as spam/not-spam, it gives every mail a
score and depending on the score it does either: nothing, greylist it,
mark it as spam or reject it[2] (more actions is available and it can
be tweaked)
* Replies whitelisting[3]
* It supports ARC signing, which can be useful
* A cool looking WebUi :)
* ... and more[4]...
[1] https://rspamd.com/doc/tutorials/migrate_sa.html#why-migrate-to-rspamd
[2] https://rspamd.com/doc/faq.html#what-are-rspamd-actions
[3] https://rspamd.com/doc/modules/replies.html
[4] https://rspamd.com/comparison.html
2020-11-15 04:40:49 +00:00
Jan Alexander Steffens (heftig)
f5667a0ff2
matrix: Adjust PostgreSQL tuning some more
...
Less work_mem because this explodes easily. It's per-operation, which a
query can have multiple of, and also across multiple worker threads.
More shared_buffers and effective_cache_size as these are global.
2020-11-14 00:47:05 +01:00
Jan Alexander Steffens (heftig)
ba1f1a5b11
matrix.archlinux.org: Reduce PostgreSQL memory usage
...
It ran out of memory, with Postgres using a lot of RSS.
2020-11-10 23:39:34 +01:00
Jelle van der Waa
992f81d766
By default enable the sshd jail for fail2ban
...
For all hosts we want to have a working fail2ban for sshd brute force
attempts through a group_vars/all. For some hosts an override is
required to enable postfix or dovecot jails.
2020-11-02 17:58:18 +01:00
Jelle van der Waa
53bd985636
Move openpgpkey.archlinux.org to a new VPS
...
The WKD webservice ran on orion, but as we want to retire it, we will
move it to it's own CX11 VPS. As it's just a simple web page.
2020-11-02 10:02:41 +01:00
Jakub Klinkovský
13b5367d33
Set LC_COLLATE for the ssh-keyscan command
...
Just in case, locales are complicated...
2020-10-26 22:22:41 +01:00
Jakub Klinkovský
592d18964f
Fix non-deterministic behavior of sync-ssh-hostkeys.yml
...
Fixes #196
2020-10-26 21:47:32 +01:00
Jelle van der Waa
5beff61937
Add mail to monitoring
2020-10-24 19:15:42 +02:00
Jelle van der Waa
1c94b5fe1e
Update playbooks for new mail server
2020-10-24 18:09:26 +02:00
Jelle van der Waa
636983b842
Add mail.archlinux.org playbook
2020-10-24 18:09:25 +02:00
Sven-Hendrik Haase
c3e96a35a6
fetch-borg-keys: Remove mode=preserve flag
...
It's not even implemented for file.
2020-10-22 21:44:28 +02:00
Sven-Hendrik Haase
26f4f08dcc
Update hostkeys
...
We forget doing this too often. :(
2020-10-22 19:52:05 +02:00
Sven-Hendrik Haase
6cf9fe317d
Upgrade bootstrap image version
2020-10-12 19:30:20 +02:00
Jelle van der Waa
442a6de9bb
Add mirror/homedir to prometheus monitoring
2020-10-06 22:51:44 +02:00
Sven-Hendrik Haase
d68771ea7a
Fix for ansible 2.10 ( fixes #149 )
2020-09-23 22:22:34 +02:00
Jelle van der Waa
0d995b0108
Monitor state,quassel with prometheus
2020-09-12 23:19:23 +02:00
Jelle van der Waa
49df3110df
Set innodb_buffer_pool_size to 1G for the aur
2020-09-12 22:16:42 +02:00
Jakub Klinkovský
6552209570
remove mariadb_innodb_buffer_pool_size from playbooks
...
The default value is 128M and our servers have plenty of RAM for that.
2020-09-12 20:11:10 +00:00
Jakub Klinkovský
13de2781bd
mariadb: bump mariadb_table_open_cache to the upstream default of 2000
...
The upstream default value is 2000 since 10.1.7:
https://mariadb.com/kb/en/server-system-variables/#table_open_cache
See also commit f164d0001f
2020-09-12 20:11:10 +00:00
Jelle van der Waa
5091b966d7
Add aur-dev and phrik.archlinux.org to prometheus monitoring
2020-09-12 22:07:34 +02:00
Jelle van der Waa
2be002b112
Remove zabbix-agent role everywhere
...
We switched for monitoring to prometheus so zabbix-agent is unwanted and
we don't want to accidently deploy it again.
2020-09-12 17:22:09 +02:00
Jelle van der Waa
7183361c64
Setup Oauth for Grafana
...
Configure Grafana to use Keycloak OpenID Connect for authentication. For
now only DevOps is configured as admin and Arch Staff as general Viewer
roles.
2020-09-09 21:17:33 +00:00
Jelle van der Waa
23564b29a6
Introduce prometheus exporters role for collection
...
Add a new role called prometheus_exporters which should be run on every
machine we have and starts different collectors depending on what group
the machine is in. Currently supported our the gitlab runner exporter,
rebuilder textcollector, mysqld-exporter, borg textcollector and an
node/arch exporter. The arch exporter monitors the security status and
pacman out of date packages gauge.
2020-09-06 20:13:32 +02:00
Jelle van der Waa
8b3c68e5e1
Add prometheus role for the prometheus/alertmanager server
...
Introduce a new monitoring server with prometheus and alertmanager for
monitoring all our boxes.
2020-08-31 21:09:54 +02:00
Sven-Hendrik Haase
a636f8a597
Remove arch-boxes stuff ( fixes #107 )
...
This is now built enitrely in GitLab CI in the arch-boxes repo so this is no longer required.
2020-08-28 20:05:24 +00:00
Frederik Schwan
63887d3b09
fix E208 'File permissions not mentioned'
2020-08-27 05:29:00 +00:00
Frederik Schwan
04b2e3b1e0
fix E106 'Role name <role> does not match `^[a-z][a-z0-9_]+$
` pattern'
2020-08-27 05:29:00 +00:00
Sven-Hendrik Haase
3472c7bb7c
Remove mirror_load_balancer stuff
...
This never really worked to well and since basically all PIA boxes that we
balanced to have died by now and it's also pretty slow.
2020-08-13 21:42:37 +02:00
Jelle van der Waa
21974053bc
Remove hefur as torrent tracker
...
The magnet uri's and torrent files no longer include a torrent tracker
link so running the service is obsolete.
2020-08-13 19:26:33 +02:00
Jelle van der Waa
86b3662cf6
Fix sync-ssh-hostkeys task for Ubuntu
...
As repro3 is Ubuntu and it's default shell is dash, set -o pipefail is
not supported.
2020-08-03 23:46:48 +02:00
Kristian Klausen
48a99ad570
Remove postgrey role
...
It isn't used and Postfix was never configured to use it.
2020-08-02 14:47:28 +02:00
Sven-Hendrik Haase
7fcf44e59e
install_arch: Bump Arch bootstrap version
2020-07-25 01:15:13 +02:00
Giancarlo Razzolini
9f3d64228d
playbooks: Add back the borg tag
...
Added the borg tag again, since it's useful for running borg related
tasks.
2020-07-23 13:29:21 -03:00
Giancarlo Razzolini
f7c3847e65
playbooks: Remove tags from AUR playbooks and sync aur/aur-dev
...
Removed tags from playbooks, since they are auto-generated and also
synced the aur.archlinux.org playbook with aur-dev.archlinux.org one.
2020-07-23 11:56:11 -03:00
Giancarlo Razzolini
e70ab6ce45
roles/aurweb: Change aurweb role to support sshd includes
...
Added support for the aurweb role to the new openssh include mechanism,
that's baked into our sshd role.
2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
69ad9c76c7
playbooks/aur: Sync with the aur-dev playbook
...
Add the aur-dev changes to the aur playbook.
2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
751b3cf89a
roles/aurweb: Make the necessary changes to use memcached instead of apcu
...
Add memcached to the playbook and also change the php extensions to use memcached.
Removed the apcu options from defatuls and added memcached settings. Added the php-memcached
packages to the list of needed packages and also remove the apcu tasks. Added the memcached
systemd unit file and enable and start it from the tasks.
2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
75ea584f70
roles/aurweb: Remove git from the list of packages installed
...
Since git is installed on a separate step, remove it from the main list.
2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
3defaded28
playbooks/aur: Rename the aur playbook file and add the missing roles
...
The original aur playbook file was missing a lot of the roles that were
added for the aur-dev playbook. Add them and renamed the file too.
2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
03ec6a599a
playbooks/aur-dev: Add apc to the php extensions
...
roles/aurweb: Add the apc configuration variables
Added the apc to the php extensions on the playbook, instead of adding
it on the conf.d directory. Added the apc variables to the defaults file.
2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
8ef8a1b82e
playbooks/aur-dev: Add uwsgi
...
We need to use uwsgi for cgit hosting, so add the uwsgi role to the playbook.
2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
35d176f616
roles/aurweb: Add maintenance mode and other changes
...
playboooks/aur-dev: Remove the intl php extension
Added maintenance mode to the aurweb role using the AUR internal mode. Also,
add the php-apcu-bc package to the list of required packages. Also running the
make required to create the translations.
2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
268af91494
playbooks/aur-dev: Add aur-dev to the hosts file and add change the playbook for dev
...
Changed the playbook to add the missing php modules and add the AUR role. Also set the
domain and the git branch variables so the right version of the AUR is installed.
2020-07-23 11:03:38 -03:00
Jelle van der Waa
0c1c366493
Introduce AUR role
...
The ansible role for the Arch User Repository.
Thanks-to: Eli Schwartz <eschwartz@archlinux.org>
2020-07-23 11:03:38 -03:00
Jelle van der Waa
d9377b5e5b
Add bugbot role to phrik.archlinux.org
...
Apply more security hardening, add pgp key fetching and verification for
the git repository.
2020-07-11 22:06:35 +02:00
Sven-Hendrik Haase
6bdab52f16
Use prio host for rsync.net
...
Apparently the host without prio is the traffic shaped one which has been very slow for us.
2020-07-09 00:50:32 +02:00
Sven-Hendrik Haase
bb35582a58
Adjust backup host paths to new scheme
2020-07-09 00:50:28 +02:00
Sven-Hendrik Haase
764df6ee5d
Switch from vostok to storagebox ( fixes #51 )
2020-07-09 00:50:04 +02:00
Jelle van der Waa
f7195c8fe8
Add a check if moreutils is installed
2020-07-08 18:37:52 +02:00
Jelle van der Waa
ea848558c5
Apply hardening role to the gitlab runners
2020-07-08 18:11:30 +02:00
Jelle van der Waa
483ef8c7ce
Run on all hosts except rsync_net
...
rsync_net is a storagebox for backups and cannot apply normal roles.
2020-07-08 18:09:30 +02:00
Jelle van der Waa
08d5975d10
Make gemini really send email
...
Set up the postfix relayhost functionality correctly.
2020-06-26 14:59:05 +02:00
Jelle van der Waa
02b04fab82
Migrate dbscripts, sogrep, archweb related services for mirrors to
...
gemini
2020-06-25 23:38:24 +02:00
Jelle van der Waa
ee653931ec
Migrate sources to gemini
2020-06-24 09:52:32 +02:00
Jelle van der Waa
8523b7836d
Enable fail2ban for gitlab_runners group
2020-06-21 22:15:56 +02:00
Jelle van der Waa
2eff66dd8a
Add fail2ban for sshd on gemini
2020-06-21 21:54:17 +02:00
Jelle van der Waa
209090046f
Move archive.archlinux.org to gemini
...
In preparation of the move to gemini make it already run the
archive.archlinux.org frontend and the archive-uploader. So the
migration is done in steps.
2020-06-21 19:18:16 +02:00
Jelle van der Waa
addd0e018a
Migrate archive to gemini
...
The web frontend of the archive has been moved to gemini in preparation
of the migrating of the repos to gemini. Later when dbscripts is moved
to gemini the full role is run.
2020-06-21 19:07:21 +02:00
Sven-Hendrik Haase
4468f9062e
Add initial gemini.archlinux.org playbook
2020-06-17 09:14:49 +02:00
Sven-Hendrik Haase
fb75cf7c5c
Remove a lot of unnecessary tags that are already added by auto_tags.py
2020-06-17 06:00:22 +02:00
Sven-Hendrik Haase
fe2fe32707
gitlab-runners: Enable firewall on runners
2020-06-17 04:47:33 +02:00
Sven-Hendrik Haase
922264f487
install_arch: Update bootstrap version to 2020.06.01
2020-06-17 04:47:14 +02:00
Frederik Schwan
274a3b601c
fix ansible-lint errors introduced while rebasing
2020-06-17 02:43:13 +02:00
Frederik Schwan
910903cd70
fix E305 'Use shell only when shell functionality is required'
2020-06-17 02:43:13 +02:00
Frederik Schwan
b1651b604a
fix E504 "Do not use ‘local_action’, use ‘delegate_to: localhost’"
2020-06-17 02:43:12 +02:00
Frederik Schwan
fc769a7b1c
fix E301 'Commands should not change things if nothing needs doing'
2020-06-17 02:43:12 +02:00
Frederik Schwan
631e8ba04f
fix E306 'Shells that use pipes should set the pipefail option'
2020-06-17 02:43:12 +02:00
Frederik Schwan
f7529414da
fix E502 'all tasks should be named'
2020-06-12 23:33:36 +00:00
Frederik Schwan
2b2bd06512
fix E206 'Variables should have spaces before and after: {{ var_name }}'
2020-06-12 22:20:48 +02:00
Jan Alexander Steffens (heftig)
293f7277ad
matrix.archlinux.org: Support sending emails again
2020-05-28 23:38:12 +02:00
Jan Alexander Steffens (heftig)
7614beee96
matrix.archlinux.org: Add fail2ban
2020-05-28 22:42:33 +02:00
Jan Alexander Steffens (heftig)
57307320cf
matrix.archlinux.org: Add more zabbix templates
2020-05-28 22:22:34 +02:00
Jelle van der Waa
52ae5dd66e
Add tools to the accounts playbook
...
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2020-05-09 23:01:44 +02:00
Jan Alexander Steffens (heftig)
affc74cbab
matrix: Rescale to cpx31
2020-05-07 23:18:37 +02:00
Jelle van der Waa
f5500702d7
Also fetch the offsite borg backup key
...
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2020-05-02 01:10:32 +02:00
Jelle van der Waa
039435e7a5
Fall back to archive.org when not found for archive.*
...
For our archive.archlinux.org website instead of always redirecting to
archive.org try if we have the file and fallback redirecting to
archive.org. This reduces the load on archive.org and makes our
reproducible builds downloads faster then archive.org. This also set's
up another archive mirror on archive.ger.mirror.pkgbuild.com
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2020-05-01 23:34:30 +02:00
Sven-Hendrik Haase
015c3176b6
Update bootstrap version to 2020.05.01
...
Signed-off-by: Sven-Hendrik Haase <svenstaro@gmail.com>
2020-05-01 19:09:57 +02:00
Frederik Schwan
f42fd92b83
Merge wip-keyclaok into master
2020-04-30 14:30:35 +02:00
Jelle van der Waa
f9e3e52063
Add reproducible.archlinux.org instance
...
Create a new VPS for running the master rebuilderd daemon which
coordinates the rebuild tasks to rebuilderd ndoes.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2020-04-26 01:10:44 +02:00
Jelle van der Waa
c8c59f0451
Remove {sgp,mex}.mirror.pkgbuild.com from hosts
...
sgp and mex both have disk errors and died, so remove them to hosts.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2020-04-09 22:00:12 +02:00
Sven-Hendrik Haase
8fda08aed6
Add offsite backup with rsync.net
2020-03-11 18:03:46 +01:00
Jelle van der Waa
e858fc676b
migrate planet.archlinux.org to archweb
...
Archweb now supports a planet alternative and the old planet software
was Python2 and not maintained anymore.
2020-02-23 00:09:48 +01:00
Jelle van der Waa
324242e42a
archweb: add planet functionality related service/timers
2020-02-13 23:33:54 +01:00
Evangelos Foutras
99b887453d
Update pacman website to 5.2.1
2020-02-09 20:16:57 +02:00
Jelle van der Waa
df8896eb7e
move docker-image from soyuz to dragon
...
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2020-01-06 23:15:21 +01:00
Giancarlo Razzolini
a8bdc06854
Merge branch 'master' of arch-git:/srv/git/infrastructure
2019-12-30 12:58:40 -03:00
Jelle van der Waa
a57abfefba
remove all soyuz leftovers
2019-12-28 13:32:57 +01:00
Giancarlo Razzolini
28bfa799e5
playbooks/aur-dev: Initial playbook for aur-dev.archlinux.org
...
Initial playbook for AUR dev
2019-12-25 18:38:19 -03:00
Evangelos Foutras
7d0ad69030
Remove archbuild role from sgp
...
It should not be used as a build server anymore:
https://wiki.archlinux.org/index.php/DeveloperWiki:DevopsMeetings/2019-11-28#Actionable_5
2019-12-04 09:30:54 +02:00
Giancarlo Razzolini
01423db15a
playbooks/apollo: Remove the flyspray role
...
Remove the flyspray role from apollo. There are still leftovers and nginx
is configured to reply with the maintenance mode, in case someone tries to
access flyspray through apollo.
2019-12-01 17:16:11 -03:00
Giancarlo Razzolini
5785aaaf16
playbooks/bugs.archlinux.org: Add a playbook for the new flyspray VPS
...
Create a playbook for the new flyspray deployment. It has all the roles
required to run flyspray.
2019-12-01 13:11:45 -03:00
Sven-Hendrik Haase
5373efcecc
More descriptive playbook name for state.archlinux.org
2019-11-27 09:36:10 +01:00
Sven-Hendrik Haase
1e81ca6d72
Migrate arch-boxes from soyuz to dragon
2019-11-24 13:33:44 +01:00
Jelle van der Waa
2d561bf89f
state.archlinux.org add zabbix/borg to playbook
2019-11-23 22:23:28 +01:00
Jelle van der Waa
ba60f201ad
Add zabbix to homedir
2019-11-22 20:57:38 +01:00
Sven-Hendrik Haase
299bf206a2
Update bootstrap version
2019-11-19 10:42:36 +01:00
Sven-Hendrik Haase
846ecaa231
Migrate public_html to homedir.archlinux.org
2019-11-18 07:47:56 +01:00
Sven-Hendrik Haase
7653049086
Fix ansible deprecation messages
2019-11-18 03:05:35 +01:00
Sven-Hendrik Haase
0739ae79bb
Rename state.cloud.archlinux.org to state.archlinux.org
2019-11-18 02:10:39 +01:00
Jelle van der Waa
a76219ea2b
add mirror.pkgbuild.com to monitoring.
2019-11-09 19:18:43 +01:00
Phillip Smith
0df317ebd1
deploy fail2ban to bbs server
2019-11-09 13:56:01 +11:00
Phillip Smith
128bad62c1
add tag to fluxbb role in playbook
2019-11-04 14:04:33 +11:00
Phillip Smith
fd05306976
add postgrey to orion
2019-11-04 12:56:35 +11:00
Phillip Smith
b49b43f3e7
add postfix role (commented) to luna
2019-11-04 12:00:00 +11:00
Phillip Smith
4eb9d76f18
deploy postfix as a relay client to apollo and soyuz
2019-10-30 16:49:49 +11:00
Phillip Smith
5534a556b6
add relayhost option to postfix role
...
when deploying the postfix role, specify postfix_relayhost variable with the
hostname of the smtp smarthost to use for delivery. all outbound smtp mail
will be delivered via the specified host.
2019-10-29 17:59:26 +11:00
Giancarlo Razzolini
fb5e3b4314
playbooks/bbs: Add borg to the playbook
...
Add the borg-client role to the bbs.archlinux.org playbook, for enabling
backups.
2019-10-27 23:00:18 -03:00
Jelle van der Waa
09d74c64af
update hosts for bbs.archlinux.org
...
add to mysql-servers for monitoring and fix the php-fpm extensions.
2019-10-27 20:31:06 +01:00
Jelle van der Waa
208a13e5d4
Move fluxbb to a separate vps
...
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-10-27 18:24:24 +01:00
Phillip Smith
4a0c3fd905
add fail2ban to apollo
2019-10-25 16:48:53 +11:00
Phillip Smith
61d48f1173
implement fail2ban role and deploy to orion
...
fail2ban role now protects postfix, dovecot and sshd. other roles can drop
configuration files into /etc/fail2ban/jail.d/*.local to enable fail2ban to
monitor it's service.
2019-10-25 16:46:09 +11:00