mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-25 06:20:47 +02:00
Code Issues
4,418 Commits 29 Branches 0 Tags 20 MiB
a72cc1f423
Commit Graph

457 Commits

Author SHA1 Message Date
Kristian Klausen
4112bdf9fd Make ansible-lint happy 
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
 2021-02-14 14:22:05 +01:00
Jelle van der Waa
230cc79a89
Migrate bugtracker to php7 package 
As flyspray does not support PHP 8 as of yet, transition to the php7
package by simply introducing a new php7_fpm role.
 2021-02-14 12:44:00 +01:00
Jelle van der Waa
3124cfd933
Add hedgedoc as new service 
This adds a collaborative markdown editor as newly offered service which
is available via login for all Arch Linux Staff with an option to allow
anonymous edits by users (not default). Users are managed via keycloak
and require the Staff role to be allowed in, non staff keycloak users
currently will receive an internal server error due to an upstream
issue.
 2021-02-01 21:59:30 +01:00
Sven-Hendrik Haase
44f497e52b
Remove dragon (fixes #267) 2021-01-31 13:54:14 +01:00
Sven-Hendrik Haase
83cbb36866
Add build.archlinux.org 2021-01-26 18:06:09 +01:00
Evangelos Foutras
6d813e52fb
Merge sogrep (createlinks script) into dbscripts 
Databases used by sogrep are fetched by syncrepo from gemini, no point
in duplicating this work; consider this to be part of roles/dbscripts.
 2021-01-24 09:47:04 +02:00
Jakub Klinkovský
ca4a79d982 Deploy archmanweb v1.1 2021-01-23 21:16:36 +00:00
Sven-Hendrik Haase
ed1ba0fbc5
gitlab: Fix address binding 
GitLab becomes unhappy if it can't poll localhost.
 2021-01-23 22:06:02 +01:00
Sven-Hendrik Haase
8327ffd974
Deploy man.archlinux.org 2021-01-11 14:55:29 +01:00
Sven-Hendrik Haase
aed624bbcb
Upgrade to current bootstrap image 2021-01-10 22:59:37 +01:00
Jelle van der Waa
d4fe2fcd4a
Remove WKD role, replaced by Gitlab Pages 2021-01-10 20:36:35 +01:00
Jelle van der Waa
11e26b3920
Fix openpgpkeys playbook not being a yml file 2021-01-02 17:15:35 +01:00
Frederik Schwan
8decc2e977
use fetchmail for donor import 
The former approach to export a maildir and iterate over it with a
script broke when the mail server and the web server got on their
own hosts. This will use IMAP IDLE to check for new mails and pass
them instantly to the djange manage.py script without storing the mail
locally.
 2020-12-30 21:33:28 +01:00
Giancarlo Razzolini
1853b36042
playbooks: Remove apollo playbook 
Removed the apollo playbook.
 2020-12-29 07:20:47 -03:00
Frederik Schwan
06d5360ec7 add redirect server to handle redirects for deprecated domains 2020-12-26 23:35:32 +00:00
Kristian Klausen
be6b4f8735 Setup MTA-STS in testing mode 
https://tools.ietf.org/html/rfc8461
 2020-12-26 18:19:28 +01:00
Giancarlo Razzolini
1ae188aec1
playbooks/security.archlinux.org: Add a playbook for security.archlinux.org 
Based on the apollo playbook, add the roles needed for the security tracker to run.
 2020-12-25 14:40:49 -03:00
Frederik Schwan
4ad9050c24
use fetchmail to deliver mail to patchwork 2020-12-24 11:36:37 -03:00
Giancarlo Razzolini
250cb0274f
playbooks/patchwork: Create a playbook for the new patchwork machine 
Created a playbook for patchwork.archlinux.org
 2020-12-24 11:36:36 -03:00
Sven-Hendrik Haase
00f30da2d8
Add a way to let us provide additional addresses to machines configured via DHCP 2020-12-22 18:27:06 +01:00
Giancarlo Razzolini
381f808c71
playbooks/wiki: Created a playbook for wiki.archlinux.org 
Created a playbook for the new wiki.archlinux.org machine, based on the apollo
playbook. Removed from php_fpm the unneded modules.
 2020-12-21 16:38:24 -03:00
Giancarlo Razzolini
48b3687031 plabooks: Change the archweb db variable to point to archlinux.org 
Change the archweb_db_host variable to point to archlinux.org instead of
apollo. This is of particular importance to gemini.
 2020-12-20 11:21:31 +00:00
Jelle van der Waa
d18057756c
Monitor the archive mirrors 2020-12-18 20:58:50 +01:00
Giancarlo Razzolini
797586939a
archlinux.org: Add a host_vars file and playbook for archlinux.org 
Added a host_var file for archlinux.org as well as the playbook for archlinux.org
machine. It it's a stripped down version of apollo's playbook, only containing the roles
pertaining archweb.
 2020-12-15 14:14:39 -03:00
Jelle van der Waa
5dc453cc21 Split archive role into archive_web for archive-mirrors 
To simplify the archive role, split it up in the web serving part for
the archive-mirrors, gemini and keep the archive role for only the
archive operation. This simplifies the new role as only two lines are
required to setup the the archive mirror website.
 2020-12-12 18:32:23 +00:00
Jan Alexander Steffens (heftig)
458217f45d
matrix: Raise postgres_effective_cache_size 
Seems we run at about 5GB of cache. Let postgres assume it gets 4GB.
 2020-12-12 13:36:41 +01:00
Jan Alexander Steffens (heftig)
a631466739
matrix: Retune PostgreSQL again 
Bump the mem settings higher again, now that we know they're not the
cause. Also increase the maximum connection count.
 2020-12-12 12:51:54 +01:00
Jan Alexander Steffens (heftig)
c7e3446bae
postgres: Set jit = off on matrix.archlinux.org 
This seems to be the cause for our memory leak.

https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
 2020-12-12 12:51:53 +01:00
Jan Alexander Steffens (heftig)
c12ce1ab1f
matrix: Reduce postgres_maintenance_work_mem 
Still seeing PostgreSQL session processes eating over 600M of private
memory. What's going on?
 2020-12-08 17:51:33 +01:00
Jelle van der Waa
7fe487ad27
Add Kape donated servers 
Setup Kape servers as archive mirrors (asia,europe,america), Gitlab
runner and Rebuilderd worker. All machines except runner1 are EFI
machines with grub setup and a EFI parition which is not supported by
our ansible install role and is manually rolled out.
 2020-12-07 20:28:55 +01:00
Jelle van der Waa
d129e7d947 Add rebuilderd_worker role for repro1.pkgbuild.com 
The repro3.pkgbuild.com machine was a packet.net box with an Ubuntu
installation. Now converted to an Arch Linux installation managed by
ansible with a new rebuilderd_worker role.
 2020-12-03 16:19:43 +00:00
Jelle van der Waa
61ebc74d67
Remove unrequired php modules from bugs.archlinux.org 2020-11-30 23:06:54 +01:00
Frederik Schwan
bdda1074a8
remove unused kanboard role 2020-11-24 20:00:19 +01:00
Kristian Klausen
2557ba3d73 Use Rspamd for DKIM signing 
Fix #213
 2020-11-22 00:21:42 +01:00
Jelle van der Waa
4bc660d6be
Remove zabbix-agent, zabbix roles 
Zabbix has been replaced by Prometheus for monitoring our services.
 2020-11-21 22:14:20 +01:00
Jelle van der Waa
5aacd09f12
Monitor all hosts with prometheus 2020-11-21 22:13:31 +01:00
Jelle van der Waa
493f9a58b9 Cleanup orion references 
Orion has been replaced by gemini and for mail by mail.archlinux.org
 2020-11-21 21:00:44 +00:00
Jelle van der Waa
30d5dd4fc9 Docker is now build in Gitlab CI 
We no longer need this role as Gitlab handles it now.
 2020-11-21 19:16:14 +00:00
Jelle van der Waa
5be4dad25f
Add archusers role to gemini 2020-11-19 22:16:54 +01:00
Kristian Klausen
bcf1c981bb Replace SpamAssassin with Rspamd 
Switching to Rspamd has some advantages:
* It is probably faster than SA[1] (C + Lua vs Perl)
* We can reduce the number of moving parts. Rspamd has built-in DKIM
  signing, greylisting, DMARC checking to name a few
* It doesn't just mark the mail as spam/not-spam, it gives every mail a
  score and depending on the score it does either: nothing, greylist it,
  mark it as spam or reject it[2] (more actions is available and it can
  be tweaked)
* Replies whitelisting[3]
* It supports ARC signing, which can be useful
* A cool looking WebUi :)
* ... and more[4]...

[1] https://rspamd.com/doc/tutorials/migrate_sa.html#why-migrate-to-rspamd
[2] https://rspamd.com/doc/faq.html#what-are-rspamd-actions
[3] https://rspamd.com/doc/modules/replies.html
[4] https://rspamd.com/comparison.html
 2020-11-15 04:40:49 +00:00
Jan Alexander Steffens (heftig)
f5667a0ff2
matrix: Adjust PostgreSQL tuning some more 
Less work_mem because this explodes easily. It's per-operation, which a
query can have multiple of, and also across multiple worker threads.

More shared_buffers and effective_cache_size as these are global.
 2020-11-14 00:47:05 +01:00
Jan Alexander Steffens (heftig)
ba1f1a5b11
matrix.archlinux.org: Reduce PostgreSQL memory usage 
It ran out of memory, with Postgres using a lot of RSS.
 2020-11-10 23:39:34 +01:00
Jelle van der Waa
992f81d766
By default enable the sshd jail for fail2ban 
For all hosts we want to have a working fail2ban for sshd brute force
attempts through a group_vars/all. For some hosts an override is
required to enable postfix or dovecot jails.
 2020-11-02 17:58:18 +01:00
Jelle van der Waa
53bd985636
Move openpgpkey.archlinux.org to a new VPS 
The WKD webservice ran on orion, but as we want to retire it, we will
move it to it's own CX11 VPS. As it's just a simple web page.
 2020-11-02 10:02:41 +01:00
Jakub Klinkovský
13b5367d33
Set LC_COLLATE for the ssh-keyscan command 
Just in case, locales are complicated...
 2020-10-26 22:22:41 +01:00
Jakub Klinkovský
592d18964f
Fix non-deterministic behavior of sync-ssh-hostkeys.yml 
Fixes #196
 2020-10-26 21:47:32 +01:00
Jelle van der Waa
5beff61937
Add mail to monitoring 2020-10-24 19:15:42 +02:00
Jelle van der Waa
1c94b5fe1e
Update playbooks for new mail server 2020-10-24 18:09:26 +02:00
Jelle van der Waa
636983b842
Add mail.archlinux.org playbook 2020-10-24 18:09:25 +02:00
Sven-Hendrik Haase
c3e96a35a6
fetch-borg-keys: Remove mode=preserve flag 
It's not even implemented for file.
 2020-10-22 21:44:28 +02:00
Sven-Hendrik Haase
26f4f08dcc
Update hostkeys 
We forget doing this too often. :(
 2020-10-22 19:52:05 +02:00
Sven-Hendrik Haase
6cf9fe317d
Upgrade bootstrap image version 2020-10-12 19:30:20 +02:00
Jelle van der Waa
442a6de9bb
Add mirror/homedir to prometheus monitoring 2020-10-06 22:51:44 +02:00
Sven-Hendrik Haase
d68771ea7a
Fix for ansible 2.10 (fixes #149) 2020-09-23 22:22:34 +02:00
Jelle van der Waa
0d995b0108
Monitor state,quassel with prometheus 2020-09-12 23:19:23 +02:00
Jelle van der Waa
49df3110df
Set innodb_buffer_pool_size to 1G for the aur 2020-09-12 22:16:42 +02:00
Jakub Klinkovský
6552209570 remove mariadb_innodb_buffer_pool_size from playbooks 
The default value is 128M and our servers have plenty of RAM for that.
 2020-09-12 20:11:10 +00:00
Jakub Klinkovský
13de2781bd mariadb: bump mariadb_table_open_cache to the upstream default of 2000 
The upstream default value is 2000 since 10.1.7:
https://mariadb.com/kb/en/server-system-variables/#table_open_cache

See also commit f164d0001f
 2020-09-12 20:11:10 +00:00
Jelle van der Waa
5091b966d7
Add aur-dev and phrik.archlinux.org to prometheus monitoring 2020-09-12 22:07:34 +02:00
Jelle van der Waa
2be002b112
Remove zabbix-agent role everywhere 
We switched for monitoring to prometheus so zabbix-agent is unwanted and
we don't want to accidently deploy it again.
 2020-09-12 17:22:09 +02:00
Jelle van der Waa
7183361c64 Setup Oauth for Grafana 
Configure Grafana to use Keycloak OpenID Connect for authentication. For
now only DevOps is configured as admin and Arch Staff as general Viewer
roles.
 2020-09-09 21:17:33 +00:00
Jelle van der Waa
23564b29a6
Introduce prometheus exporters role for collection 
Add a new role called prometheus_exporters which should be run on every
machine we have and starts different collectors depending on what group
the machine is in. Currently supported our the gitlab runner exporter,
rebuilder textcollector, mysqld-exporter, borg textcollector and an
node/arch exporter. The arch exporter monitors the security status and
pacman out of date packages gauge.
 2020-09-06 20:13:32 +02:00
Jelle van der Waa
8b3c68e5e1
Add prometheus role for the prometheus/alertmanager server 
Introduce a new monitoring server with prometheus and alertmanager for
monitoring all our boxes.
 2020-08-31 21:09:54 +02:00
Sven-Hendrik Haase
a636f8a597 Remove arch-boxes stuff (fixes #107) 
This is now built enitrely in GitLab CI in the arch-boxes repo so this is no longer required.
 2020-08-28 20:05:24 +00:00
Frederik Schwan
63887d3b09 fix E208 'File permissions not mentioned' 2020-08-27 05:29:00 +00:00
Frederik Schwan
04b2e3b1e0 fix E106 'Role name <role> does not match `^[a-z][a-z0-9_]+$` pattern' 2020-08-27 05:29:00 +00:00
Sven-Hendrik Haase
3472c7bb7c
Remove mirror_load_balancer stuff 
This never really worked to well and since basically all PIA boxes that we
balanced to have died by now and it's also pretty slow.
 2020-08-13 21:42:37 +02:00
Jelle van der Waa
21974053bc
Remove hefur as torrent tracker 
The magnet uri's and torrent files no longer include a torrent tracker
link so running the service is obsolete.
 2020-08-13 19:26:33 +02:00
Jelle van der Waa
86b3662cf6
Fix sync-ssh-hostkeys task for Ubuntu 
As repro3 is Ubuntu and it's default shell is dash, set -o pipefail is
not supported.
 2020-08-03 23:46:48 +02:00
Kristian Klausen
48a99ad570 Remove postgrey role 
It isn't used and Postfix was never configured to use it.
 2020-08-02 14:47:28 +02:00
Sven-Hendrik Haase
7fcf44e59e
install_arch: Bump Arch bootstrap version 2020-07-25 01:15:13 +02:00
Giancarlo Razzolini
9f3d64228d
playbooks: Add back the borg tag 
Added the borg tag again, since it's useful for running borg related
tasks.
 2020-07-23 13:29:21 -03:00
Giancarlo Razzolini
f7c3847e65
playbooks: Remove tags from AUR playbooks and sync aur/aur-dev 
Removed tags from playbooks, since they are auto-generated and also
synced the aur.archlinux.org playbook with aur-dev.archlinux.org one.
 2020-07-23 11:56:11 -03:00
Giancarlo Razzolini
e70ab6ce45
roles/aurweb: Change aurweb role to support sshd includes 
Added support for the aurweb role to the new openssh include mechanism,
that's baked into our sshd role.
 2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
69ad9c76c7
playbooks/aur: Sync with the aur-dev playbook 
Add the aur-dev changes to the aur playbook.
 2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
751b3cf89a
roles/aurweb: Make the necessary changes to use memcached instead of apcu 
Add memcached to the playbook and also change the php extensions to use memcached.
Removed the apcu options from defatuls and added memcached settings. Added the php-memcached
packages to the list of needed packages and also remove the apcu tasks. Added the memcached
systemd unit file and enable and start it from the tasks.
 2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
75ea584f70
roles/aurweb: Remove git from the list of packages installed 
Since git is installed on a separate step, remove it from the main list.
 2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
3defaded28
playbooks/aur: Rename the aur playbook file and add the missing roles 
The original aur playbook file was missing a lot of the roles that were
added for the aur-dev playbook. Add them and renamed the file too.
 2020-07-23 11:03:40 -03:00
Giancarlo Razzolini
03ec6a599a
playbooks/aur-dev: Add apc to the php extensions 
roles/aurweb: Add the apc configuration variables

Added the apc to the php extensions on the playbook, instead of adding
it on the conf.d directory. Added the apc variables to the defaults file.
 2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
8ef8a1b82e
playbooks/aur-dev: Add uwsgi 
We need to use uwsgi for cgit hosting, so add the uwsgi role to the playbook.
 2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
35d176f616
roles/aurweb: Add maintenance mode and other changes 
playboooks/aur-dev: Remove the intl php extension

Added maintenance mode to the aurweb role using the AUR internal mode. Also,
add the php-apcu-bc package to the list of required packages. Also running the
make required to create the translations.
 2020-07-23 11:03:39 -03:00
Giancarlo Razzolini
268af91494
playbooks/aur-dev: Add aur-dev to the hosts file and add change the playbook for dev 
Changed the playbook to add the missing php modules and add the AUR role. Also set the
domain and the git branch variables so the right version of the AUR is installed.
 2020-07-23 11:03:38 -03:00
Jelle van der Waa
0c1c366493
Introduce AUR role 
The ansible role for the Arch User Repository.

Thanks-to: Eli Schwartz <eschwartz@archlinux.org>
 2020-07-23 11:03:38 -03:00
Jelle van der Waa
d9377b5e5b
Add bugbot role to phrik.archlinux.org 
Apply more security hardening, add pgp key fetching and verification for
the git repository.
 2020-07-11 22:06:35 +02:00
Sven-Hendrik Haase
6bdab52f16
Use prio host for rsync.net 
Apparently the host without prio is the traffic shaped one which has been very slow for us.
 2020-07-09 00:50:32 +02:00
Sven-Hendrik Haase
bb35582a58
Adjust backup host paths to new scheme 2020-07-09 00:50:28 +02:00
Sven-Hendrik Haase
764df6ee5d
Switch from vostok to storagebox (fixes #51) 2020-07-09 00:50:04 +02:00
Jelle van der Waa
f7195c8fe8
Add a check if moreutils is installed 2020-07-08 18:37:52 +02:00
Jelle van der Waa
ea848558c5
Apply hardening role to the gitlab runners 2020-07-08 18:11:30 +02:00
Jelle van der Waa
483ef8c7ce
Run on all hosts except rsync_net 
rsync_net is a storagebox for backups and cannot apply normal roles.
 2020-07-08 18:09:30 +02:00
Jelle van der Waa
08d5975d10
Make gemini really send email 
Set up the postfix relayhost functionality correctly.
 2020-06-26 14:59:05 +02:00
Jelle van der Waa
02b04fab82
Migrate dbscripts, sogrep, archweb related services for mirrors to 
gemini
 2020-06-25 23:38:24 +02:00
Jelle van der Waa
ee653931ec
Migrate sources to gemini 2020-06-24 09:52:32 +02:00
Jelle van der Waa
8523b7836d
Enable fail2ban for gitlab_runners group 2020-06-21 22:15:56 +02:00
Jelle van der Waa
2eff66dd8a
Add fail2ban for sshd on gemini 2020-06-21 21:54:17 +02:00
Jelle van der Waa
209090046f
Move archive.archlinux.org to gemini 
In preparation of the move to gemini make it already run the
archive.archlinux.org frontend and the archive-uploader. So the
migration is done in steps.
 2020-06-21 19:18:16 +02:00
Jelle van der Waa
addd0e018a
Migrate archive to gemini 
The web frontend of the archive has been moved to gemini in preparation
of the migrating of the repos to gemini. Later when dbscripts is moved
to gemini the full role is run.
 2020-06-21 19:07:21 +02:00
Sven-Hendrik Haase
4468f9062e
Add initial gemini.archlinux.org playbook 2020-06-17 09:14:49 +02:00
Sven-Hendrik Haase
fb75cf7c5c
Remove a lot of unnecessary tags that are already added by auto_tags.py 2020-06-17 06:00:22 +02:00
Sven-Hendrik Haase
fe2fe32707
gitlab-runners: Enable firewall on runners 2020-06-17 04:47:33 +02:00
Sven-Hendrik Haase
922264f487
install_arch: Update bootstrap version to 2020.06.01 2020-06-17 04:47:14 +02:00
Frederik Schwan
274a3b601c
fix ansible-lint errors introduced while rebasing 2020-06-17 02:43:13 +02:00
Frederik Schwan
910903cd70
fix E305 'Use shell only when shell functionality is required' 2020-06-17 02:43:13 +02:00
Frederik Schwan
b1651b604a
fix E504 "Do not use ‘local_action’, use ‘delegate_to: localhost’" 2020-06-17 02:43:12 +02:00
Frederik Schwan
fc769a7b1c
fix E301 'Commands should not change things if nothing needs doing' 2020-06-17 02:43:12 +02:00
Frederik Schwan
631e8ba04f
fix E306 'Shells that use pipes should set the pipefail option' 2020-06-17 02:43:12 +02:00
Frederik Schwan
f7529414da fix E502 'all tasks should be named' 2020-06-12 23:33:36 +00:00
Frederik Schwan
2b2bd06512
fix E206 'Variables should have spaces before and after: {{ var_name }}' 2020-06-12 22:20:48 +02:00
Jan Alexander Steffens (heftig)
293f7277ad
matrix.archlinux.org: Support sending emails again 2020-05-28 23:38:12 +02:00
Jan Alexander Steffens (heftig)
7614beee96
matrix.archlinux.org: Add fail2ban 2020-05-28 22:42:33 +02:00
Jan Alexander Steffens (heftig)
57307320cf
matrix.archlinux.org: Add more zabbix templates 2020-05-28 22:22:34 +02:00
Jelle van der Waa
52ae5dd66e
Add tools to the accounts playbook 
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
 2020-05-09 23:01:44 +02:00
Jan Alexander Steffens (heftig)
affc74cbab
matrix: Rescale to cpx31 2020-05-07 23:18:37 +02:00
Jelle van der Waa
f5500702d7
Also fetch the offsite borg backup key 
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
 2020-05-02 01:10:32 +02:00
Jelle van der Waa
039435e7a5
Fall back to archive.org when not found for archive.* 
For our archive.archlinux.org website instead of always redirecting to
archive.org try if we have the file and fallback redirecting to
archive.org. This reduces the load on archive.org and makes our
reproducible builds downloads faster then archive.org. This also set's
up another archive mirror on archive.ger.mirror.pkgbuild.com

Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
 2020-05-01 23:34:30 +02:00
Sven-Hendrik Haase
015c3176b6
Update bootstrap version to 2020.05.01 
Signed-off-by: Sven-Hendrik Haase <svenstaro@gmail.com>
 2020-05-01 19:09:57 +02:00
Frederik Schwan
f42fd92b83
Merge wip-keyclaok into master 2020-04-30 14:30:35 +02:00
Jelle van der Waa
f9e3e52063 Add reproducible.archlinux.org instance 
Create a new VPS for running the master rebuilderd daemon which
coordinates the rebuild tasks to rebuilderd ndoes.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2020-04-26 01:10:44 +02:00
Jelle van der Waa
c8c59f0451
Remove {sgp,mex}.mirror.pkgbuild.com from hosts 
sgp and mex both have disk errors and died, so remove them to hosts.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2020-04-09 22:00:12 +02:00
Sven-Hendrik Haase
8fda08aed6 Add offsite backup with rsync.net 2020-03-11 18:03:46 +01:00
Jelle van der Waa
e858fc676b migrate planet.archlinux.org to archweb 
Archweb now supports a planet alternative and the old planet software
was Python2 and not maintained anymore.
 2020-02-23 00:09:48 +01:00
Jelle van der Waa
324242e42a archweb: add planet functionality related service/timers 2020-02-13 23:33:54 +01:00
Evangelos Foutras
99b887453d Update pacman website to 5.2.1 2020-02-09 20:16:57 +02:00
Jelle van der Waa
df8896eb7e move docker-image from soyuz to dragon 
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2020-01-06 23:15:21 +01:00
Giancarlo Razzolini
a8bdc06854
Merge branch 'master' of arch-git:/srv/git/infrastructure 2019-12-30 12:58:40 -03:00
Jelle van der Waa
a57abfefba remove all soyuz leftovers 2019-12-28 13:32:57 +01:00
Giancarlo Razzolini
28bfa799e5
playbooks/aur-dev: Initial playbook for aur-dev.archlinux.org 
Initial playbook for AUR dev
 2019-12-25 18:38:19 -03:00
Evangelos Foutras
7d0ad69030 Remove archbuild role from sgp 
It should not be used as a build server anymore:

https://wiki.archlinux.org/index.php/DeveloperWiki:DevopsMeetings/2019-11-28#Actionable_5
 2019-12-04 09:30:54 +02:00
Giancarlo Razzolini
01423db15a
playbooks/apollo: Remove the flyspray role 
Remove the flyspray role from apollo. There are still leftovers and nginx
is configured to reply with the maintenance mode, in case someone tries to
access flyspray through apollo.
 2019-12-01 17:16:11 -03:00
Giancarlo Razzolini
5785aaaf16
playbooks/bugs.archlinux.org: Add a playbook for the new flyspray VPS 
Create a playbook for the new flyspray deployment. It has all the roles
required to run flyspray.
 2019-12-01 13:11:45 -03:00
Sven-Hendrik Haase
5373efcecc
More descriptive playbook name for state.archlinux.org 2019-11-27 09:36:10 +01:00
Sven-Hendrik Haase
1e81ca6d72
Migrate arch-boxes from soyuz to dragon 2019-11-24 13:33:44 +01:00
Jelle van der Waa
2d561bf89f state.archlinux.org add zabbix/borg to playbook 2019-11-23 22:23:28 +01:00
Jelle van der Waa
ba60f201ad Add zabbix to homedir 2019-11-22 20:57:38 +01:00
Sven-Hendrik Haase
299bf206a2
Update bootstrap version 2019-11-19 10:42:36 +01:00
Sven-Hendrik Haase
846ecaa231 Migrate public_html to homedir.archlinux.org 2019-11-18 07:47:56 +01:00
Sven-Hendrik Haase
7653049086
Fix ansible deprecation messages 2019-11-18 03:05:35 +01:00
Sven-Hendrik Haase
0739ae79bb
Rename state.cloud.archlinux.org to state.archlinux.org 2019-11-18 02:10:39 +01:00
Jelle van der Waa
a76219ea2b add mirror.pkgbuild.com to monitoring. 2019-11-09 19:18:43 +01:00
Phillip Smith
0df317ebd1 deploy fail2ban to bbs server 2019-11-09 13:56:01 +11:00
Phillip Smith
128bad62c1 add tag to fluxbb role in playbook 2019-11-04 14:04:33 +11:00
Phillip Smith
fd05306976 add postgrey to orion 2019-11-04 12:56:35 +11:00
Phillip Smith
b49b43f3e7 add postfix role (commented) to luna 2019-11-04 12:00:00 +11:00
Phillip Smith
4eb9d76f18 deploy postfix as a relay client to apollo and soyuz 2019-10-30 16:49:49 +11:00
Phillip Smith
5534a556b6 add relayhost option to postfix role 
when deploying the postfix role, specify postfix_relayhost variable with the
hostname of the smtp smarthost to use for delivery. all outbound smtp mail
will be delivered via the specified host.
 2019-10-29 17:59:26 +11:00
Giancarlo Razzolini
fb5e3b4314
playbooks/bbs: Add borg to the playbook 
Add the borg-client role to the bbs.archlinux.org playbook, for enabling
backups.
 2019-10-27 23:00:18 -03:00
Jelle van der Waa
09d74c64af update hosts for bbs.archlinux.org 
add to mysql-servers for monitoring and fix the php-fpm extensions.
 2019-10-27 20:31:06 +01:00
Jelle van der Waa
208a13e5d4
Move fluxbb to a separate vps 
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2019-10-27 18:24:24 +01:00
Phillip Smith
4a0c3fd905 add fail2ban to apollo 2019-10-25 16:48:53 +11:00
Phillip Smith
61d48f1173 implement fail2ban role and deploy to orion 
fail2ban role now protects postfix, dovecot and sshd. other roles can drop
configuration files into /etc/fail2ban/jail.d/*.local to enable fail2ban to
monitor it's service.
 2019-10-25 16:46:09 +11:00