Evangelos Foutras
733a2133b5
geo_dns: add option to set NS TTL for geo domains
...
Ansible side of commit 5007c1a85e
("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
2022-05-16 15:46:43 +03:00
Kristian Klausen
9294828f15
Setup mailman3 server
...
We want to migrate to mailman3 as mailman2 is basically unmaintained and
requires Python 2 which is EOL.
Because the mailman and mailman3 packages conflict and we don't want to
perform a big bang migration, mailman3 must be deployed on a separate
server. mailman-web (mailman3's web interface) hasn't been packaged yet,
so for now we are using my homebrewed PKGBUILD[1].
[1] https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e
Ref #59
2022-05-14 22:51:59 +02:00
Evangelos Foutras
afb582b108
geomirror: extract acme dns challenge into new role
...
- add the new role to redirect.archlinux.org
- release mirror.pkgbuild.com of all DNS duties
2022-05-14 14:22:32 +03:00
Evangelos Foutras
d6a10825bf
Fix var-spacing issues reported by ansible-lint 6.1.0
2022-05-12 08:09:52 +03:00
Leonidas Spyropoulos
81eb0a30b4
prometheus_exporters: add gitlab-exporter to gitlab
...
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
2022-05-09 14:29:35 +01:00
Kristian Klausen
4c6203e727
Onboard artafinde as Junior DevOps
...
artafinde is our new newest Junior DevOp[1] and will get access to:
* monitoring.al.org: for setting up gitlab-exporter[1]
* gitlab.al.org: for setting up gitlab-exporter[1]
* dashboards.al.org: in case he wants to do more monitoring related
stuff
[1] https://lists.archlinux.org/pipermail/arch-devops/2022-May/000558.html
[2] https://gitlab.archlinux.org/artafinde/gitlab-exporter/
Fix #452
2022-05-07 18:41:05 +02:00
Evangelos Foutras
375a781611
Re-encrypt all default vaults with a new password
2022-05-07 17:45:19 +03:00
Evangelos Foutras
b264a2f67e
Remove unused vaults and obsolete secrets
...
- group_vars/all/vault_mariadb.yml: remove 'zabbix' database user
- misc/vaults/additional-credentials.vault: remove zabbix irc bot
- roles/dbscripts/tasks/main.yml: drop unused tier0 mirror access
2022-05-07 17:45:19 +03:00
Evangelos Foutras
b4d60ae2f6
Move highly sensitive secrets to new "super" vault
...
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
2022-05-07 17:45:19 +03:00
Evangelos Foutras
cecfd92edf
archusers: preserve SSH keys of svn-* user accounts
...
These were previously removed temporarily and re-created several minutes
later during the process of deploying archusers to gemini.archlinux.org.
2022-05-07 17:42:05 +03:00
Evangelos Foutras
cc9a1b029d
Add missing newline to group_vars/geo_mirrors.yml
2022-04-13 04:46:16 +03:00
Evangelos Foutras
64ec52ca86
Enable certbot_dns_support for geo mirrors only
...
mirror.pkgbuild.com doesn't need it.
2022-04-13 04:20:01 +03:00
Kristian Klausen
9f65f99c6b
Add GeoIP domain for our sponsored mirros
...
We had a GeoIP mirror in the past based on nginx and its GeoIP module,
but it didn't perform very well, due to the high latency (asking a
central server for the package and then redirected to the closest
mirror).
One of the reasons for offering this service, is so we can relieve
mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
likely due to it being the default mirror in our Docker image. Another
reason is so we can offer a link to our arch-boxes images in libosinfo
(used by gnome-boxes, virt-install and virt-manager), with good enough
performance for most users.
This time we take a different approach and use a DNS based solution,
which means the latency penalty is only paid once (the first DNS
request). The downside is that the mirrors must have a valid certificate
for the same domain name, which makes using third-party mirrors a
challenge. So for now, we are just using the sponsored mirorrs
controlled by the DevOps team.
Fix #101
2022-04-13 03:10:09 +02:00
Kristian Klausen
fd28fffb4c
Onboard sudoforge as TU
...
Ref #448
2022-04-12 01:26:35 +02:00
Kristian Klausen
56070a4ef5
Onboard torxed as project maintainer
...
Fix #441
2022-04-10 22:32:52 +02:00
Kristian Klausen
10042c5993
Offboard ronald as TU/dev
...
Ref #439
2022-04-09 19:43:01 +02:00
Kristian Klausen
743c700943
Offboard schuay as TU
...
Fix #446
2022-04-09 19:26:28 +02:00
Kristian Klausen
e0e5255216
Allow Alad access to homedir.archlinux.org
...
Access to homedir is opt-in for support staff.
Fix #447
2022-04-09 18:04:05 +02:00
Jelle van der Waa
1a4a742ee4
Prepare Security Tracker SSO configuration
...
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2022-04-05 02:15:10 +02:00
Jelle van der Waa
8a1bfa643b
allow alex access to multilib
2022-03-29 12:35:38 +02:00
Kristian Klausen
e87ef99262
Onboard kevr as project maintainer
...
Fix #438
2022-02-26 15:44:40 +01:00
Evangelos Foutras
03600a8cc4
Place borg host vaults under host_vars/localhost/
...
Kind of sensitive information that doesn't need to be available to all
hosts.
2022-02-26 11:08:30 +02:00
Giancarlo Razzolini
092ae06079
archusers: Make foxboron a dev
...
After the promotion of foxboron to dev, we have changed his role on archusers
and ran the playbook against the machines.
2022-02-16 13:08:11 -03:00
Kristian Klausen
7eda011d4a
Onboard Neitsab as wiki maintainer
...
Fix #433
2022-02-09 22:28:43 +01:00
Kristian Klausen
2097466b5a
Onboard Edh as wiki maintainer
...
Fix #430
2022-02-09 22:28:39 +01:00
Kristian Klausen
d41bd003f0
Onboard wiki maintainers (Kewl, Det, Skydiver, Flyingpig)
...
Fix #426 , #427 , #428 and #429 .
2022-02-09 22:28:36 +01:00
Jan Alexander Steffens (heftig)
f77db02d6b
matrix: Update mjolnir settings
2022-02-08 22:02:09 +01:00
Sven-Hendrik Haase
a446df726b
Make freswa dev
2022-02-07 12:26:30 +01:00
Kristian Klausen
2ea01eb2f0
Onboard BrainDamage as IRC Op
...
Fix #436
2022-02-03 22:06:01 +01:00
Jelle van der Waa
22b3ebb863
Implement gluebuddy role
2022-01-21 10:43:10 +01:00
Jelle van der Waa
1160eb68e4
Add gluebuddy client
...
The gluebuddy client is required for gluebuddy to retrieve users and
groups membership without being able to change other keycloak data. The
realm-management roles cannot be assigned yet via keycloak as it does
not know about the roles and realm-management client.
2022-01-21 10:30:05 +01:00
Jelle van der Waa
feca81ef79
Onboard Segaja
...
Issue: #442
2021-12-20 22:44:03 +01:00
Jelle van der Waa
cff430ecc8
Onboard artafinde as new TU
...
Issue: #420
2021-12-03 13:08:01 +01:00
Jelle van der Waa
171467657c
JGC resigned
...
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
2021-12-03 08:49:02 +01:00
Jelle van der Waa
462b767ac2
Eschwartz resigned as TU, Staff
2021-12-01 09:55:47 +00:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration
...
New username; separate and longer account manager + storage passwords.
Also, have to use --remote-path=borg1 when interacting with rsync.net.
2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig)
79f2b57be3
Revert "matrix: Fix bridge configuration"
...
This was a regression which has been fixed upstream.
This reverts commit 67e7677ee4
.
2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig)
67e7677ee4
matrix: Fix bridge configuration
...
We're no longer allowed to reserve formerly used namespaces.
2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig)
89f40f707e
matrix: Extend and move the auto-joined rooms into the vault
2021-10-05 21:02:39 +02:00
Kristian Klausen
d70d47d944
Offboard cesura
...
Ref #396
2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig)
78cd1dd567
matrix: Update bridged rooms
2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig)
1278707cf2
matrix: Update badwords
2021-08-26 19:24:03 +02:00
Kristian Klausen
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
Jan Alexander Steffens (heftig)
94de7e216a
group_vars: Enable configure_network for hcloud hosts
...
I don't know why this wasn't enabled.
2021-08-16 00:47:25 +00:00
Kristian Klausen
847337407b
Onboard alex19ep as new TU
...
Ref #388
2021-08-13 20:41:44 +02:00
Jelle van der Waa
f93b995992
Remove unused groups from archusers
...
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
2021-08-12 21:12:47 +02:00
Jelle van der Waa
ad99a86bae
Offboard alad as TU
...
Closes: #389
2021-08-12 21:10:14 +02:00
Kristian Klausen
3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host
...
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig)
caa81be756
matrix: Use Bearer authentication for metrics
...
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
2021-07-31 01:48:50 +02:00
Evangelos Foutras
6436b29b6b
Offboard Scimmia
...
https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/377
2021-07-29 21:27:11 +03:00