mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-06-02 14:16:07 +02:00
Code Issues
3,959 Commits 21 Branches 0 Tags 17 MiB
Commit Graph

353 Commits

Author SHA1 Message Date
Evangelos Foutras 733a2133b5
geo_dns: add option to set NS TTL for geo domains 
Ansible side of commit 5007c1a85e ("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
 2022-05-16 15:46:43 +03:00
Kristian Klausen 9294828f15
Setup mailman3 server 
We want to migrate to mailman3 as mailman2 is basically unmaintained and
requires Python 2 which is EOL.

Because the mailman and mailman3 packages conflict and we don't want to
perform a big bang migration, mailman3 must be deployed on a separate
server. mailman-web (mailman3's web interface) hasn't been packaged yet,
so for now we are using my homebrewed PKGBUILD[1].

[1] https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e

Ref #59
 2022-05-14 22:51:59 +02:00
Evangelos Foutras afb582b108
geomirror: extract acme dns challenge into new role 
- add the new role to redirect.archlinux.org
- release mirror.pkgbuild.com of all DNS duties
 2022-05-14 14:22:32 +03:00
Evangelos Foutras d6a10825bf
Fix var-spacing issues reported by ansible-lint 6.1.0 2022-05-12 08:09:52 +03:00
Leonidas Spyropoulos 81eb0a30b4
prometheus_exporters: add gitlab-exporter to gitlab 
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
 2022-05-09 14:29:35 +01:00
Kristian Klausen 4c6203e727
Onboard artafinde as Junior DevOps 
artafinde is our new newest Junior DevOp[1] and will get access to:
* monitoring.al.org: for setting up gitlab-exporter[1]
* gitlab.al.org: for setting up gitlab-exporter[1]
* dashboards.al.org: in case he wants to do more monitoring related
  stuff

[1] https://lists.archlinux.org/pipermail/arch-devops/2022-May/000558.html
[2] https://gitlab.archlinux.org/artafinde/gitlab-exporter/

Fix #452
 2022-05-07 18:41:05 +02:00
Evangelos Foutras 375a781611
Re-encrypt all default vaults with a new password 2022-05-07 17:45:19 +03:00
Evangelos Foutras b264a2f67e
Remove unused vaults and obsolete secrets 
- group_vars/all/vault_mariadb.yml: remove 'zabbix' database user
- misc/vaults/additional-credentials.vault: remove zabbix irc bot
- roles/dbscripts/tasks/main.yml: drop unused tier0 mirror access
 2022-05-07 17:45:19 +03:00
Evangelos Foutras b4d60ae2f6
Move highly sensitive secrets to new "super" vault 
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
 2022-05-07 17:45:19 +03:00
Evangelos Foutras cecfd92edf
archusers: preserve SSH keys of svn-* user accounts 
These were previously removed temporarily and re-created several minutes
later during the process of deploying archusers to gemini.archlinux.org.
 2022-05-07 17:42:05 +03:00
Evangelos Foutras cc9a1b029d
Add missing newline to group_vars/geo_mirrors.yml 2022-04-13 04:46:16 +03:00
Evangelos Foutras 64ec52ca86
Enable certbot_dns_support for geo mirrors only 
mirror.pkgbuild.com doesn't need it.
 2022-04-13 04:20:01 +03:00
Kristian Klausen 9f65f99c6b
Add GeoIP domain for our sponsored mirros 
We had a GeoIP mirror in the past based on nginx and its GeoIP module,
but it didn't perform very well, due to the high latency (asking a
central server for the package and then redirected to the closest
mirror).

One of the reasons for offering this service, is so we can relieve
mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
likely due to it being the default mirror in our Docker image. Another
reason is so we can offer a link to our arch-boxes images in libosinfo
(used by gnome-boxes, virt-install and virt-manager), with good enough
performance for most users.

This time we take a different approach and use a DNS based solution,
which means the latency penalty is only paid once (the first DNS
request). The downside is that the mirrors must have a valid certificate
for the same domain name, which makes using third-party mirrors a
challenge. So for now, we are just using the sponsored mirorrs
controlled by the DevOps team.

Fix #101
 2022-04-13 03:10:09 +02:00
Kristian Klausen fd28fffb4c
Onboard sudoforge as TU 
Ref #448
 2022-04-12 01:26:35 +02:00
Kristian Klausen 56070a4ef5
Onboard torxed as project maintainer 
Fix #441
 2022-04-10 22:32:52 +02:00
Kristian Klausen 10042c5993
Offboard ronald as TU/dev 
Ref #439
 2022-04-09 19:43:01 +02:00
Kristian Klausen 743c700943
Offboard schuay as TU 
Fix #446
 2022-04-09 19:26:28 +02:00
Kristian Klausen e0e5255216
Allow Alad access to homedir.archlinux.org 
Access to homedir is opt-in for support staff.

Fix #447
 2022-04-09 18:04:05 +02:00
Jelle van der Waa 1a4a742ee4
Prepare Security Tracker SSO configuration 
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
 2022-04-05 02:15:10 +02:00
Jelle van der Waa 8a1bfa643b
allow alex access to multilib 2022-03-29 12:35:38 +02:00
Kristian Klausen e87ef99262 Onboard kevr as project maintainer 
Fix #438
 2022-02-26 15:44:40 +01:00
Evangelos Foutras 03600a8cc4
Place borg host vaults under host_vars/localhost/ 
Kind of sensitive information that doesn't need to be available to all
hosts.
 2022-02-26 11:08:30 +02:00
Giancarlo Razzolini 092ae06079
archusers: Make foxboron a dev 
After the promotion of foxboron to dev, we have changed his role on archusers
and ran the playbook against the machines.
 2022-02-16 13:08:11 -03:00
Kristian Klausen 7eda011d4a
Onboard Neitsab as wiki maintainer 
Fix #433
 2022-02-09 22:28:43 +01:00
Kristian Klausen 2097466b5a
Onboard Edh as wiki maintainer 
Fix #430
 2022-02-09 22:28:39 +01:00
Kristian Klausen d41bd003f0
Onboard wiki maintainers (Kewl, Det, Skydiver, Flyingpig) 
Fix #426, #427, #428 and #429.
 2022-02-09 22:28:36 +01:00
Jan Alexander Steffens (heftig) f77db02d6b
matrix: Update mjolnir settings 2022-02-08 22:02:09 +01:00
Sven-Hendrik Haase a446df726b
Make freswa dev 2022-02-07 12:26:30 +01:00
Kristian Klausen 2ea01eb2f0 Onboard BrainDamage as IRC Op 
Fix #436
 2022-02-03 22:06:01 +01:00
Jelle van der Waa 22b3ebb863
Implement gluebuddy role 2022-01-21 10:43:10 +01:00
Jelle van der Waa 1160eb68e4
Add gluebuddy client 
The gluebuddy client is required for gluebuddy to retrieve users and
groups membership without being able to change other keycloak data. The
realm-management roles cannot be assigned yet via keycloak as it does
not know about the roles and realm-management client.
 2022-01-21 10:30:05 +01:00
Jelle van der Waa feca81ef79
Onboard Segaja 
Issue: #442
 2021-12-20 22:44:03 +01:00
Jelle van der Waa cff430ecc8
Onboard artafinde as new TU 
Issue: #420
 2021-12-03 13:08:01 +01:00
Jelle van der Waa 171467657c
JGC resigned 
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
 2021-12-03 08:49:02 +01:00
Jelle van der Waa 462b767ac2 Eschwartz resigned as TU, Staff 2021-12-01 09:55:47 +00:00
Evangelos Foutras 69994e900a
Complete rsync.net account migration 
New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.
 2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig) 79f2b57be3
Revert "matrix: Fix bridge configuration" 
This was a regression which has been fixed upstream.

This reverts commit 67e7677ee4.
 2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig) 67e7677ee4
matrix: Fix bridge configuration 
We're no longer allowed to reserve formerly used namespaces.
 2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig) 89f40f707e
matrix: Extend and move the auto-joined rooms into the vault 2021-10-05 21:02:39 +02:00
Kristian Klausen d70d47d944
Offboard cesura 
Ref #396
 2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig) 78cd1dd567
matrix: Update bridged rooms 2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig) 1278707cf2
matrix: Update badwords 2021-08-26 19:24:03 +02:00
Kristian Klausen 6a11db2f20 Use wireguard for db connections to archlinux.org 
Fix #177
 2021-08-24 21:08:08 +02:00
Jan Alexander Steffens (heftig) 94de7e216a group_vars: Enable configure_network for hcloud hosts 
I don't know why this wasn't enabled.
 2021-08-16 00:47:25 +00:00
Kristian Klausen 847337407b
Onboard alex19ep as new TU 
Ref #388
 2021-08-13 20:41:44 +02:00
Jelle van der Waa f93b995992
Remove unused groups from archusers 
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
 2021-08-12 21:12:47 +02:00
Jelle van der Waa ad99a86bae
Offboard alad as TU 
Closes: #389
 2021-08-12 21:10:14 +02:00
Kristian Klausen 3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host 
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
 2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig) caa81be756
matrix: Use Bearer authentication for metrics 
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
 2021-07-31 01:48:50 +02:00
Evangelos Foutras 6436b29b6b
Offboard Scimmia 
https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/377
 2021-07-29 21:27:11 +03:00