a9d48ad8ed
mta_sts: Use CRLF line terminators per the RFC[1]
...
[1] https://datatracker.ietf.org/doc/html/rfc8461#section-3.2
2022-05-16 22:46:01 +02:00
eac26bfc98
Bump MTA STS id to invalid cache
...
Fixes: 0b87cbfd
2022-05-16 22:45:58 +02:00
733a2133b5
geo_dns: add option to set NS TTL for geo domains
...
Ansible side of commit 5007c1a85e
2022-05-16 15:46:43 +03:00
5007c1a85e
tf-stage1: allow setting the NS TTL of geo domains
...
When adding a new geo domain or doing other testing, we would want to
use a low TTL to allow for making quick changes to the configuration.
2022-05-16 14:20:55 +03:00
7944981197
tf-stage1: use template for geo domains NS records
2022-05-14 14:20:43 +03:00
37fb120aa8
Provision server for buildbot POC
...
Foxboron wants some infra for a buildbot POC, so let's give it to him!
The server has been configured with the common and firewalld role.
2022-05-12 22:27:00 +02:00
b4d60ae2f6
Move highly sensitive secrets to new "super" vault
...
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
2022-05-07 17:45:19 +03:00
6878066d91
geomirror: bump TTL to 86400 for NS records
...
In an effort to stay consistent with the TTL used for the archlinux.org
and pkgbuild.com NS records, as well as slightly improve lookup latency.
2022-04-29 20:38:15 +03:00
60fb4494fa
tf-stage1: version bump of terraform providers
...
New hcloud adds protection fields to servers, volumes and floating IPs.
2022-04-23 03:28:28 +03:00
17024ba287
Remove gitlab volume
...
/srv/gitlab has been moved to local (NVMe SSD) storage; hopefully it
won't grow too large and thus require transferring back to a volume.
2022-04-19 11:44:12 +03:00
aa359082aa
Avoid single point-of-failure for our GeoIP domain
...
We don't want mirror.pkgbuild.com's DNS server to be a
single-point-of-failure, so this commit adds multiple authoritative DNS
servers for the zone. The extra DNS servers are run on the geomirror
servers.
The _acme-challenge zone, used for obtaining certificates, is run solely
on mirror.pkgbuild.com's DNS server, to avoid syncing DNS records
between the servers (KISS).
2022-04-15 19:43:33 +02:00
9f65f99c6b
Add GeoIP domain for our sponsored mirros
...
We had a GeoIP mirror in the past based on nginx and its GeoIP module,
but it didn't perform very well, due to the high latency (asking a
central server for the package and then redirected to the closest
mirror).
One of the reasons for offering this service, is so we can relieve
mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
likely due to it being the default mirror in our Docker image. Another
reason is so we can offer a link to our arch-boxes images in libosinfo
(used by gnome-boxes, virt-install and virt-manager), with good enough
performance for most users.
This time we take a different approach and use a DNS based solution,
which means the latency penalty is only paid once (the first DNS
request). The downside is that the mirrors must have a valid certificate
for the same domain name, which makes using third-party mirrors a
challenge. So for now, we are just using the sponsored mirorrs
controlled by the DevOps team.
Fix #101
2022-04-13 03:10:09 +02:00
8838470cf5
Shrink debuginfod volume from 100G to 25G
...
This hasn't seen much growth in the past two months and is chilling
around 13G. We can easily bump it once we have more debug packages.
2022-04-11 20:42:46 +03:00
af5d4b845e
Decommission aur-dev
...
With the PHP->Python port done[1][2], there isn't much need for aur-dev
anynmore. Most things can also be tested locally and aur-dev haven't got
any love since the port (ex: allowing the aurweb maintainers to deploy
without asking DevOps).
[1] https://lists.archlinux.org/pipermail/aur-general/2022-February/036786.html
[2] https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/525
2022-04-11 14:55:53 +02:00
e680dc3b75
tf-stage1: bump TTL to 86400 for NS records
...
The default TTL of 3600 seems a bit short for these.
2022-03-14 08:12:33 +02:00
2d1e9b57c0
tf-stage1: standardize on TTL 3600 for DNS records
...
Almost all of our DNS records have a TTL of 86400 (24 hours) with a few
using a TTL of 600 (some MX and TXT records). The former is too long to
be flexible when a need for fast change(s) arises, and the latter don't
benefit from the low TTL. Standardize on a TTL of 3600 (1 hour) for all
our records.
2022-03-13 20:18:06 +02:00
33cb9134dd
Resize gitlab volume from 250G to 200G
...
250 is not a nice round number, whereas 200 is.
2022-03-05 09:35:00 +02:00
e3d555851c
Revert "Add GitLab Pages for btw[1]"
...
This reverts commit c8d1a39af2
2022-02-26 15:41:56 +00:00
c8d1a39af2
Add GitLab Pages for btw[1]
...
[1] https://gitlab.archlinux.org/archlinux/btw
2022-02-23 17:13:55 +01:00
87815d037c
Rescale gitlab from cx51 to cpx41
...
Better bang for buck; unfortunately it doesn't seem any faster.
2022-02-06 23:43:30 +02:00
e407f83e3a
Resize gitlab volume to 250G
2022-02-06 23:13:20 +02:00
9a7483832c
Provision debuginfod server
2022-02-04 21:13:19 +00:00
d88c0b953e
Initialize gluebuddy host
2022-01-21 10:30:05 +01:00
c0771b57ff
Remove _matrix._tcp.archlinux.org SRV record
...
The `https://archlinux.org/.well-known/matrix/server ` response is used
over the SRV record in all cases. We haven't been listening on 8448
since e9e4c11444
2021-12-10 18:23:23 +01:00
d0de4aa30a
Resize aur-dev as it was apparently too small before
2021-12-05 02:02:17 +01:00
1e52140929
Increase the volume size (150->200GiB) for monitoring.al.org
...
With Loki needing roughly 108GiB[1] and Prometheus at least[2]
116GiB[3], 200GiB sounds like a good starting point.
[1] increase(loki_ingester_chunk_stored_bytes_total[1w]) / 7 * 90
[2] https://www.robustperception.io/how-much-disk-space-do-prometheus-blocks-use
[3] (rate(prometheus_tsdb_compaction_chunk_size_bytes_sum[1w]) /
rate(prometheus_tsdb_compaction_chunk_samples_sum[1w])) *
increase(prometheus_tsdb_head_samples_appended_total[1w]) / 7 * 365
2021-10-08 17:47:52 +02:00
d7d4ecbce1
Add GitLab Pages for "Service Agreements"
...
Ref: https://gitlab.archlinux.org/archlinux/service-agreements/-/merge_requests/16
2021-08-22 13:13:36 +02:00
9f54f8e07b
Add reproducible-notes for hosting packages.json
...
This subdomain hosts gitlab CI produced and updated notes for
unreproducible packages.
2021-07-31 15:46:35 +02:00
5ece8b98c2
Scale up lists to CPX11
...
Archiving arch-commits mails maxes out the single vCPU of CX11 and
results in High CPU Prometheus alert. If we decide not to maintain
mail archive for arch-commits, then we can likely scale back down.
2021-07-24 14:13:26 +03:00
3ba230b17c
Replace runner1 with a new bigger box
...
CPU: Intel Xeon E5-2620 -> E-2288G
Disk: 2x~1TB -> 2x~500GB
2021-07-21 00:40:59 +02:00
373d4918cd
Add redirects for git.archlinux.org using a map
2021-07-14 20:03:54 +02:00
faba3a3d7c
misc/get_key.py: load vault file without chdir'ing
...
Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.
Fixes: 7754214604
2021-07-07 15:18:41 +03:00
9c2ca6851c
tf-stage1: Update commented out SOA entries
2021-07-07 13:40:59 +03:00
98f72a541a
tf-stage1: Update nameservers
...
Closes #207
2021-07-07 11:11:35 +02:00
032763987c
Send promtail logs and scrap its metrics over WireGuard
2021-07-06 22:21:41 +00:00
79f7d59910
Goodbye luna
...
https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html
Fix #86
2021-07-04 12:46:01 +00:00
06d4826aac
Make the lists.al.org VPS the new lists server
...
Fix #356
2021-06-30 09:30:31 +00:00
41c5a5e26c
Add initial playbook for lists.archlinux.org
...
nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.
2021-06-30 09:30:31 +00:00
1ed1ee0f34
Increase the volume size (100->150GB) for monitoring.al.org
...
Loki is using a lot of storage (~8GB per week).
2021-06-23 15:59:19 +02:00
d4206f7762
Create a redirect for the CoC
...
Fix #354
2021-06-16 00:28:16 +00:00
db1ccafcf1
Remove removed svn2gittest.archlinux.org machine
2021-06-09 12:09:20 +02:00
d2b110d250
Add dashboards.archlinux.org for public Grafana dashboards
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-05-13 23:28:01 +02:00
723f147129
Add tu bylaws website domain
...
The TU Bylaws is currently deployed as part of the aurweb role which
makes it more work for devops and with gitlab pages TU's can deploy it
themself.
2021-05-08 21:24:53 +02:00
889ecc98df
Add openpgpkey.master-key domain
...
The WKD setup for master-key.archlinux.org requires this domain to
obtain the master keys via WKD. As WKD falls back to archlinux.org which
contains no .well-known/openpgpkey entry.
2021-04-27 22:30:51 +02:00
147003aac1
Increase monitoring.archlinux.org from cx21 to cx31
2021-04-27 02:28:11 +02:00
29ed9fa602
Update whatcanidofor verification code
2021-04-22 20:49:07 +02:00
3c9d2abc8e
Fix asknot domain
...
Eg. https://whatcanidoforfedora.org/ and
https://whatcanidoformozilla.org/ . Mea culpa.
2021-04-19 14:52:25 -04:00
67aeede014
resize monitoring for loki
...
Loki keeps logs it returns in ram, resulting in the oom killer on 2GB's
of ram.
2021-04-08 23:11:38 +02:00
a5da021b56
Setup Pages for new bugs.archlinux.org snapshot service[1]
...
Fix #303
[1] https://gitlab.archlinux.org/archlinux/archlinux-bugs-snapshotter
2021-04-05 07:43:02 +02:00
8100dcc85e
Add logging CNAME to monitoring
...
This allows us to get proper certificates for loki which will run on logging.archlinux.org
on the same machine as monitoring.archlinux.org.
2021-03-29 02:31:42 +02:00
Kristian Klausen
Evangelos Foutras
Jelle van der Waa
Jan Alexander Steffens (heftig)
Sven-Hendrik Haase
Thorben Günther
Daniel M. Capella