a9e0790f53
Remove the three dashes from all YAML documents
...
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
2022-06-08 14:35:45 +03:00
8abd2cf1fe
Use all-hosts-basic with root_ssh when offboarding
...
There is no need to run all playbooks for this.
2022-06-08 12:58:52 +03:00
1379ce0708
Merge branch 'loki-update-config' into 'master'
...
loki: pull changes made to loki.yml on live
See merge request archlinux/infrastructure!585
2022-06-08 09:58:21 +00:00
3d1b95ee24
loki: increase split_queries_by_interval to 24h
...
The cloud server running Loki isn't powerful enough to do aggressive
query splitting; it makes queries execute slower and generates a lot
more queries, resulting in "too many outstanding requests" in recent
Loki versions. (Maybe a bug?)
2022-06-07 23:55:22 +03:00
f73b1657fe
loki: set server.log_level to "warn"
...
The default log level is "info" which logs too much to the journal.
2022-06-07 01:21:34 +03:00
6a3410a8f0
loki: set common.instance_addr to 127.0.0.1
...
Since upgrading to Loki 2.5, the query frontend was trying to connect to
the wireguard address instead of 127.0.0.1. This appears to be caused by
upstream commit c0bec07e0de1a23cb72e8834069 ("Loki: Implement common net
interface/instance addr") which now defaults to "" instead of 127.0.0.1.
2022-06-07 00:05:47 +03:00
a9988b6c67
loki: disable usage reporting
...
Doubt the Loki team is interested in our usage data, and it's also a
risk to the confidentiality of our logs (even though it's anonymous).
2022-06-07 00:05:47 +03:00
90023f025e
loki: bump storage schema to v12
...
< wCPO> foutrelis: v12 fixes the "all chunks in the same directory"-issue
2022-06-06 23:25:14 +03:00
e586a80f44
loki: lower log retention period to 1 month
...
One month of logs is about 40G and suffices for our log retrieval needs.
2022-06-06 23:25:13 +03:00
e810787c48
Update to latest archweb
2022-06-06 17:12:29 +02:00
aa5d9ebbfa
gluebuddy: allow jelle to release and allow le bots
2022-06-06 16:40:56 +02:00
221be745df
matrix: Update synapse to 1.60.0
2022-06-05 20:07:03 +02:00
d285d1dfd3
matrix: Update badwords
2022-06-05 20:07:03 +02:00
efdad1a3d7
common: pacman.conf: remove nonexistent cache dirs
...
Other than avoiding the conditional logic there's no reason to specify
/srv/ftp/pool/{packages,community} as additional cache directories for
all servers.
Restoring the default CacheDir value on machines without a local mirror
allows us to use pacdiff to perform a three-way merge of the few config
files which are easier to rebase this way.
2022-06-05 01:12:43 +03:00
8c680c2d66
grafana: rebase grafana.ini to grafana 8.5.4-1
2022-06-04 16:14:07 +03:00
e232a1dee4
flyspray: bump to commit adding a simple bot check
...
Nothing fancy, just something to prevent automated form submissions.
2022-06-03 17:40:14 +03:00
65cd5156e9
Merge branch 'archwiki-LocalSettings.php' into 'master'
...
archwiki: merge LocalSettings.archlinux.org.php from the archwiki git repo into LocalSettings.php.j2
See merge request archlinux/infrastructure!516
2022-06-03 10:41:18 +00:00
5994607390
archwiki: merge LocalSettings.archlinux.org.php from the archwiki git repo into LocalSettings.php.j2
...
Merge https://github.com/lahwaacz/archlinux-mediawiki/blob/cache/LocalSettings.archlinux.org.php .
There is no need to separate these files since LocalSettings.archlinux.org.php is only used by ArchWiki.
Keeping it all in one file provides a clearer view of what options are actually set.
Related to https://github.com/archlinux/archwiki/pull/31 .
2022-06-03 13:30:19 +03:00
563b8de274
Sort geo mirrors in hosts and take asia off for now
...
asia.mirror.pkgbuild.com has been offline for 12 days so far while we
wait for a NIC replacement. Should have taken it out of DNS NS duties
earlier but better late than never.
2022-05-29 23:42:26 +03:00
c0909e9b0b
Rescale mailman3 from cx11 to cx21
...
It needs the extra RAM.
2022-05-29 23:41:52 +03:00
2a74897bfb
Add Vagrant Cloud account
...
Vagrant Cloud has been used for years by arch-boxes[1] for publishing
Vagrant boxes. Access to the organization[2] was handed out to a few
members of the DevOps team and the creator of the organization
(arch-boxes maintainer at the time).
With this commit the control of the organization is handed over to the
DevOps team through a new Vagrant Cloud account.
[1] https://gitlab.archlinux.org/archlinux/arch-boxes
[2] https://app.vagrantup.com/archlinux/
2022-05-29 21:20:06 +02:00
e375eb0cac
mailman3: Add missing mailman-hyperkitty.cfg.j2 file
...
Fixes: 9294828f
2022-05-29 19:23:04 +02:00
363160e3e6
archwiki: Update to 1.37.2-2
...
Tweaking access to the abuse filter[1].
[1] https://github.com/archlinux/archwiki/pull/52
2022-05-27 15:28:04 +02:00
62b9d97759
Merge pull request https://github.com/archlinux/archwiki/pull/52 from nl6720/abusefilter-cosysop
...
LocalSettings: allow only sysops and cosysops to view public abuse filters and logs
2022-05-27 15:13:33 +02:00
4fd89de701
Merge branch 'alertmanager-remove-gitlab-integration' into 'master'
...
alertmanager: remove GitLab webhook integration
See merge request archlinux/infrastructure!578
2022-05-25 09:55:56 +00:00
10772376e3
alertmanager: remove GitLab webhook integration
...
Nobody uses this for alert management and we also have Grafana showing
the alerts now.
2022-05-25 12:38:48 +03:00
8472c7cfe7
alertmanager: send resolved notifications by email
2022-05-25 11:58:19 +03:00
96f37bd541
ci: completely remove "vars_files:" from playbooks
...
Removing just the list of vaulted var files triggers a schema violation.
2022-05-21 15:49:43 +03:00
c1bf72d2e6
install_arch: set file permissions in get_url call
...
Addresses the following ansible-lint warning:
risky-file-permissions: File permissions unset or incorrect.
roles/install_arch/tasks/main.yml:50
2022-05-21 15:31:35 +03:00
ce98a0261f
Fix schema violations in custom task environments
...
As reported by ansible-lint 6.2.1:
schema: [{'PYTHONPATH': '.'}] is not of type 'object' (schema[tasks])
roles/aurweb/tasks/main.yml:1
schema: [{'SHELL': '/bin/bash'}] is not of type 'object' (schema[tasks])
roles/dbscripts/tasks/main.yml:1
2022-05-21 15:28:31 +03:00
26ad410696
Adjust skip_list for ansible-lint 6.2.0 yaml rules
...
The "line-length" and "braces" rules are now named "yaml[line-length]"
and "yaml[braces]" respectively.
https://github.com/ansible/ansible-lint/pull/2148
2022-05-21 13:57:27 +03:00
656fc4bbfe
matrix: Restart mjolnir on failure
...
With a delay of 30 seconds. Reduce the sleep hack in pantalaimon from 30
to 10 seconds. Hopefully this is going to bring it up reliably.
2022-05-20 19:40:58 +02:00
d810bd8398
matrix: Update mjolnir to v1.4.2
2022-05-20 19:33:31 +02:00
8b9277d5a4
matrix: Update synapse to 1.59.1
2022-05-20 19:28:47 +02:00
395af17ed7
Merge branch 'dovecot-enable-duplicate-sieve-ext' into 'master'
...
dovecot: enable the duplicate Sieve extension
See merge request archlinux/infrastructure!576
2022-05-17 21:01:53 +02:00
c379884be0
dovecot: enable the duplicate Sieve extension
...
Useful for preventing message duplication when the recipient is also
part of an alias included in Cc (e.g. foutrelis@ + infrastructure@).
2022-05-17 18:28:59 +03:00
35927e41d2
Merge branch 'borg-compact-after-prune' into 'master'
...
borg_client: run compact after pruning on borg 1.2
See merge request archlinux/infrastructure!577
2022-05-17 15:26:10 +00:00
17927c9aa4
borg_client: run compact after pruning on borg 1.2
...
Only doing this on the Hetzner storage box for now; waiting for
rsync.net to upgrade to borg 1.2 so we can enable it there too.
2022-05-17 18:20:51 +03:00
f6e6611645
mailman: Redirect to the ml3 list pages instead of the archives
2022-05-16 22:46:04 +02:00
a9d48ad8ed
mta_sts: Use CRLF line terminators per the RFC[1]
...
[1] https://datatracker.ietf.org/doc/html/rfc8461#section-3.2
2022-05-16 22:46:01 +02:00
eac26bfc98
Bump MTA STS id to invalid cache
...
Fixes: 0b87cbfd
2022-05-16 22:45:58 +02:00
733a2133b5
geo_dns: add option to set NS TTL for geo domains
...
Ansible side of commit 5007c1a85e
2022-05-16 15:46:43 +03:00
5007c1a85e
tf-stage1: allow setting the NS TTL of geo domains
...
When adding a new geo domain or doing other testing, we would want to
use a low TTL to allow for making quick changes to the configuration.
2022-05-16 14:20:55 +03:00
bb00082411
mailman: Second batch of mailman3 migrated lists
...
arch-dev
arch-devops
arch-dev-public
arch-mirrors
arch-mirrors-announce
arch-multilib
arch-ports
arch-proaudio
arch-projects
arch-releng
arch-tu
arch-women
staff
2022-05-15 23:09:05 +02:00
0b87cbfd06
mta_sts: Switch to enforce mode and bump max_age to 30 days
...
Checking the SMTP TLS reports, the last failure was 2021-12-10/11 from
Mail.ru and 2021-08-28/29 from Google.
Bumping the max_age to 30 days as the RFC states: "To mitigate the risks
of attacks at policy refresh time, it is expected that this value
typically be in the range of weeks or greater."[1].
[1] https://datatracker.ietf.org/doc/html/rfc8461
2022-05-15 15:39:52 +02:00
d9b3b218e5
mailman3: Don't run gatenews timer
...
It is run as part of the nntp runner now[1].
[1] https://gitlab.com/mailman/mailman/-/merge_requests/895
2022-05-14 23:41:43 +02:00
5fb9ff2099
Merge branch 'mailman3' into 'master'
...
Setup mailman3 server
See merge request archlinux/infrastructure!437
2022-05-14 22:58:03 +02:00
d1c23d5d96
Update host keys for mailman3.archlinux.org
...
The server has been reimaged to be sure the playbook and roles work as
intended.
2022-05-14 22:52:16 +02:00
73b4e4f04f
mailman: First batch of mailman3 migrated lists
...
arch-announce
arch-devops-private
arch-events
arch-wiki-admins
2022-05-14 22:52:12 +02:00
5d0c9d3b73
mailman: Add map for redirecting migrated lists to the ml3 interface
2022-05-14 22:52:09 +02:00
Evangelos Foutras
Jelle van der Waa
Jan Alexander Steffens (heftig)
nl6720
Kristian Klausen
Jelle van der Waa