mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-06-03 18:16:04 +02:00
Code Issues
4,064 Commits 23 Branches 0 Tags 17 MiB
Commit Graph

27 Commits

Author SHA1 Message Date
Evangelos Foutras a9e0790f53
Remove the three dashes from all YAML documents 
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
 2022-06-08 14:35:45 +03:00
Evangelos Foutras b4d60ae2f6
Move highly sensitive secrets to new "super" vault 
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
 2022-05-07 17:45:19 +03:00
Kristian Klausen 7da1e273fc Cleanup tools 
Fix #392
 2021-10-02 14:45:02 +02:00
Jan Alexander Steffens (heftig) 481033af57
matrix: Update synapse to 1.40.0 2021-08-10 21:49:51 +02:00
Kristian Klausen 2304dc5caa Split the postfix role into a role for mail.a.o and the clients 
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.

[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
 2021-07-16 20:02:05 +02:00
Kristian Klausen 664deb67ab WireGuard all hosts 
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
 2021-07-06 20:58:15 +00:00
Jan Alexander Steffens (heftig) 652185f380
matrix: Retune memory use a bit 
Give more memory to the apps and less to postgres.
 2021-06-01 18:44:21 +02:00
Kristian Klausen 7235e726d6
Implement centralized logging 
Fix #263
 2021-04-08 20:33:43 +02:00
Kristian Klausen b941a133fb Remove unbound from most systems 
unbound is only used if dns_servers is explicit set to 127.0.0.1, which
isn't the case for any of these systems.

Fix #234
 2021-04-07 20:01:39 +00:00
Jan Alexander Steffens (heftig) 458217f45d
matrix: Raise postgres_effective_cache_size 
Seems we run at about 5GB of cache. Let postgres assume it gets 4GB.
 2020-12-12 13:36:41 +01:00
Jan Alexander Steffens (heftig) a631466739
matrix: Retune PostgreSQL again 
Bump the mem settings higher again, now that we know they're not the
cause. Also increase the maximum connection count.
 2020-12-12 12:51:54 +01:00
Jan Alexander Steffens (heftig) c7e3446bae
postgres: Set `jit = off` on matrix.archlinux.org 
This seems to be the cause for our memory leak.

https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
 2020-12-12 12:51:53 +01:00
Jan Alexander Steffens (heftig) c12ce1ab1f
matrix: Reduce postgres_maintenance_work_mem 
Still seeing PostgreSQL session processes eating over 600M of private
memory. What's going on?
 2020-12-08 17:51:33 +01:00
Jelle van der Waa 5aacd09f12
Monitor all hosts with prometheus 2020-11-21 22:13:31 +01:00
Jan Alexander Steffens (heftig) f5667a0ff2
matrix: Adjust PostgreSQL tuning some more 
Less work_mem because this explodes easily. It's per-operation, which a
query can have multiple of, and also across multiple worker threads.

More shared_buffers and effective_cache_size as these are global.
 2020-11-14 00:47:05 +01:00
Jan Alexander Steffens (heftig) ba1f1a5b11
matrix.archlinux.org: Reduce PostgreSQL memory usage 
It ran out of memory, with Postgres using a lot of RSS.
 2020-11-10 23:39:34 +01:00
Jelle van der Waa 1c94b5fe1e
Update playbooks for new mail server 2020-10-24 18:09:26 +02:00
Jelle van der Waa 2be002b112
Remove zabbix-agent role everywhere 
We switched for monitoring to prometheus so zabbix-agent is unwanted and
we don't want to accidently deploy it again.
 2020-09-12 17:22:09 +02:00
Frederik Schwan 04b2e3b1e0 fix E106 'Role name <role> does not match ``^[a-z][a-z0-9_]+$`` pattern' 2020-08-27 05:29:00 +00:00
Sven-Hendrik Haase fb75cf7c5c
Remove a lot of unnecessary tags that are already added by auto_tags.py 2020-06-17 06:00:22 +02:00
Jan Alexander Steffens (heftig) 293f7277ad
matrix.archlinux.org: Support sending emails again 2020-05-28 23:38:12 +02:00
Jan Alexander Steffens (heftig) 7614beee96
matrix.archlinux.org: Add fail2ban 2020-05-28 22:42:33 +02:00
Jan Alexander Steffens (heftig) 57307320cf
matrix.archlinux.org: Add more zabbix templates 2020-05-28 22:22:34 +02:00
Jan Alexander Steffens (heftig) affc74cbab
matrix: Rescale to cpx31 2020-05-07 23:18:37 +02:00
Sven-Hendrik Haase 8fda08aed6 Add offsite backup with rsync.net 2020-03-11 18:03:46 +01:00
Jan Alexander Steffens (heftig) 04b4c61ef4
Migrate matrix from soyuz to hcloud 2019-08-14 20:12:58 +02:00
Jelle van der Waa cb9287d083 add playbook for matrix.archlinux.org 2019-08-11 11:54:30 +02:00