David Runge
b46132877f
Add additional pubkey for dvzrv
...
pubkeys/dvzrv.pub:
Add pubkey based on auth subkey of PGP key
`1793DAD5D803A8FFD7451697BB992F9864FAD168`.
2022-05-07 11:34:15 +02:00
Jan Alexander Steffens (heftig)
b0f0e2ecaa
matrix: Update synapse to 1.58.0
2022-05-04 22:00:00 +02:00
Jan Alexander Steffens (heftig)
617328d0fa
matrix: Update bridge to 0.34.0
2022-05-04 22:00:00 +02:00
Evangelos Foutras
2c57dbe67f
Merge branch 'geomirror-use-lua-records' into 'master'
...
geomirror: leverage LUA records for failover+GeoIP
See merge request archlinux/infrastructure!563
2022-04-29 17:43:22 +00:00
Evangelos Foutras
6878066d91
geomirror: bump TTL to 86400 for NS records
...
In an effort to stay consistent with the TTL used for the archlinux.org
and pkgbuild.com NS records, as well as slightly improve lookup latency.
2022-04-29 20:38:15 +03:00
Evangelos Foutras
b3ec02046d
geomirror: leverage LUA records for failover+GeoIP
...
PowerDNS provides a neat way to implement GeoIP-based redirection and
automatic failover. With GeoLite2-City database, it is able to select
the closest mirror from a list of IPs we provide. Every 60 seconds it
also checks if the mirror's HTTPS URL is working as expected; if that
check fails, it stops giving it out (this acts as automatic failover).
2022-04-29 08:10:39 +03:00
Jan Alexander Steffens (heftig)
9cdcd6e243
Merge branch 'archbuild-user-weights' into 'master'
...
archbuild: Distribute CPU and IO resources equally among users
See merge request archlinux/infrastructure!564
2022-04-28 00:08:52 +00:00
Jan Alexander Steffens (heftig)
174544ff02
archbuild: Distribute CPU and IO resources equally among users
2022-04-28 00:04:08 +02:00
Jan Alexander Steffens (heftig)
927178ad52
Merge branch 'archbuild-safe-git' into 'master'
...
archbuild: Turn off Git's safe.directory
See merge request archlinux/infrastructure!561
2022-04-27 21:53:12 +00:00
Jan Alexander Steffens (heftig)
1556d606d2
archbuild: Turn off Git's safe.directory
...
Without this setting, Git exits with an error when the repository is not
owned by the current user. This messes with our shared srcdest.
2022-04-27 23:50:52 +02:00
Evangelos Foutras
a3ca856a4b
Merge branch 'packer-bootstrap-tweaks' into 'master'
...
Packer bootstrap tweaks
See merge request archlinux/infrastructure!562
2022-04-26 06:47:06 +00:00
Evangelos Foutras
17f4b387e5
packer: change image to ubuntu-22.04
2022-04-26 03:42:23 +03:00
Evangelos Foutras
1f6cf2dfa5
install_arch: download the latest bootstrap image
2022-04-26 03:40:40 +03:00
Evangelos Foutras
d56be49d9b
install_arch: bootstrap from geo.mirror.pkgbuild.com
2022-04-26 03:36:30 +03:00
Evangelos Foutras
60fb4494fa
tf-stage1: version bump of terraform providers
...
New hcloud adds protection fields to servers, volumes and floating IPs.
2022-04-23 03:28:28 +03:00
Jelle van der Waa
3091229887
Update for ipxe package issue
2022-04-22 09:07:16 +02:00
Evangelos Foutras
d06e781fd4
gitlab: run gitlab-cleanup daily instead of weekly
...
Since we are now using the local disk instead of a volume (which can be
scaled up easily) it helps to have a more consistent view of free space.
2022-04-21 01:18:12 +03:00
Evangelos Foutras
bdf965475a
postgres: pg_hba.conf: switch to scram-sha-256
...
All database user passwords have been updated to use scram-sha-256, so
there's no need for backward compatibility with md5.
2022-04-21 00:03:27 +03:00
Evangelos Foutras
e10f289346
Merge branch 'pg_upgrade-tweaks' into master
2022-04-20 23:09:54 +03:00
Evangelos Foutras
fd6d8a836a
postgres: upgrade_pg: run vacuumdb after upgrading
...
Also remove the suggestion to call delete_old_cluster.sh; it's now being
created under /tmp and it only contains a command to remove the old data
directory. (We can do the latter ourselves after some time has passed.)
2022-04-20 23:03:15 +03:00
Evangelos Foutras
ac3665bd6c
postgres: upgrade_pg: pin postgresql-old-upgrade
...
Ensure the correct version is installed and matches $FROM_VERSION.
2022-04-20 23:03:15 +03:00
Evangelos Foutras
be39d7ff21
postgres: upgrade_pg: bump major version to 14
2022-04-20 23:03:15 +03:00
Evangelos Foutras
ea9fe76820
postgres: upgrade_pg: drop call to analyze_new_cluster.sh
...
Commit 8f113698b63b15a4e0a4b15d3ee37238c1d1821d upstream:
Remove analyze_new_cluster script from pg_upgrade
Since this script just runs vacuumdb anyway, remove the script and
replace the instructions to run it with instructions to run vacuumdb
directly.
2022-04-20 23:03:15 +03:00
Evangelos Foutras
40c2ca4ea8
postgres: upgrade_pg: copy config from old cluster
...
Not much point in vimdiff'ing pg_hba.conf and postgresql.conf.
2022-04-20 23:03:15 +03:00
Evangelos Foutras
3eb8354121
postgres: keep root ownership of /var/lib/postgres
...
Adapt upgrade_pg.sh to avoid manipulating /var/lib/postgres' structure
as the postgres user. Instead, create a new empty data directory owned
by postgres for initdb to use.
2022-04-20 23:03:14 +03:00
Evangelos Foutras
58c8c86e8a
Merge branch 'rebase-postgres-config-to-v14.2' into 'master'
...
postgres: rebase config to postgresql 14.2-1
See merge request archlinux/infrastructure!560
2022-04-20 19:53:21 +00:00
Evangelos Foutras
338f2c29a4
postgres: rebase config to postgresql 14.2-1
2022-04-20 22:52:42 +03:00
Evangelos Foutras
8f563bb43b
Add {matrix,md}.archlinux.org to [postgresql_servers]
...
Also alphabetically sort the servers in this group.
2022-04-20 22:43:51 +03:00
Kristian Klausen
c8e88c4723
README: Configure terraform to verify postgres's SSL certificate
...
The default sslmode is require which doesn't protect against MITM
attacks (the certificate isn't verified). The different modes are
explained here [1].
[1] https://www.postgresql.org/docs/current/libpq-ssl.html
2022-04-20 20:08:34 +02:00
Evangelos Foutras
f0a0060c62
postgres: fix letsencrypt renewal hook
...
It was using a nonexistent target path when copying the renewed cert and
was not reloading postgresql.service in order for it to reload the certs.
2022-04-20 19:32:14 +03:00
Jan Alexander Steffens (heftig)
343a141e9f
Merge branch 'synapse-pg-locale' into 'master'
...
matrix: use C locale for the synapse database
See merge request archlinux/infrastructure!559
2022-04-20 10:21:12 +00:00
Evangelos Foutras
0458256196
matrix: use C locale for the synapse database
...
Synapse needs the database to be in C locale. Since v1.56.0, it refuses
to start when this is not the case, see [upgrade.md][1].
[1]: https://github.com/matrix-org/synapse/blob/v1.56.0/docs/upgrade.md#change-in-behaviour-for-postgresql-databases-with-unsafe-locale
2022-04-20 13:06:14 +03:00
Jan Alexander Steffens (heftig)
2c681a3517
matrix: Update bridge to 0.33.1
2022-04-19 22:24:55 +02:00
Jan Alexander Steffens (heftig)
342239b7ee
matrix: Update synapse to 1.57.0
2022-04-19 22:23:54 +02:00
Evangelos Foutras
17024ba287
Remove gitlab volume
...
/srv/gitlab has been moved to local (NVMe SSD) storage; hopefully it
won't grow too large and thus require transferring back to a volume.
2022-04-19 11:44:12 +03:00
Evangelos Foutras
1dd3584778
Merge branch 'trim-json_reduced-log-format' into 'master'
...
nginx: remove a few fields from json_reduced
See merge request archlinux/infrastructure!557
2022-04-18 21:31:56 +00:00
Evangelos Foutras
bb65a79ffa
nginx: remove a few fields from json_reduced
...
This brings it in line with the non-JSON "reduced" log format.
2022-04-19 00:30:52 +03:00
Evangelos Foutras
dc9167d990
Merge branch 'monitor-geomirror-dns' into 'master'
...
prometheus: monitor geomirror nameservers
See merge request archlinux/infrastructure!556
2022-04-18 18:38:17 +00:00
Evangelos Foutras
f799573ba4
prometheus: monitor geomirror nameservers
...
Ensure all the nameservers serving the geo.mirror.pkgbuild.com subzone
are working and respond with a valid resource record to A/AAAA queries.
2022-04-18 19:56:10 +03:00
Evangelos Foutras
cb46ae26b1
prometheus: rearrange http_prometheus conditionals
2022-04-18 13:50:03 +03:00
Evangelos Foutras
22aee43650
prometheus: restrict vhost handling to http_prometheus
...
Makes prometheus.yml less noisy and doesn't break when non-vhost
mappings are added to blackbox_targets.
2022-04-18 06:05:28 +03:00
Evangelos Foutras
a1cc586d23
prometheus: place target list before vhost label
2022-04-18 03:57:28 +03:00
Evangelos Foutras
2cfecbb583
prometheus: prometheus.yml: whitespace overhaul
...
Make sure lists are indented correctly and enable lstrip_blocks to get
consistent indendation of lines inside Jinja blocks.
2022-04-18 03:47:34 +03:00
Kristian Klausen
75f90dbf84
Merge branch 'geomirror-monitoring' into 'master'
...
prometheus: Monitor all the mirrors backing our GeoIP mirror
Closes #443
See merge request archlinux/infrastructure!555
2022-04-17 22:09:00 +02:00
Kristian Klausen
7087c9f4ec
prometheus: Monitor all the mirrors backing our GeoIP mirror
...
Monitoring just geo.mirror.pkgbuild.com would only monitor the mirror
returned for that geographical area, with this commit we monitor all the
potential returned mirrors.
Co-authored-by: Evangelos Foutras <evangelos@foutrelis.com>
Fix #443
2022-04-17 22:06:44 +02:00
Kristian Klausen
c8bdbedb1a
Merge branch 'arch-boxes-sync-latest' into 'master'
...
arch_boxes_sync: Create predictable symlinks for latest image files
See merge request archlinux/infrastructure!552
2022-04-16 21:18:09 +02:00
Kristian Klausen
2e799bd185
arch_boxes_sync: Create predictable symlinks for latest image files
...
This is needed so we can provide stable links for libosinfo (used by
gnome-boxes, virt-install and virt-manager for easy installation).
2022-04-16 21:16:52 +02:00
Evangelos Foutras
a48f4625b5
syncrepo: add X-Served-By header to geo mirrors
...
Potentially useful to quickly know which mirror we're talking to.
2022-04-16 16:07:59 +03:00
Evangelos Foutras
a6c56d65a9
rebuilderd_worker: clean the package cache as well
...
Using paccache for this which keeps up to 3 versions per package, and
also instructing it to keep any packages accessed in the past 2 weeks.
2022-04-16 03:38:08 +03:00
Evangelos Foutras
9512d912b8
Merge branch 'remove-stale-repro-chroots' into 'master'
...
rebuilderd_worker: start removing stale chroots
See merge request archlinux/infrastructure!554
2022-04-15 21:00:03 +00:00