d1cabdfa1e
rebuilderd_worker: start removing stale chroots
...
On some build failures, or perhaps when rebooting the boxes while a
build is ongoing, repro chroots can be left behind taking up space.
Add a service with a daily timer to remove week old chroots.
2022-04-15 22:06:43 +03:00
0661ade0a4
Merge branch 'geomirror-ha' into 'master'
...
Avoid single point-of-failure for our GeoIP domain
See merge request archlinux/infrastructure!553
2022-04-15 19:44:35 +02:00
93c8a172b2
geomirror: Add missing "open firewall hole" task
...
Fixes: 9f65f99c
2022-04-15 19:43:41 +02:00
aa359082aa
Avoid single point-of-failure for our GeoIP domain
...
We don't want mirror.pkgbuild.com's DNS server to be a
single-point-of-failure, so this commit adds multiple authoritative DNS
servers for the zone. The extra DNS servers are run on the geomirror
servers.
The _acme-challenge zone, used for obtaining certificates, is run solely
on mirror.pkgbuild.com's DNS server, to avoid syncing DNS records
between the servers (KISS).
2022-04-15 19:43:33 +02:00
a8720364dd
update to 2022-04-14
2022-04-14 12:15:52 +02:00
d303a4caa7
geoipupdate: download dbs on install/config change
...
We want the GeoIP databases to be ready for use by software installed
by dependant roles; run geoipupdate when it's installed or configured.
2022-04-14 02:25:47 +03:00
cc9a1b029d
Add missing newline to group_vars/geo_mirrors.yml
2022-04-13 04:46:16 +03:00
64ec52ca86
Enable certbot_dns_support for geo mirrors only
...
mirror.pkgbuild.com doesn't need it.
2022-04-13 04:20:01 +03:00
1eafe45110
Merge branch 'geomirror' into 'master'
...
Add GeoIP domain for our sponsored mirros
Closes #101
See merge request archlinux/infrastructure!522
2022-04-13 03:13:50 +02:00
9f65f99c6b
Add GeoIP domain for our sponsored mirros
...
We had a GeoIP mirror in the past based on nginx and its GeoIP module,
but it didn't perform very well, due to the high latency (asking a
central server for the package and then redirected to the closest
mirror).
One of the reasons for offering this service, is so we can relieve
mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
likely due to it being the default mirror in our Docker image. Another
reason is so we can offer a link to our arch-boxes images in libosinfo
(used by gnome-boxes, virt-install and virt-manager), with good enough
performance for most users.
This time we take a different approach and use a DNS based solution,
which means the latency penalty is only paid once (the first DNS
request). The downside is that the mirrors must have a valid certificate
for the same domain name, which makes using third-party mirrors a
challenge. So for now, we are just using the sponsored mirorrs
controlled by the DevOps team.
Fix #101
2022-04-13 03:10:09 +02:00
0e56211e4b
update for le security (django)
2022-04-12 21:39:16 +02:00
1672ce542b
Fix archlinux linux git redirect
...
It's on github not gitlab
2022-04-12 21:12:04 +02:00
fd28fffb4c
Onboard sudoforge as TU
...
Ref #448
2022-04-12 01:26:35 +02:00
8838470cf5
Shrink debuginfod volume from 100G to 25G
...
This hasn't seen much growth in the past two months and is chilling
around 13G. We can easily bump it once we have more debug packages.
2022-04-11 20:42:46 +03:00
af5d4b845e
Decommission aur-dev
...
With the PHP->Python port done[1][2], there isn't much need for aur-dev
anynmore. Most things can also be tested locally and aur-dev haven't got
any love since the port (ex: allowing the aurweb maintainers to deploy
without asking DevOps).
[1] https://lists.archlinux.org/pipermail/aur-general/2022-February/036786.html
[2] https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/525
2022-04-11 14:55:53 +02:00
8b7a231de0
grafana: rebase grafana.ini to grafana 8.4.5-2
2022-04-11 15:46:46 +03:00
56070a4ef5
Onboard torxed as project maintainer
...
Fix #441
2022-04-10 22:32:52 +02:00
e25338a14a
patchwork: update access mask for memcached socket
...
Changing it to 770 so prometheus memcached exporter can connect to it.
2022-04-10 04:25:54 +03:00
64bcb7ef80
archwiki: update access mask for memcached socket
...
Changing it to 770 so prometheus memcached exporter can connect to it.
2022-04-10 04:24:23 +03:00
e277773bd4
host_vars: update memcached_socket variables
...
This is needed for prometheus memcached exporter to work.
(AUR doesn't seem to use memcached anymore, but changed it for
consistency.)
2022-04-10 04:19:36 +03:00
46ba1356e8
Merge branch 'archwiki-captcha-question-in-codetags' into 'master'
...
archwiki/templates/LocalSettings.php.j2: place the commands in the QuestyCaptcha question inside <code> tags
See merge request archlinux/infrastructure!551
2022-04-09 22:22:19 +02:00
821690ecf2
archwiki/templates/LocalSettings.php.j2: place the commands in the QuestyCaptcha question inside <code> tags
...
This makes it more easier to distinguish the command from the rest of the text.
2022-04-09 21:06:19 +03:00
10042c5993
Offboard ronald as TU/dev
...
Ref #439
2022-04-09 19:43:01 +02:00
743c700943
Offboard schuay as TU
...
Fix #446
2022-04-09 19:26:28 +02:00
4329ec1cd9
Merge branch 'disable-gl-grafana' into 'master'
...
gitlab: Disable built-in monitoring
See merge request archlinux/infrastructure!440
2022-04-09 18:48:10 +02:00
8d44efd1d9
gitlab: Disable built-in monitoring
...
Fix #364
2022-04-09 18:47:54 +02:00
776859c0f9
Merge branch 'down-aurweb-before-clone' into 'master'
...
aurweb: down services before updating
See merge request archlinux/infrastructure!537
2022-04-09 18:31:18 +02:00
0b90132294
aurweb: down services before updating
...
Without this, we update while services are still running, and those
services depend on the AUR directory state. This commit installs
services much earlier, downs all of them, deploys out updates, then
starts them all again at the end.
Signed-off-by: Kevin Morris <kevr@0cost.org>
2022-04-09 18:26:02 +02:00
8c51c64fdd
Merge branch 'pacman_keyring_init' into 'master'
...
Pacman keyring init
Closes #383
See merge request archlinux/infrastructure!493
2022-04-09 18:21:33 +02:00
00cafde18d
install_arch: init pacman keyring on first boot
...
Creates a systemd service which executes these commands on first boot:
pacman-key --init
pacman-key --populate archlinux
Also it makes sure /etc/pacman.d/gnupg is not absent.
At last it removes /etc/machine-id to make sure systemd launches first
boot services.
2022-04-09 18:05:45 +02:00
e0e5255216
Allow Alad access to homedir.archlinux.org
...
Access to homedir is opt-in for support staff.
Fix #447
2022-04-09 18:04:05 +02:00
ad2c4934e8
Merge branch 'fix-access-to-archwiki-resources' into 'master'
...
archwiki/templates/nginx.d.conf.j2: fix access to MediaWiki extension assets
Closes #355
See merge request archlinux/infrastructure!548
2022-04-09 16:03:51 +00:00
66656abf61
archwiki/templates/nginx.d.conf.j2: fix access to MediaWiki extension assets
...
Various files in /extensions/ need to be accessible for extensions to work.
Based on example from https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx .
Fixes #355 .
2022-04-09 16:03:14 +00:00
9161b8bdb0
Merge branch 'archwiki-1.37.2-1' into 'master'
...
archwiki: Update to 1.37.2-1
See merge request archlinux/infrastructure!549
2022-04-09 17:50:48 +02:00
9d5a1b7455
archwiki: Update to 1.37.2-1
...
Upstream security and maintenance release.
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
2022-04-09 17:48:53 +02:00
a1402f7e17
Merge branch 'sec-tracker-0.12'
2022-04-05 22:36:17 +02:00
2185c9a213
security-tracker: bump to 0.12 patch release
2022-04-05 22:33:30 +02:00
9f738eb95f
tf/keycloak: make "terraform fmt --check" happy
2022-04-05 10:54:11 +03:00
fe72265a32
ci: split dependencies per job
...
Add diffutils needed for "terraform fmt --check --diff".
2022-04-05 10:48:48 +03:00
1e36109d09
Merge branch 'sec_tracker_sso'
2022-04-05 02:16:13 +02:00
1a4a742ee4
Prepare Security Tracker SSO configuration
...
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2022-04-05 02:15:10 +02:00
8a1bfa643b
allow alex access to multilib
2022-03-29 12:35:38 +02:00
594c1e3ba8
Merge branch 'archwiki-1.37.1-5' into 'master'
...
archwiki: Update to 1.37.1-5
See merge request archlinux/infrastructure!547
2022-03-28 12:21:27 +00:00
ec82146001
archwiki: Update to 1.37.1-5
2022-03-28 13:13:52 +03:00
0b9f1bf246
Merge branch 'packer-tweaks' into 'master'
...
Update packer build and use smaller BIOS boot partition
See merge request archlinux/infrastructure!546
2022-03-28 00:19:45 +00:00
ec52eb098f
Update packer build and use smaller BIOS boot partition
...
- Create packer builder in FSN1 and change image to ubuntu-20.04
- Add "use_proxy: false" to provisioner config to work around [1]
- Reduce the size of the BIOS boot partition to 1M (from 10M) [2]
- Update bootstrap_version to 2022.03.01
[1] https://github.com/hashicorp/packer-plugin-ansible/issues/69
[2] https://www.gnu.org/software/grub/manual/grub/html_node/BIOS-installation.html
2022-03-28 02:26:20 +03:00
f8b9927cc3
tf/keycloak: change saml_gitlab's name to GitLab
2022-03-25 13:29:10 +02:00
f56da53089
Merge branch 'keycloak-quarkus' into 'master'
...
keycloak: migrate to Quarkus distribution
See merge request archlinux/infrastructure!544
2022-03-25 11:28:54 +00:00
450b782c50
keycloak: remove bundled archlinux theme
...
During the migration to Quarkus distribution we switched to the
packaged version of the theme (keycloak-archlinux-theme).
2022-03-25 12:45:18 +02:00
a74054c7f1
keycloak: migrate to Quarkus distribution
2022-03-25 12:45:18 +02:00
Evangelos Foutras
Kristian Klausen
Jelle van der Waa
nl6720
Thorben GĂĽnther
Kevin Morris
Amin Vakil
Jelle van der Waa
Levente Polyak