Jelle van der Waa
f2aa4f137e
reprobuilds: add reproducible build playbook
...
Add a playbook for our reproducible builds workers. Set's up a sudo user
so that an admin of the reproducible builds project can configure the
worker.
2018-11-25 21:58:23 +01:00
Jelle van der Waa
c17a91e798
nymeria: enable mirrorresolv service
2018-11-24 12:43:24 +01:00
Florian Pritz
b331f34210
Add nginx role to luna
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-10 16:48:46 +01:00
Bartłomiej Piotrowski
eabdd4df7e
Deploy public_html on sgp
2018-10-17 13:24:00 +02:00
Phillip Smith
17b6c54b42
fix typo: signapore -> singapore
2018-09-12 17:09:05 +10:00
Jelle van der Waa
e7aa39e00b
Move commit, server, version to host_vars
2018-08-28 21:31:46 +02:00
Jelle van der Waa
12e5090ad3
Bump archweb to latest version
2018-08-28 19:41:10 +02:00
Florian Pritz
cf2b01c0d2
Fix apollo postgres ip detection and firewall generation
...
- firewall tag so that the facts exist when only firewall is run
- extract IPs from our host vars all the time. no need to query
autodetected facts
- remove empty elements from the list with select(). not all hosts have
ipv6
- fix the subnetmask for v6
- fix the postgres role configuring a v4 rule instead of v6 for a v6
address
- hardcode netmask for orion addresses too
Little bit much for one commit, but splitting it doesn't make a whole
lot of sense.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-28 15:00:57 +02:00
Phillip Smith
8d681f0040
add "firewall" tag to all relevant tasks
2018-08-17 14:56:37 +10:00
Phillip Smith
d13089e608
break postgres client ips into separate variables
...
we have to use rich rules in firewalld to restict a specific port to a list of
specific ip addresses. when using rich rules, you have to specify the address
family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4
and ipv6 addresses of the clients dynamically generated into a single variable.
so this commit creates 2 variables; one for ipv4 clients and one for ipv6
clients which can be referred to as required when creating the rich rules.
2018-08-17 10:32:35 +10:00
Phillip Smith
8c3f8bf7bb
initial commit of luna.yml playbook
2018-08-17 10:32:35 +10:00
Florian Pritz
1112c18bd1
Add ssh hostkeys list
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Florian Pritz
73ada882e2
fetch-borg-keys: Update path
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Florian Pritz
ca7875f882
Move install_arch and fetch-borg-keys playbooks to tasks subdir
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-17 10:32:10 +10:00
Phillip Smith
532d72cb1a
bring firewalld role earlier in the list
...
other roles with firewalld tasks will fail if firewalld is not installed,
enabled and started prior to them trying to run.
2018-08-17 10:32:10 +10:00
Phillip Smith
1258e6b7d1
make all firewalld changes take effect immediately
2018-08-17 10:32:10 +10:00
Florian Pritz
1e1a5ad0e5
Enable docker-image role on soyuz
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-07 19:42:13 +02:00
Jelle van der Waa
5979007db7
Add donor import systemd services/timer
2018-07-25 22:53:44 +02:00
Jelle van der Waa
a7d683d8b1
Update to pre-release
2018-07-23 22:53:13 +02:00
Jelle van der Waa
42920de032
Update archweb staging
2018-07-20 23:35:50 +02:00
Jelle van der Waa
bd39f71100
Add mirrorstatus check to archweb staging
2018-07-06 23:16:44 +02:00
Florian Pritz
2e0cd7f894
Add playbook to upload new pacman website
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-07-04 20:10:27 +02:00
Florian Pritz
8a89b4dd65
Update dbscripts to 20180603
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-07-04 09:28:46 +02:00
Florian Pritz
53dd4d6891
Configure network/dns on PIA machines
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-07-02 13:29:08 +02:00
Jelle van der Waa
e503d15f23
nymeria: update to latest archweb version
...
Added/removed RSS feeds, highlighting for selected item in list view.
2018-06-08 21:24:03 +02:00
Jan Alexander Steffens (heftig)
3bf7507695
Update soyuz' oidentd setup
...
Currently needs custom versions of quassel (for oidentd-strict) and
oidentd (for forwarding).
Expect quassel to switch to forwarding as well once their identserver
implementation lands.
2018-05-22 12:35:06 +02:00
Jelle van der Waa
6250430a61
Fix unresolved conflict
2018-05-15 20:35:09 +02:00
Jelle van der Waa
fc5758266c
archweb-dev: update staging
...
Update to konami code removed commit
2018-05-13 13:22:18 +02:00
Jelle van der Waa
26d114afd3
staging: update to latest major release
2018-05-11 21:36:39 +02:00
Jelle van der Waa
c7d18df7ee
staging: update archweb to the next pre release
2018-05-10 17:18:46 +02:00
Jelle van der Waa
74a4650fae
staging: Enable postfix for mail delivery
...
Make the mail server address configurable in Ansible for archweb, to
spot the difference between error mails on staging and production.
2018-05-10 16:54:49 +02:00
Jelle van der Waa
424ebd2eef
nymeria: use new domain for archweb staging env
2018-05-01 20:46:12 +02:00
Jelle van der Waa
3c6c145edb
Create nymeria playbook for Archweb staging
...
nymeria.archlinux.org will be a staging ground for Archweb where it can
be tested.
2018-05-01 20:46:12 +02:00
Florian Pritz
fc785c7e5a
Update dbscripts
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-04-09 09:39:24 +02:00
Florian Pritz
5b52fed9d5
playbooks/all-hosts-basic: Remove old comment regarding borg-client
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-24 20:37:33 +01:00
Bartłomiej Piotrowski
b9aac3c0eb
Use sgp.mirror as build server
2018-03-24 20:13:40 +01:00
Phillip Smith
ef9f4b831d
tag firewall with "firewall" instead of "firewalld"
2018-03-08 09:49:13 +11:00
Phillip Smith
59807399ed
initial commit of firewalld role and tasks
2018-03-06 08:46:24 +11:00
Florian Pritz
e28df1c7a1
php: Load opcache extension
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-03 15:12:28 +01:00
Giancarlo Razzolini
a40d6e1f98
Fix typo in the tags for the archwiki role
2018-03-02 22:31:22 -03:00
Giancarlo Razzolini
bf43586686
Add the archwiki role to the apollo playbook
...
Added the archwiki role to the apollo playbook and also added the intl extension to the
php-fpm role.
2018-03-02 19:57:44 -03:00
Florian Pritz
6a2f69cff2
Remove double quote of postgres_listen_addresses
...
Already quoted in the new config template.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-02 13:17:43 +01:00
Florian Pritz
6c3d7ffe06
Update dbscripts version to latest
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-02 12:45:26 +01:00
Jelle van der Waa
a2c4c9d3f4
orion: disable archweb_donor_import timer
...
A new archweb release has not been made yet with the donor import
integration.
2018-02-25 20:38:08 +01:00
Jelle van der Waa
8ec94d3e1b
Add donor import service
...
Add donor import service, which imports donors from a maildir directory
in /home/donate/. The emails are dumped using a script on orion which
calls doveadm to create a directory with exported emails.
2018-02-25 20:33:11 +01:00
Florian Pritz
ea7a38feb4
playbooks/fetch-borg-keys.yml: Encrypt keys with GPG
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-01-10 21:02:25 +01:00
Florian Pritz
13ad123a84
Add playbook to fetch borg crypto keys
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-01-02 16:38:43 +01:00
Bartłomiej Piotrowski
69a91b0574
mirrors: drop reduntant tags
2017-12-07 17:21:51 +01:00
Florian Pritz
425f4263d8
Deploy basic config on nymeria and dragon
...
Mostly interesting for root_ssh.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2017-11-20 21:32:02 +01:00
Bartłomiej Piotrowski
e5b461e31a
Add role for mirroring archlinux32
2017-11-15 12:50:32 +01:00