mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-22 05:50:39 +02:00
Code Issues
4,150 Commits 29 Branches 0 Tags 20 MiB
f45c7dfdae
Commit Graph

337 Commits

Author SHA1 Message Date
Evangelos Foutras
f45c7dfdae
Give artafinde access to the AUR server 
Recently added to the aurweb project as Developer, access to the server
hosting the AUR should provide him more opportunity for troubleshooting.
 2022-08-01 16:51:50 +03:00
kpcyrd
72e7b0f3aa Add kpcyrd to multilib group 2022-07-05 16:09:49 +02:00
Kristian Klausen
b151af1e0d
Give artafinde access to the mailman servers 
artafinde wants to help with the mailman3 migration[1], so give him
access to the mailman servers.

[1] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/59
 2022-06-22 21:18:42 +02:00
Kristian Klausen
607ce5d336
Offboard fukawi2 as support staff (forum admin) 
Ref #456
 2022-06-16 00:40:30 +02:00
Evangelos Foutras
68534b7f0f
Remove the three dashes from all vaulted YAML files 
Extend the removal of the dashes from unencrypted YAML documents to
encrypted ones as well.

Fixes: a9e0790f53 ("Remove the three dashes from all YAML documents")
 2022-06-13 01:34:52 +03:00
Evangelos Foutras
a9e0790f53
Remove the three dashes from all YAML documents 
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
 2022-06-08 14:35:45 +03:00
Evangelos Foutras
733a2133b5
geo_dns: add option to set NS TTL for geo domains 
Ansible side of commit 5007c1a85e ("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
 2022-05-16 15:46:43 +03:00
Kristian Klausen
9294828f15
Setup mailman3 server 
We want to migrate to mailman3 as mailman2 is basically unmaintained and
requires Python 2 which is EOL.

Because the mailman and mailman3 packages conflict and we don't want to
perform a big bang migration, mailman3 must be deployed on a separate
server. mailman-web (mailman3's web interface) hasn't been packaged yet,
so for now we are using my homebrewed PKGBUILD[1].

[1] https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e

Ref #59
 2022-05-14 22:51:59 +02:00
Evangelos Foutras
afb582b108
geomirror: extract acme dns challenge into new role 
- add the new role to redirect.archlinux.org
- release mirror.pkgbuild.com of all DNS duties
 2022-05-14 14:22:32 +03:00
Evangelos Foutras
d6a10825bf
Fix var-spacing issues reported by ansible-lint 6.1.0 2022-05-12 08:09:52 +03:00
Leonidas Spyropoulos
81eb0a30b4
prometheus_exporters: add gitlab-exporter to gitlab 
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
 2022-05-09 14:29:35 +01:00
Kristian Klausen
4c6203e727
Onboard artafinde as Junior DevOps 
artafinde is our new newest Junior DevOp[1] and will get access to:
* monitoring.al.org: for setting up gitlab-exporter[1]
* gitlab.al.org: for setting up gitlab-exporter[1]
* dashboards.al.org: in case he wants to do more monitoring related
  stuff

[1] https://lists.archlinux.org/pipermail/arch-devops/2022-May/000558.html
[2] https://gitlab.archlinux.org/artafinde/gitlab-exporter/

Fix #452
 2022-05-07 18:41:05 +02:00
Evangelos Foutras
375a781611
Re-encrypt all default vaults with a new password 2022-05-07 17:45:19 +03:00
Evangelos Foutras
b264a2f67e
Remove unused vaults and obsolete secrets 
- group_vars/all/vault_mariadb.yml: remove 'zabbix' database user
- misc/vaults/additional-credentials.vault: remove zabbix irc bot
- roles/dbscripts/tasks/main.yml: drop unused tier0 mirror access
 2022-05-07 17:45:19 +03:00
Evangelos Foutras
b4d60ae2f6
Move highly sensitive secrets to new "super" vault 
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
 2022-05-07 17:45:19 +03:00
Evangelos Foutras
cecfd92edf
archusers: preserve SSH keys of svn-* user accounts 
These were previously removed temporarily and re-created several minutes
later during the process of deploying archusers to gemini.archlinux.org.
 2022-05-07 17:42:05 +03:00
Kristian Klausen
fd28fffb4c
Onboard sudoforge as TU 
Ref #448
 2022-04-12 01:26:35 +02:00
Kristian Klausen
56070a4ef5
Onboard torxed as project maintainer 
Fix #441
 2022-04-10 22:32:52 +02:00
Kristian Klausen
10042c5993
Offboard ronald as TU/dev 
Ref #439
 2022-04-09 19:43:01 +02:00
Kristian Klausen
743c700943
Offboard schuay as TU 
Fix #446
 2022-04-09 19:26:28 +02:00
Kristian Klausen
e0e5255216
Allow Alad access to homedir.archlinux.org 
Access to homedir is opt-in for support staff.

Fix #447
 2022-04-09 18:04:05 +02:00
Jelle van der Waa
1a4a742ee4
Prepare Security Tracker SSO configuration 
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
 2022-04-05 02:15:10 +02:00
Jelle van der Waa
8a1bfa643b
allow alex access to multilib 2022-03-29 12:35:38 +02:00
Kristian Klausen
e87ef99262 Onboard kevr as project maintainer 
Fix #438
 2022-02-26 15:44:40 +01:00
Evangelos Foutras
03600a8cc4
Place borg host vaults under host_vars/localhost/ 
Kind of sensitive information that doesn't need to be available to all
hosts.
 2022-02-26 11:08:30 +02:00
Giancarlo Razzolini
092ae06079
archusers: Make foxboron a dev 
After the promotion of foxboron to dev, we have changed his role on archusers
and ran the playbook against the machines.
 2022-02-16 13:08:11 -03:00
Kristian Klausen
7eda011d4a
Onboard Neitsab as wiki maintainer 
Fix #433
 2022-02-09 22:28:43 +01:00
Kristian Klausen
2097466b5a
Onboard Edh as wiki maintainer 
Fix #430
 2022-02-09 22:28:39 +01:00
Kristian Klausen
d41bd003f0
Onboard wiki maintainers (Kewl, Det, Skydiver, Flyingpig) 
Fix #426, #427, #428 and #429.
 2022-02-09 22:28:36 +01:00
Jan Alexander Steffens (heftig)
f77db02d6b
matrix: Update mjolnir settings 2022-02-08 22:02:09 +01:00
Sven-Hendrik Haase
a446df726b
Make freswa dev 2022-02-07 12:26:30 +01:00
Kristian Klausen
2ea01eb2f0 Onboard BrainDamage as IRC Op 
Fix #436
 2022-02-03 22:06:01 +01:00
Jelle van der Waa
22b3ebb863
Implement gluebuddy role 2022-01-21 10:43:10 +01:00
Jelle van der Waa
1160eb68e4
Add gluebuddy client 
The gluebuddy client is required for gluebuddy to retrieve users and
groups membership without being able to change other keycloak data. The
realm-management roles cannot be assigned yet via keycloak as it does
not know about the roles and realm-management client.
 2022-01-21 10:30:05 +01:00
Jelle van der Waa
feca81ef79
Onboard Segaja 
Issue: #442
 2021-12-20 22:44:03 +01:00
Jelle van der Waa
cff430ecc8
Onboard artafinde as new TU 
Issue: #420
 2021-12-03 13:08:01 +01:00
Jelle van der Waa
171467657c
JGC resigned 
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
 2021-12-03 08:49:02 +01:00
Jelle van der Waa
462b767ac2 Eschwartz resigned as TU, Staff 2021-12-01 09:55:47 +00:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration 
New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.
 2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig)
79f2b57be3
Revert "matrix: Fix bridge configuration" 
This was a regression which has been fixed upstream.

This reverts commit 67e7677ee4.
 2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig)
67e7677ee4
matrix: Fix bridge configuration 
We're no longer allowed to reserve formerly used namespaces.
 2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig)
89f40f707e
matrix: Extend and move the auto-joined rooms into the vault 2021-10-05 21:02:39 +02:00
Kristian Klausen
d70d47d944
Offboard cesura 
Ref #396
 2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig)
78cd1dd567
matrix: Update bridged rooms 2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig)
1278707cf2
matrix: Update badwords 2021-08-26 19:24:03 +02:00
Kristian Klausen
847337407b
Onboard alex19ep as new TU 
Ref #388
 2021-08-13 20:41:44 +02:00
Jelle van der Waa
f93b995992
Remove unused groups from archusers 
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
 2021-08-12 21:12:47 +02:00
Jelle van der Waa
ad99a86bae
Offboard alad as TU 
Closes: #389
 2021-08-12 21:10:14 +02:00
Kristian Klausen
3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host 
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
 2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig)
caa81be756
matrix: Use Bearer authentication for metrics 
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
 2021-07-31 01:48:50 +02:00