Evangelos Foutras
f45c7dfdae
Give artafinde access to the AUR server
...
Recently added to the aurweb project as Developer, access to the server
hosting the AUR should provide him more opportunity for troubleshooting.
2022-08-01 16:51:50 +03:00
kpcyrd
72e7b0f3aa
Add kpcyrd to multilib group
2022-07-05 16:09:49 +02:00
Kristian Klausen
b151af1e0d
Give artafinde access to the mailman servers
...
artafinde wants to help with the mailman3 migration[1], so give him
access to the mailman servers.
[1] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/59
2022-06-22 21:18:42 +02:00
Kristian Klausen
607ce5d336
Offboard fukawi2 as support staff (forum admin)
...
Ref #456
2022-06-16 00:40:30 +02:00
Evangelos Foutras
68534b7f0f
Remove the three dashes from all vaulted YAML files
...
Extend the removal of the dashes from unencrypted YAML documents to
encrypted ones as well.
Fixes: a9e0790f53
("Remove the three dashes from all YAML documents")
2022-06-13 01:34:52 +03:00
Evangelos Foutras
a9e0790f53
Remove the three dashes from all YAML documents
...
These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
2022-06-08 14:35:45 +03:00
Evangelos Foutras
733a2133b5
geo_dns: add option to set NS TTL for geo domains
...
Ansible side of commit 5007c1a85e
("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
2022-05-16 15:46:43 +03:00
Kristian Klausen
9294828f15
Setup mailman3 server
...
We want to migrate to mailman3 as mailman2 is basically unmaintained and
requires Python 2 which is EOL.
Because the mailman and mailman3 packages conflict and we don't want to
perform a big bang migration, mailman3 must be deployed on a separate
server. mailman-web (mailman3's web interface) hasn't been packaged yet,
so for now we are using my homebrewed PKGBUILD[1].
[1] https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e
Ref #59
2022-05-14 22:51:59 +02:00
Evangelos Foutras
afb582b108
geomirror: extract acme dns challenge into new role
...
- add the new role to redirect.archlinux.org
- release mirror.pkgbuild.com of all DNS duties
2022-05-14 14:22:32 +03:00
Evangelos Foutras
d6a10825bf
Fix var-spacing issues reported by ansible-lint 6.1.0
2022-05-12 08:09:52 +03:00
Leonidas Spyropoulos
81eb0a30b4
prometheus_exporters: add gitlab-exporter to gitlab
...
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
2022-05-09 14:29:35 +01:00
Kristian Klausen
4c6203e727
Onboard artafinde as Junior DevOps
...
artafinde is our new newest Junior DevOp[1] and will get access to:
* monitoring.al.org: for setting up gitlab-exporter[1]
* gitlab.al.org: for setting up gitlab-exporter[1]
* dashboards.al.org: in case he wants to do more monitoring related
stuff
[1] https://lists.archlinux.org/pipermail/arch-devops/2022-May/000558.html
[2] https://gitlab.archlinux.org/artafinde/gitlab-exporter/
Fix #452
2022-05-07 18:41:05 +02:00
Evangelos Foutras
375a781611
Re-encrypt all default vaults with a new password
2022-05-07 17:45:19 +03:00
Evangelos Foutras
b264a2f67e
Remove unused vaults and obsolete secrets
...
- group_vars/all/vault_mariadb.yml: remove 'zabbix' database user
- misc/vaults/additional-credentials.vault: remove zabbix irc bot
- roles/dbscripts/tasks/main.yml: drop unused tier0 mirror access
2022-05-07 17:45:19 +03:00
Evangelos Foutras
b4d60ae2f6
Move highly sensitive secrets to new "super" vault
...
The idea bebind this is to be able to give vault access to new DevOps
members without giving away more important credentials like Hetzner's.
2022-05-07 17:45:19 +03:00
Evangelos Foutras
cecfd92edf
archusers: preserve SSH keys of svn-* user accounts
...
These were previously removed temporarily and re-created several minutes
later during the process of deploying archusers to gemini.archlinux.org.
2022-05-07 17:42:05 +03:00
Kristian Klausen
fd28fffb4c
Onboard sudoforge as TU
...
Ref #448
2022-04-12 01:26:35 +02:00
Kristian Klausen
56070a4ef5
Onboard torxed as project maintainer
...
Fix #441
2022-04-10 22:32:52 +02:00
Kristian Klausen
10042c5993
Offboard ronald as TU/dev
...
Ref #439
2022-04-09 19:43:01 +02:00
Kristian Klausen
743c700943
Offboard schuay as TU
...
Fix #446
2022-04-09 19:26:28 +02:00
Kristian Klausen
e0e5255216
Allow Alad access to homedir.archlinux.org
...
Access to homedir is opt-in for support staff.
Fix #447
2022-04-09 18:04:05 +02:00
Jelle van der Waa
1a4a742ee4
Prepare Security Tracker SSO configuration
...
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2022-04-05 02:15:10 +02:00
Jelle van der Waa
8a1bfa643b
allow alex access to multilib
2022-03-29 12:35:38 +02:00
Kristian Klausen
e87ef99262
Onboard kevr as project maintainer
...
Fix #438
2022-02-26 15:44:40 +01:00
Evangelos Foutras
03600a8cc4
Place borg host vaults under host_vars/localhost/
...
Kind of sensitive information that doesn't need to be available to all
hosts.
2022-02-26 11:08:30 +02:00
Giancarlo Razzolini
092ae06079
archusers: Make foxboron a dev
...
After the promotion of foxboron to dev, we have changed his role on archusers
and ran the playbook against the machines.
2022-02-16 13:08:11 -03:00
Kristian Klausen
7eda011d4a
Onboard Neitsab as wiki maintainer
...
Fix #433
2022-02-09 22:28:43 +01:00
Kristian Klausen
2097466b5a
Onboard Edh as wiki maintainer
...
Fix #430
2022-02-09 22:28:39 +01:00
Kristian Klausen
d41bd003f0
Onboard wiki maintainers (Kewl, Det, Skydiver, Flyingpig)
...
Fix #426 , #427 , #428 and #429 .
2022-02-09 22:28:36 +01:00
Jan Alexander Steffens (heftig)
f77db02d6b
matrix: Update mjolnir settings
2022-02-08 22:02:09 +01:00
Sven-Hendrik Haase
a446df726b
Make freswa dev
2022-02-07 12:26:30 +01:00
Kristian Klausen
2ea01eb2f0
Onboard BrainDamage as IRC Op
...
Fix #436
2022-02-03 22:06:01 +01:00
Jelle van der Waa
22b3ebb863
Implement gluebuddy role
2022-01-21 10:43:10 +01:00
Jelle van der Waa
1160eb68e4
Add gluebuddy client
...
The gluebuddy client is required for gluebuddy to retrieve users and
groups membership without being able to change other keycloak data. The
realm-management roles cannot be assigned yet via keycloak as it does
not know about the roles and realm-management client.
2022-01-21 10:30:05 +01:00
Jelle van der Waa
feca81ef79
Onboard Segaja
...
Issue: #442
2021-12-20 22:44:03 +01:00
Jelle van der Waa
cff430ecc8
Onboard artafinde as new TU
...
Issue: #420
2021-12-03 13:08:01 +01:00
Jelle van der Waa
171467657c
JGC resigned
...
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
2021-12-03 08:49:02 +01:00
Jelle van der Waa
462b767ac2
Eschwartz resigned as TU, Staff
2021-12-01 09:55:47 +00:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration
...
New username; separate and longer account manager + storage passwords.
Also, have to use --remote-path=borg1 when interacting with rsync.net.
2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig)
79f2b57be3
Revert "matrix: Fix bridge configuration"
...
This was a regression which has been fixed upstream.
This reverts commit 67e7677ee4
.
2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig)
67e7677ee4
matrix: Fix bridge configuration
...
We're no longer allowed to reserve formerly used namespaces.
2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig)
89f40f707e
matrix: Extend and move the auto-joined rooms into the vault
2021-10-05 21:02:39 +02:00
Kristian Klausen
d70d47d944
Offboard cesura
...
Ref #396
2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig)
78cd1dd567
matrix: Update bridged rooms
2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig)
1278707cf2
matrix: Update badwords
2021-08-26 19:24:03 +02:00
Kristian Klausen
847337407b
Onboard alex19ep as new TU
...
Ref #388
2021-08-13 20:41:44 +02:00
Jelle van der Waa
f93b995992
Remove unused groups from archusers
...
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
2021-08-12 21:12:47 +02:00
Jelle van der Waa
ad99a86bae
Offboard alad as TU
...
Closes: #389
2021-08-12 21:10:14 +02:00
Kristian Klausen
3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host
...
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig)
caa81be756
matrix: Use Bearer authentication for metrics
...
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
2021-07-31 01:48:50 +02:00