mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-11 18:16:23 +02:00
893a95f329
With the final lists migrated to mailman3[1], the mailman2 server can finally be killed. When the mailman3 server was initially setup[2], it was done on a separate server because the mailman and mailman3 packages conflicted, and the traffic was routed over wireguard (HTTP, LMTP and SMTP). Instead of installing mailman3 on the original lists.al.org server and transferring the data, it was easier just to install the missing pieces (basically Postfix and adjusting the Nginx configuration) on the ml3 server and move the IPs (to keep the IP mail reputation). So basically the following was done: - The IPs for the original lists.al.org was moved to the mailman3.al.org server - The mailman2 datadir was transferred to mailman3.al.org server, so we can keep the pipermail links alive, and import missing mails if needed - The original lists.al.org server was decommissioned - The mailman3.al.org server was renamed to lists.al.org - The missing pieces was added to the mailman3 role (basically Postfix + Nginx adjustments) - The mailman role was deleted and the mailman3 role renamed to mailman [1]75ac7d09("mailman: Fourth and final batch of mailman3 migrated lists") [2]9294828f("Setup mailman3 server") Fix #59
53 lines
1.8 KiB
YAML
53 lines
1.8 KiB
YAML
# deploy tag 'sudo' when this changes
|
|
sudo_users:
|
|
- root
|
|
- foutrelis
|
|
- freswa
|
|
- grazzolini
|
|
- heftig
|
|
- jelle
|
|
- svenstaro
|
|
- anthraxx
|
|
- klausenbusk
|
|
|
|
# deploy tag 'root_ssh' when this changes
|
|
root_ssh_keys:
|
|
- key: foutrelis.pub
|
|
- key: freswa.pub
|
|
- key: grazzolini.pub
|
|
- key: heftig.pub
|
|
- key: jelle.pub
|
|
- key: svenstaro.pub
|
|
- key: anthraxx.pub
|
|
- key: klausenbusk.pub
|
|
- key: artafinde.pub
|
|
hosts:
|
|
- aur.archlinux.org
|
|
- dashboards.archlinux.org
|
|
- gitlab.archlinux.org
|
|
- lists.archlinux.org
|
|
- monitoring.archlinux.org
|
|
|
|
# - run 'playbooks/tasks/reencrypt-vault-{super,default}-key.yml' when this
|
|
# changes; before doing so, make sure to 'gpg --lsign-key' all listed keys
|
|
# - before committing the re-encrypted password file, test if both vaults are
|
|
# working using `ansible-vault view misc/vaults/vault_{hetzner,hcloud}.yml`
|
|
# NOTE: adding a key to this list gives access to both default and super vaults
|
|
vault_super_pgpkeys: &vault_super_pgpkeys
|
|
- 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis
|
|
- 05C7775A9E8B977407FE08E69D4C5AA15426DA0A # freswa
|
|
- ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini
|
|
- A2FF3A36AAA56654109064AB19802F8B0D70FC30 # heftig
|
|
- E499C79F53C96A54E572FEE1C06086337C50773E # jelle
|
|
- 8FC15A064950A99DD1BD14DD39E4B877E62EB915 # svenstaro
|
|
- E240B57E2C4630BA768E2F26FC1B547C8D8172C8 # anthraxx
|
|
- DB650286BD9EAE39890D3FE6FE3DC1668CB24956 # klausenbusk
|
|
|
|
# - run 'playbooks/tasks/reencrypt-vault-default-key.yml' when this changes
|
|
# - before running it, make sure to 'gpg --lsign-key' all keys listed below
|
|
# - before committing the re-encrypted password file, test that the vault
|
|
# is working by running `ansible-vault view misc/vaults/vault_hcloud.yml`
|
|
vault_default_pgpkeys:
|
|
- *vault_super_pgpkeys
|
|
- B4B759625D4633430B74877059E43E106B247368 # artafinde
|