9f65f99c6b
We had a GeoIP mirror in the past based on nginx and its GeoIP module, but it didn't perform very well, due to the high latency (asking a central server for the package and then redirected to the closest mirror). One of the reasons for offering this service, is so we can relieve mirror.pkgbuild.com which is burning a ton of traffic (50TB/month), likely due to it being the default mirror in our Docker image. Another reason is so we can offer a link to our arch-boxes images in libosinfo (used by gnome-boxes, virt-install and virt-manager), with good enough performance for most users. This time we take a different approach and use a DNS based solution, which means the latency penalty is only paid once (the first DNS request). The downside is that the mirrors must have a valid certificate for the same domain name, which makes using third-party mirrors a challenge. So for now, we are just using the sponsored mirorrs controlled by the DevOps team. Fix #101
3.4 KiB
Servers
Table of contents
[[TOC]]
gemini
Services
- repos/sync (repos.archlinux.org)
- sources (sources.archlinux.org)
- archive (archive.archlinux.org)
lists.archlinux.org
Services
- mailman
archlinux.org
Services
- archweb (Arch's site)
aur.archlinux.org
Services
- aurweb
bugs.archlinux.org
Services
- flyspray
bbs.archlinux.org
Services
- bbs
phrik.archlinux.org
Services
- phrik (irc bot) users in the phrik group defined in the hosts vars and re-used the archusers role. Users in the phrik group are allowed to restar the irc bot.
state.archlinux.org
Services
- postgres server for terraform state
quassel.archlinux.org
Services
- quassel core
matrix.archlinux.org
Services
- Matrix homeserver (Synapse)
- Matrix ↔ IRC bridge
homedir.archlinux.org
Services
- ~/user/ webhost
accounts.archlinux.org
This server is special. It runs keycloak and is central to our unified Arch Linux account management world.
It has an Ansible playbook for the keycloak service but that only installs the package and starts it but it's configured via a secondary Terraform file only for keycloak keycloak.tf.
The reason for doing it this way is that Terraform support for Keycloak is much superior and it's declarative too which is great for making sure that no old config remains in the case of config changes.
So to set up this server from scratch, run:
cd tf-stage1terraform applycd ../tf-stage2terraform import keycloak_realm.master masterterraform apply
Services
- keycloak
mirror.pkgbuild.com
Services
- Regular mirror.
- Running a authoritative DNS server (PowerDNS) for our GeoIP mirror
reproducible.archlinux.org
Services
- Runs a master rebuilderd instance two workers:
- repro1.pkgbuild.com (packet.net Arch Linux box)
runner2.archlinux.org
Medium-fast-ish packet.net Arch Linux box.
Services
- GitLab runner
mail.archlinux.org
Services
- postfix (mail server)
- rspamd
- dovecot (imap)
monitoring.archlinux.org
Prometheus, Loki and Grafana server which collects performance/metrics and logs from our services and runs alertmanager.
Services
- Alertmanager
- Grafana and docs/grafana.md
- Prometheus
dashboards.archlinux.org
Prometheus, and Grafana server which receives selected performance/metrics from monitoring.archlinux.org and make them public accessible.
Services
- Grafana and docs/grafana.md
- Prometheus
patchwork.archlinux.org
Services
- patchwork
redirect.archlinux.org
Services
- Redirects (nginx redirects)
- ping
security.archlinux.org
Services
- security tracker
wiki.archlinux.org
Services
- archwiki
md.archlinux.org
Online collborative markdwown editor for Arch Linux Staff.
Services
Archive Mirrors
The Arch Linux Archive is mirrored to three dedicated servers to help aid global availability.