mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-20 19:05:40 +02:00
69de3d10fa
Signed-off-by: Florian Pritz <bluewind@xinu.at>
70 lines
2.1 KiB
Markdown
70 lines
2.1 KiB
Markdown
# Arch Infrastructure
|
|
|
|
This repository contains the complete collection of ansible playbooks and roles for the Arch Linux infrastructure.
|
|
|
|
It also contains git submodules so you have to run `git submodule update --init
|
|
--recursive` after cloning or some tasks will fail to run.
|
|
|
|
#### Instructions
|
|
All systems are set up the same way. For the first time setup in the Hetzner rescue system,
|
|
run the provisioning script: `ansible-playbook playbooks/install-arch.yml -l $host`.
|
|
The provisioning script configures a sane basic systemd with sshd. By design, it is NOT idempotent.
|
|
After the provisioning script has run, it is safe to reboot.
|
|
|
|
Once in the new system, run the regular playbook: `ansible-playbook playbooks/$hostname.yml`. This
|
|
playbook is the one regularily used for adminstrating the server and is entirely idempotent.
|
|
|
|
##### Note about first time certificates
|
|
|
|
The first time a certificate is issued, you'll have to do this manually by yourself. First, configure the DNS to
|
|
point to the new server and then run a playbook onto the server which includes the nginx role. Then on the server,
|
|
it is necessary to run the following once:
|
|
|
|
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w /var/lib/letsencrypt/ -d <domain-name>
|
|
|
|
Note that some roles already run this automatically.
|
|
|
|
##### Note about opendkim
|
|
|
|
The opendkim DNS data has to be added to DNS manually. The roles verifies that the DNS is correct before starting opendkim.
|
|
|
|
The file that has to be added to the zone is `/etc/opendkim/private/$selector.txt`.
|
|
|
|
## Servers
|
|
|
|
### vostok
|
|
|
|
#### Services
|
|
- backups
|
|
|
|
### orion
|
|
|
|
#### Services
|
|
- repos/sync (repos.archlinux.org)
|
|
- sources (sources.archlinux.org)
|
|
- archive (archive.archlinux.org)
|
|
|
|
### apollo
|
|
|
|
#### Services
|
|
- bbs (bbs.archlinux.org)
|
|
- wiki (wiki.archlinux.org)
|
|
- aur (aur.archlinux.org)
|
|
- mailman
|
|
- planet (planet.archlinux.org)
|
|
- bugs (bugs.archlinux.org)
|
|
- archweb
|
|
- patchwork
|
|
- projects (projects.archlinux.org)
|
|
|
|
### soyuz
|
|
|
|
#### Services
|
|
- build server (pkgbuild.com)
|
|
- releng
|
|
- torrent tracker
|
|
- sogrep
|
|
- /~user/ webhost
|
|
- irc bot (phrik)
|
|
- quassel core
|