Jelle van der Waa
cff430ecc8
Onboard artafinde as new TU
...
Issue: #420
2021-12-03 13:08:01 +01:00
Jelle van der Waa
171467657c
JGC resigned
...
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
2021-12-03 08:49:02 +01:00
Jelle van der Waa
462b767ac2
Eschwartz resigned as TU, Staff
2021-12-01 09:55:47 +00:00
Evangelos Foutras
69994e900a
Complete rsync.net account migration
...
New username; separate and longer account manager + storage passwords.
Also, have to use --remote-path=borg1 when interacting with rsync.net.
2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig)
79f2b57be3
Revert "matrix: Fix bridge configuration"
...
This was a regression which has been fixed upstream.
This reverts commit 67e7677ee4
.
2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig)
67e7677ee4
matrix: Fix bridge configuration
...
We're no longer allowed to reserve formerly used namespaces.
2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig)
89f40f707e
matrix: Extend and move the auto-joined rooms into the vault
2021-10-05 21:02:39 +02:00
Kristian Klausen
d70d47d944
Offboard cesura
...
Ref #396
2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig)
78cd1dd567
matrix: Update bridged rooms
2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig)
1278707cf2
matrix: Update badwords
2021-08-26 19:24:03 +02:00
Kristian Klausen
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
Jan Alexander Steffens (heftig)
94de7e216a
group_vars: Enable configure_network for hcloud hosts
...
I don't know why this wasn't enabled.
2021-08-16 00:47:25 +00:00
Kristian Klausen
847337407b
Onboard alex19ep as new TU
...
Ref #388
2021-08-13 20:41:44 +02:00
Jelle van der Waa
f93b995992
Remove unused groups from archusers
...
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
2021-08-12 21:12:47 +02:00
Jelle van der Waa
ad99a86bae
Offboard alad as TU
...
Closes : #389
2021-08-12 21:10:14 +02:00
Kristian Klausen
3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host
...
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig)
caa81be756
matrix: Use Bearer authentication for metrics
...
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
2021-07-31 01:48:50 +02:00
Evangelos Foutras
6436b29b6b
Offboard Scimmia
...
https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/377
2021-07-29 21:27:11 +03:00
Kristian Klausen
dfc0ded305
Create user for lahwaacz on mail.archlinux.org
...
Ref #381
2021-07-28 00:05:19 +02:00
Kristian Klausen
d2d9bbb2f3
Onboard morganamilo as a new TU
...
Ref #374
2021-07-12 03:15:48 +02:00
Kristian Klausen
bdd9227ce1
Onboard alerque as new TU
...
Ref #373
2021-07-12 00:45:51 +00:00
Kristian Klausen
563c3c5c19
loki/promtail: Use a bearer token instead of basic auth
...
It simplifies it a bit.
2021-07-08 02:58:58 +02:00
Kristian Klausen
ba9bda23db
Create user for denisse on mail.archlinux.org
2021-07-04 12:43:45 +00:00
Kristian Klausen
bda558cb20
Create user for klausenbusk on mail.archlinux.org
2021-07-04 12:43:45 +00:00
Kristian Klausen
7287d6d3f5
archroles: Add support-staff group
...
Primarily to be used for mail accounts on mail.archlinux.org.
2021-07-04 12:43:45 +00:00
Evangelos Foutras
62c78dfa1c
Use sub-accounts for backups to Hetzner Storage Box
...
This offers improved separation between the server backups and should
avoid bumping against the storage box 10 concurrent connection limit.
Fixes: https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/362
2021-07-02 19:04:19 +03:00
Jan Alexander Steffens (heftig)
b4bb842ef5
matrix: Extend and move mjolnir's list of badwords into the vault
2021-07-02 00:06:59 +02:00
Kristian Klausen
bc1c5fe614
Add mailman role for the new lists.al.org machine
...
The DNS is still pointing to luna.
2021-06-30 09:30:31 +00:00
Kristian Klausen
c14c2c1abc
Setup TOTP for rsync.net
2021-06-30 03:06:52 +02:00
Kristian Klausen
7e78f8873c
aurweb: Use a different db password for aur and aur-dev
...
Fix #325
2021-06-16 00:31:38 +00:00
Leonidas Spyropoulos
43f0b53206
fail2ban: Add nginx_limit_req to all dicts
...
Ansible complains if the fail2ban_jails dictionary is missing the
nginx_limit_req key. Adding this as default failse.
Bugfix from: e5773374
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
2021-06-10 19:14:35 +01:00
Kristian Klausen
f7f8dae584
keycloak: Use a better db password
2021-06-06 17:15:34 +02:00
Kristian Klausen
9360faf75d
Put all /metrics endpoints behind auth
2021-06-06 14:52:10 +02:00
Jelle van der Waa
ce7c62cae6
Implement authentication via archweb
...
This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.
2021-06-03 22:03:35 +02:00
Kristian Klausen
98704c4893
root_ssh: Add additional SSH key for klausenbusk
...
He has too many smartcards!
2021-06-02 18:45:01 +02:00
Sven-Hendrik Haase
06cd2e06a5
Give Kristian full DevOps access
2021-06-02 16:21:50 +02:00
Jan Alexander Steffens (heftig)
407163f39b
matrix: Move IRC bridge to Libera Chat
2021-06-01 18:44:21 +02:00
Frederik Schwan
1c128ec21b
make diabonas dev
...
implements #346
2021-05-22 00:17:21 +02:00
Jan Alexander Steffens (heftig)
67d32f8e44
matrix: Export prometheus metrics
2021-05-21 01:56:45 +02:00
Jelle van der Waa
f741bc6a20
Terraform uptimerobot monitors
...
Add our uptimerobot to terraform so it's managed in code and we can
easily extend it. This currently only adds our to be monitored sites and
leaves the status page as is now.
Deleting resources on uptimerobot will cause terraform unable to run
see: https://github.com/louy/terraform-provider-uptimerobot/issues/82
References: #209
2021-05-18 22:51:16 +02:00
Jelle van der Waa
e7ba7b914c
Update prometheus vault for proxy
2021-05-14 00:42:34 +02:00
Jelle van der Waa
867d42baae
Add vault_prometheus for the prometheus mirror
2021-05-14 00:18:35 +02:00
Sven-Hendrik Haase
d2b110d250
Add dashboards.archlinux.org for public Grafana dashboards
...
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
2021-05-13 23:28:01 +02:00
Kristian Klausen
f57830bd84
Give klausenbusk root access to runner{1,2}.al.org
2021-05-12 11:36:22 +02:00
Jelle van der Waa
3f9f7bab32
Onboard grawlinson as new TU
2021-05-07 22:41:06 +02:00
Jan Alexander Steffens (heftig)
3e475457c5
matrix: Integrate with Keycloak
...
Closes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/94
2021-04-15 12:37:34 +00:00
Kristian Klausen
b696716b1d
Give klausenbusk root access to {bugs,monitoring}.al.org
...
klausenbusk is our new newest Junior DevOp and he needs some access:
* bugs.al.org for helping with migrating Flyspray tasks to GitLab
* monitoring.al.org for setting up centralized logging
2021-04-09 19:49:58 +00:00
Kristian Klausen
ea9f114de1
root_ssh: Support giving root access to only some hosts
2021-04-09 19:49:58 +00:00
Jelle van der Waa
512b53dad8
Add loki htpasswd vault
2021-04-08 21:00:46 +02:00
Jelle van der Waa
5232f95add
Rename the default pubkey to hashwork.pub
...
Our dbscripts role expects the default ssh key to be username + '.pub'.
2021-03-27 16:48:50 +01:00