Cyber/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
3653 commits 23 branches 0 tags 13 MiB
Commit graph

321 commits

Author SHA1 Message Date
Jelle van der Waa cff430ecc8
Onboard artafinde as new TU 
Issue: #420
 2021-12-03 13:08:01 +01:00
Jelle van der Waa 171467657c
JGC resigned 
https://lists.archlinux.org/private/arch-dev/2021-October/016798.html
 2021-12-03 08:49:02 +01:00
Jelle van der Waa 462b767ac2 Eschwartz resigned as TU, Staff 2021-12-01 09:55:47 +00:00
Evangelos Foutras 69994e900a
Complete rsync.net account migration 
New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.
 2021-11-06 19:50:31 +02:00
Jan Alexander Steffens (heftig) 79f2b57be3
Revert "matrix: Fix bridge configuration" 
This was a regression which has been fixed upstream.

This reverts commit 67e7677ee4.
 2021-10-26 00:21:25 +02:00
Jan Alexander Steffens (heftig) 67e7677ee4
matrix: Fix bridge configuration 
We're no longer allowed to reserve formerly used namespaces.
 2021-10-22 17:51:05 +02:00
Jan Alexander Steffens (heftig) 89f40f707e
matrix: Extend and move the auto-joined rooms into the vault 2021-10-05 21:02:39 +02:00
Kristian Klausen d70d47d944
Offboard cesura 
Ref #396
 2021-10-02 15:36:59 +02:00
Jan Alexander Steffens (heftig) 78cd1dd567
matrix: Update bridged rooms 2021-08-26 19:24:03 +02:00
Jan Alexander Steffens (heftig) 1278707cf2
matrix: Update badwords 2021-08-26 19:24:03 +02:00
Kristian Klausen 6a11db2f20 Use wireguard for db connections to archlinux.org 
Fix #177
 2021-08-24 21:08:08 +02:00
Jan Alexander Steffens (heftig) 94de7e216a group_vars: Enable configure_network for hcloud hosts 
I don't know why this wasn't enabled.
 2021-08-16 00:47:25 +00:00
Kristian Klausen 847337407b
Onboard alex19ep as new TU 
Ref #388
 2021-08-13 20:41:44 +02:00
Jelle van der Waa f93b995992
Remove unused groups from archusers 
These groups are no longer required as docker/arch-boxes images are
build by Gitlab.
 2021-08-12 21:12:47 +02:00
Jelle van der Waa ad99a86bae
Offboard alad as TU 
Closes: #389
 2021-08-12 21:10:14 +02:00
Kristian Klausen 3e113e426f
archusers: Restrict fukawi2 to the mail.al.org host 
Looks like a oversight when he was offboarded as DevOps.
As support staff he shouldn't have access to
 2021-08-02 14:29:36 +02:00
Jan Alexander Steffens (heftig) caa81be756
matrix: Use Bearer authentication for metrics 
https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/473
 2021-07-31 01:48:50 +02:00
Evangelos Foutras 6436b29b6b
Offboard Scimmia 
https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/377
 2021-07-29 21:27:11 +03:00
Kristian Klausen dfc0ded305
Create user for lahwaacz on mail.archlinux.org 
Ref #381
 2021-07-28 00:05:19 +02:00
Kristian Klausen d2d9bbb2f3
Onboard morganamilo as a new TU 
Ref #374
 2021-07-12 03:15:48 +02:00
Kristian Klausen bdd9227ce1 Onboard alerque as new TU 
Ref #373
 2021-07-12 00:45:51 +00:00
Kristian Klausen 563c3c5c19
loki/promtail: Use a bearer token instead of basic auth 
It simplifies it a bit.
 2021-07-08 02:58:58 +02:00
Kristian Klausen ba9bda23db Create user for denisse on mail.archlinux.org 2021-07-04 12:43:45 +00:00
Kristian Klausen bda558cb20 Create user for klausenbusk on mail.archlinux.org 2021-07-04 12:43:45 +00:00
Kristian Klausen 7287d6d3f5 archroles: Add support-staff group 
Primarily to be used for mail accounts on mail.archlinux.org.
 2021-07-04 12:43:45 +00:00
Evangelos Foutras 62c78dfa1c
Use sub-accounts for backups to Hetzner Storage Box 
This offers improved separation between the server backups and should
avoid bumping against the storage box 10 concurrent connection limit.

Fixes: https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/362
 2021-07-02 19:04:19 +03:00
Jan Alexander Steffens (heftig) b4bb842ef5
matrix: Extend and move mjolnir's list of badwords into the vault 2021-07-02 00:06:59 +02:00
Kristian Klausen bc1c5fe614 Add mailman role for the new lists.al.org machine 
The DNS is still pointing to luna.
 2021-06-30 09:30:31 +00:00
Kristian Klausen c14c2c1abc
Setup TOTP for rsync.net 2021-06-30 03:06:52 +02:00
Kristian Klausen 7e78f8873c aurweb: Use a different db password for aur and aur-dev 
Fix #325
 2021-06-16 00:31:38 +00:00
Leonidas Spyropoulos 43f0b53206 fail2ban: Add nginx_limit_req to all dicts 
Ansible complains if the fail2ban_jails dictionary is missing the
nginx_limit_req key. Adding this as default failse.

Bugfix from: e5773374

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
 2021-06-10 19:14:35 +01:00
Kristian Klausen f7f8dae584
keycloak: Use a better db password 2021-06-06 17:15:34 +02:00
Kristian Klausen 9360faf75d Put all /metrics endpoints behind auth 2021-06-06 14:52:10 +02:00
Jelle van der Waa ce7c62cae6
Implement authentication via archweb 
This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.
 2021-06-03 22:03:35 +02:00
Kristian Klausen 98704c4893 root_ssh: Add additional SSH key for klausenbusk 
He has too many smartcards!
 2021-06-02 18:45:01 +02:00
Sven-Hendrik Haase 06cd2e06a5
Give Kristian full DevOps access 2021-06-02 16:21:50 +02:00
Jan Alexander Steffens (heftig) 407163f39b
matrix: Move IRC bridge to Libera Chat 2021-06-01 18:44:21 +02:00
Frederik Schwan 1c128ec21b
make diabonas dev 
implements #346
 2021-05-22 00:17:21 +02:00
Jan Alexander Steffens (heftig) 67d32f8e44
matrix: Export prometheus metrics 2021-05-21 01:56:45 +02:00
Jelle van der Waa f741bc6a20
Terraform uptimerobot monitors 
Add our uptimerobot to terraform so it's managed in code and we can
easily extend it. This currently only adds our to be monitored sites and
leaves the status page as is now.

Deleting resources on uptimerobot will cause terraform unable to run
see: https://github.com/louy/terraform-provider-uptimerobot/issues/82

References: #209
 2021-05-18 22:51:16 +02:00
Jelle van der Waa e7ba7b914c
Update prometheus vault for proxy 2021-05-14 00:42:34 +02:00
Jelle van der Waa 867d42baae
Add vault_prometheus for the prometheus mirror 2021-05-14 00:18:35 +02:00
Sven-Hendrik Haase d2b110d250 Add dashboards.archlinux.org for public Grafana dashboards 
Co-authored-by: Kristian Klausen <kristian@klausen.dk>
 2021-05-13 23:28:01 +02:00
Kristian Klausen f57830bd84 Give klausenbusk root access to runner{1,2}.al.org 2021-05-12 11:36:22 +02:00
Jelle van der Waa 3f9f7bab32
Onboard grawlinson as new TU 2021-05-07 22:41:06 +02:00
Jan Alexander Steffens (heftig) 3e475457c5 matrix: Integrate with Keycloak 
Closes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/94
 2021-04-15 12:37:34 +00:00
Kristian Klausen b696716b1d Give klausenbusk root access to {bugs,monitoring}.al.org 
klausenbusk is our new newest Junior DevOp and he needs some access:
* bugs.al.org for helping with migrating Flyspray tasks to GitLab
* monitoring.al.org for setting up centralized logging
 2021-04-09 19:49:58 +00:00
Kristian Klausen ea9f114de1 root_ssh: Support giving root access to only some hosts 2021-04-09 19:49:58 +00:00
Jelle van der Waa 512b53dad8
Add loki htpasswd vault 2021-04-08 21:00:46 +02:00
Jelle van der Waa 5232f95add
Rename the default pubkey to hashwork.pub 
Our dbscripts role expects the default ssh key to be username + '.pub'.
 2021-03-27 16:48:50 +01:00