Commits · master · Amin Vakil / infrastructure

Feb 21, 2025
- archusers: Set sven to use zsh · 89d52a33
  Sven-Hendrik Haase authored 1 month ago
  
  89d52a33
- onboarding: Mention `#archlinux-packaging` · 460901d7
  Christian Heusel authored 1 month ago
  
  Signed-off-by: Christian Heusel <christian@heusel.eu>
  460901d7
- Merge branch 'eworm/sshd-env' into 'master' · df71fdfc
  Christian Heusel authored 1 month ago
  
  sshd: accept environment variables ... See merge request archlinux/infrastructure!840
  df71fdfc
- sshd: accept environment variables ... · 7d70e75d
  Christian Hesse authored 8 months ago and Christian Heusel committed 1 month ago
  
  ... for user's color, language/locale and timezone settings
  7d70e75d
- Merge branch 'harden-fluxbb-more' into 'master' · 39b463e4
  Sven-Hendrik Haase authored 1 month ago
  
  fluxbb: disallow more security related PHP functions See merge request archlinux/infrastructure!682
  39b463e4
- fluxbb: Ansibilize some manual changes that were present · 648aa27a
  Sven-Hendrik Haase authored 1 month ago
  
  Specifically, I noticed that install.php was removed in the live installation but this wasn't documented in code. For security reasons it's a good idea to remove that file after installation. Old PHP forum software just was like that ;)
  648aa27a
- fluxbb: disallow more security related PHP functions · c9b34e00
  Amin Vakil authored 2 years ago and Sven-Hendrik Haase committed 1 month ago
  
  Disallow more php functions which can execute commands, create symlinks or read arbitrary files.
  c9b34e00
- Merge branch 'fix/tempo' into 'master' · 51532a17
  Christian Heusel authored 1 month ago
  
  prometheus: scrape tempo metrics See merge request archlinux/infrastructure!866
  51532a17
- prometheus: scrape tempo service metrics · 1889179d
  Levente Polyak authored 7 months ago and Christian Heusel committed 1 month ago
  
  Tempo exposes its service metrics with the default route on port 3200. Let's add it to our scraping targets so we get insights into the tempo service.
  1889179d
- prometheus: run web listener only on 127.0.0.1 · 94bde39b
  Levente Polyak authored 7 months ago and Christian Heusel committed 1 month ago
  
  The default is to run it on 0.0.0.0.
  94bde39b
Feb 17, 2025
- Merge branch 'fix-install-arch' into 'master' · 9445ce01
  Christian Heusel authored 1 month ago
  
  install_arch: fix loops See merge request archlinux/infrastructure!926
  9445ce01
- install_arch: fix loops · 49dcd967
  Leonidas Spyropoulos authored 1 month ago and Christian Heusel committed 1 month ago
  
  Fixes: 701c1d01 ("Migrate 'with_X' to 'loop'")
  49dcd967
Feb 16, 2025

Merge branch 'ssh-clientaliveinterval' into 'master' · 3826e576
Jan Alexander Steffens (heftig) authored 1 month ago
```
sshd_config: Set ClientAliveInterval to 30 seconds

See merge request archlinux/infrastructure!928
```
3826e576
sshd_config: Set ClientAliveInterval to 30 seconds · 57768138
Jan Alexander Steffens (heftig) authored 1 month ago
```
Should help people not get disconnected when a build has no output for a
while (e.g. long LTO links).
```
57768138

Merge branch 'paccache_drop-in_conf' into 'master' · ff90769f

Use paccache.service environment file to pass extra arguments

Closes #649

See merge request archlinux/infrastructure!921

ff90769f

Use paccache.service environment file to pass extra arguments · 085df2c6

Robin Candau authored 1 month ago

Use the new `/etc/conf.d/pacman-contrib` environment file (introduced in pacman/pacman-contrib!53) to pass extra arguments to `paccache.service` instead of overriding it completely.

This improves security as it allows to benefit from all the hardening implemented in the upstream service file (which wasn't the case previously, since the whole service file was overwriten).

/!\ Requires `pacman-contrib` >= `1.11.0` /!\

Closes archlinux/infrastructure#649

085df2c6

matrix: Update badwords · 64fb2c86
Jan Alexander Steffens (heftig) authored 1 month ago

64fb2c86
matrix: Update synapse to 1.124.0 · 7dd22b0b
Jan Alexander Steffens (heftig) authored 1 month ago

7dd22b0b

Feb 14, 2025

grafana: Switch repository time series to stacked graph · ba09b5a3

Sven-Hendrik Haase authored 1 month ago

Also removed the sum graph but added a calculated total instead.
I also filter out `-debug` and `-staging` repos.
I think this improves overall readability.

Added panel showing total number of packages in repos.

Also made the Prometheus queries into a sum aggregate since otherwise
the metrics would be split by server migrations
(because the instance label switches value).

ba09b5a3

Merge branch 'improve-aur-dashboard' into 'master' · 0e47ed1e
Christian Heusel authored 1 month ago
```
grafana: Add AUR operational dashboard

See merge request archlinux/infrastructure!917
```
0e47ed1e

grafana: Add AUR operational dashboard · fda77a3c

Sven-Hendrik Haase authored 2 months ago and

Christian Heusel committed 1 month ago

- Added a second dashboard for displaying operational AUR data
- Moved some information from the current public board to the
  operational dashboard
- Added tracing information to AUR operational dashboard

This utilizes the new tempo data source in order to display service
information as well as slow responses that can be further inspected.

fda77a3c

Feb 13, 2025
- Merge branch 'add-packages-total-to-exporter' into 'master' · a4901872
  Christian Heusel authored 1 month ago
  
  prometheus_exporters: Add total number of packages per directory to exporter See merge request !923
  a4901872
- prometheus_exporters: Add total number of packages per directory to exporter · 420a4389
  Sven-Hendrik Haase authored 1 month ago and Christian Heusel committed 1 month ago
  
  The idea of this is to allow us to graph the number of packages per repository in grafana just like we're already doing in the archive exporter.
  420a4389
- Merge branch 'nf_conntrack_max_in_firewalld_role' into 'master' · 090a3eda
  Christian Heusel authored 1 month ago
  
  Move nf_conntrack_max configuration to the firewalld role Closes #648 See merge request !925
  090a3eda
- Move nf_conntrack_max configuration to the firewalld role · 6d1f4c1b
  Robin Candau authored 1 month ago and Christian Heusel committed 1 month ago
  
  `net.netfilter.nf_conntrack_max` is only relevant if the firewall is configured, so it make more sense to move it to the `firewalld` role. Closes #648
  6d1f4c1b
Feb 12, 2025
- archweb: Deploy latest release · 01ed4375
  Christian Heusel authored 1 month ago
  
  Signed-off-by: Christian Heusel <christian@heusel.eu>
  01ed4375
- Merge branch '658-rename-gemini-to-archive' into 'master' · c9d25847
  Christian Heusel authored 1 month ago
  
  Rename gemini to archive Closes #658 See merge request archlinux/infrastructure!918
  c9d25847
Feb 10, 2025

hosts: Remove leftover from repo split · d2662553
Christian Heusel authored 2 months ago
```
Related to archlinux/infrastructure!905
```
d2662553
postfix: Drop unneded sender permissions for gemini · e4651679
Christian Heusel authored 2 months ago
```
Signed-off-by: Christian Heusel <christian@heusel.eu>
```
e4651679
Rename gemini to archive · 1aa39de3
Christian Heusel authored 2 months ago
```
Fixes #658



Signed-off-by: Christian Heusel <christian@heusel.eu>
```
1aa39de3
Merge branch 'remove-sq' into 'master' · f63280b8
Christian Heusel authored 1 month ago
```
gluebuddy/bugbuddy: Move from sq to rsop

See merge request archlinux/infrastructure!920
```
f63280b8

bugbuddy: Move from sq to rsop · 94bc834f

Christian Heusel authored 2 months ago


The sequoia cli once again changed their interface, therefore port this
to the (somewhat guaranteed to be) stable sops interface.

Suggested-by: David Runge <dvzrv@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>

94bc834f

gluebuddy: Move from sq to rsop · 7be3afb1

Christian Heusel authored 2 months ago


The sequoia cli once again changed their interface, therefore port this
to the (somewhat guaranteed to be) stable sops interface.

Suggested-by: David Runge <dvzrv@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>

7be3afb1

Merge branch 'skip-gpg-validation-in-aurdev' into 'master' · 212f778d
Leonidas Spyropoulos authored 1 month ago
```
aurweb: Skip commit validation if we are not on prod

See merge request archlinux/infrastructure!916
```
212f778d

Feb 09, 2025
- aurweb: Do not guard metrics endpoints in aur-dev · 58cdb25e
  Sven-Hendrik Haase authored 1 month ago
  
  The sandbox deployments do not have access to the vault and so we can't have them use it.
  58cdb25e
- aurweb: Do not try to set up tracing on non-prod deployments · c8223cb3
  Sven-Hendrik Haase authored 2 months ago
  
  It will fail since we do not connect aur-dev instances to monitoring.
  c8223cb3
- aurweb: Skip commit validation if we are not on prod · f97f618d
  Sven-Hendrik Haase authored 2 months ago
  
  This makes it so that you don't need to be in the list of trusted GPG keys `aurweb_pgp_keys` in order to start a test instance for the AUR. I think `aurweb_pgp_keys` should only be for people wanting to deploy this to production.
  f97f618d
- grafana: rebase grafana.ini to grafana 11.5.1-1 · ebae1213
  Evangelos Foutras authored 1 month ago
  
  ebae1213
- common: stop installing archlinux-contrib · 8c23237d
  Evangelos Foutras authored 1 month ago
  
  It was installed for checkservices which we rarely use anymore due to automated updates. Also, update README.md to remove references to it.
  8c23237d
Feb 07, 2025
- Revert "prometheus_exporters: Add total number of packages per directory to exporter" · e2b4837e
  Sven-Hendrik Haase authored 1 month ago
  
  This reverts commit e2346a9e since it was supposed to go through review first.
  e2b4837e

Admin message