- Feb 21, 2025
-
-
Sven-Hendrik Haase authored
-
Christian Heusel authored
Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Christian Heusel authored
sshd: accept environment variables ... See merge request archlinux/infrastructure!840
-
... for user's color, language/locale and timezone settings
-
Sven-Hendrik Haase authored
fluxbb: disallow more security related PHP functions See merge request archlinux/infrastructure!682
-
Sven-Hendrik Haase authored
Specifically, I noticed that install.php was removed in the live installation but this wasn't documented in code. For security reasons it's a good idea to remove that file after installation. Old PHP forum software just was like that ;)
-
Disallow more php functions which can execute commands, create symlinks or read arbitrary files.
-
Christian Heusel authored
prometheus: scrape tempo metrics See merge request archlinux/infrastructure!866
-
Tempo exposes its service metrics with the default route on port 3200. Let's add it to our scraping targets so we get insights into the tempo service.
-
The default is to run it on 0.0.0.0.
-
- Feb 17, 2025
-
-
Christian Heusel authored
install_arch: fix loops See merge request archlinux/infrastructure!926
-
Fixes: 701c1d01 ("Migrate 'with_X' to 'loop'")
-
- Feb 16, 2025
-
-
Jan Alexander Steffens (heftig) authored
sshd_config: Set ClientAliveInterval to 30 seconds See merge request archlinux/infrastructure!928
-
Jan Alexander Steffens (heftig) authored
Should help people not get disconnected when a build has no output for a while (e.g. long LTO links).
-
Kristian Klausen authored
Use paccache.service environment file to pass extra arguments Closes #649 See merge request archlinux/infrastructure!921
-
Robin Candau authored
Use the new `/etc/conf.d/pacman-contrib` environment file (introduced in pacman/pacman-contrib!53) to pass extra arguments to `paccache.service` instead of overriding it completely. This improves security as it allows to benefit from all the hardening implemented in the upstream service file (which wasn't the case previously, since the whole service file was overwriten). /!\ Requires `pacman-contrib` >= `1.11.0` /!\ Closes archlinux/infrastructure#649
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
- Feb 14, 2025
-
-
Sven-Hendrik Haase authored
Also removed the sum graph but added a calculated total instead. I also filter out `-debug` and `-staging` repos. I think this improves overall readability. Added panel showing total number of packages in repos. Also made the Prometheus queries into a sum aggregate since otherwise the metrics would be split by server migrations (because the instance label switches value).
-
Christian Heusel authored
grafana: Add AUR operational dashboard See merge request archlinux/infrastructure!917
-
- Added a second dashboard for displaying operational AUR data - Moved some information from the current public board to the operational dashboard - Added tracing information to AUR operational dashboard This utilizes the new tempo data source in order to display service information as well as slow responses that can be further inspected.
-
- Feb 13, 2025
-
-
Christian Heusel authored
prometheus_exporters: Add total number of packages per directory to exporter See merge request !923
-
The idea of this is to allow us to graph the number of packages per repository in grafana just like we're already doing in the archive exporter.
-
Christian Heusel authored
Move nf_conntrack_max configuration to the firewalld role Closes #648 See merge request !925
-
`net.netfilter.nf_conntrack_max` is only relevant if the firewall is configured, so it make more sense to move it to the `firewalld` role. Closes #648
-
- Feb 12, 2025
-
-
Christian Heusel authored
Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Christian Heusel authored
Rename gemini to archive Closes #658 See merge request archlinux/infrastructure!918
-
- Feb 10, 2025
-
-
Christian Heusel authored
Related to archlinux/infrastructure!905
-
Christian Heusel authored
Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Christian Heusel authored
Fixes #658 Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Christian Heusel authored
gluebuddy/bugbuddy: Move from sq to rsop See merge request archlinux/infrastructure!920
-
Christian Heusel authored
The sequoia cli once again changed their interface, therefore port this to the (somewhat guaranteed to be) stable sops interface. Suggested-by:
David Runge <dvzrv@archlinux.org> Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Christian Heusel authored
The sequoia cli once again changed their interface, therefore port this to the (somewhat guaranteed to be) stable sops interface. Suggested-by:
David Runge <dvzrv@archlinux.org> Signed-off-by:
Christian Heusel <christian@heusel.eu>
-
Leonidas Spyropoulos authored
aurweb: Skip commit validation if we are not on prod See merge request archlinux/infrastructure!916
-
- Feb 09, 2025
-
-
Sven-Hendrik Haase authored
The sandbox deployments do not have access to the vault and so we can't have them use it.
-
Sven-Hendrik Haase authored
It will fail since we do not connect aur-dev instances to monitoring.
-
Sven-Hendrik Haase authored
This makes it so that you don't need to be in the list of trusted GPG keys `aurweb_pgp_keys` in order to start a test instance for the AUR. I think `aurweb_pgp_keys` should only be for people wanting to deploy this to production.
-
Evangelos Foutras authored
-
Evangelos Foutras authored
It was installed for checkservices which we rarely use anymore due to automated updates. Also, update README.md to remove references to it.
-
- Feb 07, 2025
-
-
Sven-Hendrik Haase authored
This reverts commit e2346a9e since it was supposed to go through review first.
-