Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
06d5360e
Commit
06d5360e
authored
Dec 26, 2020
by
Frederik Schwan
Browse files
add redirect server to handle redirects for deprecated domains
parent
228e629a
Changes
8
Hide whitespace changes
Inline
Side-by-side
docs/ssh-hostkeys.txt
View file @
06d5360e
...
...
@@ -262,6 +262,17 @@
256 MD5:15:45:eb:91:69:df:c3:6d:9f:99:b9:13:02:94:a6:ac root@archlinux-packer (ED25519)
2048 MD5:ca:2f:cf:5c:4d:ec:75:c3:71:76:d6:b7:b9:fa:aa:32 root@archlinux-packer (RSA)
# redirect.archlinux.org
1024 SHA256:hqw3Wmif3BUI9VLcNnvcB3I+M9f5OUtDjRT8H6tAuEU root@archlinux-packer (DSA)
256 SHA256:JaUkz0eOofslq9BVifMx8c6sapM/DSig9zrVyFqrHD4 root@archlinux-packer (ECDSA)
256 SHA256:sUcgzScFlMByQKLW2IDYBc2m6EvLXzM6KVa2mzls3TA root@archlinux-packer (ED25519)
3072 SHA256:yUn8pVpioFsltzFKA2cImHb6UnD63pCOCiJsP5OFLBQ root@archlinux-packer (RSA)
1024 MD5:a8:f9:dd:2a:79:ca:3a:ef:b5:24:49:6b:61:1f:bb:07 root@archlinux-packer (DSA)
256 MD5:b1:f5:78:51:c5:50:5e:25:73:68:fc:80:53:25:94:ba root@archlinux-packer (ECDSA)
256 MD5:5a:49:d5:f3:00:ca:49:17:d8:cc:3e:84:1d:60:be:06 root@archlinux-packer (ED25519)
3072 MD5:1e:52:48:56:d3:13:20:e5:02:4f:10:1b:af:27:e5:c7 root@archlinux-packer (RSA)
# repro1.pkgbuild.com
1024 SHA256:K2RjAgIzlRrSkqdf3vqwfXOOg0oEMt/AwAT2Gmt2wpA root@repro3.pkgbuild.com (DSA)
256 SHA256:H/7en8S/UqQ+llIDPyCIn9sYHjiEU6L+Myu0MpmoDsE root@repro3.pkgbuild.com (ECDSA)
...
...
docs/ssh-known_hosts.txt
View file @
06d5360e
...
...
@@ -118,6 +118,11 @@ quassel.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm
quassel.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJ8pFEQOPKxtdHcNkYP/lmF9vrM5ub30Kbeo3SQJ3OI
quassel.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPHwHxYNG1vjRiEfoVEa9onPLdUNFdwmrCblc95ALKU+GTCOO8C6gBo2J4w5hB6CABUh4zJn2AbXi1E6YQdGyumfvBhXzpim+wdPtDh/Wrqxl8M06Gk2+YbAS1m0452xsMELodNTPd7HDB0iXDEfEjB02jk7D/KHIVWkKi0wlV3d4WG1M0c5D+MA3zFoYN/EwcRYK120P3dbYzdCwrYi6IdgA/+2g8ALvkAkLEW3uYyIct8kQ/sTLKcKimuyeiYCEn2jviIJjraF2T0U6m+dgfEEBtyITzvP9/3oAflIsgr1LHHVwfhdlbml1LvqPojYpBV2YrE8esmCzhs0a6TWP5
# redirect.archlinux.org
redirect.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNlS8biku7pxOjm+a0MxYR0ICSRjoqkaCSPdY5tdUnOPmEnvRm7qqO4pzvzy5FjhcFOW4oTuKu93ZXmnU9rV1s=
redirect.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8cqRGOzfp+waFo4fxxq2oUKPFsTNRL0MB1M3xT2Y5L
redirect.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3VdhG7Lm+UYBGjf/G8eUSXL43N2QLRTm23LaSKaegx9/41mtlRJAoHfpHsJg8a2nBEGebooZqp5rwP4kxj0pB7394VP5UjThhqBQ9lWKJgCkceRsvkRYkbrBQHyNiRcFQ7/3YxPFJyNlxQwxiBe9sRk1HHUtQOeleGAQoB+GOMkKSPmqD6k/D5GzoX/maqraFK8S0egapKF5VMWw+6apAv+vp7O/zyPrOddaKLB2XK2c86Jl04z1vA3UMAJ+mQ9P0+WLYzEdxx3OmChw/CQOQk2n3Q/civV7prhkf4Qs58uw6Eg2dGmcP5+z5NeC2J/egxQROoSgUpbUf0W/UDEApjAzAIuzDIXOLwXqqf4b7NKfvCiycCQvk9fTWd14AuTfh/qjwKaP4dEkkmDjR7/mvan5M/mxs82QZIMDW6THYvAnkQ0715Ai4C1+WE1gvzpLbtfJxZhngigDi1YpG3uLf2D7PwKNWc6A6OGpW36GB0nlT3kns13xxmMauxhBJW78=
# repro1.pkgbuild.com
repro1.pkgbuild.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKYR9cx4+umxrRJ68vvqOmCSkYuZJDkYAAxlT+bbKNnA2R5jpuxvLamGPFfdAzAQjk5FRnbNGihMI2V2Fw8M2gQ=
repro1.pkgbuild.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrJCFjvo5svIzF5d7agm1/QlqyYlegxSX6GebZp6E5c
...
...
hosts
View file @
06d5360e
...
...
@@ -135,6 +135,7 @@ repro1.pkgbuild.com
wiki.archlinux.org
patchwork.archlinux.org
security.archlinux.org
redirect.archlinux.org
[kape_servers]
asia.mirror.pkgbuild.com
...
...
playbooks/redirect.archlinux.org.yml
0 → 100644
View file @
06d5360e
-
name
:
setup redirect.archlinux.org
hosts
:
redirect.archlinux.org
remote_user
:
root
roles
:
-
{
role
:
common
}
-
{
role
:
tools
}
-
{
role
:
firewalld
}
-
{
role
:
unbound
}
-
{
role
:
sshd
}
-
{
role
:
root_ssh
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
redirects
}
-
{
role
:
prometheus_exporters
}
-
{
role
:
hardening
}
roles/redirects/defaults/main.yml
0 → 100644
View file @
06d5360e
redirects
:
-
static.conf
:
domain
:
static.conf.archlinux.org
to
:
https://gitlab.archlinux.org/archlinux/conf-files/-/raw/master$request_uri
type
:
302
roles/redirects/tasks/main.yml
0 → 100644
View file @
06d5360e
---
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ item.domain }} creates='/etc/letsencrypt/live/{{ item.domain }}/fullchain.pem'
loop
:
"
{{
redirects
}}"
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ item.domain }} state=directory owner=root group=root mode=0755
loop
:
"
{{
redirects
}}"
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/redirects.conf" owner=root group=root mode=644
notify
:
reload nginx
tags
:
[
'
nginx'
]
roles/redirects/templates/nginx.d.conf.j2
0 → 100644
View file @
06d5360e
{% for redirect in redirects %}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ redirect.domain }};
access_log /var/log/nginx/{{ redirect.domain }}/access.log reduced;
error_log /var/log/nginx/{{ redirect.domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ redirect.domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ redirect.domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ redirect.domain }}/chain.pem;
include snippets/letsencrypt.conf;
return {{ redirect.type }} {{ redirect.to }};
}
{% endfor %}
tf-stage1/archlinux.tf
View file @
06d5360e
...
...
@@ -788,6 +788,20 @@ resource "hetznerdns_record" "archlinux_org_quassel_aaaa" {
type
=
"AAAA"
}
resource
"hetznerdns_record"
"archlinux_org_redirect_a"
{
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"redirect"
value
=
hcloud_server
.
redirect
.
ipv4_address
type
=
"A"
}
resource
"hetznerdns_record"
"archlinux_org_redirect_aaaa"
{
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"redirect"
value
=
hcloud_server
.
redirect
.
ipv6_address
type
=
"AAAA"
}
resource
"hetznerdns_record"
"archlinux_org_reproducible_a"
{
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"reproducible"
...
...
@@ -1256,6 +1270,27 @@ resource "hcloud_server" "aur-dev" {
}
}
resource
"hcloud_rdns"
"redirect_ipv4"
{
server_id
=
hcloud_server
.
redirect
.
id
ip_address
=
hcloud_server
.
redirect
.
ipv4_address
dns_ptr
=
"redirect.archlinux.org"
}
resource
"hcloud_rdns"
"redirect_ipv6"
{
server_id
=
hcloud_server
.
redirect
.
id
ip_address
=
hcloud_server
.
redirect
.
ipv6_address
dns_ptr
=
"redirect.archlinux.org"
}
resource
"hcloud_server"
"redirect"
{
name
=
"redirect.archlinux.org"
image
=
data
.
hcloud_image
.
archlinux
.
id
server_type
=
"cx11"
lifecycle
{
ignore_changes
=
[
image
]
}
}
resource
"hcloud_rdns"
"mailman3_ipv4"
{
server_id
=
hcloud_server
.
mailman3
.
id
ip_address
=
hcloud_server
.
mailman3
.
ipv4_address
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment