Skip to content
Snippets Groups Projects
Verified Commit 53bd9856 authored by Jelle van der Waa's avatar Jelle van der Waa :construction: Committed by Sven-Hendrik Haase
Browse files

Move openpgpkey.archlinux.org to a new VPS 

The WKD webservice ran on orion, but as we want to retire it, we will
move it to it's own CX11 VPS. As it's just a simple web page.
parent 3c426bfd
No related branches found
No related tags found
No related merge requests found
Pipeline #2693 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
README.md
+ 7
0
View file @ 53bd9856
......@@ -259,6 +259,13 @@ Medium-fast-ish packet.net Arch Linux box.
- [Grafana](https://monitoring.archlinux.org)
- Prometheus
### openpgpkey.archlinux.org
Hosts our gnupg open web key directory for fetching Arch Linux keyring keys over https.
#### Services
- WKD
## Ansible repo workflows
### Replace vault password and change vaulted passwords
......
hosts
+ 1
0
View file @ 53bd9856
......@@ -102,6 +102,7 @@ phrik.archlinux.org
quassel.archlinux.org
state.archlinux.org
mirror.pkgbuild.com
openpgpkey.archlinux.org
homedir.archlinux.org
dragon.archlinux.org
mail.archlinux.org
playbooks/openpgpkeys.archlinux.org 0 → 100644
+ 14
0
View file @ 53bd9856
---
- name: setup openpgpkey server
hosts: openpgpkey.archlinux.org
remote_user: root
roles:
- { role: common }
- { role: firewalld }
- { role: sshd }
- { role: root_ssh }
- { role: certbot }
- { role: nginx }
- { role: wkd }
- { role: prometheus_exporters }
playbooks/orion.yml
+ 0
1
View file @ 53bd9856
......@@ -21,5 +21,4 @@
- sogrep
- { role: sudo, tags: ['archusers'] }
- { role: archweb, archweb_site: false, archweb_services: false, archweb_donor_import: true, archweb_mirrorcheck_locations: [5, 6] }
- wkd
- { role: fail2ban }
tf-stage1/archlinux.tf
+ 35
7
View file @ 53bd9856
......@@ -527,6 +527,20 @@ resource "hetznerdns_record" "archlinux_org_mx_aaaa" {
type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_openpgpkey_a" {
zone_id = hetznerdns_zone.archlinux.id
name = "openpgpkey"
value = hcloud_server.openpgpkey.ipv4_address
type = "A"
}
resource "hetznerdns_record" "archlinux_org_openpgpkey_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
name = "openpgpkey"
value = hcloud_server.openpgpkey.ipv6_address
type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_orion_txt" {
zone_id = hetznerdns_zone.archlinux.id
name = "mail._domainkey"
......@@ -726,13 +740,6 @@ resource "hetznerdns_record" "archlinux_org_mailman_cname" {
type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_openpgpkey_cname" {
zone_id = hetznerdns_zone.archlinux.id
name = "openpgpkey"
value = "orion"
type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_packages_cname" {
zone_id = hetznerdns_zone.archlinux.id
name = "packages"
......@@ -1291,3 +1298,24 @@ resource "hcloud_server" "mail" {
ignore_changes = [image]
}
}
resource "hcloud_rdns" "openpgpkey_ipv4" {
server_id = hcloud_server.openpgpkey.id
ip_address = hcloud_server.openpgpkey.ipv4_address
dns_ptr = "openpgpkey.archlinux.org"
}
resource "hcloud_rdns" "openpgpkey_ipv6" {
server_id = hcloud_server.openpgpkey.id
ip_address = hcloud_server.openpgpkey.ipv6_address
dns_ptr = "openpgpkey.archlinux.org"
}
resource "hcloud_server" "openpgpkey" {
name = "openpgpkey.archlinux.org"
image = data.hcloud_image.archlinux.id
server_type = "cx11"
lifecycle {
ignore_changes = [image]
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment