Merge branch 'new-mirrors-maybe' into 'master'

Add new mirrors in Seoul and Sydney See merge request !602

Merge branch 'new-mirrors-maybe' into 'master'
609079ed · Evangelos Foutras · b603540b · 83f0066a · 609079ed · 609079ed
Commit 609079ed authored 2 years ago by Evangelos Foutras
--- a/docs/servers.md
+++ b/docs/servers.md
@@ -91,12 +91,18 @@ So to set up this server from scratch, run:
 [Rebuilderd docs](./docs/rebuilderd.md)

 ### Services
-  - Runs a master [rebuilderd](https://reproducible.archlinux.org) instance two workers:
-    - repro1.pkgbuild.com (packet.net Arch Linux box)
+  - Runs a master [rebuilderd](https://reproducible.archlinux.org) instance
+    with two workers:
+    - repro1.pkgbuild.com (Equinix Metal box with a Xeon E-2278G and 32G RAM)
+    - repro2.pkgbuild.com (Kape server with an EPYC 7702P and 256G RAM)
+
+## runner1.archlinux.org
+
+Medium-fast-ish Kape Arch Linux box.

 ## runner2.archlinux.org

-Medium-fast-ish packet.net Arch Linux box.
+Medium-fast-ish Equinix Metal Arch Linux box.

 ### Services
  - GitLab runner

--- a/host_vars/seoul.mirror.pkgbuild.com/misc
+++ b/host_vars/seoul.mirror.pkgbuild.com/misc
+hostname: "seoul.mirror.pkgbuild.com"
+mirror_domain: "seoul.mirror.pkgbuild.com"
+ipv4_address: "145.40.87.75"
+ipv4_netmask: "/31"
+ipv6_address: "2604:1380:11:2600::1"
+ipv6_netmask: "/127"
+ipv4_gateway: "145.40.87.74"
+ipv6_gateway: "2604:1380:11:2600::"
+filesystem: "btrfs"
+network_interface: "enp2s0f0np0"
+system_disks:
+  - /dev/sda
+  - /dev/sdb
+configure_network: true
+wireguard_address: 10.0.0.38
+wireguard_public_key: McOwoiKss/6tIYkNGcaR7Jex36tSCD1CnztMFssy/Tk=
--- a/host_vars/seoul.mirror.pkgbuild.com/vault_wireguard.yml
+++ b/host_vars/seoul.mirror.pkgbuild.com/vault_wireguard.yml
+$ANSIBLE_VAULT;1.1;AES256
+38366136343935343739363337613934353037393630393130643066373565643336396132353763
+6564343166616561623037396332373336316330303333630a383564306235366333303065666236
+64363562376535353435643765623335356465376562333438303531663730623037343934343935
+6631316462303565370a613765316264376134313430346232613033353365333338343839623331
+66383266373866613363363431643664643061363164626264303366383037656331393666643831
+66343865323735313632333434663431666463396338353633646538626439616163333638633164
+37653237383230656432313433626235643561333931346134393061363262663934393463366634
+36613730313763343862
--- a/host_vars/sydney.mirror.pkgbuild.com/misc
+++ b/host_vars/sydney.mirror.pkgbuild.com/misc
+hostname: "sydney.mirror.pkgbuild.com"
+mirror_domain: "sydney.mirror.pkgbuild.com"
+ipv4_address: "147.75.48.159"
+ipv4_netmask: "/31"
+ipv6_address: "2604:1380:40f1:6a00::1"
+ipv6_netmask: "/127"
+ipv4_gateway: "147.75.48.158"
+ipv6_gateway: "2604:1380:40f1:6a00::"
+filesystem: "btrfs"
+network_interface: "enp2s0f0np0"
+system_disks:
+  - /dev/sda
+  - /dev/sdb
+configure_network: true
+wireguard_address: 10.0.0.39
+wireguard_public_key: nBu1/pofjzyD31D32VHIs8ajNc5thkzweOWsW28WSFU=
--- a/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
+++ b/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
+$ANSIBLE_VAULT;1.1;AES256
+32336664393464623630396239636539616239343332623261386337376335386139346336393065
+6530316635653337653630303264666635313138303233640a313263343334646661363235313733
+64613539366566346438313266373439643239343731313565306163623836313162643336303737
+3736626632363963660a396435376137303038636163306134383966303035636232626163316362
+66636136633265336634353534396331393266393438356237326265343337336265323865663137
+33653332666535646632343236383364323961353461306463636261643832663765663338663663
+36383463376664666635636637323264303063383731353033623634303630323965666331646631
+34363766653866643665
--- a/hosts
+++ b/hosts
@@ -3,20 +3,26 @@ secure-runner1.archlinux.org
 gemini.archlinux.org
 build.archlinux.org

-[packet_net]
+[equinix_metal]
 runner2.archlinux.org
 repro1.pkgbuild.com
+seoul.mirror.pkgbuild.com
+sydney.mirror.pkgbuild.com

 [mirrors]
 america.mirror.pkgbuild.com
 asia.mirror.pkgbuild.com
 europe.mirror.pkgbuild.com
 mirror.pkgbuild.com
+seoul.mirror.pkgbuild.com
+sydney.mirror.pkgbuild.com

 [geo_mirrors]
 america.mirror.pkgbuild.com
 #asia.mirror.pkgbuild.com
 europe.mirror.pkgbuild.com
+seoul.mirror.pkgbuild.com
+sydney.mirror.pkgbuild.com

 [archive_mirrors]
 america.mirror.pkgbuild.com

--- a/playbooks/mirrors.yml
+++ b/playbooks/mirrors.yml
@@ -3,15 +3,16 @@
  remote_user: root
  roles:
    - { role: common }
+    - { role: firewalld }
+    - { role: wireguard }
    - { role: sshd }
    - { role: root_ssh }
    - { role: certbot }
    - { role: nginx }
    - { role: syncrepo, tags: ['nginx'] }
    - { role: syncdebug, when: mirror_debug_packages is not defined or mirror_debug_packages }
-    - { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true }
+    - { role: archweb, when: archweb_mirrorcheck_locations is defined, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true }
    - { role: prometheus_exporters }
    - { role: promtail }
    - { role: fail2ban }
-    - { role: wireguard }
    - { role: geo_dns, when: "'geo_mirrors' in group_names" }
--- a/playbooks/tasks/upgrade-servers.yml
+++ b/playbooks/tasks/upgrade-servers.yml
 - name: upgrade and reboot all hetzner servers
-  hosts: all,!kape_servers,!packet_net
+  hosts: all,!kape_servers,!equinix_metal
  max_fail_percentage: 0
  serial: 20%
  gather_facts: false
@@ -8,8 +8,8 @@
    - name: upgrade each host in this batch
      include_tasks: include/upgrade-server.yml

- name: upgrade and reboot all kape and packet.net servers
-  hosts: kape_servers,packet_net
+- name: upgrade and reboot all Kape and Equinix Metal servers
+  hosts: kape_servers,equinix_metal
  max_fail_percentage: 0
  serial: 1
  gather_facts: false

--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -3,7 +3,7 @@
  register: motd_contents
  changed_when: motd_contents.stdout | length > 0

- name: check whether we're running in Hetzner or Packet.net rescue environment
+- name: check whether we're running in Hetzner or Equinix Metal rescue environment
  fail: msg="Not running in rescue system!"
  when: "'Hetzner Rescue' not in motd_contents.stdout and 'Rescue environment based on Alpine Linux' not in motd_contents.stdout"


--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -62,8 +62,10 @@ blackbox_targets:
    - https://repos.archlinux.org/lastupdate
    - https://reproducible.archlinux.org
    - https://security.archlinux.org
+    - https://seoul.mirror.pkgbuild.com
    - https://sources.archlinux.org
    - https://static.conf.archlinux.org/README.md
+    - https://sydney.mirror.pkgbuild.com
    - https://terms.archlinux.org
    - https://tu-bylaws.aur.archlinux.org
    - https://whatcanidofor.archlinux.org

--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -356,6 +356,14 @@ locals {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
+    "seoul.mirror" = {
+      ipv4_address = "145.40.87.75"
+      ipv6_address = "2604:1380:11:2600::1"
+    }
+    "sydney.mirror" = {
+      ipv4_address = "147.75.48.159"
+      ipv6_address = "2604:1380:40f1:6a00::1"
+    }
    repro1 = {
      ipv4_address = "147.75.81.79"
      ipv6_address = "2604:1380:2001:4500::1"

--- a/tf-stage1/templates.tf
+++ b/tf-stage1/templates.tf
@@ -210,3 +210,23 @@ resource "hetznerdns_record" "geo_ns3" {
  type    = "NS"
  ttl     = lookup(local.geo_domains[each.key], "ttl", 86400)
 }
+
+resource "hetznerdns_record" "geo_ns4" {
+  for_each = local.geo_domains
+
+  zone_id = each.value.zone_id
+  name    = each.value.name
+  value   = "seoul.mirror.pkgbuild.com."
+  type    = "NS"
+  ttl     = lookup(local.geo_domains[each.key], "ttl", 86400)
+}
+
+resource "hetznerdns_record" "geo_ns5" {
+  for_each = local.geo_domains
+
+  zone_id = each.value.zone_id
+  name    = each.value.name
+  value   = "sydney.mirror.pkgbuild.com."
+  type    = "NS"
+  ttl     = lookup(local.geo_domains[each.key], "ttl", 86400)
+}