archlinux.org: Add a host_vars file and playbook for archlinux.org

Added a host_var file for archlinux.org as well as the playbook for archlinux.org
machine. It it's a stripped down version of apollo's playbook, only containing the roles
pertaining archweb.

host_vars/archlinux.org

+---
+filesystem: btrfs
+
+fail2ban_jails:
+  sshd: true
+  postfix: false
+  dovecot: false

playbooks/archlinux.org.yml

+---
+
+- name: "prepare postgres ssl hosts list"
+  hosts: archlinux.org
+  tasks:
+      - name: assign ipv4 addresses to fact postgres_ssl_hosts4
+        set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
+        vars:
+            gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
+            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
+        tags: ["postgres", "firewall"]
+      - name: assign ipv6 addresses to fact postgres_ssl_hosts6
+        set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
+        vars:
+            gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
+            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
+        tags: ["postgres", "firewall"]
+
+- name: setup archlinux.org
+  hosts: archlinux.org
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: tools }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: borg_client, tags: ["borg"] }
+    - { role: certbot }
+    - { role: nginx }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+    - role: postgres
+      postgres_listen_addresses: "*"
+      postgres_ssl: 'on'
+    - { role: sudo }
+    - { role: uwsgi }
+    - { role: memcached }
+    - { role: archweb, archweb_planet: true }
+    - { role: fail2ban }
+    - { role: prometheus_exporters }