Commit 79f7d599 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files
parent bb5ce6ef
......@@ -10,12 +10,11 @@
- sources (sources.archlinux.org)
- archive (archive.archlinux.org)
## luna
## lists.archlinux.org
### Services
- mailman
- projects (projects.archlinux.org)
## archlinux.org
......
......@@ -163,17 +163,6 @@
256 MD5:3c:91:d8:b0:4b:5c:36:40:79:27:8a:c7:24:d6:26:af root@archlinux-packer (ED25519)
3072 MD5:88:99:f2:47:b1:e3:3c:99:52:67:d5:d5:55:b0:af:2c root@archlinux-packer (RSA)
# luna.archlinux.org
1024 SHA256:9Nqu9y1LhT3L3Kd6J9CSyuOc1AdGWo0eLsPxoc5bpaw root@alderaan (DSA)
256 SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI root@alderaan (ECDSA)
256 SHA256:HQ03dn6EasJHNDlt51KpQpFkT3yBX83x7BoIkA1iv2k root@alderaan.archlinux.org (ED25519)
2048 SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s root@alderaan (RSA)
1024 MD5:f2:56:a9:3c:4d:f9:b7:88:7f:e4:a6:7c:eb:55:c0:15 root@alderaan (DSA)
256 MD5:11:d1:4c:ae:9a:4f:15:06:d7:c8:0a:b4:08:02:aa:95 root@alderaan (ECDSA)
256 MD5:1d:92:08:da:8e:a1:fb:1c:c5:65:00:c8:15:a4:87:32 root@alderaan.archlinux.org (ED25519)
2048 MD5:c4:7f:00:d4:5e:c7:23:45:97:bb:40:ec:15:ce:7c:a9 root@alderaan (RSA)
# mail.archlinux.org
1024 SHA256:/d3MC4NoQbPSNgNebFyzNCze4HVHPhITVWy9vWdZUp4 root@archlinux-packer (DSA)
256 SHA256:IbQnu28PPf6iZnr6DPwzITD4o2DznYMO6j0mkjZXasE root@archlinux-packer (ECDSA)
......
......@@ -73,11 +73,6 @@ lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVKwNsXUXpgNhlwPVlBRNlpvOt0U9deANS/n//nxbe1
lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuKQnkGRdXyu74f92lzJcQMMDjTzVXkne/mLHiMYKQWlboIBIry3FkzyUGDLbNlZOe4PNR43D9FI0/1EjAuVV72HVQ9sidCbJR/azw3+JF8zwU1HDMOhtCNaWYNqk0DHDvHuWhL6N0duFASf+ZTKRB5Rgk3+p0FisKMCep2vJy5kHY0829INk6ORgPxYzCHCZOLEfZX0aydwscTnubKq1t9blWUdqKSm5Xq5+NEJNPKlo6TgdcBihkdAyaGnZ9KWrXycV6j0UaT/VJNuumZ9KlsvI7Xi/TVDWcLcsU/UqeEvnzUi3oRrvkADzIcoFa5/QrSRQJppKAUgjuhOuk+Px38IIvRdrwDxDoChei+qU8S2O24PP7Cu4oYZ/ecGb8wJleEWVVaYrD5JTEugg0iTe2t0LJiP6rTC1faxErZ9wru18nGNWYR2b+b1MfBzppAoikZUoqygKYYLAerHj3B9wFmw2RJG8JFZ95lMukJmDG8kCYz7eq753PYAAmpFZbdZU=
# luna.archlinux.org
luna.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOZAVWmj2k+dHTfyum7FyIivGcVUkDFHaXmPNxDwF7l8TvkAN8VDQJHEEGJhALMYtNsQ+kt0gksSh4HZqj9n5hI=
luna.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2DCBtPSTwWvBU3/3bAYwJVtnAmy+GEJf98Ek5QhOXh
luna.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDErOc9MQyj8vf20sZrcVOU+bxfa6B0DVl28pUdG+03seGM+bTVT84HnCcKwz7iASvGSJSAWfzYUQa6Gq8JuDWATd419L8Rtou0UEoK30c9oprGfCmB4extsFkEpMDihnvpUyK/qwBukCY8WxRx9MsZAVgmyQSt3ibBrExnm0+RckctYlJf19/LF+W1ckzNcnbG5Yc/54W7/B2P4iCglniYZMjQpfVPALVc2Iew0GpEWj0wQbpxenPgOZWDgFcQCYxHGgCVUaBSTcbeT4CgwqI4O1+P2X/JVkdwYfD4+j99VQAlA5z+jsCsacMqRiWSu+p7urCED2VIoApg2fffwtv3
# mail.archlinux.org
mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvJy2P8zOSKt3EocULHN85PVGW1AINk15+GilqUc5a79Zsy0FvWqV16fjxLRN3zIOkBvSKZMvsNadja+quEr9s=
mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H
......
[hetzner]
luna.archlinux.org
secure-runner1.archlinux.org
gemini.archlinux.org
......@@ -27,7 +26,6 @@ europe.mirror.pkgbuild.com
[borg_clients]
archlinux.org
aur-dev.archlinux.org
luna.archlinux.org
state.archlinux.org
matrix.archlinux.org
quassel.archlinux.org
......@@ -56,7 +54,6 @@ u236610.your-storagebox.de
homedir.archlinux.org
[mysql_servers]
luna.archlinux.org
bbs.archlinux.org
bugs.archlinux.org
aur.archlinux.org
......@@ -73,7 +70,6 @@ man.archlinux.org
[nginx]
archlinux.org
luna.archlinux.org
bbs.archlinux.org
bugs.archlinux.org
aur.archlinux.org
......@@ -131,7 +127,6 @@ bbs.archlinux.org
build.archlinux.org
bugs.archlinux.org
gemini.archlinux.org
luna.archlinux.org
repro1.pkgbuild.com
wiki.archlinux.org
patchwork.archlinux.org
......
---
- name: setup luna
hosts: luna.archlinux.org
remote_user: root
tasks:
- name: open firewall holes for services
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
- rsyncd
- smtp
- git
when: configure_firewall
tags:
- firewall
- name: open firewall holes for ports
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 6969/tcp
- 4949/tcp
when: configure_firewall
tags:
- firewall
roles:
- nginx
- rspamd
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
- { role: prometheus_exporters }
- { role: promtail }
......@@ -10,9 +10,7 @@
};
# no rate-limit for some authenticated users
# luna is handling mailman and other services that distribute a lot of mail.
&&NO_RATE_LIMIT_USERS {
sasl_username=luna
sasl_username=aur;
};
id=NoRateLimit;
......
......@@ -23,7 +23,6 @@ blackbox_targets:
- https://dev.archlinux.org
- https://europe.archive.pkgbuild.com
- https://europe.mirror.pkgbuild.com
- https://git.archlinux.org
- https://gitlab.archlinux.org
- https://ipxe.archlinux.org
- https://logging.archlinux.org
......@@ -45,7 +44,6 @@ blackbox_targets:
- https://ping.archlinux.org
- https://pkgbuild.com
- https://planet.archlinux.org
- https://projects.archlinux.org
- https://repos.archlinux.org/lastupdate
- https://reproducible.archlinux.org
- https://security.archlinux.org
......
......@@ -197,7 +197,7 @@ locals {
# - ttl (optional)
#
# Example:
# "lists" = { mx = "luna", ttl = 600 }
# "lists" = { mx = "lists", ttl = 600 }
archlinux_org_mx = {
"@" = { mx = "mail", ttl = 600 }
aur = { mx = "mail", ttl = 600 }
......@@ -235,10 +235,6 @@ locals {
ipv4_address = "49.12.124.107"
ipv6_address = "2a01:4f8:242:5614::2"
}
luna = {
ipv4_address = "5.9.250.164"
ipv6_address = "2a01:4f8:160:3033::2"
}
master-key = {
ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
......@@ -280,13 +276,11 @@ locals {
archive = { value = "gemini" }
dev = { value = "www" }
g2kjxsblac7x = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
git = { value = "luna" }
ipxe = { value = "www" }
mailman = { value = "redirect" }
packages = { value = "www" }
ping = { value = "redirect" }
planet = { value = "www" }
projects = { value = "luna" }
repos = { value = "gemini" }
rsync = { value = "gemini" }
sources = { value = "gemini" }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment