From 83cbb3686655689221590ffa7bf3267adceb4ad6 Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Tue, 26 Jan 2021 18:03:56 +0100
Subject: [PATCH] Add build.archlinux.org
---
docs/ssh-hostkeys.txt | 22 ++++++++++++++++++++++
docs/ssh-known_hosts.txt | 10 ++++++++++
host_vars/build.archlinux.org | 14 ++++++++++++++
hosts | 2 ++
playbooks/build.archlinux.org.yml | 16 ++++++++++++++++
roles/archbuild/tasks/main.yml | 1 +
roles/sshd/templates/motd.j2 | 10 +++-------
tf-stage1/archlinux.tf | 4 ++++
8 files changed, 72 insertions(+), 7 deletions(-)
create mode 100644 host_vars/build.archlinux.org
create mode 100644 playbooks/build.archlinux.org.yml
diff --git a/docs/ssh-hostkeys.txt b/docs/ssh-hostkeys.txt
index 49c6400b6..fdde4ed87 100644
--- a/docs/ssh-hostkeys.txt
+++ b/docs/ssh-hostkeys.txt
@@ -86,6 +86,17 @@
256 MD5:d6:d3:a9:2e:c1:7d:69:c1:9a:21:c9:6f:30:53:e6:74 root@archlinux-packer (ED25519)
3072 MD5:06:6d:1f:87:6b:fb:60:b3:a8:c7:64:37:15:b5:b5:6c root@archlinux-packer (RSA)
+# build.archlinux.org
+1024 SHA256:yJv47oZbEr7trxi3Md2RskrKDq3YSz66q5Z6eg5b6v0 root@build.archlinux.org (DSA)
+256 SHA256:h/9vac9LT+cI3VvXbO+BeN4s75GkEeqLDw1ucK61VpQ root@build.archlinux.org (ECDSA)
+256 SHA256:OyJ47eAF9V3nQU70BFpCkrSjSXNApNdTdy5DrEbly2I root@build.archlinux.org (ED25519)
+3072 SHA256:tKHdMeKtQuX42AoRhfvkECjaVhcVYKlL1Rvdo+upd4E root@build.archlinux.org (RSA)
+
+1024 MD5:75:d3:44:04:85:14:17:19:99:a9:fe:09:b1:fd:2b:d7 root@build.archlinux.org (DSA)
+256 MD5:a4:b9:26:2d:49:de:a1:d5:47:83:47:5a:a8:10:f9:62 root@build.archlinux.org (ECDSA)
+256 MD5:7b:38:67:01:59:c8:a7:b3:66:ec:78:df:ec:dd:30:72 root@build.archlinux.org (ED25519)
+3072 MD5:f2:6a:ba:b0:53:9b:d4:73:83:21:d6:76:0f:70:71:72 root@build.archlinux.org (RSA)
+
# dragon.archlinux.org
1024 SHA256:B6Toehif0eXoxWA9Z67Vd0KdK1fjdouISxKLqneSCRs root@dragon (DSA)
256 SHA256:fkrWuKgabvnJhqnFFzHeHffh2FbQVq69a0jlbE/93H8 root@dragon (ECDSA)
@@ -141,6 +152,17 @@
256 MD5:e2:34:b1:dc:24:00:45:08:4a:62:48:17:b2:69:23:2d root@archlinux-packer (ED25519)
3072 MD5:50:c8:93:43:05:d5:73:a4:84:b1:07:66:a7:20:a5:79 root@archlinux-packer (RSA)
+# lists.archlinux.org
+1024 SHA256:az7ZHreYtkvFBgA1goSjry0/e62JKhk4NRXXgT/+VFg root@archlinux-packer (DSA)
+256 SHA256:vt22ZCpoWg0/L5uFfNsbrZ5EkdBnOh5G3jENuBpQeGo root@archlinux-packer (ECDSA)
+256 SHA256:E0ivN9XqSi7U9GIPQ3JUvw6CP6uiS68M5No0DA/BFfI root@archlinux-packer (ED25519)
+3072 SHA256:5YZCzd1C0bVsaye5l/lNiqsn1/IdOGjTmHqwyjV8lc0 root@archlinux-packer (RSA)
+
+1024 MD5:74:6b:bd:62:a9:52:52:e9:f7:78:fe:44:8a:fa:4f:d2 root@archlinux-packer (DSA)
+256 MD5:ed:60:7c:e3:d6:4d:5a:f5:b9:cd:9e:30:4a:6a:64:c0 root@archlinux-packer (ECDSA)
+256 MD5:a7:2e:f4:3a:3e:34:84:ca:6f:73:05:0e:2e:da:60:d0 root@archlinux-packer (ED25519)
+3072 MD5:ae:ad:58:b8:0a:12:a7:d1:86:f0:c6:ba:fa:9e:ea:9f root@archlinux-packer (RSA)
+
# luna.archlinux.org
1024 SHA256:9Nqu9y1LhT3L3Kd6J9CSyuOc1AdGWo0eLsPxoc5bpaw root@alderaan (DSA)
256 SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI root@alderaan (ECDSA)
diff --git a/docs/ssh-known_hosts.txt b/docs/ssh-known_hosts.txt
index fc49a4bcc..a605f7235 100644
--- a/docs/ssh-known_hosts.txt
+++ b/docs/ssh-known_hosts.txt
@@ -38,6 +38,11 @@ bugs.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzd
bugs.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZLeVfVnG/ShEKO+Aud/MGPEFIbkvPJ+O5M79UXK++r
bugs.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCwWAqTR0Gr9h9MuSPkh9a97H3qNxetnpWFfUscnrTibEsf+YFr8wx7g661XAkbcb44ni23mkXQpPPYaZRXDrAg/hdcs/OxojyYAfzHjJUjNmRXF8HiGYKE6Ry08NgFw8QkcA3umk5S7po/4GH9n8LS6RKOM2qw1732ZAEowVx59Bnxn7yxdA6xoybESRCc0dcGATR75RvMpK/DO9F0lc1AQsXwABhp7COFzz3Ucd24kJGfXeXuoBqb6W8V223fVbUvn0PZgvB536MTyJT/8+hBN5SsgeXYavP0hLoRkov7IN+5kM39aHWUvySh8NDFeffOn9DdNnpoR6roZDn/KI1klAhnUbKXM7L4r2qNa26J6pb82gegvOVRx9nQooxE5TOiDtTHMqZ856DwhmD8tCfRcMYxA/YP9/aFEaZEGYOoCPVrd2Fq3wM0obaqJD+LdaLRFtk86+AgXODzBFokM7dCvGw2qr00X0+GKhKErqBRYg+WQBnC3J8KG0yyYobnvc=
+# build.archlinux.org
+build.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBQbDI6+yt8T1Jmm1u30rRo4QrT66L9lewUHuVy1vkwEn1kzcyS1gSy1Ze6DkseeZEqEap3kUg3VtMUA402rsv0=
+build.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmifn4KBLX24gBH4RwdBzYwLCSyVM1UbjGWxdtvoN1k
+build.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9B5/QjC8I8co2r7HmqHLXFo1VdAsrGHxZkdqK5xcU2AMkkWE3orjza83em6+rX43NbHytOs/59h3wN8y5T0sfSD37gn/1WVkyP+/H+QvqNPSx7pgx4yu7tcVjAuxgm2UsObSymRJlxMZ4/k26JY/r8lbWAamYpzFI0aSJAvxkTvhyWU6O3VoVWm9TaUjXTATGBPanWaxAfrVnW4x3CplDPEi1QcwUuPfbJLgtYSyw8M7Brklftr1/stoViK6lVP6uRkAqThY9qsxgbfKhPVlsNMQ3YBHzEWGtrRghHTiDJh8JVTkVfpL7pB9hkFeJiutemwKs0b/4eeikLnUwCIX9cluJPPdJiZEhE2gWA1yB3nHFVp/qLN9nSO+UyKxfUSiOPgkfmp8tbEPkzDUW1H1xLwRZKKQ6OfiWk+IUmkbm2VqLv1SuMpVjgsHjKexMgZrejvh3YfE0PR4+JHpTjnaTL1Ywfr+YH/uJ1cwd2xQHXhIQtUicEpcvnRGPEeNAOyM=
+
# dragon.archlinux.org
dragon.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLKq4R12HOq/u052UI6ztrjN+Vfrc4mbh7uf4HixiWHSDOjzJNrfmKjosqgEyFpDX5RLlHAt+KF4qy7gSQ3Dkpk=
dragon.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnUsMuS0hc7ATduUudV93QOanFoyyCfj+kKjeD8RTxF
@@ -63,6 +68,11 @@ homedir.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm
homedir.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxEHvFCXujU6s4eW0U79olHnNZta9WWC9SH/Nq6vTp0
homedir.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuQbGoCSIPisaZeqtJhM369ugQWc8pHE8404AZu0yUgDxMl6AP5BUfdynlR6VGt4edSaEyp9BkT15YaKh5vph/9MUtZ2zbQ7WPRuvfLNG+RI458q4CYdykVMmTs1DEeAxaVMIAL3225pqh7QMcME0edX9f4PLLkQk8+AAAy24rvgwxLE0BnSLB3zp7wCJw5rm2iZAcqsKkIZw2FJKMlRuEovdvgc7A0FfkSc8muvvHET1FK/Uqv5i9R2Xk3NPFkt/bzcwOVBXCeqUrjLmD0UhRWX8J8GMmrEVPVQLBT6mn/OtlXpOiDcr9HkSLS1mqo59N9wyI4tCKjYQZMEWU36PYjXlDzqOGmdAR6Ly8vDo3BC+ByQqLf/ixkoFD/I5inGejPnAv9eXuiP8o0KoPDOALD8gqwqCoPjElE9ZVObp+NJbuQeXRZt70VKxZEWrUKxKxHM3RoYvgd3h/GHaYEGWdbvTMTVK+xnrczL+Eme4Y81zA8KTwY5qbyc5QCHvksKM=
+# lists.archlinux.org
+lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMaKy4TZsOKC5tAJvfEXdIeLU+TMVHiwlJAWxSl9MKikkyf1Qmh0NAMFv0tYd+sJSwwaW+AqEuVnsO+JponGIqc=
+lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWh0NnauWbG40MJHmMisPPGrMkY+jumTBajLllb9CBQ
+lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9A62LNNGbjqdpEBbinEHJMH/RhjcDIH0SU5BbJB/WONNkhcNWZ6h6AnyEhOhspHLNBxFroQf3voQ8Pfu6gBf9YeWe60j2aSMQBwnWIug8TB+HuPrOWTWdjEudagZjdZ3jdVRX2Fjt8/C2QL2JfRFZWEpWKOa79qaBOTF3qbvNUJi8iggC4zSAwJMmJ2JwCnFBz69sqFWKTgPCE/SzRZodHAiDuO7XSCn+zPaG7re8P6YZz3eQSizcJMUs+t9L17ipqgUVDwUj9+1+q6YSxxNE4t43xYcUEQMIn48XzAQo1ZBhkzPGkV2ezttDkpAJgdKI0ssOoG2EA+1zLF7rKgBufLP3Fi03X7r77ppFrtKyBcxFYoChs0Twz0lV8JM0qcKWXldmu0s2+1o5PFzx+qfsa+EQiczydgZg0Lg2hOhx8jfGI8HQCbYqw4CirItVYF80/HA9jxt8ZQiKsJCYiZ4/4J/pd0eQlpmyy73Zf49CMwxty2HzNMFmRTx7ksqrbu8=
+
# luna.archlinux.org
luna.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOZAVWmj2k+dHTfyum7FyIivGcVUkDFHaXmPNxDwF7l8TvkAN8VDQJHEEGJhALMYtNsQ+kt0gksSh4HZqj9n5hI=
luna.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2DCBtPSTwWvBU3/3bAYwJVtnAmy+GEJf98Ek5QhOXh
diff --git a/host_vars/build.archlinux.org b/host_vars/build.archlinux.org
new file mode 100644
index 000000000..469189387
--- /dev/null
+++ b/host_vars/build.archlinux.org
@@ -0,0 +1,14 @@
+---
+hostname: "build.archlinux.org"
+network_interface: "enp195s0"
+ipv4_address: "135.181.138.48"
+ipv4_netmask: "/26"
+ipv6_address: "2a01:4f9:3a:120f::2"
+ipv6_netmask: "/128"
+ipv4_gateway: "135.181.138.1"
+ipv6_gateway: "fe80::1"
+filesystem: btrfs
+system_disks:
+ - /dev/nvme0n1
+
+archbuild_fs: 'btrfs'
diff --git a/hosts b/hosts
index 5b514b970..13776a754 100644
--- a/hosts
+++ b/hosts
@@ -84,6 +84,7 @@ man.archlinux.org
[buildservers]
dragon.archlinux.org
+build.archlinux.org
[gitlab_runners]
runner1.archlinux.org
@@ -127,6 +128,7 @@ mail.archlinux.org
matrix.archlinux.org
bbs.archlinux.org
dragon.archlinux.org
+build.archlinux.org
bugs.archlinux.org
gemini.archlinux.org
luna.archlinux.org
diff --git a/playbooks/build.archlinux.org.yml b/playbooks/build.archlinux.org.yml
new file mode 100644
index 000000000..97cb6c6c0
--- /dev/null
+++ b/playbooks/build.archlinux.org.yml
@@ -0,0 +1,16 @@
+---
+
+- name: setup build.archlinux.org
+ hosts: build.archlinux.org
+ remote_user: root
+ roles:
+ - { role: common }
+ - { role: tools }
+ - { role: sshd }
+ - { role: root_ssh }
+ - { role: archusers }
+ - { role: sudo, tags: ['archusers'] }
+ - { role: syncrepo }
+ - { role: archbuild }
+ - { role: fail2ban }
+ - { role: prometheus_exporters }
diff --git a/roles/archbuild/tasks/main.yml b/roles/archbuild/tasks/main.yml
index 66bd3a6ad..98662a7e9 100644
--- a/roles/archbuild/tasks/main.yml
+++ b/roles/archbuild/tasks/main.yml
@@ -3,6 +3,7 @@
- name: install archbuild
pacman:
name:
+ - base-devel
- devtools
- zsh
- git
diff --git a/roles/sshd/templates/motd.j2 b/roles/sshd/templates/motd.j2
index 67178eeed..c88daf99f 100644
--- a/roles/sshd/templates/motd.j2
+++ b/roles/sshd/templates/motd.j2
@@ -18,13 +18,9 @@ Data on this system is regularly backed up automatically.
�[1mdiffrepo�[0m : Lightweight alternative to checkpkg. Only diffs filenames.
�[1mpkgdiffrepo�[0m : Heavyweight alternative to checkpkg. Uses pkgdiff.
-�[1;32mOctober 11, 2016�[0m
- Added �[1mgitpkg�[0m, an experimental script written to maintain GNOME git packages.
- May also fit other packages.
-
-�[1;32mMarch 20, 2019�[0m
- pkgbuild.com was moved to a �[1mnew server�[0m (again)! This one has 48 threads and
- a RAID0 btrfs NVMe. Should make things pretty fast.
+�[1;32mJanuary 26, 2021�[0m
+ The common Arch build server is now �[1mbuild.archlinux.org�[0m! This one has 64 threads and
+ 256GiB of memory. Now go and compile something.
{% endif %}
{% if 'public_html' in group_names %}
diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf
index 836cd9bbf..08ead685a 100644
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -222,6 +222,10 @@ locals {
ipv4_address = "195.201.167.210"
ipv6_address = "2a01:4f8:13a:102a::2"
}
+ build = {
+ ipv4_address = "135.181.138.48"
+ ipv6_address = "2a01:4f9:3a:120f::2"
+ }
gemini = {
ipv4_address = "49.12.124.107"
ipv6_address = "2a01:4f8:242:5614::2"
--
GitLab