Commit d6686f81 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

Merge branch 'patchwork.archlinux.org' into 'master'

Final changes for the patchwork migration

See merge request !219
parents daaf51a9 2dabfaca
Pipeline #3992 passed with stage
in 30 seconds
---
filesystem: btrfs
memcached_socket: "/var/run/patchwork.sock"
fetchmail_user: "patchwork@archlinux.org"
fetchmail_delivery_cmd: "/usr/local/bin/patchwork-parsemail-wrapper.sh"
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
$ANSIBLE_VAULT;1.1;AES256
38343839616266323863666465663431343935333663613637656139646631336431376131663764
3739393932303339353936313034313831633335316332620a383364313566333862376636373663
31343439613834333338333633326232386263616665383561663936316665363935366165346165
6433383735386261300a633862333661303639353734306333366233333237313162623562386130
39383062333138343235613135663036386666636537626661336132643139323239323938643932
35343034346534356437656638333862386230323063376661333939633532306539333035316537
613739623366326235356137623633386137
......@@ -42,6 +42,7 @@ monitoring.archlinux.org
reproducible.archlinux.org
mail.archlinux.org
wiki.archlinux.org
patchwork.archlinux.org
[borg_hosts]
prio.ch-s012.rsync.net
......@@ -65,6 +66,7 @@ apollo.archlinux.org
state.archlinux.org
quassel.archlinux.org
accounts.archlinux.org
patchwork.archlinux.org
[nginx]
archlinux.org
......@@ -75,6 +77,7 @@ bugs.archlinux.org
aur.archlinux.org
aur-dev.archlinux.org
wiki.archlinux.org
patchwork.archlinux.org
[buildservers]
dragon.archlinux.org
......@@ -98,6 +101,7 @@ repro2.pkgbuild.com
aur.archlinux.org
aur-dev.archlinux.org
wiki.archlinux.org
patchwork.archlinux.org
[prometheus]
monitoring.archlinux.org
......@@ -126,6 +130,7 @@ gemini.archlinux.org
luna.archlinux.org
repro1.pkgbuild.com
wiki.archlinux.org
patchwork.archlinux.org
[kape_servers]
asia.mirror.pkgbuild.com
......
---
- name: setup patchwork.archlinux.org
hosts: patchwork.archlinux.org
remote_user: root
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: borg_client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fetchmail }
- { role: postgres }
- { role: sudo }
- { role: uwsgi }
- { role: memcached }
- { role: patchwork }
- { role: fail2ban }
- { role: prometheus_exporters }
---
- name: restart fetchmail
service: name=fetchmail state=restarted
---
- name: install fetchmail
pacman: name=fetchmail state=present
- name: template fetchmail config
template: src=fetchmailrc.j2 dest=/etc/fetchmailrc owner=fetchmail group=nobody mode=600
notify:
- restart fetchmail
- name: start and enable fetchmail
service: name=fetchmail enabled=yes state=started
set postmaster "postmaster@archlinux.org"
set bouncemail
set no spambounce
set daemon 10
set syslog
poll mail.archlinux.org
bad-header accept
proto imap
user {{ fetchmail_user }}
password {{ postfix_relay_password }}
options idle sslcertck ssl sslproto "TLS1.2+" limitflush limit 25000000 fetchall
mda "{{ fetchmail_delivery_cmd }}"
......@@ -4,7 +4,7 @@ patchwork_domain: 'patchwork.archlinux.org'
patchwork_nginx_conf: '/etc/nginx/nginx.d/patchwork.conf'
patchwork_forced_deploy: false
patchwork_admins: ["('Giancarlo Razzolini', 'grazzolini@archlinux.org')"]
patchwork_version: 'v2.1.5'
patchwork_version: 'v3.0.0'
patchwork_from_email: 'Arch Linux Patchwork <patchwork@patchwork.archlinux.org>'
patchwork_notification_frequency: '10m'
......
---
- name: daemon reload
systemd:
daemon-reload: yes
- name: restart patchwork memcached
service: name=patchwork-memcached state=restarted
......@@ -13,7 +13,10 @@
pacman: name=gcc,git,python,python-psycopg2,sudo,uwsgi-plugin-python,python-pip state=present
- name: make patchwork user
user: name=patchwork shell=/bin/false home="{{ patchwork_dir }}" skeleton=/var/empty
user: name=patchwork shell=/bin/false home="{{ patchwork_dir }}" createhome=no
- name: fix home permissions
file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"
- name: set patchwork groups
user: name=patchwork groups=uwsgi
......@@ -116,9 +119,7 @@
template: src=patchwork.ini.j2 dest=/etc/uwsgi/vassals/patchwork.ini owner=patchwork group=http mode=0644
- name: deploy new release
become: true
become_user: patchwork
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=root group=root mode=0644
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=patchwork group=http mode=0644
when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: start and enable patchwork memcached service and notification timer
......
......@@ -99,8 +99,8 @@
password: "{{ postfix_relay_password | password_hash('sha512') }}"
shell: /sbin/nologin
update_password: always
home: / # Set home directory so shadow.service does not fail
create_home: no
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
create_home: yes
- name: open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
......
......@@ -859,12 +859,20 @@ resource "hetznerdns_record" "archlinux_org_packages_cname" {
type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_patchwork_cname" {
resource "hetznerdns_record" "archlinux_org_patchwork_a" {
zone_id = hetznerdns_zone.archlinux.id
name = "patchwork"
ttl = 600
value = "apollo"
type = "CNAME"
value = hcloud_server.patchwork.ipv4_address
type = "A"
}
resource "hetznerdns_record" "archlinux_org_patchwork_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
name = "patchwork"
ttl = 600
value = hcloud_server.patchwork.ipv6_address
type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_planet_cname" {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment