migrate planet.archlinux.org to archweb

Archweb now supports a planet alternative and the old planet software was Python2 and not maintained anymore.

migrate planet.archlinux.org to archweb
Archweb now supports a planet alternative and the old planet software was Python2 and not maintained anymore.
e858fc67 · Jelle van der Waa · Jelle van der Waa · b7b5bdbe · e858fc67 · e858fc67
Commit e858fc67 authored Feb 20, 2020 by Jelle van der Waa 🚧 Committed by Jelle van der Waa Feb 23, 2020
--- a/README.md
+++ b/README.md
@@ -155,7 +155,6 @@ The following steps should be used to update our managed servers:

 #### Services
  - wiki (wiki.archlinux.org)
-  - planet (planet.archlinux.org)
  - bugs (bugs.archlinux.org)
  - archweb
  - patchwork

--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -25,7 +25,6 @@
    - { role: borg-client, tags: ["borg"] }
    - { role: certbot }
    - { role: nginx, tags: ["nginx"] }
-    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
    - { role: spampd, tags: ["mail", "spampd"] }
    - { role: unbound, tags: ["mail", "unbound"] }
    - { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail", "postfix"] }

--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
 ---
 archweb_dir: '/srv/http/archweb'
 archweb_domain: 'www.archlinux.org'
-archweb_alternate_domains: ['archlinux.org', 'master-key.archlinux.org', 'dev.archlinux.org', 'packages.archlinux.org', 'ipxe.archlinux.org']
+archweb_alternate_domains: ['archlinux.org', 'master-key.archlinux.org', 'dev.archlinux.org', 'packages.archlinux.org', 'ipxe.archlinux.org', 'planet.archlinux.org']
 archweb_domains_redirects:
        'archlinux.org': '$request_uri'
        'master-key.archlinux.org': '/master-keys'
        'dev.archlinux.org': '/'
        'packages.archlinux.org': '/packages$request_uri'
+        'planet.archlinux.org': '/planet$request_uri'
 archweb_domains_templates:
        'ipxe.archlinux.org': 'ipxe.archlinux.org.j2'
 archweb_allowed_hosts: ["{{ archweb_domain }}", 'ipxe.archlinux.org']
 archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
 archweb_repository: 'https://github.com/archlinux/archweb.git'
-archweb_version: release_2020-02-13
+archweb_version: 5f9b0bd41e269b8ad1c7ea977769d72df6d46b28
 archweb_pgp_key: ['E499C79F53C96A54E572FEE1C06086337C50773E']
 archweb_site: true
 archweb_mirrorcheck: false

--- a/roles/planet/files/planet.timer
+++ b/roles/planet/files/planet.timer
-[Unit]
-Description=planet
-
-[Timer]
-OnBootSec=15min
-OnUnitActiveSec=1h
-
-[Install]
-WantedBy=timers.target
--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
---
-
- name: install git, python2, libxslt
-  pacman: name=git,python2,libxslt state=present
-
- name: set up nginx
-  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=0644
-  notify:
-    - reload nginx
-  tags: ['nginx']
-
- name: make nginx log dir
-  file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=root group=root mode=0755
-
- name: clone planet git repo
-  git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
-
- name: make cache and output dirs
-  file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=0755
-  with_items:
-    - cache
-    - output
-
- name: fix permissions for themes
-  file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=0755
-  with_items:
-    - archlinux
-    - common
-
- name: install systemd timer
-  copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=0644
-
- name: install systemd unit file
-  template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=0644
-
- name: reload systemd
-  command: systemctl daemon-reload
-
- name: activate systemd timer
-  service: name={{ item }} enabled=yes state=started
-  with_items:
-    - planet.timer
--- a/roles/planet/templates/nginx.d.conf.j2
+++ b/roles/planet/templates/nginx.d.conf.j2
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  {{ planet_domain }};
-
-    access_log   /var/log/nginx/{{ planet_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  {{ planet_domain }};
-
-    access_log   /var/log/nginx/{{ planet_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
-
-    ssl_certificate      /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
-
-    root         {{ planet_dir }}/archplanet/output;
-
-    autoindex on;
-}
--- a/roles/planet/templates/planet.service.j2
+++ b/roles/planet/templates/planet.service.j2
-[Unit]
-Description=planet
-
-[Service]
-Type=oneshot
-User=http
-ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
-WorkingDirectory={{ planet_dir }}
-NoNewPrivileges=yes
-ProtectHome=true
-ProtectSystem=full
-PrivateTmp=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
--- a/roles/zabbix-agent/files/systemd-discover-accounting-units.py
+++ b/roles/zabbix-agent/files/systemd-discover-accounting-units.py
@@ -23,7 +23,6 @@ unit_whitelist_regexes = [
        r'opendkim.service',
        r'php-fpm.service',
        r'php-fpm@.*.service',
-        r'planet.service',
        r'postfix.service',
        r'postfwd.service',
        r'postgresql.service',