Commits · 15138d3a169585e96442b3e494b1abc70614c9f7 · Arch Linux / infrastructure

Sep 30, 2018
- nymeria: Add required firewalld changes · 15138d3a
  Jelle van der Waa authored 6 years ago
  
  15138d3a
Sep 23, 2018
- Update archwiki to 1.31.1 · 88afae9a
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  88afae9a
Sep 21, 2018
- enable firewall on *.mirror.pkgbuild.com · 807808ba
  Phillip Smith (fukawi2) authored 6 years ago
  
  807808ba
Sep 19, 2018
- archusers: eric resigned · 32b37e85
  Jelle van der Waa authored 6 years ago
  
  Remove eric's pubkey and addition of it['s user account.
  32b37e85
Sep 14, 2018
- common: enable paccache service on all servers · b3035176
  Jelle van der Waa authored 6 years ago
  
  Enable pacache timer to cleanup old packages and keeps the lsat three version of a package.
  b3035176
Sep 12, 2018
- fix typo: signapore -> singapore · 17b6c54b
  Phillip Smith (fukawi2) authored 6 years ago
  
  17b6c54b
Sep 05, 2018
- Track firewalld.conf · b6306373
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  b6306373
- Remove dragon.archlinux.org · 0e3cf954
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  0e3cf954
Aug 31, 2018
- Add new TU - Chih-Hsuan Yen · a4ee0643
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  a4ee0643
Aug 28, 2018
- roles/matrix: SASL support is broken · cb4b71d2
  Jan Alexander Steffens (heftig) authored 6 years ago
  
  Verified
  
  cb4b71d2
- roles/matrix: Update irc bridge config · c771743e
  Jan Alexander Steffens (heftig) authored 6 years ago
  
  Verified
  
  c771743e
- Move commit, server, version to host_vars · e7aa39e0
  Jelle van der Waa authored 6 years ago
  
  e7aa39e0
- Bump archweb to latest version · 12e5090a
  Jelle van der Waa authored 6 years ago
  
  12e5090a
- Fix apollo postgres ip detection and firewall generation · cf2b01c0
  Florian Pritz authored 6 years ago
  
  - firewall tag so that the facts exist when only firewall is run - extract IPs from our host vars all the time. no need to query autodetected facts - remove empty elements from the list with select(). not all hosts have ipv6 - fix the subnetmask for v6 - fix the postgres role configuring a v4 rule instead of v6 for a v6 address - hardcode netmask for orion addresses too Little bit much for one commit, but splitting it doesn't make a whole lot of sense. Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  cf2b01c0
- Update python version · 897666a2
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  897666a2
- patchwork: Install pip for python 3.7 · f51c87d2
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  f51c87d2
Aug 24, 2018
- nymeria: Set correct archweb rsync url · b366af70
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  b366af70
Aug 22, 2018

nymeria: fix ipv6 configuration · 52c93ffa

The ipv6 configuration from hetzner was copied while specific nymeria
settings where reqired.

52c93ffa

Aug 18, 2018
- Update arch-boxes to 1.1.2 · 0c84e38d
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  0c84e38d
Aug 17, 2018
- add "firewall" tag to all relevant tasks · 8d681f00
  Phillip Smith (fukawi2) authored 6 years ago
  
  8d681f00
- Merge branch 'wip/firewalld' · 2ba41e84
  Phillip Smith (fukawi2) authored 6 years ago
  
  2ba41e84
- Merge branch 'wip/firewalld' of ssh://git.archlinux.org/srv/git/infrastructure into wip/firewalld · 54496540
  Phillip Smith (fukawi2) authored 6 years ago
  
  54496540
- break postgres client ips into separate variables · d13089e6
  Phillip Smith (fukawi2) authored 6 years ago
  
  we have to use rich rules in firewalld to restict a specific port to a list of specific ip addresses. when using rich rules, you have to specify the address family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4 and ipv6 addresses of the clients dynamically generated into a single variable. so this commit creates 2 variables; one for ipv4 clients and one for ipv6 clients which can be referred to as required when creating the rich rules.
  d13089e6
- disable default dhcpv6-client firewall rule · c43b18f8
  Phillip Smith (fukawi2) authored 6 years ago
  
  none of our hosts are configured using dhcpv6 so no need to allow this default firewall hole to remain in place.
  c43b18f8
- zabbix-server: Open trapper port in firewall · 19955820
  Florian Pritz authored 6 years ago and Phillip Smith (fukawi2) committed 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  19955820
- set variables to enable firewall · f73d2d0d
  Phillip Smith (fukawi2) authored 6 years ago
  
  f73d2d0d
- initial commit of luna.yml playbook · 8c3f8bf7
  Phillip Smith (fukawi2) authored 6 years ago
  
  8c3f8bf7
- fix tag for matrix firewall task · a342d291
  Phillip Smith (fukawi2) authored 6 years ago
  
  a342d291
- Add ssh hostkeys list · 1112c18b
  Florian Pritz authored 6 years ago and Phillip Smith (fukawi2) committed 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  1112c18b
- fetch-borg-keys: Update path · 73ada882
  Florian Pritz authored 6 years ago and Phillip Smith (fukawi2) committed 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  73ada882
- Move install_arch and fetch-borg-keys playbooks to tasks subdir · ca7875f8
  Florian Pritz authored 6 years ago and Phillip Smith (fukawi2) committed 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  ca7875f8
- renamed packer-io to packer · ea217832
  Christian Rebischke authored 6 years ago and Phillip Smith (fukawi2) committed 6 years ago
  
  Signed-off-by: Christian Rebischke <Chris.Rebischke@posteo.de>
  ea217832
- matrix role; open firewall holes · 24860997
  Phillip Smith (fukawi2) authored 6 years ago
  
  24860997
- bring firewalld role earlier in the list · 532d72cb
  Phillip Smith (fukawi2) authored 6 years ago
  
  other roles with firewalld tasks will fail if firewalld is not installed, enabled and started prior to them trying to run.
  532d72cb
- reformat firewalld role task file · 6b69ba59
  Phillip Smith (fukawi2) authored 6 years ago
  
  6b69ba59
- make all firewalld changes take effect immediately · 1258e6b7
  Phillip Smith (fukawi2) authored 6 years ago
  
  1258e6b7
- break postgres client ips into separate variables · 7bd299a3
  Phillip Smith (fukawi2) authored 6 years ago
  
  we have to use rich rules in firewalld to restict a specific port to a list of specific ip addresses. when using rich rules, you have to specify the address family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4 and ipv6 addresses of the clients dynamically generated into a single variable. so this commit creates 2 variables; one for ipv4 clients and one for ipv6 clients which can be referred to as required when creating the rich rules.
  7bd299a3
- disable default dhcpv6-client firewall rule · 4064139d
  Phillip Smith (fukawi2) authored 6 years ago
  
  none of our hosts are configured using dhcpv6 so no need to allow this default firewall hole to remain in place.
  4064139d
Aug 16, 2018
- zabbix-size: Add database size monitoring for MySQL · f671a20d
  Jelle van der Waa authored 6 years ago
  
  f671a20d
Aug 15, 2018
- zabbix-server: Open trapper port in firewall · a5dc285d
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  a5dc285d

Admin message