- May 12, 2022
-
-
Evangelos Foutras authored
All servers are part of these groups which makes them redundant.
-
Evangelos Foutras authored
Keycloak 18.0.0 disallows this by default; enable the legacy behavior temporarily. When this stops working, we should consider removing the 'redirect_uri' parameter entirely. Should also check if GitLab and/or Grafafa have implemented support for alternative ways of signing out: - https://gitlab.com/gitlab-org/gitlab/-/issues/14414 - https://github.com/grafana/grafana/issues/24643
-
Evangelos Foutras authored
-
Evangelos Foutras authored
tf-stage2: update keycloak provider to 3.8.1 See merge request !569
-
- May 10, 2022
-
-
Evangelos Foutras authored
OpenID clients: - 'use_refresh_tokens' set to false to preserve the values on live - 'backchannel_logout_session_required' implicitly changed to true for the 'grafana_openid_client' and 'openid_gitlab' clients SAML client (GitLab): - 'front_channel_logout' set to false to preserve the live setting
-
- May 09, 2022
-
-
Evangelos Foutras authored
Otherwise running terraform under tf-stage2 will often fail with: > ansible.errors.AnsibleError: Vault password client script > ../misc/vault-keyring-client.sh did not find a secret for > vault-id=default: b'gpg: decryption failed: No secret key\n'
-
Evangelos Foutras authored
-
Leonidas Spyropoulos authored
gitlab-exporter: add gitlab-exporter to monitoring See merge request !566
-
Leonidas Spyropoulos authored
Signed-off-by:
Leonidas Spyropoulos <artafinde@gmail.com>
-
Evangelos Foutras authored
Bash histories indicate this isn't being used anywhere other than {build,gemini}.archlinux.org and gemini's filelist is so big that locate becomes so slow that it's practically useless on this box.
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
- May 08, 2022
-
-
Evangelos Foutras authored
-
- May 07, 2022
-
-
Kristian Klausen authored
Onboard artafinde as Junior DevOps Closes #452 See merge request !567
-
Kristian Klausen authored
artafinde is our new newest Junior DevOp[1] and will get access to: * monitoring.al.org: for setting up gitlab-exporter[1] * gitlab.al.org: for setting up gitlab-exporter[1] * dashboards.al.org: in case he wants to do more monitoring related stuff [1] https://lists.archlinux.org/pipermail/arch-devops/2022-May/000558.html [2] https://gitlab.archlinux.org/artafinde/gitlab-exporter/ Fix #452
-
Evangelos Foutras authored
Move highly sensitive secrets to new "super" vault See merge request !565
-
Evangelos Foutras authored
-
Evangelos Foutras authored
- group_vars/all/vault_mariadb.yml: remove 'zabbix' database user - misc/vaults/additional-credentials.vault: remove zabbix irc bot - roles/dbscripts/tasks/main.yml: drop unused tier0 mirror access
-
Evangelos Foutras authored
-
Evangelos Foutras authored
The idea bebind this is to be able to give vault access to new DevOps members without giving away more important credentials like Hetzner's.
-
Evangelos Foutras authored
These were previously removed temporarily and re-created several minutes later during the process of deploying archusers to gemini.archlinux.org.
-
Evangelos Foutras authored
Add additional pubkey for dvzrv See merge request !568
-
David Runge authored
pubkeys/dvzrv.pub: Add pubkey based on auth subkey of PGP key `1793DAD5D803A8FFD7451697BB992F9864FAD168`.
-
- May 04, 2022
-
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
- Apr 29, 2022
-
-
Evangelos Foutras authored
geomirror: leverage LUA records for failover+GeoIP See merge request !563
-
Evangelos Foutras authored
In an effort to stay consistent with the TTL used for the archlinux.org and pkgbuild.com NS records, as well as slightly improve lookup latency.
-
Evangelos Foutras authored
PowerDNS provides a neat way to implement GeoIP-based redirection and automatic failover. With GeoLite2-City database, it is able to select the closest mirror from a list of IPs we provide. Every 60 seconds it also checks if the mirror's HTTPS URL is working as expected; if that check fails, it stops giving it out (this acts as automatic failover).
-
- Apr 28, 2022
-
-
Jan Alexander Steffens (heftig) authored
archbuild: Distribute CPU and IO resources equally among users See merge request !564
-
- Apr 27, 2022
-
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
archbuild: Turn off Git's safe.directory See merge request !561
-
Jan Alexander Steffens (heftig) authored
Without this setting, Git exits with an error when the repository is not owned by the current user. This messes with our shared srcdest.
-
- Apr 26, 2022
-
-
Evangelos Foutras authored
Packer bootstrap tweaks See merge request !562
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
- Apr 23, 2022
-
-
Evangelos Foutras authored
New hcloud adds protection fields to servers, volumes and floating IPs.
-
- Apr 22, 2022
-
-
Jelle van der Waa authored
-
- Apr 20, 2022
-
-
Evangelos Foutras authored
Since we are now using the local disk instead of a volume (which can be scaled up easily) it helps to have a more consistent view of free space.
-
Evangelos Foutras authored
All database user passwords have been updated to use scram-sha-256, so there's no need for backward compatibility with md5.
-