Commits · 29a15ad2b34d4aca8114c226875be8dadd47286a · Arch Linux / infrastructure

Apr 08, 2017

zabbix-agent: Add mysql config for mysql checks · 29a15ad2

Florian Pritz authored 7 years ago


Template only for now. Deployed manually on luna, not yet integrated
with apollo.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Verified

29a15ad2

Apr 04, 2017
- gitpkg: Always print meson_options.txt · d7291c4d
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  d7291c4d
Apr 01, 2017

Deploy zabbix-agent to all hosts · 49d5d341
Florian Pritz authored 8 years ago
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
49d5d341

common: Raise journald max files limit and disable error wall · fb79d4db

Florian Pritz authored 8 years ago

Max files limit causes journald to be too agressive when cleaning up
old logs because it tries to stay under the limit. If there are enough
users on the system that won't happen and it will start removing system
logs way too soon (like after a few hours or days).

Signed-off-by: Florian Pritz <bluewind@xinu.at>

fb79d4db

Mar 25, 2017
- Add Archive · 28fef068
  Sébastien Luttringer authored 8 years ago
  
  28fef068
Mar 21, 2017
- Add Jelle to multilib group · 42ae61cf
  Bartłomiej Piotrowski authored 8 years ago
  
  42ae61cf
Mar 20, 2017
- zabbix-agent: Fix agent server on apollo · e8194620
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  e8194620
- php: Adapt php.ini for zabbix frontend · 9ca0aacb
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  9ca0aacb
- Enable zabbix roles on apollo · 964e8bd0
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  964e8bd0
- Add zabbix-server role · 9b508f22
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  9b508f22
- Add zabbix-agent role · 3ce16c59
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  3ce16c59
Mar 11, 2017
- ansible.cfg: Removed settings that had default values · c9ee6182
  Giancarlo Razzolini authored 8 years ago
  
  Our ansible.cfg had some settings that were using the default values, according to ansible documentation.
  Verified
  
  c9ee6182
Mar 07, 2017
- kanboard: Fix email settings · 2924d4d8
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  2924d4d8
Mar 06, 2017

kanboard: Set up url rewriting · 8f82c6f2

Florian Pritz authored 8 years ago

Uses the nginx config from here:
https://kanboard.net/documentation/nice-urls



Signed-off-by: Florian Pritz <bluewind@xinu.at>

Verified

8f82c6f2

kanboard: Disable HSTS in app · 8b0e06d3

Florian Pritz authored 8 years ago

The HSTS header is already added by nginx. If kanboard adds its own the
reply contains a header that contains max-age twice which is invalid.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Verified

8b0e06d3

Mar 04, 2017
- Add kanbord · 5054193c
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  5054193c
- php: Add iconv, gd, pdo_pgsql for kanboard · 79d28122
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  79d28122
Mar 03, 2017
- roles/matrix: Use a more unique bridge name · fc762eec
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  fc762eec
- roles/matrix: Refine and add IRC bridge · 6de34c3e
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  6de34c3e
- roles/matrix: Add a matrix homeserver for soyuz · b3a45fb7
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  b3a45fb7
- roles/quassel: Install cert as root:quassel 640 · 7c613892
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  7c613892
Mar 02, 2017
- gitpkg: Use meson --buildtype=release · 5d3e9669
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  This behaves better with non-C compilers, where we do not provide any environment FLAGS. It does add -O3, but I think this can be excused as an upstream choice.
  Verified
  
  5d3e9669
- gitpkg: Add support for meson · 25f357d2
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  25f357d2
- gitpkg: Overhaul function injection · 25c013a8
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  25c013a8
- gitpkg: Only display .gitmodules if present · e6446ea2
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  e6446ea2
- gitpkg: Only display diff if not empty · 869d65ae
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  869d65ae
- gitpkg: Only display NEWS if present · 27dba431
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  27dba431
- gitpkg: Return nil from read_file on error · f26a8659
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  f26a8659
- gitpkg: Suppress stderr from git calls · 369249a9
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  369249a9
- gitpkg: Combine redirection (no effective change) · e983ff1b
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  e983ff1b
- gitpkg: Use r+ instead of w+ mode (no func. change) · 32bc78a2
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  32bc78a2
Mar 01, 2017
- Add new TU: Christian Rebischke · 4a08eda2
  Florian Pritz authored 8 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  4a08eda2
Feb 22, 2017
- roles/archweb: Add NM connectivity responder · c81a1ca6
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  At http://www.archlinux.org/check_network_status.txt (no https)
  Verified
  
  c81a1ca6
Feb 18, 2017
- roles/archbuild: Cleanup srcdest dirs containing no recently accessed files · 6bcdfe33
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Instead of looking at the access time of the dirs; that one is useless for cleaning.
  Verified
  
  6bcdfe33
Feb 10, 2017

roles/borg-client: Create some defaults · cbdc640f

Giancarlo Razzolini authored 8 years ago

The tasks that use variables need them to be at least defined,
even if empty, to be able to run. Added some defaults.

Verified

cbdc640f

roles/borg-client: Remove != None check · 6a07fd31

Giancarlo Razzolini authored 8 years ago

When using when: on ansible, it already checks if the variable is
set or not. But the variable must still be defined.

Verified

6a07fd31

Merge branch 'master' of arch-git:/srv/git/infrastructure · c274b67a
Giancarlo Razzolini authored 8 years ago

Verified

c274b67a

roles/*: Fix nginx log dir permissions · ff27e416

Giancarlo Razzolini authored 8 years ago

To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.

Verified

ff27e416

Feb 09, 2017
- roles/archbuild: Merge distro swap.conf · b2d27800
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  b2d27800
- roles/patchwork: Deploy the 503 page · 2c353e4e
  Giancarlo Razzolini authored 8 years ago
  
  Verified
  
  2c353e4e

Admin message