The same drop-in functionality is now provided by the openssh package
via /etc/ssh/sshd_config.d/.

Requested by @torxed to be able to commit from a pipeline.

[1] https://gitlab.archlinux.org/archlinux/teams/mirror-administrator/arch-mirrors

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

With aurweb!743 we expose those gauges directly from /metrics

Signed-off-by: moson <moson@archlinux.org>

Rename "search_requests_total" to "aur_search_requests_total"

Related MR: aurweb!743

Signed-off-by: moson <moson@archlinux.org>

We have 100 max connections to Libera.

Leveraging devtools 1.0.4, install systemd snippets which
  - distribute CPU and IO equally between users,
  - distribute CPU and IO equally between build containers of a user,
  - prefer distributing CPU and IO to things that are not build
    containers, and
  - copy our user oomd config for users to apply to build containers.

faillock has often been locking me out of my mailbox because it counts
failed authentication attempts against my user; turn this off and rely
on fail2ban to block instances of account password brute-forcing by IP.

This allows the pads to be named nicely instead of having just a random string as URL.

For example the draft of the monthly report in july could be located at "https://md.archlinux.org/2023-07_monthly-report" instead of "https://md.archlinux.org/UF9Y235qTRe8XS3qxUVeJA".

https://docs.hedgedoc.org/references/url-scheme/#freeurl-mode



Signed-off-by: Christian Heusel <christian@heusel.eu>

The HTTP code must be 2xx for probe_success to indicate that the probe
succeeded, if not an alert will be sent.

Fixes: 653f8011 ("Add GitLab Pages for alpm-types[1]")

As per docs: https://docs.gitlab.com/ee/user/project/pages/introduction.html#customize-the-default-folder

[1] archlinux/alpm/alpm-types#36

Jelle van der Waa authored 1 year ago and Leonidas Spyropoulos committed 1 year ago

Apply the same rate limitting and fail2ban rules for aur.archlinux.org

* Remove API Requests panel (no values; replaced by goaurrpc dashboard)
* Add panel to visualize new metrics for search requests
* Set default timespan to 1 day (from 30d)

Ref: aurweb@814ccf6b
Signed-off-by: moson <moson@archlinux.org>

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

We do not want our packagers on gemini to hit the rate-limit.

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Until we get our situation with uptimerobot fixed, we are redirecting
status.archlinux.org to the standard uptimerobot URL, that is provided
with their free plan. Once/if we re-gain our premium access, we can
simply revert this MR.

To match Matrix.org. The limit also applies to files we need to retrieve
from other servers.

Add panel to visualize how many requests end up being rate-limited

Signed-off-by: moson-mo <mo-son@mailbox.org>

Adjust bash wrapper scripts to activate our python virtualenv:
Script execution is triggered from ssh / git.
These wrapper scripts then call python scripts created by poetry.

We should make sure that this happens within our venv.

Previously this was done by using "poetry run...".
However, using poetry is costly and adds some delay.
Instead of using poetry, we can just activate our venv
and then execute our scripts.

Fixes: b15ac838 ("aurweb: Make SSH faster by avoiding slow Poetry (~2,5 sec faster)")

Signed-off-by: moson-mo <mo-son@mailbox.org>

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Ref #518