The format of the MySQL user credentials has been slightly changed:
https://github.com/prometheus/mysqld_exporter/releases/tag/v0.15.0

Our custom Keycloak theme[2] must be updated to use the new account
console[3] which will be handled later.

[1] https://www.keycloak.org/2023/04/keycloak-2110-released#_experimental_account_console_version_3
[2] https://gitlab.archlinux.org/archlinux/keycloak-archlinux-theme
[3] https://gitlab.archlinux.org/archlinux/keycloak-archlinux-theme/-/blob/238889fb36d512f0baa328fad00531ef53c14c1f/lib/src/main/resources/theme/archlinux/account/theme.properties#L1

Fixes: 140b9acd ("tf-stage2: Add an arch specific question for signing up to reduce spam")

Fixes: 98f20948 ("fluxbb: update the navbar url from bugs to gitlab")
Signed-off-by: Christian Heusel <christian@heusel.eu>

Signed-off-by: moson <moson@archlinux.org>

"docker system prune --volumes" does no longer prune named volumes in
Docker 23.0[1][2], so use "docker volume prune --all"[3] for pruning
named volumes.

[1] https://github.com/docker/cli/issues/4028
[2] https://github.com/moby/moby/pull/44259
[3] https://github.com/docker/cli/pull/4229

In the Hetzner rescue environment, they have begun setting
TMPDIR=/tmp/hwc which breaks mkinitcpio, so remove the ~/.bashrc file so
that is not set.

I don't expect more GitHub Pages to be set up, so using a explict
resource instead of abstracting it, is fine I think.

[1] https://github.com/archlinux/archinstall/issues/2098

Some of the mails generated by gitlab are way bigger than 200KB, e.g.
this[1] Thunderbird package bump resulting in a 850KB mail. So bump t0
1000KB for now and see if it is enough.

[1] archlinux/packaging/packages/thunderbird@3da91c6e

The last hunk which I applied manually incorrectly retained its pluses.

Fixes: 825a0c92 ("grafana: rebase grafana.ini to grafana 10.2.0-1")

Also add script to make rebasing easier.

Enable error reporting for internal server errors and show stack trace
on a sandbox/dev environment.

Signed-off-by: moson <moson@archlinux.org>

Kristian Klausen authored 1 year ago and Levente Polyak committed 1 year ago

There is no reason for exposing the service to the whole internet nor
communicating without encryption. It could be fixed by restricting the
firewall rule to the public IP of the gitlb server and running it over
HTTPS or we could just use our existing WG network.

To allow gitlab to send requests to a private network address, the IP
has been allowlisted[1]. The endpoint also expects a "secret token"[2],
so it won't accept events from e.g. users creating a webhook with the
same URL.

[1] https://docs.gitlab.com/ee/security/webhooks.html#allow-outbound-requests-to-certain-ip-addresses-and-domains
[2] https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#validate-payloads-by-using-a-secret-token

There is no reason for this and we very rarely use the console anyway.

Ref #541

Trusted Users are now called Package Maintainers.
See the discussion in https://wiki.archlinux.org/title/ArchWiki_talk:Requests#Trusted_User_name_change

Once this is deployed, the users need to be migrated to the new group
by running:

    php ./maintenance/migrateUserGroup.php archtu archpackager

Related to #533

Closes: #542
Fixes: 722cc5bf ("aurweb: release 6.2.8")

The role has been renamed[1], so rename the bylaw subdomain.

tu-bylaws.aur.a.o will be kept around for some time redirecting to
package-maintainer-bylaws.aur.a.o.

[1] rfcs!7

Ref #533