- Jul 06, 2021
-
-
Kristian Klausen authored
This is meant as a internal authenticated and encrypted network which we can use for internal services, we don't want to expose to the internet or when encryption is desired but not easily implementable.
-
Kristian Klausen authored
This is initial to be used for communicating between {lists,mailman3}.archlinux.org as mailman{2,3} can't run on the same server.
-
Kristian Klausen authored
grafana: Use builtin functionality to restrict access See merge request archlinux/infrastructure!443
-
This reverts commit 649568e7 ("Restrict Grafana access to Arch Linux Staff group on Keycloak (fixes #151)").
-
Kristian Klausen authored
install_arch: Fix cleanup of pacman cache See merge request archlinux/infrastructure!441
-
Thorben Günther authored
noconfirm does not work because the default answer to the first check is `No`.
-
Kristian Klausen authored
This should have been amended to the original commit. Fixes: 5fba4d5b ("rspamd: Lower spam threshold on misaligned Reply-To/To fields")
-
- Jul 05, 2021
-
-
Kristian Klausen authored
rspamd: Lower spam threshold on misaligned Reply-To/To fields See merge request !395
-
When people send patches to pacman-dev, either with the wrong list address or a perceived wrong email header it would most likely be default marked as spam and stuffed into Junk for people using our email server. This attempts at lowering the score to something we can live with until a gitlab migration. Signed-off-by:
Morten Linderud <morten@linderud.pw>
-
Jelle van der Waa authored
-
Jelle van der Waa authored
-
- Jul 04, 2021
-
-
Kristian Klausen authored
Goodbye luna Closes #86 See merge request !436
-
Kristian Klausen authored
Support creating support-staff accounts on mail.al.org for mail + create user for klausenbusk and denisse See merge request !430
-
Kristian Klausen authored
-
Kristian Klausen authored
-
Kristian Klausen authored
Primarily to be used for mail accounts on mail.archlinux.org.
-
Kristian Klausen authored
-
- Jul 03, 2021
-
-
Jelle van der Waa authored
-
Jelle van der Waa authored
Update the firewalld configuration as of 0.9.4. MinimalMark/AutomaticHelpers options are deprecated and ignored. New otions added.
-
- Jul 02, 2021
-
-
Evangelos Foutras authored
Use sub-accounts for backups to Hetzner Storage Box Closes #362 See merge request !434
-
Evangelos Foutras authored
This offers improved separation between the server backups and should avoid bumping against the storage box 10 concurrent connection limit. Fixes: #362
-
- Jul 01, 2021
-
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Evangelos Foutras authored
As it turns out, the total size does not include the snapshots (feature which we recently enabled). Record the free space so we can have a more accurate picture of the usable space remaining.
-
- Jun 30, 2021
-
-
Evangelos Foutras authored
Now that we have enabled snapshots, summing all Borg repository sizes has become a bad approximation of the total space used on the storage box.
-
Kristian Klausen authored
Migrate lists.al.org to a VPS Closes #356 See merge request !424
-
Kristian Klausen authored
Fix #356
-
Kristian Klausen authored
The DNS is still pointing to luna.
-
Kristian Klausen authored
-
Kristian Klausen authored
nginx, certbot, postfix and mailman are still missing and the DNS is still pointing to luna.
-
Kristian Klausen authored
We want to use rspamd for lists.al.org at some point, so we can't hardcode the domain to archlinux.org.
-
Kristian Klausen authored
-
- Jun 28, 2021
-
-
Evangelos Foutras authored
Use restrict key option and relative borg command See merge request !433
-
Evangelos Foutras authored
No functional change; the "restrict" key option is a shorthand for: - no-agent-forwarding - no-port-forwarding - no-X11-forwarding - no-pty - no-user-rc It was added in OpenSSH 7.2 (2016-02-29) as a convenient way to specify an authorized key should have "all current and future key restrictions" applied to it. Also switch to a relative borg command since its location is not really standardized; on rsync.net it appears to be located under usr/local/bin (though /usr/bin/borg works too, even if it doesn't exist!) and Hetzner just forces its own command, ignoring ours.
The Borg documentation seems to agree with both the above alterations: [1] https://borgbackup.readthedocs.io/en/stable/usage/serve.html -
Evangelos Foutras authored
Create snapshot with current db and gitlab backups See merge request !432
-
Evangelos Foutras authored
The helper scripts that create mysql/postgres database dumps as well as the script running gitlab-backup were executed after the btrfs snapshot was taken. This resulted in stale db and gitlab backups (from last run). Move execution of these helper scripts further up so their outputs get included in the btrfs snapshot. Reported-by:
Kristian Klausen <kristian@klausen.dk>
-