The PoC has concluded.

This reverts commit 37fb120a (Provision server for buildbot POC, 2022-05-12).

To my knowledge they were never used and the new buildbtw[1] project is
following another path.

[1] https://gitlab.archlinux.org/archlinux/buildbtw

This reverts commit 3a555a1a (Provision workers (servers) for the buildbot POC, 2024-01-19).

Fixes: 24e73359 ("Decommission patchwork.archlinux.org and replace it with a static copy[1]")

With the last commit[1], we now lint the misc host_vars files and the
indentation is off for some of the files.

[1] b0f46412 ("Add missing .yml suffix to the misc host_vars files")

The naming of yaml files should be consistent.

gitlab_runner: Replace sq usage with rsop

See merge request !890

Keeping up with the sequoia interface changes is no fun and has caused
us work previously, therefore replace it with rsop which has a
standardized interface.

Co-Authored-by: David Runge <dvzrv@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>

Add Mumble server

See merge request !886

As per my announcement to arch-devops[1] and staff, this adds a Mumble
server for Arch Linux.

The password for the special root user SuperAdmin is automatically
generated on first launch and printed to the logs. I went ahead and
added it to the vault. It should not usually be required to login as
SuperAdmin though as long as there are user admins around.

This uses certbot for local certificates.

[1] https://lists.archlinux.org/archives/list/arch-devops@lists.archlinux.org/thread/AHAOSTGFJTLQDSXLWFORDKGR6RDVHYEI/

It never gained traction and it has been dormant for over three years.

[1] https://gitlab.archlinux.org/archlinux/reproducible-archlinux-notes

Also regenerate the list of Prometheus Blackbox targets, adding:

- https://london.mirror.pkgbuild.com
- https://package-maintainer-bylaws.aur.archlinux.org

Fix packer and update plugins

See merge request !888

Improve ansible logging to be more human readable

See merge request !887

This differs from the way we install packages in all the other roles, so
revert the commit to ensure consistency.

This reverts commit ab1d8e84.

Fixes: 7ea1eb29 ("gitlab_runner: Refactor libvirt-executor")

It failed to reboot during the last upgrade procedure. Upon logging into
the Equinix Metal console, we discovered that we lack access to all 4 of
the servers sponsored by Equinix Metal. They are under the CNCF account,
and it's not possible to transfer them to our organization.

Equinix Metal is being sunset, and the remaining 3 servers will also go
away on June 30th 2026. We can keep them until then, or until they fail
to boot like seoul.mirror.pkgbuild.com.

alpm-buildinfo and alpm-types have been consolidated into the alpm
project[1], for which GitLab Pages was recently configured[2][3].

Requested by @dvzrv.

[1] https://gitlab.archlinux.org/archlinux/alpm/alpm
[2] archlinux/alpm/alpm#32
[3] 3d54b56c ("Add GitLab Pages for alpm")

gitlab: Add ruby script for continuous extending of bot tokens

Closes #617

See merge request !884

We are not on top of expiring bot tokens and we usually only notice when
someone else points it out.

It is also a bit cumbersome to add new bot tokens, so avoid the issue
altogether, by just extending the lifetime of the bot tokens
continuously.

Fix #617

The behavior is mentioned in the documentation[1], but gitlab has not
always done it this way (e.g. some of the older project bots still
exist, even though the project tokens expired several months ago).

[1] https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects

This will be used for deleting old packages (i.e. the fortnightly
packages which are older than 90 days). I thought using a job token
would work (as described in [1]), but that turned out not to be the case
as explained in [2].

[1] 242213b2 ("gluebuddy: Remove deleted project bot for arch-boxes")
[2] arch-boxes@48ccb457

Relates to #632

As we have recently migrated our vagrant account to a hashicorp cloud
account these credentials are not working anymore and are superseeded by
the ones that can be found in "misc/vaults/vault_hashicorp_cloud.yml".

Signed-off-by: Christian Heusel <christian@heusel.eu>

Fixes: e23509c0 ("Add credentials for the newly created hashicorp cloud account")
Signed-off-by: Christian Heusel <christian@heusel.eu>

Signed-off-by: Christian Heusel <christian@heusel.eu>

postfix_null: Use fixed amount of rounds for password_hash

See merge request !880

As it turns out the value for this filters "rounds" parameter strongly
differs depending on the installed python crypto backend, since
python-crypt uses 5000 rounds while python-passlib uses 656000 rounds
set a default parameter according to ansible documentation.

As really high values for "rounds" lead to some login timeouts it makes
sense for us to use a fixed value for this parameter. In this case 5000
have been chosen as this value reflects the defaults from python-crypt
aswell as /etc/login.defs in the shadow package.

Link: https://github.com/ansible/ansible/pull/77963/files
Related-to: #250


Signed-off-by: Christian Heusel <christian@heusel.eu>

This will be used for issue-bot[1][2] similar as it is done in the
signstar project[3].

[1] https://gitlab.com/gitlab-org/distribution/issue-bot
[2] arch-boxes@f0c7c7e7
[3] signstar@4e1cfa1e

Requested by Orhun[1].

[1] archlinux/alpm/alpm!9

Onboard wiktor as Support Staff

Closes #630

See merge request !879

Relates to: #630

Signed-off-by: Christian Heusel <christian@heusel.eu>

This ensures that the fully templated file is syntactically is a valid php file.

Signed-off-by: Christian Heusel <christian@heusel.eu>