This reverts commit 466230e4.

This has been fixed in pacman[1], so it is no longer unreasonably slow.
Some quick testing at runner1 indicates that this only saves five
seconds at best, so IMO it is not worth the complexity to continue doing
this.

This revert does not revert the timeout back to 60 seconds, but keeps it
at 30 seconds.

[1] pacman/pacman!16

This means that there is no need to make runner-specific changes to the
image, so in theory the image could be build centrally (e.g. in the
arch-boxes project[1]) and then distributed to the runner hosts.

This change also make the SSH keys ephemeral.

[1] https://gitlab.archlinux.org/archlinux/arch-boxes

All libvirt volume management is now handled through virsh instead of
direct file system access. As a volume cannot be uploaded in an atomic
way, the current active volume is now tracked in a file on disk.

This may allow us to run the script with less privileges and use polkit
for libvirt access control[1].

[1] https://libvirt.org/aclpolkit.html

The prepare stage runs "echo "Running on $(hostname)...""[1], resulting
in "bash: line 7: hostname: command not found" and it outputting
"Running on ..." as the hostname command is provided by inetutils, which
is not installed.

Fix it by "monkey patching" it to use "hostnamectl hostname" and inject
the hostname with SMBIOS[2][3]. Injecting creds with SMBIOS may also be
useful in the future, e.g. for injecting an ephemeral SSH public key.

[1] https://gitlab.com/gitlab-org/gitlab-runner/-/blob/v17.5.2/shells/bash.go?ref_type=tags#L452-L456
[2] https://systemd.io/CREDENTIALS/
[3] https://github.com/systemd/systemd/pull/30814

This removes 13 instances of [1] and 1 instance of the IP address from
the job log.

The latter was fixed by no longer waiting for SSH in the "run" stage,
which is unnecessary as we wait for SSH in the "prepare" stage.

[1] Warning: Permanently added '192.168.122.xxx' (ED25519) to the list of known hosts.

It was forgotten once[1] to update it in both places, so avoid that
issue in the future, by moving it to a variable.

[1] c370c9d0 ("gitlab_runner: Update concurreny math to reflect the new VM size")

Fixes #641

Signed-off-by: Christian Heusel <christian@heusel.eu>

The project now has a centralized landing page hosted in the root
directory which we can observe instead of the docs for one specific
crate.

Related to signstar#124
Related to signstar!131



Signed-off-by: Christian Heusel <christian@heusel.eu>

The project now has a centralized landing page hosted in the root
directory which we can observe instead of the docs for one specific
crate.

Related to archlinux/alpm/alpm#76
Related to archlinux/alpm/alpm!57



Signed-off-by: Christian Heusel <christian@heusel.eu>

We had load problems before and this seems to fix it for now.

We are hitting a lot of permission problems lately for sources that are
co maintained. The culprint were wrong facl permissions that have not
been adjusted since we renamed TU to Packager.
Reflect this change by fixing the groups in the archbuild tasks to use
junior-dev and junior-packager.

tf-stage1: Add GitLab Pages for Signstar

See merge request !892

Requested by dvzrv[1] and implemented in this MR[2].

[1]: signstar#91
[2]: signstar!125



Signed-off-by: Christian Heusel <christian@heusel.eu>

tf-stage2: use 1h timeout for keycloak pw resets

See merge request !889

Recently somebody complained that the email only reached them after the
password reset link had already become invalid, which is definitely
something that can happen with the previously set 5min timeout. 5
minutes timeout are too short aswell for any complex email analysis
setup or greylisting, and we therefore bump this value to one hour,
which is still short enough from a security perspective but gives our
users a bit more time to act on the reset.

Signed-off-by: Christian Heusel <christian@heusel.eu>

This seems to be a leftover from the migration of our packager roles.
All packagers should be able to upload sources to our packages
directory, hence change the permissions from the junior-dev group to the
junior-packager group.

Fixes #637

The last submodule was removed in [1] more than 4 years ago.

[1] d9fdafb0 ("Use archlinux-contrib over git submodule")

The PoC has concluded.

This reverts commit c56fbb55 (tf/keycloak: Add openid client for buildbot, 2022-09-01).

The PoC has concluded.

This reverts commit 37fb120a (Provision server for buildbot POC, 2022-05-12).

To my knowledge they were never used and the new buildbtw[1] project is
following another path.

[1] https://gitlab.archlinux.org/archlinux/buildbtw

This reverts commit 3a555a1a (Provision workers (servers) for the buildbot POC, 2024-01-19).

Fixes: 24e73359 ("Decommission patchwork.archlinux.org and replace it with a static copy[1]")

With the last commit[1], we now lint the misc host_vars files and the
indentation is off for some of the files.

[1] b0f46412 ("Add missing .yml suffix to the misc host_vars files")

The naming of yaml files should be consistent.

gitlab_runner: Replace sq usage with rsop

See merge request !890

Keeping up with the sequoia interface changes is no fun and has caused
us work previously, therefore replace it with rsop which has a
standardized interface.

Co-Authored-by: David Runge <dvzrv@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>

Add Mumble server

See merge request !886

As per my announcement to arch-devops[1] and staff, this adds a Mumble
server for Arch Linux.

The password for the special root user SuperAdmin is automatically
generated on first launch and printed to the logs. I went ahead and
added it to the vault. It should not usually be required to login as
SuperAdmin though as long as there are user admins around.

This uses certbot for local certificates.

[1] https://lists.archlinux.org/archives/list/arch-devops@lists.archlinux.org/thread/AHAOSTGFJTLQDSXLWFORDKGR6RDVHYEI/

It never gained traction and it has been dormant for over three years.

[1] https://gitlab.archlinux.org/archlinux/reproducible-archlinux-notes

Also regenerate the list of Prometheus Blackbox targets, adding:

- https://london.mirror.pkgbuild.com
- https://package-maintainer-bylaws.aur.archlinux.org