heftig has agreed to have his access reduced, as a way to reduce the
number of people with access to the "super" vault.

With this change the matrix vault is moved from the "super" vault to the
"default" vault as that is needed for maintaining the matrix server.

Fix #567

Also regenerate the list of Prometheus Blackbox targets, adding:

- https://london.mirror.pkgbuild.com
- https://package-maintainer-bylaws.aur.archlinux.org

As we have recently migrated our vagrant account to a hashicorp cloud
account these credentials are not working anymore and are superseeded by
the ones that can be found in "misc/vaults/vault_hashicorp_cloud.yml".

Signed-off-by: Christian Heusel <christian@heusel.eu>

Fixes: e23509c0 ("Add credentials for the newly created hashicorp cloud account")
Signed-off-by: Christian Heusel <christian@heusel.eu>

Signed-off-by: Christian Heusel <christian@heusel.eu>

Currently needs a hack in
/var/lib/synapse/matrix-appservice-irc/node_modules/matrix-appservice-bridge/lib/components/media-proxy.js
to replace the `"http"` require with `"https"` or the proxy won't work.

See: https://github.com/matrix-org/matrix-appservice-bridge/issues/507

New server; same CPU and RAM as previous one, hopefully more stable.

Mjolnir does not support Node 20.

This shell behavior[1] in Bash 5.2 "expands occurrences of '&' in the
replacement string of pattern substitution to the text matched by the
pattern" but we want literal ampersands so escape them.

[1] https://www.gnu.org/software/bash/manual/html_node/The-Shopt-Builtin.html

Fix #573

Fix #566

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Follow-up to merge request !786. New key is
already trusted by four master keys in archlinux-keyring 20231222-1.

archlinux-keyring#254

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

gromit is our newest Junior DevOps[1] and will get access to:
* bugs.archlinux.org: for helping with the bug migration
* wiki.archlinux.org: for helping with (archwiki) maintenance

[1] https://lists.archlinux.org/archives/list/arch-devops@lists.archlinux.org/message/2LAOGIVY33MZLBZCDSQHDQVQNEULLUTW/

Fix #543

A new Hetzner cloud project has been created called "Sandbox". This
project is meant for non-production workload which must be created
on-demand from e.g. a CI pipeline. The first project using the sandbox
is aurweb, which wants to use GitLab's Review apps[1] feature to create
dynamic environments on-demand.

Two API tokens have been created, one for the infrastructure project (to
be used by packer) and for the aurweb project.

[1] https://docs.gitlab.com/ee/ci/review_apps/

This is needed as archlinux-docker wants to push its container images to
GitHub Packages[1]. Unfortunately, the existing GitHub account has too
much access and it is not possible to limit the token to a single
repository[2].

[1] archlinux-docker#73
[2] https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic

This is needed as archlinux-docker wants to push its container images to
Quay.io[1], which requires a RedHat account.

[1] archlinux-docker#73

Follow-up to merge request archlinux/infrastructure!671.

URL: https://fosstodon.org/@archlinux

We have been using sponsored Equinix Metal boxes for years (sponsorship
managed by CNCF[1]). This adds a service account[2], so we don't need to
rely on individual access.

[1] https://github.com/cncf/cluster
[2] https://github.com/cncf/cluster/issues/213

Similarly to geo.mirror.pkgbuild.com, this is monitored elsewhere.

I think this was renamed when Keycloak switched to Quarkus.