Closes: #542
Fixes: 722cc5bf ("aurweb: release 6.2.8")

The role has been renamed[1], so rename the bylaw subdomain.

tu-bylaws.aur.a.o will be kept around for some time redirecting to
package-maintainer-bylaws.aur.a.o.

[1] rfcs!7

Ref #533

aurweb: release 6.2.8

See merge request !762

* bump version
* services: rename tuvotereminder to votereminder
* nginx: redirect /tu to /package-maintainer
* nginx: remove /trusted-user/TUbylaws.html redirect

Signed-off-by: moson <moson@archlinux.org>

archwiki: Update to version 1.40.1-3

See merge request !764

This includes several minor ui fixes.

Signed-off-by: Christian Heusel <christian@heusel.eu>

Now matching the config in dbscripts itself. Also sort the repos.

Offboard remy as Developer

See merge request !755

Jelle van der Waa authored 1 year ago and Kristian Klausen committed 1 year ago

Ref #527

archwiki: update to mediawiki 1.40

See merge request !747

- fix crash when $wgFooterIcons.poweredby is no set
- account for Extension:Renameuser being bundeled with 1.40
- enable the nosniff header for /images
- switch to running maintenance scripts via run.php

Signed-off-by: Christian Heusel <christian@heusel.eu>

Adding the extension was discussed here:
https://wiki.archlinux.org/index.php?title=ArchWiki_talk:Maintenance_Team&oldid=788677#Replace_PNG_images_with_SVG



Signed-off-by: Christian Heusel <christian@heusel.eu>

This also enables the Extension:VisualEditor on user pages.

Addition was positively discussed here:
https://wiki.archlinux.org/index.php?oldid=788677#Enable_the_DiscussionTools_extension



Signed-off-by: Christian Heusel <christian@heusel.eu>

this has been positively discussed here:
https://wiki.archlinux.org/index.php?oldid=788677#Enable_the_Thanks_extension



Signed-off-by: Christian Heusel <christian@heusel.eu>

dbscripts: fix createlinks for binaries in non-standard locations

See merge request !758

In FS#79592 we encountered yet another case where sogrep was not able to
detect the necessary rebuild because the binaries reside in the
non-standard path "/usr/share/$pkgname/bin/" which we currently do not
take into account.

This commit fixes this behaviour by also taking files symlinked from one
of the standard locations into account.

Adding secondary workstation key for torxed

See merge request !761

Re #537

dbscripts: add missing gitconfig file

See merge request !756

Onboard fabiscafe as PM

See merge request !757

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

The EDNS Client Subnet header can provide a more accurate location of
the client, especially if the client is not near the recursive resolver,
so use it if it's provided.

Since Linux 6.2, Btrfs enables asynchronous trimming in its mount flags.

[1] https://github.com/archlinux/archinstall/issues/1837
[2] https://github.com/torvalds/linux/commit/63a7cb130718

hardening: reject authentication with empty passwd

See merge request !759

SSH defaults to disallowing empty passwords but Dovecot has no similar
safeguard (at least not one enabled by default). Remove "nullok" from
/etc/pam.d/system-auth to implement the desired behavior system-wide.

ansible-lint 6.19.0 started complaining about this:

   schema[tasks]: 'become_method' must be one of the currently available
   values: ansible.builtin.runas, ansible.builtin.su,
           ansible.builtin.sudo, ansible.netcommon.enable,
           community.general.doas, community.general.dzdo,
           community.general.ksu, community.general.machinectl,
           community.general.pbrun, community.general.pfexec,
           community.general.pmrun, community.general.sesu,
           community.general.sudosu, containers.podman.podman_unshare

No way we're fixing 47 of these linting errors which seem unimportant.

The archive is too chonky to fit in 10T so the storage box is now 20T.

The expression "2^40 * ceil(hetzner_storage_box_size_bytes / 2^40)" is
used to round up hetzner_storage_box_size_bytes to the next TB because
when we do "df" on the storage box, the total blocks exclude snapshots.

The gitlab bot added in [1] expired after one month, so this allowlist
the new bot, which expires after 11 months (gitlab's maximum).

[1] 5fb8df85 ("gluebuddy: Add gitlab bot for aurweb-tfstate project")

mailman: rate limit the uwsgi endpoint to 2 requests/sec

See merge request !760

We have had bruteforce attempts to perform SQL injections on the signup
page. To get rid of the alerts, let's rate limit this properly.