- Jul 13, 2021
-
-
Evangelos Foutras authored
It's been running out of swap during borg-backup and seems to get good compression ratios; try upping the zram size to 100% of RAM (from 50%).
-
- Jul 12, 2021
-
-
Jelle van der Waa authored
Add fail2ban exporter See merge request !457
-
Jelle van der Waa authored
The fail2ban exporter exports the amount of bans per jail.
-
Jelle van der Waa authored
-
Jelle van der Waa authored
-
Jelle van der Waa authored
-
Jelle van der Waa authored
-
Evangelos Foutras authored
hcloud_inventory: Optimize --list to avoid --host calls See merge request !459
-
Evangelos Foutras authored
By adding a top-level element called "_meta" to the --list response, Ansible will not call the inventory script with --host for each host thus saving a lot of time and many requests to the Hetzner Cloud API. The speed-up is significant; `ansible-inventory --list` is down from about 1 minute to just 7 seconds in my testing (with ~60ms latency).
-
Evangelos Foutras authored
As per the following deprecation warning (even though it has a typo): [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names to new standard, use callback_enabled instead. This feature will be removed from ansible-core in version 2.15. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [1] https://github.com/ansible/ansible/pull/74845
-
Jelle van der Waa authored
-
Evangelos Foutras authored
zswap seems like the better choice when a backing swap partition exists.
-
Evangelos Foutras authored
Remove zram size limit and disable zswap when using zram See merge request !458
-
Evangelos Foutras authored
When both zswap and zram are active, zswap sits in front of zram and treats it as a backing store. We just want to use zram and not zswap disguising itself as such; disable the latter so we can enjoy useful zramctl statistics. Implemented as tmpfiles.d/zram.conf which disables zswap at runtime.
-
Evangelos Foutras authored
Restarting swap.target doesn't apply configuration changes; instead we can restart systemd-zram-setup@zram0 which seems to do what we wanted.
-
Evangelos Foutras authored
Set "max-zram-size = none" to disable this unwanted limitation which defaulted to creating zram-based swap with a maximum size of 4096MiB. Fixes: dc8fa2bd ("common: Replace deprecated systemd-swap[1] with zram-generator")
-
Jelle van der Waa authored
Redirect fail2ban log to SYSLOG Closes #322 See merge request !456
-
-
Evangelos Foutras authored
The upstream branch is set by the earlier "git pull --set-upstream".
-
Kristian Klausen authored
Ref #374
-
Kristian Klausen authored
Onboard alerque as new TU See merge request !449
-
Kristian Klausen authored
Ref #373
-
- Jul 11, 2021
-
-
Jelle van der Waa authored
Add a default rate limit for 20 req/s for the uwsgi endpoint and automatically ban users who reach this limit. The nginx-limit-req rule does not ban users who reach the rss limit as these are not likely DoS attempts.
-
Evangelos Foutras authored
Mark "Free Space (Hetzner)" metric as instant for faster updates.
-
- Jul 10, 2021
-
-
Kristian Klausen authored
Extend onboarding by more explicit information See merge request !418
-
David Runge authored
.gitlab/issue_templates/Onboarding.md: Create the ticket as confidential by default (using a short action). Make the required information in the Details section more explicit and add entries that are relevant when creating an SSO and/or archweb account. Add a note for sponsors of new users, so that they also add a clearsigned version of the data they provide. Add a dot at the end of each sentence. Make the entries for mailing list operations more generic and rely on the *communication e-mail address*, which may be the user's personal mail address or a newly created @archlinux.org mail address. Add warning message about creating a confidential ticket when providing personal data. Add checkbox to remind about the removal of personal information, removal of description history and setting the ticket to be non-confidential (if it has been confidential due to personal data). Add checkbox that reminds setting the Team member username to the @-prefixed username on gitlab (after the user has logged in).
-
Kristian Klausen authored
prometheus_exporters: Improve arch-textcollector See merge request !453
-
Add number of pacnew/pacsave files and print non explicit installed optdepends as orphans as well.
-
Kristian Klausen authored
archweb: Add robots.txt Closes #358 See merge request !452
-
Closes #358
-
Kristian Klausen authored
It confuses the users that the browser is caching them (due to heuristic[1]). [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#heuristic_freshness_checking
-
- Jul 09, 2021
-
-
Kristian Klausen authored
The port was removed in: 4729ba40 ("postfix: Remove special "fast-path" smtpd")
-
Evangelos Foutras authored
Avoid running backup-gitlab twice; reuse tarballs See merge request !451
-
Evangelos Foutras authored
The official backup tool for GitLab takes many hours to run because it puts everything inside tarballs and then gzips each one. It seems safe and much more efficient to skip this step for the offsite backup while reusing the tarballs generated by the first backup to the Storage Box. Should save ~5 hours from the borg-backup-offsite.service execution.
-
- Jul 08, 2021
-
-
Evangelos Foutras authored
No functional change; the "restrict" key option is a shorthand for: - no-agent-forwarding - no-port-forwarding - no-X11-forwarding - no-pty - no-user-rc It was added in OpenSSH 7.2 (2016-02-29) as a convenient way to specify an authorized key should have "all current and future key restrictions" applied to it.
-
Kristian Klausen authored
-
Kristian Klausen authored
-
Kristian Klausen authored
-
Kristian Klausen authored
It simplifies it a bit.
-
Kristian Klausen authored
-