gitlab-pages uses the API source by default now[2] but DNS resolution is
broken[3] so we need to use the disk config source.
Reported upstream here[4].

[1] https://docs.gitlab.com/ee/administration/pages/#gitlab-pages-doesnt-work-after-upgrading-to-gitlab-140-or-above
[2] https://gitlab.com/gitlab-org/gitlab-pages/-/commit/9a30f40a785ffe586a79a75ebebabda5f513b76f
[3] https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4243
[4] https://gitlab.com/gitlab-org/gitlab/-/issues/331699#note_608473496

Keycloak doesn't support Java 16 (yet)[1].

[1] https://issues.redhat.com/browse/KEYCLOAK-18307

[1] archlinux/archlinux-keyring#9

To be used as we begin migrating Flyspray tasks to GitLab.

Fix #320

Fix #354

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Jakub Klinkovský authored 3 years ago and Kristian Klausen committed 3 years ago

Co-authored-by: Kristian Klausen <kristian@klausen.dk>

Fix #193

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

X-Forwarded-For is defined as X-Forwarded-For: <client>, <proxy1>,
<proxy2>, and it was set to $proxy_add_x_forwarded_for which is
basically $http_x_forwarded_for,$remote_addr and headers from the client
can't be trusted!

Fix #292

Without hostname the role does not run.

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

zram-generator defaults to 50% of the ram where systemd-swap defaults to
25% of the ram.

[1] https://lists.archlinux.org/pipermail/arch-dev-public/2021-May/030429.html

This make it much easier to compare it to upstream's version:
diff -u standalone.xml.j2 /opt/keycloak/standalone/configuration/standalone.xml

Leonidas Spyropoulos authored 3 years ago and Kristian Klausen committed 3 years ago

Update standalone.xml configuration based on documentation

https://www.keycloak.org/docs/latest/upgrading/#_install_new_version



Closes: #347

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

The arch-iso project uses QEMU for building and it uses a lot of memory
(they have crashed runner2 twice), so let's see if we can avoid that by
capping Docker's memory.

We did the revert to help a small business, but they had some time to
fix their setup, so we can revert the revert.

This reverts commit a842fbe7.

- Set "proxy_cache_lock on" to avoid sending more than one auth request
  to archweb when a cache entry doesn't exist for the credentials.
- Set "proxy_cache_use_stale updating" to prevent nginx sending multiple
  auth requests to archweb while the cache is being refreshed. [1]

[1] http://mailman.nginx.org/pipermail/nginx/2016-January/049734.html

Use $uri instead of $request_uri in proxy_cache_key to avoid caching
based on the original URI which is different for each pacman request.

The cache keys are now in the following format:

  httpsarchlinux.org/devel/mirrorauth/Basic <credentials>

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

[1] https://archlinux.org/news/move-of-official-irc-channels-to-liberachat/

This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.