New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.

Useful for mail.archlinux.org where this setting doesn't matter since we
force the SSH command to passwd and zsh was removed as part of the tools
cleanup effort recently (stops shadow.service from complaining about zsh
missing).

Fix #392

Also adjust indentation and make the uploaded files owned by nobody.

Fix #177

This is done to avoid killing db-update and related processes.

We want to treat our servers as cattle; hopefully when this is fleshed
out a bit more, it can accomplish the job without too many casualties.

We used to set query_cache_type to 0 in the default settings but we were
also setting query_cache_size to a non-zero/non-default value, which was
in turn re-enabling the query cache. Update the configuration to reflect
the actual cache state and make sure query_cache_size is set to zero for
the "query_cache_type = 0" case.

Now that the setting controls the real state of the query cache, disable
it for bbs.archlinux.org; its hit rate is small compared to insert rate.

Default query_cache_type to 0 and innodb_file_per_table to true.

The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.

[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client

The users are only meant as a way to change the mail password and
setting up forwarding (~/.forward), the latter will be handled by the
DevOps team now.

This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.

https://lists.archlinux.org/pipermail/arch-dev-public/2021-July/030471.html

Fix #86

Fix #356

The DNS is still pointing to luna.

nginx, certbot, postfix and mailman are still missing and the DNS is
still pointing to luna.

We want to use rspamd for lists.al.org at some point, so we can't
hardcode the domain to archlinux.org.

Jakub Klinkovský authored 3 years ago and Kristian Klausen committed 3 years ago

Co-authored-by: Kristian Klausen <kristian@klausen.dk>

Give more memory to the apps and less to postgres.

Sven-Hendrik Haase authored 3 years ago and Kristian Klausen committed 3 years ago

Co-authored-by: Kristian Klausen <kristian@klausen.dk>

To not run into rate-limits when resolving DNS records from rspamd, use
our own local recursive resolver.