1. 14 May, 2022 3 commits
  2. 15 Apr, 2022 1 commit
    • Kristian Klausen's avatar
      Avoid single point-of-failure for our GeoIP domain · aa359082
      Kristian Klausen authored
      We don't want mirror.pkgbuild.com's DNS server to be a
      single-point-of-failure, so this commit adds multiple authoritative DNS
      servers for the zone. The extra DNS servers are run on the geomirror
      servers.
      
      The _acme-challenge zone, used for obtaining certificates, is run solely
      on mirror.pkgbuild.com's DNS server, to avoid syncing DNS records
      between the servers (KISS).
      aa359082
  3. 13 Apr, 2022 2 commits
    • Evangelos Foutras's avatar
      Enable certbot_dns_support for geo mirrors only · 64ec52ca
      Evangelos Foutras authored
      mirror.pkgbuild.com doesn't need it.
      64ec52ca
    • Kristian Klausen's avatar
      Add GeoIP domain for our sponsored mirros · 9f65f99c
      Kristian Klausen authored
      We had a GeoIP mirror in the past based on nginx and its GeoIP module,
      but it didn't perform very well, due to the high latency (asking a
      central server for the package and then redirected to the closest
      mirror).
      
      One of the reasons for offering this service, is so we can relieve
      mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
      likely due to it being the default mirror in our Docker image. Another
      reason is so we can offer a link to our arch-boxes images in libosinfo
      (used by gnome-boxes, virt-install and virt-manager), with good enough
      performance for most users.
      
      This time we take a different approach and use a DNS based solution,
      which means the latency penalty is only paid once (the first DNS
      request). The downside is that the mirrors must have a valid certificate
      for the same domain name, which makes using third-party mirrors a
      challenge. So for now, we are just using the sponsored mirorrs
      controlled by the DevOps team.
      
      Fix #101
      9f65f99c
  4. 04 Feb, 2022 1 commit
  5. 02 Oct, 2021 1 commit
  6. 06 Jul, 2021 1 commit
    • Kristian Klausen's avatar
      WireGuard all hosts · 664deb67
      Kristian Klausen authored
      This is meant as a internal authenticated and encrypted network which we
      can use for internal services, we don't want to expose to the internet
      or when encryption is desired but not easily implementable.
      664deb67
  7. 12 Apr, 2021 1 commit
  8. 08 Apr, 2021 1 commit
  9. 07 Apr, 2021 1 commit
  10. 02 Nov, 2020 1 commit
  11. 06 Oct, 2020 1 commit
  12. 12 Sep, 2020 1 commit
  13. 27 Aug, 2020 1 commit
  14. 24 Mar, 2019 1 commit
  15. 02 Jul, 2018 1 commit
  16. 07 Dec, 2017 1 commit
  17. 15 Nov, 2017 1 commit
  18. 20 Oct, 2017 1 commit
  19. 11 Sep, 2017 1 commit
  20. 06 Sep, 2017 1 commit
  21. 05 Sep, 2017 1 commit