Signed-off-by: Christian Heusel <christian@heusel.eu>

Currently needs a hack in
/var/lib/synapse/matrix-appservice-irc/node_modules/matrix-appservice-bridge/lib/components/media-proxy.js
to replace the `"http"` require with `"https"` or the proxy won't work.

See: https://github.com/matrix-org/matrix-appservice-bridge/issues/507

New server; same CPU and RAM as previous one, hopefully more stable.

Mjolnir does not support Node 20.

This shell behavior[1] in Bash 5.2 "expands occurrences of '&' in the
replacement string of pattern substitution to the text matched by the
pattern" but we want literal ampersands so escape them.

[1] https://www.gnu.org/software/bash/manual/html_node/The-Shopt-Builtin.html

Fix #573

Fix #566

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Follow-up to merge request !786. New key is
already trusted by four master keys in archlinux-keyring 20231222-1.

archlinux-keyring#254

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

gromit is our newest Junior DevOps[1] and will get access to:
* bugs.archlinux.org: for helping with the bug migration
* wiki.archlinux.org: for helping with (archwiki) maintenance

[1] https://lists.archlinux.org/archives/list/arch-devops@lists.archlinux.org/message/2LAOGIVY33MZLBZCDSQHDQVQNEULLUTW/

Fix #543

A new Hetzner cloud project has been created called "Sandbox". This
project is meant for non-production workload which must be created
on-demand from e.g. a CI pipeline. The first project using the sandbox
is aurweb, which wants to use GitLab's Review apps[1] feature to create
dynamic environments on-demand.

Two API tokens have been created, one for the infrastructure project (to
be used by packer) and for the aurweb project.

[1] https://docs.gitlab.com/ee/ci/review_apps/

This is needed as archlinux-docker wants to push its container images to
GitHub Packages[1]. Unfortunately, the existing GitHub account has too
much access and it is not possible to limit the token to a single
repository[2].

[1] archlinux-docker#73
[2] https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic

This is needed as archlinux-docker wants to push its container images to
Quay.io[1], which requires a RedHat account.

[1] archlinux-docker#73

Follow-up to merge request archlinux/infrastructure!671.

URL: https://fosstodon.org/@archlinux

We have been using sponsored Equinix Metal boxes for years (sponsorship
managed by CNCF[1]). This adds a service account[2], so we don't need to
rely on individual access.

[1] https://github.com/cncf/cluster
[2] https://github.com/cncf/cluster/issues/213

Similarly to geo.mirror.pkgbuild.com, this is monitored elsewhere.

I think this was renamed when Keycloak switched to Quarkus.

From [1]: "By default, the new Quarkus distribution removes /auth from
           the context-path."

[1] https://www.keycloak.org/migration/migrating-to-quarkus

The key is used for signing the releases, so the users can be sure the
images on the mirrors haven't been modified. arch-boxes has been tweaked
to use the key in this MR[1].

[1] archlinux/arch-boxes!176

Renovate is a tool for: "Automated dependency updates. Multi-platform
and multi-language."[1].

We require all commits pushed directly to official projects to be
signed, so a master key and signing key have been generated for
Renovate. Both keys are stored in renovate.asc and Renovate only has
access to the signing key.

[1] https://github.com/renovatebot/renovate