Fixes: 7ea1eb29 ("gitlab_runner: Refactor libvirt-executor")

It failed to reboot during the last upgrade procedure. Upon logging into
the Equinix Metal console, we discovered that we lack access to all 4 of
the servers sponsored by Equinix Metal. They are under the CNCF account,
and it's not possible to transfer them to our organization.

Equinix Metal is being sunset, and the remaining 3 servers will also go
away on June 30th 2026. We can keep them until then, or until they fail
to boot like seoul.mirror.pkgbuild.com.

alpm-buildinfo and alpm-types have been consolidated into the alpm
project[1], for which GitLab Pages was recently configured[2][3].

Requested by @dvzrv.

[1] https://gitlab.archlinux.org/archlinux/alpm/alpm
[2] archlinux/alpm/alpm#32
[3] 3d54b56c ("Add GitLab Pages for alpm")

We are not on top of expiring bot tokens and we usually only notice when
someone else points it out.

It is also a bit cumbersome to add new bot tokens, so avoid the issue
altogether, by just extending the lifetime of the bot tokens
continuously.

Fix #617

The behavior is mentioned in the documentation[1], but gitlab has not
always done it this way (e.g. some of the older project bots still
exist, even though the project tokens expired several months ago).

[1] https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects

This will be used for deleting old packages (i.e. the fortnightly
packages which are older than 90 days). I thought using a job token
would work (as described in [1]), but that turned out not to be the case
as explained in [2].

[1] 242213b2 ("gluebuddy: Remove deleted project bot for arch-boxes")
[2] arch-boxes@48ccb457

As it turns out the value for this filters "rounds" parameter strongly
differs depending on the installed python crypto backend, since
python-crypt uses 5000 rounds while python-passlib uses 656000 rounds
set a default parameter according to ansible documentation.

As really high values for "rounds" lead to some login timeouts it makes
sense for us to use a fixed value for this parameter. In this case 5000
have been chosen as this value reflects the defaults from python-crypt
aswell as /etc/login.defs in the shadow package.

Link: https://github.com/ansible/ansible/pull/77963/files
Related-to: #250


Signed-off-by: Christian Heusel <christian@heusel.eu>

This will be used for issue-bot[1][2] similar as it is done in the
signstar project[3].

[1] https://gitlab.com/gitlab-org/distribution/issue-bot
[2] arch-boxes@f0c7c7e7
[3] signstar@4e1cfa1e

Requested by Orhun[1].

[1] archlinux/alpm/alpm!9

This ensures that the fully templated file is syntactically is a valid php file.

Signed-off-by: Christian Heusel <christian@heusel.eu>

Despite multiple people reviewing the change this was not spotted 



Signed-off-by: Christian Heusel <christian@heusel.eu>

nl6720 authored 5 months ago and Christian Heusel committed 5 months ago

https://wiki.archlinux.org/title/Template:Text_art needs a consistent font.

Discussed in https://wiki.archlinux.org/title/Template_talk:Text_art#Use_of_non-ASCII_characters

Signed-off-by: Christian Heusel <christian@heusel.eu>

Check the HTTPS DNS records of the following Geo domains:

- geo.mirror.pkgbuild.com
- riscv.mirror.pkgbuild.com

Ensure they return: "1 . alpn=h2,h3 ipv4hint=... ipv6hint=..."

Ref #606

pacman/curl does not utilize HTTP/3, but it makes sense to enable
regardless to ensure consistency.

We self-host the authoritative nameservers for the geo domains, so the
configuration has been tweaked to add the HTTPS DNS record for each geo
domain.

Ref #606

Signed-off-by: Christian Heusel <christian@heusel.eu>

This will be used for issue-bot[1] similar as it is done in the
signstar project[2].

[1] signstar#20 (comment 201743)
[2] https://gitlab.com/gitlab-org/distribution/issue-bot

This will be used to create issues for the monthly reports[1][2].

[1]: project-management!1
[2]: project-management#31



Signed-off-by: Christian Heusel <christian@heusel.eu>

The default set is defective and only covers `twitter.com` and
`youtube.com/shorts`.

Take the [official list][1] and filter it to remove providers that
Synapse rejects.

[1]: https://oembed.com/providers.json

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Currently needs a hack in
/var/lib/synapse/matrix-appservice-irc/node_modules/matrix-appservice-bridge/lib/components/media-proxy.js
to replace the `"http"` require with `"https"` or the proxy won't work.

See: https://github.com/matrix-org/matrix-appservice-bridge/issues/507

Fixes: 0c976679 ("Deploy tempo")

We do this since the redis package is soon to be deprecated:
https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/2ERGX565GSSBUMADBG7DQJYNPJD5GUXD/



Signed-off-by: Christian Heusel <christian@heusel.eu>

The project access token expired ~3 months ago and the CI script has
just been switched to using a job token instead[1]. The project bot user
has zero activity so I decided to delete it.

[1] arch-boxes@afa85791

Fixes: 87b2eddf ("aurweb: enable goaurrpc metrics and dashboard")

We do not usually expose metrics publicly and there is no good reason
for handling aurweb differently.

Fixes: 74757d6b ("Scape aurweb metrics")

It seems to have broken with the release of filesystem 2021.12.07, which
incorporates this upstream change[1] in [2]. Please also see the
upstream issue[3].

I'm not sure why we used ansible_fqdn in the first place as
inventory_hostname should be preferred (as we define it ourselves).

[1] https://github.com/systemd/systemd/commit/ce266330fc3bd6767451ac3400336cd9acebe9c1
[2] archlinux/packaging/packages/filesystem@fc84245e
[3] https://github.com/systemd/systemd/issues/20358

Fixes: 8dfa7e8c ("nginx: Add plumbing for enabling HTTP/3 conditionally")