Commits on Source (60)
-
Evangelos Foutras authored
-
Kristian Klausen authored
"poetry run" is very slow[1] and adds +1 second to the startup time. This is made even worse by the fact that aurweb-git-serve is called twice by sshd[2]. [1] https://github.com/python-poetry/poetry/issues/3502 [2] https://security.stackexchange.com/questions/123795/authorizedkeyscommand-of-sshd-config-getting-called-twice/123801#123801
-
Kristian Klausen authored
aurweb: Make SSH faster by avoiding slow Poetry (~2,5 sec faster) See merge request !612
-
Kristian Klausen authored
Fix #453
-
Kristian Klausen authored
Fix #463
-
Kristian Klausen authored
Ref #465
-
Jelle van der Waa authored
-
Evangelos Foutras authored
-
Evangelos Foutras authored
When the GeoIP databases get refreshed (weekly), we want PowerDNS to reload them. Do this by running pdns_control reload in ExecStartPost.
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Evangelos Foutras authored
Useful if we wanted to create a Geo-based archive consisting of machines in the archive_mirrors group (though this will likely not happen because it'd break archlinux-repro due to the ~4 hour sync delay).
-
Evangelos Foutras authored
ansible-lint 6.5.0 complains about: name: All names should start with an uppercase letter. (name[casing])
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
Evangelos Foutras authored
This might be a bug in ansible-lint 6.5.0, but it appears to ignore all our 'skip_ansible_lint' tags. Fix this by replacing them with noqa tags.
-
Evangelos Foutras authored
This avoid having extra-long lines and works fine for task-based rules.
-
Evangelos Foutras authored
Fixes for ansible-lint 6.5.0 See merge request !620
-
-
Kristian Klausen authored
Update archmanweb to v1.4 See merge request !618
-
Evangelos Foutras authored
Fixes: 511b6ca4 ("misc/vault-keyring-client.sh: add flock workaround")
-
Sven-Hendrik Haase authored
See #468
-
Sven-Hendrik Haase authored
archusers: Make kgizdov dev See merge request !622
-
Evangelos Foutras authored
Fixes: 26f289b7 ("Capitalize the first letter of all task names")
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
We get a lot of unauthorized STUN requests in the logs.
-
Jan Alexander Steffens (heftig) authored
Otherwise it can't open our letsencrypt certs. It will setuid to `turnserver` itself.
-
Evangelos Foutras authored
Fixes: 26f289b7 ("Capitalize the first letter of all task names")
-
Evangelos Foutras authored
This box is very sussy and really likes to fill up its zram swap: [root@reproducible ~]# zramctl NAME ALGORITHM DISKSIZE DATA COMPR TOTAL STREAMS MOUNTPOINT /dev/zram0 lzo-rle 1.9G 1.5G 183.4M 196M 1 [SWAP] [root@reproducible ~]# free -m total used free shared buff/cache available Mem: 1928 529 73 5 1325 1236 Swap: 1927 1543 384 Fixes: 4a5748ea ("Bump zram-fraction to 1.0 for reproducible.archlinux.org")
-
Kristian Klausen authored
The WKD logic has been moved to the archlinux-keyring project[1][2]. [1] archlinux-keyring!166 [2] archlinux-keyring!169
-
Leonidas Spyropoulos authored
Signed-off-by:
Leonidas Spyropoulos <artafinde@archlinux.org>
-
Leonidas Spyropoulos authored
aurweb: bump to 6.1.2 version See merge request !624
-
Evangelos Foutras authored
We moved away from raid6 a while back; update the host var to reflect the current configuration.
-
Jan Alexander Steffens (heftig) authored
-
Kristian Klausen authored
Ref #469
-
Kristian Klausen authored
They should never have been in two files. Fixes: 98704c48 ("root_ssh: Add additional SSH key for klausenbusk")
-
Evangelos Foutras authored
The default of 0.5 has proven insufficient on at least 3 boxes so far.
-
Kristian Klausen authored
It is cumbersome to manage the list configurations from the web ui and easy for them to diverge, so let's instead manage them with Ansible. Fix #254
-
Kristian Klausen authored
mailman3: IaC list configurations Closes #254 See merge request !610
-
Kristian Klausen authored
arch-commits arch-security aur-dev pacman-contrib pacman-dev
-
nl6720 authored
Enable kernel lockdown in confidentiality mode to restrict how the root user can interact with the kernel. See https://wiki.archlinux.org/title/Security#Kernel_lockdown_mode and https://man.archlinux.org/man/kernel_lockdown.7 This could prevent a scenario where a malicious kernel module or access to some interface that kernel lockdown prevents, would allow or assist in escaping the KVM. It is not very likely as there needs to be an exploitable vulnerability in the hypervisor. To make it more secure, the host too would need to enable kernel lockdown. In the end this may only give some sense of security, but, as we all know, that's all that matters anyway.
-
Kristian Klausen authored
gitlab_runner: try to protect the VM runner kernel from the root user See merge request !617
-
Kristian Klausen authored
The default (40KB) isn't enough for all patches. Fixes: 4d8dfb6a ("mailman: Third batch of mailman3 migrated lists")
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
Evangelos Foutras authored
-
Leonidas Spyropoulos authored
Signed-off-by:
Leonidas Spyropoulos <artafinde@archlinux.org>
-
Leonidas Spyropoulos authored
Required for poetry 1.2 until #1917 is fixed https://github.com/python-poetry/poetry/issues/1917 Signed-off-by:
Leonidas Spyropoulos <artafinde@archlinux.org>
-
Leonidas Spyropoulos authored
aurweb: bump to v6.1.4 See merge request !626
-
Evangelos Foutras authored
Fixes: 92586d5b ("change(aurweb): rework ansible config for 6.0.0")
-
Kristian Klausen authored
arch-general aur-general aur-requests It has been decided not to migrate the following unlisted and unused lists: arch-magazine arch-notifications arch-test mailman
-
Kristian Klausen authored
Fixes: 4d8dfb6a ("mailman: Third batch of mailman3 migrated lists")
-
Kristian Klausen authored
All lists have been migrated to mailman3[1] and mailman3 is what users should use, so show its interface by default and not the mailman2 interface. [1] 75ac7d09 ("mailman: Fourth and final batch of mailman3 migrated lists")
-
Evangelos Foutras authored
Fixes: 578b7819 ("Capitalize the handler name in handler invocations") Fixes: 26f289b7 ("Capitalize the first letter of all task names")
-
Evangelos Foutras authored
Going to be served by all our Geo boxes under riscv.mirror.pkgbuild.com.
-
Evangelos Foutras authored
syncriscv: add role for mirroring the RISC-V port See merge request !625
-
Kristian Klausen authored
Renovate is a tool for: "Automated dependency updates. Multi-platform and multi-language."[1]. We require all commits pushed directly to official projects to be signed, so a master key and signing key have been generated for Renovate. Both keys are stored in renovate.asc and Renovate only has access to the signing key. [1] https://github.com/renovatebot/renovate
-
Kristian Klausen authored
The key is used for signing the releases, so the users can be sure the images on the mirrors haven't been modified. arch-boxes has been tweaked to use the key in this MR[1]. [1] archlinux/arch-boxes!176
-
Kristian Klausen authored
Add GPG master and signing key for Renovate and arch-boxes See merge request !579
Showing
- docs/maintenance.md 1 addition, 1 deletiondocs/maintenance.md
- group_vars/all/archusers.yml 11 additions, 14 deletionsgroup_vars/all/archusers.yml
- group_vars/all/geo.yml 4 additions, 0 deletionsgroup_vars/all/geo.yml
- group_vars/all/root_access.yml 0 additions, 1 deletiongroup_vars/all/root_access.yml
- group_vars/geo_mirrors/misc.yml 2 additions, 1 deletiongroup_vars/geo_mirrors/misc.yml
- host_vars/debuginfod.archlinux.org/misc 0 additions, 1 deletionhost_vars/debuginfod.archlinux.org/misc
- host_vars/gemini.archlinux.org/misc 1 addition, 1 deletionhost_vars/gemini.archlinux.org/misc
- host_vars/lists.archlinux.org/misc 0 additions, 1 deletionhost_vars/lists.archlinux.org/misc
- host_vars/reproducible.archlinux.org/misc 1 addition, 1 deletionhost_vars/reproducible.archlinux.org/misc
- misc/keys/README.md 29 additions, 0 deletionsmisc/keys/README.md
- misc/keys/arch-boxes.asc 50 additions, 0 deletionsmisc/keys/arch-boxes.asc
- misc/keys/renovate.asc 375 additions, 0 deletionsmisc/keys/renovate.asc
- misc/vault-keyring-client.sh 2 additions, 2 deletionsmisc/vault-keyring-client.sh
- misc/vaults/vault_matrix.yml 207 additions, 215 deletionsmisc/vaults/vault_matrix.yml
- playbooks/accounts.archlinux.org.yml 1 addition, 1 deletionplaybooks/accounts.archlinux.org.yml
- playbooks/all-hosts-basic.yml 1 addition, 1 deletionplaybooks/all-hosts-basic.yml
- playbooks/archive-mirrors.yml 1 addition, 1 deletionplaybooks/archive-mirrors.yml
- playbooks/archlinux.org.yml 3 additions, 3 deletionsplaybooks/archlinux.org.yml
- playbooks/aur.archlinux.org.yml 1 addition, 1 deletionplaybooks/aur.archlinux.org.yml
- playbooks/bbs.archlinux.org.yml 1 addition, 1 deletionplaybooks/bbs.archlinux.org.yml
misc/keys/README.md
0 → 100644
misc/keys/arch-boxes.asc
0 → 100644
misc/keys/renovate.asc
0 → 100644