Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • antiz/infrastructure
  • okabe/infrastructure
  • eworm/infrastructure
  • polyzen/infrastructure
  • pitastrudl/infrastructure
  • sjon/infrastructure
  • torxed/infrastructure
  • jinmiaoluo/infrastructure
  • moson/infrastructure
  • serebit/infrastructure
  • ivabus/infrastructure
  • lb-wilson/infrastructure
  • gromit/infrastructure
  • matt-1-2-3/infrastructure
  • jocke-l/infrastructure
  • alucryd/infrastructure
  • maximbaz/infrastructure
  • ainola/infrastructure
  • segaja/infrastructure
  • nl6720/infrastructure
  • peanutduck/infrastructure
  • aminvakil/infrastructure
  • xenrox/infrastructure
  • felixonmars/infrastructure
  • denisse/infrastructure
  • artafinde/infrastructure
  • jleclanche/infrastructure
  • kpcyrd/infrastructure
  • metalmatze/infrastructure
  • kevr/infrastructure
  • dvzrv/infrastructure
  • dhoppe/infrastructure
  • ekkelett/infrastructure
  • seblu/infrastructure
  • lahwaacz/infrastructure
  • klausenbusk/infrastructure
  • alerque/infrastructure
  • hashworks/infrastructure
  • foxboron/infrastructure
  • shibumi/infrastructure
  • lambdaclan/infrastructure
  • ffy00/infrastructure
  • freswa/infrastructure
  • archlinux/infrastructure
44 results
Show changes
Commits on Source (21)
Showing
with 104 additions and 36 deletions
......@@ -93,3 +93,4 @@ If you want to add a new official project, here are some guidelines to follow:
1. [ ] In the GitHub description of the mirrored project, append " (read-only mirror)" so that people know it's a mirror.
1. [ ] Disable `Packages` and `Environments` from being shown on the main page.
1. [ ] In the website field put the full url to the repository on our GitLab.
½. [ ] Go to https://github.com/archlinux/my-example/settings/access and remove the GitHub account `archlinux-github`
......@@ -33,8 +33,7 @@ https://www.gnupg.org/gph/en/manual/x135.html
The mailing list password can be found in misc/additional-credentials.vault.
- [ ] Add new user email as per `docs/email.md`.
- [ ] Create a new user in archweb: https://www.archlinux.org/devel/newuser/
This is also linked in the django admin backend at the top
- [ ] Create a new user in [archweb](https://www.archlinux.org/devel/newuser/). Select the appropriate group membership and allowed repos (if applicable).
- [ ] Subscribe **communication e-mail address** to internal [staff mailing list](https://lists.archlinux.org/admin/staff/members/add).
- [ ] Give the user access to `#archlinux-staff` on Libera Chat.
- [ ] Give the user a link to our [staff services page](https://wiki.archlinux.org/title/DeveloperWiki:Staff_Services).
......
# Banning IP Addresses for abuse
For banning with an expiry `fail2ban` can be used, the expiry time depends on the configured fail2ban jail:
```
fail2ban-client set sshd banip 1.1.1.1
```
To permanently ban an IP address `firewall-cmd` can be used as shown below:
```
firewall-cmd --add-rich-rule="rule family='ipv4' source address='1.1.1.1' reject"
firewall-cmd --add-rich-rule="rule family='ipv4' source address='1.1.1.1' reject" --zone=public
```
```
firewall-cmd --add-rich-rule="rule family='ipv6' source address='1:2:3:4:6::' reject"
firewall-cmd --add-rich-rule="rule family='ipv6' source address='1:2:3:4:6::' reject" --zone=public
```
Note that on Gitlab, you must block the ip address for the docker zone:
......@@ -23,5 +31,5 @@ firewall-cmd --list-all
To remove a banned IP Address:
```
firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" reject'
firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" reject' --zone=public
```
......@@ -5,8 +5,6 @@ arch_groups:
- tu
- fellows
- multilib
- archboxes-sudo
- docker-image-sudo
- support-staff
arch_users:
......@@ -29,13 +27,20 @@ arch_users:
alad:
name: "Alad Wenter"
ssh_key: alad.pub
hosts:
- mail.archlinux.org
groups:
- tu
- support-staff
alerque:
name: "Caleb Maclennan"
ssh_key: alerque.pub
groups:
- tu
alex19ep:
name: "Alexander Epaneshnikov"
ssh_key: alex19ep.pub
groups:
- tu
allan:
name: "Allan McRae"
ssh_key: allan.pub
......@@ -240,7 +245,10 @@ arch_users:
fukawi2:
name: "Phillip Smith"
ssh_key: fukawi2.pub
groups: []
hosts:
- mail.archlinux.org
groups:
- support-staff
gitlab:
name: ""
groups: []
......@@ -426,7 +434,6 @@ arch_users:
ssh_key: sangy.pub
groups:
- tu
- docker-image-sudo
schuay:
name: "Jakob Gruber"
ssh_key: schuay.pub
......@@ -458,7 +465,6 @@ arch_users:
shell: /bin/zsh
groups:
- tu
- archboxes-sudo
kpcyrd:
name: "Kpcyrd"
ssh_key: kpcyrd.pub
......
---
enable_zram_swap: true
configure_network: true
dhcp: true
---
filesystem: btrfs
static_dns: true
wireguard_address: 10.0.0.15
wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=
......@@ -18,7 +18,6 @@
postgres_work_mem: 64MB
postgres_maintenance_work_mem: 256MB
postgres_effective_cache_size: 4GB
postgres_jit: 'off'
- { role: postfix_null }
- { role: matrix }
- { role: fail2ban }
......
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOE9xXXkutfg0jiXlOUUl8rFngOJze174S/f6vCKCLoqCwWnThYnojGU1QvmM4TC9Af89mWZfOLopK4VRdcus9oXtneSOuC5BuPe+bBUJQRh8FMoU8H0lIV3VK//W6JLnGCu1v0lBV8Ukrm3hkMVJRUoqytxc7SiTAYc7a9RLhia/P5HJRYhzrHZyRo93ePWuzklC4naRKmId1R2KgsqcpCqC3GIN+MNofTvhFObIWHNpda1ozG0vCWipofR7DCVLPHXDiPvymP+3IcnZw2PjgI0cVbu7hRxSc6XMNfHaH9+FdOBOrwQF+tfMRjgqXTsPOYbdHhtyah9KHTG8vuXTzzAhink4JjSUADAVGH5dWWh7RmdmMNd3z7g335a46ogYb4WrYhtyrGeUB2s3g52tMHrgm0izW6rHtw0NxAMf/yruqbfit07v/tiMmh2V8epxWQRFLs3a4sPMuw1yqbxHoyP2ikiZxB86CK0JLBUkVTUw9gFoB/NoirSXSUBswopMScM5FDmLZ+kbFAbKQoJc16SGI0XMNtjpnPYQr5D01Ry9NAl9nj2+xFwtsQlavE/oPRalgECie3VSzCzXOHEkUfsvjTt0YFz7nE9U63LWgggKosm7I0+vwE+z3D6NfluJLqEygsbejVxhWdGIG0mZQ/yyMcTM7qmDD7bzWgTwBtQ== cardno:9 236 381
......@@ -7,10 +7,17 @@ DefaultZone=public
# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# on exit or stop of firewalld.
# Default: yes
CleanupOnExit=yes
# Clean up kernel modules on exit
# If set to yes or true the firewall related kernel modules will be
# unloaded on exit or stop of firewalld. This might attempt to unload
# modules not originally loaded by firewalld.
# Default: no
CleanupModulesOnExit=no
# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
......@@ -45,6 +52,8 @@ LogDenied=off
# Choices are:
# - nftables (default)
# - iptables (iptables, ip6tables, ebtables and ipset)
# Note: The iptables backend is deprecated. It will be removed in a future
# release.
FirewallBackend=nftables
# FlushAllOnReload
......@@ -61,15 +70,3 @@ FlushAllOnReload=yes
# internet.
# Defaults to "yes".
RFC3964_IPv4=yes
# AllowZoneDrifting
# Older versions of firewalld had undocumented behavior known as "zone
# drifting". This allowed packets to ingress multiple zones - this is a
# violation of zone based firewalls. However, some users rely on this behavior
# to have a "catch-all" zone, e.g. the default zone. You can enable this if you
# desire such behavior. It's disabled by default for security reasons.
# Note: If "yes" packets will only drift from source based zones to interface
# based zones (including the default zone). Packets never drift from interface
# based zones to other interfaces based zones (including the default zone).
# Possible values; "yes", "no". Defaults to "no".
AllowZoneDrifting=no
......@@ -4,4 +4,4 @@ fluxbb_dir: /srv/http/fluxbb
fluxbb_cookie_name: flux_cookie_eezohm0o
fluxbb_funnyquestion_hash: aixuGahCh4eng3bu
fluxbb_version: 8d95fbd95b82dd0a996603cc28f79b36b8e54253
fluxbb_version: 4920394fae2296a77f766687f2082f15b7498440
......@@ -21,6 +21,9 @@ loggers:
handlers: [journal]
propagate: false
synapse.logging.context:
level: ERROR
root:
level: WARNING
handlers: [buffer]
......
......@@ -9,7 +9,7 @@ WorkingDirectory=~
ExecStart=/var/lib/synapse/venv-pantalaimon/bin/pantalaimon \
-c /etc/synapse/pantalaimon.conf \
--data-path /var/lib/synapse/pantalaimon-data
ExecStartPost=/usr/bin/sleep 3
ExecStartPost=/usr/bin/sleep 30
[Install]
WantedBy=multi-user.target
......@@ -77,7 +77,7 @@
- name: install synapse
pip:
name:
- 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.39.0'
- 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.40.0'
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv
......@@ -147,7 +147,7 @@
git:
repo: https://github.com/matrix-org/matrix-appservice-irc
dest: /var/lib/synapse/matrix-appservice-irc
version: 0.27.0
version: 0.29.0
become: true
become_user: synapse
become_method: sudo
......
......@@ -715,6 +715,7 @@ caches:
#
per_cache_factors:
#get_users_who_share_room_with_user: 2.0
get_users_in_room: 5.0
# Controls how long an entry can be in a cache without having been
# accessed before being evicted. Defaults to None, which means
......@@ -731,6 +732,9 @@ caches:
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
# 'psycopg2' (for PostgreSQL).
#
# 'txn_limit' gives the maximum number of transactions to run per connection
# before reconnecting. Defaults to 0, which means no limit.
#
# 'args' gives options which are passed through to the database engine,
# except for options starting 'cp_', which are used to configure the Twisted
# connection pool. For a reference to valid arguments, see:
......@@ -751,6 +755,7 @@ caches:
#
#database:
# name: psycopg2
# txn_limit: 10000
# args:
# user: synapse_user
# password: secretpassword
......@@ -765,6 +770,7 @@ caches:
#
database:
name: psycopg2
txn_limit: 10000
args:
dbname: synapse
user: synapse
......
......@@ -314,7 +314,7 @@ ircService:
# $SERVER => The IRC server address (e.g. "irc.example.com")
matrixClients:
# The user ID template to use when creating virtual matrix users. This
# MUST have $NICK somewhere in it.
# MUST start with an @ and have $NICK somewhere in it.
# Optional. Default: "@$SERVER_$NICK".
# Example: "@irc.example.com_Alice:example.com"
userTemplate: "@{{ network.name }}_$NICK"
......@@ -542,6 +542,13 @@ ircService:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
# format of replies sent shortly after the original message
shortReplyTemplate: "$NICK: $REPLY"
# format of replies sent a while after the original message
longReplyTemplate: "<$NICK> \"$ORIGINAL\" <- $REPLY"
# how much time needs to pass between the reply and the original message to switch to the long format
shortReplyTresholdSeconds: 300
ircHandler:
# Should we attempt to match an IRC side mention (nickaname match)
# with the nickname's owner's matrixId, if we are bridging them?
......
[DHCPv4]
UseDNS=false
[DHCPv6]
UseDNS=false
[IPv6AcceptRA]
UseDNS=false
[Network]
DNS=2606:4700:4700::1111#1dot1dot1dot1.cloudflare-dns.com
DNS=2606:4700:4700::1001#1dot1dot1dot1.cloudflare-dns.com
DNS=1.1.1.1#1dot1dot1dot1.cloudflare-dns.com
DNS=1.0.0.1#1dot1dot1dot1.cloudflare-dns.com
DNSOverTLS=true
---
- name: configure network (static)
template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
notify:
- restart networkd
block:
- name: install 10-static-ethernet.network
template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
notify:
- restart networkd
- name: create drop-in directory for 10-static-ethernet.network
file: path=/etc/systemd/network/10-static-ethernet.network.d state=directory owner=root group=root mode=0755
- name: configure static dns (static)
copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network.d/dns.conf owner=root group=root mode=0644
notify:
- restart networkd
when: static_dns|default(true)
when: not dhcp|default(false)
- name: configure network (dhcp)
template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
notify:
- restart networkd
block:
- name: install 10-dhcp-ethernet.network
template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
notify:
- restart networkd
- name: create drop-in directory for 10-dhcp-ethernet.network
file: path=/etc/systemd/network/10-dhcp-ethernet.network.d state=directory owner=root group=root mode=0755
- name: configure static dns (dhcp)
copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network.d/dns.conf owner=root group=root mode=0644
notify:
- restart networkd
when: static_dns|default(false)
when: dhcp|default(false)
- name: create symlink to resolv.conf
......
......@@ -3,6 +3,7 @@ Description=Prometheus Arch Exporter TextCollector Timer
[Timer]
OnUnitActiveSec=5m
OnBootSec=5min
[Install]
WantedBy=timers.target
......@@ -158,6 +158,7 @@ locals {
"openpgpkey.master-key" = "5c7f9c249885c62287dd75d0c1dd99d8"
"bugs-old" = "1f3308c8d5763eecb4f9013291aeeac4"
"tu-bylaws.aur" = "bbafd3ed82f336e0c52d3eb9774b2432"
"reproducible-notes" = "8c657f2f2720db1c3db63be89605cf0d"
}
# This creates archlinux.org TXT DNS entries
......