Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • antiz/infrastructure
  • okabe/infrastructure
  • eworm/infrastructure
  • polyzen/infrastructure
  • pitastrudl/infrastructure
  • sjon/infrastructure
  • torxed/infrastructure
  • jinmiaoluo/infrastructure
  • moson/infrastructure
  • serebit/infrastructure
  • ivabus/infrastructure
  • lb-wilson/infrastructure
  • gromit/infrastructure
  • matt-1-2-3/infrastructure
  • jocke-l/infrastructure
  • alucryd/infrastructure
  • maximbaz/infrastructure
  • ainola/infrastructure
  • segaja/infrastructure
  • nl6720/infrastructure
  • peanutduck/infrastructure
  • aminvakil/infrastructure
  • xenrox/infrastructure
  • felixonmars/infrastructure
  • denisse/infrastructure
  • artafinde/infrastructure
  • jleclanche/infrastructure
  • kpcyrd/infrastructure
  • metalmatze/infrastructure
  • kevr/infrastructure
  • dvzrv/infrastructure
  • dhoppe/infrastructure
  • ekkelett/infrastructure
  • seblu/infrastructure
  • lahwaacz/infrastructure
  • klausenbusk/infrastructure
  • alerque/infrastructure
  • hashworks/infrastructure
  • foxboron/infrastructure
  • shibumi/infrastructure
  • lambdaclan/infrastructure
  • ffy00/infrastructure
  • freswa/infrastructure
  • archlinux/infrastructure
44 results
Show changes
Commits on Source (7)
Hide whitespace changes
Inline Side-by-side
Showing
with 32 additions and 26 deletions
README.md
View file @ 9f7b6729
......@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
The very first time you run terraform on your system, you'll have to init it:
cd tf-stage1 # and also tf-stage2
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
......
misc/get_key.py
View file @ 9f7b6729
......@@ -40,10 +40,9 @@ with chdir(root):
def load_vault(path):
with chdir(root):
return yaml.load(
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
)
return yaml.load(
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
)
class OutputFormat(str, Enum):
......
roles/borg_client/tasks/main.yml
View file @ 9f7b6729
......@@ -57,12 +57,14 @@
template: src=backup-gitlab.sh.j2 dest=/usr/local/bin/backup-gitlab.sh owner=root group=root mode=0755
when: inventory_hostname == "gitlab.archlinux.org"
- name: install systemd timer and service for backup
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
- name: install systemd services for backup
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- borg-backup.timer
- borg-backup.service
- borg-backup-offsite.service
- name: activate systemd timers for backup
- name: install systemd timer for backup
copy: src=borg-backup.timer dest=/etc/systemd/system/borg-backup.timer owner=root group=root mode=0644
- name: activate systemd timer for backup
systemd: name=borg-backup.timer enabled=yes state=started daemon-reload=yes
roles/borg_client/templates/borg-backup-cpu-quota.j2 0 → 100644
View file @ 9f7b6729
{% if ansible_processor_vcpus == 1 %}
{# Limit CPU usage to avoid triggering a HostHighCpuLoad alert #}
CPUQuota=50%
{% endif %}
roles/borg_client/files/borg-backup-offsite.service roles/borg_client/templates/borg-backup-offsite.service.j2
View file @ 9f7b6729
......@@ -5,4 +5,5 @@ Description=Borg backup (offsite)
Type=oneshot
Restart=on-failure
RestartSec=5m
{% include 'borg-backup-cpu-quota.j2' %}
ExecStart=/usr/local/bin/borg-backup-offsite.sh
roles/borg_client/files/borg-backup.service roles/borg_client/templates/borg-backup.service.j2
View file @ 9f7b6729
......@@ -7,4 +7,5 @@ Before=borg-backup-offsite.service
Type=oneshot
Restart=on-failure
RestartSec=5m
{% include 'borg-backup-cpu-quota.j2' %}
ExecStart=/usr/local/bin/borg-backup.sh
tf-stage1/archlinux.tf
View file @ 9f7b6729
......@@ -6,7 +6,7 @@ terraform {
data "external" "vault_hetzner" {
program = [
"${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
"${path.module}/../misc/get_key.py", "${path.module}/../misc/vault_hetzner.yml",
"hetzner_cloud_api_key",
"hetzner_dns_api_key",
"--format", "json"
......@@ -381,21 +381,21 @@ resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
zone_id = hetznerdns_zone.pkgbuild.id
name = "@"
value = "robotns3.second-ns.com."
value = "helium.ns.hetzner.de."
type = "NS"
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
zone_id = hetznerdns_zone.pkgbuild.id
name = "@"
value = "robotns2.second-ns.de."
value = "oxygen.ns.hetzner.com."
type = "NS"
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
zone_id = hetznerdns_zone.pkgbuild.id
name = "@"
value = "ns1.first-ns.de."
value = "hydrogen.ns.hetzner.com."
type = "NS"
}
......@@ -405,11 +405,10 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
# zone_id = hetznerdns_zone.pkgbuild.id
# name = "@"
# value = "ns1.first-ns.de. dns.hetzner.com. 2020090604 14400 1800 604800 86400"
# value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
# type = "SOA"
# }
resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
zone_id = hetznerdns_zone.pkgbuild.id
name = "@"
......@@ -427,21 +426,21 @@ resource "hetznerdns_record" "archlinux_org_origin_caa" {
resource "hetznerdns_record" "archlinux_org_origin_ns3" {
zone_id = hetznerdns_zone.archlinux.id
name = "@"
value = "robotns3.second-ns.com."
value = "helium.ns.hetzner.de."
type = "NS"
}
resource "hetznerdns_record" "archlinux_org_origin_ns2" {
zone_id = hetznerdns_zone.archlinux.id
name = "@"
value = "robotns2.second-ns.de."
value = "oxygen.ns.hetzner.com."
type = "NS"
}
resource "hetznerdns_record" "archlinux_org_origin_ns1" {
zone_id = hetznerdns_zone.archlinux.id
name = "@"
value = "ns1.first-ns.de."
value = "hydrogen.ns.hetzner.com."
type = "NS"
}
......@@ -451,7 +450,7 @@ resource "hetznerdns_record" "archlinux_org_origin_ns1" {
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
# zone_id = hetznerdns_zone.archlinux.id
# name = "@"
# value = "ns1.first-ns.de. ibiru.archlinux.org. 2020072502 7200 900 1209600 86400"
# value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
# type = "SOA"
# }
......
tf-stage2/keycloak.tf
View file @ 9f7b6729
......@@ -5,7 +5,7 @@ terraform {
}
data "external" "vault_keycloak" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_keycloak.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_keycloak.yml",
"vault_keycloak_admin_user",
"vault_keycloak_admin_password",
"vault_keycloak_smtp_user",
......@@ -14,33 +14,33 @@ data "external" "vault_keycloak" {
}
data "external" "vault_google" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_google.yml",
"vault_google_recaptcha_site_key",
"vault_google_recaptcha_secret_key",
"--format", "json"]
}
data "external" "vault_github" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_github.yml",
"vault_github_oauth_app_client_id",
"vault_github_oauth_app_client_secret",
"--format", "json"]
}
data "external" "vault_monitoring" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_monitoring.yml",
"vault_monitoring_grafana_client_secret",
"--format", "json"]
}
data "external" "vault_hedgedoc" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_hedgedoc.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_hedgedoc.yml",
"vault_hedgedoc_client_secret",
"--format", "json"]
}
data "external" "vault_matrix" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_matrix.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_matrix.yml",
"vault_matrix_openid_client_secret",
"--format", "json"]
}
......
tf-stage2/uptimerobot.tf
View file @ 9f7b6729
......@@ -3,7 +3,7 @@
# https://github.com/louy/terraform-provider-uptimerobot/issues/82
data "external" "vault_uptimerobot" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_uptimerobot.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_uptimerobot.yml",
"vault_uptimerobot_api_key",
"vault_uptimerobot_alert_contact",
"--format", "json"]
......