Compare revisions

1b1a7a68 · 1b1a7a68 · 1b1a7a68 · 1b1a7a68 · 1b1a7a68 · 4f872bae
--- a/group_vars/all/root_access.yml
+++ b/group_vars/all/root_access.yml
@@ -3,7 +3,6 @@ sudo_users:
  - root
  - foutrelis
  - freswa
-  - heftig
  - jelle
  - svenstaro
  - anthraxx
@@ -16,6 +15,8 @@ root_ssh_keys:
  - key: foutrelis.pub
  - key: freswa.pub
  - key: heftig_nitrokey.pub
+    hosts:
+      - matrix.archlinux.org
  - key: jelle.pub
  - key: svenstaro.pub
  - key: anthraxx.pub
@@ -32,12 +33,11 @@ root_ssh_keys:
 vault_super_pgpkeys: &vault_super_pgpkeys
  - 86CFFCA918CF3AF47147588051E8B148A9999C34  # foutrelis
  - 05C7775A9E8B977407FE08E69D4C5AA15426DA0A  # freswa
-  - 83BC8889351B5DEBBB68416EB8AC08600F108CDF  # heftig
  - E499C79F53C96A54E572FEE1C06086337C50773E  # jelle
  - 8FC15A064950A99DD1BD14DD39E4B877E62EB915  # svenstaro
  - E240B57E2C4630BA768E2F26FC1B547C8D8172C8  # anthraxx
  - DB650286BD9EAE39890D3FE6FE3DC1668CB24956  # klausenbusk
-  - B4B759625D4633430B74877059E43E106B247368  # artafinde
+  - 2191B89431BAC0A8B96DE93D244740D17C7FD0EC  # artafinde
  - F00B96D15228013FFC9C9D0393B11DAA4C197E3D  # gromit

 # run 'playbooks/tasks/reencrypt-vault-default-key.yml' when this changes;
@@ -47,3 +47,4 @@ vault_super_pgpkeys: &vault_super_pgpkeys
 # misc/vaults/vault_hcloud.yml`
 vault_default_pgpkeys:
  - *vault_super_pgpkeys
+  - 83BC8889351B5DEBBB68416EB8AC08600F108CDF  # heftig
--- a/group_vars/all/vault_aurweb.yml
+++ b/group_vars/all/vault_aurweb.yml
+$ANSIBLE_VAULT;1.1;AES256
+38383639393932666334353834613134353965333939343530636234353536366138346137613636
+3439373136366635623339626236663338623237313135630a333939303839303738653835316430
+37363337386331323263623837373032646438326334623436313034353032386535656139353264
+3834613539356336310a383230373736346434656361333134353136366430393130396466643561
+61356162353661633736356431646538643138383766333763626335393135343363316166656461
+30663961336136356134333231316232653664343839616235396562376436363837356563616136
+656332343163376332636131333166623362
--- a/group_vars/all/vault_bugbuddy.yml
+++ b/group_vars/all/vault_bugbuddy.yml
 $ANSIBLE_VAULT;1.1;AES256
-39373434666461363763613035393939643631303536303065346633626338303531353538376564
-3433616133616461383836313130313533316536616436660a366333636663326430376661336637
-35356663323361346238383339323433623939303361333135646437343562366466653464353833
-3162616161373030360a363332343237306134636263346237363361343862653738306237386261
-32366461393061393562373762343432313161386166323934383135316532633734616266623539
-62313138636162363861303333616439616164626462656234653334353631653430656261323439
-66303336656462616363653364353332303562663663336539396534326436646136373539646339
-62616534303337643064316162663731393339303436653066653436396566633966326539376435
-61363737383231323137663033656437393761393135373238613961663439346631353437646661
-30396262636134326463393030666538613535323333633830366361613037633862303030386664
-653665306630313164303537323436356231
+38326438386332363162616366636231336432613763653939396564366164626435316239353464
+3661633063303639366139386130326132373037316237640a333666626366613937336434346535
+36326466623664633566636464653735396664346664336161646336356561343239383338653232
+3966366364663665330a353337376136366634656130346633346366396634323365623564313034
+61666634326430343861663666323638663436643435346332636535636636666539613832633034
+39366537333535366661333239623132323130366661386562306536323535353730333162666366
+35303364633130326539316437323164636330306634316431393536313635326138393334313766
+33303231643132336532393937616538333937313862663335616231326438366463636363396266
+62613330383436346137363661613430313165636632313566646430626662336233663330346266
+31396630663765323264396664393335633164376666383763303036393438303939396234373665
+62336535343237663935663463376235326132323533623961306239303263393632346132613630
+33653139373533333161376430643632393136353338646531353239663362666430343465303431
+32313863333934366535396634653439343266356263326662653938643664613435333932363761
+3932646131323565656462366534343631396434646438633438
--- a/group_vars/all/vault_dyn_dns_keys.yml
+++ b/group_vars/all/vault_dyn_dns_keys.yml
 $ANSIBLE_VAULT;1.1;AES256
-62393237353533363738376335336564623464336332393733306465333339376130613338356537
-6166666538303939313238323238616433653036376662360a323663613934636539333365303166
-33343266613234363965363233666165383333343862326436313935636631326266363462613033
-3937393135656534370a663035633362643931653864336336396535373038396165633934366433
-31656663396538376337373762386162386665353639336235363233643139303763333861376339
-62306130363039376431396234333030616235306530343336326237656638636435363038663931
-39356535643265616337306530393962373537336335333764363565313939373565326561613066
-36633931656662393538353836353365386634663736356131323435333265653832656162306230
-64326535353532373137656535386531333536353531643863646135386664333030363564376463
-61386537306235356666353761383237336133376665393365663636386238373534623833306430
-37323336623537613034643763363439643063633433323431623932646465363230316533356337
-34623964653036383766316336373462363562333963663939333431643665643737643164396565
-38396332356630366665666239656562313430363432366639373235343430653236356438643131
-65623438313963356630333939636663393539656463376339326631636263313564636432343635
-39656466323965626264623332393630333035396638653039343536373337643165313564333363
-36626239303836383932336537313061663961636137396162303838356661386636303262653633
-33336665306634363866386237623733643663313136373037376631363364343161373731626637
-30346433666230663564643731616566663339393166343061333033386462366663383839653631
-363865646464333236663262323265376363
+39316235626337313266636565363065336436373337353935633566303635323366336266363632
+3765653337333964376366383263323566333765356336610a366431326163383737333634303833
+66333963336137323866356433306366353362623230336465633962306134393237323363626530
+3335633834356232330a613764613230353564356238616331623131346431373665383332663332
+37643934373831373066303532356263336631353262326132373738643564333631386336343930
+65323065386365346637373235656232356137646237643730316437393962376632656333313864
+36383062626462616563623431363466343263623161623531323136376161336632356439636666
+63383738313233336331393739316166383565343134343031353063383231636132653264633435
+38623661613036353034363737623330313234313764326538616439336661393666656238633662
+33613765353131636262623431323037313633343030646165626139373234343461373965396331
+31333466316434613539323561336562616637666134323630616164653433353938363666383333
+64383265323630306165613965353563643038313835306365353931653461656430383532383962
+32356636333461326135383364366235366561613366646133313033653637626161663934616532
+61663237633966613935626635346463613836653734373331363135313066666262323762613039
+37353033373966323539653231303633383764656565646166323762316634616236346538313565
+33613830353633646664643232346534656337376161373063626134343162616562313566346230
+66326339633564346564393834383131316336346539653264346431323436656137626635613162
+61626166656364386330326335323738643062356532343635343730313565656334303637303636
+35316232333432653236623932386661306336353465333833626330643239393861303165666331
+62636338386132303366663437393832353637626362303635306136353962363664353266656330
+66373431313434333666653930346135623231363364626434633235653938393231653761376336
+31393763343032623664666662366235353237366531626666646264326566303335393834336262
+34316631303833346166306165356564666232373265366338663961313865613065366362636533
+32366463316430653463373163376335396636616234306562363832323437636362316562623135
+65626563633666623462653630306531326135353037313133653562306638353331
--- a/group_vars/all/vault_mumble_server.yml
+++ b/group_vars/all/vault_mumble_server.yml
+$ANSIBLE_VAULT;1.1;AES256
+34323763363030343563626539633432393766383164346164343534343930356664333863343938
+3730346635306563383762373464633165356637373764640a633031646165333933623633366136
+61613733623735633337626134633266393464666465363065343039653666336565313638386538
+6235626535343035660a633435626433353666386463346464653833326131653437613637386363
+65383534306234333535633834623562316137353563366565653439343662613839393162613765
+32616335303436653637343439373634303533373265313062653630646333326661613936633438
+34313964636637653431333237306664666436633239366461343936316438363066623439356463
+33393833653737353262366566613737633761383537633266343561636562336330653033313761
+31316234336463396566366264383033376537336231313962643831626437316639
--- a/group_vars/all/vault_patchwork.yml
+++ b/group_vars/all/vault_patchwork.yml
-$ANSIBLE_VAULT;1.1;AES256
-39303439613730336136303364333334333466353263613231353766623238303931636437343338
-3536653066346362333466363738646135633634623037300a313236653834666335366431303534
-33376331396563383734656563383662643361613233613862396466356539323434386633346133
-3561323461616136650a666430656130313337303063346664643336633539333663323261323230
-32393730356232353037356438343334396563313132343739383861333063396235653562316131
-34353533383361643665646430636535393031326663313933393234326163313131653034316232
-35383035656137316461306362626232616163663661646262313932303665356632386232643234
-63333365303865316630363432336532666233373635653730373265353334666134346531643565
-66366365303464623665363961633463343331323339636439333231363765646239393238363334
-36343035303035613434333161646130383662626138643239646665363334313161303738356164
-30663163643636643566396339656432366163616235653438343763323731613436303864613564
-32376133623635613234626630303165386135363234303239633830333438376333363766313462
-30353333353631653262353334313239383939653639623336323962616265333466
--- a/group_vars/geo_mirrors/misc.yml
+++ b/group_vars/geo_mirrors/misc.yml
 certbot_dns_support: true
+certbot_tsig_name: certbot
 geo_mirror_domain: geo.mirror.pkgbuild.com
--- a/group_vars/mirrors/mirrorsync.yml
+++ b/group_vars/mirrors/mirrorsync.yml
 mirrorsync_mirrors:
  archive:
    hosts: "{{ groups['archive_mirrors'] }}"
-    source: rsync://archive.archlinux.org/archive
+    source: rsync://{{ hostvars['archive.archlinux.org']['wireguard_address'] }}/archive
    target: /srv/archive
    last_update_url: https://archive.archlinux.org/repos/last/lastupdate
    last_update_dst: lastupdate
@@ -18,7 +18,7 @@ mirrorsync_mirrors:
      - --include="pool/*-debug/***"
      - --exclude="*"
  repo:
-    hosts: "{{ (groups['mirrors'] + ['build.archlinux.org']) | difference(['repos.archlinux.org']) }}"
+    hosts: "{{ groups['mirrors'] + ['build.archlinux.org'] }}"
    source: rsync://rsync.archlinux.org/ftp_tier1
    target: /srv/ftp
    last_update_url: https://rsync.archlinux.org/lastupdate
@@ -28,13 +28,6 @@ mirrorsync_mirrors:
      - --exclude="/other"
      - --exclude="/sources"
      - --exclude="*-debug/"
-  kitchensink:
-    hosts: "repos.archlinux.org"
-    source: rsync://repos.archlinux.org/kitchensink_tier1
-    target: /srv/ftp
-    last_update_url: https://repos.archlinux.org/lastupdate
-    last_update_dst: lastupdate
-    save_lastsync: true
  riscv:
    hosts: "{{ groups['geo_mirrors'] }}"
    mirror_domain: riscv.mirror.pkgbuild.com

--- a/group_vars/mirrors/misc.yml
+++ b/group_vars/mirrors/misc.yml
@@ -3,3 +3,5 @@ archweb_db_host: "{{ hostvars['archlinux.org']['wireguard_address'] }}"
 # raise tcp window limits to 32MiB
 tcp_rmem: "10240 87380 33554432"
 tcp_wmem: "10240 87380 33554432"
+
+nginx_enable_http3: true
--- a/host_vars/accounts.archlinux.org/misc
+++ b/host_vars/accounts.archlinux.org/misc
-filesystem: btrfs
-wireguard_address: 10.0.0.16
-wireguard_public_key: 8CbVXc2+FllLpZb/sv/csHzqaOOsasJlV0gmkIzhBXo=
--- a/host_vars/accounts.archlinux.org/misc.yml
+++ b/host_vars/accounts.archlinux.org/misc.yml
+wireguard_address: 10.0.0.16
+wireguard_public_key: crSq52AQ/ODcZekod0Xw/fBRALl3yv51gNMgPSFrxWc=
--- a/host_vars/accounts.archlinux.org/vault_wireguard.yml
+++ b/host_vars/accounts.archlinux.org/vault_wireguard.yml
-$ANSIBLE_VAULT;1.1;AES256
-39656138306339653936386338383364616566313037393563383133323734383235366234663430
-3836316538373966643036336532653534643236333361370a393862653165343964363065643439
-30626338313066353930663036653734323364633537616536393439306134363964346434313663
-6663663431343637380a353731316331386466353537303537666663333239326462633636326438
-39343936653031316431383734316166663739393738366462636361313762393034656330653332
-66336534396134613333646666356266306633326138353131623634343436393533383736633066
-32373663313632393430313464396131396262616162613733613562616464353131656333323935
-63653836383737663337
--- a/host_vars/america.mirror.pkgbuild.com/misc
+++ b/host_vars/america.mirror.pkgbuild.com/misc
-hostname: "america.mirror.pkgbuild.com"
 archive_domain: "america.archive.pkgbuild.com"
 mirror_domain: "america.mirror.pkgbuild.com"
 archweb_mirrorcheck_locations: [14, 15]
@@ -8,7 +7,6 @@ ipv4_gateway: "143.244.34.126"
 ipv6_address: "2a02:6ea0:cc0e::2"
 ipv6_netmask: "/128"
 ipv6_gateway: "2a02:6ea0:cc0e::1337"
-filesystem: "btrfs"
 network_interface: "enp1s0f1"
 system_disks:
  - /dev/sda
@@ -16,4 +14,4 @@ system_disks:
  - /dev/sdc
 raid_level: "raid5"
 wireguard_address: 10.0.0.27
-wireguard_public_key: aC544PuXq63LgIeOvVD5dw++9XJE47YKUqeRw3ol0Qo=
+wireguard_public_key: 5oI+dah4LlkUPBs/JI5lJAgDxBQa/+ofu0hLfxAkcio=
--- a/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
+++ b/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
-$ANSIBLE_VAULT;1.1;AES256
-39393666386564646432636132366332363234636531363930663564316235386639613431656337
-3533376363376332646161316230343566326266323230350a343561303331656134346634633132
-33333062303732363138373936363061303063306632636234363737623931613938653563353630
-3838356538316531380a306563613562376135656164363065346136376231666532313433326661
-39353831616463343833313361643032366363383565303235363733613964386137643236646661
-63656237663637653564396165306534316438663534356361333561643637663166363433313832
-38313563666636343737656530393061336262333334343166393862316432343162653266626366
-38623764343939386635
--- a/host_vars/gemini.archlinux.org/misc
+++ b/host_vars/gemini.archlinux.org/misc
-hostname: "gemini.archlinux.org"
-
 ipv4_address: "49.12.124.107"
 ipv4_netmask: "/32"
 ipv6_address: "2a01:4f8:242:5614::2"
 ipv6_netmask: "/128"
 ipv4_gateway: "49.12.124.65"
 ipv6_gateway: "fe80::1"
-filesystem: "btrfs"
 system_disks:
  - /dev/sda
  - /dev/sdb
@@ -16,4 +13,4 @@ raid_level: "raid10"

 archive_domain: archive.archlinux.org
 wireguard_address: 10.0.0.20
-wireguard_public_key: 6foPuhPBEUi+tPP7PjFT1nKpEksyyqT8zAX+yOjWDVo=
+wireguard_public_key: GiMqMcJ7aEuW6rRwXsj27S+w7orx7Etnjq+dE6RhoSc=
--- a/host_vars/archlinux.org/misc
+++ b/host_vars/archlinux.org/misc
-filesystem: btrfs
 fetchmail_user: "donate@archlinux.org"
 fetchmail_delivery_cmd: "/usr/local/bin/donor_import_wrapper.sh"

@@ -11,4 +10,5 @@ fail2ban_jails:
  dovecot: false
  nginx_limit_req: true
 wireguard_address: 10.0.0.1
-wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
+wireguard_public_key: 2Mk9WPdkf+1Q6Kk6g5eeX5xSHfCisiGJAdmSjRyefBo=
+nginx_enable_http3: true
--- a/host_vars/archlinux.org/vault_wireguard.yml
+++ b/host_vars/archlinux.org/vault_wireguard.yml
-$ANSIBLE_VAULT;1.1;AES256
-33623361656563376138323966373530383432393838323238343661306531363262653864626530
-3137643364303338663665343837343862356139633830370a633766373830306561353562656634
-63333861616437326132343765356231373963386563386131343462623962386333376236363339
-3433376666383135360a636663616238346435613635353834393739336234336536336366393835
-66616266356531663365633362333363376439633835616466633338353033376366633461653830
-33663763616233396636613661623138313831316436383566363361383535363766363764613164
-39336636393438363632383964303936346165633464616636386265356538383064333464316636
-31633635313539383134
--- a/host_vars/asia.mirror.pkgbuild.com/misc
+++ b/host_vars/asia.mirror.pkgbuild.com/misc
-hostname: "asia.mirror.pkgbuild.com"
 archive_domain: "asia.archive.pkgbuild.com"
 mirror_domain: "asia.mirror.pkgbuild.com"
 archweb_mirrorcheck_locations: [16, 17]
@@ -8,7 +7,6 @@ ipv4_gateway: "84.17.57.110"
 ipv6_address: "2a02:6ea0:d605::2"
 ipv6_netmask: "/128"
 ipv6_gateway: "2a02:6ea0:d605::1337"
-filesystem: "btrfs"
 network_interface: "enp175s0f0"
 system_disks:
  - /dev/sda
@@ -16,4 +14,4 @@ system_disks:
  - /dev/sdc
 raid_level: "raid5"
 wireguard_address: 10.0.0.26
-wireguard_public_key: Bvia4T68/PCa01MSg+wclUJ1rJ5Hth9khui3y3Tr5EM=
+wireguard_public_key: cU2/3DKCNCWJwZP6SF7ifKHS+VFeC7VQ212eTof8IxU=
--- a/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
+++ b/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
-$ANSIBLE_VAULT;1.1;AES256
-31366437643838616630653261666262376336623336363235386333313639633364626436366437
-3038366565393761643434623166363863326638666634340a353562383664373264636166346562
-38316634653136313038346261376434623030346464363465343235653365633932656131343936
-3433386162313537330a373538306161616263653937363335616666303639306461656433653233
-37323532336639666539353237393939336337363833646366363035393631626633636437333263
-65333831353362613364656135643131633738303134366361643561366538306430323161363130
-64396230653231636532396339316236643536663938643036636664653564343538663162393336
-61383037333965396330
--- a/host_vars/aur.archlinux.org/misc
+++ b/host_vars/aur.archlinux.org/misc
-filesystem: btrfs
 fail2ban_jails:
  sshd: true
  postfix: false
@@ -6,4 +5,5 @@ fail2ban_jails:
  nginx_limit_req: true
 memcached_socket: "/run/memcached/aurweb.sock"
 wireguard_address: 10.0.0.2
-wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
+wireguard_public_key: 51KGJWs3ZlI4tEdOpYFENhf22aETQEn9ApbmVyiF4zQ=
+nginx_enable_http3: true
No results found