|
|
# Meeting 2020 10 29
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
## Mail migration
|
|
|
|
|
|
### State
|
|
|
|
|
|
* Mail stack has been migrated to mail.archlinux.org to CX11 machine
|
|
|
* t-online.de still doesn't allow queuing our mails
|
|
|
* postfix errors from luna for the mailing lists
|
|
|
```warning: Recipient address rate limit exceeded: 590 from luna.archlinux.org[2a01:4f8:160:3033::2] for service submission```
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* Jelle & Freswa
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Users who retired are not able to use IMAP anymore
|
|
|
* Propose that retired staff, can retain a forward from their old @archlinux.org address
|
|
|
* Follow up on the t-online.de issue
|
|
|
* Setup certbot for mail.archlinux.org
|
|
|
|
|
|
## Kape servers
|
|
|
|
|
|
### State
|
|
|
|
|
|
The machines have no TPM, so we will set them up with secure boot and encrypted.
|
|
|
|
|
|
The machines will need to be unlocked via ssh, all servers will get an unique password and there will be a utility script to unlock a server via ssh.
|
|
|
|
|
|
Secure boot will verify the bootloader (grub) which requires us to sign grub when the package is updated.
|
|
|
|
|
|
* 2xE5-2620v4 - 64GB - 2x 1TB SSD
|
|
|
|
|
|
Gitlab Runner / Rebuilderd server.
|
|
|
|
|
|
/boot MDADM RAID 1 - ext4
|
|
|
/ MDADM RAID 1 - LUKS - ext4
|
|
|
|
|
|
* E-2236 - 32GB - 3x 10TB HDD
|
|
|
* E-2236 - 32GB - 3x 10TB HDD
|
|
|
* E-2236 - 32GB - 3x 10TB HDD
|
|
|
|
|
|
Mirrors of the archive/repos
|
|
|
|
|
|
/boot MDADM RAID 1 - ext4
|
|
|
/ MDADM RAID 5 - LUKS - ext4
|
|
|
|
|
|
Gives us 1 drive failure tolerance and 20 TB which is also what we have on archive.archlinux.org
|
|
|
|
|
|
In locations over the globe:
|
|
|
|
|
|
asia.mirror.pkgbuild.com
|
|
|
europe.mirror.pkgbuild.com
|
|
|
america.mirror.pkgbuild.com
|
|
|
|
|
|
asia.archive.pkgbuild.com
|
|
|
europe.archive.pkgbuild.com
|
|
|
america.archive.pkgbuild.com
|
|
|
|
|
|
* EPYC - 256GB - 2x 500GB SSD
|
|
|
|
|
|
Potential build server with BTRFS and Raid 0, but the issue is that making this work with encrypted boot is an issue.
|
|
|
|
|
|
/boot MDADM RAID 1 - ext4
|
|
|
/ MDADM RAID 0 - LUKS - ext4
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* grazzolini
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Set up one server with secure boot
|
|
|
* Document the setup
|
|
|
* Setup mdadm monitoring with prometheus and [normal mdadm monitoring](https://wiki.archlinux.org/index.php/RAID#Mailing_on_events)
|
|
|
* Setup monthly scrub: https://raid.wiki.kernel.org/index.php/Scrubbing_the_drives
|
|
|
|
|
|
## Orion migration
|
|
|
|
|
|
### State
|
|
|
|
|
|
* Mail server has been migrated
|
|
|
* WKD is still orion and should be moved
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* Jelle
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Migrate WKD
|
|
|
|
|
|
## Apollo migration
|
|
|
|
|
|
### State
|
|
|
|
|
|
* Grazzolini can help with migrating Apollo's last services to VPS
|
|
|
|
|
|
Services left:
|
|
|
|
|
|
* kanboard
|
|
|
* archwiki
|
|
|
* conf_archlinux
|
|
|
* security_tracker
|
|
|
* archweb
|
|
|
* patchwork
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* Everyone
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Migrate stuff |
|
|
\ No newline at end of file |