Compare revisions

d4501d5f · d4501d5f · d4501d5f · d4501d5f · d4501d5f · d4501d5f
--- a/playbooks/all-hosts-basic.yml
+++ b/playbooks/all-hosts-basic.yml
- name: basic setup for all hosts
+- name: Basic setup for all hosts
  hosts: all
  remote_user: root
  roles:
    - { role: common }
    - { role: firewalld }
    - { role: wireguard }
-    # reconfiguring sshd may break the AUR on luna (unchecked)
-    # - { role: sshd, tags: ['sshd'] }
+    - { role: sshd }
    - { role: root_ssh }
    - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
    - { role: hardening }

--- a/playbooks/archive-mirrors.yml
+++ b/playbooks/archive-mirrors.yml
- name: common playbook for archive-mirrors
+- name: Common playbook for archive-mirrors
  hosts: archive_mirrors
  remote_user: root
  roles:
@@ -10,7 +10,7 @@
    - { role: root_ssh }
    - { role: certbot }
    - { role: nginx }
-    - { role: syncarchive }
+    - { role: mirrorsync }
    - { role: archive_web }
    - { role: prometheus_exporters }
    - { role: promtail }
--- a/playbooks/archlinux.org.yml
+++ b/playbooks/archlinux.org.yml
- name: "prepare postgres ssl hosts list"
+- name: Prepare postgres ssl hosts list
  hosts: archlinux.org
  tasks:
-    - name: assign ipv4 addresses to fact postgres_hosts4
+    - name: Assign ipv4 addresses to fact postgres_hosts4
      set_fact: postgres_hosts4="{{ [gemini4] + detected_ips }}"
      vars:
        gemini4: "{{ hostvars['gemini.archlinux.org']['wireguard_address'] }}/32"
        detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['wireguard_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
      tags: ["postgres", "firewall"]

- name: setup archlinux.org
+- name: Setup archlinux.org
  hosts: archlinux.org
  remote_user: root
  roles:

--- a/playbooks/aur.archlinux.org.yml
+++ b/playbooks/aur.archlinux.org.yml
- name: setup aur.archlinux.org
+- name: Setup aur.archlinux.org
  hosts: aur.archlinux.org
  remote_user: root
  roles:
    - { role: common }
-    - { role: sshd, sshd_enable_includes: true }
+    - { role: sshd }
    - { role: root_ssh }
    - { role: prometheus_exporters }
    - { role: promtail }

--- a/playbooks/bbs.archlinux.org.yml
+++ b/playbooks/bbs.archlinux.org.yml
- name: setup bbs.archlinux.org
+- name: Setup bbs.archlinux.org
  hosts: bbs.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/bugs.archlinux.org.yml
+++ b/playbooks/bugs.archlinux.org.yml
- name: setup bugs.archlinux.org
+- name: Setup bugs.archlinux.org
  hosts: bugs.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/build.archlinux.org.yml
+++ b/playbooks/build.archlinux.org.yml
- name: setup build.archlinux.org
+- name: Setup build.archlinux.org
  hosts: build.archlinux.org
  remote_user: root
  roles:
@@ -8,7 +8,7 @@
    - { role: root_ssh }
    - { role: archusers }
    - { role: sudo, tags: ['archusers'] }
-    - { role: syncrepo }
+    - { role: mirrorsync }
    - { role: archbuild }
    - { role: fail2ban }
    - { role: prometheus_exporters }

--- a/playbooks/dashboards.archlinux.org.yml
+++ b/playbooks/dashboards.archlinux.org.yml
- name: setup public dashboards server
+- name: Setup public dashboards server
  hosts: dashboards.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/debuginfod.archlinux.org.yml
+++ b/playbooks/debuginfod.archlinux.org.yml
- name: setup debuginfod.archlinux.org
+- name: Setup debuginfod.archlinux.org
  hosts: debuginfod.archlinux.org
  remote_user: root
  roles:
@@ -11,6 +11,6 @@
    - { role: certbot }
    - { role: nginx }
    - { role: debuginfod }
-    - { role: syncdebug }
+    - { role: mirrorsync }
    - { role: prometheus_exporters }
    - { role: promtail }
--- a/playbooks/gemini.archlinux.org.yml
+++ b/playbooks/gemini.archlinux.org.yml
- name: setup gemini.archlinux.org
+- name: Setup gemini.archlinux.org
  hosts: gemini.archlinux.org
  remote_user: root
  vars:

--- a/playbooks/gitlab-runners.yml
+++ b/playbooks/gitlab-runners.yml
- name: setup gitlab-runners
+- name: Setup gitlab-runners
  hosts: gitlab_runners
  remote_user: root
  roles:
@@ -11,4 +11,5 @@
    - { role: fail2ban }
    - { role: prometheus_exporters }
    - { role: promtail }
+    - { role: libvirt, when: "'gitlab_vm_runners' in group_names" }
    - { role: gitlab_runner }
--- a/playbooks/gitlab.archlinux.org.yml
+++ b/playbooks/gitlab.archlinux.org.yml
- name: setup gitlab server
+- name: Setup gitlab server
  hosts: gitlab.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/gluebuddy.archlinux.org.yml
+++ b/playbooks/gluebuddy.archlinux.org.yml
- name: setup gluebuddy.archlinux.org
+- name: Setup gluebuddy.archlinux.org
  hosts: gluebuddy.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/hetzner_storagebox.yml
+++ b/playbooks/hetzner_storagebox.yml
- name: setup Hetzner storagebox account
+- name: Setup Hetzner storagebox account
  hosts: localhost
  gather_facts: false
  vars_files:

--- a/playbooks/homedir.archlinux.org.yml
+++ b/playbooks/homedir.archlinux.org.yml
- name: setup homedir.archlinux.org
+- name: Setup homedir.archlinux.org
  hosts: homedir.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/lists.archlinux.org.yml
+++ b/playbooks/lists.archlinux.org.yml
- name: setup mailman server
+- name: Setup mailman server
  hosts: lists.archlinux.org
  remote_user: root
  roles:
@@ -8,7 +8,7 @@
    - { role: sshd }
    - { role: root_ssh }
    - { role: hardening }
-    - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
+    - { role: borg_client, tags: ["borg"] }
    - { role: prometheus_exporters }
    - { role: promtail }
    - { role: certbot }
@@ -17,4 +17,5 @@
    - { role: rspamd, rspamd_dkim_domain: lists.archlinux.org, rspamd_dkim_use_esld: false, tags: ["mail"] }
    - { role: unbound, unbound_port: 5353, tags: ["mail"] }
    - { role: uwsgi }
+    - { role: postgres }
    - { role: mailman }
--- a/playbooks/mail.archlinux.org.yml
+++ b/playbooks/mail.archlinux.org.yml
- name: setup mail.archlinux.org
+- name: Setup mail.archlinux.org
  hosts: mail.archlinux.org
  remote_user: root
  roles:

--- a/playbooks/mailman3.archlinux.org.yml
+++ b/playbooks/mailman3.archlinux.org.yml
- name: setup mailman3 server
-  hosts: mailman3.archlinux.org
-  remote_user: root
-  roles:
-    - { role: common }
-    - { role: firewalld }
-    - { role: wireguard }
-    - { role: sshd }
-    - { role: root_ssh }
-    - { role: hardening }
-    - { role: borg_client, tags: ["borg"] }
-    - { role: prometheus_exporters }
-    - { role: promtail }
-    - { role: nginx, nginx_firewall_zone: wireguard }
-    - { role: uwsgi }
-    - { role: postgres }
-    - { role: mailman3 }
--- a/playbooks/man.archlinux.org.yml
+++ b/playbooks/man.archlinux.org.yml
- name: setup man.archlinux.org
+- name: Setup man.archlinux.org
  hosts: man.archlinux.org
  remote_user: root
  roles:
@@ -15,4 +15,4 @@
    - { role: promtail }
    - { role: postgres }
    - { role: uwsgi }
-    - { role: archmanweb, archmanweb_version: 'v1.3' }
+    - { role: archmanweb, archmanweb_version: 'v1.6' }
--- a/playbooks/matrix.archlinux.org.yml
+++ b/playbooks/matrix.archlinux.org.yml
- name: setup matrix
+- name: Setup matrix
  hosts: matrix.archlinux.org
  remote_user: root
  vars_files:
No results found