Sven-Hendrik Haase · Sven-Hendrik Haase · Sven-Hendrik Haase · Sven-Hendrik Haase · Sven-Hendrik Haase · Jelle van der Waa
--- a/README.md
+++ b/README.md
@@ -26,8 +26,8 @@ It will also deploy any new SSH host keys to all our machines.

 #### Note about GPG keys

-The root_access.yml file contains the root_gpgkeys variable that determine the users that have access to the vault, as well as the borg backup keys.
-All the keys should be on the local user gpg keyring and at **minimum** be locally signed with --lsign-key. This is necessary for running either the reencrypt-vault-key
+The `root_access.yml` file contains the `root_gpgkeys` variable that determine the users that have access to the vault, as well as the borg backup keys.
+All the keys should be on the local user gpg keyring and at **minimum** be locally signed with `--lsign-key`. This is necessary for running either the reencrypt-vault-key
 or the fetch-borg-keys tasks.

 #### Note about Ansible dynamic inventories
@@ -192,7 +192,6 @@ The following steps should be used to update our managed servers:
 #### Services
  - build server
  - sogrep
-  - arch-boxes (packer)

 ### state.archlinux.org

@@ -258,6 +257,15 @@ Medium-fast-ish packet.net box with Debian on it. Is currently maintained manual
 #### Services
  - GitLab runner

+
+### monitoring.archlinux.org
+
+  Prometheus server which collects performance/metrics from our services and runs alertmanager
+
+### Services
+  - Prometheus
+  - Alertmanager
+
 ## Ansible repo workflows

 ### Replace vault password and change vaulted passwords

--- a/group_vars/all/archusers.yml
+++ b/group_vars/all/archusers.yml
@@ -9,6 +9,9 @@ arch_groups:
  - docker-image-sudo

 arch_users:
+  alertmanager:
+    name: ""
+    groups: []
  aaron:
    name: "Aaron Griffin"
    ssh_key: aaron.pub
@@ -110,12 +113,6 @@ arch_users:
    ssh_key: bgyorgy.pub
    groups:
      - tu
-  bisson:
-    name: "Gaëtan Bisson"
-    ssh_key: bisson.pub
-    groups:
-      - dev
-      - tu
  bluewind:
    name: "Florian Pritz"
    ssh_key: bluewind.pub

--- a/group_vars/all/root_access.yml
+++ b/group_vars/all/root_access.yml
@@ -3,8 +3,6 @@
 # deploy tag 'sudo' when this changes
 sudo_users:
  - root
-  - bluewind
-  - bpiotrowski
  - foutrelis
  - grazzolini
  - heftig
@@ -14,8 +12,6 @@ sudo_users:

 # deploy tag 'root_ssh' when this changes
 root_ssh_keys:
-  - bluewind.pub
-  - bpiotrowski.pub
  - foutrelis.pub
  - grazzolini.pub
  - heftig.pub
@@ -26,8 +22,6 @@ root_ssh_keys:
 # run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
 # before running it, make sure to gpg --lsign-key all of the below keys
 root_gpgkeys:
-  - CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E # bluewind
-  - F3691687D867B81B51CE07D9BBE43771487328A9 # bpiotrowski
  - 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis
  - ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini
  - A2FF3A36AAA56654109064AB19802F8B0D70FC30 # heftig

--- a/host_vars/apollo.archlinux.org
+++ b/host_vars/apollo.archlinux.org
@@ -36,5 +36,3 @@ fail2ban_jails:
  sshd: true
  postfix: true
  dovecot: false
-
-fastcgi_cache: wiki
--- a/host_vars/monitoring.archlinux.org/misc
+++ b/host_vars/monitoring.archlinux.org/misc
+---
+filesystem: btrfs
+ipv4_address: 95.217.220.31
--- a/host_vars/monitoring.archlinux.org/vault_monitoring.yml
+++ b/host_vars/monitoring.archlinux.org/vault_monitoring.yml
+$ANSIBLE_VAULT;1.1;AES256
+66633663616636326339373764306333386330353631643734333633663361633437613432323836
+6164623837303336343161653838396434623139353939340a386234616563396433393564613665
+36613238396137633132313737303166393265393363386538373833316636373964366561303335
+3935653864343131350a376236363834383865306566346462646566646439363162393730643831
+36346631313335666262643136613734333239366530303365353432306663333265316162636534
+33393134643363383433336635366439643465333639346164336362643662666632336336346466
+663635323638393661393764666364646530
--- a/hosts
+++ b/hosts
@@ -97,3 +97,6 @@ repro3.pkgbuild.com
 apollo.archlinux.org
 aur.archlinux.org
 aur-dev.archlinux.org
+
+[prometheus]
+monitoring.archlinux.org
--- a/misc/vault-password.gpg
+++ b/misc/vault-password.gpg
 -----BEGIN PGP MESSAGE-----

-hQIMA4m3XgcJZac7ARAAq2z3aB5PJu66QMQnnCjqSIH92YyJrqXuDH7dm7NFV6Q0
-PcENrJ4TqPMnpTu6nMC4L6zQvXeYgn5aj/hkMOIDCUMepa4fre1pDKjtMdQadxWH
-KI8L8tjo/VVwQaGW7wQ1Kf2ONWxiAfEol5TkqQUJP9s7ZzIU30LgM6L+SJilOpHH
-zz53ULUcR7+/di/8XiiSMYIGr2wJYZWpIFsCK/ZdkUexwLstJIN5HJA9+66ecuVZ
-mo4jc+ZPVECFgYA43Rtg/+7uEaUMe2J55ZaFdGdCHGcFTFrNrDFPe7cb/EZNRmp0
-IL+IEYSW24s/XcosA8eG3aeJkEYLP52Zh+kdCTptWuvXg/VAUdHcKOHJN9HwcIpi
-JdRawmvXOpZgvaSY30v1F9xzFaQmHncXVNwTC2DcilnnW/QDywbB4kldbD833eih
-VNA2jfKRmjYfuRRKeiY9DoeYeZaZJPqbNqnviZlKjXmcDq610NmaVcgPQ9EJnzF3
-H03rdENFsGx4SHLamvI4xdcW27VXEAy6EhSFjBA1WaSSnBMgcCUIsGp/nYyw4R7K
-PdYegIgmgAhQKQ/EwDdGNsl+8tlgCugg8d+pRuuRIQpKr1PO8B5yGujhG4wGP+xU
-ECmerLTI1z75ayQFapC4/FGS0sQdXuCSZHsvcJ1VLYLkH4J03wq1eAub9gKaPNiF
-AQwDOnY8u+7vTCABB/4he5xPtUaka6MTbr385d17Kez1JdcMyDB0HIeIM/lv7Hxo
-UBGpUKKnaMiv8oxWr6mvo6usbpj2TS4grGrheSSB7w2o4s7lAEpWjACY7DLDJ4Gq
-EQFz+yIEn4M9QzaWbNvzw8M5a55LvJbU2ML4vYDe4sWkG9jXPchyKK5W7YFp9+Iu
-nMIWAtWdLfPKU/o4VpkfUQntov4icAws2h/tCYL3CXtaa4n1x4rzsh7poZhDr2cq
-8CrkfhnHJfeUL0fR8ThkCZMn2ivEcMHCx+Uuz7994D+l93fO7tJ46tDypI9uwfo5
-tFEwA2x/2eHUfzZqNr4oliLsUWpS8KI42uNRJskvhQEMA3FIVp8H7sPdAQf/XIBK
-pA6AVsEl8tF7nPkLu5riQfCJwJrIehtYcGSK2As+ECqfuvb6hjLD/fTXlvwFddvb
-HO3tgnvyJmd/sxwGo4FT2y6YAncOu2qrie+w6Afw01iP4+Nc2K9qG+bVZwINfNkU
-YhAM1Wi4yzz+NEDnGtyulI65uaLC1HFAY842624Ci8tcLAnCuxrKaStXjPklb7Nq
-vhEazmEN/+/eSzHRW50ugI2nU837b0po4J4m4wyes2tjrzEucSXig/Bjnl3v5vTi
-ufjH5jdDIfVz4xvMMo1Ht6Q5YxdsLOWhhdOiOM4zE6QI06k7U1RKxGWY5M9izp3I
-iGC7+TzG7/RtYeJ5X4UCDANFyv97HroM4gEQALgDXDHazrz4GtnFOEk/3J1Q5IQz
-v3qt4EUkJVv4SG4O3smkxg1mdI1/2C8mLxw5k0Ihl48/EMP9iXlDI7zn0VXPwwma
-RFRJ505kwLi1B+J7zIO5LhxSm1xor3tVyeFopSOv/7lTmzPMaUHhrcnAqFkdfm/m
-ITRZQvfu7VltyuUiD2Vj/Fq9d54HGstGmoWps1pwiLNU/mGR5augCMBbo/gQvg9o
-pEhtk/U6zZBcKRgTVaMcoMjgg3VWNyEe9XeTy6ioTDVVUpNk0O9MlN/gjJBSycAO
-t39y/pPVcfa0q5VMnkEmSBFg3venTjuNmiCpNL6q/9g73sm614MNccQPuTyyt32E
-Qb3iNv9Xr6IufbzSXygyJbYCHHKxBoLmfMCGQ8j3Oo5duxwmx3nipragFNiZVzUh
-+wee8L5hFeyrGAGCaefcDSYplAc9Hz3f7GKBsydEb+GBV4BCP0xwXJ8GVPvtG2FG
-2JOin6ViumRqqENb1+IvG7MqLa3oy+o/36xcOliXmOobQfQQXqzWHsZ6++WIcrie
-3irJgV2tOzCAhdM1cKu7qqWZ7s5xbeRtpQ7Jr1ZwG9gX62bRBOohRcC9zFKx7gLY
-sdE2AxBMYrHLp6KfpUen0z7TybKrS9nmZ2sgmSc+gl0vmHwODNxZsJQh/9vpfdEs
-5WCJ6/6RhexN5UXnhF4DuTZgWQVTimoSAQdAlbl727ppmhr6US36HT5l9Wif3cXW
-/xarY8mrddh2JBgwOfux8rWP0psgwDgSHkcTcdfIJa8xRafcnbrj6mDAZ9O/Zejm
-pZJwhZ1yzfm7cDFthQEMA3JSum2oPpmjAQgAg/3CLwI0k3dxvZdu8eRB3D568ub5
-oSE4erS+U844M0+in82qBH+jYJYoY0puEY/tU0Y7Q8iBN6tibiO1hc7t2bZ4PtNr
-diI5GdMhvAlM8NXMaRT0PI3V5TmTpfcBsX+wgBsdj36xEpfdxvd48mciPLymc0rB
-gTAyBuB+eiuBiDACDTNINTMIf3ZadgsLrSEIj5mctzqiDbC4rzYAdwovPVbs/z5I
-51X0+PJhuCutiFXKAtfblNCI71G4MYflR6zfug6+zFPewV8ltd963GCZsmW7Cs1/
-Os089f8lbnHwEN/Cy63VIDhnoODqW4e1EkcBxJcdf+5hHXmpuMLwZlM3eYUCDAMg
-h3Sl6qoo5wEQALhQHT5AfzqSaCpwGlsKLlnHU6c0SNvbY85gZ/jfxFF+KvoTYDyv
-FiLtOkY6k7wpIwUhmgWHo7P3ta6oVnrhcFkdUn1HkD+1pryRBiJnvz7+bSBfMiTW
-ljfKSo3uISRILDLeGOtiPoDg6spZzr3cUtCcTKvDH+zcN6fabvIVcKh7E89BPIV4
-428jlm0RumXfkNRniRTGtQLGoPnmEP1ULeUWEaSF0xaq7eGOjMF3KOkCqxDZX4E1
-F37+Es9k5vnFdtofsEcciPuWrH9MhMGyVl2OFQPjdvI2mvnhupxjGhaKRJzybfrx
-ymp0uicAnuQ5OoMdBMesze2d69FrFNOaQ8/PQiMEI9IFEUTcK3Lf8gRAFxtR4d9T
-1uc6q2d/tm7btaF/PSfigNET+MBJCxFTRdEvtUCcCsUqJOvyp1/CB4JhmuRCVFh4
-pL34Ak6EpT+Yj3RsiyDV7XpmsPJ/bsY14Hulop4+Wmp/74nUdk6uYKtamz3KqKgp
-CJVISrXClo57O2J3qx1tD+tTrWxiZQsVtNwC6Con9icX/6ncBN1yT5bX4mgcJnSe
-7XaZdvt4KXMFGwOJc1EinoCh7WGPEooiPZIOH2277vCtGX2FVmDVH3PJhHWegaaQ
-k/amHifWIe0W4aaX7jGV6Osw1gvDagx/e0pEqqFiZhBNzhPhrRRyMFQOhQIMA60F
-VIBB12TIAQ/9HphNH4FU/8loA2XAliewrnyGuh9IA34GH5e0HU3qc16MwsNKCrw6
-DQuqfhhYNxibqFWznzdtdFHmmJvShLKxvTExGSz2jqPRPQ3g6z9H50SSuPQsH99N
-LTCRvDZ6EXMP/nmzRgUdD8TRnZzrgiawzPFG81Ix1P99w+o3nSb+ELdzp7EiR1ya
-0NbJwD8d+BY8KCux4xG6QCK8z6PnxXRcGLqrGIeNk5i2NzyINr+36Q9wKHHSCF8S
-aPKj6AcdHFFdZc19sCQLP9t+iVy7VlxOf+dRDQAxNwcsfVD0+w63lffoknROBr1S
-ZcP8I/bcx0WA7RDvn/6EX7EJur6pOkWI71mLgy8yt0xWgDhDTO6NHv93LA3KhU7c
-wfnVTLm87YmdDSgd2IC2eRhBTIlt6NxRDlZJdKWvkmfdvudt0niNgYemeDVj6yTa
-ayodpq8Y5WRAIRNJ/wxg7AH3JVT94zGrYCdcKQCilxizwXcqAy1jACC57WyyTqF5
-nidDfB6Hj1yAwIqe6WqfKjaErNaQ+z80ZOoxgmBf7FJGCxXO02zvePtX1iShMnaP
-EiN+ZbvGihWEihRV5AW/mIE58igEeu/VLVRAHPlfVLbJKDXHKyI15DjZpb6irjqj
-bUYhN8uhcXH26vl4c5csSJiiok3QikrI7cWFnmIprcb1HhNXH1hHL1fSfAGp1HZk
-y6S0MYrCyV3SkYqiXpJr3iXf/hY0pfOGvK4n3GSIeRf2uN/YANXUrGbwjIQbX6PT
-9OAfQyUalVKNRhQ5/c6Ha/nBTFQD+DH/z/DK6/hkkd9fPI8S4pP9ZiZSIj/Q3bEk
-cdmjDf1r8FQL49bKZ/k7KyjN1LS88Fk=
-=m8Jt
+hQEMA3FIVp8H7sPdAQf/X7ig+FFM9cISk/7/yqNn3kHhkWdX27xlkq+4ZawlBINg
+3moZ9gsDc+lFl0JDNSlioIPTbm2BnuUdbJZh/CaUoF0E5PGtZ+xMqNMFQyNUe/Jx
+itw3OTBj6W5hXcJ6o94dmt7eDB9v30CmPxwF3+uPVW9eSbrmuPXRCWp+kocBWTWP
+mgS8p9mNZnsyOtVxmsmiLZVjzC5exiqvJxK1NaDODuNfLhHRRBZBlP347fXxXt12
+NFeawLb4o8X23bky0TdCSBkNd5dOjGVzwEDRgZq+0GBzpLQ9kdFrnxzSPilqeA6I
+BQgZGyTWB6KKpMH6cn+LT5NYKTWXeNuRZp2PDu/suYUCDANFyv97HroM4gEP/jQK
+HL6DT7xexmIPFiwOyXOHyneYcB9OkuvbyrjevhZdbk+OpaToFAlOfetcNhMw8udU
+fMYrFUC/1Qr8GEL4TjJCs/IIkPrbmMJBrg0Gaalja93d9BnfQZuAlkRyWZ6VV40w
+t5RIq/xwvY3JUSdF86yZcKBzEQ0+zrkA1vAEtz8/Ngk/qVCHDszfpH5DN5q/yxHr
+QmHu+ufyTyeTyglVelR2bNfMjmbzlHE4ik+ltBh8xYLhhNUqxvZ5FsCapPnaZ9/z
+xqsh+NgvDpkof0PO5xCj0fiCfPF9FRracQNTQ7xqvk5KwgZ8QMfzxCog8wLvi4Ls
+q8uaQ9n+jkg4lsORp79MBWMQZMJTOzpoYVcwrruoTqB+x0tH1CWec9Noc6VaopSb
+QDv+4xhIpGHyM2W64gVMspq9kRVYDEwiT/ZRwNw14RfWYXdO5SuJ4+99FeXavCx4
+UwVyVCTuNt+XcRKQr+loryodaPV98uPpqOUMlN3fHY+SQk0xsxks43MOpXGLQD/s
+Gu5pOoUO+UkZm1NhEQeJyuzdHjiy/gzm5t03nymNHVLMkkykL0ZRUpPyoJ6LfmtM
+/KXxYVVkr9Hp2zijTqRsaZgxEcQ4EHV/m+i9efWKSzguEQAPkjkLnnWoB4xv0wCO
+kexmadITAqH6b+NzbLtQ7m/5cto6bKcRb7Jc1oVShF4DuTZgWQVTimoSAQdACp/v
+KovVvzmXBRLy8+xl4TV4rN96mQ5AZAkMMi7GUHUwJKAmzsDfZBYwh8p0JMs2LSKv
+B/j9/YtgBihqMsSVyAGehywuHNLr0nWpAiuaeqzNhQEMA3JSum2oPpmjAQf+NAC1
+5DIAbgyydT+ygHpEt5McCqiD9Kpz2ypI4i7JJ1kvFTAtsxP3gk60LKz7rk28D/+l
+FFDl3iYKENg3h6yrRQduVzSiXA42hONoPw/4O1NEv3fTBT7b89pfwFpy+wRb85NZ
+BMgmRQ3aVgQwDWdcYBhCOpsCjKivNTKKFpktU7eFpcYQtgbfPYB1BL2LACVKoF6W
+pDoe4NdZHGMQB+D6sXKCoUdGR0brNpkYPZhLBVBlsc5uCtg4MBeyKESxzKiy3Qia
+DOPA84m3GH82ppb+NOCOid/WFoj8NZvgWR/ZfNZDvgRP4Zk1PPb7ex4xkIVp42P0
+HBjZO/0Giqcr0IO8x4UCDAMgh3Sl6qoo5wEP/2fNQQ1e3v41Sf4dMJKVyXivTmrd
+lNl4x2JwHn1RG0RmU02RHO7+FYr9HWbLe+s47AbG1csPALIV8Azt6tHLiu2bMeDD
+ylf9dHO02Jef6tjzQ/iRsxaUOLW8elK3bERkd3VGcrlMar9/Dbf+NJShcoXVhwOx
+4hDynGYfd13CeY5MWQwHMD3sutwnR8zLiRbRURUGiYGb2eqtXRXLUrZE4Ub3jMfK
+yFJkPdgESNQHbhM/+kHd5HK4+8QcUak3uyUtPCObiX8eFxjkQZIUPTfY+kpKPapk
+qsQQXDt8fA8WKLbpClT6EZ4hTWl+3njpuE9YhV0UslAcdnebPDwUGdbLF0vMR50I
+iV5FJ743leYHGVoNkLp6WfoE6iIpcQyl5FBMFMW2L4Rkzx3bFe6NJ7Pw8zCVEeN+
+PqLYmM+v+yGk7yIUO3sQ0BZJhzdcie6lmDPJd8Jv0L/SPITbagYwZQ9CNtYDg2WG
+CDl/24/wKdmdJHLHWkT3So+INB1sWOHMINfDsX7qc45e75GODEuPa7MkmC4c+MT1
+v1tLaN6qbcbQ1tA2hCRPBhKOiT9kzi5aWyoWx+2HYu1EyMeZSbBrxJbIUXQCSr9L
+heS+lfllsHnxdv02DFVYvYi2L8sQYmcnEu+m+F3QFyaxCSRyfdvS00wTtMxJYsAZ
+VTUzAzSH7FOgYZ17hQIMA60FVIBB12TIARAAoRvg6HJYoyc3dySfI8bd7uqdOwR2
+4e7Voe58fRZiS4647Tipf7BqS1lVwRYB/NtPgru36CIgAtETfRGWIp3ocYR5cci4
+L2nNI/yklwxYS/rUU+FsN5ZJxR7WSdhLkTPlw3hNhkMJbXwFcvPpWM3vNriDhIKM
+5uVT+T2OPOsXOAfADFTTT7eIE947Rzx7mND42PnBgpWBw0e+1S5rushdXnAspLby
+T05tgzFs0T+ZybcdLIyhpU5sZBsfHrpe76BtwPOI7VUQi7dfIB/C9m7jLzuTTnR2
+PR6sS5DLlxamW4351SFjg84M6z78iTJIRV6GVieE7Lt0ejJvyDfak/zwzyHiDik0
+BATi5kfaAxh/7g88niQDrrtIElNRlZoo76d1KxAdx1+4WqOt/96NKYS801Hp2Awn
+YHrUdf7O3QGunBZ37Nm1mGGNwvqNZr+PwddMnvaWaYu5fJkoTOGA7AK1kXIWONJn
+qRSeawhPY9hm4ProL4nU69WJIEto9xT9BuyQ7SEbBsk/KsLwu3mRC9BGJidEmmcF
+/ysnc79cl0m3c6aoaT3TDdNCaHXMR/lPP8jqBECVWBj0JJ6Z7QcGdKXyrwuRnQES
+FrPfBYtwqQSl2ovLgOIFQT55Q3ao5b95+EAy2Bx/F4f0bnXl8PqaAdGZvqYaV14S
+d8VCY/ah9U0WfFbSfAEQ9PHHvg1C7dEEHpZIxuIOXDWaCP7eu9x/ejXWYb5HJ4MG
+ku5RUVFunfD6OucbVvwng7UC4hX8DO9SY+yUiwTgDt4AvSOHCaf3FtXtZY4Lf9N0
+92qnYGX6QBlHhlIHzQxXI3J01TpGmtoWxsz24b5zftR3e1QlN1kSzm8=
+=G0Pc
 -----END PGP MESSAGE-----
--- a/playbooks/dragon.yml
+++ b/playbooks/dragon.yml
@@ -14,5 +14,4 @@
    - { role: syncrepo }
    - { role: sogrep }
    - { role: archbuild }
-    - { role: arch_boxes }
    - { role: docker_image }
--- a/playbooks/monitoring.archlinux.org.yml
+++ b/playbooks/monitoring.archlinux.org.yml
+- name: setup prometheus server
+  hosts: monitoring.archlinux.org
+  remote_user: root
+  roles:
+    - { role: firewalld }
+    - { role: common }
+    - { role: tools }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: hardening }
+    - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
+    - { role: prometheus }
+    - { role: certbot }
+    - { role: nginx }
--- a/pubkeys/bisson.pub
+++ b/pubkeys/bisson.pub
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINudBIPkIfixNGckLLTm7ZXhksMTpE7QB8SLgXmoPd8a bisson@vesath.org
--- a/pubkeys/maximbaz_buildhost.pub
+++ b/pubkeys/maximbaz_buildhost.pub
-command="rsync --server -logDtpre.iLsfxC --delete --partial . /home/maximbaz/public_html/repo/",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX5UOJ2aRK0LBSoWetHMwHNBItE9YrSWq7SWzDdX9R4bkvI38U/fKhWVWLpsQMczu90wT/VU2BN8PmcnPL091NqvqPC3NR9ol4KWJb5BhqRIUivwJ+yw2XTq5h4J7nhuS1OQo9HxD+g0KvnCCwvlHTAbnccu7FoEX9dGwwseUfgwaQl0rPM7LUgZ5uPZV0BbBnELe2xn9c1pcWkoVjOfZRzYwqfoQ8A4+dQYgZZwizbrE+sfOrPcPYvm+lSpqQ4Y91baOYXLbO1GyT1G3oBppqzwcJ4utbfaOSr+gOrA2B6QwqYts22UHdqY/9QLUjTg/MbitsS4bVttMaQPjTU5yUEn5iJIBkPGpfrOtDfo9v0pZ6PoKKsQ7DjmiYG6BYHckNTi5We7XMVVC7zBCJ8HQGoq7RvIrsebBtMrA8Vh3JhBcD7K+I2CVy4cOOwlW7uYchFvxJwkbSlLgFxpMxsHtrJSIx/8C6gMrdnls08/BXYhpHoQOhcdSyNL2jqeqpROSEUdemhbMEj0E6o289mD6bqYmnoz6HJmpVVYhFh8+I4lSbN3PNjHoAZhKiC9+6qf744y5+jR7FBTnBebZlPmnNaF+j6/lJ0N7A5Fggo8NzF8/qHFgSvyJ9N0lxWKIkc6yfH1a9GKJEs0Ng+2yMEBoZdJzrPTuU0iBMJYivct1okw==
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX5UOJ2aRK0LBSoWetHMwHNBItE9YrSWq7SWzDdX9R4bkvI38U/fKhWVWLpsQMczu90wT/VU2BN8PmcnPL091NqvqPC3NR9ol4KWJb5BhqRIUivwJ+yw2XTq5h4J7nhuS1OQo9HxD+g0KvnCCwvlHTAbnccu7FoEX9dGwwseUfgwaQl0rPM7LUgZ5uPZV0BbBnELe2xn9c1pcWkoVjOfZRzYwqfoQ8A4+dQYgZZwizbrE+sfOrPcPYvm+lSpqQ4Y91baOYXLbO1GyT1G3oBppqzwcJ4utbfaOSr+gOrA2B6QwqYts22UHdqY/9QLUjTg/MbitsS4bVttMaQPjTU5yUEn5iJIBkPGpfrOtDfo9v0pZ6PoKKsQ7DjmiYG6BYHckNTi5We7XMVVC7zBCJ8HQGoq7RvIrsebBtMrA8Vh3JhBcD7K+I2CVy4cOOwlW7uYchFvxJwkbSlLgFxpMxsHtrJSIx/8C6gMrdnls08/BXYhpHoQOhcdSyNL2jqeqpROSEUdemhbMEj0E6o289mD6bqYmnoz6HJmpVVYhFh8+I4lSbN3PNjHoAZhKiC9+6qf744y5+jR7FBTnBebZlPmnNaF+j6/lJ0N7A5Fggo8NzF8/qHFgSvyJ9N0lxWKIkc6yfH1a9GKJEs0Ng+2yMEBoZdJzrPTuU0iBMJYivct1okw==
--- a/pubkeys/seblu.pub
+++ b/pubkeys/seblu.pub
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+gMoU6Yy/gCZ1PyWKmX4nXMDJzZCVSt1fv33N4IU5AYt3xZ4GmWSevAi82e+LGd1SPphUJPnl2Nc49NXrj3IQNjcZRYG/Ji3cBZiYYvYA10oBCX7mzTZ9FirSo2aF2h3YghP214MT2SBKuKiBhFeUrNI0rrjDE+BFeThyjQTchtqK4bWzKFe8sFxfZc8JHGJUhD2+HaIdsYdPA/AtQOuW7+UB/cby5bwfLmCYMSTXwjhzAs7CHYJYVaGM3nnmmDae2NIzUqXzJYUXh4C4PR96mnwfINcW9cu+toMDF1d39zS5PkhtNnW6WjkvMOWOIzpcbAXOPPCAXfplFShFujbm/ONOKc/ZXi9DMLeuXKTVFRXNRcsMAzauSX8R74Q75TVnuV+CjgR9qSLeyWCWEF3BTSknUGZdglKovlL5d9R6DaUX/rI8Q6RrCOe/N4x1NgcjpwG+yoMOOqYBn+I/gjxGM9IHPYu++KVolyZ49cM230DcBtejPzxDxkeWKaQEbqJUtbwnM73um78rWYADKaEskA0J/gR9actp/UuXHNdSr8w5lo3Lm+ymI1IFi9nArk0H8rsriQwAd3ZL3OjswLEP1PDOgEIEJpFI5SNWIXJAb+tb6PksPmXslSERJM0QuwkwEMeDT0iruxH6+7IG1q64X544PciQqHFy07R seblu 2016
\ No newline at end of file
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLR8jNAXVfUTY1Z7jJn3KfFgvIMn5xeYozo6cyLNjYm seblu2019
--- a/roles/arch_boxes/defaults/main.yml
+++ b/roles/arch_boxes/defaults/main.yml
---
-
-archboxes_user: 'archboxes'
-archboxes_home: '/srv/arch-boxes'
-archboxes_git_dir: '/srv/arch-boxes/arch-boxes'
-archboxes_time: '*-*-* 04:00:00'
-archboxes_version: "1.6.0"
--- a/roles/arch_boxes/files/virtualbox.conf
+++ b/roles/arch_boxes/files/virtualbox.conf
-# Loads all necessary virtualbox modules
-vboxdrv
-vboxnetadp
-vboxnetflt
--- a/roles/arch_boxes/tasks/main.yml
+++ b/roles/arch_boxes/tasks/main.yml
---
-
- name: install arch-boxes dependencies
-  pacman: name=git,packer,virtualbox,qemu-headless,virtualbox-host-modules-arch,python,python-urllib3 state=present
-
- name: create arch-boxes user
-  user: name={{ archboxes_user }} shell=/bin/bash home="{{ archboxes_home }}" createhome=yes
-
- name: clone arch-boxes repository
-  git: repo='https://github.com/archlinux/arch-boxes.git' dest="{{ archboxes_git_dir }}" force=yes version="{{ archboxes_version }}"
-
- name: load virtualbox kernel modules
-  modprobe: name="{{ item }}" state=present
-  with_items: ['vboxdrv', 'vboxnetadp', 'vboxnetflt']
-
- name: add modules-load config for virtualbox
-  copy: src=virtualbox.conf dest=/etc/modules-load.d/virtualbox.conf owner=root group=root mode=0644
-
- name: adjust permissions of git checkout
-  file: path="{{ archboxes_git_dir }}" state=directory recurse=yes owner="{{ archboxes_user }}" group="{{ archboxes_user }}" mode=preserve
-
- name: ensure controller.py of arch-boxes is executable
-  file: path="{{ archboxes_git_dir }}/controller.py" mode=0755 owner=root group=root
-
- name: replace placeholder to vagrantcloud API Key
-  no_log: true
-  replace: path="{{ archboxes_git_dir }}/vagrant.json" regexp='PLACEHOLDER' replace="{{ vault_archboxes_apikey }}" owner=root group=root mode=0600
-
- name: install sudoers file
-  template: src=sudoers.d.j2 dest=/etc/sudoers.d/archboxes owner=root group=root mode=0440
-
- name: install arch-boxes service
-  template: src='arch-boxes.service.j2' dest='/etc/systemd/system/arch-boxes.service' owner=root group=root mode=0644
-  notify:
-    - daemon reload
-
- name: install arch-boxes timer
-  template: src='arch-boxes.timer.j2' dest='/etc/systemd/system/arch-boxes.timer' owner=root group=root mode=0644
-  notify:
-    - daemon reload
-
- name: start and enable arch-boxes timer
-  service: name='arch-boxes.timer' enabled=yes state=started
--- a/roles/arch_boxes/templates/arch-boxes.service.j2
+++ b/roles/arch_boxes/templates/arch-boxes.service.j2
-[Unit]
-Description=arch-boxes service for deploying images and vagrant boxes
-
-[Service]
-Type=oneshot
-ExecStart={{ archboxes_git_dir }}/controller.py
-User={{ archboxes_user }}
--- a/roles/arch_boxes/templates/arch-boxes.timer.j2
+++ b/roles/arch_boxes/templates/arch-boxes.timer.j2
-[Unit]
-Description=Timer for arch-boxes.service
-
-[Timer]
-OnCalendar={{ archboxes_time }}
-Persistent=true
-Unit=arch-boxes.service
-
-[Install]
-WantedBy=timers.target
--- a/roles/arch_boxes/templates/sudoers.d.j2
+++ b/roles/arch_boxes/templates/sudoers.d.j2
-%archboxes-sudo ALL=({{archboxes_user}}) NOPASSWD:ALL
--- a/roles/archwiki/meta/main.yml
+++ b/roles/archwiki/meta/main.yml
+---
+dependencies:
+  - role: nginx