README.md 2.1 KB
Newer Older
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
1
2
3
4
# Arch Infrastructure

This repository contains the complete collection of ansible playbooks and roles for the Arch Linux infrastructure.

5
6
7
It also contains git submodules so you have to run `git submodule update --init
--recursive` after cloning or some tasks will fail to run.

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
8
9
#### Instructions
All systems are set up the same way. For the first time setup in the Hetzner rescue system,
10
run the provisioning script: `ansible-playbook playbooks/install-arch.yml -l $host`.
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
11
12
13
14
15
16
The provisioning script configures a sane basic systemd with sshd. By design, it is NOT idempotent.
After the provisioning script has run, it is safe to reboot.

Once in the new system, run the regular playbook: `ansible-playbook playbooks/$hostname.yml`. This
playbook is the one regularily used for adminstrating the server and is entirely idempotent.

17
18
19
20
21
22
##### Note about first time certificates

The first time a certificate is issued, you'll have to do this manually by yourself. First, configure the DNS to
point to the new server and then run a playbook onto the server which includes the nginx role. Then on the server,
it is necessary to run the following once:

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
23
    certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w /var/lib/letsencrypt/ -d <domain-name>
24

25
26
Note that some roles already run this automatically.

27
28
29
30
31
32
##### Note about opendkim

The opendkim DNS data has to be added to DNS manually. The roles verifies that the DNS is correct before starting opendkim.

The file that has to be added to the zone is `/etc/opendkim/private/$selector.txt`.

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
33
34
35
36
37
38
39
40
41
42
43
## Servers

### vostok

#### Services
- backups

### orion

#### Services
- repos/sync (repos.archlinux.org)
44
- sources (sources.archlinux.org)
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
45
46
47
48
49
50
51
52
53
- archive (archive.archlinux.org)

### apollo

#### Services
- bbs (bbs.archlinux.org)
- wiki (wiki.archlinux.org)
- aur (aur.archlinux.org)
- mailman
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
54
- planet (planet.archlinux.org)
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
55
56
57
- bugs (bugs.archlinux.org)
- archweb
- patchwork
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
58
- projects (projects.archlinux.org)
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
59
60
61
62
63
64
65

### soyuz

#### Services
- build server (pkgbuild.com)
- releng
- torrent tracker
66
67
68
69
- sogrep
- /~user/ webhost
- irc bot (phrik)
- quassel core