Skip to content
GitLab
Commit 81e29c04 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Merge branch 'master' of ssh://git.archlinux.org/srv/git/infrastructure

parents eacdda3e f5500702
Hide whitespace changes
Inline Side-by-side
README.md
View file @ 81e29c04
...@@ -212,7 +212,7 @@ The following steps should be used to update our managed servers: ...@@ -212,7 +212,7 @@ The following steps should be used to update our managed servers:
#### Services: #### Services:
- ~/user/ webhost - ~/user/ webhost
### accounts.archlinux.org ### accounts.archlinux.org
This server is /special/. It runs keycloak and is central to our unified Arch Linux account management world. This server is /special/. It runs keycloak and is central to our unified Arch Linux account management world.
...@@ -240,8 +240,9 @@ So to set up this server from scratch, run: ...@@ -240,8 +240,9 @@ So to set up this server from scratch, run:
## reproducible.archlinux.org ## reproducible.archlinux.org
### Services ### Services
- Runs a master rebuilderd instance with two PIA workers (repro1.pkgbuild.com - Runs a master rebuilderd instance with two PIA workers (repro1.pkgbuild.com,
and repro2.pkgbuild.com). repro2.pkgbuild.com and repro3.pkgbuild.com).
repro3.pkgbuild.com is packet.net machine which runs Ubuntu.
## Ansible repo workflows ## Ansible repo workflows
......
group_vars/all/root_access.yml
View file @ 81e29c04
...@@ -31,7 +31,7 @@ root_gpgkeys: ...@@ -31,7 +31,7 @@ root_gpgkeys:
- CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E # bluewind - CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E # bluewind
- F3691687D867B81B51CE07D9BBE43771487328A9 # bpiotrowski - F3691687D867B81B51CE07D9BBE43771487328A9 # bpiotrowski
- 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis - 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis
- 605071ECA86C954B866585C0567A6F396F2CFC03 # fukawi2 - 605071ECA86C954B866585C0567A6F396F2CFC03 # fukawi2 https://keybase.io/fukawi2/pgp_keys.asc
- ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini - ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini
- 8218F88849AAC522E94CF470A5E9288C4FA415FA # heftig - 8218F88849AAC522E94CF470A5E9288C4FA415FA # heftig
- E499C79F53C96A54E572FEE1C06086337C50773E # jelle - E499C79F53C96A54E572FEE1C06086337C50773E # jelle
......
playbooks/tasks/fetch-borg-keys.yml
View file @ 81e29c04
...@@ -12,9 +12,20 @@ ...@@ -12,9 +12,20 @@
command: "/usr/local/bin/borg key export :: /dev/stdout" command: "/usr/local/bin/borg key export :: /dev/stdout"
register: borg_key register: borg_key
- name: fetch borg offsite key
command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
register: borg_offsite_key
- name: save borg key - name: save borg key
shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %} shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
args: args:
stdin: "{{borg_key.stdout}}" stdin: "{{borg_key.stdout}}"
chdir: "{{playbook_dir}}/../.." chdir: "{{playbook_dir}}/../.."
delegate_to: localhost delegate_to: localhost
- name: save borg offsite key
shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
args:
stdin: "{{borg_offsite_key.stdout}}"
chdir: "{{playbook_dir}}/../.."
delegate_to: localhost
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment