Hello,
Florian suggested to move cgit and archweb to nymeria or luna. In this mail, I
will only focus on cgit, better known as projects.archlinux.org.
Currently:
- the web interface is a cgit on gudrun.
- http server is apache and run cgit via cgi-bin
- cgit scan /srv/git for repositories
- /srv/git is a NFS mountpoint from gerolde
- so, the git repositories are on gerolde
- users push to repos via ssh directly on gerolde. They will have to update
their remotes url.
- the total space of git repositories is about 730MiB
Currently, my preference would be to move the storage and the web interface on
the same host. I see more benefits than moving web interface on luna and git
repo on nymeria. We don't eat the space twice and we have all the repo
accessible under the projects.al.org dns.
Nonetheless, if we move the storage to nymeria, we save the configuration of
ssh access to all devs + externals to luna. Not sure if this is relevant if we
move to accounts to ldap.
Thoughts?
Here is a short planning if we go through this option:
1) setup a new cgit on luna (with nginx and uwsgi)
2) copy repos for testing purpose
3) create gitshell access to users
4) plan official migration date
5) reduce dns ttl of projects.al.org
6) wait for it
7) cut write access to gerolde repo
8) final repo sync
9) update dns records and restore ttl
10) take a beer
I see there is also dev.archlinux.org on gudrun that I could also move to luna
too.
Cheers,
--
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
Hello,
A new arch-devops mailing list has been added to lists.archlinux.org. The list
should be used to discuss Arch Linux infrastructure and operations topics.
Permission scheme are based on arch-dev-public; list is open for subscription
to anyone and writing only for Arch Linux Staff. So, the moderation flag should
be removed by mail to be able to write. If you can't do it, ping me.
Cheers,
--
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
Hello,
I am Chris from Arch Linux Security Team and I want to ask for restricted
acess for senders for the arch-security mailinglist.[1]
We had different issues in the past on this list including:
- neverending discussions.[2]
- broken MTAs (the newest one). Some emails from somebody are bouncing back
to the mailinglist.[3]
That's the reason why the security-team want a whitelist for this
mailinglist. Everybody can subscribe but sending to it should be restricted
to avoid this issues. I would be fine with it if the restriction is for
everyone except the Arch Linux Developers, Trusted Users, and staff.
If you want even more agressive rules I would be also fine if only our
security team and some developers can write to it. According to my mail on the
arch-dev-public mailinglist the security mailinglist should be for Arch
Linux Security Advisories only.[4]
best regards
Christian Rebischke
Member of Arch Linux Security Team
[1] arch-security(a)archlinux.org
[2] https://lists.archlinux.org/pipermail/arch-security/2015-December/000441.ht…
[3] https://paste.archlinux.de/KAV1/
[4] https://lists.archlinux.org/pipermail/arch-dev-public/2015-December/027581.…