DuckCorp-Infra » History » Revision 16
Revision 15 (Marc Dequènes, 2020-04-06 13:26) → Revision 16/21 (Marc Dequènes, 2020-04-06 13:28)
h1. Introduction This is the root of the DuckCorp Admin Team materials used to install, configure and manage services. DuckCorp is commited to "Free Software":https://en.wikipedia.org/wiki/Free_software, thus all materials are published under the GPL v3 License (see details of the license in the `COPYING` file). h1. Understanding these Materials and Contributing Please read the *README* file in the Repository tab. h1. Wanted Improvements or Bugs affecting our Infrastructure DuckCorp is using the Debian operating system; here are some bugs we identified as affecting our infrastructure: * https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=admin@duckcorp.org;nam0=Severity;pri0=severity:critical,grave,serious,important,normal,minor,wishlist;nam1=Host;ttl1=All,Elwing,Jinta,Korutopi,Nicecity,Orfeo,Toushirou,Thorfinn;pri1=tag:host-all,host-elwing,host-jinta,host-korutopi,host-nicecity,host-orfeo,host-toushirou,host-thorfinn (this URL needs maintenance each time we have a new machine or tag) * https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=admin%40duckcorp.org&tag= (closed BR expiration is faster) h1. Sensitive Materials Some sensitive materials (credentials, privacy-related…) which are not needed to build the Infrastructure are stored in a separate dedicated GPG-encrypted repository. h2. Access To use this repository first install @git-remote-gcrypt@, then, in a safe place: git clone gcrypt::ssh://vcs-git.duckcorp.org/srv/projects/duckcorp/admin cd admin.git git config gcrypt.participants "$(tr '\n' ' ' < participants)" git config remote.origin.gcrypt-publish-participants true You can then push/pull as usual. h2. Maintenance of the Participants file The @participants@ file contains a list of GPG fingerprints (one by line) for each DuckCorp administrator (key IDs can allow collisions!). It needs to be updated when someone enter or leaves the team. The corresponding git repository setting (seen above) carefully needs to be synchronized with this file. h1. Procedures / Notes h2. General * [[Naming Rules]] * [[DANE]] [[Notes on DANE adoption]] h2. Services * Databases: ** [[LDAP]] ** [[MySQL]] ** [[PostgreSQL]] * [[Debian Repository]] * [[DHCP]] * [[DNS]] * [[Mail]] * [[PKI]] * [[Supervision]] * [[Web]]