DuckCorp-Infra » History » Revision 20
Revision 19 (Marc Dequènes, 2020-04-07 15:19) → Revision 20/21 (Marc Dequènes, 2020-10-28 15:10)
h1. Introduction This is the root of the DuckCorp Admin Team materials used to install, configure and manage services. DuckCorp is commited to "Free Software":https://en.wikipedia.org/wiki/Free_software, thus all materials are published under the GPL v3 License (see details of the license in the `COPYING` file). h1. Understanding these Materials and Contributing Please read the *README* file in the Repository tab. h1. Wanted Improvements or Bugs affecting our Infrastructure DuckCorp is using the Debian operating system; here are some bugs we identified as affecting our infrastructure: * https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=admin@duckcorp.org;nam0=Severity;pri0=severity:critical,grave,serious,important,normal,minor,wishlist;nam1=Host;ttl1=All,Elwing,Jinta,Korutopi,Nicecity,Orfeo,Toushirou,Thorfinn;pri1=tag:host-all,host-elwing,host-jinta,host-korutopi,host-nicecity,host-orfeo,host-toushirou,host-thorfinn (this URL needs maintenance each time we have a new machine or tag) * https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=admin%40duckcorp.org&tag= (closed BR expiration is faster) h1. Sensitive Materials Some sensitive materials (credentials, privacy-related…) which are not needed to build the Infrastructure are encrypted using "Ansible Vault":https://docs.ansible.com/ansible/latest/playbooks_vault.html stored in a separate dedicated GPG-encrypted repository. h2. Access To know more about use this repository first install @git-remote-gcrypt@, then, in a safe place: git clone gcrypt::ssh://vcs-git.duckcorp.org/srv/projects/duckcorp/admin cd admin.git git config gcrypt.participants "$(tr '\n' ' ' < participants)" git config remote.origin.gcrypt-publish-participants true You can then push/pull as usual. h2. Maintenance of the vault management please read Participants file The @participants@ file contains a list of GPG fingerprints (one by line) for each DuckCorp administrator (key IDs can allow collisions!). It needs to be updated when someone enter or leaves the _Dealing team. The corresponding git repository setting (seen above) carefully needs to be synchronized with Secrets_ chapter in source:README.md. this file. h1. Procedures / Notes h2. General * [[Naming Rules]] * [[Security Model]] h2. Services * Databases: ** [[LDAP]] ** [[MySQL]] ** [[PostgreSQL]] * [[Debian Repository]] * [[DHCP]] * [[DNS]] * [[Mail]] * [[PKI]] * [[Supervision]] * [[Web]]