Commit dae9a820 authored by intrigeri's avatar intrigeri
Browse files

Sysadmin: directly link to the code

parent 3ace3ee8
......@@ -160,7 +160,8 @@ Below, importance level is evaluated based on:
* access: anyone can read, Tails core developers can write
* tools: [[!debpts reprepro]]
* configuration:
- `tails::reprepro::custom` class in [[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/reprepro/custom.pp
desc="`tails::reprepro::custom` class"]]
- signing keys are managed with the `tails_secrets_apt` Puppet module
* importance: critical (needed by users, and to build & release a Tails ISO)
......@@ -173,8 +174,8 @@ Below, importance level is evaluated based on:
* access: anyone can read, release managers have write access
* tools: [[!debpts reprepro]]
* configuration:
- `tails::reprepro::snapshots::time_based` class in
[[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/reprepro/snapshots/time_based.pp
desc="`tails::reprepro::snapshots::time_based` class"]]
- signing keys are managed with the `tails_secrets_apt` Puppet module
* importance: critical (needed to build a Tails ISO)
......@@ -187,8 +188,8 @@ Below, importance level is evaluated based on:
snapshots
* tools: [[!debpts reprepro]]
* configuration:
- `tails::reprepro::snapshots::tagged` class in
[[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/reprepro/snapshots/tagged.pp
desc="`tails::reprepro::snapshots::tagged` class"]]
- signing keys are managed with the `tails_secrets_apt` Puppet module
* importance: critical (needed by users and to release Tails)
......@@ -197,7 +198,9 @@ Below, importance level is evaluated based on:
* purpose: handle the Tails Bitcoin wallet
* access: Tails core developers only
* tools: [[!debpts bitcoind]]
* configuration: `bitcoind` class in [[!tails_gitweb_repo puppet-bitcoind]]
* configuration:
[[!tails_gitlab tails/puppet-bitcoind/-/blob/master/manifests/init.pp
desc="`bitcoind` class"]]
* Vcs-Git: [[!tails_gitweb_repo bitcoin]] and [[!tails_gitweb_repo libunivalue]]
* importance: medium
* To save disk space: as the `bitcoin@bitcoin.lizard` user, run
......@@ -225,9 +228,11 @@ Below, importance level is evaluated based on:
- Tails sysadmins can edit the zones with `pdnsutil edit-zone`
* tools: [[!debpts pdns]] with its MySQL backend
* configuration:
- `tails::pdns` and `tails::pdns::*` resources in
[[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitweb_repo puppet-powerdns]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/pdns.pp
desc="`tails::pdns` class"]]
and [[!tails_gitlab tails/puppet-tails/-/tree/master/manifests/pdns
desc="`tails::pdns::*` resources"]]
- [`powerdns` Puppet module](https://github.com/sensson/puppet-powerdns)
* importance: critical (most of our other services are not available
if this one is not working)
......@@ -258,8 +263,9 @@ Below, importance level is evaluated based on:
and whose canonical copy lives on GitLab
* access: Tails core developers only
* tools: [[!debpts gitolite3]]
* configuration: `tails::gitolite` class in [[!tails_gitweb_repo
puppet-tails]]
* configuration:
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/gitolite.pp
desc="`tails::gitolite` class"]]
* importance: high (needed to release Tails)
## git-annex
......@@ -269,10 +275,12 @@ Below, importance level is evaluated based on:
* access: Tails core developers only
* tools: [[!debpts git-annex]]
* configuration:
- `tails::git_annex` and `tails::gitolite` classes in
[[!tails_gitweb_repo puppet-tails]]
- `tails::git_annex::mirror` defined resource in
[[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/git_annex.pp
desc="`tails::git_annex` class"]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/gitolite.pp
desc="`tails::gitolite` class"]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/git_annex/mirror.pp
desc="`tails::git_annex::mirror` defined resource"]]
* importance: high (needed to release Tails)
<a id="icinga2"></a>
......@@ -293,17 +301,21 @@ Below, importance level is evaluated based on:
* tools: [[!debpts icinga2 desc="Icinga2"]], [[!debpts icingaweb2]]
* configuration:
- master:
* `tails::monitoring::master` class in [[!tails_gitweb_repo puppet-tails]].
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/monitoring/master.pp
desc="`tails::monitoring::master` class"]].
* some configuration in the ecours.tails.boum.org node manifest.
* See Vpn section.
- web server:
* `tails::monitoring::icingaweb2` class in [[!tails_gitweb_repo puppet-tails]],
that wraps around [upstream `icingaweb2` module](https://git.icinga.org/puppet-icingaweb2.git).
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/monitoring/icingaweb2.pp
desc="`tails::monitoring::icingaweb2` class"]],
that wraps around [upstream `icingaweb2` module](https://git.icinga.org/puppet-icingaweb2.git).
* some configuration in the ecours.tails.boum.org node manifest.
- satellite:
* `tails::monitoring::satellite` class in [[!tails_gitweb_repo puppet-tails]],
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/monitoring/satellite.pp
desc="`tails::monitoring::satellite` class"]]
- agents:
* `tails::monitoring::agent` class in [[!tails_gitweb_repo puppet-tails]]
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/monitoring/agent.pp
desc="`tails::monitoring::agent` class"]]
- private keys are managed with the `tails_secrets_monitoring` Puppet module
* documentation:
- [[How to add checks to our monitoring setup|roles/sysadmins/adding_icinga2_checks]]
......@@ -316,7 +328,8 @@ Below, importance level is evaluated based on:
request an account.
* tools: prosody
* configuration:
- `tails::prosody` in [[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/prosody.pp
desc="`tails::prosody` class"]]
* importance: low
## Jenkins
......@@ -329,17 +342,25 @@ Below, importance level is evaluated based on:
* tools: [[!debpts jenkins desc="Jenkins"]], [[!debpts jenkins-job-builder]]
* configuration:
- master:
* `jenkins` class in [[!tails_gitweb_repo puppet-jenkins]]
* `tails::jenkins::master` class in [[!tails_gitweb_repo puppet-tails]]
* [[!tails_gitlab tails/puppet-jenkins/-/blob/master/manifests/init.pp
desc="`jenkins` class"]]
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/jenkins/master.pp
desc="`tails::jenkins::master` class"]]
* a few Jenkins plugins installed with `jenkins::plugin`
* YAML jobs configuration lives in a
[[!tails_gitweb_repo jenkins-jobs desc="dedicated Git repository"]];
[Jenkins Job Builder](http://ci.openstack.org/jenkins-job-builder/)
uses it to configure Jenkins
- slaves:
* `tails::builder`, `tails::jenkins::slave`,
`tails::jenkins::slave::iso_builder` and `tails::tester` classes in
[[!tails_gitweb_repo puppet-tails]]
* [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/builder.pp
desc="`tails::builder`"]],
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/jenkins/slave.pp
desc="`tails::jenkins::slave`"]],
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/jenkins/slave/iso_builder.pp
desc="`tails::jenkins::slave::iso_builder`"]],
and [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/tester.pp
desc="`tails::tester`"]]
classes
* some configuration in the manifest ([[!tails_ticket 7106]])
* signing keys are managed with the `tails_secrets_jenkins` Puppet module
- web server:
......@@ -353,8 +374,15 @@ Below, importance level is evaluated based on:
[[Schleuder lists|sysadmins#schleuder]]
* access: public MTA listening on `mail.tails.boum.org`
* tools: [[!debpts postfix]], [[!debpts amavisd-new]], [[!debpts spamassassin]]
* configuration: `tails::postfix`, `tails::amavisd_new` and
`tails::spamassassin` classes in [[!tails_gitweb_repo puppet-tails]]
* configuration:
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/postfix.pp
desc="`tails::postfix`"]],
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/amavisd_new.pp
desc="`tails::amavisd_new`"]],
and
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/spamassassin.pp
desc="`tails::spamassassin`"]]
classes
* importance: high (at least because WhisperBack bug reports go through this MTA)
<a id="meeting-reminder"></a>
......@@ -365,11 +393,18 @@ Below, importance level is evaluated based on:
* access: not applicable
* configuration:
- to add a new reminder, or modify an existing one:
- `tails::meeting::reminders` in [[!tails_gitweb_repo puppet-tails]]
- templates are in `files/meeting/`
- implementation (in [[!tails_gitweb_repo puppet-tails]]):
`tails::meeting`, `tails::meeting::reminder`, and
`files/meeting/meeting.py`
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/meeting/reminders.pp
desc="`tails::meeting::reminders`"]]
- [[!tails_gitlab tails/puppet-tails/-/tree/master/files/meeting
desc="email templates"]]
- implementation:
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/meeting.pp
desc="`tails::meeting`"]],
[[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/meeting/reminder.pp
desc="`tails::meeting::reminder`"]],
and
[[!tails_gitlab tails/puppet-tails/-/blob/master/files/meeting/meeting.py
desc="`meeting.py` script"]]
* importance: to be defined
<a id="mumble"></a>
......@@ -394,7 +429,8 @@ Below, importance level is evaluated based on:
developers
* tools: [[!debpts rsync]]
* configuration:
- `tails::rsync` in [[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/rsync.pp
desc="`tails::rsync`"]]
- users and credentials are managed with the `tails_secrets_rsync`
Puppet module
* importance: critical (needed to release Tails)
......@@ -406,8 +442,10 @@ Below, importance level is evaluated based on:
* purpose: host some of our Schleuder mailing lists
* access: anyone can send email to these lists
* tools: [[!debpts schleuder]]
* configuration: `tails::schleuder` class in [[!tails_gitweb_repo
puppet-tails]] and `tails::schleuder::lists` Hiera setting
* configuration:
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/schleuder.pp
desc="`tails::schleuder` class"]]
- `tails::schleuder::lists` Hiera setting
* importance: high (at least because WhisperBack bug reports go through this service)
## Tor bridge
......@@ -418,9 +456,10 @@ Below, importance level is evaluated based on:
[BridgeDB](https://bridges.torproject.org/)
* tools: [[!debpts tor]], [[!debpts obfs4proxy]]
* configuration:
- `tails::apt::repository::torproject` in
[[!tails_gitweb_repo puppet-tails]]
- `tor::daemon::relay` in [[!tails_gitweb_repo puppet-tor]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/apt/repository/torproject.pp
desc="`tails::apt::repository::torproject`"]]
- [[!tails_gitlab tails/puppet-tor/-/blob/master/manifests/daemon/relay.pp
desc="`tor::daemon::relay`"]]
* importance: low
## VPN
......@@ -430,8 +469,8 @@ Below, importance level is evaluated based on:
* access: private network.
* tools: [[!debpts tinc]]
* configuration:
- `tails::vpn::instance` class in the [[!tails_gitweb_repo puppet-tails]]
repo.
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/vpn/instance.pp
desc="`tails::vpn::instance` class"]]
* importance: transitively critical (as a dependency of our monitoring system)
## Web server
......@@ -440,7 +479,8 @@ Below, importance level is evaluated based on:
* access: depending on the service
* tools: [[!debpts nginx]]
* configuration:
- `nginx` class in [[!tails_gitweb_repo puppet-nginx]]
- [[!tails_gitlab tails/puppet-nginx/-/blob/master/manifests/init.pp
desc="`nginx` class"]]
* importance: transitively critical (as a dependency of Jenkins)
<a id="weblate"></a>
......@@ -454,7 +494,8 @@ Below, importance level is evaluated based on:
* admins: to be defined ([[!tails_ticket 17050]])
* tools: [Weblate](https://weblate.org/)
* configuration:
- `tails::weblate` class in [[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/weblate.pp
desc="`tails::weblate` class"]]
* importance: to be defined
## WhisperBack relay
......@@ -463,7 +504,8 @@ Below, importance level is evaluated based on:
* access: public; WhisperBack (and hence, any bug reporter) uses it
* tools: [[!debpts postfix desc="Postfix"]]
* configuration:
- `tails::whisperback::relay` in [[!tails_gitweb_repo puppet-tails]]
- [[!tails_gitlab tails/puppet-tails/-/blob/master/manifests/whisperback/relay.pp
desc="`tails::whisperback::relay` class"]]
- private keys are managed with the `tails_secrets_whisperback`
Puppet module
* importance: high
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment