Replicant » Replicant infrastructure

h1. Network Infrastructure

|_. What |_. Where |_. Access type | Who | Comments |

| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo

* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna

* @dllud

* @GrimKriegor

* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant

OSUOSL keeps 2 weeks worth of backups for restoration purposes. |

| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * @dllud

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna

* "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer

* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |

| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo

* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna

* @dllud

* OSUOSL system administrators

* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |

| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* OSUOSL system administrators | We should not use too much space. |

| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/

* Patches should be sent to the Replicant mailing list.

* There is a jenkins hook with a token to pull and deploy the website source code. |

| "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* Several FSF system administrators

* FSF backup server

* FSF Ansible deployment server | Resources kindly offered by the FSF.

The git configuration has "some documentation":https://redmine.replicant.us/projects/replicant/wiki/ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine .

Before handling SSH (root) access to this machine:

* Make sure that the person really needs it.

* Make sure that the person already contributed to Replicant.

* Ask one other person that has SSH access and/or the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee to also agree on it. |

| "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact | IMAP access | * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo

* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna

* @dllud

* @GrimKriegor | You can write to the contact address (all the members of "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee receive it) if for some reasons you need to receive it as well. |

|/2. #replicant IRC channel | Freenode | Channel operator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski

* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli

* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä

* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna | Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |

| OFTC | Channel operator | * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna

* @JeremyRand | Bridged with the Freenode IRC channel and #freenode_#replicant:matrix.org Matrix channel through the NCBridge bot operated by @JeremyRand |

| The replicant.us domain name | gandi.net | * Web inteface through gandi website

* The DNS entries are configured to use gandi's DNS server | * "Bradley Kuhn (administrative contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Bradley-M-Kuhn : Can do everything (including designating the technical contact or transferring the domain) 

* "GNUtoo (technical contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli : can do DNS zone changes

* Other people? "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski ? | |

| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL

* https://blog.replicant.us: OSUOSL

* https://redmine.replicant.us: OSUOSL

* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |

| "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account

* The "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact address was used as the mail  | See the [[Mastodon]] page for more details |

h2. OSUOSL

The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.

Contact:

* They can be contacted on #osuosl on the Freenode IRC network

* They also have a 'support' mail address at osuosl.org

h2. Virtual machine in FSF's infrastructure

* The virtual machine is hosted in a server that is in their office or in a datacenter.

* Several FSF network administrator also have access to the virtual machine

Contact:

* The 'sysadmin' mail address at gnu.org

* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

h3. Virtual machine specifications

The virtual machine runs on top of Xen and has:

* About 3G of RAM

* 1 virtual core

* a 10G rootfs partition

* a 100G storage partition for Replicant git repositories

* One IPv4 and one IPv6

Software:

* Trisquel 8.0

* The virtual machine may be using FAI and cfengine but it would need more investigation on that.

* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).

h3. Virtual machine backup policies

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:

<pre>

/dev

/proc

/tmp

/sys

/run

/mnt

/mnt0

/mnt1

/mnt2

/mnt3

/mnt4

/mnt5

/mnt6

/mnt7

/mnt8

/mnt9

/floppy/

/cdrom/

/media/

/net/

/var/spool/squid/

/var/spool/squid3/

/var/spool/squid3_bak/

/var/spool/squid-tbd/

/var/spool/squid*/

/var/spool/django/

/var/spool/exim/

/var/cache/

/srv/chroot/

/t

/srv/to-tape

/var/lib/ceph/osd/

/var/lib/apt/lists/

/var/cache/apt/

</pre>

h3. git hosting infrastructure on this machine

The source code is in /srv/git/git-data/repositories and is divided in several groups:

** Replicant source code

** LineageOS mirror

** AOSP mirror

** Various developers repositories

|_. function |_. software |_. documentation |_. comments |

| authorization | gitolite | "UpstrreamSourceCodeMirrors":https://redmine.replicant.us/projects/replicant/wiki/UpstrreamSourceCodeMirrors | |

| read access | * git:// -> git daemon

* ssh:// -> ssh daemon

* https:// -> ? (TODO: document the software/configuration) | | |

| web | cgit | "Cgit":https://redmine.replicant.us/projects/replicant/wiki/Cgit | |

h2. Gandi

* See https://en.wikipedia.org/wiki/Gandi for more details

h2. Freenode

h2. GDPR

* For GDPR related inquiries, you can write to the "PrivateContact":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact mail address.

h2. TODO:

* Ask the OSUOSL about backup policies.

* Document public spaces like Freenode IRC channel.

* Do our own backup policies and do some backups ourselves.

* Contact the people that have some control of the resources above and ask for permission to mention them here

* Fill the gaps (mentioned with '?') in this page

* Look what happens when an account is deleted

* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=

* Move the entries of this TODO list to the tracker when it makes sense

h1. Funding and legal entity

See the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee for more details.

h1. Legal advise

Contact John Sullivan at the FSF.

Note that John Sullivan is not a lawyer but the FSF has lawyers.

h1. Documentation 

The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.