h1. Network Infrastructure

|_. What |_. Where |_. Access type | Who | Comments |
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
* @dllud
* @GrimKriegor
* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * @dllud
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
* "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
* @dllud
* OSUOSL system administrators
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* OSUOSL system administrators | We should not use too much space. |
| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/
* Patches should be sent to the Replicant mailing list.
* There is a jenkins hook with a token to pull and deploy the website source code. |
| "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* Several FSF system administrators
* FSF backup server
* FSF Ansible deployment server | Resources kindly offered by the FSF.
The git configuration has "some documentation":https://redmine.replicant.us/projects/replicant/wiki/ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine .
Before handling SSH (root) access to this machine:
* Make sure that the person really needs it.
* Make sure that the person already contributed to Replicant.
* Ask one other person that has SSH access and/or the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee to also agree on it. |
| "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact | IMAP access | * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
* @dllud
* @GrimKriegor | You can write to the contact address (all the members of "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee receive it) if for some reasons you need to receive it as well. |
|/2. #replicant IRC channel | Freenode | Channel operator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna | Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |
| OFTC | Channel operator | * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
* @JeremyRand | Bridged with the Freenode IRC channel and #freenode_#replicant:matrix.org Matrix channel through the NCBridge bot operated by @JeremyRand |
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
* The DNS entries are configured to use gandi's DNS server | * "Bradley Kuhn (administrative contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Bradley-M-Kuhn : Can do everything (including designating the technical contact or transferring the domain) 
* "GNUtoo (technical contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli : can do DNS zone changes
* Other people? "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski ? | |
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
* https://blog.replicant.us: OSUOSL
* https://redmine.replicant.us: OSUOSL
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
| "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account
* The "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact address was used as the mail  | See the [[Mastodon]] page for more details |

h2. OSUOSL

The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.

Contact:
* They can be contacted on #osuosl on the Freenode IRC network
* They also have a 'support' mail address at osuosl.org

h2. Virtual machine in FSF's infrastructure

* The virtual machine is hosted in a server that is in their office or in a datacenter.
* Several FSF network administrator also have access to the virtual machine

Contact:
* The 'sysadmin' mail address at gnu.org
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

h3. Virtual machine specifications

See [[VMSpecifications]] for the VM specifications.

h3. Virtual machine backup policies

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
<pre>
/dev
/proc
/tmp
/sys
/run
/mnt
/mnt0
/mnt1
/mnt2
/mnt3
/mnt4
/mnt5
/mnt6
/mnt7
/mnt8
/mnt9
/floppy/
/cdrom/
/media/
/net/
/var/spool/squid/
/var/spool/squid3/
/var/spool/squid3_bak/
/var/spool/squid-tbd/
/var/spool/squid*/
/var/spool/django/
/var/spool/exim/
/var/cache/
/srv/chroot/
/t
/srv/to-tape
/var/lib/ceph/osd/
/var/lib/apt/lists/
/var/cache/apt/
</pre>

h3. git hosting infrastructure on this machine

The source code is in /srv/git/git-data/repositories and is divided in several groups:
** Replicant source code
** LineageOS mirror
** AOSP mirror
** Various developers repositories

|_. function |_. software |_. documentation |_. comments |
| authorization | gitolite | "UpstrreamSourceCodeMirrors":https://redmine.replicant.us/projects/replicant/wiki/UpstrreamSourceCodeMirrors | |
| read access | * git:// -> git daemon
* ssh:// -> ssh daemon
* https:// -> ? (TODO: document the software/configuration) | | |
| web | cgit | "Cgit":https://redmine.replicant.us/projects/replicant/wiki/Cgit | |

h2. Gandi

* See https://en.wikipedia.org/wiki/Gandi for more details

h2. Freenode

h2. GDPR

* For GDPR related inquiries, you can write to the "PrivateContact":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact mail address.

h2. TODO:

* Ask the OSUOSL about backup policies.
* Document public spaces like Freenode IRC channel.
* Do our own backup policies and do some backups ourselves.
* Contact the people that have some control of the resources above and ask for permission to mention them here
* Fill the gaps (mentioned with '?') in this page
* Look what happens when an account is deleted
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
* Move the entries of this TODO list to the tracker when it makes sense

h1. Funding and legal entity

See the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee for more details.

h1. Legal advise

Contact John Sullivan at the FSF.

Note that John Sullivan is not a lawyer but the FSF has lawyers.

h1. Documentation 

The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.