Network Infrastructure¶

What	Where	Access type	Who	comments
Redmine instance	OSUOSL	Redmine administrator	Only the following people have access to it: * Paul Kocialkowski * Wolfgang Wiedmeyer * GNUtoo * Joonas Kylmälä * Fil-Bergamo * dl lud * Grim Kriegor * OSUOSL system administrators	We are running version 4.0.4 and it was updated on August 15, 2019. Since we only have one project, OSUOSL put in a redirect from the main page of our redmine instance to /project/replicant OSUOSL keeps 2 weeks worth of backups for restoration purposes.
Mailing list		Mailing list administrator	Several Replicant contributors including: * Paul Kocialkowski * GNUtoo * Kurtis Hanna * dl lud * Add your name here if you have access and want to be mentioned	OSUOSL keeps 2 weeks worth of backups for restoration purposes.
Wordpress instance		Wordpress administator	Several Replicant contributors including: * Paul Kocialkowski * GNUtoo * Add your name here if you have access and want to be mentioned	This instance is auto-updated automatically with the help of a plugin.
Releases		SSH	Only the following people have access to it: * Paul Kocialkowski * Wolfgang Wiedmeyer * GNUtoo * Joonas Kylmälä	We should not use too much space
The replicant.us (mostly-static) front website		None: There is an automatic hook managed by OSUOSL		* Source code * Patches are to be sent to the Replicant mailing list * There is a jenkins hook with a token to pull and deploy the website source code
A virtual machine hosted by the FSF that handles: * Replicant Source code	FSF	SSH root access	Only the following people or machines have access to it * Paul Kocialkowski * Joonas Kylmälä * GNUtoo * Several FSF system administrators * FSF backup server * FSF ansible deployment server	Resources kindly offered by the FSF The git configuration has some documentation Before handling SSH (root) access to this machine: * Make sure that the person really needs it * Make sure that the person already contributed to Replicant * Ask one other person that has SSH access and/or the SteeringCommittee to also agree on it
Private contact address	on the virtual machine hosted at the FSF	SSH root access	The contact address is accessible by several Replicant contributors: * GNUtoo * Joonas Kylmälä * David "dllud" Ludovino * Ricardo "Grim" Cabrita * Kurtis Hanna * Fil Bergamo	You can write to the contact address (all the members SteeringCommittee receive it) if for some reasons you need to receive it as well.
IRC channel	Freenode	Channel operator(s)	Several Replicant contributors including: * GNUtoo * Paul Kocialkowski * Kurtis Hanna * Add your name here if you have access and want to be mentioned	`MODE #Replicant +qe $~a !@gateway/web/` and `MODE #Replicant +qe $~a !@gateway/shell/matrix.org/` have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak
The replicant.us domain name	gandi.net	* Web inteface through gandi website * The DNS entries are configured to use gandi's DNS server	The following people or machines have access to it: * Bradley Kuhn (administrative contact): Can do everything (including designating the technical contact or transferring the domain) * GNUtoo (technical contact): can do DNS zone changes * Other people? Paul Kocialkowski?
The replicant.us TLS certificate	Let's Encrypt	Access probably by controlling the respective domain name	* https://www.replicant.us: OSUOSL * https://blog.replicant.us: OSUOSL * https://redmine.replicant.us: OSUOSL * https://git.replicant.us: ?	History: CA-cert -> GlobalSign -> LetsEncrypt

OSUOSL¶

The OSUOSL is the Oregon State University Open Source Lab.

Contact:

They can be contacted on #osuosl on the Freenode IRC network
They also have a 'support' mail address at osuosl.org

Virtual machine in FSF's infrastructure¶

The virtual machine is hosted in a server that is in their office or in a datacenter.
Several FSF network administrator also have access to the virtual machine

Contact:

The 'sysadmin' mail address at gnu.org
The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

Virtual machine specifications¶

The virtual machine runs on top of Xen and has:

About 3G of RAM
1 virtual core
a 10G rootfs partition
a 100G storage partition for Replicant git repositories
One IPv4 and one IPv6

Software:

Trisquel 8.0
The virtual machine may be using FAI and cfengine but it would need more investigation on that.
The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).

Virtual machine backup policies¶

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:

/dev
/proc
/tmp
/sys
/run
/mnt
/mnt0
/mnt1
/mnt2
/mnt3
/mnt4
/mnt5
/mnt6
/mnt7
/mnt8
/mnt9
/floppy/
/cdrom/
/media/
/net/
/var/spool/squid/
/var/spool/squid3/
/var/spool/squid3_bak/
/var/spool/squid-tbd/
/var/spool/squid*/
/var/spool/django/
/var/spool/exim/
/var/cache/
/srv/chroot/
/t
/srv/to-tape
/var/lib/ceph/osd/
/var/lib/apt/lists/
/var/cache/apt/

git hosting infrastructure on this machine¶

The source code is in /srv/git/git-data/repositories and is divided in several groups:

Replicant source code
LineageOS mirror
AOSP mirror
Various developers repositories

function	software	documentation
authorization	gitolite	UpstrreamSourceCodeMirrors
read access	* git:// -> git daemon * ssh:// -> ssh daemon * https:// -> ? (TODO: document the software/configuration)
web	cgit	Cgit

Gandi¶

See https://en.wikipedia.org/wiki/Gandi for more details

Freenode¶

GDPR¶

For GDPR related inquiries, you can write to the PrivateContact mail address.

TODO:¶

Ask the OSUOSL about backup policies.
Document public spaces like Freenode IRC channel.
Do our own backup policies and do some backups ourselves.
Contact the people that have some control of the resources above and ask for permission to mention them here
Fill the gaps (mentioned with '?') in this page
Look what happens when an account is deleted
Fix the related issues in the tracker
Move the entries of this TODO list to the tracker when it makes sense

Funding and legal entity¶

See the SteeringCommittee for more details.

Legal advise¶

Contact John Sullivan at the FSF.

Note that John Sullivan is not a lawyer but the FSF has lawyers.

Documentation¶

The replicant-infrastructure redmine project has a wiki with more documentation in it.