Replicant » Replicant infrastructure

h1. Network Infrastructure

|_. What |_. Where |_. Access type | Who | Comments |

| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]

* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* [[replicant::People#Fil-Bergamo|Fil Bergamo]]

* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]

* [[replicant::People#David-Ludovino|David Ludovino]]

* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant

OSUOSL keeps 2 weeks worth of backups for restoration purposes. |

| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * [[replicant::People#David-Ludovino|David Ludovino]]

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]

* [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]

* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]

* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |

| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]

* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* [[replicant::People#Fil-Bergamo|Fil Bergamo]]

* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]

* [[replicant::People#David-Ludovino|David Ludovino]]

* OSUOSL system administrators

* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |

| "Secondary mirror of releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * -[[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]-

* -[[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]-

* -Bradley Khun-

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* OSUOSL system administrators | We should not use too much space. |

| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/

* Patches should be sent to the Replicant mailing list.

* There is a jenkins hook with a token to pull and deploy the website source code. |

| "Replicant Source code":https://git.replicant.us/ and "Replicant releases":https://download.replicant.us |/2. Virtual machine at FSF | SSH root access | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* Several FSF system administrators

* FSF backup server

* FSF Ansible deployment server | Resources kindly offered by the FSF.

The git configuration has [[replicant::ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]] .

Before handling SSH (root) access to this machine:

* Make sure that the person really needs it.

* Make sure that the person already contributed to Replicant.

* Ask one other person that has SSH access and/or the [[replicant::SteeringCommittee|SteeringCommittee]] to also agree on it. |

| [[replicant::PrivateContact|Private contact address]] | IMAP access | * [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* [[replicant::People#Fil-Bergamo|Fil Bergamo]]

* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]

* [[replicant::People#David-Ludovino|David Ludovino]]

* @GrimKriegor | You can write to the contact address (all the members of [[replicant::SteeringCommittee|SteeringCommittee]] receive it) if for some reasons you need to receive it as well. |

|/4. #replicant IRC channels

(all "bridged":https://git.replicant.us/infrastructure/matterbridge/)

| Libera.Chat | Channel operator | * [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]] |  |

| OFTC | Channel operator | * [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]

* @JeremyRand | Bridged to Matrix. Access via @#_oftc_#replicant:matrix.org@ |

| HackInt | Channel operator |  |  |

| -Freenode- | Channel operator | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]

* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]

* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]] | Deprecated in favour of Libera.Chat

Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |

| The replicant.us domain name | gandi.net | * Web inteface through gandi website

* The DNS entries are configured to use gandi's DNS server | * [[replicant::People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]] : Can do everything (including designating the technical contact or transferring the domain) 

* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]] : can do DNS zone changes

* Other people? [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]] ? | |

| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL

* https://blog.replicant.us: OSUOSL

* https://redmine.replicant.us: OSUOSL

* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |

| "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account

* The [[replicant::PrivateContact|Private contact address]] address was used as the mail  | See the [[Mastodon]] page for more details |

h2. OSUOSL

The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.

Contact:

* They can be contacted on #osuosl on the Freenode IRC network

* They also have a 'support' mail address at osuosl.org

h2. Virtual machine in FSF's infrastructure

* The virtual machine is hosted in a server that is in their office or in a datacenter.

* Several FSF network administrator also have access to the virtual machine

Contact:

* The 'sysadmin' mail address at gnu.org

* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

h3. Virtual machine specifications

See [[VMSpecifications]] for the VM specifications.

h3. Virtual machine backup policies

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:

<pre>

/dev

/proc

/tmp

/sys

/run

/mnt

/mnt0

/mnt1

/mnt2

/mnt3

/mnt4

/mnt5

/mnt6

/mnt7

/mnt8

/mnt9

/floppy/

/cdrom/

/media/

/net/

/var/spool/squid/

/var/spool/squid3/

/var/spool/squid3_bak/

/var/spool/squid-tbd/

/var/spool/squid*/

/var/spool/django/

/var/spool/exim/

/var/cache/

/srv/chroot/

/t

/srv/to-tape

/var/lib/ceph/osd/

/var/lib/apt/lists/

/var/cache/apt/

</pre>

h3. git hosting infrastructure on this machine

The source code is in /srv/git/git-data/repositories and is divided in several groups:

** Replicant source code

** LineageOS mirror

** AOSP mirror

** Various developers repositories

|_. function |_. software |_. documentation |_. comments |

| authorization | gitolite | [[replicant::UpstrreamSourceCodeMirrors|UpstrreamSourceCodeMirrors]] | |

| read access | * git:// -> git daemon

* ssh:// -> ssh daemon

* https:// -> ? (TODO: document the software/configuration) | | |

| web | cgit | [[replicant::Cgit|Cgit]] | |

h2. Gandi

* See https://en.wikipedia.org/wiki/Gandi for more details

h2. GDPR

* For GDPR related inquiries, you can write to the [[replicant::PrivateContact|PrivateContact]] mail address.

h2. TODO:

* -Ask the OSUOSL about backup policies.- The OSUOSL will do backup of the FTP for us.

* Do our own backup policies and do some backups ourselves.

* Contact the people that have some control of the resources above and ask for permission to mention them here

* Fill the gaps (mentioned with '?') in this page

* Look what happens when an account is deleted

* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=

* Move the entries of this TODO list to the tracker when it makes sense

h1. Funding and legal entity

See the [[replicant::SteeringCommittee|SteeringCommittee]] for more details.

h1. Legal advise

Contact Zoë Kooyman at the FSF.

Note that Zoë Kooyman is not a lawyer but the FSF has lawyers.

h1. Documentation

The project:replicant-infrastructure project has a [[Wiki]] with more documentation in it.