diff --git a/docs/aperture/about.md b/docs/aperture/about.md index 84427a08..aa999e76 100644 --- a/docs/aperture/about.md +++ b/docs/aperture/about.md @@ -42,7 +42,7 @@ The IP address range for the [`aperture`](index.md) subnet is `10.10.0.0/24`, wi `nexus` is the name of the KVM switch. It's internal IP address is `10.10.0.10`. -[`glados`](../hosts/glados.md) is connected on port 1, [`wheatley`](../hosts/wheatley.md) on port 2, and [`chell`](../hosts/chell.md) on port 3. +[`glados`](../hosts/aperture/glados.md) is connected on port 1, [`wheatley`](../hosts/aperture/wheatley.md) on port 2, and [`chell`](../hosts/aperture/chell.md) on port 3. !!! note **Yellow** cables are used for **KVM network**. diff --git a/docs/aperture/consul.md b/docs/aperture/consul.md new file mode 100644 index 00000000..054723eb --- /dev/null +++ b/docs/aperture/consul.md @@ -0,0 +1 @@ +# Consul diff --git a/docs/hosts/aperture/johnson.md b/docs/hosts/aperture/johnson.md index 4956123f..0335e1c5 100644 --- a/docs/hosts/aperture/johnson.md +++ b/docs/hosts/aperture/johnson.md @@ -2,6 +2,7 @@ ## Details Formerly `albus` (in a different life) + - **Type**: Dell PowerEdge R515 - **OS**: NixOS - **CPU**: 2 x Opteron 4334 6 core @ 3.2GHz @@ -11,7 +12,11 @@ Formerly `albus` (in a different life) - **Drives**: Internal SATA DVD±RW - **Network**: 4x Onboard Ethernet, 802.3ad bonding - **iDRAC NIC**: Shared on port 1 + +Part of [aperture](../../aperture/index.md) + ## Where to find - `10.10.0.7` - 2nd NIC is currently unused, would be a good idea to make a bond for more throughput and redundancy on the same ip ## Services +- `NFS` for [aperture](../../aperture/index.md) \ No newline at end of file diff --git a/docs/hosts/index.md b/docs/hosts/index.md index e86e2eda..0079fa95 100644 --- a/docs/hosts/index.md +++ b/docs/hosts/index.md @@ -1,6 +1,6 @@ # Hosts -## Login Boxes +## [Login](../services/servers.md#Logging%20in) Boxes - [**azazel**](azazel.md) - [**pygmalion**](pygmalion.md) diff --git a/docs/hosts/nix/icarus.md b/docs/hosts/nix/icarus.md index e260b87a..95e98a87 100644 --- a/docs/hosts/nix/icarus.md +++ b/docs/hosts/nix/icarus.md @@ -18,5 +18,5 @@ However, Daedalus is now ***Dead***alus and Icarus lives on *for now* albeit a l ## Services - LDAP -- NFS, (a.k.a `/storage`) from Icarus +- [NFS](../../services/nfs.md), (a.k.a `/storage`) - GlusterFS, eventually, or some other distributed storage to replace NFS \ No newline at end of file diff --git a/docs/hosts/paphos.md b/docs/hosts/paphos.md index 65fc237a..ad473239 100644 --- a/docs/hosts/paphos.md +++ b/docs/hosts/paphos.md @@ -11,6 +11,7 @@ ## Where to find: - External: - `136.206.15.53` + - `136.206.15.26` - `ns1.redbrick.dcu.ie` - Internal: - *hmm, good question* diff --git a/docs/procedures/policies.md b/docs/procedures/policies.md index 59fec894..f34c6232 100644 --- a/docs/procedures/policies.md +++ b/docs/procedures/policies.md @@ -65,14 +65,13 @@ Couple of things to look out for: ## Admin Account Responsibilities -As an adminisitrator, your new local account has extra priviliges (namely being -in the root group). For this reason, you should not run _any_ untrusted or +As an administrator, your new local account has extra privileges *(namely being in the root group)*. + +For this reason, you should not run _any_ untrusted or unknown programs or scripts. If you must, and source code is available you -should check it before running it. Compile your own versions of other user's -programs you use regularly. It is far too easy for other users to trojan your -account in this manner and get root. +should check it before running it. Compile your own versions of other user's programs you use regularly. It is far too easy for other users to trojan your account in this manner and get root. Do not use passwordless ssh keys on any of your accounts. When using an untrusted workstation (i.e. just about any PC in DCU!) always check for diff --git a/docs/services/api.md b/docs/services/api.md index 96b916e1..57a7bb08 100644 --- a/docs/services/api.md +++ b/docs/services/api.md @@ -75,7 +75,7 @@ For example inside the `ldap-register.sh` script used by the `/register` endpoin *How do we fix this?* -Instead of relying on using users/group names for the chown command, it is advisable to instead use their unique id's. +Instead of relying on using users/group names for the `chown` command, it is advisable to instead use their unique id's. ```bash # For example, the following commands are equivalent. diff --git a/docs/services/bind.md b/docs/services/bind.md index d65e8a81..55c6fc5c 100644 --- a/docs/services/bind.md +++ b/docs/services/bind.md @@ -7,11 +7,8 @@ Bind9 is our DNS provider. Currently it runs on [paphos](../hosts/paphos.md), bu The config files for bind are located in `/etc/bind/master/`. The most important file in this directory is the `db.Redbrick.dcu.ie` file. -{== - -You must never update this file without following the steps below first! - -==} +!!! note +> You must never update this file without following the steps below first! ## Updating DNS diff --git a/docs/services/cheatsheet.md b/docs/services/cheatsheet.md index a4dffd06..9074d238 100644 --- a/docs/services/cheatsheet.md +++ b/docs/services/cheatsheet.md @@ -31,7 +31,7 @@ ___ ### Onboarding new admins -- Create `root` ssh key for NixOS Machines +- Create `root` ssh key for [NixOS](../procedures/nixos.md) Machines Following creation of the key, add to the whitelist in *[nix configs](https://github.com/redbrick/nix-configs/blob/master/services/ssh.nix)*. ```bash @@ -56,7 +56,7 @@ getpw # Grab password by name key | getpw pygmalion ___ -## SSH to root on a NixOS machine +## SSH to root on a [NixOS](../procedures/nixos.md) machine - From the account you generated your ssh key on (in nix configs) type: ```bash ssh root@hardcase.internal @@ -83,7 +83,7 @@ Brickbot runs in `tmux a -t 0` and can be restarted by pressing ctrl+c and runni ## Minecraft Servers -The Redbrick Minecraft server's are dockerized applications running on *Zeus* on a server-per-container basis, using the tools on this GitHub Repo: https://github.com/itzg/docker-minecraft-server#interacting-with-the-server +The Redbrick Minecraft server's are dockerized applications running on [`zeus`](../hosts/zeus.md) on a server-per-container basis, using the tools on this GitHub Repo: https://github.com/itzg/docker-minecraft-server#interacting-with-the-server Repo is very well documented so have a look at the README but here's the basics: diff --git a/docs/services/codimd.md b/docs/services/codimd.md index d913a47d..38bcee82 100644 --- a/docs/services/codimd.md +++ b/docs/services/codimd.md @@ -1,11 +1,11 @@ # CodiMD - `distro` -CodiMD lives on Zeus as a docker container. It is accessible through [md.redbrick.dcu.ie](https://md.redbrick.dcu.ie). +CodiMD lives on [`zeus`](../hosts/zeus.md) as a docker container. It is accessible through [md.redbrick.dcu.ie](https://md.redbrick.dcu.ie). CodiMD is built locally and is based on [codimd](https://github.com/hackmdio/CodiMD), the docs for which are [here](https://hackmd.io/c/codimd-documentation/%2Fs%2Fcodimd-docker-deployment). -Hackmd auths against ldap and its configuration is controlled from docker-compose. Go to -`/etc/docker-compose/services/hackmd` on zeus to find the configuration. +Hackmd auths against LDAP and its configuration is controlled from docker-compose. Go to +`/etc/docker-compose/services/hackmd` on [zeus](../hosts/zeus.md) to find the configuration. -See [CodiMD github](https://github.com/hackmdio/hackmd/#environment-variables-will-overwrite-other-server-configs) for -more info on configuration. The important points are disabling anonymus users and the ldap settings. +See [CodiMD github](https://github.com/hackmdio/hackmd/#environment-variables-will-overwrite-other-server-configs) for more info on configuration. +The important points are disabling anonymous users and the LDAP settings. diff --git a/docs/services/exposed.md b/docs/services/exposed.md index d713937f..fe82a82f 100644 --- a/docs/services/exposed.md +++ b/docs/services/exposed.md @@ -3,7 +3,7 @@ Firstly, it's important to mention that Redbrick is currently split in 2 parts: - Redbrick 2.0 *a.k.a. "old redbrick"* (on `136.206.15.0/24`) -- Aperture *a.k.a. "new redbrick"* (on `136.206.16.0/24`) +- [Aperture](../aperture/index.md) *a.k.a. "new redbrick"* (on `136.206.16.0/24`) ## Old Redbrick - [**azazel**](../hosts/azazel.md) - `136.206.15.24` diff --git a/docs/services/gitea.md b/docs/services/gitea.md index 4b824890..76c6c07f 100644 --- a/docs/services/gitea.md +++ b/docs/services/gitea.md @@ -8,7 +8,7 @@ Redbrick uses [Gitea](https://gitea.io/en-US/) as an open source git host. ## Deployment -Gitea and its database are deployed to Hardcase which runs NixOS +Gitea and its database are deployed to [Hardcase](../hosts/nix/hardcase.md) which runs [NixOS](../procedures/nixos.md) - The actual repositories are stored in `/zroot/git` and most other data is stored in `/var/lib/gitea` - The `SECRET_KEY` and `INTERNAL_TOKEN_URI` are stored in `/var/secrets`. They are not automatically created and must be diff --git a/docs/services/index.md b/docs/services/index.md index 557d7e7d..a8698fec 100644 --- a/docs/services/index.md +++ b/docs/services/index.md @@ -3,6 +3,14 @@ Here you will find a list of all the services Redbrick runs, along with some configs and some important information surrounding them. +- [api](api.md) +- [bind](bind.md) +- [codimd](codimd.md) +- [gitea](gitea.md) +- [irc](irc.md) +- [nfs](nfs.md) +- [traefik](traefik.md) +- [znapzend](znapzend.md) ## Adding More Services In order to add a new service, you will need to edit the [docs](https://github.com/redbrick/docs) repository. diff --git a/docs/services/nfs.md b/docs/services/nfs.md index 9ef12245..c8e1ac6e 100644 --- a/docs/services/nfs.md +++ b/docs/services/nfs.md @@ -5,7 +5,7 @@ NFS is used to serve the notorious `/storage` directory on Icarus to all of Redb ## Deployment -- NFS is deployed with Nix on Icarus +- NFS is deployed with Nix on [Icarus](../hosts/nix/icarus.md) - It is backed onto the PowerVault MD1200 with all its disk passed through single-drive RAID 0s toallow for setup of ZFS: - 1 mirror of 2x 500GB drives - 1 mirror of 2x 750GB drives @@ -21,7 +21,7 @@ On each machine where `/storage` is where NFS is mounted, but `/home` and `/webt There are 2 scripts used to control quotas, detailed below. -NFS is backed up to Albus via [ZnapZend](/services/znapsend.md). +NFS is backed up to Albus via [ZnapZend](znapzend.md). ## `zfsquota` and `zfsquotaquery` @@ -35,7 +35,7 @@ driven - it runs on a timer every 3 hours and syncs all LDAP quotas with ZFS. It described below. Users with no quota in LDAP will have no quota in `/storage`, and users who have their quota removed will persist on ZFS. -Changing user names has no impact on this since it is synced with uidNumber. +Changing user names has no impact on this since it is synced with `uidNumber`. ### zfsquotaquery diff --git a/docs/services/roadmap.md b/docs/services/roadmap.md index 95afb330..51011e0b 100644 --- a/docs/services/roadmap.md +++ b/docs/services/roadmap.md @@ -79,7 +79,7 @@ Why? ## Docs -- Update [fucking.readthedocs.io](fucking.readthedocs.io) to new home, [docs.redbrick.dcu.ie](docs.redbrick.dcu.ie) +- Update [fucking.readthedocs.io](https://fucking.readthedocs.io) to new home, [docs.redbrick.dcu.ie](https://docs.redbrick.dcu.ie) ## TODO diff --git a/docs/services/servers.md b/docs/services/servers.md index 31b46a1c..17c591f9 100644 --- a/docs/services/servers.md +++ b/docs/services/servers.md @@ -27,20 +27,20 @@ If you are an unbothered king/queen that simply does not mind using a web interf ##### Logging in to other servers -Your home directory is synced (i.e the same) on all public Redbrick servers. Thus the `authorized_keys` file will be the same on Azazel as it is on Pygmalion, meaning you can log in to `pyg.redbrick.dcu.ie` too, and so on. +Your home directory is synced (i.e the same) on all public Redbrick servers. Thus the `authorized_keys` file will be the same on [Azazel](../hosts/azazel.md) as it is on [Pygmalion](../hosts/pygmalion.md), meaning you can log in to `pyg.redbrick.dcu.ie` too, and so on. ## Setting up an SSH Key Generating an SSH key pair creates two long strings of characters: a public and a private key. You can place the public key on any server, and then connect to the server using an SSH client that has access to the private key. -When these keys match up, and your account password is also correct, you are granted authorization to log in. +When these keys match up, and your account password is also correct, you are granted authorisation to log in. ### 1. Creating the Key Pair On your local computer, in the command line of your choice, enter the following command: ```bash -$ ssh-keygen -t ed25519 +ssh-keygen -t ed25519 ``` Expected Output ``` @@ -73,11 +73,11 @@ This key is saved under .ssh under your User directory. (i.e `C:\Users\Bob\.ssh\ In this step we store our **public** key on the server we intend to log in to. This key will be used against our secret private key to authenticate our login. -For the purposes of this tutorial we will be using Pygmalion (`pyg.redbrick.dcu.ie`) as our server. +For the purposes of this tutorial we will be using [Pygmalion](../hosts/pygmalion.md) (`pyg.redbrick.dcu.ie`) as our server. #### Logging in to Wetty -In order to access the server to actually place our keys in it, we need to log in via Wetty - a shell interface for Pygmalion on the web. +In order to access the server to actually place our keys in it, we need to log in via Wetty - a shell interface for [Pygmalion](../hosts/pygmalion.md) on the web. - Head to wetty.redbrick.dcu.ie. @@ -87,18 +87,18 @@ In order to access the server to actually place our keys in it, we need to log i ``` Enter your Redbrick username and press ENTER. When prompted, enter your Redbrick password. [*Forgot either of these?*](#forgot-your-password) -#### Adding the key into the authorized_keys file +#### Adding the key into the `authorized_keys` file - Add the key Grab the contents of your public key. You may use the `cat filepath` command for this: ```bash - $ cat /home/bob/.ssh/id_ed25519.pub + cat /home/bob/.ssh/id_ed25519.pub ``` On Wetty, enter the following command in the shell, with `YOUR_KEY` replaced with your **public** ssh key. - ``` + ```bash echo "YOUR_KEY" >> ~/.ssh/authorized_keys ``` This command will append your public key to the end of the `authorized_keys` file. @@ -117,6 +117,4 @@ Congratulations! If you've made it this far, [you're ready to login](#logging-in ## Forgot your password? -Contact an admin on our [Discord Server](https://discord.gg/3D8kTX9auY) or at [elected-admins@redbrick.dcu.ie](mailto:elected-admins@redbrick.dcu.ie) - -
\ No newline at end of file +[Contact an admin](../contact.md) on our [Discord Server](https://discord.gg/3D8kTX9auY) or at [elected-admins@redbrick.dcu.ie](mailto:elected-admins@redbrick.dcu.ie) diff --git a/docs/services/traefik.md b/docs/services/traefik.md index e69de29b..8cc0b721 100644 --- a/docs/services/traefik.md +++ b/docs/services/traefik.md @@ -0,0 +1 @@ +# Traefik