Browse Source

Added structuring

pull/1/head
Hamzah 5 months ago
parent
commit
c5dd704792
12 changed files with 230 additions and 14 deletions
  1. +100
    -0
      docs/cheatsheet.md
  2. +4
    -0
      docs/hardware.md
  3. +7
    -13
      docs/index.md
  4. +0
    -0
      docs/monitoring.md
  5. +0
    -0
      docs/network.md
  6. +0
    -0
      docs/postmortems.md
  7. +0
    -0
      docs/procedures.md
  8. +102
    -0
      docs/roadmap.md
  9. +0
    -0
      docs/scripts.md
  10. +0
    -0
      docs/services.md
  11. +0
    -0
      docs/web.md
  12. +17
    -1
      mkdocs.yml

+ 100
- 0
docs/cheatsheet.md View File

@@ -0,0 +1,100 @@
# Cheatsheet

## LDAP
-- Query a user
```
ldapsearch -x uid="USERNAME_HERE"
```

-- Query user as root for more detailed info
```
ldapsearch -D "cn=root,ou=services,o=redbrick" -y /etc/ldap.secret uid=user
```

-- Find all users emails created by `USERNAME`
```
ldapsearch -x createdby="user" uid | awk '/uid:/ {print $2"@redbrick.dcu.ie"}'
```

-- Check if something is backed up on NFS (`/storage/path/to/file`)

All useful LDAP scripts (*edit user quota, reset user password, renew user accounts, etc*) are located in the home directory of `root` on Azazel.

*Log in as `root` on a server with local accounts:*
```bash
ssh localaccount@redbrick.dcu.ie
sudo -i # (same password as localaccount account)
```
___

## Authentication/Passwords

### Onboarding new admins

- Create `root` ssh key for NixOS Machines
Following creation of the key, add to the whitelist in *[nix configs](https://github.com/redbrick/nix-configs/blob/master/services/ssh.nix)*.

```bash
ssh-keygen -t ed25519 # Generate key
cat ~/.ssh/id_ed25519.pub # Verify it's been created
ssh-copy-id -i ~/.ssh/id_ed25519 user@redbrick.dcu.ie # Copy to local account's ssh dir
ssh -i ~/.ssh/mykey user@redbrick.dcu.ie # Verify that this key was copied
```

### Access passwordsafe (pwsafe)

Location of master password vault.

*Note:* `getpw` will prompt you for the Master root password.
```bash
ssh localroot@halfpint
sudo -i # to log in as root with local user password
pwsafe # to list passwords
getpw <name_of_pass> # Grab password by name key | getpw pygmalion
```


___

## SSH to root on a NixOS machine
- From the account you generated your ssh key on (in nix configs) type:
```bash
ssh root@hardcase.internal
```

___

## NixOS

-- Install a temporary program
```bash
nix-shell -p [space seperated package names]
```

-- Run brickbot2 (running on Metharme)
```
cd brickbot2
nix-shell
source venv/bin/activate
python3 main.py config.toml
```

## Minecraft Servers

The Redbrick Minecraft server's are dockerized applications running on *Zeus* on a server-per-container basis, using the tools on this GitHub Repo: https://github.com/itzg/docker-minecraft-server#interacting-with-the-server

Repo is very well documented so have a look at the README but here's the basics:

**NOTE:** *Local Root accounts must be added to the docker group before they can run the docker commands.* `usermod -a -G docker ACCOUNT_NAME`


You can `docker ps | grep minec` to find the docker containers running the servers.

The docker compose files are located in `/etc/docker-compose/services`, Unmodded Vanilla compose for example is in `/etc/docker-compose/services/minecraft_unmodded/`

To see the configuration for the container you can do `docker inspect CONTAINER_NAME_OR_ID`



- Interacting with the Server Console
- https://github.com/itzg/docker-minecraft-server#interacting-with-the-server

+ 4
- 0
docs/hardware.md View File

@@ -0,0 +1,4 @@
# Hardware

Here is a list of current hardware in Redbrick's suite of servers.


+ 7
- 13
docs/index.md View File

@@ -1,17 +1,11 @@
# Welcome to MkDocs
# Home
## Redbrick Technical Documentation

For full documentation visit [mkdocs.org](https://www.mkdocs.org).
The idea of Redbrick documention is to keep an up to date information about the technical infrastructure of Redbrick. This is mostly intended for admins, future admins, webmasters, and everybody else who is grumpy and has no life.

## Commands
The search box actually works... Yeah. Me too.

* `mkdocs new [dir-name]` - Create a new project.
* `mkdocs serve` - Start the live-reloading docs server.
* `mkdocs build` - Build the documentation site.
* `mkdocs -h` - Print help message and exit.
## Quick Links

## Project layout

mkdocs.yml # The configuration file.
docs/
index.md # The documentation homepage.
... # Other markdown pages, images and other files.
- Daily Operations
- [New Admin Cheatsheet](/cheatsheet/)

+ 0
- 0
docs/monitoring.md View File


+ 0
- 0
docs/network.md View File


+ 0
- 0
docs/postmortems.md View File


+ 0
- 0
docs/procedures.md View File


+ 102
- 0
docs/roadmap.md View File

@@ -0,0 +1,102 @@
# Roadmap


## Operating Systems Of Choice:
- NixOS -> Used on Motherlode
- Ubuntu -> Login boxes
- Debian -> Used for all other machines

Why?

- Sensible defaults (/etc/resolve.conf etc.)
- No snap
- Debian is as close to the most popular distribution as possible

## Important (Core) Services

*In order of priority.*

- DNS
- Migrate to **Fred**
- Set up on new server
- Clean up the zone file
- /storage/
- NFS, backups, database (from Icarus) and failover (from Daedalus)
- LDAP (Daedalus, Icarus read-only slave)
- pwsafe (look at changing to hashcorp vault/bitwarden)

___

### -> Login Machines (Ubuntu)
- Azazel
- Pygmalion
- Zeus (Non-login -> Designated Docker Host)

### -> Multipurpose Machines (Debian)
- Halfpint
- Paphos
- Daedalus
- Icarus
- Albus
- Clyde
- Hardcase
- Metharme
- Fred

### -> Designated Nix Machine

**Motherlode.**
Why?
- Clubs and Socs and other services like Mail are quite honestly easiest done using Nix configs (even though it can be disgusting). It is a viable choice to solve a hard problem.

#### Services Using Nix to be moved to Motherlode

- Mailman
- Certs
- Grafana **(X)**
- Httpd (Apache)
- ircd
- LDAP
- Postfix
- zfsquota
- bitlbee
- git
- glusterfs
- libvrt
- Loki **(X)**
- postgres
- prometheus **(X)**
- promtail
- rbbackup
- redis
- squid
- sshnix (ssh keys)
- thelounge **(X)**
- znapsend

### Docs

- Update [fucking.readthedocs.io](fucking.readthedocs.io) to new home, [docs.redbrick.dcu.ie](docs.redbrick.dcu.ie)


## TODO:

In order of priority.

- Update docs
- Material for MkDocs
- Make passwordsafe redundant
- Migrate to BitWarden
- Use Fred as a temporary host while we decide what to make it's permanent host
- Azazel needs to be functional
- Authentication missing local users
- Fred becomes new DNS host
- Remove DNS from Paphos
- Databases moved to Master/Redundancy Machines
- Databases are dependancies for the services to come
- Hardcase and Metharme
- Move all services to remain to Motherlode/Nix
- Remove redundant services (marked X)
- Firewall cleanup
- Assign IP's


+ 0
- 0
docs/scripts.md View File


+ 0
- 0
docs/services.md View File


+ 0
- 0
docs/web.md View File


+ 17
- 1
mkdocs.yml View File

@@ -26,6 +26,7 @@ theme:
toggle:
icon: material/weather-night
name: Switch to light mode

extra:
social:
- icon: fontawesome/brands/github-alt
@@ -38,4 +39,19 @@ extra:
markdown_extensions:
- toc:
permalink: true
- attr_list
- attr_list
- codehilite:
guess_lang: false

nav:
- 'index.md'
- 'cheatsheet.md'
- 'services.md'
- 'hardware.md'
- 'network.md'
- 'web.md'
- 'monitoring.md'
- 'procedures.md'
- 'postmortems.md'
- 'scripts.md'
- 'roadmap.md'

Loading…
Cancel
Save