Team:Sysadmin/Meeting 20241008

From WHY2025 wiki
Jump to navigation Jump to search
Sysadmin/Meeting 20241008
Name Team:Sysadmin: Regular Meeting
StartDate 2024/10/08 20:00:00
EndDate 2024/10/08 21:00:00
Where https://meet.hack42.nl/team-sysadmin
Team Sysadmin


Present: Xesxen, Splodin, Boekenwuurm, H00913 (@ end)

Agenda:

  • IRC? IRC!
    • #why2025-sysadmin @ OFTC
  • Status update: Account provisioning
    • Fully onboarded: Splodin
    • Partially onboarded: Blubblob (missing Zabbix)
    • Partially onboarded: Hein-Jan (missing Sunstone at least)
    • Needs confirmation / Partially onboarded: lea (missing Sunstone, Gitlab)
    • Rest: Missing fully
  • Zabbix: Don't forget to set up notifications
  • Shared credentials / password store
    • Switching to Bitwarden
  • MFA usage / MFA obligation for admins
  • Outstanding support request & incoming mail/pigeons (RFC 1149 compliant)/smoke signals
    • Anything noteworthy that happened last month?
    • Anything we need to keep an eye out for?
    • Please help to work through the queue together!
    • ~Half of the pending tickets (21) had a response last month. Needs major improvement
      • Triage session @ Hackalot w/ Xesxen+Splodin ~next week
  • Resource usage
    • DC resource allocation
    • Status of Sunsetting hypothermia.ifcat.org: Done
    • Status of Sunsetting support.mch2021.org: Done
  • Team:Terrain: Direct PostgreSQL (PostGIS) access (@ Myne) (Ticket 42048)
    • Wireguard VPN @ Myne(?) or separate box.
    • Needs to be finished this month
    • High prio
  • Team:T&E: Pretix (@ Lutz) (Ticket 42033, 42053) => tickets.why2025.org
    • Accounts can be set up if wanted, but the store cannot be set to public
    • Set up backups via Borg
    • Needs to be fully functional before 1 December
  • Team:CTF: DNS & Hosting (Ticket 42052)
    • Reject placeholder domain request. We'll withhold the ctf subdomain for Team:CTF's usage.
  • Deploy: Authentik (@ Lutz) => auth.why2025.org
    • Deployed
    • Pending sysadmin admin account provisioning
    • Pending configuration
    • Xesxen will provision accounts tonight
  • Deploy: Watchtower (opt*in labels on containers, for Project:Website at least) (@ Myne)
    • Deployed & Done. ifcat.org & why2025.org are now automatically updated.
  • Deploy: The Lounge (@ Myne)
    • Authentik is up for central auth
    • Maybe set up with ZNC as a backend?
    • Deadline end of the year
  • Config: Hook up HedgeDoc (@ Myne) to Authentik
    • No progress, needs Authentik to be configured
  • Config: Hook up Wordpress (@ Myne) to Authentik
    • No progress, needs Authentik to be configured
    • Xesxen will investigate further
  • Config: Limit Nextcloud data dir size (@ Myne, BTRFS quota)
    • Next week @ Hackalot
  • DONE: Monitoring: Disallow public mails on mailing lists (enforce: generic_nonmember_action != 0)
  • Low-Prio: Domain registry
    • Registrar suggestions?
  • Low-Prio: Restore old sites
    • Pushed to next month
  • Yolocolo => Project
    • Send inital budget sheet
    • Revisit after 1st of January
  • Budget form
  • WVTTK (AOB)
    • Splodin: Investigating hooking up Fail2Ban to Traefik
    • Xesxen: Add lead team member name for each topic next time
    • Splodin: Looking into Authentik
    • Xesxen: Add steps for standard change requests in Zammad
    • H00913: Hopes to get a reply back for 1Pass by the end of the week, otherwise we'll fall back to alternatives

Done @ 20:51

Retrieved from "https://wiki.why2025.org/index.php?title=Team:Sysadmin/Meeting_20241008&oldid=3722"