Team:Sysadmin/Meeting 20241210

From WHY2025 wiki
Jump to navigation Jump to search
Sysadmin/Meeting 20241210
Name Team:Sysadmin: Regular Meeting
StartDate 2024/12/10 20:00:00
EndDate 2024/12/10 21:00:00
Where https://meet.hack42.nl/team-sysadmin
Team Sysadmin


Present: Xesxen, Splodin, Lea, Wllm, Kiara, V1s3rion

Excused: Cyberrilla, Boekenwuurm

Absent: BlupBlob, H00913

Agenda:

  • IRC? IRC!
    • #why2025-sysadmin @ OFTC
  • Reminder: tickets for the event are now available! Don't forget to buy yours :)
  • Status update: Account provisioning (Xesxen)
    • Fully onboarded: Splodin, Kiara (afaik)
    • Partially onboarded: Blubblob (missing Zabbix, Authentik)
    • Partially onboarded: Hein-Jan (missing Sunstone, Authentik at least)
    • Needs confirmation / Partially onboarded: lea (missing Sunstone, Gitlab, Authentik, Zammad)
      • Xesxen acidentally deleted Lea's mail.ifcat.org ssh password, this will need to be reset
    • Rest: Missing fully
    • (Off-topic) The mail server needs to be replaced, we probably want to move to NixOS. Lea has expressed an interest in picking this up. Time estimate: between now and when the event starts.
  • Shared credentials / password store (Splodin)
    • Switching to Bitwarden
      • Need to invite more people. Currently Splodin and Xesxen have accounts. The rest still needs to be invited.
      • Set up Vaultwarden SMTP credentials
        • Afterward invite lea, kiara
  • Outstanding support request & incoming mail/pigeons (RFC 1149 compliant)/smoke signals (Everyone)
    • <TODO />, update before the meeting
    • Housekeeping note: Xesxen is switching Zabbix to use roles instead. This gives a better overview of who has which roles.
    • Anything noteworthy that happened last month?
    • Anything we need to keep an eye out for?
      • We were asked about a vulnerability disclosure policy (ticket #42171). We will probably want to write one. Most of the vulnerabilities will be in the upstream, but some might be the result of improper configuration that we should fix.
      • Some users have asked for access to the WireGuard VPN to access the Team:Terrain PostgreSQL database. Xesxen is going to ask for an initial list of every user who will need access, so that we can create the accounts in bulk.
        • VPN accounts are per person, not per team. (As only one connection is allowed per account)
        • Team:Terrain will take care of creating the database users.
  • Resource usage overview (Everyone)
    • Mostly unchanged over the past month.
  • Team:Terrain: Direct PostgreSQL (PostGIS) access (@ Myne) (Ticket 42048) (Xesxen)
    • We can close this ticket. This is working now.
  • Team:T&E: Pretix (@ Lutz) (Ticket 42033, 42053) => tickets.why2025.org (Xesxen)
    • Deployed and Launched
  • Deploy: Grafana/InfluxDB/MQTT/Pretix webhook (Xesxen)
    • Hook up grafana to Authentik
    • Public MQTT like last event
    • Ticket sale stats as soon as sales open up
    • InfluxDB is not yet backed up, as Borgmatic does not support InfluxDB. We'll have to find another solution for this.
  • Team:CTF: DNS & Hosting (Ticket 42052)
    • They want some basic web hosting so they can put up some basic information for visitors. We asked them for some more details but have not received a reply yet. We should send a reminder.
  • Deploy: Authentik (@ Lutz) => auth.why2025.org (Xesxen)
    • Set up and working.
    • Some services will now allow for self-service sign-ups by users.
  • Deploy: The Lounge (@ Myne)
    • Authentik is up for central auth
    • Maybe set up with ZNC as a backend?
    • """Deadline""" end of the year
    • Look to Revspace for inspiration, specifically a whitelist for which server users are allowed to connect to.
      • Draft whitelist: OFTC (WHY2025), Libera.chat (Hackerspaces), Hackint.org (CCC)?
  • Config: Hook up HedgeDoc (@ Myne) to Authentik (Xesxen)
    • Done
  • Config: Hook up Wordpress (@ Myne) to Authentik (Xesxen)
    • Done, behind an allowlist that only allows specific users. Team:Info has edit access to the allowlist.
  • Config: Limit Nextcloud data dir size (@ Myne, BTRFS quota) (Splodin)
    • No progress
  • Sunsetting existing public mails on mailing lists (Xesxen)
    • Done, all mailing lists are now closed to emails from non-members. Non-member emails will be held for approval by the mailing list admin. (@why2025.org addresses are always allowed)
  • Add steps for standard change requests in Zammad (Xesxen)
    • For things like requesting a user account.
    • No time spent on this yet
  • Investigating hooking up Fail2Ban to Traefik (Splodin)
    • No progress
  • Low-Prio: Domain registry
    • Hard requirement: support direct debit
    • Nice to have: delegation of permissions, scoped API tokens
    • Goal: restore before the event
  • Yolocolo => Project
    • Send initial budget sheet
    • Revisit after 1st of January
  • Budget form
    • Get a desk for Team:Sysadmin for during the event, in case of urgent issues.
  • WVTTK (AOB)
  • Next meeting: Jan 14th
  • Meeting close @ 21:19
Retrieved from "https://wiki.why2025.org/index.php?title=Team:Sysadmin/Meeting_20241210&oldid=4801"