add usable stuff from bookstack
the rest is sufficiently out of date that keeping the documentation would be actively harmful.
This commit is contained in:
parent
863383a13f
commit
ad7b0aea0f
4 changed files with 200 additions and 0 deletions
23
content/domains.md
Normal file
23
content/domains.md
Normal file
|
@ -0,0 +1,23 @@
|
|||
+++
|
||||
title = "Domains"
|
||||
categories = [ "domains", "meta" ]
|
||||
+++
|
||||
|
||||
|
||||
|
||||
## Domains Managed via Cloudflare
|
||||
- `4future.dev`
|
||||
- `infra4future.de`
|
||||
- `hacc.space`
|
||||
- `hacc.earth`
|
||||
- `hacc.wiki`
|
||||
- `hacc.consulting`
|
||||
- `hacc.media`
|
||||
- `knotenpunkt-alpen.de`
|
||||
|
||||
## Others
|
||||
These domains are somehow associated with us / were also used at some point / were
|
||||
listed in an old wiki:
|
||||
|
||||
- `4futu.re` (owned by octycs)
|
||||
- `mumble.jetzt` (owned by Zauberberg)
|
69
content/hedgedoc.md
Normal file
69
content/hedgedoc.md
Normal file
|
@ -0,0 +1,69 @@
|
|||
+++
|
||||
title = "services/hedgedoc"
|
||||
taxonomies.categories = [ "services" ]
|
||||
+++
|
||||
|
||||
runs on: parsons
|
||||
purpose: writing things down, collaboratively
|
||||
configuration: [nixfile](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/hedgedoc-hacc.nix)
|
||||
login: SSO via keycloak
|
||||
|
||||
### configuration details
|
||||
* hegedoc was once called codiMD, so container, config and users are still called codimd.
|
||||
**Do NOT change this** unless you're activly migrating the service (with container, database and all) to the new name.
|
||||
Everything userfacing is already renamed.
|
||||
* there is a second instance named **pad-i4f** running for embedding into nextcloud.
|
||||
|
||||
# Troubleshooting
|
||||
|
||||
## Basic
|
||||
|
||||
Usually if hedgedoc dies, it's because postgres wasn't ready yet and the translation layer dosen't understand the wait message. Just restart hedgedoc in the container:
|
||||
|
||||
```
|
||||
sudo nixos-container root-login codimd
|
||||
systemctl restart hedgedoc
|
||||
```
|
||||
|
||||
Sometimes restarting nginx fixes the problem. To do so run:
|
||||
```
|
||||
sudo systemctl restart nginx
|
||||
```
|
||||
|
||||
As a last basic step try restarting the container as a whole:
|
||||
```
|
||||
sudo systemctl restart container@codimd
|
||||
```
|
||||
|
||||
### Advanced
|
||||
log into the container and take a look at the logs
|
||||
|
||||
sudo nixos-container root-login codimd
|
||||
journalctl -e
|
||||
|
||||
#### fixing failed database upgrades
|
||||
In some cases, HedgeDoc might apply migrations without correctly saving the progress. In these cases, HedgeDoc will refuse to start with “already exists”-errors like ERROR: type "enum_Notes_permission" already exists.
|
||||
|
||||
Get the name of the failing migration and append .js to it. For example, if you encounter this error
|
||||
|
||||
== 20180306150303-fix-enum: migrating =======
|
||||
|
||||
ERROR: type "enum_Notes_permission" already exists
|
||||
|
||||
the name of the failed migration would be 20180306150303-fix-enum.js.
|
||||
|
||||
The SQL-statement may look like this:
|
||||
|
||||
INSERT INTO "SequelizeMeta" (name) VALUES ('20180306150303-fix-enum.js');
|
||||
|
||||
Make sure HedgeDoc does not run and insert the name into the SequelizeMeta table.
|
||||
Enter the container switch to the postgres user, open psql and commect to the codimd dataase:
|
||||
|
||||
su postgres
|
||||
psql
|
||||
\l
|
||||
\c codimd
|
||||
[ RUN adjusted SQL STAMEMENT from above ]
|
||||
\q
|
||||
|
||||
Start HedgeDoc again and observe if it starts correctly. It may be necessary to repeat this process and insert multiple migrations into the SequelizeMeta table.
|
69
content/mail.md
Normal file
69
content/mail.md
Normal file
|
@ -0,0 +1,69 @@
|
|||
+++
|
||||
title = "services/mail"
|
||||
taxonomies.categories = [ "services" ]
|
||||
+++
|
||||
|
||||
- runs on: parsons
|
||||
- purpose: sending mails
|
||||
- maintainer: ?
|
||||
- configuration: [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix)
|
||||
- login: passwords defined in nixfile
|
||||
|
||||
## adding a mail account
|
||||
* We use `@hacc.space` for our mails
|
||||
* `@infra4future.de` is reserved for services, old user accounts will be forwarded & logins disabled
|
||||
* choose a name (no aliases or other names can be the same)
|
||||
* generate a sha-512 password hash ```mkpasswd -m sha-512``` - **never add an unhashed password!**
|
||||
* add your accunt to ```loginAccounts =``` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L16)
|
||||
* build and redeploy parsons
|
||||
|
||||
**example:**
|
||||
```
|
||||
zwoelfontheshelf@hacc.space" = {
|
||||
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUEdxrxdtgvzuGOkBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||
};
|
||||
```
|
||||
|
||||
## adding to a forward adress
|
||||
* add the mail address to the coresponding `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
|
||||
* build and redeploy parsons
|
||||
|
||||
## adding a forward adress
|
||||
* add the address to `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
|
||||
* add the addresses it should forward to
|
||||
* build and redeploy parsons
|
||||
|
||||
**example:**
|
||||
```
|
||||
"himmel@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
];
|
||||
```
|
||||
|
||||
## sending & reciveing mail
|
||||
|
||||
### as a user
|
||||
* Your mail client should auto configure correctly
|
||||
|
||||
```
|
||||
mailserver: mail.hacc.space (everywhere)
|
||||
username: $your_mail_address
|
||||
sending via smtp: port 587 or 465
|
||||
recieving
|
||||
imap: port 993
|
||||
TLS and STARTTLS are supported
|
||||
```
|
||||
|
||||
* You can send mail as you and any alias you recieve mail from. Set a second Identity in your e-mail client
|
||||
|
||||
### as an application
|
||||
* If your application needs to recieve mail, please talk to a maintainer first.
|
||||
* mailserver: `mail.hacc.space`
|
||||
* Do **not** use port 25. It's for server to server communication only.
|
||||
* Use smtp ports `587` or `465`
|
||||
* enable TLS if possible
|
||||
* only send mail from `noreply@infra4future.de`
|
||||
* Password is in vaultwarden (TODO?)
|
||||
|
39
content/mumble.md
Normal file
39
content/mumble.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
+++
|
||||
title = "services/mumble"
|
||||
taxonomies.categories = [ "mumble" ]
|
||||
+++
|
||||
|
||||
|
||||
## info
|
||||
|
||||
runs on: parsons
|
||||
|
||||
purpose: voice communication
|
||||
|
||||
- [config file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/murmur.nix)
|
||||
- [offical Docmuentation](https://wiki.mumble.info/wiki/Main_Page)
|
||||
|
||||
The mumble server is called murmur, but the naming is inconsistent with mumble server.
|
||||
|
||||
## registration
|
||||
Users need to be registerd to join any other channel than public.
|
||||
An already registerd user has to register them with the server.
|
||||
1. right click on the username
|
||||
2. choose register in the menu. Done.
|
||||
|
||||
## resticted channels
|
||||
Every channel in the hacc category exept for plenum can only be accessed by members of the hacc group.
|
||||
|
||||
## adding users to a group
|
||||
Only admins can edit groups, and only registered users can be added to groups.
|
||||
1. right click on the Root channel
|
||||
2. select Edit...
|
||||
2. In Groups select $groupname
|
||||
3. make the change you want to make
|
||||
4. click "OK"
|
||||
|
||||
## configuration details
|
||||
|
||||
* the server is not registerd with mumble → not on the public server list
|
||||
* the bitrate is set to 128kb/s; otherwise the client would complainy that the server bitrate is less then the configured (default) in its local settings
|
||||
* the mumble server needs special permissions on its SSL Files. The after acme hook ***should*** fix this, but it was never observed to be working (nor not working for that matter, but look here first, if there's any error with the certifcates)
|
Reference in a new issue