add usable stuff from bookstack

the rest is sufficiently out of date that keeping the documentation would be actively harmful.
2022-01-06 00:25:37 +01:00 · 2022-01-06 00:25:37 +01:00 · ad7b0aea0f
commit ad7b0aea0f
parent 863383a13f
4 changed files with 200 additions and 0 deletions
--- a/content/domains.md
+++ b/content/domains.md
@ -0,0 +1,23 @@
+++
+title = "Domains"
+categories = [ "domains", "meta" ]
+++
+
+
+
+## Domains Managed via Cloudflare
+ - `4future.dev`
+ - `infra4future.de`
+ - `hacc.space`
+ - `hacc.earth`
+ - `hacc.wiki`
+ - `hacc.consulting`
+ - `hacc.media`
+ - `knotenpunkt-alpen.de`
+ 
+## Others
+These domains are somehow associated with us / were also used at some point / were
+listed in an old wiki:
+
+ - `4futu.re` (owned by octycs)
+ - `mumble.jetzt` (owned by Zauberberg)
--- a/content/hedgedoc.md
+++ b/content/hedgedoc.md
@ -0,0 +1,69 @@
+++
+title = "services/hedgedoc"
+taxonomies.categories = [ "services" ]
+++
+
+runs on: parsons
+purpose: writing things down, collaboratively
+configuration: [nixfile](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/hedgedoc-hacc.nix)
+login: SSO via keycloak
+
+### configuration details
+* hegedoc was once called codiMD, so container, config and users are still called codimd.
+**Do NOT change this** unless you're activly migrating the service (with container, database and all) to the new name.
+Everything userfacing is already renamed.
+* there is a second instance named **pad-i4f** running for embedding into nextcloud.
+
+# Troubleshooting
+
+## Basic
+
+Usually if hedgedoc dies, it's because postgres wasn't ready yet and the translation layer dosen't understand the wait message. Just restart hedgedoc in the container:
+
+```
+sudo nixos-container root-login codimd
+systemctl restart hedgedoc
+```
+
+Sometimes restarting nginx fixes the problem. To do so run:
+```
+sudo systemctl restart nginx
+```
+
+As a last basic step try restarting the container as a whole:
+```
+sudo systemctl restart container@codimd
+```
+
+### Advanced
+log into the container and take a look at the logs
+
+	sudo nixos-container root-login codimd
+    journalctl -e
+
+#### fixing failed database upgrades
+In some cases, HedgeDoc might apply migrations without correctly saving the progress. In these cases, HedgeDoc will refuse to start with “already exists”-errors like ERROR: type "enum_Notes_permission" already exists.
+
+Get the name of the failing migration and append .js to it. For example, if you encounter this error
+
+    == 20180306150303-fix-enum: migrating =======
+
+    ERROR: type "enum_Notes_permission" already exists
+
+the name of the failed migration would be 20180306150303-fix-enum.js.
+
+The SQL-statement may look like this:
+
+    INSERT INTO "SequelizeMeta" (name) VALUES ('20180306150303-fix-enum.js');
+
+Make sure HedgeDoc does not run and insert the name into the SequelizeMeta table.
+Enter the container switch to the postgres user, open psql and commect to the codimd dataase:
+
+    su postgres
+    psql
+    \l
+    \c codimd
+	[ RUN adjusted SQL STAMEMENT from above ]
+    \q
+
+Start HedgeDoc again and observe if it starts correctly. It may be necessary to repeat this process and insert multiple migrations into the SequelizeMeta table.
--- a/content/mail.md
+++ b/content/mail.md
@ -0,0 +1,69 @@
+++
+title = "services/mail"
+taxonomies.categories = [ "services" ]
+++
+
+- runs on: parsons
+- purpose: sending mails
+- maintainer: ?
+- configuration: [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix)
+- login: passwords defined in nixfile
+
+## adding a mail account
+* We use `@hacc.space` for our mails
+* `@infra4future.de` is reserved for services, old user accounts will be forwarded & logins disabled
+* choose a name (no aliases or other names can be the same)
+* generate a sha-512 password hash ```mkpasswd -m sha-512``` - **never add an unhashed password!**
+* add your accunt to ```loginAccounts =```  in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L16)
+* build and redeploy parsons
+
+**example:**
+```
+zwoelfontheshelf@hacc.space" = {
+	hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUEdxrxdtgvzuGOkBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
+};
+```
+
+## adding to a forward adress
+* add the mail address to the coresponding `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
+* build and redeploy parsons
+
+## adding a forward adress
+* add the address to `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
+* add the addresses it should forward to
+* build and redeploy parsons
+
+**example:**
+```
+"himmel@hacc.space" = [
+	"hexchen@hacc.space"
+	"schweby@hacc.space"
+	"zauberberg@hacc.space"
+];
+```
+
+## sending & reciveing mail
+
+### as a user
+* Your mail client should auto configure correctly
+
+```
+mailserver: mail.hacc.space (everywhere)
+username: $your_mail_address
+sending via smtp: port 587 or 465
+recieving
+	imap: port 993
+TLS and STARTTLS are supported
+  ```
+
+* You can send mail as you and any alias you recieve mail from. Set a second Identity in your e-mail client
+
+### as an application
+* If your application needs to recieve mail, please talk to a maintainer first.
+* mailserver: `mail.hacc.space`
+* Do **not** use port 25. It's for server to server communication only.
+* Use smtp ports `587` or `465`
+* enable TLS if possible
+* only send mail from `noreply@infra4future.de`
+* Password is in vaultwarden (TODO?)
+
--- a/content/mumble.md
+++ b/content/mumble.md
@ -0,0 +1,39 @@
+++
+title = "services/mumble"
+taxonomies.categories = [ "mumble" ]
+++
+
+
+## info
+
+runs on: parsons
+
+purpose: voice communication
+
+ - [config file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/murmur.nix)
+ - [offical Docmuentation](https://wiki.mumble.info/wiki/Main_Page)
+
+The mumble server is called murmur, but the naming is inconsistent with mumble server.
+
+## registration
+Users need to be registerd to join any other channel than public.
+An already registerd user has to register them with the server.
+1. right click on the username
+2. choose register in the menu. Done.
+
+## resticted channels
+Every channel in the hacc category exept for plenum can only be accessed by members of the hacc group.
+
+## adding users to a group
+Only admins can edit groups, and only registered users can be added to groups.
+1. right click on the Root channel
+2. select Edit...
+2. In Groups select $groupname
+3. make the change you want to make
+4. click "OK"
+
+## configuration details
+
+* the server is not registerd with mumble &rarr; not on the public server list 
+* the bitrate is set to 128kb/s; otherwise the client would complainy that the server bitrate is less then the configured (default) in its local settings
+* the mumble server needs special permissions on its SSL Files. The after acme hook ***should*** fix this, but it was never observed to be working (nor not working for that matter, but look here first, if there's any error with the certifcates)