diff --git a/content/domains.md b/content/domains.md new file mode 100644 index 0000000..1402c90 --- /dev/null +++ b/content/domains.md @@ -0,0 +1,23 @@ ++++ +title = "Domains" +categories = [ "domains", "meta" ] ++++ + + + +## Domains Managed via Cloudflare + - `4future.dev` + - `infra4future.de` + - `hacc.space` + - `hacc.earth` + - `hacc.wiki` + - `hacc.consulting` + - `hacc.media` + - `knotenpunkt-alpen.de` + +## Others +These domains are somehow associated with us / were also used at some point / were +listed in an old wiki: + + - `4futu.re` (owned by octycs) + - `mumble.jetzt` (owned by Zauberberg) diff --git a/content/hedgedoc.md b/content/hedgedoc.md new file mode 100644 index 0000000..b63e3ee --- /dev/null +++ b/content/hedgedoc.md @@ -0,0 +1,69 @@ ++++ +title = "services/hedgedoc" +taxonomies.categories = [ "services" ] ++++ + +runs on: parsons +purpose: writing things down, collaboratively +configuration: [nixfile](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/hedgedoc-hacc.nix) +login: SSO via keycloak + +### configuration details +* hegedoc was once called codiMD, so container, config and users are still called codimd. +**Do NOT change this** unless you're activly migrating the service (with container, database and all) to the new name. +Everything userfacing is already renamed. +* there is a second instance named **pad-i4f** running for embedding into nextcloud. + +# Troubleshooting + +## Basic + +Usually if hedgedoc dies, it's because postgres wasn't ready yet and the translation layer dosen't understand the wait message. Just restart hedgedoc in the container: + +``` +sudo nixos-container root-login codimd +systemctl restart hedgedoc +``` + +Sometimes restarting nginx fixes the problem. To do so run: +``` +sudo systemctl restart nginx +``` + +As a last basic step try restarting the container as a whole: +``` +sudo systemctl restart container@codimd +``` + +### Advanced +log into the container and take a look at the logs + + sudo nixos-container root-login codimd + journalctl -e + +#### fixing failed database upgrades +In some cases, HedgeDoc might apply migrations without correctly saving the progress. In these cases, HedgeDoc will refuse to start with “already exists”-errors like ERROR: type "enum_Notes_permission" already exists. + +Get the name of the failing migration and append .js to it. For example, if you encounter this error + + == 20180306150303-fix-enum: migrating ======= + + ERROR: type "enum_Notes_permission" already exists + +the name of the failed migration would be 20180306150303-fix-enum.js. + +The SQL-statement may look like this: + + INSERT INTO "SequelizeMeta" (name) VALUES ('20180306150303-fix-enum.js'); + +Make sure HedgeDoc does not run and insert the name into the SequelizeMeta table. +Enter the container switch to the postgres user, open psql and commect to the codimd dataase: + + su postgres + psql + \l + \c codimd + [ RUN adjusted SQL STAMEMENT from above ] + \q + +Start HedgeDoc again and observe if it starts correctly. It may be necessary to repeat this process and insert multiple migrations into the SequelizeMeta table. diff --git a/content/mail.md b/content/mail.md new file mode 100644 index 0000000..f1b734f --- /dev/null +++ b/content/mail.md @@ -0,0 +1,69 @@ ++++ +title = "services/mail" +taxonomies.categories = [ "services" ] ++++ + +- runs on: parsons +- purpose: sending mails +- maintainer: ? +- configuration: [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix) +- login: passwords defined in nixfile + +## adding a mail account +* We use `@hacc.space` for our mails +* `@infra4future.de` is reserved for services, old user accounts will be forwarded & logins disabled +* choose a name (no aliases or other names can be the same) +* generate a sha-512 password hash ```mkpasswd -m sha-512``` - **never add an unhashed password!** +* add your accunt to ```loginAccounts =``` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L16) +* build and redeploy parsons + +**example:** +``` +zwoelfontheshelf@hacc.space" = { + hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUEdxrxdtgvzuGOkBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; +}; +``` + +## adding to a forward adress +* add the mail address to the coresponding `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80) +* build and redeploy parsons + +## adding a forward adress +* add the address to `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80) +* add the addresses it should forward to +* build and redeploy parsons + +**example:** +``` +"himmel@hacc.space" = [ + "hexchen@hacc.space" + "schweby@hacc.space" + "zauberberg@hacc.space" +]; +``` + +## sending & reciveing mail + +### as a user +* Your mail client should auto configure correctly + +``` +mailserver: mail.hacc.space (everywhere) +username: $your_mail_address +sending via smtp: port 587 or 465 +recieving + imap: port 993 +TLS and STARTTLS are supported + ``` + +* You can send mail as you and any alias you recieve mail from. Set a second Identity in your e-mail client + +### as an application +* If your application needs to recieve mail, please talk to a maintainer first. +* mailserver: `mail.hacc.space` +* Do **not** use port 25. It's for server to server communication only. +* Use smtp ports `587` or `465` +* enable TLS if possible +* only send mail from `noreply@infra4future.de` +* Password is in vaultwarden (TODO?) + diff --git a/content/mumble.md b/content/mumble.md new file mode 100644 index 0000000..bd93e23 --- /dev/null +++ b/content/mumble.md @@ -0,0 +1,39 @@ ++++ +title = "services/mumble" +taxonomies.categories = [ "mumble" ] ++++ + + +## info + +runs on: parsons + +purpose: voice communication + + - [config file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/murmur.nix) + - [offical Docmuentation](https://wiki.mumble.info/wiki/Main_Page) + +The mumble server is called murmur, but the naming is inconsistent with mumble server. + +## registration +Users need to be registerd to join any other channel than public. +An already registerd user has to register them with the server. +1. right click on the username +2. choose register in the menu. Done. + +## resticted channels +Every channel in the hacc category exept for plenum can only be accessed by members of the hacc group. + +## adding users to a group +Only admins can edit groups, and only registered users can be added to groups. +1. right click on the Root channel +2. select Edit... +2. In Groups select $groupname +3. make the change you want to make +4. click "OK" + +## configuration details + +* the server is not registerd with mumble → not on the public server list +* the bitrate is set to 128kb/s; otherwise the client would complainy that the server bitrate is less then the configured (default) in its local settings +* the mumble server needs special permissions on its SSL Files. The after acme hook ***should*** fix this, but it was never observed to be working (nor not working for that matter, but look here first, if there's any error with the certifcates)