add usable stuff from bookstack
the rest is sufficiently out of date that keeping the documentation would be actively harmful.
This commit is contained in:
parent
863383a13f
commit
ad7b0aea0f
4 changed files with 200 additions and 0 deletions
23
content/domains.md
Normal file
23
content/domains.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
+++
|
||||||
|
title = "Domains"
|
||||||
|
categories = [ "domains", "meta" ]
|
||||||
|
+++
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Domains Managed via Cloudflare
|
||||||
|
- `4future.dev`
|
||||||
|
- `infra4future.de`
|
||||||
|
- `hacc.space`
|
||||||
|
- `hacc.earth`
|
||||||
|
- `hacc.wiki`
|
||||||
|
- `hacc.consulting`
|
||||||
|
- `hacc.media`
|
||||||
|
- `knotenpunkt-alpen.de`
|
||||||
|
|
||||||
|
## Others
|
||||||
|
These domains are somehow associated with us / were also used at some point / were
|
||||||
|
listed in an old wiki:
|
||||||
|
|
||||||
|
- `4futu.re` (owned by octycs)
|
||||||
|
- `mumble.jetzt` (owned by Zauberberg)
|
69
content/hedgedoc.md
Normal file
69
content/hedgedoc.md
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
+++
|
||||||
|
title = "services/hedgedoc"
|
||||||
|
taxonomies.categories = [ "services" ]
|
||||||
|
+++
|
||||||
|
|
||||||
|
runs on: parsons
|
||||||
|
purpose: writing things down, collaboratively
|
||||||
|
configuration: [nixfile](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/hedgedoc-hacc.nix)
|
||||||
|
login: SSO via keycloak
|
||||||
|
|
||||||
|
### configuration details
|
||||||
|
* hegedoc was once called codiMD, so container, config and users are still called codimd.
|
||||||
|
**Do NOT change this** unless you're activly migrating the service (with container, database and all) to the new name.
|
||||||
|
Everything userfacing is already renamed.
|
||||||
|
* there is a second instance named **pad-i4f** running for embedding into nextcloud.
|
||||||
|
|
||||||
|
# Troubleshooting
|
||||||
|
|
||||||
|
## Basic
|
||||||
|
|
||||||
|
Usually if hedgedoc dies, it's because postgres wasn't ready yet and the translation layer dosen't understand the wait message. Just restart hedgedoc in the container:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo nixos-container root-login codimd
|
||||||
|
systemctl restart hedgedoc
|
||||||
|
```
|
||||||
|
|
||||||
|
Sometimes restarting nginx fixes the problem. To do so run:
|
||||||
|
```
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
As a last basic step try restarting the container as a whole:
|
||||||
|
```
|
||||||
|
sudo systemctl restart container@codimd
|
||||||
|
```
|
||||||
|
|
||||||
|
### Advanced
|
||||||
|
log into the container and take a look at the logs
|
||||||
|
|
||||||
|
sudo nixos-container root-login codimd
|
||||||
|
journalctl -e
|
||||||
|
|
||||||
|
#### fixing failed database upgrades
|
||||||
|
In some cases, HedgeDoc might apply migrations without correctly saving the progress. In these cases, HedgeDoc will refuse to start with “already exists”-errors like ERROR: type "enum_Notes_permission" already exists.
|
||||||
|
|
||||||
|
Get the name of the failing migration and append .js to it. For example, if you encounter this error
|
||||||
|
|
||||||
|
== 20180306150303-fix-enum: migrating =======
|
||||||
|
|
||||||
|
ERROR: type "enum_Notes_permission" already exists
|
||||||
|
|
||||||
|
the name of the failed migration would be 20180306150303-fix-enum.js.
|
||||||
|
|
||||||
|
The SQL-statement may look like this:
|
||||||
|
|
||||||
|
INSERT INTO "SequelizeMeta" (name) VALUES ('20180306150303-fix-enum.js');
|
||||||
|
|
||||||
|
Make sure HedgeDoc does not run and insert the name into the SequelizeMeta table.
|
||||||
|
Enter the container switch to the postgres user, open psql and commect to the codimd dataase:
|
||||||
|
|
||||||
|
su postgres
|
||||||
|
psql
|
||||||
|
\l
|
||||||
|
\c codimd
|
||||||
|
[ RUN adjusted SQL STAMEMENT from above ]
|
||||||
|
\q
|
||||||
|
|
||||||
|
Start HedgeDoc again and observe if it starts correctly. It may be necessary to repeat this process and insert multiple migrations into the SequelizeMeta table.
|
69
content/mail.md
Normal file
69
content/mail.md
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
+++
|
||||||
|
title = "services/mail"
|
||||||
|
taxonomies.categories = [ "services" ]
|
||||||
|
+++
|
||||||
|
|
||||||
|
- runs on: parsons
|
||||||
|
- purpose: sending mails
|
||||||
|
- maintainer: ?
|
||||||
|
- configuration: [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix)
|
||||||
|
- login: passwords defined in nixfile
|
||||||
|
|
||||||
|
## adding a mail account
|
||||||
|
* We use `@hacc.space` for our mails
|
||||||
|
* `@infra4future.de` is reserved for services, old user accounts will be forwarded & logins disabled
|
||||||
|
* choose a name (no aliases or other names can be the same)
|
||||||
|
* generate a sha-512 password hash ```mkpasswd -m sha-512``` - **never add an unhashed password!**
|
||||||
|
* add your accunt to ```loginAccounts =``` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L16)
|
||||||
|
* build and redeploy parsons
|
||||||
|
|
||||||
|
**example:**
|
||||||
|
```
|
||||||
|
zwoelfontheshelf@hacc.space" = {
|
||||||
|
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUEdxrxdtgvzuGOkBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
## adding to a forward adress
|
||||||
|
* add the mail address to the coresponding `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
|
||||||
|
* build and redeploy parsons
|
||||||
|
|
||||||
|
## adding a forward adress
|
||||||
|
* add the address to `extraVirtualAliases =` in the [nix file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/mail.nix#L80)
|
||||||
|
* add the addresses it should forward to
|
||||||
|
* build and redeploy parsons
|
||||||
|
|
||||||
|
**example:**
|
||||||
|
```
|
||||||
|
"himmel@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"schweby@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
];
|
||||||
|
```
|
||||||
|
|
||||||
|
## sending & reciveing mail
|
||||||
|
|
||||||
|
### as a user
|
||||||
|
* Your mail client should auto configure correctly
|
||||||
|
|
||||||
|
```
|
||||||
|
mailserver: mail.hacc.space (everywhere)
|
||||||
|
username: $your_mail_address
|
||||||
|
sending via smtp: port 587 or 465
|
||||||
|
recieving
|
||||||
|
imap: port 993
|
||||||
|
TLS and STARTTLS are supported
|
||||||
|
```
|
||||||
|
|
||||||
|
* You can send mail as you and any alias you recieve mail from. Set a second Identity in your e-mail client
|
||||||
|
|
||||||
|
### as an application
|
||||||
|
* If your application needs to recieve mail, please talk to a maintainer first.
|
||||||
|
* mailserver: `mail.hacc.space`
|
||||||
|
* Do **not** use port 25. It's for server to server communication only.
|
||||||
|
* Use smtp ports `587` or `465`
|
||||||
|
* enable TLS if possible
|
||||||
|
* only send mail from `noreply@infra4future.de`
|
||||||
|
* Password is in vaultwarden (TODO?)
|
||||||
|
|
39
content/mumble.md
Normal file
39
content/mumble.md
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
+++
|
||||||
|
title = "services/mumble"
|
||||||
|
taxonomies.categories = [ "mumble" ]
|
||||||
|
+++
|
||||||
|
|
||||||
|
|
||||||
|
## info
|
||||||
|
|
||||||
|
runs on: parsons
|
||||||
|
|
||||||
|
purpose: voice communication
|
||||||
|
|
||||||
|
- [config file](https://gitlab.infra4future.de/infra/haccfiles/-/blob/main/services/murmur.nix)
|
||||||
|
- [offical Docmuentation](https://wiki.mumble.info/wiki/Main_Page)
|
||||||
|
|
||||||
|
The mumble server is called murmur, but the naming is inconsistent with mumble server.
|
||||||
|
|
||||||
|
## registration
|
||||||
|
Users need to be registerd to join any other channel than public.
|
||||||
|
An already registerd user has to register them with the server.
|
||||||
|
1. right click on the username
|
||||||
|
2. choose register in the menu. Done.
|
||||||
|
|
||||||
|
## resticted channels
|
||||||
|
Every channel in the hacc category exept for plenum can only be accessed by members of the hacc group.
|
||||||
|
|
||||||
|
## adding users to a group
|
||||||
|
Only admins can edit groups, and only registered users can be added to groups.
|
||||||
|
1. right click on the Root channel
|
||||||
|
2. select Edit...
|
||||||
|
2. In Groups select $groupname
|
||||||
|
3. make the change you want to make
|
||||||
|
4. click "OK"
|
||||||
|
|
||||||
|
## configuration details
|
||||||
|
|
||||||
|
* the server is not registerd with mumble → not on the public server list
|
||||||
|
* the bitrate is set to 128kb/s; otherwise the client would complainy that the server bitrate is less then the configured (default) in its local settings
|
||||||
|
* the mumble server needs special permissions on its SSL Files. The after acme hook ***should*** fix this, but it was never observed to be working (nor not working for that matter, but look here first, if there's any error with the certifcates)
|
Reference in a new issue