h1. Network Infrastructure

|_. What |_. Where |_. Access type | Who | Comments |
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* [[replicant::People#Fil-Bergamo|Fil Bergamo]]
* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]
* [[replicant::People#David-Ludovino|David Ludovino]]
* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * [[replicant::People#David-Ludovino|David Ludovino]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]
* [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]
* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* [[replicant::People#Fil-Bergamo|Fil Bergamo]]
* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]
* [[replicant::People#David-Ludovino|David Ludovino]]
* OSUOSL system administrators
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* OSUOSL system administrators | We should not use too much space. |
| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/
* Patches should be sent to the Replicant mailing list.
* There is a jenkins hook with a token to pull and deploy the website source code. |
| "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* Several FSF system administrators
* FSF backup server
* FSF Ansible deployment server | Resources kindly offered by the FSF.
The git configuration has [[replicant::ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]] .
Before handling SSH (root) access to this machine:
* Make sure that the person really needs it.
* Make sure that the person already contributed to Replicant.
* Ask one other person that has SSH access and/or the [[replicant::SteeringCommittee|SteeringCommittee]] to also agree on it. |
| [[replicant::PrivateContact|Private contact address]] | IMAP access | * [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* [[replicant::People#Fil-Bergamo|Fil Bergamo]]
* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]
* [[replicant::People#David-Ludovino|David Ludovino]]
* @GrimKriegor | You can write to the contact address (all the members of [[replicant::SteeringCommittee|SteeringCommittee]] receive it) if for some reasons you need to receive it as well. |
|/4. #replicant IRC channels
(all "bridged":https://git.replicant.us/infrastructure/matterbridge/)
| Libera.Chat | Channel operator | * [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]] |  |
| OFTC | Channel operator | * [[replicant::People#Kurtis-Hanna|Kurtis Hanna]]
* @JeremyRand | Bridged to Matrix. Access via @#_oftc_#replicant:matrix.org@ |
| HackInt | Channel operator |  |  |
| -Freenode- | Channel operator | * [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]]
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo]]
* [[replicant::People#Joonas-Kylmälä|Joonas Kylmälä]]
* [[replicant::People#Kurtis-Hanna|Kurtis Hanna]] | Deprecated in favour of Libera.Chat
Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
* The DNS entries are configured to use gandi's DNS server | * [[replicant::People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]] : Can do everything (including designating the technical contact or transferring the domain) 
* [[replicant::People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]] : can do DNS zone changes
* Other people? [[replicant::People#Paul-Kocialkowski|Paul Kocialkowski]] ? | |
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
* https://blog.replicant.us: OSUOSL
* https://redmine.replicant.us: OSUOSL
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
| "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account
* The [[replicant::PrivateContact|Private contact address]] address was used as the mail  | See the [[Mastodon]] page for more details |

h2. OSUOSL

The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.

Contact:
* They can be contacted on #osuosl on the Freenode IRC network
* They also have a 'support' mail address at osuosl.org

h2. Virtual machine in FSF's infrastructure

* The virtual machine is hosted in a server that is in their office or in a datacenter.
* Several FSF network administrator also have access to the virtual machine

Contact:
* The 'sysadmin' mail address at gnu.org
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

h3. Virtual machine specifications

See [[VMSpecifications]] for the VM specifications.

h3. Virtual machine backup policies

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
<pre>
/dev
/proc
/tmp
/sys
/run
/mnt
/mnt0
/mnt1
/mnt2
/mnt3
/mnt4
/mnt5
/mnt6
/mnt7
/mnt8
/mnt9
/floppy/
/cdrom/
/media/
/net/
/var/spool/squid/
/var/spool/squid3/
/var/spool/squid3_bak/
/var/spool/squid-tbd/
/var/spool/squid*/
/var/spool/django/
/var/spool/exim/
/var/cache/
/srv/chroot/
/t
/srv/to-tape
/var/lib/ceph/osd/
/var/lib/apt/lists/
/var/cache/apt/
</pre>

h3. git hosting infrastructure on this machine

The source code is in /srv/git/git-data/repositories and is divided in several groups:
** Replicant source code
** LineageOS mirror
** AOSP mirror
** Various developers repositories

|_. function |_. software |_. documentation |_. comments |
| authorization | gitolite | [[replicant::UpstrreamSourceCodeMirrors|UpstrreamSourceCodeMirrors]] | |
| read access | * git:// -> git daemon
* ssh:// -> ssh daemon
* https:// -> ? (TODO: document the software/configuration) | | |
| web | cgit | [[replicant::Cgit|Cgit]] | |

h2. Gandi

* See https://en.wikipedia.org/wiki/Gandi for more details

h2. GDPR

* For GDPR related inquiries, you can write to the [[replicant::PrivateContact|PrivateContact]] mail address.

h2. TODO:

* -Ask the OSUOSL about backup policies.- The OSUOSL will do backup of the FTP for us.
* Do our own backup policies and do some backups ourselves.
* Contact the people that have some control of the resources above and ask for permission to mention them here
* Fill the gaps (mentioned with '?') in this page
* Look what happens when an account is deleted
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
* Move the entries of this TODO list to the tracker when it makes sense

h1. Funding and legal entity

See the [[replicant::SteeringCommittee|SteeringCommittee]] for more details.

h1. Legal advise

Contact Zoë Kooyman at the FSF.

Note that Zoë Kooyman is not a lawyer but the FSF has lawyers.

h1. Documentation

The project:replicant-infrastructure project has a [[Wiki]] with more documentation in it.