From 1573f0b57d5dd1ccf9d7fd6a6baaa1e7752fbcfc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 Apr 2024 04:12:36 +0100 Subject: [PATCH] feat: further additions to the handover for the sr sysadmin --- .../2024/Senior_System_Administrator.md | 88 ++++++++++++++++++- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/Committee/_Handovers/2024/Senior_System_Administrator.md b/Committee/_Handovers/2024/Senior_System_Administrator.md index 04a1b70..960bd88 100644 --- a/Committee/_Handovers/2024/Senior_System_Administrator.md +++ b/Committee/_Handovers/2024/Senior_System_Administrator.md @@ -8,20 +8,102 @@ The purpose of this document is to assist the incoming Senior System Administrat - Maintaining existing hardware. - Sourcing new hardware. - Improving the software. +- Promote the cluster's use - Oversee development of Skynet. - Oversee the Root team. - Oversee training for junior members of the Root team. - Oversee communications with ITD. - Help develop server related skills in the general membership. +- Manages: + * Linux Webhost for members + * LDAP + * DNS + * [Gitlab][0] + * [Nextcloud][1] (Selfhosted Google) + * [VaultWarden][2] (password manager) ## Guide -- -- You are a society committee member, so you have a basic responsibility to look after society members and other committee members and make sure events are a fun and safe environment. +### Baseline +1. Dont be a dick. +2. You are a society committee member, so you have a basic responsibility to look after society members and other committee members and make sure events are a fun and safe environment. +3. The core goal of the Skynet cluster is to provide services for the society. + * These are the more visible services like the linux host/gitlab/nextcloud/.... + * It also includes training for anyone who wants to get more hands on, both administration/hardware. + * Its not your fiefdom, everything must improve it for others, even if it takes you out of your comfort zone. + +### Onboarding +#### New Committee +1. Ensure that each committee member has a skynet account + * If they dont then assist them through the process. +2. Add their chosen usernames to the [nixos][3] under ``committee`` +3. Add them to the [Gitlab][4], prune non committee + * Gitlab does have enterprise option to automagically do this, we dont have that yet +4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2] + * Separate but linked account is security feature, unavoidable. + * They will gain access to the ``Compsoc`` collection of passwords. +5. They will automatically gain access to the ``Compsoc`` folder on [nextcloud][1] + +#### Root team - Trainee +1. Ensure that each root member has a skynet account + * If they dont then assist them through the process. +2. Add their chosen usernames to the [nixos][3] under ``trainee`` +3. They will automatically gain access to the ``Skynet`` folder on [nextcloud][1] +4. Provide training + +#### Root team - Admin +1. They will already have a skynet account. +2. Add their chosen usernames to the [nixos][3] under ``admin`` +3. They will automatically gain access to the ``Skynet_Admin`` folder on [nextcloud][1] +4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2] + * Separate but linked account is security feature, unavoidable. + * They will gain access to the ``Skynet`` collection of passwords. +5. Contact ITD to get them added to the VPN. +6. Provide training + +#### Sr Sysadmin +{need to figure out this process} + +### Annual Events +#### Sign up Fair +{link to event guide/write up} + +#### Renew Domains +We have two domains, both with Blacknight. +``skynet.ie`` is sponsored to us. +``ulcompsoc.ie`` we have to pay for, renew for two years but check yearly. + +#### Inform ITD that servers are up-to-date and patched +Part of the agreement with ITD is to show them every semester that the server are patched and up to date. + +### Regular Events +#### Email +I generally check all the email accounts for new mail once a day or so. +There is a good chunk of spam but we do get a fair few mails from alumni trying to reactivate accounts. + +#### Reactivate old accounts +Alumni regularly get in contact to re-activate their skynet accounts. +Be polite and respectful when dealing with them. + +Much of this process is covered by [renew][5] and [recovery][6] however more documentation needs to be added on how to verify users. ## Summary This has been mostly a managerial role, involving organisation and mentorship. The role looks really good on a CV/LinkedIn. +The roles that Skynet has played over the years has changed dramatically (as outlined in the [old history][7]). +One of the main draws for it was the email and cloud storage. +At one point it employed 5 admins, each in charge of their own servers. +Now in this era of DevOps each admin can do so much more while also requiring more diverse knowledge. +This change is exciting, stressful and rewarding. -Brendan Golden. \ No newline at end of file +Brendan Golden. + +[0]: https://gitlab.skynet.ie +[1]: https://nextcloud.skynet.ie +[2]: https://pw.skynet.ie +[3]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/blob/main/config/users.nix?ref_type=heads#L47 +[4]: https://gitlab.skynet.ie/groups/compsoc1/compsoc/-/group_members +[5]: https://renew.skynet.ie/ +[6]: https://renew.skynet.ie/recovery/ +[7]: https://2016.skynet.ie/history.html \ No newline at end of file