Skynet/wiki
7
1
Fork 6
Code Issues2 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

..

No commits in common. "main" and "main" have entirely different histories.
main ... main

38 changed files with 76 additions and 1484 deletions

1
.forgejo/workflows/build.yaml
View file

@ -10,7 +10,6 @@ on:
- .forgejo/**/*
- mkdocs.yml
jobs:
# Build it locally, this helps caching for later
build:

1
.gitattributes vendored
View file

@ -39,7 +39,6 @@ eol=lf
# Misc
*.zip filter=lfs diff=lfs merge=lfs -text
*.tar.gz filter=lfs diff=lfs merge=lfs -text
# ET4011

9
LICENSE
View file

@ -1,9 +0,0 @@
MIT License
Copyright (c) 2024 Skynet
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

10
README.md
View file

@ -1,17 +1,7 @@
# Skynet Wiki
[Wiki for Skynet][1]
Uses [mkdocs][2] to generate the site.
[1]: https://wiki.skynet.ie
[2]: https://www.mkdocs.org
## Hooks
Run this command to set up the hooks properly so the git information can be stored within the repo
```bash
git config --local core.hooksPath .githooks/
```

30
mkdocs.yml
View file

@ -1,36 +1,6 @@
site_name: Skynet Wiki
site_url: https://wiki.skynet.ie
repo_url: https://forgejo.skynet.ie/Skynet/wiki
edit_uri: src/branch/main/src
docs_dir: ./src/
theme:
name: material
palette:
# Palette toggle for light mode
- scheme: default
toggle:
icon: material/brightness-7
name: Switch to dark mode
# Palette toggle for dark mode
- scheme: slate
toggle:
icon: material/brightness-4
name: Switch to light mode
features:
- search.suggest
- search.highlight
# - navigation.expand
- content.action.view
icon:
view: material/eye
plugins:
- search
# - git-authors:
# show_email_address: false
# - git-revision-date-localized:
# enable_creation_date: true
markdown_extensions:
- tables
- pymdownx.caret
- pymdownx.mark
- pymdownx.tilde

BIN
src/procedures/9_email/manage_identities.png (Stored with Git LFS)
View file

Binary file not shown.

BIN
src/procedures/9_email/manage_identity.png (Stored with Git LFS)
View file

Binary file not shown.

BIN
src/procedures/9_email/settings.png (Stored with Git LFS)
View file

Binary file not shown.

BIN
src/procedures/9_email/settings_account.png (Stored with Git LFS)
View file

Binary file not shown.

BIN
src/procedures/9_email/settings_account_page.png (Stored with Git LFS)
View file

Binary file not shown.

51
src/procedures/admin_email.md
View file

@ -1,51 +0,0 @@
# Admin - Email
## Alias Setup
Well //an// identity, you can have many
Thus its incredibly important
[This talk is incredibly useful for a good overview][1]
[We have SPF, DKIM and DMARK][4]
## Aliases
Delivering to //your// mailbox is all good and grand
But what if you want to be someone else?
Such as a service account, for example: ``root[at symbol]skynet.ie``
Thankfully that is possible (if you are given access)
[We have aliases set up for stuff like that][2]
So anyone in these groups gets mail from these addresses sent to them
These (in our case) get sent to a subfolder in our inboxes
But what if we want to send mail as the service account?
In [Thunderbird][3] it is relatively easy
Sign into your Skynet account on Thunderbird
Select ``Settings`` (bottom right)
![img.png](9_email/settings.png)
Select ``Account Setttings``
![img_1.png](9_email/settings_account.png)
Select your Skynet email then ``Manage Identities``
![img_2.png](9_email/settings_account_page.png)
This screen has all your current Identities
Select ``Add``
![img_3.png](9_email/manage_identities.png)
Add yer ``Name``, ``Email Address`` you want to alias and select ``OK``
![img_4.png](9_email/manage_identity.png)
In this example I would be able to send mail as ``this_is_a_real_email[at symbol]skynet.ie``
(if I was actually allowed to do so)
[1]: https://www.youtube.com/watch?v=mrGfahzt-4Q
[2]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/26e715b2f62e406deee5e773ebcc3e3c3d200186/applications/email.nix#L31-L91
[3]: https://www.thunderbird.net/en-GB/
[4]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/26e715b2f62e406deee5e773ebcc3e3c3d200186/applications/email.nix#L314-L343
[original]: https://forgejo.skynet.ie/Computer_Society/presentations_compsoc/src/branch/main/src/slides/skynet/9_email.md

78
src/procedures/admin_modify.md
View file

@ -1,78 +0,0 @@
# Admin - Modify
A Skynet Admin is a user with teh highest level of access to the cluster, having been trained up over a year.
This guide will cover adding and removing an Admin.
The normal Committee Member process applies to them as well, so check [here](committee_modify.md#adding) for teh specific details.
A user cannot add or remove themselves from being an admin, an existing admin must do so (one who will still be admin after the procedure).
## Add
Steps to add a new Admin
### NixOS
There are several steps related to the NixOS repo on Forgejo.
#### Username Added
Like a normal committee member the users username must be added to the [``config/users.nix``][users.nix], specifically the admin section.
This gives teh user teh correct Skynet roles on our services.
This also enables them to use their personal account to login to all the servers.
#### SSH Key
##### Root Account
There is a ``root`` account that admins can use.
To be able to login as root you have to add you key to the keys for ``root``
You can add it in the [``machines/_base.nix``][base.nix].
##### Secrets Management
We store our secrets encrypted in the repo using a tool called ``agenix``, a nix implementation of [age][age].
In order to create/edit any secret your key has to be added to [``secrets/secrets.nix``][secrets.nix].
Add the key mimicking the format for the other admins.
Then add it to the users list/array.
Finally re-key the secrets
###### Re-key Secrets
In order to re-key the secrets your key must have been previously added (this just not work if you have just added your key, an existing admin must do this).
```shell
# enter the devshell
nix develop
# Move into teh secrets folder
cd secrets
# Re-key the secrets
agenix -R
```
Then commit the changes.
### VPN
The VPN is what allows admins to get access to the internal parts of teh cluster when not on campus.
It is provided by ITD.
1. Add an entry to the bottom of [``ITD/VPN_Admins.csv``][VPN_Admins.csv]
2. Add an entry to [``ITD/VPN_Admins_changes.csv``][VPN_Admins_changes.csv] with ``Pending`` for teh Action.
3. Open up a [TopDesk request with ITD](./topdesk.md) to add the new Admin.
4. Add the ticket reference to [``ITD/VPN_Admins_changes.csv``][VPN_Admins_changes.csv]
5. When complete mark the entry ``Added`` on [``ITD/VPN_Admins_changes.csv``][VPN_Admins_changes.csv].
## Remove
For teh most part the removal/retirement of an admin is just the opposite of the adding.
The main difference is contacting ITD to remove them from the VPN.
### VPN
1. Open up a TopDesk request with ITD to remove the old Admin.
2. Add the ticket reference to [``ITD/VPN_Admins_changes.csv``][VPN_Admins_changes.csv]
3. When complete mark the entry ``Removed`` on [``ITD/VPN_Admins_changes.csv``][VPN_Admins_changes.csv].
[users.nix]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/b46eca16b0b207d14e173d4e40286160749c5c07/config/users.nix#L76
[base.nix]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/b46eca16b0b207d14e173d4e40286160749c5c07/machines/_base.nix#L75
[secrets.nix]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/b46eca16b0b207d14e173d4e40286160749c5c07/secrets/secrets.nix#L3-L18
[VPN_Admins.csv]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/b46eca16b0b207d14e173d4e40286160749c5c07/ITD/VPN_Admins.csv
[VPN_Admins_changes.csv]: https://forgejo.skynet.ie/Skynet/nixos/src/commit/b46eca16b0b207d14e173d4e40286160749c5c07/ITD/VPN_Admins_changes.csv
[age]: https://github.com/FiloSottile/age

0
src/procedures/admin_ssh.md
View file

95
src/procedures/alumni_verify.md
View file

@ -1,95 +0,0 @@
# Alumni Verification
We are an old Society (1992-<span id="year">now</span>) with a long history of members staying members long after they leave UL.
In 2023 we had an outage ([see here for more information][outage_2023]) which lead to us loosing contact with many of these since their contact details were their Skynet email.
We are also required to ensure that all active Skynet accounts are linked to a UL Computer Society membership.
This put us in the catch22, where folks needed their Skynet account in order to gain access to their Skynet account.
Many of these people want to regain access to their accounts and will make a request for help.
## How to process Requests
These requests to gain access to an old Skynet account may come in through one of our Email addresses (``contact@skynet.ie``) or from our [Discord][discord]
### Email
Keep an eye on the inboxes ye have access to.
Ensure that you have set up the aliases correctly (TODO: Email Aliases).
Aside from that be polite.
### Discord
Generally users will bring up their query in ``help-and-support``.
It is recommended that you create a Private thread and ping them to bring them into it.
This ensures that no private information will leak out.
#### How to create a Private Thread
1. Bottom left there is a Plus icon, click on that and select the ``Thread`` option.
![plus_icon.png](alumni_verify/plus_icon.png)
2. In teh segment that popped up tick the Private Thread checkbox.
![private_thread.png](alumni_verify/private_thread.png)
## The user recovers their own account.
The easiest way is that the user can recover their own account.
This works if they know their own username/password.
See [Account Recovery here][account_recovery] for more details.
If the user's account is old enough that the password is hashed with CRYPT then tehy will be unable to reset it themselves (even if they know teh password).
This is due to CRYPT being specific to the *machine* it is on, and the LDAP server has moved several times since in the last two decades.
In which case check out the following methods.
## Check if there is ``.forward``
A ``.forward`` file was placed in a users home directory to forward all incoming mail to that address.
```shell
USER="username"
# Output a list of paths if one exists for this user
find /skynet_old/{mailconfig,home}/$USER-name '.forward'
# use cat to output the contents to teh terminal
cat /skynet_old/mailconfig/$USER/.forward
```
### Usernames
One possible contents of the file is one or more Skynet usernames.
These are not too useful for our use case.
```
usera
userb
```
### Email(s)
What we are looking for is an email (identity) to tie the Skynet account to.
In which case you can check with the user that they still have access to teh email.
Get them to send you a mail from that account and verify the headers (TODO: Email headers)
```
username@example.com
```
## Find a link to Personal Email
Nothing in the ``.forwards`` or they no longer have access to the email its time to see if you can tie their current identity to skynet.
This is mostly possible since many members used to send mail between their Skynet account and their private account.
SSH into ``skynet.skynet.ie`` and run:
```shell
EMAIL="email@example.ie"
USER="username"
grep -r "$EMAIL" /skynet_old/{home,mail,mailconfig}/$USER
```
It may take a while to run depending on the contents of these folders.
in some cases they may have proof of their ID, in which case you can search for that.
Honestly the output of this is vibes based.
If there are forwarded email headers its a strong indication.
If a file in their ``public_html`` shows up that is also a strong indication.
The easiest one is if nothing pops up.
Remember you are the guardian of data on Skynet, if a user cannot prove a connection you are not obligated to grant them access.
[outage_2023]: ../support/recovery.md
[discord]: https://discord.skynet.ie
[account_recovery]: ../../support/recovery#account-recovery
<script>
/* I am a lazy fucker */
document.getElementById('year').textContent = new Date().getFullYear().toString()
</script>

BIN
src/procedures/alumni_verify/plus_icon.png (Stored with Git LFS)
View file

Binary file not shown.

BIN
src/procedures/alumni_verify/private_thread.png (Stored with Git LFS)
View file

Binary file not shown.

48
src/procedures/committee_modify.md
View file

@ -1,48 +0,0 @@
# Change Committee Members
This page covers the adding and removing of UL Computer Society committee members.
## Adding
Before starting the committee member in question *must* have a Skynet Account.
This is because we have several services that require authentication to access.
Details on how to create one can be found [here][skynet_account_creation].
Once they have an account add their username to [``config/users.nix``][users.nix].
Then commit and push.
Once everything is deployed they should have access to all resources within 15 min.
If you require it sooner than that see the [Force Update](#force-update) section below.
Next checkout the page on [VaultWarden](vaultwarden.md) to add the user to the password manager.
## Removing
Removing is essentially the same as adding.
Remove their username to [``config/users.nix``][users.nix].
Then commit and push.
## Force Update
If you need to hasten an update you can log into teh server to give it a (virtual) kick.
### SSH into Kitt
Kit is teh home of the user accounts.
```shell
ssh root@kitt.skynet.ie
```
### Once attached run these commands
```shell
# reboot the main process
systemctl restart skynet_ldap_backend.service
# Update the data (this ensures that folks are current members)
systemctl restart skynet_ldap_backend-update_data.service
# Apply the new group roles
systemctl restart skynet_ldap_backend-update_groups.service
```
### Exit the terminal.
```shell
quit
```
[skynet_account_creation]: ../tutorials/skynet/create_account.md
[users.nix]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/config/users.nix#L52

19
src/procedures/domains_renew.md
View file

@ -1,19 +0,0 @@
# Renewing Domains
While ``skynet.ie`` is sponsored by Blacknight (and we have one more from UL) we still have ``ulcompsoc.ie`` as a backup.
It needs renewing every two years and costs roughly €40/year for this.
Renewing every two years gives us some breathing space.
1. [Login][login] to Blacknight
* ``username`` and ``password`` are on [Vaultwarden](./vaultwarden.md)
2. ``Domains`` > ``My Domains`` > ``ulcompsoc.ie``
3. Under ``Actions`` select ``Renew Domain``
4. ``Add to Cart`` > ``Checkout``
5. In the ``Review & Checkout`` page there are several options to pay.
* Card - probably the fastest, you will have to submit an invoice to the Treasurer though. (TODO: Section on how to submit invoices)
* Paypal - Same as Card.
* Bank Transfer - Possibly the best, talk to Treasurer about this.
6. Done
[login]: https://cp.blacknighthosting.com/index.php/login

186
src/procedures/minecraft.md
View file

@ -1,186 +0,0 @@
# Minecraft Server
Skynet can host many game servers, however one of the most popular (going back through teh years) is Minecraft.
## Base Templates
The base templates for the servers are called [eggs][eggs].
These are basically scripts to setup and run the servers in question.
These are created by laying other eggs on top of each otehr to create a single config.
Bit of a PITA to make.
### mcsleepingserverstarter-Packwiz-Purpur-Geyser-Floodgate
This is the core Minecraft egg and can be found [here][eggs_main].
It comprises of several components bodged together
#### Sleeping Server Starter
This is a core component of being able to host multiple servers for multiple Clubs/Socs as it allows us to reduce the footprint of the server when nto so many folks are using it.
It listens on Java and Bedrock ports as a low power process and when someone tries to connect it spins up the full server.
Coupled with a plugin which shuts down teh server after the last person leaves it is pretty good for keeping resourse useage low.
#### Packwiz
Packwiz is a package/plugin/mod manager for minecraft which is compatible with source control.
The main repo for the plugins can be found [here][config_repo], with branches for each server configured with it
It allows us to have several plugins as a base that can be used by all servers.
##### Geyser and Floodgate
These pair together to allow bedrock players to connect and play with a Java server.
Quite useful as this encompasses console players.
##### ViaVersion
This and its partner plugins allow people who dont have the exact right version to match the server to connect.
Not perfect but it works pretty well.
#### Purpur
Purpur is a minecraft server which supports plugins.
It is a descendant of Paper and Bukkit and can use plugins built for those.
## Server - New
### Create user account
On the [admin page][panel_users] create an account for the Club/Soc which is getting the server.
Use their UL Wolves email for the email, username can be whatever as long as its descriptive of the Club/Soc.
Their role should be ``Server Admin``.
For password use a random string (I use 42 characters) and then email it to their Wolves address.
We are able to reset it in the future if required.
### Server setup
#### Config
1. On the [config repo][config_repo] fork off of main and name it after the Club/Soc and push.
2. Then on the web version of teh repo find that branch and teh ``pack.toml`` and click into it.
3. In the top right hand corner of the file you will see a button called ``raw``, select that.
![Raw File Button](minecraft/raw_file.png)
4. Copy the link of the page, will be used shortly.
#### Pelican Setup
On Pelican, on the [servers page][panel_servers] create a new server.
##### Information
###### Name
Enter teh Club/Soc who is getting it.
###### Owner
Select teh account you created earlier.
###### Primary Allocation
You will need to select the ``+``.
For ``IP Address`` select teh ``193.1.99.xyz`` address.
For ``Ports`` enter the minecraft port you have chosen, you can see the existing ports on [NixOS][nixos_minecraft]
Java ports take the form of ``255XY`` while Bedrock takes ``244XY``, with teh ``XY`` being teh same for both (makes it easier to keep track).
Once ye have that chosen click on teh ``Next Step``.
##### Egg Configuration
###### Egg
Select the ``mcsleepingserverstarter-Packwiz-Purpur-Geyser-Floodgate`` egg.
###### Packwiz URL
Then enter teh URL you copied previously into the input.
Once ye have that chosen click on teh ``Next Step``.
##### Environment Configuration
###### Memory
Set this to be ``Limited`` and between ``8000`` and ``12000``
Once ye have that chosen click on teh ``Create Server``.
#### NixOS
In NixOS you have to create DNS entries so folks can easily connect to teh server.
Location is in [``minecraft.nix``][nixos_minecraft], copy the existing format.
This will allow players to connect to ``minecraft.$CLUBSOC.games.skynet.ie``, although bedrock players will still need to use the port.
### Server Configuration
#### Discord
TODO: https://essentialsx.net/wiki/Discord-Tutorial.html
#### ``plugins/voicechat/voicechat-server.properties``
(TODO: add more about teh voice port)
Set teh port for use in teh voice chat.
```
port=24424
```
#### ``server.properties``
This is to allow bedrock users to text chat
````
enforce-secure-profile: false
````
#### ``plugins/Geyser-Spigot/config.yml``
Set the bedrock port
```yaml
bedrock:
port: 24423
```
Also set the authtype to be ``floodgate``
```yaml
remote:
auth-type: floodgate
```
#### ``sleepingSettings.yml``
Bedrock port needs to be added to this file:
```yaml
bedrockPort: 24423
```
## Server - Update
### Plugins Modification
#### DevShell
In the [config repo][config_repo] run this command to enter teh devshell which gives you access to ``packwiz``:
```shell
nix develop
```
#### Add
Once in the devshell use the add command to add a plugin.
```shell
packwiz modrinth add $LinkToModrinthPlugin
```
Commit and push.
#### Update
To update all plugins you can use this command
```shell
packwiz update --all
```
Commit and push.
#### Remove
To remove a plugin just delete the ``*.pw.toml``.
Then run the refresh command to update teh pack
```shell
packwiz refresh
```
Commit and push.
### Server Update
Now that teh pack has been updated you need to restart teh server to pull it in.
1. ``Stop`` the server
* This stops the java server, does not start teh ``sleepingserverstarter`` server.
2. ``Kill`` the server
* This stops the ``sleepingserverstarter`` server.
3. ``Start`` the server
* This restarts everything and pulls in teh updates.
[eggs]: https://panel.games.skynet.ie/admin/eggs
[eggs_main]: https://panel.games.skynet.ie/admin/eggs/22/edit?tab=-configuration-tab
[config_repo]: https://forgejo.skynet.ie/silver/Testing_packwiz
[panel_users]: https://panel.games.skynet.ie/admin/users
[panel_servers]: https://panel.games.skynet.ie/admin/servers
[nixos_minecraft]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/applications/games/minecraft.nix#L27

BIN
src/procedures/minecraft/raw_file.png (Stored with Git LFS)
View file

Binary file not shown.

37
src/procedures/proxmox.md
View file

@ -1,37 +0,0 @@
# Proxmox
A collection of all things proxmox related.
## Access
Proxmox can be found at [``193.1.99.73:8006``][webgui] when either on UL network or connected to the [VPN][vpn].
Login with your Skynet account.
The ``root`` account can be found on [Vaultwarden][vaultwarden].
If you are on Firefox you may need to refresh teh page if the ``No Valid Subscription`` popup fails to disappear after clicking ``ok``.
## Rebooting
### LCX's
For some LXC's (haven't tracked down teh root cause) their MAC address has issues when they reboot.
If you are trying to ssh into a LXC which has rebooted it can display ``No route to host``.
To fix:
1. [Login to Proxmox](#access)
2. Navigate to the LXC
3. Network tab, then double click on the network row.
* Clicking the row then the ``Edit`` button has teh same function.
4. Clear the MAC (so it reads ``auto``) then ``Save``
You will be able to ssh into that server now.
### Proxmox
[webgui]: https://193.1.99.73:8006/
[vpn]: ./admin_modify.md#vpn
[vaultwarden]: ./vaultwarden.md

178
src/procedures/server_new.md
View file

@ -1,178 +0,0 @@
# New Server (LXC)
This is the instruction guide for setting up a new LXC server.
Rough steps are as follows:
1. Plan the servers config
2. Login to Proxmox
3. Create Container using the base LXC image
4. Login to Server
5. Push new configuration
## Plan server Configuration
To allocate he correct resources there are a few questions that need to be asked and answered.
1. What will this server be **For**?
2. What will its **Name** be?
3. What will its **IP** be?
4. Fill the details into the tracking sheet.
### What is it **For**?
What a server is for dictates what hardware resources need to be allocated.
Is there one already existing that you can copy the configuration of?
Do you have prior experience with what will be hosted on it?
Is there documentation that you can use as a foundation?
When you know these, write it down and save for later.
### What is its **Name**?
In our cluster we have a very definite naming scheme for the servers we have.
There are two rules:
1. The login server (where folks have their home dirs and websites) is called Skynet.
* [This can be traced back to 2007][server_name_skynet]
* > By popular demand, the skynet name was retained for the login server
2. All other servers are also named after AI's
In the current cluster we tend to use groups of AI names for particular functions.
For example:
* Vigil/Vendetta were AI's in the Mass effect series, pointing Shepherd forward, so they are our DNS servers
* Glados/Wheatly from Portal, that game runs on the Source Engine, so they are our Source control servers
* Optimus/Bumblebee from Transformers, their origin is a line of toys, so fittingly our games servers.
* Neuromancer/Wintermute, from Neuromancer, each with multiple minds, thus became our backup (redundancy) servers.
If at all possible try to get the name to match its task.
Some past names and ideas for others can be found on [the nixos wiki][server_names]
### What is its **IP** address?
We have a ``/26`` allocation, so about 60 IP's we can make use of.
Like with the names above several servers are grouped together IP wise.
Check the [Server Inventory][server_inventory] to see what addresses are available.
### Tracking sheet
Now that ye have all the details about the build it is time to add them to the [Server Inventory][server_inventory].
Add a new one, incrementing the index, and fill in the rest of the information.
For the IP address if the last segment (ABC in this: 193.1.99.ABC) is less than 100 then add a leading ``0`` to it.
This is so that it can be easily sorted.
## Login to Proxmox
[Login to Proxmox](./proxmox.md#access)
## Create Container Using the Base LXC Image
The Proxmox documentation for LXC's is available [here][proxmox_lxc].
Top right there is a button [Create CT], that brings up a window.
Each section below is one of the tabs in the window.
### General
#### Hostname
This is the **Name** of the server, lowercase.
#### Unprivileged
Ensure this is ticked.
#### Nesting
Ensure this is ticked.
#### SSH Public Keys
Enter the ``root`` pub ssh key.
This is used to login to teh container later.
### Template
Select the container image, most likely ``nixos-system-x86_64-linux.tar.xz``.
### Disks
#### Storage
Most likely it is ``main_pool``, it should have a significant amount of storage available.
**DO NOT** use ``local-zfs``, this is on Proxmox's own drive and not suited for container data.
#### Disk Size
Self-explanatory, how much space you want to give teh container.
A minimum of 30Gb is suggested.
### CPU
One core minimum, larger servers will require up to 6 or so.
### Memory
Nixos will happily run on 512Mb if its load is not too intensive
### Network
#### Bridge
The main bridge we use is ``vmbr0`` which is for most servers as it connects to the normal Skynet DMZ.
We also have ``vmbr1`` which is for ``skynet.skynet.ie`` and connects to Skynet-EXT DMZ.
This is due to our users needing ssh access.
#### IPv4
##### IPv5/CIDR
This is the **IP** followed by ``/26``.
For example ``193.1.99.75/26``
##### Gateway
The main gateway we use is ``193.1.99.65``.
There is a secondary one for ``skynet.skynet.ie`` which is ``193.1.96.161``.
### DNS
You can either use ``use host settings`` or fill in ``193.1.99.120`` and ``193.1.99.109``.
### Confirm
Use this as a chance to review all the options.
There are a few gotcha's outlined above that ye do have to look over.
#### Start after created
Tick this box if you want it to boot up immediately after being installed.
## Login to Server
Now that the server is up and running it is time to login to it.
Assuming you have your SSH configured like (TODO: admin ssh config).
You just have to use ``ssh root@IP`` (for example ``ssh root@192.99.1.111``)
### Getting the server ssh key
We are logging in because we need to get the servers own ssh key.
You can find it in ``/etc/ssh``.
You have a choice between ``ssh_host_ed25519_key.pub`` and ``ssh_host_rsa_key.pub``.
``ssh_host_ed25519_key.pub`` is the recommended one.
### Using the server ssh key
This key is used to decrypt secrets stored in our Nixos repo and as such needs to be added there.
1. Add the key with the other system keys [here][nixos_secrets].
2. Add it to the systems array underneath that.
3. In the ``secrets`` folder run ``cd secrets && agenix -r`` to rekey the secrets.
* This is to give the new server access.
4. Commit all the changed files
## Push new configuration
### Create config
An example server config for nixos is [available here][nixos_template].
Copy it to a new file and name it ``name.nix``.
Fill in all relevant details (name/ip/name details/its purpose/...).
Finally add it to the bottom of the [``flake.nix``][nixos_flake].
Save and commit the files.
### Push Config
There are two ways to test out the config, manual and pipeline.
Each has pros and cons.
#### Manually
This requires your key to be added the the keys for the [root account][nixos_root] and your ``~/.ssh/config`` to be set up properly (TODO: SSH tutorial)
1. Build it with ``colmena build --on name``
2. If it builds ye can test deployment
3. Deploy it using ``colmena apply --on name``
#### Pipeline
Just push it to the repo and the pipeline will handle building and deployment.
The disadvantage of this is you cannot fix any mistakes before they are pushed.
[server_name_skynet]: https://2009.skynet.ie/history.html
[server_names]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/Possible_Server_Names.md
[server_inventory]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/ITD/Server_Inventory.csv
[proxmox_lxc]: https://pve.proxmox.com/wiki/Linux_Container
[nixos_secrets]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/secrets/secrets.nix#L35
[nixos_template]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/machines/_template.nix
[nixos_flake]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/flake.nix#L156
[nixos_root]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/machines/_base.nix#L75

84
src/procedures/server_update_nixos.md
View file

@ -1,84 +0,0 @@
# Updating Servers (NixOS)
A short guide on how to update NixOS servers.
This is required at least once a semester in order to keep the systems up to date.
These are some of the easiest servers we have to update.
This is how you update it locally, and then deploy.
## Update
Invoke the devshell for the NixOS repo locally on your computer (TODO: Setup nix and into to devshell).
This will give you all the tools you need to update the NixOS servers.
In that shell you can run these commands.
```shell
# this will update every input, sometimes that is not desired
nix flake update
# This will update a single input, nixpkgs which will update the OS's
nix flake update nixpkgs colmena
# Update multiple at once, these are the core tools and utilities
# Recommended command
nix flake update nixpkgs flake-utils agenix arion alejandra colmena
```
## Build
Now that the inputs have been updated it is time to build it locally to ensure no errors pop up.
For any errors that pop up you can use ``--key-result`` in order to explore the system output.
```shell
# This will build all the servers locally
colmena build
# Build a single one
colmena build --on glados
# Build a logical group of them
colmena build --on @active-dns
# Build all but keep the outputs in ``.gcroots``
# This is useful if you need to explore the config locally
colmena build --keep-result
```
## Deploy
It is now time to commit and deploy the updates.
### Manually
Most of the flags from the build step above apply for teh deploy step.
You dont need to have the files committed to do this, so it cna be useful for testing.
```shell
# This will build all the servers locally
colmena deploy
# Build a single one
colmena deploy --on glados
# Build a logical group of them
colmena deploy --on @active-dns
```
### Pipeline
To deploy via the pipeline simply commit and push to Forgejo.
The pipeline will build and deploy to almost all the servers.
Downside of this is slow iteration for testing, but it is useful if you are pretty sure of teh changes.
#### Git Server/Runner
The CI/CD pipelines we have run on Glados and Wheatly, as such the pipelines are not able to update these two servers on their own.
These need to be updated manually using any of these commands:
```shell
# This will deploy all the servers
colmena deploy
# Deploy a single one
colmena deploy --on glados wheatly
# Deploy a logical group of them
colmena deploy --on @active-git
```

16
src/procedures/server_update_proxmox.md
View file

@ -1,16 +0,0 @@
# Updating Servers (Proxmox)
A short guide on how to update servers running Proxmox VM Host
There is documentation for Proxmox available on teh [web][docs_web] and locally on teh server [itself][docs_inbuilt].
The inbuilt ones are preferred since they match teh version of Proxmox we are using.
In both there is a chapter called [``System Software Updates``][docs_inbuilt_update] which tells you how to update.
When there is a major version released there will be a new link on [this page][docs_wiki] in teh format of:
``Upgrade from $VersionCurrent to $VersionNext``
[docs_inbuilt]: https://193.1.99.73:8006/pve-docs/pve-admin-guide.html
[docs_inbuilt_update]: https://193.1.99.73:8006/pve-docs/pve-admin-guide.html#system_software_updates
[docs_web]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html
[docs_wiki]: https://pve.proxmox.com/wiki/Category:Upgrade

18
src/procedures/topdesk.md
View file

@ -1,18 +0,0 @@
# Topdesk Tickets
UL and ITD uses TopDesk to allow students to submit support tickets to ITD.
In our case we mostly use it to open and close ports.
ITD also uses it to contact us about any security issues.
Because we have to keep records, and because Skynet is not a student we cannot use TopDesk teh normal way.
1. Ensure that you have set up your email aliasing for ``skynet_topdesk[at symbol]skynet.ie``. (TODO: email aliasing)
2. Login to your Skynet email account and enable the ``skynet_topdesk[at symbol]skynet.ie`` profile.
3. Set ``[Skynet]`` to be the first part of the Subject, the remainder can be about teh contents of teh ticket.
4. Set the to address to be``ITD.ServiceDesk[at symbol]ul.ie``.
Check yer inbox often enough after that, they normally respond within 24hrs and may have some questions.
Sometimes they also use it in case their security software captures any issues.
Additionally if they attach any images/files to the ticket also request that they send it to ``skynet_topdesk[at symbol]skynet.ie``.
Because we cannot view the ticket on TopDesk these dont get loaded for us.

36
src/procedures/vaultwarden.md
View file

@ -1,36 +0,0 @@
# Vaultwarden
[Vaultwarden][vaultwarden_github] is rust based server implmentation of [Bitwarden][bitwarden_github].
One of the core reasons why we went with Vaultwarden over the original Bitwarden is that it gives us access to Org Mode.
This allows us to have an organisation with multiple members with access to passwords, as well as controlling their access.
Additionally we are using [Bitwarden Directory Connector][bitwarden-dc_github] to sync our ldap groups to vaultwarden.
This is how Admins and Committee can access the password manager.
it also removes folks access once they no longer meet the requirements (be committee or admin).
Vaultwarden is not available for regular Skynet users since we do not want teh responsibility of managing their passwords, since the cost of failing is so high (for us)
The instance is available at [``pw.skynet.ie``][pw].
## Adding Users
When a committee member gets [added](committee_modify.mddding) they will become of teh committee LDAP group.
When this group is synced with Vaultwarden then that member will get an email to their Skynet account to ``Join UL Computer Society``.
The member should then click on teh link in that email.
They will then have to choose a password to access the password manager, the password tied to their Skynet account does nto sync for security reasons.
The user will then need to be confirmed in the [organisation panel][pw_org].
Once that is complete they will have access to Computer Societies AND/OR Skynet's passwords, depending if they are committee or a Skynet admin.'
## Resending Invites
If the user does not accept the invite within a day or so the invite will expire.
In the [organisation panel][pw_org], to the far right of teh user there is a ``⋮``.
Selecting it will give an option to resend the invite.
[vaultwarden_github]: https://github.com/dani-garcia/vaultwarden
[bitwarden_github]: https://github.com/bitwarden/server
[bitwarden-dc_github]: https://github.com/bitwarden/directory-connector
[pw]: https://pw.skynet.ie/
[pw_org]: https://pw.skynet.ie/#/organizations/ca0eacc2-988f-4368-b85f-40061eefd453/members

243
src/skynet/nix.md
View file

@ -1,244 +1,3 @@
# Nix/NixOS
The [Skynet Cluster][nixos_skynet] is (for the most part) running on a Linux variant called NixOS.
This article aims to introduce you to Nix and Nixos in order to get you up to speed to administer the cluster.
## What it is
### Nix
#### Package Manager
The word Nix refers to two things: a language and a package manager.
These are deeply interlinked together with the language being how the package manager is able to do its job.
Nix grew out of a [PhD by Eelco Dolstra][nix_paper] wherein he proposes a slightly different way to manage dependencies on a system.
For most Linux systems programs make use of other software installed on the computer, for the most part this works fine.
Where issue may arise is if one program needs to update one of these dependencies, specifically a minor or major patch where backwards compatibility is not guaranteed.
If another program is using this (system-wide) dependency then it may run into interface issues when using it.
In a sense updating one program can break another on the system.
The route the Nix package manager takes is it treats each program as a function.
Using the Nix language a function for that package is created which states what inputs are required, what is needed to turn those inputs into the program as well as the name for the output.
The output is then saved in a read only location in the format of ``/nix/store/$hash-program-name-version``.
This output can either be used as the input of another program or be used as is by the system/user.
Using this format means that any change in the inputs or the program itself will result in a different output.
This means that multiple versions of the program (some even the same version but different commit) can co-exist on the one system.
An example using different versions of Firefox:
![img.png](nix/firefox_co-existing.png)
##### Example
An example of packaging an application can be found here:
[Sieve Editor GUI on Nixpkgs][nix_pkgs_sieve]
This is packaging up a GUI node.js application.
The application itself allows the user to edit sieve scripts.
Once you have [downloaded and installed](#how-we-use-it) Nix you will be able to install and run it like so:
```shell
nix-shell -p sieve-editor-gui
sieve-editor-gui .
```
#### Language
There are two partially difficult problems in computer science:
1. Off-by-one errors
2. Caching
3. Naming things
Nix falls into this last pitfall.
The programming language used by the Nix package manager is called Nix, not NixLang (as like Erlang) but rather the same name as primary tool that uses it.
For clarity for the remainder of this subsection we are only talking about Nix the language.
The Nix Package manager is sometimes known as CppNix for reasons we will get into later.
Nix is a lazily evaluated functional language which also has REPL (Read, Evaluate, Print, and Loop) capability like what you would see in Python.
As a whole it takes strong influences from OCaml and other ML derived languages.
##### Types
It has most of the normal types that you would expect of a programming language, along with a few extra to deal with the filesystem:
```nix
a = 1 # int
b = 1.001 # float
c = /path/to/thing # path
d = "42" # string
e = true # boolean
```
Of these the ``path`` type will be new to most people.
This can take either an absolute or relative path.
##### Functions
If you look at the section below it will seem that these are another type of assignment to a variable.
That is half right, these are akin to function pointers that you would see in C or C++.
Functions in Nix do not have types for either parameters or return.
This is due to it being lazily evaluated, like Python or Javascript.
As such the ``double`` function will accept any numeric value
```nix
double = x: x*2
mul = a: b: a*b
double 2
double 4.2
mul 7 6
```
##### Attribute Sets
In most languages the way to group data would be either an Object or a Struct.
Nix has a similar data structure:
```nix
s = { foo = "bar"; biz = "baz"; }
s.foo # bar
s.biz # baz
```
##### More data
This is a rough quickstart introduction to Nix.
For more detailed information I recommend these resources.
* [Official Guide][nix_guide_official]
* [Nix Pills][nix_guide_pills]
### Flakes
A Flake is one of the best ways of interacting with nix.
Despite it having some issues and still being marked as experimental it has become a de-facto standard.
This is also the format that we use in Skynet.
The [Official Wiki Page][nix_flake] will be more informative than what can be shoved into this article.
### Nixos
With the package manager we are able to create packages in a deterministic manner and store them in a way that does not suffer path conflicts.
Some (possibly crazy) folks saw this and decided to apply this to an entire operating system.
The advantages are clear, the required programs are added to the path for the current iteration of the system.
If any error arises the system can be rolled back to a previous config.
Configuration is done via ``*.nix`` files, which are then converted into the native config for the application in question.
For example [this file][nix_dns] turns a list of attributes.
```nix
{
record = "forgejo";
r_type = "CNAME";
value = "glados.skynet.ie";
}
```
Into a config usable by the BIND DNS server.
### Lix
Nix is an old enough project now, and as such has accumulated crust over the years.
This is a combination of technical and societal/governance.
On the technical side nix is built using c++ and a max of build systems that make it hard to expand it.
For a good long time the nix binary used in the package manager was locked at v2.18 due to issues.
It took most of a year for a higher version to be used on an official basis.
Regarding governance there has been several attempts to make it better for folks to contribute and to decouple everything from requiring Eelco to have an input.
Those attempts did not succeed.
The final straw for some of the more technical core contributors was Eelco's forming a company, hiding it from the community and trying to get military sponsorship.
This did not vibe well with folks.
Due to all of this many core maintainers forked Nix at 2.18 and started working to apply fixes for both code and organisational.
The result of their efforts is [Lix][nix_lix].
For a full explanation of its key features I would like to point you to the [Lix About page][nix_lix_about].
We use Lix instead of CppNix as the goals of Lix align with the viewpoints and ideologies that our members hold and what we want to represent as a (computer) society.
## Why we use it
Back in [January 2023 we got disconnected from the internet][skynet_disconnect].
For the purposes of this document the root cause is not of importance.
What *is* the mad Indian Jones ~~treasure~~ config hunt that it triggered.
![Brendan delving for configs][skynet_disconnect_reenactment]
Additionally, ITD require us to update our systems regularly (as they should be).
Technically this config delving is an ongoing effort, the old hard drives are occasionally connected up and raided.
As you would imagine this is not ideal, an exasperating factor was that many programs had changed both the location and format of their configuration over the decades that Skynet has been using them.
This is where the strengths of NixOS lie.
The config for the entire cluster is located in a singular location.
Using modules which work as a translation layer if the requirements for the programs change this don't impact us.
Not to mention we can fearlessly (and regularly) update our systems it is a match made is heaven.
Currently, the Skynet cluster comprises 15 servers which have NixOS on them.
A combination of LXC's (Linux Containers) and physical bare metal servers.
Since these systems share a base config (with their individual applications layered on top) we are able to efficiently build them, building a package for one will also build it for other servers.
Combine that with the ability to deploy them via our own self-hosted CI/CD we have a strong foundation to work off of.
## How we use it
Nix cannot run on Windows, though it cna be installed into WSL.
Please refer to the below downloads to get a base system up and running
* [Git][git_git]
* As we are using a git repo this is a hard requirement.
* [Git LFS][git_lfs]
* For storing non text files such as images.
* [Nix][nix_install]
* Cant really use nix without thi installed.
### Dev Shell
After cloning the repo use ``nix develop`` to set up a terminal shell with the environment for working with Skynet NixOS.
It (currently) adds [Colmena][dev_colmena], [Agenix][dev_agenix] and [Attic][dev_attic].
Another example of a dev shell can be [our discord bot][dev_discord-bot].
This one sets up a rust environment.
Of course, you can also look at the dev shell for this [wiki][dev_wiki].
For the wiki we need to ensure that the dependencies for building it are present for all users so they don't have to figure out how to manually install them.
### Colmena
[Colmena][dev_colmena] is our build and deployment tool.
Building is pretty easy, just run ``colmena build``.
Downside of that command is it will try to build everything all at once which is a *lot*.
A more practical approach is to build a single server or a group of servers.
```shell
# build the Skynet server, names can be found in the flake.nix
colmena build --on skynet
# build a group of servers, in this case any one with the tag of active-core
colmena build --on @active-core
```
To be able to deploy to Skynet two things are required:
* Be on the UL network
* This can also be accomplished by being on the VPN.
* Have an ssh key configured that can access the servers
* TLDR be an admin.
### Agenix
[Agenix][dev_agenix] is our secrets manager.
To be able to use this tool your pub ssh key must be in ``secrets/secrets.nix``.
As you would expect this is an admin only tool.
This file also defines the names and permissions for each secret.
```shell
# have to be in the secrets folder for all these commands.
cd secrets
# edit the secret
agenix -e path/to/secret.age
# re-key all secrets, this is done when a new key is added or removed.
agenix -r
```
### Attic
[Attic][dev_attic] is the tool that we use for our nix cache (hosted at <vhttps://nix-cache.skynet.ie/>).
It is not often used by the developer/admin and its own [documentation][dev_attic_docs] covers it best.
[nixos_skynet]: https://forgejo.skynet.ie/Skynet/nixos
[nix_paper]: https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf
[nix_guide_official]: https://nix.dev/tutorials/first-steps/
[nix_guide_pills]: https://nixos.org/guides/nix-pills/#
[nix_pkgs_sieve]: https://github.com/NixOS/nixpkgs/blob/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c/pkgs/by-name/si/sieve-editor-gui/package.nix
[nix_flake]: https://wiki.nixos.org/wiki/Flakes
[nix_dns]: https://forgejo.skynet.ie/Skynet/nixos/src/branch/main/applications/dns/dns.nix
[nix_lix]: https://lix.systems/
[nix_lix_about]: https://lix.systems/about/
[skynet_disconnect]: https://public.skynet.ie/postmortem/2023-01-12_Loss-of-network-access.html
[skynet_disconnect_reenactment]: https://forgejo.skynet.ie/Computer_Society/presentations_compsoc/media/branch/main/src/slides/skynet/0_intro_img1.png
[git_git]: https://git-scm.com/downloads
[git_lfs]: https://git-lfs.com/
[nix_install]: https://nixos.org/download/
[dev_colmena]: https://colmena.cli.rs/unstable/
[dev_agenix]: https://github.com/ryantm/agenix
[dev_attic]: https://github.com/zhaofengli/attic
[dev_attic_docs]: https://docs.attic.rs/introduction.html
[dev_discord-bot]: https://forgejo.skynet.ie/Skynet/discord-bot/src/commit/80c9191eeec29ba20ef4084713eca7fe0cab7412/flake.nix#L65
[dev_wiki]: https://forgejo.skynet.ie/Skynet/wiki/src/commit/ab0add44756d4992fc2b2da4eba163016ccb3d1c/flake.nix#L35
{add warnign that git and git-lfs should also need to be in teh path}

BIN
src/skynet/nix/firefox_co-existing.png (Stored with Git LFS)
View file

Binary file not shown.

40
src/skynet/services/email.md
View file

@ -23,49 +23,11 @@ This work is being done with Rust.
Use your Skynet ``username@skynet.ie`` and ``password`` to login.
### IMAP / SMTP settings
Use your full Skynet email ``username@skynet.ie`` and ``password``.
#### SMTP
Server: ``mail.skynet.ie``
Port: ``993``
Authentication Method: ``Normal Password``
Connection Security: ``SSL/TLS``
#### IMAP
Server: ``mail.skynet.ie``
Port: ``465``
Authentication Method: ``Normal Password``
Connection Security: ``SSL/TLS``
## Sieve Scripts
Sieve scripts allow you to sort and manage yer email in a programmatic way.
Recommended tool: <https://github.com/thsmi/sieve>
* Download and open the tool.
* Enter settings for skynet.
- Hostname: ``mail.skynet.ie``
- Port: ``4190``
- Username: ``username@skynet.ie``
* Hit Create.
* Hit Connect and enter your ``password``.
### ``.forwards`` replacement
Since we no longer support ``.forwards`` this is the sieve script counterpart.
It copies all incoming mail to the target address.
* Continuing from above
* Hit Create new script, enter a name and press edit.
* Enter code below. (You may also use the gui drag and drop builder to create the script)
```sieve
require "copy";
redirect :copy "sending_mail_to@example.ie";
```
* Save the script.
* Go back to the home tab and press activate on your newly created script. This will enable the forwarding
Small tutorial will follow later.
### Committee/Admins
There is an inbuilt sieve script that passes mail from committee/admin addresses into a folder in their Skynet inbox.

2
src/skynet/services/forgejo.md
View file

@ -3,7 +3,7 @@
Forgejo is an online git repo host.
Like [Gitlab](./gitlab.md) it is self hostable meaning that Skynet has its own instance of it.
Structure wise it has more in common with Github with the flatter ``owner/repo`` structure as well as being compatible with Github Actions
Structure wise it has more in common with Github with teh flatter ``owner/repo`` structure as well as being compatible with Github Actions
Honestly I (@silver) just love the slogan of Forgejo:
> Beyond coding. We Forge.

76
src/skynet/services/skynet.md
View file

@ -1,6 +1,6 @@
# Skynet
We provide a linux webserver for member use.
We provide a linux webserver webserver for member use.
It could be considered akin to the [Tildeverse](https://tildeverse.org/), named as such for the way each member's site was displayed (``https://skynet.ie/~username``).
Now that will redirect to ``https://username.users.skynet.ie`` we home to have preserved the same vibe.
@ -11,8 +11,64 @@ You can find more of the history here: <https://2009.skynet.ie/history.html>
## Login
Login is done via ssh and ssh keys.
## SSH Keys
[See the tutorial on SSH keys for more info](../../tutorials/skynet/create_ssh.md)
### Create SSH key
First we set up the ssh folder and create a skynet folder within it for neatness
```bash
mkdir -f -p ~/.ssh/skynet
cd ~/.ssh/skynet
```
Now we will create the ssh key itself.
Location: ``username``, your skynet username.
Password: Press Enter twice for no password on the key.
```bash
ssh-keygen -t ed25519 -C "<comment>"
```
It will create two files: ``username`` and ``username.pub``
### SSH Key
Head over to [adding ssh keys](./account.md#ssh-keys) to find information on adding ssh keys to your skynet account.
it is the ``username.pub`` that you will be adding to your account.
To get the contents of the file do this.
```bash
cat username.pub
```
### SSH Config
Back up to the ``.ssh`` folder.
```bash
cd ../
```
Now we have to create the config file.
Notice how it has no extension.
#### Windows
```powershell
"" > config
```
Open it up in any text editor available to you.
#### Linux
```bash
touch config
```
You can edit it from command line using nano
```bash
nano config
```
Or open up in a text editor.
--------------------------------------
Windows and Linux pop this into the file and save it
```
Host *.skynet.ie
User %r
IdentityFile ~/.ssh/skynet/%r
IdentitiesOnly yes
```
### Logging in
In any terminal do this:
@ -23,4 +79,16 @@ ssh username@skynet.skynet.ie
And you will be in!
## Website
[See the tutorial on the website for more info](../../tutorials/skynet/create_website.md)
In your home folder follow these commands to create the folder that can be used to host a website
```bash
mkdir ~/public_html
chmod 711 ~
chmod -R 755 ~/public_html
cd ~/public_html
```
See below for an easy way to upload files to this folder.
## More info
There is a slideshow that might be of use to you: <https://public.skynet.ie/slides/skynet/1_setup.html>

2
src/support/renew.md
View file

@ -53,7 +53,7 @@ If you are paying online you can only pay for one year's membership.
Note it will say it will expire in one year but upon transfer of the money to our account it will be accepted as a 5 year membership.
![PAY BY CASH][6]
10. Transfer &euro;40 to our bank account:
* BIC: ``BOFIIE2DXXX``
* BIC: ``BOFIIE2D``
* IBAN: ``IE31BOFI90595047627767``
Please put your name in the reference.
If you are having trouble with this or want to arrange another payment method, get in touch.

24
src/tutorials/git/token.md
View file

@ -1,24 +0,0 @@
# Personal Access Tokens
## Assumptions
* [Git installed](https://git-scm.com/downloads)
* [Skynet / Forgejo account](https://forgejo.skynet.ie/user/login)
### Why
The usual way of authentication when working with remote git repositories
is SSH, unfortunately we aren't able to do that with our git server. You could use username and password
however that is less secure and inconvenient, personal access tokens on the other hand are a more convenient and secure alternative.
Personal access tokens make it so you don't have to use username / password
to authenticate, you can authenticate **once** when **cloning** and that's it.
### How
Go to [this page and click generate token](https://forgejo.skynet.ie/user/settings/applications)
Give it a name and select read and write for repository permissions
Copy it once its generated
**Note : Do not share your access token with anyone, if its compromised delete it, this can be done easily
[here](https://forgejo.skynet.ie/user/settings/applications) and prevents it from being used.**
When cloning a repository, use the token like so..
```git clone https://<token>@forgejo.skynet.ie/<repo>```
You now should be able to push to the repository without being prompted for username / password.

39
src/tutorials/skynet/create_account.md
View file

@ -1,39 +0,0 @@
# Create Skynet Account
## New Members
1. Be a fully paid up member of UL Computer Society.
* [Signup at UL Wolves][wolves].
2. Go to [our Skynet signup page][signup].
3. Enter the same email used for UL Wolves.
* This is the ``Preferred Contact Email`` on your [profile page][profile].
4. You will get an email to verify your address, follow the link in the email.
* You may need to check the spam folder.
* It may also take up to 15 min to be delivered.
5. Choose a ``username`` and ``password``.
Congrats! You are in!
_heist music_
## Returning Members
1. Please go to [the profile modification page][modify].
2. Enter the same email used for UL Wolves.
* This is the ``Preferred Contact Email`` on your [profile page][profile].
### If you have forgotten your ``username``.
Use [recover username][recover_username].
### If you have forgotten your ``password``.
Use [reset password][recover_password].
### If the above doesn't work
Contact the nearest Skynet person, either in person or at ``contact[at]skynet.ie``.
[wolves]: https://ulwolves.ie/society/computer
[signup]: https://account.skynet.ie/signup
[profile]: https://ulwolves.ie/memberships/profile
[modify]: https://account.skynet.ie/modify
[recover_username]: https://account.skynet.ie/recover/username
[recover_password]: https://account.skynet.ie/recover/password

100
src/tutorials/skynet/create_ssh.md
View file

@ -1,100 +0,0 @@
# Setup SSH Keys
To be able to gain remote access to the Skynet.
``$USERNAME`` Refers to your Skynet username, for example I would replace ``$USERNAME`` with ``silver``
## Windows
If you are using Windows then you should use PowerShell, not ``cmd``.
## Prep
First we set up the ssh folder and create a skynet folder within it for neatness
```bash
mkdir -f -p ~/.ssh/skynet
cd ~/.ssh/skynet
```
## Create Key
Now we will create the ssh key itself.
```bash
ssh-keygen -t ed25519 -C "<comment>"
```
* ``<comment>``: this is a comment to yerself about what the key is for
* I often use ``username@host``, ``silver@skynet``.
* Location: ``./$USERNAME``, your skynet username.
* ``./silver`` for example.
* **Password: Press Enter twice for no password on the key.**
If you are creating this key for a CI/CD pipeline (``user_deploy*``) then adding a password will cause it to fail.
It will create two files: ``$USERNAME`` and ``$USERNAME.pub`` inside ``~/.ssh/skynet``
### Linux Only
Openssh will complain if the keys permissions are too permissive.
To fix this use
```bash
chmod 600 $USERNAME
# or
chmod 600 ~/.ssh/skynet/$USERNAME
```
## Create Config
Above we created a folder for Skynet keys.
Ye can do the same with Gitlab/Github/... in the future.
The only downside is that we now have to tell ssh what key to use in what situation.
Back up to the ``.ssh`` folder.
```bash
cd ../
# or
cd ~/.ssh
```
Now we have to create the config file.
Notice how it has no extension.
### Windows
```powershell
"" > config
```
Open it up in any text editor available to you.
### Linux
```bash
touch config
```
You can edit it from command line using nano
```bash
nano config
```
Or open up in a text editor.
### Windows/Linux
This is what we want to have in the file.
```
Host *.skynet.ie
User $USERNAME
IdentityFile ~/.ssh/skynet/$USERNAME
IdentitiesOnly yes
```
## Add key to account
Go to [the modify SSH page](https://account.skynet.ie/modify_ssh) and paste in the contents of ``$USERNAME.pub``.
You will now be able to SSH into Skynet like so:
```bash
ssh $USERNAME@skynet.skynet.ie
```

77
src/tutorials/skynet/create_website.md
View file

@ -1,77 +0,0 @@
# Create your own website on Skynet
One of the services that Skynet provides is access to a Linux server which also has a webserver.
Additionally each member gets their own domain:
* ``$USERNAME.users.skynet.ie``
* This is the core web address
* <https://silver.users.skynet.ie>
* ``skynet.ie/~$USERNAME``
* This is backwards compatible to help avoid link rot
* Redirects to the core address above
* <https://skynet.ie/~silver>
## Website
There are two ways to create a website on Skynet, Modern and Manual.
Modern is using Source Control (git), pipelines (CI/CD) and pinch of magic.
Manual gets you hands on with the process.
### Skynet Account requirement
No matter if you choose Modern or Manual you will need a Skynet account.
Instructions to do so can be found [on the Create Skynet Account page](./create_account.md).
### Modern
Modern involves using source control to version your site.
This is then leveraged to automatically deploy to your Skynet account/website.
The core repo for this is [here][deploy_user], it contains all the required info to get it working.
If this does not suit your needs you can take a look at the [forks which cover different tools][deploy_user_forks].
[deploy_user]: https://forgejo.skynet.ie/Skynet/deploy_user
[deploy_user_forks]: https://forgejo.skynet.ie/Skynet/deploy_user/forks
### Manual
#### Login
Once ye have [logged in](./create_ssh.md) you will be able to create a website on Skynet.
#### Create Files
In your home folder follow these commands to create the folder that can be used to host a website
```bash
mkdir ~/public_html
chmod 711 ~
chmod -R 755 ~/public_html
cd ~/public_html
```
In this directory you can create all the relevant files using ``nano`` or ``vim``.
```bash
# create/edit index.html usign nano
# this opens up a termial based text editor.
nano index.html
```
To exit ``nano`` you need to use ``[ctrl]+[x]`` keys.
#### Transfer files
If you already have the files locally you can copy them over using ``scp``, although it is recommended to do it graphically.
To transfer files graphically you can use these programs:
* [WinSCP][download_winscp]
* Windows
* [FileZilla][download_filezilla]
* Windows
* Mac
* Linux
[download_winscp]: https://winscp.net
[download_filezilla]: https://filezilla-project.org/download.php?type=client
Anything put there will be accessible under ``https://$USERNAME.users.skynet.ie``.
## More info
There is a slideshow that might be of use to you: <https://public.skynet.ie/slides/skynet/1_setup.html>

30
src/tutorials/skynet/verify_discord.md
View file

@ -1,30 +0,0 @@
# Verify Membership on Discord
In order to get the ``Member`` role on [Discord][0] you have to link your Wolves account.
This is only done once and works for any server that the Skynet Bot is on.
This process ensures that personal information does not get exposed.
## Commands
### Linking
In any channel use ``/link_wolves`` and enter the email you use for Wolves.
This is the ``Peferred Contact Email`` on the [profile][1] page.
An email will be sent to this address in order to prove that it is yours.
You may need to check the Spam folder.
![Linking.png](verify_discord/linking.png)
### Verify
Once you have gotten the email you will now submit the verification code.
It is in the form of ``/verify code: ABCDEFG`` and is tied to your account.
Enter this in Discord and you will be verified.
## Troubleshooting
[0]: https://discord.skynet.ie
[1]: https://ulwolves.ie/memberships/profile

BIN
src/tutorials/skynet/verify_discord/linking.png (Stored with Git LFS)
View file

Binary file not shown.