open-goverance/Committee/_Handovers/2024/Senior_System_Administrator.md

109 lines
4.6 KiB
Markdown
Raw Normal View History

## Senior System Administrator
The purpose of this document is to assist the incoming Senior System Administrator for the upcoming year 2024/25.
### Duties
- Oversee the Skynet computer cluster.
- Maintaining existing hardware.
- Sourcing new hardware.
- Improving the software.
- Promote the cluster's use
- Oversee development of Skynet.
- Oversee the Root team.
- Oversee training for junior members of the Root team.
- Oversee communications with ITD.
- Help develop server related skills in the general membership.
- Manages:
* Linux Webhost for members
* LDAP
* DNS
* [Gitlab][0]
* [Nextcloud][1] (Selfhosted Google)
* [VaultWarden][2] (password manager)
### Guide
#### Baseline
1. Dont be a dick.
2. You are a society committee member, so you have a basic responsibility to look after society members and other committee members and make sure events are a fun and safe environment.
3. The core goal of the Skynet cluster is to provide services for the society.
* These are the more visible services like the linux host/gitlab/nextcloud/....
* It also includes training for anyone who wants to get more hands on, both administration/hardware.
* Its not your fiefdom, everything must improve it for others, even if it takes you out of your comfort zone.
#### Onboarding
##### New Committee
1. Ensure that each committee member has a skynet account
* If they dont then assist them through the process.
2. Add their chosen usernames to the [nixos][3] under ``committee``
3. Add them to the [Gitlab][4], prune non committee
* Gitlab does have enterprise option to automagically do this, we dont have that yet
4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2]
* Separate but linked account is security feature, unavoidable.
* They will gain access to the ``Compsoc`` collection of passwords.
5. They will automatically gain access to the ``Compsoc`` folder on [nextcloud][1]
##### Root team - Trainee
1. Ensure that each root member has a skynet account
* If they dont then assist them through the process.
2. Add their chosen usernames to the [nixos][3] under ``trainee``
3. They will automatically gain access to the ``Skynet`` folder on [nextcloud][1]
4. Provide training
##### Root team - Admin
1. They will already have a skynet account.
2. Add their chosen usernames to the [nixos][3] under ``admin``
3. They will automatically gain access to the ``Skynet_Admin`` folder on [nextcloud][1]
4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2]
* Separate but linked account is security feature, unavoidable.
* They will gain access to the ``Skynet`` collection of passwords.
5. Contact ITD to get them added to the VPN.
6. Provide training
##### Sr Sysadmin
Need to figure out this process.
My FYP next year will be primarily about this aspect.
#### Annual Events
##### Sign up Fair
{link to event guide/write up}
##### Renew Domains
We have two domains, both with Blacknight.
``skynet.ie`` is sponsored to us.
``ulcompsoc.ie`` we have to pay for, renew for two years but check yearly.
##### Inform ITD that servers are up-to-date and patched
Part of the agreement with ITD is to show them every semester that the server are patched and up to date.
#### Regular Events
##### Email
I generally check all the email accounts for new mail once a day or so.
There is a good chunk of spam but we do get a fair few mails from alumni trying to reactivate accounts.
##### Reactivate old accounts
Alumni regularly get in contact to re-activate their skynet accounts.
Be polite and respectful when dealing with them.
Much of this process is covered by [renew][5] and [recovery][6] however more documentation needs to be added on how to verify users.
### Summary
This has been mostly a managerial role, involving organisation and mentorship.
The role looks really good on a CV/LinkedIn.
The roles that Skynet has played over the years has changed dramatically (as outlined in the [old history][7]).
One of the main draws for it was the email and cloud storage.
At one point it employed 5 admins, each in charge of their own servers.
Now in this era of DevOps each admin can do so much more while also requiring more diverse knowledge.
This change is exciting, stressful and rewarding.
Brendan Golden.
[0]: https://gitlab.skynet.ie
[1]: https://nextcloud.skynet.ie
[2]: https://pw.skynet.ie
[3]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/blob/main/config/users.nix?ref_type=heads#L47
[4]: https://gitlab.skynet.ie/groups/compsoc1/compsoc/-/group_members
[5]: https://renew.skynet.ie/
[6]: https://renew.skynet.ie/recovery/
[7]: https://2016.skynet.ie/history.html