Date: prev next · Thread: first prev next last
2023 Archives by date, by thread · List index

1. guilhem
2. emiliano
3. cloph

* Emiliano: might have to revise access policy (shell, access) in the future
  + guilhem: shell access is orchestrated by salt, revoking existing and/or
    granted new access can be done trivially
    - it's been done before (composition of the infra team changes over time)
      and revisiting access is still done on a bi-yearly basis (assuming good
      faith we don't rekey or reinstall boxes upon revocation though)
  + for privileged access to the various service frontends (nextcloud, redmine,
    discourse, civicrm, SSO) we can simply create more fine-grained groups or
    subgroups if desired
  + guilhem: can send a list of privileged groups and their respective members
    to board
  + for some services (nextcloud, [matrix], mail) one could also also use
    client-side encryption to avoid storing plaintext data
    - there is a trade-off there though, the infra team can't help in case of
      issues, and it probably won't work well for less technically inclined
* guilhem: wanted to migrate and split vm142
  + updated via jenkins job, can be split to a separate
    box (make sure to update pined ssh keys on jenkins)
  + meetbot, external, sdremote: can go
  + centos_builddeps: can be archives
  + symstore: updated by cloph and xisco, accessed to by (relatively) many.
    large amount of files and large amount of space, can live on a storage box
    (directly written to, accessed via reverse proxy + local cache)
    IZBot can move to a separate box
* CI: cloph: noticed that hetzner started offering ARM boxes
  + need to have a look, would be nice to replace the x-compiled setup which
    can't run `make check`
  + can also be used for some webservices (cheaper and less energy consumption,
    for most of our VMs we use the higher tier but the bottleneck is not always
    CPU or RAM)
* Next call: Tue, 16 May at 18:30 CEST


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.