Infrastructure¶
Research for which internal tools to use should be made as RFC/decision style document
password manager (bitwarden)
communication (matrix, element, zulip)
file sharing (tresorit, syncthing?)
bug tracking (linear)
source code hosting (github)
CI (?)
sysadmin/devops (pyinfra) (see also network topologies (tailscale etc.) in hacking.org > netsec)
Tip
investigate Radicle for source code hosting and bug-tracking
Security¶
Security needs to be enforced all the time, we want to have proper access to resources.
Best practices should be defined and followed, no exceptions because it’s more “convenient”.
Infrastructure maintenance¶
Upgrade of critical infrastructure should be done in a meeting with everyone watching.
This shares information about what is done, how it is done, and ensures no one is working during that time.
We should also redeploy most of our servers regularly to make sure the install/backup scripts include everything -> even better, we should ensure that we are always able to redeploy the entire infrastructure by just having access to the servers
repo.
Infrastructure as code¶
in general, we want to store and work only on install scripts (a la ansible or pyinfra) instead of artifacts (docker, etc.). Even though it seems like containers/artifacts give us reproducibility, it introduces a lot of complexity in managing how artifacts are stored, how much they weigh, etc. Having only install scripts keeps only the high-level logic of the infrastructure and is much more nimble.
see also: Why not Docker for SourceHut?
another important aspect is that we need to ensure the idempotence of each operation in the scripts, this allows to rapidly fix a broken deployment step-by-step by fixing on the go the operations that are failing and relaunching the entire deploy repeatedly