summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2021-09-04 21:50:06 +0200
committerJan Dittberner <jandd@cacert.org>2021-09-04 21:50:06 +0200
commit071c91781b626e924ad37840046e5dfe1c9ac59f (patch)
treec968103f4061c268953cf175817ad9b4603e9ee6 /docs
parentef5853abbbeb42d2847dc4577c8aa889b4783968 (diff)
downloadcacert-infradocs-071c91781b626e924ad37840046e5dfe1c9ac59f.tar.gz
cacert-infradocs-071c91781b626e924ad37840046e5dfe1c9ac59f.tar.xz
cacert-infradocs-071c91781b626e924ad37840046e5dfe1c9ac59f.zip
Update documentation
- update dependencies for Sphinx 4 - fix warnings in todo directives - add documentation for ingress03 and nextcloud containers on infra03 - add infra03 and critical ip address ranges - sort people list
Diffstat (limited to 'docs')
-rw-r--r--docs/Pipfile.lock314
-rw-r--r--docs/iplist.rst9
-rw-r--r--docs/people.rst93
-rw-r--r--docs/systems.rst4
-rw-r--r--docs/systems/blog.rst5
-rw-r--r--docs/systems/bugs.rst4
-rw-r--r--docs/systems/community.rst2
-rw-r--r--docs/systems/email.rst2
-rw-r--r--docs/systems/emailout.rst4
-rw-r--r--docs/systems/infra03.rst116
-rw-r--r--docs/systems/ingress03.rst229
-rw-r--r--docs/systems/ircserver.rst2
-rw-r--r--docs/systems/jenkins.rst2
-rw-r--r--docs/systems/lists.rst11
-rw-r--r--docs/systems/monitor.rst2
-rw-r--r--docs/systems/nextcloud.rst255
-rw-r--r--docs/systems/proxyin.rst11
-rw-r--r--docs/systems/proxyout.rst6
-rw-r--r--docs/systems/svn.rst2
-rw-r--r--docs/systems/test2.rst4
-rw-r--r--docs/systems/test3.rst4
-rw-r--r--docs/systems/testmgr.rst2
-rw-r--r--docs/systems/translations.rst6
-rw-r--r--docs/systems/wiki.rst4
24 files changed, 781 insertions, 312 deletions
diff --git a/docs/Pipfile.lock b/docs/Pipfile.lock
index cf64271..22a60f7 100644
--- a/docs/Pipfile.lock
+++ b/docs/Pipfile.lock
@@ -23,11 +23,11 @@
},
"babel": {
"hashes": [
- "sha256:9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5",
- "sha256:da031ab54472314f210b0adcff1588ee5d1d1d0ba4dbd07b94dba82bde791e05"
+ "sha256:ab49e12b91d937cd11f0b67cb259a57ab4ad2b59ac7a3b41d6c06c0ac5b0def9",
+ "sha256:bc0c176f9f6a994582230df350aa6e05ba2ebe4b3ac317eab29d9be5d2768da0"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==2.9.0"
+ "version": "==2.9.1"
},
"blockdiag": {
"hashes": [
@@ -39,18 +39,18 @@
},
"certifi": {
"hashes": [
- "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c",
- "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830"
+ "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee",
+ "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8"
],
- "version": "==2020.12.5"
+ "version": "==2021.5.30"
},
- "chardet": {
+ "charset-normalizer": {
"hashes": [
- "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa",
- "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5"
+ "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b",
+ "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
- "version": "==4.0.0"
+ "markers": "python_version >= '3'",
+ "version": "==2.0.4"
},
"dateutils": {
"hashes": [
@@ -62,11 +62,11 @@
},
"docutils": {
"hashes": [
- "sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af",
- "sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc"
+ "sha256:686577d2e4c32380bb50cbb22f575ed742d58168cee37e99117a854bcd88f125",
+ "sha256:cf316c8370a737a022b72b56874f6602acf974a37a9fba42ec2876387549fc61"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
- "version": "==0.16"
+ "version": "==0.17.1"
},
"funcparserlib": {
"hashes": [
@@ -84,19 +84,19 @@
},
"gitpython": {
"hashes": [
- "sha256:3283ae2fba31c913d857e12e5ba5f9a7772bbc064ae2bb09efafa71b0dd4939b",
- "sha256:be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61"
+ "sha256:b838a895977b45ab6f0cc926a9045c8d1c44e2b653c1fcc39fe91f42c6e8f05b",
+ "sha256:fce760879cd2aebd2991b3542876dc5c4a909b30c9d69dfc488e504a8db37ee8"
],
"index": "pypi",
- "version": "==3.1.14"
+ "version": "==3.1.18"
},
"idna": {
"hashes": [
- "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6",
- "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"
+ "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a",
+ "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==2.10"
+ "markers": "python_version >= '3'",
+ "version": "==3.2"
},
"imagesize": {
"hashes": [
@@ -114,11 +114,11 @@
},
"jandd.sphinxext.ip": {
"hashes": [
- "sha256:ac605326d22c99d15b26595cdc2fa5ccce4e34570a8cedf40096995d8154a3b3",
- "sha256:f2de5da632a21264f394f04103f7f84d4ff539274518828601394bd75377b200"
+ "sha256:7d176d39c13a32a15c8d24c2639811cf3693572804c19723bbe6d064090c126c",
+ "sha256:bee56bbea6cb0329cce60e03129aa04f43979b4fa19621f62b5ac2f995051eb2"
],
"index": "pypi",
- "version": "==0.4.0"
+ "version": "==0.5.1"
},
"jandd.sphinxext.mac": {
"hashes": [
@@ -130,69 +130,71 @@
},
"jinja2": {
"hashes": [
- "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419",
- "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"
+ "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4",
+ "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
- "version": "==2.11.3"
+ "markers": "python_version >= '3.6'",
+ "version": "==3.0.1"
},
"markupsafe": {
"hashes": [
- "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
- "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
- "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
- "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
- "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42",
- "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f",
- "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39",
- "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
- "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
- "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014",
- "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f",
- "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
- "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
- "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
- "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
- "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b",
- "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
- "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15",
- "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
- "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85",
- "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1",
- "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
- "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
- "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
- "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850",
- "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0",
- "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
- "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
- "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb",
- "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
- "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
- "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
- "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1",
- "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2",
- "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
- "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
- "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
- "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7",
- "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
- "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8",
- "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
- "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193",
- "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
- "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b",
- "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
- "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2",
- "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5",
- "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c",
- "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032",
- "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7",
- "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be",
- "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621"
+ "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298",
+ "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64",
+ "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b",
+ "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567",
+ "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff",
+ "sha256:0d4b31cc67ab36e3392bbf3862cfbadac3db12bdd8b02a2731f509ed5b829724",
+ "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74",
+ "sha256:168cd0a3642de83558a5153c8bd34f175a9a6e7f6dc6384b9655d2697312a646",
+ "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35",
+ "sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6",
+ "sha256:2a7d351cbd8cfeb19ca00de495e224dea7e7d919659c2841bbb7f420ad03e2d6",
+ "sha256:2d7d807855b419fc2ed3e631034685db6079889a1f01d5d9dac950f764da3dad",
+ "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26",
+ "sha256:36bc903cbb393720fad60fc28c10de6acf10dc6cc883f3e24ee4012371399a38",
+ "sha256:37205cac2a79194e3750b0af2a5720d95f786a55ce7df90c3af697bfa100eaac",
+ "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7",
+ "sha256:3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6",
+ "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75",
+ "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f",
+ "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135",
+ "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8",
+ "sha256:5855f8438a7d1d458206a2466bf82b0f104a3724bf96a1c781ab731e4201731a",
+ "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a",
+ "sha256:5bb28c636d87e840583ee3adeb78172efc47c8b26127267f54a9c0ec251d41a9",
+ "sha256:60bf42e36abfaf9aff1f50f52644b336d4f0a3fd6d8a60ca0d054ac9f713a864",
+ "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914",
+ "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18",
+ "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8",
+ "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2",
+ "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d",
+ "sha256:6fcf051089389abe060c9cd7caa212c707e58153afa2c649f00346ce6d260f1b",
+ "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b",
+ "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f",
+ "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb",
+ "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833",
+ "sha256:99df47edb6bda1249d3e80fdabb1dab8c08ef3975f69aed437cb69d0a5de1e28",
+ "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415",
+ "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902",
+ "sha256:add36cb2dbb8b736611303cd3bfcee00afd96471b09cda130da3581cbdc56a6d",
+ "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9",
+ "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d",
+ "sha256:baa1a4e8f868845af802979fcdbf0bb11f94f1cb7ced4c4b8a351bb60d108145",
+ "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066",
+ "sha256:bf5d821ffabf0ef3533c39c518f3357b171a1651c1ff6827325e4489b0e46c3c",
+ "sha256:c47adbc92fc1bb2b3274c4b3a43ae0e4573d9fbff4f54cd484555edbf030baf1",
+ "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f",
+ "sha256:d8446c54dc28c01e5a2dbac5a25f071f6653e6e40f3a8818e8b45d790fe6ef53",
+ "sha256:e0f138900af21926a02425cf736db95be9f4af72ba1bb21453432a07f6082134",
+ "sha256:e9936f0b261d4df76ad22f8fee3ae83b60d7c3e871292cd42f40b81b70afae85",
+ "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5",
+ "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94",
+ "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509",
+ "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51",
+ "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==1.1.1"
+ "markers": "python_version >= '3.6'",
+ "version": "==2.0.1"
},
"nwdiag": {
"hashes": [
@@ -203,58 +205,78 @@
},
"packaging": {
"hashes": [
- "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5",
- "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"
+ "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7",
+ "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==20.9"
+ "markers": "python_version >= '3.6'",
+ "version": "==21.0"
},
"pillow": {
"hashes": [
- "sha256:15306d71a1e96d7e271fd2a0737038b5a92ca2978d2e38b6ced7966583e3d5af",
- "sha256:1940fc4d361f9cc7e558d6f56ff38d7351b53052fd7911f4b60cd7bc091ea3b1",
- "sha256:1f93f2fe211f1ef75e6f589327f4d4f8545d5c8e826231b042b483d8383e8a7c",
- "sha256:30d33a1a6400132e6f521640dd3f64578ac9bfb79a619416d7e8802b4ce1dd55",
- "sha256:328240f7dddf77783e72d5ed79899a6b48bc6681f8d1f6001f55933cb4905060",
- "sha256:46c2bcf8e1e75d154e78417b3e3c64e96def738c2a25435e74909e127a8cba5e",
- "sha256:5762ebb4436f46b566fc6351d67a9b5386b5e5de4e58fdaa18a1c83e0e20f1a8",
- "sha256:5a2d957eb4aba9d48170b8fe6538ec1fbc2119ffe6373782c03d8acad3323f2e",
- "sha256:5cf03b9534aca63b192856aa601c68d0764810857786ea5da652581f3a44c2b0",
- "sha256:5daba2b40782c1c5157a788ec4454067c6616f5a0c1b70e26ac326a880c2d328",
- "sha256:63cd413ac52ee3f67057223d363f4f82ce966e64906aea046daf46695e3c8238",
- "sha256:6efac40344d8f668b6c4533ae02a48d52fd852ef0654cc6f19f6ac146399c733",
- "sha256:71b01ee69e7df527439d7752a2ce8fb89e19a32df484a308eca3e81f673d3a03",
- "sha256:71f31ee4df3d5e0b366dd362007740106d3210fb6a56ec4b581a5324ba254f06",
- "sha256:72027ebf682abc9bafd93b43edc44279f641e8996fb2945104471419113cfc71",
- "sha256:74cd9aa648ed6dd25e572453eb09b08817a1e3d9f8d1bd4d8403d99e42ea790b",
- "sha256:81b3716cc9744ffdf76b39afb6247eae754186838cedad0b0ac63b2571253fe6",
- "sha256:8565355a29655b28fdc2c666fd9a3890fe5edc6639d128814fafecfae2d70910",
- "sha256:87f42c976f91ca2fc21a3293e25bd3cd895918597db1b95b93cbd949f7d019ce",
- "sha256:89e4c757a91b8c55d97c91fa09c69b3677c227b942fa749e9a66eef602f59c28",
- "sha256:8c4e32218c764bc27fe49b7328195579581aa419920edcc321c4cb877c65258d",
- "sha256:903293320efe2466c1ab3509a33d6b866dc850cfd0c5d9cc92632014cec185fb",
- "sha256:90882c6f084ef68b71bba190209a734bf90abb82ab5e8f64444c71d5974008c6",
- "sha256:98afcac3205d31ab6a10c5006b0cf040d0026a68ec051edd3517b776c1d78b09",
- "sha256:a01da2c266d9868c4f91a9c6faf47a251f23b9a862dce81d2ff583135206f5be",
- "sha256:aeab4cd016e11e7aa5cfc49dcff8e51561fa64818a0be86efa82c7038e9369d0",
- "sha256:b07c660e014852d98a00a91adfbe25033898a9d90a8f39beb2437d22a203fc44",
- "sha256:bead24c0ae3f1f6afcb915a057943ccf65fc755d11a1410a909c1fefb6c06ad1",
- "sha256:d1d6bca39bb6dd94fba23cdb3eeaea5e30c7717c5343004d900e2a63b132c341",
- "sha256:e2cd8ac157c1e5ae88b6dd790648ee5d2777e76f1e5c7d184eaddb2938594f34",
- "sha256:e5739ae63636a52b706a0facec77b2b58e485637e1638202556156e424a02dc2",
- "sha256:f36c3ff63d6fc509ce599a2f5b0d0732189eed653420e7294c039d342c6e204a",
- "sha256:f91b50ad88048d795c0ad004abbe1390aa1882073b1dca10bfd55d0b8cf18ec5"
+ "sha256:0412516dcc9de9b0a1e0ae25a280015809de8270f134cc2c1e32c4eeb397cf30",
+ "sha256:04835e68ef12904bc3e1fd002b33eea0779320d4346082bd5b24bec12ad9c3e9",
+ "sha256:06d1adaa284696785375fa80a6a8eb309be722cf4ef8949518beb34487a3df71",
+ "sha256:085a90a99404b859a4b6c3daa42afde17cb3ad3115e44a75f0d7b4a32f06a6c9",
+ "sha256:0b9911ec70731711c3b6ebcde26caea620cbdd9dcb73c67b0730c8817f24711b",
+ "sha256:10e00f7336780ca7d3653cf3ac26f068fa11b5a96894ea29a64d3dc4b810d630",
+ "sha256:11c27e74bab423eb3c9232d97553111cc0be81b74b47165f07ebfdd29d825875",
+ "sha256:11eb7f98165d56042545c9e6db3ce394ed8b45089a67124298f0473b29cb60b2",
+ "sha256:13654b521fb98abdecec105ea3fb5ba863d1548c9b58831dd5105bb3873569f1",
+ "sha256:15ccb81a6ffc57ea0137f9f3ac2737ffa1d11f786244d719639df17476d399a7",
+ "sha256:18a07a683805d32826c09acfce44a90bf474e6a66ce482b1c7fcd3757d588df3",
+ "sha256:19ec4cfe4b961edc249b0e04b5618666c23a83bc35842dea2bfd5dfa0157f81b",
+ "sha256:1c3ff00110835bdda2b1e2b07f4a2548a39744bb7de5946dc8e95517c4fb2ca6",
+ "sha256:27a330bf7014ee034046db43ccbb05c766aa9e70b8d6c5260bfc38d73103b0ba",
+ "sha256:2b11c9d310a3522b0fd3c35667914271f570576a0e387701f370eb39d45f08a4",
+ "sha256:2c661542c6f71dfd9dc82d9d29a8386287e82813b0375b3a02983feac69ef864",
+ "sha256:2cde7a4d3687f21cffdf5bb171172070bb95e02af448c4c8b2f223d783214056",
+ "sha256:2d5e9dc0bf1b5d9048a94c48d0813b6c96fccfa4ccf276d9c36308840f40c228",
+ "sha256:2f23b2d3079522fdf3c09de6517f625f7a964f916c956527bed805ac043799b8",
+ "sha256:35d27687f027ad25a8d0ef45dd5208ef044c588003cdcedf05afb00dbc5c2deb",
+ "sha256:35d409030bf3bd05fa66fb5fdedc39c521b397f61ad04309c90444e893d05f7d",
+ "sha256:4326ea1e2722f3dc00ed77c36d3b5354b8fb7399fb59230249ea6d59cbed90da",
+ "sha256:4abc247b31a98f29e5224f2d31ef15f86a71f79c7f4d2ac345a5d551d6393073",
+ "sha256:4d89a2e9219a526401015153c0e9dd48319ea6ab9fe3b066a20aa9aee23d9fd3",
+ "sha256:4e59e99fd680e2b8b11bbd463f3c9450ab799305d5f2bafb74fefba6ac058616",
+ "sha256:548794f99ff52a73a156771a0402f5e1c35285bd981046a502d7e4793e8facaa",
+ "sha256:56fd98c8294f57636084f4b076b75f86c57b2a63a8410c0cd172bc93695ee979",
+ "sha256:59697568a0455764a094585b2551fd76bfd6b959c9f92d4bdec9d0e14616303a",
+ "sha256:6bff50ba9891be0a004ef48828e012babaaf7da204d81ab9be37480b9020a82b",
+ "sha256:6cb3dd7f23b044b0737317f892d399f9e2f0b3a02b22b2c692851fb8120d82c6",
+ "sha256:7dbfbc0020aa1d9bc1b0b8bcf255a7d73f4ad0336f8fd2533fcc54a4ccfb9441",
+ "sha256:838eb85de6d9307c19c655c726f8d13b8b646f144ca6b3771fa62b711ebf7624",
+ "sha256:8b68f565a4175e12e68ca900af8910e8fe48aaa48fd3ca853494f384e11c8bcd",
+ "sha256:8f284dc1695caf71a74f24993b7c7473d77bc760be45f776a2c2f4e04c170550",
+ "sha256:963ebdc5365d748185fdb06daf2ac758116deecb2277ec5ae98139f93844bc09",
+ "sha256:a048dad5ed6ad1fad338c02c609b862dfaa921fcd065d747194a6805f91f2196",
+ "sha256:a1bd983c565f92779be456ece2479840ec39d386007cd4ae83382646293d681b",
+ "sha256:a66566f8a22561fc1a88dc87606c69b84fa9ce724f99522cf922c801ec68f5c1",
+ "sha256:bcb04ff12e79b28be6c9988f275e7ab69f01cc2ba319fb3114f87817bb7c74b6",
+ "sha256:bd24054aaf21e70a51e2a2a5ed1183560d3a69e6f9594a4bfe360a46f94eba83",
+ "sha256:be25cb93442c6d2f8702c599b51184bd3ccd83adebd08886b682173e09ef0c3f",
+ "sha256:c691b26283c3a31594683217d746f1dad59a7ae1d4cfc24626d7a064a11197d4",
+ "sha256:cc9d0dec711c914ed500f1d0d3822868760954dce98dfb0b7382a854aee55d19",
+ "sha256:ce2e5e04bb86da6187f96d7bab3f93a7877830981b37f0287dd6479e27a10341",
+ "sha256:ce651ca46d0202c302a535d3047c55a0131a720cf554a578fc1b8a2aff0e7d96",
+ "sha256:d0c8ebbfd439c37624db98f3877d9ed12c137cadd99dde2d2eae0dab0bbfc355",
+ "sha256:d675a876b295afa114ca8bf42d7f86b5fb1298e1b6bb9a24405a3f6c8338811c",
+ "sha256:dde3f3ed8d00c72631bc19cbfff8ad3b6215062a5eed402381ad365f82f0c18c",
+ "sha256:e5a31c07cea5edbaeb4bdba6f2b87db7d3dc0f446f379d907e51cc70ea375629",
+ "sha256:f514c2717012859ccb349c97862568fdc0479aad85b0270d6b5a6509dbc142e2",
+ "sha256:fc0db32f7223b094964e71729c0361f93db43664dd1ec86d3df217853cedda87",
+ "sha256:fd4fd83aa912d7b89b4b4a1580d30e2a4242f3936882a3f433586e5ab97ed0d5",
+ "sha256:feb5db446e96bfecfec078b943cc07744cc759893cef045aa8b8b6d6aaa8274e"
],
"markers": "python_version >= '3.6'",
- "version": "==8.1.2"
+ "version": "==8.3.2"
},
"pygments": {
"hashes": [
- "sha256:2656e1a6edcdabf4275f9a3640db59fd5de107d88e8663c5d4e9a0fa62f77f94",
- "sha256:534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8"
+ "sha256:b8e67fe6af78f492b3c4b3e2970c0624cbf08beb1e493b2c99b9fa1b67a20380",
+ "sha256:f398865f7eb6874156579fdf36bc840a03cab64d1cde9e93d68f46a425ec52c6"
],
"markers": "python_version >= '3.5'",
- "version": "==2.8.1"
+ "version": "==2.10.0"
},
"pyparsing": {
"hashes": [
@@ -266,11 +288,11 @@
},
"python-dateutil": {
"hashes": [
- "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c",
- "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"
+ "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86",
+ "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==2.8.1"
+ "version": "==2.8.2"
},
"pytz": {
"hashes": [
@@ -281,19 +303,19 @@
},
"requests": {
"hashes": [
- "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804",
- "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"
+ "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
+ "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
- "version": "==2.25.1"
+ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
+ "version": "==2.26.0"
},
"six": {
"hashes": [
- "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
- "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
+ "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926",
+ "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==1.15.0"
+ "version": "==1.16.0"
},
"smmap": {
"hashes": [
@@ -312,11 +334,11 @@
},
"sphinx": {
"hashes": [
- "sha256:3f01732296465648da43dec8fb40dc451ba79eb3e2cc5c6d79005fd98197107d",
- "sha256:ce9c228456131bab09a3d7d10ae58474de562a6f79abb3dc811ae401cf8c1abc"
+ "sha256:3092d929cd807926d846018f2ace47ba2f3b671b309c7a89cd3306e80c826b13",
+ "sha256:46d52c6cee13fec44744b8c01ed692c18a640f6910a725cbb938bc36e8d64544"
],
"index": "pypi",
- "version": "==3.5.3"
+ "version": "==4.1.2"
},
"sphinxcontrib-applehelp": {
"hashes": [
@@ -344,11 +366,11 @@
},
"sphinxcontrib-htmlhelp": {
"hashes": [
- "sha256:3c0bc24a2c41e340ac37c85ced6dafc879ab485c095b1d65d2461ac2f7cca86f",
- "sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b"
+ "sha256:d412243dfb797ae3ec2b59eca0e52dac12e75a241bf0e4eb861e450d06c6ed07",
+ "sha256:f5f8bb2d0d629f398bf47d0d69c07bc13b65f75a81ad9e2f71a63d4b7a2f6db2"
],
- "markers": "python_version >= '3.5'",
- "version": "==1.0.3"
+ "markers": "python_version >= '3.6'",
+ "version": "==2.0.0"
},
"sphinxcontrib-jsmath": {
"hashes": [
@@ -376,19 +398,19 @@
},
"sphinxcontrib-serializinghtml": {
"hashes": [
- "sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc",
- "sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a"
+ "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd",
+ "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952"
],
"markers": "python_version >= '3.5'",
- "version": "==1.1.4"
+ "version": "==1.1.5"
},
"urllib3": {
"hashes": [
- "sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df",
- "sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937"
+ "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4",
+ "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
- "version": "==1.26.4"
+ "version": "==1.26.6"
},
"validate-email": {
"hashes": [
diff --git a/docs/iplist.rst b/docs/iplist.rst
index 1ad8d7e..416e326 100644
--- a/docs/iplist.rst
+++ b/docs/iplist.rst
@@ -8,10 +8,14 @@ Internet IP addresses
This is the public CAcert IPv4 address range
+.. ip:v4range:: 213.154.225.236/32
+
.. ip:v6range:: 2001:7b8:616:162:1::/80
.. ip:v6range:: 2001:7b8:616:162:2::/80
+.. ip:v6range:: 2001:7b8:616:162:3::/80
+
.. ip:v4range:: 116.203.192.12/32
.. ip:v6range:: 2a01:4f8:c2c:a5b9::1/128
@@ -28,4 +32,9 @@ Internal IP addresses
.. ip:v4range:: 10.0.0.0/24
+ This is the internal IPv4 range for containers on :doc:`systems/infra02`.
+
.. ip:v4range:: 10.0.3.0/24
+
+ This is the internal IPv4 range for containers on :doc:`systems/infra03`.
+
diff --git a/docs/people.rst b/docs/people.rst
index 6f40ef8..60a1c74 100644
--- a/docs/people.rst
+++ b/docs/people.rst
@@ -7,6 +7,13 @@ applications. The list of roles is known to not be complete.
.. maybe this can be improved by some automation later
+.. _people_ted:
+
+Bernhard Fröhlich
+=================
+
+:roles: :term:`Application Administrator` on :doc:`systems/bugs`
+
.. _people_dirk:
Dirk Astrath
@@ -16,21 +23,13 @@ Dirk Astrath
:term:`Infrastructure Administrator`
:term:`Critical System Administrator`
-.. _people_abahlo:
-
-Alexander Bahlo
-===============
-
-:roles: :term:`Application Administrator` on :doc:`systems/blog`
-:contact: alexander.bahlo@cacert.org
-
-.. _people_benbe:
+.. _people_gero:
-Benny Baumann
-=============
+Gero Treuner
+============
-:roles: :term:`Infrastructure Administrator`, :term:`Application Administrator`
- on :doc:`systems/bugs`
+:roles: :term:`Application Administrator` on :doc:`systems/board`.
+:contact: gero.treuner@cacert.org
.. _people_ian:
@@ -49,27 +48,20 @@ Jan Dittberner
:wiki: :wiki:`JanDittberner`
:irc: jandd
-.. _people_ted:
-
-Bernhard Fröhlich
-=================
-
-:roles: :term:`Application Administrator` on :doc:`systems/bugs`
-
-.. _people_martin:
+.. _people_jselzer:
-Martin Gummi
-============
+Jochim Selzer
+=============
:roles: :term:`Infrastructure Administrator`
-:contact: martin.gummi@cacert.org
+:contact: jselzer@cacert.org
-.. _people_philipp:
+.. _people_gukk:
-Philipp Gühring
-===============
+Karl-Heinz Gödderz
+==================
-:roles: :term:`Application Administrator` on :doc:`systems/bugs`
+:contact: GuKKDevel@CAcert.org
.. _people_mario:
@@ -79,14 +71,6 @@ Mario Lipinski
:roles: :term:`Infrastructure Administrator`, former Team Lead
:contact: mario@cacert.org
-.. _people_marcus:
-
-Marcus Mängel
-=============
-
-:roles: :term:`Application Administrator` on :doc:`systems/blog`
-:contact: marcus.maengel@cacert.org
-
.. _people_mendel:
Mendel Mobach
@@ -95,14 +79,6 @@ Mendel Mobach
:roles: :term:`Critical System Administrator` until 01.11.2019
:contact: mendel@cacert.org
-.. _people_msimons:
-
-Martin Simons
-=============
-
-:roles: :term:`Critical System Administrator` until 01.11.2019
-:contact: msimons@cacert.org
-
.. _people_neo:
Michael Tänzer
@@ -112,7 +88,6 @@ Michael Tänzer
:contact: michael.taenzer@cacert.org
:wiki: :wiki:`MichaelTänzer`
-
.. _people_nick:
Nicolas Bebout
@@ -120,36 +95,20 @@ Nicolas Bebout
:contact: nick.bebout@cacert.org
-.. _people_gero:
-
-Gero Treuner
-============
-
-:roles: :term:`Infrastructure Administrator`
-:contact: gero.treuner@cacert.org
-
-.. _people_ulrich:
+.. _people_philipp:
-Ulrich Schröter
+Philipp Gühring
===============
-:roles: :term:`Infrastructure Administrator`
-:contact: ulrich@cacert.org
+:roles: :term:`Application Administrator` on :doc:`systems/bugs`
-.. _people_jselzer:
+.. _people_sat:
-Jochim Selzer
+Sascha Ternes
=============
:roles: :term:`Infrastructure Administrator`
-:contact: jselzer@cacert.org
-
-.. _people_gukk:
-
-Karl-Heinz Gödderz
-==================
-
-:contact: GuKKDevel@CAcert.org
+:contact: sascha.ternes@cacert.org
.. _people_wytze:
diff --git a/docs/systems.rst b/docs/systems.rst
index 56fd519..e7ffeed 100644
--- a/docs/systems.rst
+++ b/docs/systems.rst
@@ -18,12 +18,16 @@ administrator team.
systems/email
systems/emailout
systems/git
+ systems/ingress03
systems/ircserver
systems/issue
systems/jenkins
systems/lists
+ systems/mariadb
systems/monitor
systems/motion
+ systems/nextcloud
+ systems/postgresql
systems/proxyin
systems/proxyout
systems/puppet
diff --git a/docs/systems/blog.rst b/docs/systems/blog.rst
index 8f43391..c9c90dd 100644
--- a/docs/systems/blog.rst
+++ b/docs/systems/blog.rst
@@ -282,7 +282,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the :cacertgit:`cacert-puppet`.
-.. todo:: move configuration of :doc:`blog` to Puppet code
+.. todo:: move configuration of blog to Puppet code
Keys and X.509 certificates
---------------------------
@@ -362,7 +362,8 @@ Planned
.. todo:: manage the blog system using Puppet
.. todo::
- setup CRL checks (can be borrowed from :doc:`svn`) for client certificates
+
+ setup CRL checks (can be borrowed from svn for client certificates
System Future
-------------
diff --git a/docs/systems/bugs.rst b/docs/systems/bugs.rst
index 052af31..c22edcc 100644
--- a/docs/systems/bugs.rst
+++ b/docs/systems/bugs.rst
@@ -260,7 +260,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move configuration of :doc:`bugs` to Puppet code
+.. todo:: move configuration of bugs to Puppet code
Keys and X.509 certificates
---------------------------
@@ -346,7 +346,7 @@ Planned
.. todo::
- Switch ingest traffic for webmail to :doc:`proxyin` and drop http redirector
+ Switch ingest traffic for webmail to proxyin and drop http redirector
configuration from Apache httpd
System Future
diff --git a/docs/systems/community.rst b/docs/systems/community.rst
index 7cc75bb..a3ac120 100644
--- a/docs/systems/community.rst
+++ b/docs/systems/community.rst
@@ -343,7 +343,7 @@ Planned
.. todo::
- Switch ingest traffic for webmail to :doc:`proxyin` and drop http redirector
+ Switch ingest traffic for webmail to proxyin and drop http redirector
configuration from Apache httpd
System Future
diff --git a/docs/systems/email.rst b/docs/systems/email.rst
index 4a2a021..7302ae4 100644
--- a/docs/systems/email.rst
+++ b/docs/systems/email.rst
@@ -434,7 +434,7 @@ following files are special for this setup:
| | issue.cacert.org to :doc:`issue` |
+----------------+-------------------------------------------------------------+
-.. todo:: consider to send all outgoing mail via :doc:`emailout`
+.. todo:: consider to send all outgoing mail via emailout
Email storage
-------------
diff --git a/docs/systems/emailout.rst b/docs/systems/emailout.rst
index cc8d774..32ad9b8 100644
--- a/docs/systems/emailout.rst
+++ b/docs/systems/emailout.rst
@@ -283,9 +283,9 @@ OpenDKIM configuration
----------------------
.. todo::
+
enable OpenDKIM in Postfix configuration when the DNS record is in place and
- :doc:`email` is ready for DKIM too or is configured to send mail via
- emailout.
+ email is ready for DKIM too or is configured to send mail via emailout.
The OpenDKIM configuration is stored in :file:`/etc/opendkim.conf`. The
following lines have been added:
diff --git a/docs/systems/infra03.rst b/docs/systems/infra03.rst
index aafa6c7..0b5855a 100644
--- a/docs/systems/infra03.rst
+++ b/docs/systems/infra03.rst
@@ -18,16 +18,11 @@ CAcert infrastructure.
Infra03 is a host system for infrustructure :term:`containers <Container>`. The
containers are setup using the Linux kernel's :term:`LXC` system. The firewall
for the running containers is maintained using nftables_. The machine provides
-a DNS resolver based on dnsmasq_ and gives answers for the internal zone
-infra.cacert.org.
+a DNS resolver based on dnsmasq_ and forwards DNS requests to :doc:`infra02`.
.. _nftables: https://wiki.nftables.org/
.. _dnsmasq: https://www.thekelleys.org.uk/dnsmasq/doc.html
-.. todo::
- implement synchronization between :doc:`infra02`'s dnsmasq and this system's
- dnsmasq
-
Administration
==============
@@ -71,8 +66,8 @@ The machine has the following hardware parameters:
Logical Location
----------------
-:IP Internet: None yet
-:IP Intranet: :ip:v4:`172.16.2.3`
+:IP Internet: :ip:v4:`213.154.225.249`
+:IP Intranet: :ip:v4:`172.16.2.9`
:IP Internal: :ip:v4:`10.0.3.1`
:IPv6: :ip:v6:`2001:7b8:616:162:1::9`
:MAC address:
@@ -99,12 +94,13 @@ DNS
.. index::
single: DNS records; Infra03
-.. ========================== ======== ==========================================
-.. Name Type Content
-.. ========================== ======== ==========================================
-.. ========================== ======== ==========================================
-
-.. todo:: add DNS records for Infra03
++---------------------+---------+-----------------------+
+| Name | Type | Content |
++=====================+=========+=======================+
+| infra03.cacert.org. | IN A | 213.154.225.249 |
++---------------------+---------+-----------------------+
+| infra03.cacert.org. | IN AAAA | 2001:7b8:616:162:1::9 |
++---------------------+---------+-----------------------+
.. seealso::
@@ -115,9 +111,9 @@ Operating System
.. index::
single: Debian GNU/Linux; Buster
- single: Debian GNU/Linux; 10.9
+ single: Debian GNU/Linux; 10.10
-* Debian GNU/Linux 10.9
+* Debian GNU/Linux 10.10
Services
========
@@ -125,20 +121,20 @@ Services
Listening services
------------------
-+----------+---------+----------+-----------------------------------------+
-| Port | Service | Origin | Purpose |
-+==========+=========+==========+=========================================+
-| 22/tcp | ssh | ANY | admin console access |
-+----------+---------+----------+-----------------------------------------+
-| 25/tcp | smtp | local | mail delivery to local MTA |
-+----------+---------+----------+-----------------------------------------+
-| 53/tcp | dns | internal | DNS resolver for infra.cacert.org |
-| 53/udp | | | |
-+----------+---------+----------+-----------------------------------------+
-| 123/udp | ntp | ANY | network time protocol for host, |
-| | | | listening on the Internet IPv6 and IPv4 |
-| | | | addresses |
-+----------+---------+----------+-----------------------------------------+
++---------+---------+----------+-----------------------------------------+
+| Port | Service | Origin | Purpose |
++=========+=========+==========+=========================================+
+| 22/tcp | ssh | ANY | admin console access |
++---------+---------+----------+-----------------------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++---------+---------+----------+-----------------------------------------+
+| 53/tcp | dns | internal | DNS forwarded for infra.cacert.org |
+| 53/udp | | | |
++---------+---------+----------+-----------------------------------------+
+| 123/udp | ntp | ANY | network time protocol for host, |
+| | | | listening on the Internet IPv6 and IPv4 |
+| | | | addresses |
++---------+---------+----------+-----------------------------------------+
Running services
----------------
@@ -155,29 +151,34 @@ Running services
single: rsyslog
single: smartd
-+----------------+---------------------------------------+----------------------------------+
-| Service | Usage | Start mechanism |
-+================+=======================================+==================================+
-| cron | job scheduler | systemd unit ``cron.service`` |
-+----------------+---------------------------------------+----------------------------------+
-| dbus-daemon | System message bus | systemd unit ``dbus.service`` |
-+----------------+---------------------------------------+----------------------------------+
-| Exim | SMTP server for local mail submission | systemd unit ``exim4.service`` |
-+----------------+---------------------------------------+----------------------------------+
-| openssh server | ssh daemon for remote administration | systemd unit ``ssh.service`` |
-+----------------+---------------------------------------+----------------------------------+
-| Puppet agent | configuration management agent | systemd unit ``puppet.service`` |
-+----------------+---------------------------------------+----------------------------------+
-| rsyslog | syslog daemon | systemd unit ``rsyslog.service`` |
-+----------------+---------------------------------------+----------------------------------+
++----------------+---------------------------------------+------------------------------------+
+| Service | Usage | Start mechanism |
++================+=======================================+====================================+
+| cron | job scheduler | systemd unit ``cron.service`` |
++----------------+---------------------------------------+------------------------------------+
+| dbus-daemon | System message bus | systemd unit ``dbus.service`` |
++----------------+---------------------------------------+------------------------------------+
+| dm-event | Device Mapper event daemon | systemd unit ``dm-event.service`` |
++----------------+---------------------------------------+------------------------------------+
+| dnsmasq | DNS forwarder | systemd unit ``dnsmasq.service`` |
++----------------+---------------------------------------+------------------------------------+
+| Exim | SMTP server for local mail submission | systemd unit ``exim4.service`` |
++----------------+---------------------------------------+------------------------------------+
+| mdmonitor | MD array monitor | systemd unit ``mdmonitor.service`` |
++----------------+---------------------------------------+------------------------------------+
+| ntpd | time synchronization service | systemd unit ``ntp.service`` |
++----------------+---------------------------------------+------------------------------------+
+| openssh server | ssh daemon for remote administration | systemd unit ``ssh.service`` |
++----------------+---------------------------------------+------------------------------------+
+| Puppet agent | configuration management agent | systemd unit ``puppet.service`` |
++----------------+---------------------------------------+------------------------------------+
+| rsyslog | syslog daemon | systemd unit ``rsyslog.service`` |
++----------------+---------------------------------------+------------------------------------+
+| smartd | SMART daemon | systemd unit ``smart.service`` |
++----------------+---------------------------------------+------------------------------------+
.. todo:: add Icinga 2 system monitoring
-.. Running Guests
- --------------
-
- .. some directive to list guests here
-
Connected Systems
-----------------
@@ -192,9 +193,6 @@ Outbound network connections
* :doc:`emailout` as SMTP relay
* :doc:`puppet` (tcp/8140) as Puppet master
-.. * :doc:`proxyout` as HTTP proxy for APT
-.. * crl.cacert.org (rsync) for getting CRLs
-
.. todo:: use proxyout for outgoing http/https traffic
Security
@@ -205,16 +203,6 @@ Security
:ECDSA: SHA256:In12bkuY6JktIOpsBw5By89ip6ovWhi4Er8GaQzsbrI MD5:1b:32:4d:f3:83:28:04:ac:cf:4f:a9:48:80:b2:2b:0b
:ED25519: SHA256:m2CBwhLqO47H5iiEoS7YK7mAgoXLeIEjmEdhzNImTPQ MD5:e8:c5:9c:ce:f3:5f:52:98:78:c8:5e:88:b6:e2:3c:37
-Dedicated user roles
---------------------
-
-* None
-
-Non-distribution packages and modifications
--------------------------------------------
-
-* None
-
Risk assessments on critical packages
-------------------------------------
@@ -249,7 +237,7 @@ Planned
-------
* Setup Icinga2 monitoring
-* Setup containers for MariaDB, Nextcloud, Taiga.io and other services
+* Setup containers for Taiga.io, Gitea, Zulip and other services
Additional documentation
========================
diff --git a/docs/systems/ingress03.rst b/docs/systems/ingress03.rst
new file mode 100644
index 0000000..9634ff0
--- /dev/null
+++ b/docs/systems/ingress03.rst
@@ -0,0 +1,229 @@
+.. index::
+ single: Systems; Ingress03
+
+=========
+Ingress03
+=========
+
+Purpose
+=======
+
+This system provides an incoming IPv4 TLS and HTTP proxy using `nginx`_ to
+share one public IPv4 address for multiple services on :doc:`infra03`.
+
+.. _nginx: https://nginx.org/
+
+Application Links
+-----------------
+
+No direct links, applications run on other systems.
+
+Administration
+==============
+
+System Administration
+---------------------
+
+* Primary: :ref:`people_jandd`
+* Secondary: None
+
+Application Administration
+--------------------------
+
++-------------+---------------------+
+| Application | Administrator(s) |
++=============+=====================+
+| nginx | :ref:`people_jandd` |
++-------------+---------------------+
+
+Contact
+-------
+
+* ingress03-admin@cacert.org
+
+Additional People
+-----------------
+
+No other people have :program:`sudo` access on that machine.
+
+Basics
+======
+
+Physical Location
+-----------------
+
+This system is located in an :term:`LXC` container on physical machine
+:doc:`infra03`.
+
+Logical Location
+----------------
+
+:IP Internet: :ip:v4:`213.154.225.249`
+:IP Intranet: :ip:v4:`172.16.2.9`
+:IP Internal: :ip:v4:`10.0.3.10`
+:IPv6: :ip:v6:`2001:7b8:616:162:3::10`
+:MAC address: :mac:`00:ff:8f:34:8c:dd` (eth0)
+
+.. seealso::
+
+ See :doc:`../network`
+
+.. index::
+ single: Monitoring; Ingress03
+
+Monitoring
+----------
+
+:internal checks: :monitor:`ingress03.infra.cacert.org`
+:external checks: :monitor:`ingress03.cacert.org`
+
+DNS
+---
+
+.. index::
+ single: DNS records; Ingress03
+
++-----------------------+---------+------------------------+
+| Name | Type | Content |
++=======================+=========+========================+
+| ingress03.cacert.org. | IN A | 213.154.225.249 |
++-----------------------+---------+------------------------+
+| ingress03.cacert.org. | IN AAAA | 2001:7b8:616:162:3::10 |
++-----------------------+---------+------------------------+
+
+.. seealso::
+
+ See :wiki:`SystemAdministration/Procedures/DNSChanges`
+
+Operating System
+----------------
+
+.. index::
+ single: Debian GNU/Linux; Buster
+ single: Debian GNU/Linux; 10.10
+
+* Debian GNU/Linux 10.10
+
+Services
+========
+
+Listening services
+------------------
+
++----------+---------+---------+----------------------------+
+| Port | Service | Origin | Purpose |
++==========+=========+=========+============================+
+| 22/tcp | ssh | ANY | admin console access |
++----------+---------+---------+----------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++----------+---------+---------+----------------------------+
+| 80/tcp | http | ANY | nginx reverse proxy |
++----------+---------+---------+----------------------------+
+| 443/tcp | https | ANY | nginx SNI proxy |
++----------+---------+---------+----------------------------+
+| 5665/tcp | icinga2 | monitor | remote monitoring service |
++----------+---------+---------+----------------------------+
+| 465/udp | syslog | local | syslog port |
++----------+---------+---------+----------------------------+
+
+Running services
+----------------
+
+.. index::
+ single: cron
+ single: dbus
+ single: exim4
+ single: icinga2
+ single: nginx
+ single: openssh
+ single: puppet
+ single: rsyslog
+
++----------------+---------------------------------------+----------------------------------+
+| Service | Usage | Start mechanism |
++================+=======================================+==================================+
+| cron | job scheduler | systemd unit ``cron.service`` |
++----------------+---------------------------------------+----------------------------------+
+| dbus-daemon | System message bus | systemd unit ``dbus.service`` |
++----------------+---------------------------------------+----------------------------------+
+| Exim | SMTP server for local mail submission | systemd unit ``exim4.service`` |
++----------------+---------------------------------------+----------------------------------+
+| icinga2 | Icinga2 monitoring agent | systemd unit ``icinga2.service`` |
++----------------+---------------------------------------+----------------------------------+
+| openssh server | ssh daemon for remote administration | systemd unit ``ssh.service`` |
++----------------+---------------------------------------+----------------------------------+
+| Puppet agent | configuration management agent | systemd unit ``puppet.service`` |
++----------------+---------------------------------------+----------------------------------+
+| rsyslog | syslog daemon | systemd unit ``rsyslog.service`` |
++----------------+---------------------------------------+----------------------------------+
+
+Connected Systems
+-----------------
+
+* :doc:`monitor`
+
+Outbound network connections
+----------------------------
+
+* DNS (53) resolver at 10.0.0.1 (:doc:`infra02`)
+* :doc:`emailout` as SMTP relay
+* :doc:`puppet` (tcp/8140) as Puppet master
+* :doc:`proxyout` as HTTP proxy for APT
+
+Security
+========
+
+.. sshkeys::
+ :RSA: SHA256:EhpGxNuCNirP/I/e9A85p7M1xe7PuQej4jrNJBSsTAg MD5:b9:df:fb:fb:4e:8e:34:e4:6a:5d:e7:18:bb:5c:43:82
+ :ECDSA: SHA256:o7ACxl0hkiYobV+gmnrV3eaF09dttdh69K2T6bkO7jE MD5:a9:c3:df:2a:13:38:14:ad:a6:15:f4:ff:4b:5e:75:2d
+ :ED25519: SHA256:HA8qzC8T62WpiAHt6IClWxwhp2hpg9CjJucPPKyPvUw MD5:92:00:a9:29:5b:c0:42:da:d8:8e:3b:9a:c2:cf:41:bb
+
+Risk assessments on critical packages
+-------------------------------------
+
+The Puppet agent package and a few dependencies are installed from the official
+Puppet APT repository because the versions in Debian are too old to use modern
+Puppet features.
+
+Critical Configuration items
+============================
+
+The system configuration is managed via Puppet profiles. There is no
+configuration items outside of the :cacertgit:`cacert-puppet`.
+
+Tasks
+=====
+
+Adding a new forward entry
+--------------------------
+
+Add an entry to the ``profiles::sniproxy::forwarded`` item in
+:file:`hieradata/nodes/ingress03.yaml` in :cacertgit:`cacert-puppet` and adjust
+the firewall configuration on :doc:`infra03`. You will need to request DNS
+changes from the critical team if you want to switch an existing service to use
+the SNI proxy service.
+
+Changes
+=======
+
+Planned
+-------
+
+* None
+
+System Future
+-------------
+
+* No plans
+
+Additional documentation
+========================
+
+.. seealso::
+
+ * :wiki:`Exim4Configuration`
+
+References
+----------
+
+* https://nginx.org/en/docs/
diff --git a/docs/systems/ircserver.rst b/docs/systems/ircserver.rst
index 4095da6..29d4db9 100644
--- a/docs/systems/ircserver.rst
+++ b/docs/systems/ircserver.rst
@@ -296,7 +296,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move configuration of :doc:`ircserver` to Puppet code
+.. todo:: move configuration of ircserver to Puppet code
Keys and X.509 certificates
---------------------------
diff --git a/docs/systems/jenkins.rst b/docs/systems/jenkins.rst
index 2229914..d9f01c1 100644
--- a/docs/systems/jenkins.rst
+++ b/docs/systems/jenkins.rst
@@ -224,7 +224,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move configuration of :doc:`jenkins` to Puppet code
+.. todo:: move configuration of jenkins to Puppet code
Jenkins configuration
---------------------
diff --git a/docs/systems/lists.rst b/docs/systems/lists.rst
index a8e5593..f4fe29a 100644
--- a/docs/systems/lists.rst
+++ b/docs/systems/lists.rst
@@ -30,12 +30,11 @@ System Administration
Application Administration
--------------------------
-+--------------+---------------------------------------------+
-| Application | Administrator(s) |
-+==============+=============================================+
-| Sympa | :ref:`people_jandd`, :ref:`people_mario`, |
-| | :ref:`people_ulrich`, :ref:`people_philipp` |
-+--------------+---------------------------------------------+
++-------------+-----------------------------------------------------------------+
+| Application | Administrator(s) |
++=============+=================================================================+
+| Sympa | :ref:`people_jandd`, :ref:`people_mario`, :ref:`people_philipp` |
++-------------+-----------------------------------------------------------------+
Contact
-------
diff --git a/docs/systems/monitor.rst b/docs/systems/monitor.rst
index f7cdf3c..0f52a29 100644
--- a/docs/systems/monitor.rst
+++ b/docs/systems/monitor.rst
@@ -274,7 +274,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move more configuration of :doc:`monitor` to Puppet code
+.. todo:: move more configuration of monitor to Puppet code
Keys and X.509 certificates
---------------------------
diff --git a/docs/systems/nextcloud.rst b/docs/systems/nextcloud.rst
new file mode 100644
index 0000000..7178107
--- /dev/null
+++ b/docs/systems/nextcloud.rst
@@ -0,0 +1,255 @@
+.. index::
+ single: Systems; nextcloud
+
+=========
+Nextcloud
+=========
+
+Purpose
+=======
+
+This system serves a `Nextcloud <https://nextcloud.com/>`_ instance.
+
+Application Links
+-----------------
+
+CAcert Nextcloud
+ https://nextcloud.cacert.org
+
+Administration
+==============
+
+System Administration
+---------------------
+
+* Primary: :ref:`people_sat`
+* Secondary: :ref:`people_jandd`
+
+Application Administration
+--------------------------
+
++-------------+-------------------+
+| Application | Administrator(s) |
++=============+===================+
+| nextcloud | :ref:`people_sat` |
++-------------+-------------------+
+
+Contact
+-------
+
+* nextcloud-admin@cacert.org
+
+Basics
+======
+
+Physical Location
+-----------------
+
+This system is located in an :term:`LXC` container on physical machine
+:doc:`infra03`.
+
+Logical Location
+----------------
+
+:IP Internet: :ip:v4:`213.154.225.249`
+:IP Intranet: :ip:v4:`172.16.2.9`
+:IP Internal: :ip:v4:`10.0.3.12`
+:IPv6: :ip:v6:`2001:7b8:616:162:3::12`
+:MAC address: :mac:`00:ff:8f:af:3d:18` (eth0@if15)
+
+.. seealso::
+
+ See :doc:`../network`
+
+.. index::
+ single: Monitoring; nextcloud
+
+Monitoring
+----------
+
+:internal checks: :monitor:`nextcloud.infra.cacert.org`
+:external checks: :monitor:`nextcloud.cacert.org`
+
+DNS
+---
+
+.. index::
+ single: DNS records; nextcloud
+
++-----------------------------+----------+----------------------------------------------------------------------+
+| Name | Type | Content |
++=============================+==========+======================================================================+
+| nextcloud.cacert.org. | IN A | 213.154.225.249 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN AAAA | 2001:7b8:616:162:3::12 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.infra.cacert.org. | IN A | 10.0.3.12 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.infra.cacert.org. | IN AAAA | 2001:7b8:616:162:3::12 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN SSHFP | 1 1 5F7F6B6FBB86C469CA52B4705BB034AAE6EA0DC9 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org | IN SSHFP | 1 2 14B734AE965BF216749019B727084D70952DBBC83BD93D049F6567BD571E09B2 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN SSHFP | 3 1 ABD6257BFC4E47909E4D41B06914A196B8B2B4F1 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN SSHFP | 3 2 C6F857E69CF509443FF011505B3A774BFA3A149926A7818CD37167C211BEC55B |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN SSHFP | 4 1 DC1C48FD2E62A98672EA70126B2209D604CBC758 |
++-----------------------------+----------+----------------------------------------------------------------------+
+| nextcloud.cacert.org. | IN SSHFP | 4 2 5563549548D8BE620AAB5B609F2B48A15BE0D80986F79E3A5B28C1F4A974617B |
++-----------------------------+----------+----------------------------------------------------------------------+
+
+.. seealso::
+
+ See :wiki:`SystemAdministration/Procedures/DNSChanges`
+
+Operating System
+----------------
+
+.. index::
+ single: Debian GNU/Linux; Buster
+ single: Debian GNU/Linux; 10.10
+
+* Debian GNU/Linux 10.10
+
+Services
+========
+
+Listening services
+------------------
+
++----------+---------+---------+----------------------------+
+| Port | Service | Origin | Purpose |
++==========+=========+=========+============================+
+| 22/tcp | ssh | ANY | admin console access |
++----------+---------+---------+----------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++----------+---------+---------+----------------------------+
+| 80/tcp | http | ANY | application |
++----------+---------+---------+----------------------------+
+| 443/tcp | https | ANY | application |
++----------+---------+---------+----------------------------+
+| 5665/tcp | icinga2 | monitor | remote monitoring service |
++----------+---------+---------+----------------------------+
+
+Running services
+----------------
+
+.. index::
+ single: apache httpd
+ single: cron
+ single: dbus
+ single: exim4
+ single: icinga2
+ single: openssh
+ single: php-fpm
+ single: puppet
+ single: rsyslog
+
++----------------+---------------------------------------+-------------------------------------+
+| Service | Usage | Start mechanism |
++================+=======================================+=====================================+
+| Apache httpd | Webserver for Nextcloud | systemd unit ``apache2.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| cron | job scheduler | systemd unit ``cron.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| dbus-daemon | System message bus | systemd unit ``dbus.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| Exim | SMTP server for local mail submission | systemd unit ``exim4.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| icinga2 | Icinga2 monitoring agent | systemd unit ``icinga2.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| openssh server | ssh daemon for remote administration | systemd unit ``ssh.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| PHP-FPM | PHP for Nextcloud | systemd unit ``php7.3-fpm.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| Puppet agent | configuration management agent | systemd unit ``puppet.service`` |
++----------------+---------------------------------------+-------------------------------------+
+| rsyslog | syslog daemon | systemd unit ``rsyslog.service`` |
++----------------+---------------------------------------+-------------------------------------+
+
+Connected Systems
+-----------------
+
+* :doc:`monitor`
+* :doc:`ingress03` as incoming SNI proxy for IPv4
+
+Outbound network connections
+----------------------------
+
+* DNS (53) resolver at 10.0.0.1 (:doc:`infra02`)
+* :doc:`emailout` as SMTP relay
+* :doc:`puppet` (tcp/8140) as Puppet master
+* :doc:`proxyout` as HTTP proxy for APT
+* :doc:`mariadb` as database server
+* crl.cacert.org (rsync) for getting CRLs
+
+Security
+========
+
+.. sshkeys::
+ :RSA: SHA256:FLc0rpZb8hZ0kBm3JwhNcJUtu8g72T0En2VnvVceCbI MD5:c9:29:d7:82:f1:65:47:57:48:44:e1:1f:45:af:25:7c
+ :ECDSA: SHA256:xvhX5pz1CUQ/8BFQWzp3S/o6FJkmp4GM03FnwhG+xVs MD5:5d:62:29:ef:1f:33:7d:7a:c7:63:79:cd:de:1f:4d:9d
+ :ED25519: SHA256:VWNUlUjYvmIKq1tgnytIoVvg2AmG9546WyjB9Kl0YXs MD5:64:ae:e0:b3:b0:e3:9a:a7:9e:67:07:f2:a0:e8:a1:87
+
+Non-distribution packages and modifications
+-------------------------------------------
+
+Nextcloud has been installed from the Upstream installation archives in
+:file:`/var/www/nextcloud` and is actively maintained by :ref:`people_sat`.
+
+Risk assessments on critical packages
+-------------------------------------
+
+Apache httpd and PHP-FPM are installed from Debian distribution packages and
+are security supported.
+
+The Puppet agent package and a few dependencies are installed from the official
+Puppet APT repository because the versions in Debian are too old to use modern
+Puppet features.
+
+Critical Configuration items
+============================
+
+Keys and X.509 certificates
+---------------------------
+
+.. sslcert:: nextcloud.cacert.org
+ :altnames: DNS:nextcloud.cacert.org
+ :certfile: /etc/ssl/nextcloud.cacert.org.crt
+ :keyfile: /etc/ssl/nextcloud.cacert.org.key
+ :serial: 02F2DB
+ :expiration: Aug 28 15:31:30 2023 GMT
+ :sha1fp: 15:FD:55:B9:EC:B3:F0:1F:1B:39:35:5F:E7:B3:AC:8D:A6:EA:E1:E1
+ :issuer: CAcert Class 3 Root
+
+.. seealso::
+
+ * :wiki:`SystemAdministration/CertificateList`
+
+Tasks
+=====
+
+Adding nextcloud users
+----------------------
+
+Nextcloud user administration is done by :ref:`people_sat`.
+
+Changes
+=======
+
+Planned
+-------
+
+.. todo::
+
+ implement OpenID Connect authentication when the CAcert OIDC IDP has been
+ setupIt is planned to add OpenID Connect
+
+Additional documentation
+========================
+
+.. seealso::
+
+ * :wiki:`Exim4Configuration`
diff --git a/docs/systems/proxyin.rst b/docs/systems/proxyin.rst
index d99f775..b14945e 100644
--- a/docs/systems/proxyin.rst
+++ b/docs/systems/proxyin.rst
@@ -33,7 +33,7 @@ Application Administration
+-------------+---------------------+
| Application | Administrator(s) |
+=============+=====================+
-| sniproxy | :ref:`people_jandd` |
+| nginx | :ref:`people_jandd` |
+-------------+---------------------+
Contact
@@ -254,10 +254,11 @@ Tasks
Adding a new forward entry
--------------------------
-Add a line to the ``profiles::sniproxy::https_forwards`` item in Hiera data and
-adjust the firewall configuration on :doc:`infra02`. You will need to request
-DNS changes from the critical team if you want to switch an existing service to
-use the SNI proxy service.
+Add an entry to the ``profiles::sniproxy::forwarded`` item in
+:file:`hieradata/nodes/proxyin.yaml` in :cacertgit:`cacert-puppet` and adjust
+the firewall configuration on :doc:`infra02`. You will need to request DNS
+changes from the critical team if you want to switch an existing service to use
+the SNI proxy service.
Changes
=======
diff --git a/docs/systems/proxyout.rst b/docs/systems/proxyout.rst
index e8bc74a..be159c5 100644
--- a/docs/systems/proxyout.rst
+++ b/docs/systems/proxyout.rst
@@ -242,8 +242,10 @@ Changes
Planned
-------
-.. todo:: Change all infrastructure hosts to use this machine as APT proxy to
- avoid flaky firewall configurations on :doc:`infra02`.
+.. todo::
+
+ Change all infrastructure hosts to use this machine as APT proxy to avoid
+ flaky firewall configurations on infra02.
System Future
-------------
diff --git a/docs/systems/svn.rst b/docs/systems/svn.rst
index f931461..3039170 100644
--- a/docs/systems/svn.rst
+++ b/docs/systems/svn.rst
@@ -237,7 +237,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move configuration of :doc:`svn` to Puppet code
+.. todo:: move configuration of svn to Puppet code
Keys and X.509 certificates
---------------------------
diff --git a/docs/systems/test2.rst b/docs/systems/test2.rst
index 7732908..3452737 100644
--- a/docs/systems/test2.rst
+++ b/docs/systems/test2.rst
@@ -58,7 +58,7 @@ This system is located in an :term:`LXC` container on physical machine
Logical Location
----------------
-:IP Internet: :ip:v4:`213.154.225.249`
+:IP Internet: :ip:v4:`213.154.225.241`
:IP Intranet: :ip:v4:`172.16.2.249`
:IP Internal: :ip:v4:`10.0.0.249`
:IPv6: :ip:v6:`2001:7b8:616:162:2::249`
@@ -273,7 +273,7 @@ The CAcert Signer code is stored in :file:`/home/signer/www/CommModule`.
.. todo::
clarify the process how changes get into the WebDB and Signer directories
- and clarify differences to Git and :doc:`test`
+ and clarify differences to Git and test
Risk assessments on critical packages
-------------------------------------
diff --git a/docs/systems/test3.rst b/docs/systems/test3.rst
index 995afb3..85599fb 100644
--- a/docs/systems/test3.rst
+++ b/docs/systems/test3.rst
@@ -66,7 +66,7 @@ This system is located in an :term:`LXC` container on physical machine
Logical Location
----------------
-:IP Internet: :ip:v4:`213.154.225.248`
+:IP Internet: :ip:v4:`213.154.225.241`
:IP Intranet: :ip:v4:`172.16.2.149`
:IP Internal: :ip:v4:`10.0.0.149`
:IPv6: :ip:v6:`2001:7b8:616:162:2::149`
@@ -463,7 +463,7 @@ Changes
Planned
-------
-.. todo:: implement git workflows for updates maybe using :doc:`jenkins`
+.. todo:: implement git workflows for updates maybe using jenkins
System Future
-------------
diff --git a/docs/systems/testmgr.rst b/docs/systems/testmgr.rst
index a503adc..5c0e1f6 100644
--- a/docs/systems/testmgr.rst
+++ b/docs/systems/testmgr.rst
@@ -222,7 +222,7 @@ Planned
.. todo:: setup monitoring for testmgr
-.. todo:: make testmgr available on default ports via :doc:`proxyin`
+.. todo:: make testmgr available on default ports via proxyin
.. todo:: setup proper DNS entries for testmgr
diff --git a/docs/systems/translations.rst b/docs/systems/translations.rst
index 782e6cd..4430306 100644
--- a/docs/systems/translations.rst
+++ b/docs/systems/translations.rst
@@ -261,8 +261,8 @@ packages.
.. todo::
- consider building the virtualenv on :doc:`jenkins` to avoid development tools
- on this system
+ consider building the virtualenv on jenkins to avoid development tools on
+ this system
The Puppet agent package and a few dependencies are installed from the official
Puppet APT repository because the versions in Debian are too old to use modern
@@ -340,7 +340,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the Puppet repository.
-.. todo:: move configuration of :doc:`translations` to Puppet code
+.. todo:: move configuration of translations to Puppet code
Keys and X.509 certificates
---------------------------
diff --git a/docs/systems/wiki.rst b/docs/systems/wiki.rst
index 73b067a..5de025a 100644
--- a/docs/systems/wiki.rst
+++ b/docs/systems/wiki.rst
@@ -214,7 +214,7 @@ Critical Configuration items
The system configuration is managed via Puppet profiles. There should be no
configuration items outside of the :cacertgit:`cacert-puppet`.
-.. todo:: move configuration of :doc:`wiki` to Puppet code
+.. todo:: move configuration of wiki to Puppet code
Keys and X.509 certificates
---------------------------
@@ -240,7 +240,7 @@ Apache configuration
Apache is configured using files in :file:`/etc/apache2` integrating the MoinMoin wiki using `mod_wsgi`.
-.. todo:: more comprehensive Apache configuration documentation for :doc:`wiki`
+.. todo:: more comprehensive Apache configuration documentation for wiki
Changes
=======