Wiki¶
Purpose¶
The purpose of the wiki server is to serve the wiki, implemented with MoinMoin.
Application Links¶
- Wiki URL
Administration¶
System Administration¶
Primary: Dirk Astrath
Secondary: Jan Dittberner
Application Administration¶
Todo
document wiki admins
Contact¶
Additional People¶
No additional people have sudo access on that machine.
Basics¶
Physical Location¶
This system is located in an LXC container on physical machine Infra02.
Logical Location¶
- IP Internet:
- IP Intranet:
- IP Internal:
- IPv6:
- MAC address:
00:ff:32:e3:13:66
(eth0)
See also
See Network
Monitoring¶
- internal checks:
DNS¶
Name |
Type |
Content |
---|---|---|
wiki.cacert.org. |
IN A |
213.154.225.235 |
wiki.cacert.org. |
IN AAAA |
2001:7b8:616:162:2::12 |
wiki.cacert.org. |
IN SSHFP |
1 1 5C3E0D3265782405E0141C47BF0E16EC14B12E08 |
wiki.cacert.org. |
IN SSHFP |
1 2 69101872cb629e30a78ca4aac781720e1217c3733f6bb8d659034e9c23c890df |
wiki.cacert.org. |
IN SSHFP |
3 1 73113627b9e77be383e4da3a8c4b4a0ae07df5ba |
wiki.cacert.org. |
IN SSHFP |
3 2 88d73c828d56d3cccac530558bf0a1b2678c238f285c3ef6b61fa05ea782fd60 |
wiki.cacert.org. |
IN SSHFP |
4 1 c1d79ceb8986b02b6b477f8c9e50b2623a15cfe8 |
wiki.cacert.org. |
IN SSHFP |
4 2 6cfa531e0eebbb01b226444d33c238b83c96cc134d23662f95a36c095c4dfbdf |
wiki.infra.cacert.org. |
IN AAAA |
2001:7b8:616:162:2::12 |
wiki.infra.cacert.org. |
IN MX |
1 emailout.infra.cacert.org. |
wiki.intra.cacert.org. |
IN A |
172.16.2.12 |
See also
Operating System¶
Debian GNU/Linux 10 Buster
Services¶
Listening services¶
Port |
Service |
Origin |
Purpose |
---|---|---|---|
22/tcp |
ssh |
ANY |
admin console access |
25/tcp |
smtp |
local |
mail delivery to local MTA |
80/tcp |
http |
ANY |
application |
443/tcp |
https |
ANY |
application |
5665/tcp |
icinga2 |
monitor |
remote monitoring service |
Running services¶
Service |
Usage |
Start mechanism |
---|---|---|
Apache httpd |
Webserver for the Wiki |
systemd unit |
cron |
job scheduler |
systemd unit |
dbus-daemon |
System message bus |
systemd unit |
icinga2 |
Icinga2 monitoring agent |
systemd unit |
openssh server |
ssh daemon for remote administration |
systemd unit |
Postfix |
SMTP server for local mail submission |
systemd unit |
Puppet agent |
configuration management agent |
systemd unit |
rsyslog |
syslog daemon |
systemd unit |
Connected Systems¶
Outbound network connections¶
Security¶
SSH host keys¶
Algorithm |
Fingerprints |
---|---|
RSA |
|
DSA |
- |
ECDSA |
|
ED25519 |
|
See also
Non-distribution packages and modifications¶
MoinMoin in /srv/www/wiki/
.
Todo
properly document the Wiki setup or replace it with a packaged version
Risk assessments on critical packages¶
The MoinMoin 1.x wiki software is based on Python 2 which is EOL. The software should be replaced when MoinMoin 2.x comes out with support for Python 3.
Todo
upgrade to MoinMoin 2.x when it is available
Critical Configuration items¶
The system configuration is managed via Puppet profiles. There should be no configuration items outside of the CAcert Git repository cacert-puppet.
Todo
move configuration of wiki to Puppet code
Keys and X.509 certificates¶
All keys and certificates are managed in the file
hieradata/nodes/wiki.yaml
in the CAcert Git repository cacert-puppet.
Certificate for CN wiki.cacert.org, see details in the certificate list
certificate in file /etc/ssl/public/wiki.cacert.org.chain.pem
private key in file /etc/ssl/private/wiki.cacert.org.key.pem
/etc/ssl/public/wiki.cacert.org_client_cas.pem
CAcert.org Class 1 and
Class 3 CA certificates (allowed CA certificates for client certificates)
Apache configuration¶
Apache is configured using files in /etc/apache2
integrating the MoinMoin wiki using mod_wsgi.
Todo
more comprehensive Apache configuration documentation for wiki
Changes¶
Todo
manage the blog system using Puppet
System Future¶
Additional documentation¶
See also
No plans