IT Documentation

Appearance

Credentials

SSH

In order to connec to the server via SSH, a user needs to generate a private/public key pair on their machine and transfer their public key to the ~/.ssh/authorized_keys file on the server. If you do not know how to generate an SSH key pair, you can check this tutorial by GitHub on how to do this on any of the commonly used operating systems.

Currently, the following employees have their public key registered in the file mentioned above:

  • Mustafa Degirmenci (RBT62-P14s)
  • Alexander Schreyer (RBT59-E15)
  • Florin Paica (RBT24-X1X)

All of these users can currently still access the server as root@develop-ing.ch. However, it is advised not to do this but create specific user accounts that can be granted root permissions via sudo (if necessary) in order to avoid unwanted breaking changes.

The server is accessible via the SSH protocol from anywhere, however, WireGuard is required for certain services (postgres, ...).

Granting access

Have user generate a private/public key-pair ssh-keygen -t ed25519 Append the key in ~/.ssh/authorized_keyssystemctl restart sshd Edit ~/.ssh/config if needed

Host your_server
  Hostname subdomain.domain.rootserver
  User root
  IdentityFile "~/.ssh/key_polarion"
  IdentitiesOnly yes

WireGuard

WireGuard is set up on the server in order to only allow access to certain applications via a VPN tunnel. The most important information about the current configuration can be found down below. If more information regarding how to set up WireGuard is required, please check the official WireGuard documentation.

Access rights need to be configured with a SSH private/public key pair in the WireGuard configuration file. On the server, this file is located under /etc/wireguard/wg0.conf. Like most configuration files, it can only be edited with root permissions (use sudo).

The server uses 10.18.2.1/24 and has the public key M7bLjFauYrgdppYvBfLMjHe4Dh8WkQy6v5SgXLK3oA0=.

The following machines and/or people have been given access/IPs:

  • Remote Server (Metanet): 10.18.2.1/32
  • Local Test Server: 10.18.2.2/32
  • Mustafa Degirmenci: 10.18.2.83/32
  • Alexander Schreyer: 10.18.2.43/32
  • Belal Rahimi: 10.18.2.44/32

Granting access

Decide on a free IP for the user in the subnet 10.18.2.0/24 Add that IP and the users public-key (from the wireguard tunnel) to /etc/wireguard/wg0.conf Locally, add the metanet rbde server's ip and public key to your config

Example Mustafa 

[Interface]
PrivateKey = abcdy
Address = 10.18.2.83/32

[Peer]
PublicKey = M7bLjFauYrgdppYvBfLMjHe4Dh8WkQy6v5SgXLK3oA0=
AllowedIPs = 10.18.2.1/24
Endpoint = 185.46.57.64:51281

Jenkins

At https://jenkins.develop-ing.ch

Manages the automatic deployment of https://develop-ing.ch and https://dev.develop-ing.ch, especially https://www.develop-ing.ch/book-a-desk/

Access rights:

  • alexanderschreyer
  • belalrahimi
  • mustafadegirmenci
  • florinpaica

Granting access

Add user to https://jenkins.develop-ing.ch/manage/securityRealm/

develop-ing.ch admin

https://www.develop-ing.ch/admin/

Granting access

New accounts will be added automatically to book-a-desk by signing in with a MS-Account Admin/Elevated rights can be assigned in https://www.develop-ing.ch/admin/auth/user/ Accounts for dev.develop-ing.ch / 127.0.0.1 are in the django_dev / django_play databases and therefore handled seperately as defined in /home/django/web-framework-env/.env.*

MS-Authentication (e.g. OAuth2)

via Azure AD -> florin/(mustafa)

More documentation

(RBDE sharepoint)[https://rubibahntechnik.sharepoint.com/sites/RBDE/IT/Forms/AllItems.aspx?FolderCTID=0x012000C6E87883E495A3429BF717E8FA0AB30A&viewid=2224578f-4b01-4528-82c8-be8717c589fb]

(Rubi Raspberry PIs)[https://rubibahntechnik.sharepoint.com/:f:/s/RBDE/EgPSZaFGcptJr5T5eHaTAXEBric6pVNsrKoX-A4T1CpaLA?e=JEKYu5]