service/crm.md

@@ -160,6 +160,9 @@ The CRM service is built with two distinct servers:
  * `crm-int-01.torproject.org`, AKA `crm-int-01`
    * software:
      * CiviCRM on top of Drupal
+     * Drupal has a `tor_donation` module which has the code to
+       receive/process Redis messages and initiate the corresponding
+       actions in CiviCRM
      * Apache with PHP FPM
      * MariaDB (MySQL) database (Drupal storage backend)
      * Redis cache (?)
@@ -179,6 +182,7 @@ The CRM service is built with two distinct servers:
      * `staging-api.donate.torproject.org`: not live yet
      * `test-api.donate.torproject.org`: test site to rename the API
        middleware (see [issue 40123](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40123))
+     * those sites live in `/srv/donate.torproject.org`
 
 There is also the <https://donate.torproject.org> static site hosted
 in our [static hosting mirror network](howto/static-component). A donation campaign *must*
@@ -208,6 +212,11 @@ backend CiviCRM server. The middle and the CiviCRM server talk to each
 other through a Redis instance, accessible only through an [IPsec](howto/ipsec)
 tunnel (as a 172.16/12 private IP address).
 
+In order to receive contribution data and provide endpoints reachable
+by Stripe/PayPal, the API server is configured to receive those
+requests and pass specific messages using Redis over a secure tunnel
+to the CRM server
+
 Both servers have firewalled SSH servers (rules defined in Puppet,
 `profile::civicrm`). To get access to the port, [ask TPA][File].