... | @@ -13,21 +13,21 @@ follow this [template](howto/template) to ensure proper documentation. |
... | @@ -13,21 +13,21 @@ follow this [template](howto/template) to ensure proper documentation. |
|
Those are services managed by TPA directly.
|
|
Those are services managed by TPA directly.
|
|
|
|
|
|
| Service | Purpose | URL | Maintainers | Documented | Auth |
|
|
| Service | Purpose | URL | Maintainers | Documented | Auth |
|
|
|----------------------|-----------------------------------|--------------------------------------|----------------------|------------|------------|
|
|
|----------------------|-----------------------------------|--------------------------------------|----------------------|------------|----------------------|
|
|
| [backup][] | Backups | N/A | TPA | 75% | N/A |
|
|
| [backup][] | Backups | N/A | TPA | 75% | N/A |
|
|
| [cache][] | Web caching/accelerator/CDN | N/A | TPA | 90% | N/A |
|
|
| [cache][] | Web caching/accelerator/CDN | N/A | TPA | 90% | N/A |
|
|
| [dns][] | domain name service | N/A | TPA | 10% | N/A |
|
|
| [dns][] | domain name service | N/A | TPA | 10% | N/A |
|
|
| [documentation][] | documentation (this wiki) | <https://help.torproject.org/> | TPA | 10% | see GitLab |
|
|
| [documentation][] | documentation (this wiki) | <https://help.torproject.org/> | TPA | 10% | see GitLab |
|
|
| [drbd][] | disk redundancy | N/A | TPA | 10% | N/A |
|
|
| [drbd][] | disk redundancy | N/A | TPA | 10% | N/A |
|
|
| email | forward @torproject.org emails | N/A | TPA | 0% | yes |
|
|
| email | forward @torproject.org emails | N/A | TPA | 0% | LDAP, Puppet |
|
|
| [ganeti][] | virtual machine hosting | N/A | TPA | 90% | no |
|
|
| [ganeti][] | virtual machine hosting | N/A | TPA | 90% | no |
|
|
| [grafana][] | metrics dashboard, pretty graphs | <https://grafana.torproject.org> | TPA, anarcat, hiro | 10% | yes |
|
|
| [grafana][] | metrics dashboard, pretty graphs | <https://grafana.torproject.org> | TPA, anarcat, hiro | 10% | [Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40124) |
|
|
| [ipsec][] | VPN | N/A | TPA | 30% | maybe |
|
|
| [ipsec][] | VPN | N/A | TPA | 30% | Puppet |
|
|
| [kvm][] | virtual machine hosting | N/A | TPA, weasel, anarcat | 20% | no |
|
|
| [kvm][] | virtual machine hosting | N/A | TPA, weasel, anarcat | 20% | no |
|
|
| [ldap][] | host and user directory | <https://db.torproject.org> | TPA | 90% | yes |
|
|
| [ldap][] | host and user directory | <https://db.torproject.org> | TPA | 90% | yes |
|
|
| [logging][] | centralized logging | N/A | TPA | 10% | no |
|
|
| [logging][] | centralized logging | N/A | TPA | 10% | no |
|
|
| [nagios][] | alerting | <https://nagios.torproject.org> | TPA | 5% | yes |
|
|
| [nagios][] | alerting | <https://nagios.torproject.org> | TPA | 5% | Puppet and on-server |
|
|
| [openstack][] | virtual machine hosting | N/A | TPA | 30% | maybe |
|
|
| [openstack][] | virtual machine hosting | N/A | TPA | 30% | yes |
|
|
| [postgresql][] | database service | N/A | TPA | 80% | no |
|
|
| [postgresql][] | database service | N/A | TPA | 80% | no |
|
|
| [prometheus][] | metrics collection and monitoring | <https://prometheus.torproject.org/> | TPA, anarcat | 90% | no |
|
|
| [prometheus][] | metrics collection and monitoring | <https://prometheus.torproject.org/> | TPA, anarcat | 90% | no |
|
|
| [puppet][] | configuration management | `puppet.torproject.org` | TPA | 100% | yes |
|
|
| [puppet][] | configuration management | `puppet.torproject.org` | TPA | 100% | yes |
|
... | @@ -36,7 +36,9 @@ Those are services managed by TPA directly. |
... | @@ -36,7 +36,9 @@ Those are services managed by TPA directly. |
|
| [wkd][] | OpenPGP certificates distribution | N/A | TPA | 10% | yes |
|
|
| [wkd][] | OpenPGP certificates distribution | N/A | TPA | 10% | yes |
|
|
|
|
|
|
The `Auth` column documents whether the service should be audited for
|
|
The `Auth` column documents whether the service should be audited for
|
|
access when a user is retired.
|
|
access when a user is retired. If set to "LDAP", it means it should be
|
|
|
|
revoked to a LDAP group membership change. In the case of "Puppet",
|
|
|
|
it's because the user might have access through that as well.
|
|
|
|
|
|
It is estimated that, on average, 42% of the documentation above is
|
|
It is estimated that, on average, 42% of the documentation above is
|
|
complete. This does not include undocumented services, below.
|
|
complete. This does not include undocumented services, below.
|
... | @@ -80,10 +82,10 @@ The Service Admins maintain the following list of Tor Services. |
... | @@ -80,10 +82,10 @@ The Service Admins maintain the following list of Tor Services. |
|
| [btcpayserver][] | BTCpayserver | <https://btcpay.torproject.net/> | hiro, asn, sue | 90% | yes? |
|
|
| [btcpayserver][] | BTCpayserver | <https://btcpay.torproject.net/> | hiro, asn, sue | 90% | yes? |
|
|
| [check][] | Web app to check if we're using tor | <https://check.torproject.org> | arlolra | 90% | LDAP |
|
|
| [check][] | Web app to check if we're using tor | <https://check.torproject.org> | arlolra | 90% | LDAP |
|
|
| [collector][] | Collects Tor network data and makes it available | collector{1,2}.torproject.org | karsten, irl | ? | ? |
|
|
| [collector][] | Collects Tor network data and makes it available | collector{1,2}.torproject.org | karsten, irl | ? | ? |
|
|
| [debian archive][] | Debian package repository | <https://deb.torproject.org> | weasel | 20% | yes? |
|
|
| [debian archive][] | Debian package repository | <https://deb.torproject.org> | weasel | 20% | LDAP |
|
|
| [git][] | Source control system | <https://git.torproject.org> | ahf, hiro, irl, nickm, Sebastian, TPA? | 70% | yes |
|
|
| [git][] | Source control system | <https://git.torproject.org> | ahf, hiro, irl, nickm, Sebastian, TPA? | 70% | yes |
|
|
| [gitlab][] | Issue tracking, Wikis | <https://gitlab.torproject.org/> | ahf, hiro | 90% | yes |
|
|
| [gitlab][] | Issue tracking, Wikis | <https://gitlab.torproject.org/> | ahf, hiro | 90% | yes |
|
|
| [irc][] | IRC bouncer | <ircbouncer.torproject.org> | pastly | 90% | yes |
|
|
| [irc][] | IRC bouncer and network | <ircbouncer.torproject.org> | pastly | 90% | yes (ZNC and @groups on OFTC) |
|
|
| [lists][] | Mailing lists | <https://lists.torproject.org> | atagar, qbi | 20% | yes |
|
|
| [lists][] | Mailing lists | <https://lists.torproject.org> | atagar, qbi | 20% | yes |
|
|
| [metrics][] | Network descriptor aggregator and network data visualizer | <https://metrics.torproject.org> | karsten | ? | ? |
|
|
| [metrics][] | Network descriptor aggregator and network data visualizer | <https://metrics.torproject.org> | karsten | ? | ? |
|
|
| [nextcloud][] | NextCloud | <https://nc.torproject.net/> | anarcat, gaba, hiro, ln5 | 30% | yes |
|
|
| [nextcloud][] | NextCloud | <https://nc.torproject.net/> | anarcat, gaba, hiro, ln5 | 30% | yes |
|
... | @@ -100,7 +102,8 @@ The Service Admins maintain the following list of Tor Services. |
... | @@ -100,7 +102,8 @@ The Service Admins maintain the following list of Tor Services. |
|
|
|
|
|
The `Auth` column documents whether the service should be audited for
|
|
The `Auth` column documents whether the service should be audited for
|
|
access when a user is retired. If set to "LDAP", it means it should be
|
|
access when a user is retired. If set to "LDAP", it means it should be
|
|
revoked to a LDAP group membership change.
|
|
revoked to a LDAP group membership change. In the case of "Puppet",
|
|
|
|
it's because the user might have access through that as well.
|
|
|
|
|
|
Every service listed here must have some documentation, ideally
|
|
Every service listed here must have some documentation, ideally
|
|
following the [documentation template](howto/template). As a courtesy,
|
|
following the [documentation template](howto/template). As a courtesy,
|
... | @@ -157,7 +160,7 @@ team's wiki. |
... | @@ -157,7 +160,7 @@ team's wiki. |
|
| fpcentral.tbb | Website to analyze browser fingerprint | <https://fpcentral.tbb.torproject.org/> | boklm | no? |
|
|
| fpcentral.tbb | Website to analyze browser fingerprint | <https://fpcentral.tbb.torproject.org/> | boklm | no? |
|
|
| gettor | email responder handing out packages | <https://gettor.torproject.org> | hiro, phw, cohosh | no |
|
|
| gettor | email responder handing out packages | <https://gettor.torproject.org> | hiro, phw, cohosh | no |
|
|
| jenkins | continuous integration, autobuilding | <https://jenkins.torproject.org> | weasel | yes |
|
|
| jenkins | continuous integration, autobuilding | <https://jenkins.torproject.org> | weasel | yes |
|
|
| media | ? | <https://media.torproject.org> | hiro | no? |
|
|
| media | ? | <https://media.torproject.org> | hiro | LDAP |
|
|
| metricsbot | Tor Network Status Bot (IRC, Twitter, Mastodon) | | irl | ? |
|
|
| metricsbot | Tor Network Status Bot (IRC, Twitter, Mastodon) | | irl | ? |
|
|
| onion | list of onion services run by the Tor project | <https://onion.torproject.org> | weasel | no |
|
|
| onion | list of onion services run by the Tor project | <https://onion.torproject.org> | weasel | no |
|
|
| onionoo | web-based protocol to learn about currently running Tor relays and bridges | | karsten, irl | ? |
|
|
| onionoo | web-based protocol to learn about currently running Tor relays and bridges | | karsten, irl | ? |
|
... | @@ -174,7 +177,8 @@ team's wiki. |
... | @@ -174,7 +177,8 @@ team's wiki. |
|
|
|
|
|
The `Auth` column documents whether the service should be audited for
|
|
The `Auth` column documents whether the service should be audited for
|
|
access when a user is retired. If set to "LDAP", it means it should be
|
|
access when a user is retired. If set to "LDAP", it means it should be
|
|
revoked to a LDAP group membership change.
|
|
revoked to a LDAP group membership change. In the case of "Puppet",
|
|
|
|
it's because the user might have access through that as well.
|
|
|
|
|
|
## Research
|
|
## Research
|
|
|
|
|
... | | ... | |