simplify admin creation procedure

LDAP issues, setting up new services, or trying to understand the

setup.

## Getting to know LDAP

You should have received an email like this when your LDAP account was

created:

    Subject: New ud-ldap account for <your name here>

That includes information about how to configure email forwarding and

SSH keys. You should follow those steps to configure your SSH key to

get SSH access to servers (see [ssh-jump-host](/doc/ssh-jump-host/)).

## How to change my email forward?

Send an (inline!) signed OpenPGP email to `changes@db.torproject.org`

   * `#tor-meeting2` - fallback for the above

 * TPI stuff: see employee handbook from HR

# Important documentation

 * [Getting to know LDAP](howto/ldap#getting-to-know-ldap)

 * [SSH jump host configuration](doc/ssh-jump-host)

 * [Puppet primer: adding yourself to the allow list](howto/puppet#adding-an-ip-address-to-the-global-allow-list)

# More advanced documentation

 * [Account creation procedures](howto/create-a-new-user)

 * Password manager procedures (undocumented, see

   `ssh://git@git-rw.torproject.org/admin/tor-passwords.git` for now)

 * [Puppet code linting](howto/puppet#validating-puppet-code)

# Accounts to create

This section is specifically targeted at *existing* sysadmins, which

exhaustive list.

The first few steps are part of the TPI onboarding process and might

already have been performed:

 1. tor-internal@ and other mailing lists (see list above)

 2. bio and avatar on: <https://torproject.org/about/people>

 3. GitLab: admin account, preferably separate from the normal account

    (with a `-admin` suffix, e.g. `anarcat-admin`)

 4. this wiki: `git@git-rw.torproject.org:project/help/wiki.git`

 5. LDAP (see [/doc/accounts](/doc/accounts)), which includes SSH

    access (see [/doc/ssh-jump-host/](/doc/ssh-jump-host/)). person will receive an

    email that looks like:

        Subject: New ud-ldap account for <your name here>

    and includes information about how to configure email forwarding

    and SSH keys

 6. [howto/puppet](howto/puppet) git repository in `ssh://pauli.torproject.org/srv/puppet.torproject.org/git/tor-puppet`

 7. TPA password manager is in `ssh://git@git-rw.torproject.org/admin/tor-passwords.git`

 8. [howto/nagios](howto/nagios) access, contact should be created in

already have been performed.

Here's a checklist that should be copy-pasted in a ticket:

 1. [ ] mailing lists (`tor-internal@` and others, see list above)

 2. [ ] [about/people](https://torproject.org/about/people) web page ([source code](https://gitlab.torproject.org/tpo/web/tpo/-/tree/master/content/about/people))

 3. [ ] GitLab `-admin` account

 4. [ ] GitLab `tpo/tpa` group membership

 5. [ ] [New LDAP account](howto/create-a-new-user)

 6. [ ] [puppet](howto/puppet) git repository access (how?)

 7. [ ] TPA password manager access (`admin/tor-passwords.git` in gitolite)

 8. [ ] [Nagios](howto/nagios) access, contact should be created in

    `ssh://git@git-rw.torproject.org/admin/tor-nagios`, password in

    `/etc/icinga/htpasswd.users` directly on the server

 9. RT: find the password in `hosts-extra-info` in the password

    manager, login as root and create an account member of `rt-admin`

 10. ask linus to get access for the new sysadmin in the sunet cloud

     (e.g. `Message-ID: <87bm1gb5wk.fsf@nordberg.se>`)

 9. [ ] [RT](howto/rt#new-rt-admin)

 10. [ ] [Nextcloud](service/nextcloud) (undocumented: add to TPA group at least)

 10. [ ] Sunet cloud access (e.g. `Message-ID: <87bm1gb5wk.fsf@nordberg.se>`)