update Tails doc after merge of password stores

refs tpo/tpa/tails/sysadmin#18166

update Tails doc after merge of password stores
33bd623a · zen · f9929714 · 33bd623a · 33bd623a · 33bd623a
Commit 33bd623a authored 1 month ago by zen
--- a/tails/processes/onboarding.md
+++ b/tails/processes/onboarding.md
@@ -58,14 +58,7 @@ Onboarding steps:
  in `gitolite@git.tails.net:gitolite-admin`, commit and push.
 - Add her OpenPGP key to the list of git-remote-gcrypt recipients
  for sysadmin.git and update README accordingly.
- Password store:
-  - Add the new sysadmin to the list of encryption recipients for
-    our password-store (make sure to use the fingerprints of ALL admins here):
-    pass init --path=tails-sysadmins $GPGKEY1 $GPGKEY2 ...
-  - Push the password-store.
-  - Have the new sysadmin install `pass` and clone our Password Store repository
-    somewhere in their ~/.password-store tree:
-    git@gitlab-ssh.tails.boum.org:sysadmin-team/password-store.git
+- Password store: credentials are stored in TPA's password-store, see [[service/password-manager#on-boarding-new-staff]].
 - Send the new sysadmin a signed copy of the [`known_hosts`
  file](https://gitlab.tails.boum.org/sysadmin-team/repos/-/raw/main/known_hosts?ref_type=heads)
  that contains the hashes for the SSHd host key for git.tails.net and
@@ -123,7 +116,7 @@ shared passphrase can be found in the Password Store (see the [Git
 repositories](#git-repositories) section).

 ```
-pass tails-sysadmins/services/icingaweb2.tails.net/icingaadmin
+pass tor/services/icingaweb2.tails.boum.org/icingaadmin
 ```

 ### Misc

--- a/tails/services/xmpp.md
+++ b/tails/services/xmpp.md
@@ -20,4 +20,4 @@ Important:
  such as persistency.
 - We use the `tailsbot@chat.disroot.org` as an owner of those rooms in order to
  configure their persistency properly. Creds can be found in:
-  https://gitlab.tails.boum.org/sysadmin-team/password-store
+  [[service/password-store]]
--- a/tails/systems/chameleon/notes.md
+++ b/tails/systems/chameleon/notes.md
@@ -18,7 +18,7 @@ Username is "groente" and the password is the ColoClue password stored in our
 password store:

 ```
-pass tails-sysadmins/external/coloclue.net
+pass tor/hosting/coloclue.net
 ```

 ## Access the IPMI web interface
@@ -34,7 +34,7 @@ not allow you to proceed because of the self-signed certificate.
 The IPMI username and password are also in the password-store:

 ```
-pass tails-sysadmins/systems/chameleon/ipmi 
+pass tor/oob/chameleon.tails.net/ipmi 
 ```

 ## Launch the remote console

--- a/tails/systems/skink/notes.md
+++ b/tails/systems/skink/notes.md
@@ -43,7 +43,7 @@ OOB access
 - Port: 22
 - Account: tails
 - SSH fingerprints: See `./known_hosts/telem.paulla.asso.fr/ssh`
- IPMI password: `pass tails-sysadmin/systems/skink/ipmi`
+- IPMI password: `pass tor/oob/skink.tails.net/ipmi`
 - Example IPMI usage, see: `ipmi.txt`

 See `Makefile` for example OOB commands.